I am taking note about Azure Data Box to Azure Backup that is used for offline initial backup of large datasets using Azure Data Box.
Here it is relative article that explain more verbosely concepts.
https://azure.microsoft.com/en-us/blog/azure-offline-backup-with-azure-data-box-now-in-preview/
And here it is an image on how it works:
Pagine
▼
Hacker - Vulnerability Assessment & Penetration Test concerns
During previously years I published a blog article indicating a single penetration test tool.
Kali Linux - Penetration test e forensic analysis Linux Iso
https://www.alessandromazzanti.com/2017/11/kali-linux-penetration-test-e-forensic.html
Today I would like to discuss about some Vulnerabilities Assessments & Penetrations Tests concerns.
Vulnerabilities Assessments
They are normally low-risk activities, given that after collecting information they start verifying outdated systems firmware/software versions (both devices and servers located in LAN/DMZ) associating this information with exploits databases.
They work smoothly and they are rarely aggressive and harmful..
In this case you might consider using an appliance located in both DMZ and LAN.
Penetration Tests
It is certainly, by its truly nature, more intensives, aggressive and - depending on the client's wishes - articulated on several tests.
Facing problems possibilities or creating disasters are very easy.
Due to these reasons contractual parts and responsibilities clarifications are very important - but an attacker does not warn you that he is 'hackering' you ... :)
Afterwards I would like to mention this article, coping and past some paragraphs, to highlight some interesting concepts and concerns.
https://www.secureideas.com/knowledge/what-are-the-risks-of-a-penetration-test/
"....Sometimes outages or breakages occur that even the most cautious of penetration testers can't avoid. An application may have software flaws that result in a Denial of Service condition. A network device may be misconfigured such that it handles some types of network traffic poorly. We have all seen these types of issues in our testing.
Unfortunately, there is no surefire way to eliminate this kind of problem. It can be reduced through best practices such as patching, change management, and thorough code reviews. Damage from this type of issue can be minimized by closely monitoring the systems being tested and being prepared to halt automated tools at the first signs of trouble. This can also be improved by ensuring the testers are experienced in how the systems being tested work....."
"....The next significant risk to consider is that of inadvertently exposing confidential information or system access. Your penetration testers are searching for vulnerabilities and running exploits. For example, they may find a vulnerability that allows them to open up a backdoor. If they do so, but fail to protect the backdoor, a real attacker may discover and use it for malicious purposes. Another type of exposure if the tester is accessing data insecurely. For example ,they could transfer PII over an unencrypted channel...."
Here they are other concerns or attention points:
Kali Linux - Penetration test e forensic analysis Linux Iso
https://www.alessandromazzanti.com/2017/11/kali-linux-penetration-test-e-forensic.html
Today I would like to discuss about some Vulnerabilities Assessments & Penetrations Tests concerns.
Vulnerabilities Assessments
They are normally low-risk activities, given that after collecting information they start verifying outdated systems firmware/software versions (both devices and servers located in LAN/DMZ) associating this information with exploits databases.
They work smoothly and they are rarely aggressive and harmful..
In this case you might consider using an appliance located in both DMZ and LAN.
Penetration Tests
It is certainly, by its truly nature, more intensives, aggressive and - depending on the client's wishes - articulated on several tests.
Facing problems possibilities or creating disasters are very easy.
Due to these reasons contractual parts and responsibilities clarifications are very important - but an attacker does not warn you that he is 'hackering' you ... :)
Afterwards I would like to mention this article, coping and past some paragraphs, to highlight some interesting concepts and concerns.
https://www.secureideas.com/knowledge/what-are-the-risks-of-a-penetration-test/
"....Sometimes outages or breakages occur that even the most cautious of penetration testers can't avoid. An application may have software flaws that result in a Denial of Service condition. A network device may be misconfigured such that it handles some types of network traffic poorly. We have all seen these types of issues in our testing.
Unfortunately, there is no surefire way to eliminate this kind of problem. It can be reduced through best practices such as patching, change management, and thorough code reviews. Damage from this type of issue can be minimized by closely monitoring the systems being tested and being prepared to halt automated tools at the first signs of trouble. This can also be improved by ensuring the testers are experienced in how the systems being tested work....."
