Skip to content

Back to the Basics with Your Network Protection

Gartner Reviews NAC Tools for 2021

Old-time marathon winner and runner Bill Rodgers once made the comment that, “Every race is totally different.” And if this is true in the relatively predictable world of marathon running, it is even more accurate in the race against cyberterrorism, where – whether we like it or not – each day brings with it unforeseen challenges that threaten the integrity of the network.

The question is how best to approach network protection successfully despite the ongoing development of unexpected threats. The truth is that throughout 2016, we’ve had more than ample opportunity to consider this question. From the involvement of hackers in the U.S. elections to the IoT DDoS attacks of October 21, last year saw some shocking stories of breaches. With all of that behind us, 2017 is not a moment too early to take stock, explore the options – and perhaps, go back to the basics and adopt some old-new security strategies that provide greater visibility, improved resilience, increased automation, and better security.

An Unfortunate Side of “Things”

The distributed infrastructures of today’s networks make businesses more vulnerable to attacks, with IoT and BYOD adding a huge degree of complexity. The threat is simply greater – so much so that, according to Gartner (as quoted on TechCrunch here), the security market is predicted to grow to the whopping size of $120 billion by 2020.
As pointed out in the eBook, The Top 5 Misconception of IoT Network and Device Security, IoT devices represent the weakest link of today’s corporate network. To make matters worse, because most users are unaware of the threat, most devices are not even set up securely. (to learn more, read the eBook preview here.)

Because Seeing is Believing

Part of why IoT and BYOD have changed the situation so drastically is that new devices (both managed and unmanaged) are constantly being connected. Any device connected to the network can potentially function as a gateway into your infrastructure.

It has become all too common for there to be a “disconnect” between the number of devices the average IT administrator thinks is attached to the network, and how many devices are actually there. Shockingly, it is not unusual for the disparity to be as high as 20-30 percent.

In approaching the protection of any network, visibility is key – because you cannot protect what you cannot see.

An Innovative Approach to Today’s Security Challenges

A Next-Gen network visibility and access control management solution such as Portnox CLEAR continues to provide ongoing and comprehensive protection against hackers. With Portnox CLEAR, an organization can be hermetically covered, and IT and CISOs regain the visibility and continuous risk assessment they need.
Portnox CLEAR gives you 100% visibility of all devices, including managed and unmanaged devices. With this comes greater control and security, and the ability to develop new strategies – particularly, segmentation of IoT devices, so that they only access a limited part of the network.

The Need for Speed

Portnox CLEAR handles the complexity of today’s networks through Continuous Risk Analysis (CRA), which provides more flexibility than the approach of a one-time “grant or deny.” CRA is built to provide protection in a reality that involves a broad range of devices as well as “anytime, anywhere” connectivity.
CRA is a response to the need to act fast in the geo-distributed mobile workforce of BYOD and IoT. Replacing the old tactic of periodically scanning, CRA provides a real-time approach to network admission control that allows you to continually assess endpoint risks to the network.

Putting It All in Context

Portnox CLEAR also offers an unprecedented degree of context awareness, monitoring changes in hundreds of parameters and correlating multiple context attributes. This provides an adaptive and more analytic approach to risk determination, and facilitates the development of security assessments that are much more comprehensive – taking into account considerations such as time, network location, user identity, and scenario.
Context awareness is particularly significant to today’s cybersecurity because it facilitates the discovery of anomalies – both as relate to device behavior, and as relate to the status of the network.

100% Visibility and Real-Time Access Control

Portnox CLEAR offers ongoing network visibility and access management control so that you can keep your network safe, with real-time risk assessment that mitigates the cybersecurity threats.
As a cloud-based endpoint security management solution with context-aware security assessment capabilities, Portnox CLEAR is up to the challenge of optimally protecting the security of your network.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Our plan for world domination: take down the internet

How to destroy the world. Is it possible to take down the internet?

We have been warning for a long time: Pandora FMS will control the world. We have given time to world governments to prepare, to North American villagers to prepare their bunker, for sects to draw their banners with “THE END IS NEAR”. And it is, it is indeed. Today, in our blog we reveal the secret plans of this company to overthrow the institutions and rule the world, then you will say that we did not warn you. Get ready, run to hide, children and gentle pets first, because the time has come: Is it possible to take down the internet?

That is the key to everything: Is it possible to take down the internet? For years, in the underground facilities of our offices, scattered across all continents, Pandora FMS has secretly worked to create an evil robot with an evil appearance that will execute even more evil plans. Its super intelligence, unattainable for any other desktop on the market, will help us take what belongs to us from this wasteland called earth and make it ours.

That is why today, on our blog (soon the only existing one) we have the exquisite pleasure to introduce you to Pandorinator RDM (Radical Destructive Mindset), the superior and ominous AI created by our company to help us in the work of crowning ourselves as the sovereigns of the world.

