The Glass Cage, the presentation I gave at Confidence 2009-02 about virtualization security, detailing various attack patterns to virtualization infrastructures.
The document discusses automating machine installations using the System Installer Suite (SIS), which allows creating master machine images that can then be replicated across identical installations for speed and consistency. SIS includes tools for capturing images, installing systems from those images, and configuring hardware and network settings post-installation. The document also compares SIS to other installation tools and discusses some challenges around maintaining and updating images over time.
This document discusses security in cloud computing environments. It recommends implementing security through layered protections including physically secure and redundant infrastructure, encrypted and separately networked storage, firewalls, intrusion detection systems, secure connectivity, and access management. The document emphasizes that people remain the weakest link and stresses developing securely with care and management. It advocates a layered approach with physical, technical, and procedural security controls to prevent cloud environments from being compromised.
In this presentation, I introduce VASTO, the Virtualization ASsessment TOolkit. VASTO is a collection of Metasploit module to specifically assess virtual infrastructure.
This document discusses virtualizing networks using VirtualBox and Leonidas virtual machines. It provides instructions on downloading VirtualBox, copying the Leonidas virtual drive image, and installing necessary software onto a master Leonidas image that can then be cloned to create duplicate virtual machines easily. Various terms related to virtualization and virtual machines are defined. Potential practical applications of virtual machines like learning Linux, security testing, and networking are described. The document demonstrates configuring internal networking between cloned virtual machines in VirtualBox.
I gave this talk during first Infosec meetup in Kraków/Poland on 13th March 2014. After viewing this presentation you'll know how and why you should use SELinux (or others LSMs).
Top Ten Security Considerations when Setting up your OpenNebula CloudNETWAYS
Creating new nodes in your cloud environment was never as easy. Just a few clicks away system engineers create new virtual machines, assign network environments for them and deploy software components. Viable security engineering has ever been a key task to ensure your data’s confidentiality, integrity, and availibity. While hardening your operating systems and wisely designing you applications, cloud computing introduced a new challenge for engineers who are responsible for security.
A breach in the perimeters of one of your central components threatens the overall security of all systems in any environment. The talk discusses predominant attack patterns that system engineers and security officers should consider. The top 10 threats come together with practical suggestions to improve data center security in the cloud.
The document discusses security issues related to cloud computing including traditional problems like data loss and downtime as well as new issues introduced by cloud architectures like lack of a security perimeter, increased attack surface from virtualization, and challenges around data confidentiality, integrity and availability when data is stored, processed and transmitted remotely in the cloud. Virtualization introduces additional security risks around hypervisor vulnerabilities, VM isolation, and state restoration that could allow compromised VMs to persist.
The document discusses automating machine installations using the System Installer Suite (SIS), which allows creating master machine images that can then be replicated across identical installations for speed and consistency. SIS includes tools for capturing images, installing systems from those images, and configuring hardware and network settings post-installation. The document also compares SIS to other installation tools and discusses some challenges around maintaining and updating images over time.
This document discusses security in cloud computing environments. It recommends implementing security through layered protections including physically secure and redundant infrastructure, encrypted and separately networked storage, firewalls, intrusion detection systems, secure connectivity, and access management. The document emphasizes that people remain the weakest link and stresses developing securely with care and management. It advocates a layered approach with physical, technical, and procedural security controls to prevent cloud environments from being compromised.
In this presentation, I introduce VASTO, the Virtualization ASsessment TOolkit. VASTO is a collection of Metasploit module to specifically assess virtual infrastructure.
This document discusses virtualizing networks using VirtualBox and Leonidas virtual machines. It provides instructions on downloading VirtualBox, copying the Leonidas virtual drive image, and installing necessary software onto a master Leonidas image that can then be cloned to create duplicate virtual machines easily. Various terms related to virtualization and virtual machines are defined. Potential practical applications of virtual machines like learning Linux, security testing, and networking are described. The document demonstrates configuring internal networking between cloned virtual machines in VirtualBox.