"....The next significant risk to consider is that of inadvertently exposing confidential information or system access. Your penetration testers are searching for vulnerabilities and running exploits. For example, they may find a vulnerability that allows them to open up a backdoor. If they do so, but fail to protect the backdoor, a real attacker may discover and use it for malicious purposes. Another type of exposure if the tester is accessing data insecurely. For example ,they could transfer PII over an unencrypted channel...."
Here they are other concerns or attention points:
- Be Aware to advice SOC or whitelist IP scanner device tool could not intercept real attacks that might occur during assessment time period.
- System Outages and lost of productivity might occur.
- False negatives could raise due to penetration tools that do not find security holes that unfortunately exists.
- Unethical IT professional operating assessment and penetration tests.
Alessandro M.
Hacker/Security - Kali Linux Penetration test Tool
Today I would like to mention this old blog article that describe Kali Linux thaat is a specific Linux distribution used for penetration tests:
http://www.alessandromazzanti.com/2014/05/kali-linux-penetration-test-e-forensic.html
Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. Mati Aharoni, Devon Kearns and Raphaël Hertzog are the core developers.
[update 2020.04.23]
here it is a web app scanner, free and open source.
https://www.zaproxy.org/
http://www.alessandromazzanti.com/2014/05/kali-linux-penetration-test-e-forensic.html
Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. Mati Aharoni, Devon Kearns and Raphaël Hertzog are the core developers.
Kali Linux includes security tools, such as:[13]
- Aircrack-ng
- Burp suite
- Cisco Global Exploiter, a hacking tool used to find and exploit vulnerabilities in Cisco Network systems
- Ettercap
- John the Ripper
- Kismet
- Maltego
- Metasploit framework
- Nmap
- OWASP ZAP
- Social engineering tools
- Wireshark
More details could be find here:
Finally I would mention that Mr Ghaznavi-Zadeh published a chapter from his book "Kali Linux – A guide to Ethical hacking" and it is available for free here:
Finally here it is Kali Linux video website presentation:
[update 2020.04.23]
here it is a web app scanner, free and open source.
https://www.zaproxy.org/
Alessandro M.
Antivirus - Sophos lengthen the Extended Support for XP/2003 until June 30, 2020, previously due date was April 17, 2020
Here it is a fresh information about Sophos AV and extended support for XP and 2003 O.S.
Due to actual situation Sophos lengthen the Extended Support for XP/2003 until June 30, 2020, previously due date was April 17, 2020.
https://community.sophos.com/kb/en-us/125995
Due to actual situation Sophos lengthen the Extended Support for XP/2003 until June 30, 2020, previously due date was April 17, 2020.
https://community.sophos.com/kb/en-us/125995
Alessandro M.
Tutorial - code.org Courses and activities are free for students (Open Source Mode)
Volevo segnalare quest'organizzazione no-profit che si adopera perche' la possibilita' di imparare l'informatica sia accessibile ad ogni studente di ogni scuola.
https://code.org/
Lavorano in tutti gli ambiti dell'istruzione progettando i loro corsi o collaborando con altri insegnanti e distretti scolastici.
E' supportata da vari partner tra cui Amazon, Facebook, Google, la Fondazione Infosys, Microsoft e molti altri.
Tutti i piani di studio e le esercitazioni che creano sono sempre gratuite e rilasciate con una licenza Creative Commons, permettendo così ad altri di creare risorse derivate per scopi non commerciali. Se una persona fosse interessata a ricevere l'autorizzazione per l'utilizzo dei loro materiali (a fini commerciali), basta contattarli. I loro corsi sono tradotti per l'utilizzo a livello mondiale o da persone di lingue diverse. A livello tecnologico, il progetto è sviluppato in modalità open source.
Today I would like to share news about this no-profit organization that it works hard to give a chance to learn IT to each student of each school.
https://code.org/
They work on each education fields planning courses and collaborating with several schools and teachers.