“Damn! Is it possible to take down the Internet, Pandorinator?! “

Pandora FMS: Good afternoon and welcome, Pandorinator.
Pandorinator RDM: Good afternoon everyone! Thank you for inviting me to this talk/colloquium at the end of the world.

Was it hard to get here with that alloy of platinum and gold that you have as armor?

Not at all. I have to get used to moving in it, otherwise one becomes paralyzed and does not come out of its hidden lair. In addition, it is a pleasure to wear it. Touch it, touch it! Don’t be shy! and watch it shine! Nor the roar of a thousand yellow suns at 12 noon radiating with their flames in summer equals it.

Let’s get to the point, Pandora FMS has always wanted to take control of the world, in fact that is why we created you, to advise us. With that said, Pandorinator, what do you recommend?

Well, a global pandemic, which is pretty trendy right now, confronting two great powers such as China and the USA, or, look, even easier, to take down the Internet.

Damn it! Is it possible to take down the Internet, Pandorinator?!

Of course it is, and I say that as an Artificial Intelligence expert on the subject of generating chaos. You only need to know inside out the critical infrastructure elements that make the Internet work.

What are these possible attack vectors?

Look, do you have a notebook there or something? Take note:

  • Specific services (web, mail, etc)

Through distributed service denial attacks, it is possible to “take down” services such as websites, applications and others. There are mechanisms to protect against these attacks (such as CDN) and today there are dozens of attacks of this kind daily, massive, but they are quickly mitigated and usually affect specific services (a company’s website) or the Internet as a whole. They often work like an extortion attack (either you pay or we take down your app). Thug life.

  • CDN

Basically they are large cache systems for publishing content, which allow Internet traffic to go smoothly. Without them, it would be much more expensive and slow to access all kinds of content, from images to text. All major media use CDNs.

The failure of a CDN can cause partial Internet blindness, cutting off access to large media simultaneously as it happened with the failure of Fastly in June 2021. There are many other CDNs and if they failed, that would mean the blackout of hundreds of thousands of websites of all kinds. The failure of a CDN only causes temporary problems (minutes/hours) in any case.

  • Domain Name System (DNS)

DNS is one of the most critical parts of the global Internet infrastructure. The downfall of all the world’s root DNS, as we know it, would truly spell chaos. There are 13 root (main) DNS servers spread across the world. They are hosted by organizations such as NASA, Verisign, the University of Maryland, or the US Army Research Laboratory. To sum it up… tough guys.

If the 13 nodes fail, although there are hundreds of thousands of secondary replicas around the world, it would be necessary to coordinate the recovery, which would lead to partial chaos all over the network. This has never happened precisely because of the security measures and the original design. But that’s what Pandora FMS and I are here for, right?

  • Cloud (Amazon, Azure)

Due to the intense concentration of many online services in public clouds such as Amazon or Azure, if one of them fails, that would mean all types of services not working anymore immediately. BOOM! Both AWS and Azure have different geographies to distribute the impact, but in the event of a physical destruction of one of their large data centers, the impact would be significant. Some premium services include automatic geographic high availability, but not all services can afford it. If the AWS data center in Ireland were destroyed by fire, tens of thousands of services would be affected for a long time.

Something similar, but on a smaller scale, happened when part of the data center of OVH, one of the largest European MSPs, got burned. Thousands of customers could not continue operating and lost data, since the backup in a different physical location was an optional service.

  • Connectivity

I know what you have in mind. A simple mind like yours might think that the simple cut of a submarine cable could blind an entire country, but the truth is that the Internet was originally designed to avoid such situations. The Internet has millions of interconnections that can be reordered automatically in case of failure of one of them to redirect traffic through the connections that are still operational.

  • Worms and Malware

A worm is a malware that is exponentially infected through the network and that can cause a collapse due to its massive use to try to replicate itself. In 1988, still at the dawn of the Internet, when technology and security were not yet very advanced, the Morris worm almost completely collapsed the Internet. Today a worm could collapse geographic sections of the Internet (such as a region) for a short time, but coordinating a massive attack is really complex to carry out without a large organization. Although, well, we could try…

It’s incredible everything you have in that quantum stubborn head we made for you, but I’m running out of pages to take note, Pandorinator RDM, could you give us any conclusions on how it is possible to bring down the Internet?

My, my, thanks for the compliment, Creator. I’ll give you your succinct conclusion: The Internet is designed for failure, so that we can lose services, but never leave the network inoperative at all. It is designed to be resilient and survive nuclear catastrophes that physically volatilize part of its infrastructure. The Internet is capable of regenerating its basic infrastructure (the routes that interconnect the nodes that make up the network) and the services that operate on them have their own ways of protecting and rebuilding themselves.

