Esx Security Omaha Vmug


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Esx Security Omaha Vmug

  1. 1. ESX Security Omaha VMUG May 29, 2007 [email_address] <ul><li>Gartner – Risks and Control considerations </li></ul><ul><li>Other – Risk and Control considerations </li></ul><ul><li>VMware Whitepapers </li></ul><ul><li>DISA STIG – Risks and Control considerations </li></ul><ul><li>VMware Security Lab at VMWorld 11/2006 </li></ul><ul><li>Assessment Approaches </li></ul><ul><li>Assessment Demo - Ecora </li></ul><ul><li>Nessus Vulnerabilities (real and otherwise) </li></ul><ul><li>Questions, Resources, PCI/DSS checklist, policy, misc </li></ul><ul><li>Server Virtualization – security contributor or detractor? </li></ul><ul><li>Disclaimer – I have no money, don’t sue me [email_address] </li></ul><ul><li>Items shown in this presentation are for discussion only, the speaker nor conference sponsors can have knowledge of the unique attributes of each attendees environment, therefore nothing contained herein should be implemented in your environment without complete analyses and testing, and even after that the presenter nor the conference sponsor accept any liability for the results achieved or not achieved nor any negative repercussions. </li></ul>
  2. 2. On January 19, 2007, a putative class action was filed against TJX in the United States District Court for the District of Alabama, Wood, et ano. v. TJX, Inc., et al. , 07−cv−00147. The plaintiffs purport to represent a class of “all TJX customers who made credit card transactions at TJX’s stores during the period that the security of [d]efendants computer systems were compromised and the privacy or security of whose credit card, check card, or debit card account, transaction or non−public information was compromised.” The complaint asserts claims for negligence per se, negligence, bailment and breach of contract, and also names Fifth Third Bancorp as a defendant. Plaintiffs seek compensatory damages, credit monitoring, injunctive relief, attorney’s fees and costs. On March 6, 2007, the court granted an unopposed motion to stay the action pending disposition of the motion before the Judicial Panel for Multidistrict Litigation to transfer the action and similar federal court actions to the District of Massachusetts for pretrial consolidation and coordination. On January 19, 2007, a putative class action was filed against TJX in the Supreme Court of British Columbia, Canada, Ryley v. TJX Companies, Inc. , et al. , Court File No. 07−0278. The plaintiff purports to represent a putative class of “all individuals resident in British Columbia, or throughout Canada and elsewhere, who have communicated confidential debit and credit information to the [d]efendants in 2003, or between May 1, 2006 and December 31, 2006.” The complaint also names “Winners Apparel Inc.” and “HomeSense Inc.” as defendants, and asserts claims for negligence, breach of confidence and violation of privacy. The plaintiff seeks general and pecuniary damages, punitive damages, interest, attorney’s fees and costs. On January 19, 2007, a putative class action was filed against TJX in the Quebec Superior Court, Canada, Howick v. TJX Companies, Inc., et al. , Court File No. 06−000382−073. The plaintiff purports to represent a putative class of “[a]ll physical persons in Quebec and Canada and all legal persons in Quebec and Canada who, during the twelve (12) month period preceding this Motion for Authorization to Institute a Class Action, had not more than fifty (50) employees under their direction or control, who have communicated personal or confidential information to the [r]espondents and have suffered damage as a result of the loss or theft of this personal or confidential information.” The complaint also names “ Winners Merchants International LP” and “HomeSense Inc.” as defendants. The plaintiff seeks general and special damages, punitive damages, attorney’s fees, interest and costs. On January 20, 2007, a putative class action was filed against TJX in The Court of Queen’s Bench, Alberta, Canada, Churchman, et ano. v. The TJX Companies, Inc., et al. , Court File No. 0701−00964. The plaintiffs purport to represent a putative class of “individuals who communicated to the [d]efendants confidential information being their debit card numbers and credit card numbers, expiry dates, and all of the information accessible to someone in possession of those debit cards or credit cards.” The complaint also names “Winners Apparel Inc.,” “Winners Merchants International LP” and “HomeSense Inc.” as defendants and asserts claims for negligence, breach of confidence and violation of privacy. Plaintiffs seek general and special damages , punitive damages, attorney’s fees, interest and costs. On January 22, 2007, a putative class action was filed against TJX in The Court of Queen’s Bench, Saskatchewan, Canada, Copithorn v. TJX Companies, Inc., et al. , Court File No. 100. The plaintiff pu TJX 10Q 12/31/2006 (we don need no stinking security)
  3. 3. Gartner - Risks (controls) <ul><li>Unique to Virtualization and Paravirtualization : ????? </li></ul><ul><li>Unique to Virtualization Hardware i.e. VT rootkits: </li></ul><ul><ul><ul><li> </li></ul></ul></ul><ul><ul><ul><ul><li>(hypervisor on firmware [IBM]) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>(trusted boot measurement [BIOS and other metrics]) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>(execute disable [blocks execution in data addresses]) </li></ul></ul></ul></ul><ul><ul><ul><li>Memory not erased (buy more expensive hardware, no hyperthreading) [ </li></ul></ul></ul><ul><li>Exacerbated by Virtualization: </li></ul><ul><ul><ul><li>a1.) Configuration Tools less effective (make sure patches, AV signatures, configuration setting tools and assessment tools can reach the deepest vswitch levels, redeploy tools at each layer or virtualization aware tools [Configuresoft, xccdf, OVAL??],) </li></ul></ul></ul><ul><ul><ul><li>a2.) NATed and host only virtual networking hidden from IDS/IPS tools (security tool at every layer, proxys??) </li></ul></ul></ul>
  4. 4. Gartner - Risks (controls) [2] <ul><li>Exacerbated by Virtualization (continued): </li></ul><ul><ul><ul><li>b.) VM Migration (documented inventory of all live or staged or backup or “extra” guests, pre-approved destinations and access, documented change control, authorization, check for static IPs ) </li></ul></ul></ul><ul><ul><ul><li>c.) Host Single Point of Failure (VMotion & HA, backups, cluster, load balance, dual power supplies, partitioning [/, /boot, / log]) </li></ul></ul></ul><ul><ul><ul><li>d.) Cross Communication Between Hosts (policy on shared vnets, maintain default non-promisc vnic settings) </li></ul></ul></ul><ul><ul><ul><li>e.) Denial of service by over provisioning (weight the resource requests) </li></ul></ul></ul><ul><ul><ul><li>f.) Appliances (patch, test, and assess before deployment) </li></ul></ul></ul><ul><ul><ul><li>g.) Remote Access (separate VLANS, SSH, SSL, appropriate user access rights) </li></ul></ul></ul>
  5. 5. Gartner - Risks (controls) [3] <ul><li>Good Practice regardless if Virtual or Physical: </li></ul><ul><ul><li>Patching (inventory and a process for ALL templates, live, backups, appliances, “extras” [BlueLane ??]) </li></ul></ul><ul><ul><li>Harden & Monitor Host & Guest OS (policy and procedure, Tripwire, assessment tools like Ecora) </li></ul></ul><ul><ul><li>SOD Access (Host admin to appropriate staff, guest admin to appropriate staff, security functions within guests by security staff, separate storage team) </li></ul></ul><ul><ul><li>Networking (according to architecture strategy and policy) </li></ul></ul><ul><ul><li>Logging (all security events, all management events, all else if room) </li></ul></ul><ul><li>Not Available yet ( Dr Moreau – forward thinking) </li></ul><ul><ul><li>VM Meta Data (VM “mac”, creator, owner, dates…) </li></ul></ul><ul><ul><li>Automatic or Continuous Assessment (xccdf, OVAL) </li></ul></ul><ul><ul><li>NAC for VMs (maybe after VM meta data is common place) </li></ul></ul>