I gave this talk during first Infosec meetup in Kraków/Poland on 13th March 2014. After viewing this presentation you'll know how and why you should use SELinux (or others LSMs).
Top Ten Security Considerations when Setting up your OpenNebula CloudNETWAYS
Creating new nodes in your cloud environment was never as easy. Just a few clicks away system engineers create new virtual machines, assign network environments for them and deploy software components. Viable security engineering has ever been a key task to ensure your data’s confidentiality, integrity, and availibity. While hardening your operating systems and wisely designing you applications, cloud computing introduced a new challenge for engineers who are responsible for security.
A breach in the perimeters of one of your central components threatens the overall security of all systems in any environment. The talk discusses predominant attack patterns that system engineers and security officers should consider. The top 10 threats come together with practical suggestions to improve data center security in the cloud.
The document discusses security issues related to cloud computing including traditional problems like data loss and downtime as well as new issues introduced by cloud architectures like lack of a security perimeter, increased attack surface from virtualization, and challenges around data confidentiality, integrity and availability when data is stored, processed and transmitted remotely in the cloud. Virtualization introduces additional security risks around hypervisor vulnerabilities, VM isolation, and state restoration that could allow compromised VMs to persist.
Slides from the presentation held at ISC^2 Suisse Romand event on December 21st 2020 by Luca Bertagnolio. Video of the speech at:
https://youtu.be/9mA4RAPrnRQ
The document discusses some of the main security concerns with cloud computing, including data privacy, security, and issues of trust. It suggests adopting a layered security approach, using encryption, strong authentication methods, and choosing reputable cloud providers. While cloud computing security risks exist, the document argues providers have incentives to maintain good security practices and outlines some typical security processes providers have in place. It recommends a gradual approach to cloud adoption starting with non-critical systems.
This session will explain at various levels how security is quaranteed. What are the responsibilities of the Cloud Provider (in this case Microsoft) and what responsibilities remain with the customers themselves? How are we save from evesdropping for sensitive information and portscanners? How compliant are the Microsoft Windows Azure datacenters? What does the Patriot Act mean, what is Safe Harbour and how does this impact the privacy of your data?
Automated Security Hardening with OpenStack-AnsibleMajor Hayden
The OpenStack-Ansible project has a security role that applies over 200 host security hardening configurations in less than two minutes. It's based on the Security Technical Implementation Guide (STIG) from the US federal government and it is heavily customized to work well with an OpenStack environment.
Top 6 Practices to Harden Docker Images to Enhance Security9 series
Dockers can be considered equivalent to containers. Different verses of tools and platforms of containers are being used to develop containers to work more profitably. However, there are so many principles for protecting applications based on the container by collaborating with other secured applications.
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...John Kinsella
My CSA 2011 talk - gives an overview of what one needs to do to review the security if a commercial or open-source cloud stack and feel confident in providing secure cloud services.
Cloud computing refers to applications and services delivered over the internet. There are three main types of cloud offerings: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Private clouds run on internal infrastructure behind a company's firewall while public clouds exist outside on external infrastructure. Ubuntu Enterprise Cloud (UEC) allows companies to build private clouds using their own infrastructure that match the API of Amazon EC2, the standard for public clouds. Future releases of UEC aim to improve integration with management tools and provide increased portability between internal and external cloud environments.
The document discusses various scenarios to secure Docker containers and mitigate common security issues. Scenario 1 audits the host kernel for vulnerabilities using a script. Scenario 2 discusses the risk of running containers as root and demonstrates running containers with a non-root user. Scenario 3 shows how sensitive information can be leaked during the docker build process and how to prevent it using a .dockerignore file. Scenario 4 limits container resources to prevent denial of service attacks. Scenarios 5 and 6 implement security profiles using SecComp and AppArmor to restrict syscalls and file permissions within containers. Scenario 7 audits the docker configuration using a benchmarking tool.
