You are not connected. The newsletter may include some user information, so they may not be displayed correctly.

Important VMware and Microsoft news from VMsources

Important VMware and Microsoft news from VMsources

‍VMsources

‍Secure Cloud and Business Continuity

‍Monday, 25 November 2024 12:07 ‍

 

Hello  ‍

 

It is the beginning of fall and challenges to your Organizations data security and business continuity are as prevalent now as they have ever been. There are new zero-day vulnerabilities to the world’s most popular email platform, Microsoft Exchange, and Ransomware seems to be everywhere.

 

At VMsources, we exist solely to keep your data safe and protected. We believe that if you start by implementing simple security Best Practices, and then protect your data using the 3-2-1 Rule, you will have the best possibility of surviving an incident and recovering quickly:

  1. VMware vSphere 6.5 and 6.7 are end-of-support on 10/15/2022
  2. Microsoft Exchange zero-day exploit
  3. Follow the 3-2-1 Backup Rule with VMsources Secure Cloud.
  4. Implement Multifactor Authentication (MFA/2FA) to verify the identity of your remote workers.
  5. Use NIST guidelines for password policy (Special Publication 800-63B)

At VMsources, we can help your Organization with each and every one of these items, either by helping your team deploy and managing systems, or as an MSP. We understand that you have higher-value projects to manage in order to best serve your users, let us help you with your data security and business continuity initiatives.


 

Your Business Continuity Specialist,

 

John Borhek

CEO, Lead Solution Architect

VMsources Group Inc.

Mobile: +1 928.606.0483

Direct-dial office: +1 928.864.0850

Email: john@vmsources.com

Website: https://vmsources.com


1. vSphere 6.5.x & vSphere 6.7.x will be End of General Support on October 15, 2022

What this means is that VMware vSphere 6.5 and 6.7 will no longer be receiving security updates. If you are running older versions of vSphere. We recommend that you upgrade to VMware vSphere 7 as soon as possible.

 

VMsources can help you upgrade to vSphere 7, either through a software upgrade (if your systems are on the VMware HCL) or through a full hardware refresh to the latest generation of HPE servers.

 

We specialize in fast, and can often ship new servers in as little as 5 days, weeks ahead of the competition and at a great price too! Give us a call for a quote on a hardware refresh and see if we don’t beat your current vendor on price and service.



2. ‍Microsoft Exchange Zero-day Exploit

On September 30 news broke of a Zero-day exploit of vulnerabilities found in Microsoft Exchange Server.  The exploit attacks the Autodiscover site using PowerShell code.  While there are no current patches there are some steps you can take to protect yourself.  Ensure all AV software is up to date.  The exploit requires either user credentials or a compromised system.  Block remote PowerShell commands using the local windows firewall.  Ensure users have strong credentials and preferable two factor authentication.

 

https://krebsonsecurity.com/2022/09/microsoft-two-new-0-day-flaws-in-exchange-server/

 

Call a VMsources consultant to help your company protect itself from the next exploit.



3. Implement the 3-2-1 Rule for Backups

Offsite Backups to VMsources Secure Cloud provide one of the best protections to Ransomware there is. Offsite Backups don’t prevent Ransomware from occurring, but an effective Offsite Backup will give your Organization the ability to recover rapidly from Ransomware when it strikes. 


VMsources Offsite Backups clients will automatically receive a Backup and Disaster Recovery Certificate of Compliance.

 

When you choose VMsources, you will benefit from our famous Concierge Service. That means that you CAN convert directly to our Secure Cloud running VMware vCloud native systems and one of our BC / DRaaS Consultants WILL actually do the heavy lifting for you and remain online and managing the entire process. No Big Cloud will offer the level of service you will get from VMsources!


4. Implement Multi-factor authentication

Multi-factor authentication (MFA), sometimes referred to as 2FA, is the single best way to keep Threat Actors from accessing mission-critical data and systems and deploying Ransomware in the first place.

 

MFA is particularly effective when Organizations deploy and use Virtual Desktop Infrastructure (VDI) as primary access for both on-premises and remote workers. Because all users access mission-critical data and systems through Secure Gateway(s), the MFA authenticator is deployed and maintained at the Secure Gateways and provides effective protection for the entire Organization. VMsources recommends and deploys VMware Horizon View as our preferred VDI platform.

 

MFA is slightly less effective in an Organization which relies heavily on legacy workstations and laptop computers because the MFA authenticator must be deployed to each workstations and laptop computer individually, and it is much easier for users and Threat Actors to defeat.

 

VMsources recommends and uses DUO as our MFA authenticator. DUO is a Cisco product which supports many forms of MFA including: push to smartphone, hardware key, SMS, email and phone-call. DUO MFA solutions start at $3.00/user/month and are available directly from VMsources along with installation support.


5. Audit your device and local administrator passwords

When considering Password Security and Password Policy, many Organizations only look at Active Directory Policy and ignore local administrator, device and root passwords for Infrastructure systems.

 

System and Device Passwords:

  • All Windows systems have a local Administrator account and password
  • Most Linux systems have (and require) a root account and password
  • Storage devices, SANs, and NAS all have an administrator/manager account and password
  • Network switches all have an administrator/manager account and password
  • Firewalls all have an administrator/manager account and password
  • VMware vSphere systems such as vCenter and ESXi have a root account and password

 

It should go without saying that system and device passwords should be at least as strong as the Active Directory domain requirement, and probably MUCH stronger. Why stronger? Because, within Active Directory, we can leverage additional security such as MFA while device passwords must stand on their own against Threat Actors.

 

Current recommendations indicate that system and device password should be at least 16 Characters long and require mixed: uppercase and lowercase letters, numbers and symbols.

 

EXAMPLE:

Acme Coyote and Safe Inc. has a strong AD Password policy and requires MFA to login to AD. Auditors have praised their compliance with password policy.

 

Unfortunately; they have a Firewall with a user ‘admin’ and a password ‘C0y0t3’.  Worse yet, Acme Coyote and Safe Inc. admin’s have used the same password ‘C0y0t3’ for all other devices, local admin and root accounts.

  

Based on current estimates, it would take a Threat actor between 5 sec. and 6 min to brute-force breach the firewall and gain pervasive access to almost every system!

 

Managing Passwords

One effective way to implement strong and random passwords for systems and devices which are not (or should not be) part of Active Directory is by using an effective and secure network password manager.

 

When using a password manager, password length and complexity are not an issue due to the fact that users cut & paste passwords rather than memorizing and typing passwords. Therefore, it becomes possible to use very long and complex passwords securely and without typos and mistakes!

 

VMsources recommends Keepass. Keepass is both free and highly secure, often regarded as the best password manager available.

 

Keepass can be installed on a network drive and shared by multiple trusted users in an Organization. It is capable of generating random passwords (based on a user-defined policy) and storing those passwords, along with other credentials securely in an encrypted database.

 

When trusted users with access to the Keepass database seek to use a strong password, Keepass has the capability of copying the password to the windows clipboard (with automatic time-out) and allowing the user to paste that password directly, without ever revealing it in plain-text – this is great for support or training scenarios!

 

Please download our whitepaper on: Using Keepass 

 +1 866 644 7764