Mobile Security

As most of you are aware, the christmas holiday is quickly coming up! 🙂
This means that a lot of us will be traveling on trains, busses and flights to get to our families to maybe relax, drink glögg and eat sill.
Bad people tend to take advantage of the extra amount of people traveling at this time of the year though, and because of that there is a spike in thefts during this time of the year.

A lot of sensitive information and confidential information is stored within mobile devices these days, and losing that data could potentially be devastating. Because of that, it’s important to remember to secure your mobile devices as best as you can.

Included are two guides how to turn secure the Samsung Galaxy S3 (Android) and the iPhone which are some of the most commonly used phones.

iPhone (verified on iPhone 4): The minimum security is to have a PIN code, and that it’s set so that the device is wiped after 10 incorrect attempts of inputting the PIN. You can access these settings from: Settings, General, Passcode Lock, (Erase Data, Simple Passcode).

Android (verified on Samsung Galaxy S3): Please turn on Encryption of the device (and external SD card). You can access this encryption settings from: Settings, Security, Encrypt Device. Please be aware that you can’t use a PIN code when using encryption, so you will need to come up with some word instead to unlock your phone. It’s also advised that you install an anti-virus application on your Android phone.

Building Dreamhack, part three

DHCP design for IPv4 on Dreamhack

I will describe the protocol DHCP in general and specific the DHCP design that we use at Dreamhack for IPv4.

DHCP for IPv4
DHCP is a layer 3 protocol used for dynamic assignment of ip addresses and options to clients. The client device sends a layer 3 broadcast to 255.255.255.255 on the local network destination UDP port 67. This message is called a DHCP discovery and it is a request for a free ip with options. The server answers the broadcast on UDP port 68 with a DHCP offer. This offer contains information about IP, subnet mask, lease time, options and the ip address of the DHCP server. The client then sends a DHCP request to the DHCP server accepting the offered lease. When the server receives the DHCP request it sends back a DHCP acknowledgement with lease duration and options.
When half of the lease time has gone the client tries to renew its lease by sending a DHCP request message to the DHCP server. If the client does not get a response from the server it will continue to send DHCP request messages to the specific DHCP server on a regular interval. When the lease time ends the client will begin the process from start by sending a DHCP discover.

DHCP design at Dreamhack
At Dreamhack all the clients use DHCP for configuring IPv4, subnet mask, default gateway, SMTP, TFTP, DNS and NTP servers.

For hardware redundancy we have three DHCP servers. For operating system redundancy we run Debian and FreeBSD. We have one active/primary server that syncs its lease file to the two passive/secondary DHCP servers. If the primary goes down or a severe OS related issue occurs then we can start using one of the secondary.

DHCP monitoring and statistic
We have our own developed DHCP scope monitoring and statistic system written in ruby by me 🙂 The system has two daemons and a web application.

Daemon one tails and parses the DHCP lease file, and parses the scope information. Daemon one then sends the parsed output to MySQL and MongoDB datastores. Daemon two analyzes the data in the datastores and creates statistics and graphs. This information is then made available through a web application developed with the Sinatra framework.

Who won the raspberry?

Last week we attended the Swedish career day Armada 2012 in Stockholm. Thanks to everyone who came by our booth! Hope we meet in the future! 🙂

At our booth we arranged the competition “win a raspberry with Basefarm” where you could win a Raspberry Pi Model B V2 512 MB RAM, by guessing the closest to how many of our servers are virtualized. The correct answer is that we currently have 841 vitrtualized servers and the winners who guessed closesed is Alve Aalto and Joakim Jalap! They both guessed 850. Congratulations to Alve and Joakim! We have sent a raspberry to you both, so keep an eye out in the mail! 🙂

Skype Vulnerability

Please note that there appears to be a security vulnerability in Skype allowing an attacker to gain access to Skype accounts:

Here’s how it works:
> Sign up for a new Skype account. Use the victim’s email. A warning will come up that an account with that email already exists, but you can still proceed with filling out the form and account creation.
> Log in to the Skype client with your new account.
> https://login.skype.com/account/password-reset-request[2] – request a password reset using the victim’s email.
> You will get a password reset notification and token in your skype client. Follow the link to pick the victim’s account and reset the password.
> It appears the only way to safeguard yourself for now is to change your main Skype account email to one that’s not publicly known.

Source:
http://www.reddit.com/r/netsec/comments/13664q/skype_vulnerability_allowing_hijacking_of_any/

Update 12:27 CET: This was quickly remedied by Skype.

We have a winner from D-dagen!

In a previous blog post, we talked about a competition we arranged at the Swedish career day D-dagen at KTH. Christoffer Dahlgren and Daniel Swensson had guessed closest (with the same answer) in our competition. Today they visited us at our office in Stockholm to get a tour and make up for the firstplace.

As tiebreaker they had to guess how many customers we have at Basefarm in Sweden. How would you have guessed in that question by the way? Finally Christoffer guessed closest and won awesome headphones from Beats by dr. dre! Daniel didn’t left us empty-handed either, he got a gift card from the Swedish technology company Webbhallen as a consolation prize 🙂 We hope they enjoyed the tour at our office and wish them all the best in the future!