Code.org® is a nonprofit dedicated to expanding access to computer science in schools and increasing participation by women and underrepresented youth. Their vision is that every student in every school has the opportunity to learn computer science, just like biology, chemistry or algebra. Code.org provides the leading curriculum for K-12 computer science in the largest school districts in the United States and Code.org also organizes the annual Hour of Code campaign which has engaged more than 15% of all students in the world.
Code.org is supported by generous donors including Amazon, Facebook, Google, the Infosys Foundation, Microsoft, and many more.
All curriculum resources and tutorials they author will forever be free to use and openly licensed under a Creative Commons license, allowing others to make derivative education resources for non-commercial purposes. If you are interested in licensing their materials for commercial purposes, contact them. Their courses are translated for worldwide use or by speakers of different languages. Their technology is developed as an open source project.
https://code.org/
Lavorano in tutti gli ambiti dell'istruzione progettando i loro corsi o collaborando con altri insegnanti e distretti scolastici.
E' supportata da vari partner tra cui Amazon, Facebook, Google, la Fondazione Infosys, Microsoft e molti altri.
Tutti i piani di studio e le esercitazioni che creano sono sempre gratuite e rilasciate con una licenza Creative Commons, permettendo così ad altri di creare risorse derivate per scopi non commerciali. Se una persona fosse interessata a ricevere l'autorizzazione per l'utilizzo dei loro materiali (a fini commerciali), basta contattarli. I loro corsi sono tradotti per l'utilizzo a livello mondiale o da persone di lingue diverse. A livello tecnologico, il progetto è sviluppato in modalità open source.
<====================>
https://code.org/
They work on each education fields planning courses and collaborating with several schools and teachers.
Code.org® is a nonprofit dedicated to expanding access to computer science in schools and increasing participation by women and underrepresented youth. Their vision is that every student in every school has the opportunity to learn computer science, just like biology, chemistry or algebra. Code.org provides the leading curriculum for K-12 computer science in the largest school districts in the United States and Code.org also organizes the annual Hour of Code campaign which has engaged more than 15% of all students in the world.
Code.org is supported by generous donors including Amazon, Facebook, Google, the Infosys Foundation, Microsoft, and many more.
All curriculum resources and tutorials they author will forever be free to use and openly licensed under a Creative Commons license, allowing others to make derivative education resources for non-commercial purposes. If you are interested in licensing their materials for commercial purposes, contact them. Their courses are translated for worldwide use or by speakers of different languages. Their technology is developed as an open source project.
Alessandro M.
Veeam - Powered Network (Veeam PN)
I am taking note about this new Veeam product:
https://www.veeam.com/powered-network.html
It is free solution that permits administrators to create, configure and connect both site-to-site and point-to-site VPN tunnels (with simple UI, easily and quickly).
The main component (HUB) is deployable via the Azure or AWS Marketplace, so most of the installation burdens are hidden.
Here they are some advantages:
https://www.veeam.com/powered-network.html
It is free solution that permits administrators to create, configure and connect both site-to-site and point-to-site VPN tunnels (with simple UI, easily and quickly).
The main component (HUB) is deployable via the Azure or AWS Marketplace, so most of the installation burdens are hidden.
Here they are some advantages:
- Simplified Remote Access:
allows remote offices, home offices and mobile users to achieve connectivity regardless of location. Users can gain and keep access to any system remotely, either in the cloud or on-premises.
- Cloud-to-cloud Availability:
Extend cloud networks to connect multiple disparate clouds together, providing Availability across sites and removing complexity from multi-site configuration.
- Recovering Data in a Disaster:
helps provide recovery in the event of a disaster by eliminating complexity for extending cloud connectivity.
When used with Veeam Direct Restore to Microsoft Azure, you can restore any on-premises workloads to the cloud, including VMs, servers and laptops, and use Veeam PN to establish connectivity and gain access to the restored data.
Alessandro M.
Command Line - Control Panel task manager and Settings executed with Administrative rights
If you work on pc using user without administrative righs you could have necessity to execute some menu with administrative rights.