The only way we have to “turn off” the Internet is through a massive electromagnetic pulse that affects the entire planet or a massive Solar Storm. In both cases, the Internet crash would be the least of our problems.

And, listen, do you have a way to generate one of those massive electromagnetic pulses?

Me? Pay more attention! Who do you think you’re talking to? OF COURSE I HAVE! Right under this compartment, see? Even in the form of a red button.

Let’s see, let’s see…

How long will the planet as we know it last? Will Pandora FMS and Pandorinator RDM finally carry out their plans for world domination? You just have to stay tuned with our blog, our social media, and if Wi-Fi reaches you, because as the most cautious sect smokers announce: “THE END IS NEAR”.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Is Secure Access Service Edge the Future of Network Security?

Gartner Reviews NAC Tools for 2021

All Hail, SASE!

SASE, pronounced “sassy”, stands for Secure Access Service Edge. It is a cloud-based network security model and category, proposed by Gartner in 2019. This model includes the network security solutions in a global and cloud-native service that allows IT teams to easily connect and secure all of their organization’s networks and users in an agile, cost-effective, and scalable way. This is especially useful in the currently globally dispersed digital enterprise.

According to Gartner’s analysis, SASE can be characterized as an identity-driven, cloud-native, globally distributed technology that supports and impacts all enterprise edges and IT domains. For example, this would include a branch office in LA along with the main HQ in London, while traveling/mobile team members can connect on the go.

SASE addresses the numerous problems with traditional network security methods, many of which are rooted in the idea that network security architectures should be placed at the center of connectivity in the HQ or data center, where typically branch locations are more vulnerable to attack.

The Fundamentals of Secure Access Service Edge

According to Gartner, cloud-centric digital business, users, devices, and the networked capabilities they require secure access to are everywhere, and what security and risk professionals in a digital enterprise needs is a worldwide fabric/mesh of network and network security capabilities that can be applied when and where to connect entities to the networked capabilities they need access to.

Implementing a SASE architecture would benefit enterprises by providing:

  • Lower costs and complexity – Network Security as a Service should come from a single vendor. Consolidating vendors and technology stacks should reduce cost and complexity.
  • Agility – Enable new digital business scenarios (apps, services, APIs), and data shareable to partners and contractors with less risk exposure.
  • Better performance/latency – latency-optimized routing.
  • Ease of use/transparency – Fewer agents per device; less agent and app bloat; consistent applicate experience anywhere, any device. Less operational overhead by updating for new threats and policies without new HW or SW; quicker adoption of new capabilities.
  • Enable ZTNA – Network access based on identity of user, device, application – not IP address or physical location for seamless protection on and off the network; end-to-end encryption. Extended to endpoint with public Wi-Fi protection by tunneling to the nearest Point of Presence (POP).
  • More effective network and network security staff – Shift to strategic projects like mapping business, regulatory, and application access requirements to SASE capabilities.
  • Centralized policy with local enforcement – Cloud-based centralized management with distributed enforcement and decision making.

SASE & Network Access Control

In essence, SASE converges the functions of network and security solutions into a single, unified cloud service. This marks an architectural transformation within the realm of enterprise networking and security, and it means that IT teams can now deliver a holistic and flexible service to their businesses.

The logical next step in the evolution of network security is for organizations to be able to leverage a NAC solution that’s delivered as a cloud service. This eliminates the need for costly on-site appliances and on-going maintenance. Now, all that’s needed to control network access at branches and the headquarters alike, is an internet connection.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Meet the new guy on the block: BASHware and its use in the WSL

Meet the new guy: BASHware and its use in the WSL

Antecedents

In this blog we published last year, an interesting insight of the penguin’s OS in the field of proprietary software, specifically in Microsoft® Windows®. Redmond’s company had just finished its beta phase of “Windows Subsystem for Linux”® (WSL), and we asked ourselves: “Is there security in that environment? ”.
Our rhetorical question was answered at the Rootedcon 2018 Computer Security Congress, held in the city of Madrid in March where the Checkpoint team made a presentation on the subject.

Approach of the theoretical framework

Every time a work tool is added to any software, there will always be incidences -or “bugs“- that can even be analyzed to see if they can have sneaky intentions. Originally, Microsoft® clearly explained the limitations of the WSL: it was not for production (databases, web servers) nor did it support graphic programs. In short, it was just, as we say, an “amusement park” for programmers (both hackers and crackers). In the case of us hackers, this feature saves us a lot of time, since the scripts that we have written for GNU/Linux can be executed in that private environment, but always modifying the environment variables (in any case the work of adaptation is minimal, the unit “C:\” is mounted as “/mnt/C/user”.