Acronis Cyber Backup Cloud protects more than 20 platforms and incorporates the backup industry’s most advanced anti-ransomware technology, safeguarding data and systems in any environment physical or virtualized, on-premises or in the cloud.
Toradex's latest blog post written by Leonardo Graboski Veiga, FAE, Toradex Brasil, shows you how to provision an Ubuntu Server 16.04 LTS virtual machine in Microsoft Azure, and use Yocto/OpenEmbedded to generate an embedded Linux image. Read on here: https://www.toradex.com/blog/cloud-aided-yocto-build-speedup
The presentation I gave at SyScan 10 Singapore on Private Cloud Security in integral form excluding the exploit videos, outlining the security deltas between "classical" virtualization and private cloud security.
La mia presentazione alla lezione 0 del corso di perfezionamento sulla computer forensics e le investigazioni digitali dell'università Statale di Milano a Gennaio 2010. Una introduzione ai concetti di computer forensics e acquisizione della prova digitale.
The document discusses attacking virtualization infrastructure through various exploits. It presents the Virtualization ASsessment TOolkit (VASTO) which is an exploit pack focusing on virtualization and cloud security. It then demonstrates several exploits against VMware virtualization software, including path traversal exploits, session hijacking, and code execution exploits affecting the vCenter management console, ESXi hypervisor, and supporting services. The talk encourages testing these attacks to better understand vulnerabilities in virtualization platforms.
Defending against Java Deserialization VulnerabilitiesLuca Carettoni
Java deserialization vulnerabilities have recently gained popularity due to a renewed interest from the security community. Despite being publicly discussed for several years, a significant number of Java based products are still affected. Whenever untrusted data is used within deserialization methods, an attacker can abuse this simple design anti-pattern to compromise your application. After a quick introduction of the problem, this talk will focus on discovering and defending against deserialization vulnerabilities. I will present a collection of techniques for mitigating attacks when turning off object serialization is not an option, and we will discuss practical recommendations that developers can use to help prevent these attacks.
The document provides an overview of open source virtualization technologies by Kris Buytaert. It discusses the history and evolution of virtualization starting from mainframes in the 1960s to modern virtualization with Xen, KVM, VirtualBox and other open source projects. It also compares different virtualization approaches like full, para and hardware virtualization. Lastly, it discusses popular virtualization platforms and management tools as well as the future of virtualization.
This talk provides an overview of the Xen Project eco-system and its main use-cases in a number of important market segments: it covers server virtualization, cloud computing and embedded, automotive and related. Lars Kurth highlights why the Xen Project is relevant in these market segments: he provides an overview of the Xen Project's architecture, relevant existing functionality and ongoing and planned developments. To complement the picture, he covers open-source projects that are related to Xen and are of interest for these use-cases. Excellent Software security is key to all of these use-cases. Thus, Lars specifically covers the Xen Project's security features, track record and touches on the project's security practices. He concludes with a few resources that help you get started with the Xen Project and highlight Internship Programs which the project supports.
The talk was delivered at Root Linux Conference 2017. Learn more: http://linux.globallogic.com/materials. The video is available at https://www.youtube.com/watch?v=sjQnAIJji4k
Virtualization allows multiple virtual machines to run on a single physical machine. It relies on hardware advances like multi-core CPUs and networking improvements. Virtualization works by either emulating hardware, trapping privileged instructions and emulating them, dynamic binary translation, or paravirtualization where the guest OS is aware it is virtualized. I/O virtualization can emulate devices, use paravirtualized drivers, or directly assign devices to VMs. This enables server consolidation and efficient utilization of resources in cloud computing.
There is No Server: Immutable Infrastructure and Serverless ArchitectureSonatype
Erlend Oftedal, Blank
Immutable infrastructure and serverless architectures have very interesting security properties. This talk will give an introduction to immutable infrastructure and serverless architecture and try to highlight some of the properties of such architectures. Next we will look at the positive effects this can have on the security of our systems, but also highlight some of the negative aspects and potential problems.