 

OpenStack Folsom quick installation

We tend to use VMware for our virtual machines, but it’s always important to evaluate and try out new software which is why I decided to try out OpenStack (Folsom)! Three of the biggest advantages to OpenStack is, in my opinion, that it’s open source and free, plus backed by many large organizations such as Rackspace Cloud, NASA, AMD, Intel, Canonical, SUSE Linux, Red Hat, Cisco, Dell, HP, IBM and Yahoo! 🙂 You can find more information about OpenStack on the following site: http://www.openstack.org/

Installing OpenStack isn’t the easiest of things though, and doing a reinstallation of a system can be quite time consuming.
I’ve written up some scripts to simplify my installations of OpenStack, and decided to make a blog post about it as I’ve not been able to find any installation scripts for Folsom.

Quick Installation (under 5 minutes) scripts for OpenStack Folsom.
——————————-

A quick installation guide for OpenStack Folsom for a single or dual node installation.

Prerequisites:
– The base minimum is one Server with 2 Network cards (one public and one internal, or just one public ethernet card plus one virtual for internal use) running Ubuntu 12.04. Two servers are required if you want to run Compute (Nova) on a secondary server.
– Run the scripts as root.
– Have a minimum of two drives (which uses LVM)
– It’s recommended that you do this on a reinstalled test machine. It’s against all possible recommendations to run these scripts on a production environment as it could potentially break/delete everything.
– It’s recommended that you have a range of public/internal IPs so you can assign public IPs to your virtual machines.

Installation (as ROOT):
apt-get update
apt-get install git
git clone https://github.com/speedis/QuickInstallFolsom.git
cd openstackfolsom
chmod +x *.sh
./folsom01.sh
Follow the guide.

Uninstall:
To uninstall the whole installation (this will remove ALL trace of MySQL, Apache, RabbitMQ on the server etc so make sure you view and edit this file before running it!), run ./uninstall-folsom.sh

Mainly based on:
http://docs.openstack.org/trunk/openstack-compute/install/apt/content/
https://github.com/mseknibilel/OpenStack-Folsom-Install-guide/

Happy OpenStacking!

The competition from D-dagen at KTH

For a while ago, we visited D-dagen, a yearly career day at the technology school KTH in Stockholm. We had many rewarding conversations with the students and hope to meet you again in the future! Many students took part in a competition we arranged at D-dagen, where you could win headphones. I guess you are certainly curious about who won the competition?

In the competition the students should answer the question: “How many servers have Basefarm overall in the datacenters in Stockholm? We received 51 responses and the correct answer is that we currently have 1348 servers overall in the datacenters in Stockholm! Christoffer Dahlgren and Daniel Swensson guessed closest on 1342 servers, which was really close! Since both Christopher and Daniel had the same response, we have invited them to the office in Stockholm to answer a tiebreaker and make up for the first place 🙂 This will be done shortly and we will then present who won. Keep an eye on the blog!

D-dagen på KTH

Getting the right features

Working as a technician at a solution and hosting provider means that I often need to ask customers what parts of Windows they use. As soon as we meet a new customer we need to understand what parts of Windows they are using and what parts we need to setup in the customers environment in our datacenters.

The old way of doing this is by simply asking the customer. That’s fine but it tends to lead to copy & pasted lists of various pieces of information that really doesn’t make sense for our techies.

If we encounter customers that use Windows Server 2008 R2 it’s super easy. We can then use the power of the shell (PowerShell!) to inventory exactly what roles and features they have installed in their servers. We can ask the customer to run this in their environment:

Import-Module ServerManager
Get-WindowsFeature | Where { $_.Installed } Export-CliXml .\$env.COMPUTERNAME-windows.xml

We then ask the customer to send back the XML file. At our end we can now import the information we need:

$features = Import-CliXml computername-windows.xml

Once we have done that we can exactly see which features they have enabled on their servers.

Zero-day Microsoft Internet Explorer

A new high risk zero Internet Explorer day exploit is currently being active in the wild.

That means that anyone using Internet Explorer 7,8 or 9 to browse the internet has the potential of getting infected by simply visiting a webpage with the specific bad code in it. The code will then download an exploit pack to your computer and can give the unauthorized people access into the infrastructure.

There is currently no patch or solution to the issue from Microsoft, so the only viable option is to switch to another browser. Thinking “I won’t click any links from unknown people” is unfortunately not enough, as it’s getting more and more common for these kind of people to either hack known sites and add the code, or to purchase banner space etc for well known sites which then launches the code without you noticing anything at all.

Two browsers you could use are:
Firefox: http://www.getfirefoxcom
Chrome: http://www.google.com/chrome/

For more information: http://www.kb.cert.org/vuls/id/480095

Update: Since, Microsoft has released an update. Run Windows Update to get the latest versions available.

Default = PowerShell

In a earlier blog post I wrote about how to generate passwords using PowerShell. Here comes another PowerShell advice for you.

Now that Windows Server 2012 will be officially available many servers will be installed as ‘core’ servers. That is in itself a very good thing. The bad thing about it is that Microsoft have set the default command Shell to be CMD.EXE. Nothing wrong with that per se but these days administrators should go PowerShell all the way. If you’re like me and want PowerShell to be your default shell even in core servers, do this to make PowerShell your default shell:

$Path = 'Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\winlogon'
Set-ItemProperty -Confirm -Path $Path -Name Shell -Value 'PowerShell.exe -noExit -Command Set-Location "$env:userprofile"

The next time you login to the machine you will get PowerShell as the default shell 🙂