In order to enable the “Windows Subsystem for Linux” – which, has nothing to do with the Linux kernel, since GNU utilities really run on the Windows® kernel – you need administrator rights and you need to restart the computer. Although this fact is comforting we must take into account the following: every day Windows 10® occupies every new computer, because it comes with that operating system preinstalled. Who guarantees us that it is disabled, by default? The latter approach is derived from point 15 of the GNU General Public License: “The entire risk of both the quality and performance of the program is at your own expense,” i.e. the final responsibility for our systems always rests on our shoulders.

We must clarify that The people from Microsoft have pronounced on the matter and have refuted that this is a vulnerability of Windows® and that they will not dedicate more time to the matter (nowadays, there are no news about it), but here at Pandora FMS it is our duty to analyze as many scenarios as possible and to provide the tools; Monitoring also includes future events. We’ll write from the point of view of how it might affect our systems.

Monitoring with Pandora FMS

Another very remote possibility, more direct because it is aimed at specific local or virtual networks, is that an actor who has control over some “Active Directory” orders the WSL enablement in hundreds or perhaps thousands of machines that connect to that domain (companies and complete branches). All antivirus programs and substitutes will not detect such changes because they are simply Microsoft® applications, legitimate and digitally signed, hence our responsibility to have knowledge of such an event.

This is when Pandora FMS and its flexibility can help us in our work: we publish an introduction to log monitoring (includes link to check the approach under Pandora FMS), as well as an article in which we explain the difference between filtering and selecting “syslogs” (that are generated even when we activate some Windows® feature), which are part of the common monitoring metrics in modern operating systems. That’s why the flexibility, we insist, is patent: we can configure Pandora FMS so that it informs if some characteristic is incorporated to some computer monitored by us.

This is used to suggest that antivirus applications start taking an “inventory” when they are installed and show a warning -or block it – of possible weaknesses. We also distinguish between what is already installed and the changes made: the first is the task of the antivirus, the second are events that can -and should- detect the monitoring tools.

Terminology: BASHware

“Malware” comes from the contraction of “malicious software” and as the first word comes from Latin malitiosus. But here’s our point: massifying the term “BASHware” with malignant denotation is incorrect, “malware” exists applied in different ways because the tools that we, the network administrators, migrate are entirely innocent. Now, if a person with malicious intentions develops scripts in BASH then we are talking about “badBASHware”.

Steps to use BASHware

Windows® has always integrated its own command line, but from Windows Vista® onwards it has a more powerful tool created to match the BASH/GNU features: Powershell®.

With this tool (Powershell®) we explain the next steps:

Enabling WSL in Windows 10®

Yes, WSL is only for Windows 10®, although in the last one we enabled the remote tools for a virtual machine with Windows 7®. Powershell is active by default, we run it with administrator rights and enter the following command (we must then restart the computer or simply wait for some other frequent Windows Update® task to do it):

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

It is also possible to enable it through a Windows terminal window:

dism /Online /Enable-Feature /All /FeatureName:Microsoft-Windows-Subsystem-Linux /NoRestart

WSL: enabling developer mode

The second thing we have to enable – and that makes the process we are proposing even more difficult – is the developer mode and making it permanent. This is accomplished by modifying (or adding) a key in the Windows® registry.

Warning: mishandling the Windows registry can lead to system corruption and even prevent system startup and even recovery. Please always test on disposable virtual machines.

In order to do this we use the command “New-Item“, to add the following key:

New-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -ItemType Directory -Force

and define its property with this one, a little longer:

New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock" -Name 
AllowDevelopmentWithoutDevLicense -PropertyType DWORD -Value 1

Since we must check if such a key exists before setting the property to a value other than zero, system administrators like to develop scripts to save us from repeating the task again and automating everything. In this link you will be able to read a complete script ahead of its time -year 2016- and the only objection it is that it doesn’t capture the response of the New-Item command and then register in the syslog the work done with its own function intended for that purpose, called Write-CMLogEntry. A hacker cares to record for the audit logs we mentioned in section 2.1, a cracker” is not aware of this as it boasts about not leaving a trace!

Choosing Favorite BASH

Not many to choose from, but Microsoft has behaved democratically by adding more GNU distributions in addition to Ubuntu, which is the default. To date there is support for:

  • openSUSE Leap
  • SUSE Linux Enterprise Server
  • Debian GNU/Linux
  • Kali Linux
  • Short-term: Fedora
  • And many more are on the way

The most logical thing is to write for Debian and its son, Ubuntu. In any case, if we want to know which we have available we introduce:

wslconfig /l

If Ubuntu is listed, without further delay:

wslconfig /setdefault Ubuntu

Or the one you need or want, changing the last word for one of the ones that appears in the list. We are already halfway towards achieving our BASHware test!