At the conclusion of this sessions, we hope to have shed some light on the positive and negative security effects of such architectures.
1) The document discusses the concepts of virtualization, virtualization security (VirtSec), open source virtualization, and cloud security (CloudSec).
2) It notes that virtualization changes the network stack and security approaches by putting the network inside machines and allowing live migration across VLANs.
3) It argues that security must focus on automation, configuration management, and avoiding proprietary lock-in to address challenges from virtualization like image sprawl and rapid redeployment.
Slides from the presentation held at ISC^2 Suisse Romand event on December 21st 2020 by Luca Bertagnolio. Video of the speech at:
https://youtu.be/9mA4RAPrnRQ
The document discusses some of the main security concerns with cloud computing, including data privacy, security, and issues of trust. It suggests adopting a layered security approach, using encryption, strong authentication methods, and choosing reputable cloud providers. While cloud computing security risks exist, the document argues providers have incentives to maintain good security practices and outlines some typical security processes providers have in place. It recommends a gradual approach to cloud adoption starting with non-critical systems.
This session will explain at various levels how security is quaranteed. What are the responsibilities of the Cloud Provider (in this case Microsoft) and what responsibilities remain with the customers themselves? How are we save from evesdropping for sensitive information and portscanners? How compliant are the Microsoft Windows Azure datacenters? What does the Patriot Act mean, what is Safe Harbour and how does this impact the privacy of your data?
Automated Security Hardening with OpenStack-AnsibleMajor Hayden
The OpenStack-Ansible project has a security role that applies over 200 host security hardening configurations in less than two minutes. It's based on the Security Technical Implementation Guide (STIG) from the US federal government and it is heavily customized to work well with an OpenStack environment.
Top 6 Practices to Harden Docker Images to Enhance Security9 series
Dockers can be considered equivalent to containers. Different verses of tools and platforms of containers are being used to develop containers to work more profitably. However, there are so many principles for protecting applications based on the container by collaborating with other secured applications.
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...John Kinsella
My CSA 2011 talk - gives an overview of what one needs to do to review the security if a commercial or open-source cloud stack and feel confident in providing secure cloud services.
Cloud computing refers to applications and services delivered over the internet. There are three main types of cloud offerings: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Private clouds run on internal infrastructure behind a company's firewall while public clouds exist outside on external infrastructure. Ubuntu Enterprise Cloud (UEC) allows companies to build private clouds using their own infrastructure that match the API of Amazon EC2, the standard for public clouds. Future releases of UEC aim to improve integration with management tools and provide increased portability between internal and external cloud environments.
The document discusses various scenarios to secure Docker containers and mitigate common security issues. Scenario 1 audits the host kernel for vulnerabilities using a script. Scenario 2 discusses the risk of running containers as root and demonstrates running containers with a non-root user. Scenario 3 shows how sensitive information can be leaked during the docker build process and how to prevent it using a .dockerignore file. Scenario 4 limits container resources to prevent denial of service attacks. Scenarios 5 and 6 implement security profiles using SecComp and AppArmor to restrict syscalls and file permissions within containers. Scenario 7 audits the docker configuration using a benchmarking tool.
Acronis Cyber Backup Cloud protects more than 20 platforms and incorporates the backup industry’s most advanced anti-ransomware technology, safeguarding data and systems in any environment physical or virtualized, on-premises or in the cloud.
Toradex's latest blog post written by Leonardo Graboski Veiga, FAE, Toradex Brasil, shows you how to provision an Ubuntu Server 16.04 LTS virtual machine in Microsoft Azure, and use Yocto/OpenEmbedded to generate an embedded Linux image. Read on here: https://www.toradex.com/blog/cloud-aided-yocto-build-speedup
The presentation I gave at SyScan 10 Singapore on Private Cloud Security in integral form excluding the exploit videos, outlining the security deltas between "classical" virtualization and private cloud security.