  6. 6. Virtualization Risks - Other <ul><li>Confidentiality – Memory Sharing (buy more secure hardware) </li></ul><ul><ul><li>Guest event log, user not recorded (vendor change?) </li></ul></ul><ul><li>Integrity –Complexity of OS, VMM, Storage, Networking (train) </li></ul><ul><li>Availability – </li></ul><ul><ul><li>Host is a single point of failure (DR, VMotion [yes the same tools that create patching and configuration challenges also help enhance security goal of availability ]) </li></ul></ul><ul><ul><li>VC – single point of access (strong password, and limit host users ) </li></ul></ul><ul><ul><li>VC configuration database (limit access, backup) </li></ul></ul><ul><ul><li>License Server – single point of multiple host DOS [30 days] (backup) </li></ul></ul><ul><ul><li>Anti-virus on host (clamav?, warranty voided??) </li></ul></ul><ul><ul><li>Remote administration (pick [default] HIGH on configuration setting) </li></ul></ul><ul><ul><li>Hosts 272 meg memory (edit GRUB menu.lst if needed) </li></ul></ul>
  7. 7. Virtualization Risks - Other [2] <ul><li>PROTECT /etc/<<everything>> on host (sudo, strong root password, multifactor root access, sha1sum integrity monitoring) </li></ul><ul><li>Ports (approved by policy? Allowed thru firewall?) </li></ul><ul><ul><li>902 – management and 80 and 443 and 22 </li></ul></ul><ul><ul><li>5988 – CIM (Common Information Model) </li></ul></ul><ul><ul><li>5989 – WBEM (Web Based Enterprise Management) </li></ul></ul><ul><ul><li>27000 & 27010 – license manager </li></ul></ul><ul><ul><li>2050 , 8042 – AAM by EMC (who owns whom?) </li></ul></ul><ul><ul><li>2049 , 3260, 8000 - NAS and iSCSI and VMotion </li></ul></ul><ul><ul><li>2050 thru 5000 and 8042 thru 8045 DAS traffic </li></ul></ul><ul><li>Authentication </li></ul><ul><ul><li>No password history (policy, configure with PAM per manual) </li></ul></ul><ul><ul><li>Cracklib present but not configured (configure PAM to check for dictionary words) </li></ul></ul><ul><ul><li>/etc/login.defs (life, complexity = policy?) (/etc/passwd = which shells) </li></ul></ul>
  8. 8. Virtualization Risks - Other [3] <ul><ul><li>ESX kernel is 2.4 (agree with policy?) </li></ul></ul><ul><ul><li>Grub has no password (agree with policy?) </li></ul></ul><ul><ul><li>MOTD empty (add warning banner) </li></ul></ul><ul><ul><li>UMASK = 22 (agree with policy?) </li></ul></ul><ul><ul><li>Open SSL, Open SSH versions(agree with policy?) </li></ul></ul><ul><ul><li>/etc/VMware-mui/ssl/mui.crt or mui.key are credentials in clear text? </li></ul></ul><ul><ul><li>SSL certificate (see VMware security training doc for correction) </li></ul></ul>
  9. 9. Virtualization Risks - Other [4] <ul><ul><li>SNMP (public only, no private : ) , however /etc/snmp/snmpd.conf (change community string from ‘public”) </li></ul></ul><ul><ul><li>Clocks (enable NTP/UTC) </li></ul></ul><ul><ul><li>No USB on host (how is two-factor authentication achieved? [if required]) </li></ul></ul><ul><ul><li>make-3.79.1-17.1 is running </li></ul></ul><ul><ul><li>vmkload-mod –l (remove un-needed modules) </li></ul></ul><ul><ul><li>vmkmultipath –q (remove un-needed paths) </li></ul></ul><ul><ul><li>Scripts – (access control, change control) </li></ul></ul>