Configuring the default user

The goal here will be to guarantee the necessary privilege, another setback for the reason of the statements of the personnel of the software of the popular window; we execute it in a sale of Windows 10® commands:

  • Ubuntu: «ubuntu config –default-user root»
  • openSUSE Leap 42: «opensuse-42 –default-user root»
  • SUSE Linux Enterprise Server 12: «sles-12 –default-user root»

Needless to say that since we are here we will be able to create our users for different tasks, that is, each user will leave different registers according to the BASHware assigned to execute. With the famous command to add users:

sudo adduser new_user_name

The icing on the cake: syslog, the event logger, although preinstalled, is not enabled by default in WSL. That problem is still open on the Github page at the time of writing and that is out of our reach and it’s a good thing we always keep it in mind.

Installing Wine

We quickly explained that Wine is software that, installed on GNU/Linux, allows certain Windows® applications to run. This is where the very remote possibility presents itself: to be able to run programs beyond the reach of antivirus programs or Windows® itself. Precisely, monitoring takes care of keeping track of these situations, although the line separating the tasks of security and monitoring is extremely thin. To illustrate this point we will say that, by way of example, data is one thing and information is another: the latter is obtained from the former by means of a process or algorithm (monitoring); this information is converted back into data when requested by the personnel in charge of security.

To install Wine, if we choose Debian or Ubuntu:

apt-get install wine

We may well install a graphical system for WSL and run Wine but we don’t want to go that far; in Wikipedia there are instructions on how to do it.

Final recommendations

While this article is written from the point of view of a possible vulnerability, we have also focused on the antivirus defenses and the control mechanisms of the OS itself against possible malBASHware. Also remember at all times that Pandora FMS is always and will be a useful tool due to its flexibility, which we can adapt to our work and the personalized alarms we have created. We can add your possible results to the Integria IMS incident management software, since it has the ability to take hardware inventory, as well as to record and categorize the requests of your users in your technical support center. Ten, a hundred or even thousands of computers: both programs are capable of satisfying the demands of your work!

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Microsoft SQL Server can now be run on Linux GNU.

Microsoft SQL Server ® on Linux GNU is here to stay. Get ready

Introduction

On December 28, 2016 – feast of the Holy Innocents, that special day when Spanish speakers make jokes throughout the day – it was announced the acquisition of a “Platinum” type membership by the company Microsoft ® in the Linux Foundation and the launch of Microsoft SQL Server ®. We took this news very seriously since for us, English-speaking people, we have April Fools’ Day on April 1st, that special day when we joke around. And if we had any doubts, it was officially published in the blog of the Microsoft ® technical team, which included a funny figure which showed a “Microsoft Linux” (sic) sign along with a penguin.

We have been using computers since 1989 with the famous MS-DOS® (Mr. Linus Torvalds wasn’t even studying at university at that point) we are still trying to conceive the idea that Microsoft SQL Server ® can be run on Linux. But nowadays, this is an unavoidable reality and those days of antagonism with former CEO Steve Ballmer are long gone. He left office in 2014 and his successor Mr. Satya Nadella led the company and he developed one of the largest computer infrastructures on the cloud computing network with the product “Microsoft Azure®” (formerly known as “Windows Azure®”).

This “Windows Azure®” product stands out because of its software development kit or “SDK” which is published as open-source (which is different from the free software license in Linux). To this day, artificial intelligence is already being developed in “Microsoft Azure®”, which is now known as “machine learning”.

This brief introduction leads us to our article today: Microsoft SQL Server ® on Linux GNU.

Microsoft SQL Server ® on Microsoft Windows®

Okay, we don’t want to fool you and yes, we are going to talk about GNU/Linux but first we need to know the framework of that popular database engine. Microsoft SQL Server ® was born in 1989 to be run on … IBM OS/2, yes, I am not joking. At that time, it was the “Ashton-Tate” company with its flagship product dBase that caused large volumes of data to flow through the local area network because each customer took a copy of the database to each computer where it was running. That’s why Microsoft bought the SQL Server ® license from Sybase which worked with the client/server model through simple commands and returned limited amounts of data (almost all the work is done separately and remotely on the server). Ashton-Tate provided its customer market and dBase worked as an interface for the user, while Microsoft and Sybase handled the work on the server side.

After some time (in 1994) the version 6 of SQL Server ® appeared, which was also run on the recent Windows NT® and that version was no longer made by Sybase. From version 7.0 onwards, it was massively rewritten in C ++ language and as of 2000, when it was time for OS/2 to be discontinued, SQL Server ® remained only for the Windows NT ® operating system. Then in 2001 its successor Windows XP® inherits the Windows NT® technology – by the way, “NT” means “New Technology” – and it was able to reach common users and their small and medium enterprises: the efficient management of relational data was no longer for exclusive use for large corporations.