La mia presentazione alla lezione 0 del corso di perfezionamento sulla computer forensics e le investigazioni digitali dell'università Statale di Milano a Gennaio 2010. Una introduzione ai concetti di computer forensics e acquisizione della prova digitale.
The document discusses attacking virtualization infrastructure through various exploits. It presents the Virtualization ASsessment TOolkit (VASTO) which is an exploit pack focusing on virtualization and cloud security. It then demonstrates several exploits against VMware virtualization software, including path traversal exploits, session hijacking, and code execution exploits affecting the vCenter management console, ESXi hypervisor, and supporting services. The talk encourages testing these attacks to better understand vulnerabilities in virtualization platforms.
Defending against Java Deserialization VulnerabilitiesLuca Carettoni
Java deserialization vulnerabilities have recently gained popularity due to a renewed interest from the security community. Despite being publicly discussed for several years, a significant number of Java based products are still affected. Whenever untrusted data is used within deserialization methods, an attacker can abuse this simple design anti-pattern to compromise your application. After a quick introduction of the problem, this talk will focus on discovering and defending against deserialization vulnerabilities. I will present a collection of techniques for mitigating attacks when turning off object serialization is not an option, and we will discuss practical recommendations that developers can use to help prevent these attacks.
The document provides an overview of open source virtualization technologies by Kris Buytaert. It discusses the history and evolution of virtualization starting from mainframes in the 1960s to modern virtualization with Xen, KVM, VirtualBox and other open source projects. It also compares different virtualization approaches like full, para and hardware virtualization. Lastly, it discusses popular virtualization platforms and management tools as well as the future of virtualization.
This talk provides an overview of the Xen Project eco-system and its main use-cases in a number of important market segments: it covers server virtualization, cloud computing and embedded, automotive and related. Lars Kurth highlights why the Xen Project is relevant in these market segments: he provides an overview of the Xen Project's architecture, relevant existing functionality and ongoing and planned developments. To complement the picture, he covers open-source projects that are related to Xen and are of interest for these use-cases. Excellent Software security is key to all of these use-cases. Thus, Lars specifically covers the Xen Project's security features, track record and touches on the project's security practices. He concludes with a few resources that help you get started with the Xen Project and highlight Internship Programs which the project supports.
The talk was delivered at Root Linux Conference 2017. Learn more: http://linux.globallogic.com/materials. The video is available at https://www.youtube.com/watch?v=sjQnAIJji4k
Virtualization allows multiple virtual machines to run on a single physical machine. It relies on hardware advances like multi-core CPUs and networking improvements. Virtualization works by either emulating hardware, trapping privileged instructions and emulating them, dynamic binary translation, or paravirtualization where the guest OS is aware it is virtualized. I/O virtualization can emulate devices, use paravirtualized drivers, or directly assign devices to VMs. This enables server consolidation and efficient utilization of resources in cloud computing.
There is No Server: Immutable Infrastructure and Serverless ArchitectureSonatype
Erlend Oftedal, Blank
Immutable infrastructure and serverless architectures have very interesting security properties. This talk will give an introduction to immutable infrastructure and serverless architecture and try to highlight some of the properties of such architectures. Next we will look at the positive effects this can have on the security of our systems, but also highlight some of the negative aspects and potential problems.
At the conclusion of this sessions, we hope to have shed some light on the positive and negative security effects of such architectures.
1) The document discusses the concepts of virtualization, virtualization security (VirtSec), open source virtualization, and cloud security (CloudSec).
2) It notes that virtualization changes the network stack and security approaches by putting the network inside machines and allowing live migration across VLANs.
3) It argues that security must focus on automation, configuration management, and avoiding proprietary lock-in to address challenges from virtualization like image sprawl and rapid redeployment.