  10. 10. Whitepaper ESX 2.5 <ul><li> </li></ul><ul><ul><li>No public interfaces </li></ul></ul><ul><ul><li>Minimal host installation (apache in default install) </li></ul></ul><ul><ul><li>Guest isolation (using files) </li></ul></ul><ul><ul><li>AV & Firewall recommended (but not supplied) </li></ul></ul><ul><ul><li>Su to root </li></ul></ul><ul><ul><li>Default non-promiscuous NIC </li></ul></ul><ul><ul><li>Code was audited (scope, auditor & methodology not stated) </li></ul></ul><ul><ul><li>Use VLANs and place management console on separate VLAN from production </li></ul></ul><ul><ul><li>Host OS is 100% VM ??, only drivers are open source </li></ul></ul><ul><ul><li>Management Console is from Red Hat 7.2 </li></ul></ul>
  11. 11. Whitepaper ESX 3 <ul><ul><li> </li></ul></ul><ul><ul><ul><li>“ ..attacking and individual virtual machine will result in the compromise of only the virtual machine..“ (1 hack OK?) (page 4 clarifies) </li></ul></ul></ul><ul><ul><ul><li>Watch patching of dormant (turned off) virtual guests </li></ul></ul></ul><ul><ul><ul><li>Rotate logs to prevent DoS </li></ul></ul></ul><ul><ul><ul><li>Separate VLANS for management traffic </li></ul></ul></ul><ul><ul><ul><li>Configure the firewall (iptables provided) </li></ul></ul></ul><ul><ul><ul><li>Use Directory Services (NIS)for admin authentication </li></ul></ul></ul><ul><ul><ul><li>Protect Root (sudo) </li></ul></ul></ul><ul><ul><ul><li>SNMP is read only </li></ul></ul></ul>
  12. 12. ESX Set “Security” = HIGH <ul><ul><li>Set “security” at HIGH </li></ul></ul><ul><ul><ul><li>2.5 3.x </li></ul></ul></ul>
  13. 13. DISA STIG (draft) Virtual Computing <ul><li>Nice Architectural description (T1 [bare metal directing resources], T2 [software directing resources], Hybrid) </li></ul><ul><li>ParaVirtualization – Type II (kinda) with modified OS’s handling some privileged requests </li></ul><ul><li>Master Image – increases (decreases) security by standardization, MD5 </li></ul><ul><li>Remote Management Console - Timeout after 15 minutes </li></ul><ul><li>MOM traffic will be encrypted [if technically possible] </li></ul><ul><li>3.1.3 – Passwords = length 9, at least 2 of each upper, lower, special, numeric [the ninth is your choice  ] , lockout at 3 [no history specification] </li></ul><ul><li>Clipboard cut n paste (disable) </li></ul><ul><li>Scripting – no passing strings from the host to the VM (??) </li></ul>
  14. 14. DISA STIG (draft) Virtual Computing [2] <ul><li>Time Synchronization- sync with the host, sync the host to an authorized clock (use NTP) </li></ul><ul><li>Delete VM and Files, not just VM </li></ul><ul><li>3.1.7 Reinforces the value of a complete I nventory , with accountability </li></ul><ul><li>3.1.8 Rollback to a Snapshot – check = logs, rights, patches, retired keys, </li></ul><ul><ul><li>Rollback to a snapshot off the network </li></ul></ul><ul><li>3.1.9 “..move the organization’s entire data center on any type of removable media that had sufficient space.” maybe not the whole data center but it makes a good case for controlling removable media </li></ul>
  15. 15. DISA STIG (draft) Virtual Computing [3] <ul><li>3.1.10 Logs – VM create, move, delete, by whom, reviewed daily, store online for 30 days (PCI compliant??) </li></ul><ul><li>3.2 Screen Savers – “… running screen savers on the host or virtual machines consumes a lot of CPU.” STIG does not specify “will” have SS’s </li></ul><ul><li>3.2.1 hosts installed in user directory ???? </li></ul><ul><ul><li>a vmdk disk file and vmk config file can be created elsewhere and moved it to the virtual server storage device, restrict logical access to the management console which could activate that copied set (segregate storage management & monitoring duties from server management duties) </li></ul></ul><ul><ul><li>Up to date inventory </li></ul></ul>