Start --> Cmd.exe with administrative rights:
Start --> Cmd.exe with administrative rights:
- Control panel (to laungh Control Panel)
- start ms-settings: (to launch Settings menu)
Here it is official documentation and here. - Start-Process "ms-settings:" (to launch Settings menu using powershell)
- taskmgr.exe (to launch task manager)
- control netcpl.cpl (to launch Network Properties)
Alessandro M.
Freeware - Microsoft Project Free Alternative
Today I would like to mention this useful software that is similar to Microsoft Project but it is free at all:
https://www.ganttproject.biz/
This software permit to easily create Gant Charts as well
I hope that this information could be useful for someone.
Alessandro M.
Veeam - How to export VM from ESX 5.X to 6.X/7.X
During these months I faced following necessity:
"Backup VMs on ESXi 5.1 and export them on new ESXi 6.7 U3 managing old server fault and DR plan"
"Backup VMs on ESXi 5.1 and export them on new ESXi 6.7 U3 managing old server fault and DR plan"
Here they are actions taken:
- I tried to export turned off VMs, in .OVA format, and import them on new ESX unsuccesfully.
- Here it is error that I received when I tried to import .ova on new ESX https://kb.vmware.com/s/article/2117310
- Thereafter I unzipped .OVA with 7-zip and creating a properly VM on new ESX.
During VM booting phase, after a while, I received a BSOD. - I tried to copy .OVA on new datastore unsuccessfully:
https://kb.vmware.com/s/login/?startURL=%2Fs%2Farticle%2F2117310%25C2%25A0&ec=302
- Consider that Hardware version seemed to be compatible between 5.1 and 6.7 U3
https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.vm_admin.doc/GUID-789C3913-1053-4850-A0F0-E29C3D32B6DA.html
Solution applied was following.
- Download Veeam trial version.
- Enable Veeam VM Backups.
- Enable Veeam VM Backup and Replication from old to new host.
- I tested some VM replicated from old server to new one (shutting down them on old Server and starting them on new Server) from Veeam Console and test was succesfully.
Hoping that these information could be useful for someone.
APPENDIX
Below are articles that I used during entirely trouble shooting and Veeam B&R implementation.
OVA\OVF file deployment in ESXi 6.5 | Tutorial Part 3 - YouTube
Easier Fix: Failed to deploy OVF package: The task was canceled by a user.
Where the VM files are stored on VMWare ESXi? [closed]
How to enable SNMP on a VMware ESXi hypervisor
https://support.auvik.com/hc/en-us/articles/206311526-How-to-enable-SNMP-on-a-VMware-ESXi-hypervisor
Ensure Proper SNMP Configuration
DR failover testing with Veeam console
Testing Cloud Failover Plan
Step 10. Specify Data Locations
VMware Workstation 5.0 What Files Make Up a Virtual Machine?
Replication Scenarios
Alessandro M.
Wireless - Best WiFi Extenders #LifeWire
Today I would like to highlight and share this 10 WiFi Extenders article.
https://www.lifewire.com/best-wifi-extenders-4043312
It is an useful article that drive you to choose best product to fix and extend WiFi coverage.
About theoretically concepts consider to review this Wikipedia article too:
https://en.wikipedia.org/wiki/Wireless_repeater
https://www.lifewire.com/best-wifi-extenders-4043312
It is an useful article that drive you to choose best product to fix and extend WiFi coverage.
About theoretically concepts consider to review this Wikipedia article too:
https://en.wikipedia.org/wiki/Wireless_repeater
Alessandro M.
Software - Flash Player & Adobe Reader Redistributable Direct Download Link
Here is Flash Player Redistributable Direct Download Link about Redistributable version:
https://www.adobe.com/products/flashplayer/distribution3.html
[update 2020.04.04]
About Adobe Reader Redistributable Direct Download link here it is:
https://get.adobe.com/reader/enterprise/
https://www.adobe.com/products/flashplayer/distribution3.html
[update 2020.04.04]
About Adobe Reader Redistributable Direct Download link here it is:
https://get.adobe.com/reader/enterprise/
Alessandro M.