LOAD BALANCING OF APPLICATIONS USING XEN HYPERVISORVanika Kapoor
Xen virtualization allows multiple virtual machines to run simultaneously on a single physical server. This increases hardware utilization and makes provisioning new servers easier. NFS allows files to be accessed remotely over a network, enabling file sharing between systems. NFS uses RPC to perform file operations like reads, writes and attribute retrieval. It has advantages of flexibility but also security risks if not configured properly. Newer NFS versions aim to improve performance and mandate strong authentication.
Presentation by Marco Slaviero at the University of Pretoria to the Tuks Linux User Group in 2010.
The aim of this presentation is to promote information security. The presentation begins with a look at a few recent attacks. Cloud computing is briefly discussed. The presentation ends with a discussion on Amazon web services and its security.
The document discusses moving the NYTimes.com website to the cloud. It describes starting with a basic AWS setup but then facing challenges with scaling, communication between instances, and security when the site grew. The solution involved using open source tools like Nimbul for cloud management, Emissary for messaging, and CloudSource for deployment to extend their existing infrastructure to the cloud in a way that was compatible with their development processes and security requirements for a large established organization.
CloudSec , don't forget Security in the Cloud !Kris Buytaert
Cloud computing refers to using internet-based computer resources and relies on trends like software as a service and web 2.0. There are different types of cloud including software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). Deploying in an untrusted cloud domain presents security challenges that are different from traditional IT environments due to the dynamic scaling and virtualization of resources. Security in the cloud requires approaches like encryption, firewalls, access control, and not storing critical data in the cloud.
CSA Presentation 26th May Virtualization securityv2vivekbhat
Bryan Nairn discusses security considerations for virtualization. Virtual machines are increasingly common but over 40% will be less secure than physical servers by 2014. Key risks include compromised host machines which could then control VMs, and unpatched guest operating systems. Defenses include hardening host servers, protecting virtual machine files, isolating guest networks, and using access control lists to manage permissions for VMs. Securing the virtualization platform requires attention to both host and guest security.
The document discusses the history and future of virtual machines. It summarizes that virtual machines were originally developed in the 1960s for mainframe computers but fell out of favor. Modern virtualization technologies like VMware have enabled running multiple operating systems on commodity hardware simultaneously with good performance. The document outlines VMware's virtualization technology and products, and provides examples of how virtual machines can be used for testing, server consolidation, application compatibility, and security.
Virtualization allows multiple operating systems to run on a single physical system by sharing hardware resources. It provides isolation between virtual machines using a virtual machine monitor. Virtualization provides benefits like server consolidation, running legacy applications, sandboxing, and business continuity. However, it also presents risks if not properly secured, such as increased attack channels, insecure communications between virtual machines, and virtual machine sprawl consuming excess resources. Security measures are needed at the hypervisor, host, virtual machine, and network layers to harden the virtualization environment against threats.
Docker, Linux Containers, and Security: Does It Add Up?Jérôme Petazzoni
Containers are becoming increasingly popular. They have many advantages over virtual machines: they boot faster, have less performance overhead, and use less resources. However, those advantages also stem from the fact that containers share the kernel of their host, instead of abstracting an new independent environment. This sharing has significant security implications, as kernel exploits can now lead to host-wide escalations.
In this presentation, we will:
- Review the actual security risks, in particular for multi-tenant environments running arbitrary applications and code
- Discuss how to mitigate those risks
- Focus on containers as implemented by Docker and the libcontainer project, but the discussion also stands for plain containers as implemented by LXC
The document discusses using virtualization with Xen in a real world environment. It describes how virtualization was used at Newtec to consolidate servers, test configurations, and build dynamic development environments. Some key benefits realized were reduced hardware costs through consolidation, the ability to test at large scale without dedicated hardware, and automating the deployment of virtual machines. It also discusses lessons learned around only virtualizing what is needed and ensuring simplicity to maximize availability.
Virtualization Technology for Test Automationextentconf Tsoy
Virtualization technology can be used for test automation by running multiple virtual machines simultaneously. This allows testing software across different operating systems like Windows and Linux at the same time. It provides isolation between environments while improving efficiency by reusing hardware resources. Some challenges include additional complexity, performance overhead, and issues with virtualizing certain hardware architectures.