  16. 16. DISA STIG (draft) Virtual Computing [4] <ul><li>3.2.2 “Private” guests viewable only to the creator (what about VC admin??) </li></ul><ul><li>3.2.3 Anti-Virus at non-peak, do not scan VMDKs (updating DAT files ??) </li></ul><ul><ul><li>“… all off and suspended virtual machines will have the latest up-to-date anti-virus software signatures.” (GPO can update turned-off machines??, maybe they meant to say “…before a dormant guest is brought back into production, it is updated with the latest antivirus, os patches, has its configuration settings recertified, and then is placed into production.”) </li></ul></ul>
  17. 17. DISA STIG (draft) Virtual Computing [5] <ul><li>3.3 Guest OS Configuration (documented planning in addition to a documented inventory, install tools??, install the OS version indicated in the build step, rotate logs, disable screen savers [PCI compliant?], ) </li></ul><ul><li>3.4 Networking (remove unused vswitches, packet sniffing only by sys admin? [promisc nic?], unique MACs [how to test] </li></ul><ul><li>3.5 Hard Disk Drive management (policy, unlimited dynamic disk??, documented backup procedures, agent on host or snapshot or VCB, backup storage separate device distance, flat file backups can not be the primary strategy, snapshots before VI3 can not be primary backup strategy) </li></ul>
  18. 18. DISA STIG (draft) Virtual Computing [6] <ul><li>4.1 ESX Configuration </li></ul><ul><ul><li>usb disabled </li></ul></ul><ul><ul><li>setuid on sudo & 8 other commands </li></ul></ul><ul><ul><li>increase memory for apps running in the service console ? </li></ul></ul><ul><ul><li>shared VMFS disks only used with clustering </li></ul></ul><ul><ul><li>production - only use persistent disks </li></ul></ul><ul><ul><li>.vmx 755 .vmdk 550 = umasks 022 & 227 </li></ul></ul><ul><ul><li>vmdk’s only stored in VMFS volumes [what about backups?] </li></ul></ul><ul><ul><li>use VMware-converter [not cp] </li></ul></ul><ul><ul><li>move vmdks using encryption or over a dedicated VLAN </li></ul></ul><ul><ul><li>change mgmt process for renaming, moves & other </li></ul></ul><ul><ul><li>5 logs = a.) secure access b.) rotate to different system c.) daily review </li></ul></ul>
  19. 19. DISA STIG (draft) Virtual Computing [7] <ul><li>4.1.8 Virtual Center </li></ul><ul><ul><li>authorized appropriate access to this single point of _____, </li></ul></ul><ul><ul><li>warning banner </li></ul></ul><ul><ul><li>dedicated server [but license, db services are OK] </li></ul></ul><ul><ul><li>patch VC, configure/patch Windows OS + DB + Apache </li></ul></ul><ul><ul><li>define appropriate VC use standards </li></ul></ul><ul><ul><li>create a VC admin account and remove local administrators from the default VC admin group </li></ul></ul><ul><ul><li>document & approve group construction </li></ul></ul><ul><ul><li>watch users that are members of multiple groups </li></ul></ul>
  20. 20. DISA STIG (draft) Virtual Computing [8] <ul><li>4.2 Networking (ports, see slide 7) </li></ul><ul><ul><li>ESX 2 physical nics [are both defined?] </li></ul></ul><ul><ul><li>MAC_Address_Changes, set to reject </li></ul></ul><ul><ul><li>Forged_Transmits, set to reject </li></ul></ul><ul><ul><li>No promisc adapters [but see 3.4?] </li></ul></ul><ul><ul><li>Use VMTools to get vmxnet adapters </li></ul></ul><ul><ul><li>Use dedicated VLAN for VMotion (which is in the clear) </li></ul></ul><ul><ul><li>Disable beacon monitoring </li></ul></ul><ul><ul><li>No third party firewall on ESX (only iptables) </li></ul></ul><ul><ul><li>Check snmpd.conf for “ro” setting </li></ul></ul>
  21. 21. VMWorld Security Lab 11/2006 <ul><li>Virtual Center – do not let other users inherit parent admin permissions </li></ul><ul><li>Use wheel & sudo (no remote root ssh access, check /etc/sshd.conf) </li></ul><ul><li>Create a MOTD warning banner </li></ul><ul><li>Config NTP/UTC </li></ul><ul><li>Use NST appliance (Network Security Toolkit, Nagios, Nessus, Nmap) </li></ul><ul><li>SNMP monitoring of guests & hosts </li></ul><ul><li>SSL key file permissions (other CVE’s see slide 18) </li></ul>