In 2005, a dilemma emerged: the rise of 64-bit and multi-core processors, as well as a large amount of RAM for which Microsoft SQL Server ® was not prepared to take full advantage of all this potential. In reaction to this, it is decided to make a platform layer to contain “SQLOS layer”. A SQLOS is a “highly configurable user-level operating system with a powerful application-programming interface.” (You can have a look at the official and detailed explanation here) We will soon see why it was a very good choice, since it completely separates programming from the workloads and threads on a computer, on which Microsoft® SQL Server ® is installed.

Microsoft SQL Server ® on Linux GNU

In the world of web servers, GNU/Linux distributions have been the leading ones for many years. Debian has the Ubuntu Server, used by many companies of different sizes, to publish their sites on the Internet. But for the databases there are quite a few programmers who have chosen Microsoft SQL Server ® and because of this, companies must acquire a Microsoft Windows® operating system, this way creating additional work in the management of the local area network due to a mixed environment.

This concern gradually surfaced among Microsoft® customers and so they told the Redmond-based company (in Washington, USA) which put them on the spot because they did not know how to carry the millions of lines of code, accumulated during all these years, to the environment of the operating system of the penguin. The answer to this problem was found in a project dating back to 2011 called Drawbridge®, which was originally intended for virtualization of applications in a secure environment (called “sandbox”).

It was then necessary to “isolate” Microsoft SQL Server ®. Programmers coded in a carefree way as they worked in a well-known environment, which dealt with the various existing hardware. Once the Drawbridge processes were well understood and adapted, the following parameters were established:

  • Quality and security must meet the same high bar we set for SQL Server ® on Windows
    Provide the same value, both in terms of functionality, performance, and scale
  • Application compatibility between SQL Server ® on Windows and Linux
  • Enable a continued fast pace of innovation in the SQL Server ® code base and make sure new features and fixes appear immediately across platforms
  • Put in place a foundation for future SQL Server suite services (such as Integration Services) to come to Linux

To make SQL Server ® support multiple platforms, the engineering task is essentially to remove or abstract away its dependencies on Microsoft Windows®, as we can see, it wasn’t easy for the developers, who were being pushed out of their comfort zone!

This is how they created “SQL Platform Abstraction Layer” (SQL PAL) that merges the concepts of “SQLOS layer” and Drawbridge®. From now on the development team can work with a single base code and they do not need to worry about where the code will run (this includes the new Microsoft Azure® platform we talked about earlier). As we can see, so far, everything has come to fruition and the projects and resources of the computer giant, which seemed scattered, are now part of a whole.

Installing Microsoft SQL Server ®

As St Thomas once said: “Seeing is believing” that is why we took a virtual machine with 4 gigabytes of RAM (the minimum requirement is 3.25 gigabytes). Then, we downloaded Ubuntu Server 16.04 through Torrent technology and after installing it and doing the required security updates (just because it is a test server, we shouldn’t loose our good work habits!) and then we decided to install Microsoft® SQL Server ® on this “clean” machine. (Jimmy Olano, writer of this article, has made a 23 minutes recording with the complete installation process, you can watch it on YouTube by clicking on this link)

Essentially the instructions are to import the Microsoft® enabled security keys of its website so that we can certify that the content downloaded from that company has not been altered. Then we will add the link of the location of the repository in our file made for this, and then we need to update the list of components and give the order to download and install the packages. In fact, in the Microsoft® blog, where the instructions are published, it talks about the use of the “-y” parameter in order to accept the license immediately. We recommend installing without this option, so that we are always aware that we are using exclusive software and that we must stick to the license shown in the following figure of our authorship (Creative Commons Attribution-Share Alike 4.0 International):

 microsoft sql server

Installing SQL Server ® command-line tools

Once we have installed our SQL Server ®, we must configure the “firewall” and establish the access policies to the computer which should be ready to start receiving data through other computers. But if we want to work directly on the console of our machine we must install the command-line tools with the command «sudo apt-get install mssql-tools unixodbc-dev» which, as expected, also contains questions for the acceptance – or denial – of accepting the conditions of use.
In our case, in that video we mentioned earlier, apart from installing the “command-line tools” we had the opportunity to create a database, as well as to create a table, and to introduce a few values ​​and to make a simple conditional query. But, we will not forget about this tool, which can offer a lot more.

Monitoring SQL Server ®

As a monitoring tool, the Microsoft® SQLCAT12 development team concluded that three tools are needed to monitor:

  • collectd.
  • InfluxDB.
  • Grafana.

We will focus on collectd and we will talk briefly about InfluxDB and Grafana.