The document discusses various topics related to virtualization and cloud computing including definitions, types, security issues and compliance challenges. It defines virtualization as the creation of virtual versions of hardware resources like CPU, memory and storage. The main types of virtualization covered are server, desktop, application, network and storage virtualization. Private clouds are discussed as being operated solely for an organization, while raising similar security controls as virtualization. Resources on virtualization security best practices from NIST, VMware and Cloud Security Alliance are also referenced.
This document provides an overview of virtualization concepts from VMware's perspective given by Steven Aiello, including:
- A brief biography of Steven Aiello and his credentials.
- An introduction to common virtualization concepts such as VMs, hypervisors, and benefits of virtualization like hardware independence and infrastructure flexibility.
- A comparison of popular virtualization platforms including VMware, Citrix XenServer, Microsoft Hyper-V, and others.
- Discussion of how virtualization can both help and potentially hurt security through concepts like availability, confidentiality and integrity. Mitigation strategies are proposed.
Bryan Nairn discusses security considerations for virtualization. He notes that over 40% of virtual machines will be less secure than physical machines by 2014. The document outlines common virtualization security myths and describes the hypervisor architecture. It discusses isolation between virtual machines and the hypervisor's security goals of protecting data confidentiality and integrity. The document also covers common attack vectors and provides potential solutions for securing the host system and virtual machines.
Similar to [Confidence0902] The Glass Cage - Virtualization Security (20)
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Project Management Semester Long Project - Acuityjpupo2018
Acuity is an innovative learning app designed to transform the way you engage with knowledge. Powered by AI technology, Acuity takes complex topics and distills them into concise, interactive summaries that are easy to read & understand. Whether you're exploring the depths of quantum mechanics or seeking insight into historical events, Acuity provides the key information you need without the burden of lengthy texts.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
12. There's a whole ecosystem around virtualization
Management software
Storage managers
Patchers
Conversion software
All of them can be hacked!
SN-2009-02 - ToutVirtual VirtualIQ Pro
Multiple Vulnerabilities
16. /client/clients.xml
Requested every time VI client connects to a host
<ConfigRoot>
<clientConnection id="0000">
<authdPort>902</authdPort>
<version>3</version>
<patchVersion>3.0.0</patchVersion>
<apiVersion>3.1.0</apiVersion>
<downloadUrl>https://*/client/VMware-
viclient.exe</downloadUrl>
</clientConnection>
</ConfigRoot>
17. What if we change that XML?
By MitM
or
Post-exploitation on the host
Demo time
18. Just woke up?
Here's what's going on
VI Client looks for clients.xml
We do some MiTM
We use Burp because it rocks and it's easy
Change the clients.xml
P0wned
26. VMware Studio
A virtual appliance to build other virtual appliances
Path traversal leading to unauthenticated arbitrary
file upload to any directory
SN-2009-03 by Claudio criscione
27. Virtualization ASsessment TOolkit
A toolkit for virtualization penetration testing
Currently under development @ Secure Network
Metasploit based
28. Still in early Alpha stage
Stable modules:
Fingerprinting
Brute Forcer
VMware Studio Exploiter
Let's see them (if we have time!)
29. Everyone has got some...
Ubuntu just launched its Cloud infrastructure
It leverages Eucalyptus
And we have (at least) an XSS in Eucalytpus
31. You already knew about that, or at least
thought about that
It already happened multiple times, e.g.
CloudBurst on VMware
CVE-2007-1320 on XEN
Overflow in Cirrus VGA: see a pattern?
35. One pre-auth request to the HTTP interface will
result in Astaro doing a DNS query
We won't get the results, but it's a nice one-way
covert channel for any blind attack (tnx ikki)
What's most important, no IDS in the network will
detect any anomaly. It's all in-memory