  22. 22. ESX 2.x Nessus Vulnerabilities <ul><li>CVE-2006-2481    </li></ul><ul><li>Summary: VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the VMware.mui.kid and VMware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619). </li></ul><ul><li>Published: 7/31/2006 </li></ul><ul><li>CVSS Severity: 2.3 (Low) </li></ul><ul><li>CVE-2005-3620      VU#822476 </li></ul><ul><li>Summary: The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges. </li></ul><ul><li>Published: 12/31/2005 </li></ul><ul><li>CVSS Severity: 1.6 (Low) CVE-2005-3619    </li></ul><ul><li>Summary: Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files. </li></ul><ul><li>Published: 12/31/2005 </li></ul><ul><li>CVSS Severity: 10.0 (High) </li></ul>
  23. 23. ESX 2.x Nessus Vulnerabilities (cont) <ul><li>CVE-2005-3618    </li></ul><ul><li>Summary: Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as demonstrated using the setUsr operation to change a password. NOTE: this issue can be leveraged with CVE-2005-3619 to automatically perform the attacks. </li></ul><ul><li>Published: 12/31/2005 </li></ul><ul><li>CVSS Severity: 8.0 (High) </li></ul><ul><li>Per VMware </li></ul><ul><ul><li>2006-2481SSL keys, change default ownership to root (assuming root is protected) </li></ul></ul><ul><ul><li>2003-0386 IP restrict and enable & verify reverse mapping off, not applicable to ESX </li></ul></ul><ul><ul><li>2003-0693 SSH 3.6 buffer overflow, not applicable to ESX </li></ul></ul><ul><ul><li>2003-0987 Apache mod_digest replay, not applicable to ESX </li></ul></ul><ul><ul><li>2005-2798 SSH GSSAPIDelegateCredentials, not applicable to ESX </li></ul></ul><ul><ul><li>2006-2444 snmp trap, not applicable to ESX </li></ul></ul><ul><ul><li>2006-3747 cross site scripting w http trace, use separate vlans </li></ul></ul>
  24. 24. ESX 3.0.1 – No Nessus Vulnerabilities 5/11/2007
  25. 25. ESX 3 Assessment Tools <ul><li>Ecora Auditor Pro 4.1 tool Http:// (automated, baseline, deltas) </li></ul><ul><li>“ regular” Linux assessment of ESX Host (make is installed in ESX host, not in VirtualIron nor XenEnterprise) </li></ul><ul><ul><li>Nessus </li></ul></ul><ul><ul><li>CIS/Bastille --assess </li></ul></ul><ul><ul><li>LSAT </li></ul></ul><ul><ul><li>MTH script </li></ul></ul>
  26. 26. Ecora Demo/Output Here <ul><li>Talk </li></ul><ul><li>Demo </li></ul><ul><li>Results </li></ul>
  27. 27. OTHER - Resources 133 <ul><li>The Source </li></ul><ul><ul><li>Technology network </li></ul></ul><ul><ul><li>Security topics </li></ul></ul><ul><ul><li>Security Response </li></ul></ul><ul><li>Book by Ogelby & Herold </li></ul><ul><li>Book by Al Muller </li></ul><ul><li>Arrasjid & Mills </li></ul><ul><li>Watch for CIS standard </li></ul><ul><li>Watch for Virtualization Security Book by Wiley Publishing [email_address] </li></ul><ul><li>VM cloning of credentials </li></ul><ul><li>Blogs </li></ul><ul><li>DISA orangebook virtualization draft at   </li></ul><ul><li>Ultimate Deployment Appliance </li></ul><ul><li>Guest resource usage and billing </li></ul><ul><li>“ Free” iSCSI </li></ul>
  28. 28. OTHER 133 <ul><li>Questions ?? </li></ul><ul><li>How many Texans does it take to…………. </li></ul><ul><li>Gartner articles </li></ul><ul><li> </li></ul><ul><li> </li></ul><ul><li>New Non-fud </li></ul><ul><ul><li>Management tools </li></ul></ul><ul><ul><li>Performance/Billing tools </li></ul></ul><ul><ul><li>Security tools Virtual Shield (patching) </li></ul></ul><ul><ul><li> </li></ul></ul><ul><li>Big 4 – </li></ul><ul><ul><li>Where are they (VMs) now? (inventory,cc, monitor) </li></ul></ul><ul><ul><li>Current Patches </li></ul></ul><ul><ul><li>High setting on connections </li></ul></ul><ul><ul><li>Appropriate user rights </li></ul></ul>