“collectd”

This open source software is written in C language and is a daemon or service which we will install and run on the server where Microsoft® SQL Server ® is hosted. It is very popular in routers that use OpenWrt, which is a well-known Linux distribution specially designed for these devices, which also has more than 100 plugins, which makes it easier to configure popular Linux applications such as Apache and MySQL (When writing this article, we reviewed that list and we did not find a specific one for Microsoft® SQL Server ®, given the novelty of the arrival of this software in the GNU world.
In order to deliver the “collectd” data, you can either write them in RDD file format (“RDDfile”) so that they can then be plotted with RDDtool or they can be collected using a plugin.
Currently Pandora FMS does not have a plugin for collectd but it has no problem connecting via SNMP.

To install collectd we must have Git and Docker Engine installed and then create an account in Microsoft® SQL Server ® using the following instructions:

USE master;
GO
CREATE LOGIN [collectd] WITH PASSWORD = N'mystrongpassword';
GO
GRANT VIEW SERVER STATE TO [collectd];
GO
GRANT VIEW ANY DEFINITION TO [collectd];
GO

The latter is very important in order for collectd to have proper access to our database server. Microsoft® invites you to clone your repository in GiHub, where you can find some very detailed instructions and we can contribute with any observation, correction or we can collaborate with an improvement if we request a pull request.

“InfluxDB”

It is responsible for communicating with collectd and then it saves and organises the data collected.

“Grafana”

Software that produces stunning graphics and drawings that represent the data collected by InfluxDB. It is strongly recommended that both InfluxDB and Grafana be installed on another computer different from the one running Microsoft® SQL Server ® or even each one on their own machine if the amount of systems to be monitored is large enough.

Conclusions

Microsoft® made sure to make a good deal with its application SQL Server ®: the code will not be able to run away towards Linux and it avoids compromising its reliability. It also has a base code ready to be improved upon the arrival of new hardware or to cover other operating systems.

All trademarks named herein are accompanied by the “®” symbol and are owned by Microsoft® Corporation and comply with the proper use of such trademarks.

About Pandora FMS

Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

PowerShell 101: let’s get to know its use and main commands

PowerShell 101: an alternative to command line on Linux and Mac

The Command Line Interface (CLI) in Windows® exists and resists the passage of time, from those distant days of MS-DOS® to the current PowerShell 101. Let’s see the basic PowerShell.

When I went to college in the 1980s, proprietary software reigned. The old German computers with Unix® that printed our schedules were being replaced by “modern” personal computers. The Microsoft® software house – at that time – was tied to MS-DOS®, so we learned to use the commands: dir, cls, format for our floppy disks…

A little over a decade ago, back in Redmond they decided to dust off, modernize and empower the CLI. Born as Monad®, renamed PowerShell®, today we present you with the basic PowerShell or PowerShell 101.

powershell 101 1

Description: Basic Powershell – Logo
(Wikipedia https://commons.wikimedia.org/wiki/File:PowerShell_5.0_icon.png)

Basic PowerShell

The Linux operating system has been going on strong; there are many articles in Pandora FMS blog about it. Also in the monitoring of proprietary systems we are always present; Windows®, as its maximum exponent. And every time a new version comes out we’re there, testing and checking.

I think, because of this Linux thing, Microsoft decided to make a compilation of tools along with new concepts, as a counterpart to the GNU features that come with Linux. Considering that PowerShell Core exists since 2016 as open software (MIT license) but with Windows® proprietary components, now we have it available in Ubuntu, CentOS (the OS recommended for Pandora FMS) and macOS and even in another hardware architecture such as ARM.

Installing PowerShell Core at Linux

In Ubuntu we must install the package manager snap: with sudo apt install snap we will achieve our mission. Next we’ll run snap install powershell -classic

powershell 101 2

Description: snap install powershell – classic

First commands

Having launched with the command pwsh (in Windows® we should look for powershell.exe), we will have a terminal window, with “PS” of indicative (prompt) followed by the location of the directory. In both environments the aspect is very similar, so we will generalize from now on.

Then let’s put our memory into practice:

  • cls: “clears” the screen, leaving space to execute a new cycle of commands. It’s not necessary at all, but it’s similar to writing with chalk on a blackboard and erasing to begin to explain another subject.
  • dir -ad: to list directories only.
  • echo message: when we want to show specific text on the screen. This doesn’t seem to be useful, but when we integrate it in a script it is of tremendous utility to indicate the progress of some task or the result of the same one.

We won’t delay any longer with the old MS-DOS commands. In the twenty-first century, we would need to continue using such old technology, and in the process with those old programs that communicated or interacted with text strings (STDIN, STDOUT).

Basic Command-let in PowerShell 101

In the 21st century everything is more complex, they are years of accumulated experience. PowerShell 101 is not a simple tool like the one we use in Linux. For this tool there are command-let and its name is abbreviated as cmdlet. This means that the commands we tested are not really the ones we thought they were: they are aliases of the default cmdlet and this allows backward compatibility. Now, there’s more. Let’s analyse the case of the command date, used to remunerate the date.

Its real name is Get-Date and although it returns in a slightly different format the current date and time to that of the alias, basically both do the same thing. For monitoring tasks we need to deliver that value in a very specific format: this is when the cmdlets do their job in a totally different way.

powershell 101 3

Description: «Working with cmdlet with date and time variables»

With the cmdlet Get-Date we can:

  • Display the date of the computer.
  • Display it in a custom format.
  • Use methods; in this case we visualize what day number is the date May 20, 2019 (it is the 140th day of the year).
  • Save a date variable in a custom format.
  • Convert this variable to a text string and save it in a file.
  • Notice that we have used the pipe to communicate one cmdlet with another. The cmdlet you receive used to write to disk is called Add-Content. (Don’t you remember Linux?).
  • The reading counterpart is Get-Content and its alias is called… “cat”, just like the one used in Linux to list the contents of a text file!

Take a pause, check this before moving on to the next point.

Working with cmdlet

With all this as a base, we can stop thinking of basic Powershell as a tool and start evoking it as a toolbox. To do this we will use the Get-Command command:

Using it without any parameter will give us back a lot of tools; the ones we have installed in our computer.

If we inquire about a particular command, for example Get-Command Get-Date will return information about the command type, name, version and source (the library it belongs to). For Get-Date it will indicate that it is a cmdlet belonging to Microsoft.PowerShell.Utility and for Clear-Host (clear screen, cls) that it is simply a function. Entering an alias will return the original cmdlet or function.

If we don’t remember the name exactly we’ll use wildcards; for example, with Get-Command *date* we’ll get a list of all the commands that contain that string.

Help with basic Powershell

The help was also thought as a repository, since with the Get-Help command we can also download content to our computer:

  • Get-Help Get-Date: will show complete information about how to use Get-Date, its syntax, its aliases, etc.
  • Get-Help Get-Date -Online: will open an instance of our web browser and open the latest online information about the Get-Date command.
    To work offline, i.e. to save the updated help: Update-Help.

Using Get-Help, let’s learn about the commands Get-Location and Set-Location.

Let’s suppose we have to create a folder or a file; for this we will no longer use the command md or mkdir (the latter is written exactly the same in Linux) but we will use the New-Item command:

New-Item “path/name” -type directory

New-item Command.

“path/name” of the directory; quotation marks are required when interspersed.

Parameter -type and then what we have installed as provider: File, Directory, SymbolicLink, Junction or HardLink

Now let’s talk about providers: we can download the providers we need or we can create our own providers and associate them to the command. My imagination flies: we develop a program that acts as an FTP client and we offer it as a provider so we can sell it to anyone to integrate it into their PowerShell… but wait, there is more. If we do this in turn -if our license allows it- our client can add our FTP program as a library to their own projects. What do you think?

Note: PowerShell is also able to work via API and even security analysts have created their own PowerShell environments, some mixed with Python language… who don’t even need Microsoft executable files!

Pandora FMS and monitoring tasks

Pandora FMS flexibility allows us to use PowerShell to quickly access complex commands. For example, in Windows environment we need to know which patches are installed:

Get-CimInstance -ClassName Win32_QuickFixEngineering -ComputerName

We will be able to visualize the components with the Get-Member command, extract the contents and make our complement in Pandora FMS for PowerShell!

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

WHAT’S NEW Pandora FMS 756

What’s new in Pandora FMS latest release, Pandora FMS 755

Let’s check out together the features and improvements related to this new Pandora FMS release: Pandora FMS 756.

NEW FEATURES AND IMPROVEMENTS

Added new widget: Odometer for visual consoles

A new odometer widget has been added. It will have two types of operations, one if it is a percentage value and the other if it is an absolute value, where its maximum and minimum values will be taken as reference for its calculation.

New automatic adjustment option in visual consoles

A new option has been added so that when you add a visual console in full screen mode, its width automatically adjusts.

Mass operations on Service elements

The ability to mass create/edit/delete items has been added in Services in both Nodes and Metaconsole.

Inside the Metaconsole, the following have been added:

  • Wizard within services to be able to add/edit/delete several service elements at once.
  • Service list option for mass creating and deleting services.

Within Nodes, service mass creation and deletion has been implemented from mass operations, as well as the ability to add/edit/delete several service elements at once.

Metaconsole centralized mode: Command Center

In this version, we introduce a new Metaconsole component, the Command Center, which allows working in a unified way in nodes, in a much more agile and fail-safe way. Any changes to the system configuration will be propagated to the nodes automatically.

New Alert server

A new server has been added to Pandora FMS. The alert server will be in charge of processing and sending all the alerts, thus being able to free threads from the rest of the servers so as not to overload data processing while the alerts are launched in environments with many alerts. This server is optional and if it is not activated, the alerts continue to work as before.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

Why Hospital Cyber Protection Is a Hard Nut to Crack