Blog

On December 3rd, the Texas Bankers Association (TBA), Independent Bankers Association of Texas (IBAT), and SWACHA hosted a cybersecurity event for banking executives, board members, and senior management called, “Executive Leadership of Cybersecurity (ELOC)”. At the conference, the Financial Services Information Sharing and Analysis Center (FS-ISAC) announced the availability of a free threat information sharing appliance that financial institutions can use to enter, store, and share threat information. The appliance is called Soltra Edge and the website says it “takes large amounts of complex threat information across communities, people and devices and analyzes, prioritizes, and routes it to users in real-time.” [more]

Here is some initial information:

• The appliance is a free download that is distributed as a virtual machine. It runs CentOS and is accessed via a web interface. Setup appears fairly simple, especially for a customer that is already running VMware. The database stores information using Structured Threat Information eXpression (STIX) and information can be shared by setting up feeds using the Trusted Automated eXchange of Indicator Information (TAXII) protocol.
• Making use of the appliance is not as easy as the setup. It is a brand new product that is trying to gain acceptance, so it is still under development and does not have all the features that they eventually want it to have.
  • The appliance is distributed with an empty database. The financial institution can load threat information using the web interface (manual data entry), import from a CSV file, import from a STIX file, or import from a TAXII feed.
  • Initially, most of community financial institutions will likely want to receive threat information from a TAXII feed rather than enter and store/share their own threat information. Each TAXII feed must be setup individually. Here are the ones we know about so far:
    • FS-ISAC has one available with a couple of caveats – 1) the financial institution will probably need to join FS-ISAC (for pricing information, visit https://www.fsisac.com/join) and 2) the last post on the Soltra forum indicated that this feed needs to be upgraded in order to work with Edge v.2. 
    • There is a free feed at hailataxii.com, but it is not yet clear who is providing the information or how useful it is.
  • So far, reporting seems VERY basic. Queries can be manually entered into the web interface, but that was the only reporting feature shown during a Soltra webinar. The Soltra forums have some discussion about integrating the appliance with some security information and event management (SIEM) systems such as Splunk, but that is still in development. Also, many community financial institutions do not currently have a SIEM system installed.
  • There are plans to import threat data directly from firewalls, IPS/IDS, etc., but that is also under development and reporting on that information would still be an issue.

Many of the print drivers today are only provided by Microsoft instead of the vendor’s website.  Setting up new printers with the add printer wizard will download drivers for whichever architecture the server is running (x64 or x86).  This can cause problems for clients on different architecture than the server when they try to connect to shared printers.  The client will say that a suitable driver could not be found. [more]

In order to add both types of print drivers to the print server to support all clients, use another dissimilar client and create local temporary printers using LPT1 port for each printer that needs drivers.  Make sure to click on the “Windows Update” button when you are adding the printer, and it will pull in a much larger list of printers to install.  Chances are the print driver you need will be listed.  Finish installing the printer locally.

After you have the 32 bit or 64 bit drivers you wish to add to the print server, browse to the print server (\\printserver) and right click the printer to select the properties.  On the sharing tab, click on the “Additional Drivers” button.  Check the box for the x86 or x64 drivers that you have already previously installed on the client you are connecting from and it should upload the drivers to the print server for all clients to use going forward.

After upgrading an iPhone and iPad to IOS 8, the iPad may “ring” every time a phone call is received on the iPhone for same id user account that is used on the iPad.  There is a setting in the FaceTime app that can be used to enable or disable this feature.  Go to Settings, FaceTime and turn on or off the “iPhone Cellular Calls”.  The description of feature “iPhone Cellular Calls” is “Use you iPhone cellular connection to make and receive calls when your iPhone is nearby and on Wi-Fi.”

User was unable to log into a PC, and user was getting error message that said, “The user profile service failed to logon. User profile cannot be loaded.”  Another user account also received same error message when trying to logon.  Admin user also received same error message when trying to logon. [more]Rebooting the system into Safe Mode with Networking and testing admin login did work. After a reboot, the same user was able to log into the PC without getting an error. 

The Event Viewer had the following event: 

Windows cannot copy file \\?\C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\SQM\iesqmdata_setup0.sqm to location \\?\C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\SQM\iesqmdata_setup0.sqm. This error may be caused by network problems or insufficient security rights. 

DETAIL - Access is denied. 

Resolution was to delete the iesqmdata_setup0.sqm file from the directory mentioned in the event log. After deleting the file, all users could log in successfully.

Users had intermittent connection problem to published applications when using Citrix NetScaler Access Gateway that provides access to a XenDesktop 7 site.  Citrix receiver would spin saying “connecting to server” and then time out.  The NetScaler was deployed prior to a recent subnet change.  Connections worked ok when the user session was assigned to a server in the bottom half of the new subnet.  If connection was assigned a server in the top half on the new subnet then no connection could be made.

It was determined that the subnet mask for the NetScaler was wrong. The subnet that contained the XenDesktop hosts was recently changed from a /24 to a /23 due to IP shortage.  The resolution to the problem was to update the subnet mask for the NetScaler.

Be aware this change needs to be made via command line on the console of the VPX.  Changing the subnet mask from GUI can break access to NetScaler web GUI.  The subnet mask change can require that you remove and add a route.

On October 6, 2014, ISACA launched the Cybersecurity Fundamentals Certificate.  The Cybersecurity Fundamentals Certificate is aligned with the Skills Framework for the Information Age (SFIA) and the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. [more] It tests for foundational cybersecurity knowledge in five areas:

1. Cybersecurity concepts
2. Cybersecurity architecture principles
3. Cybersecurity of networks, systems, applications and data
4. The security implications of emerging technology
5. Incident response

To see ISACA's press release visit http://www.isaca.org/About-ISACA/Press-room/News-Releases/2014/Pages/ISACA-Launches-New-Cybersecurity-Certificate.aspx

vCloud Director requires a certificate to be installed on the device that it uses for communication with the other VMware products as well as a certificate for the vCD website. The following steps can be used to install a wildcard certificate (call the certificate certificate.pfx). [more]

1. Convert pfx to pem: openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes
2. Obtain the private key from certificate.cer (cut and paste the private key to a new file, name it wildcard.key)
3. Use the following command to recreate the pfx and set alias (PKCS12 keystore): openssl pkcs12 -export -in certificate.cer -inkey wildcard.key -name http -passout pass:password -out http.pfx
4. Use the same certificate and key to create the consoleproxy pfx (PKCS12 keystore): openssl pkcs12 -export -in certificate.cer -inkey wildcard.key -name consoleproxy -passout pass:password -out consoleproxy.pfx
5. Import the 2 PKCS12 keystore into Java keystore using keytool:Import the root certificate to the same keystore:
   ./keytool -importkeystore -srckeystore http.pfx -srcstoretype PKCS12 -destkeystore CERTIFICATES.ks -deststoretype JCEKS -deststorepass password -srcalias http -destalias http -srcstorepass password
   ./keytool -importkeystore -srckeystore consoleproxy.pfx -srcstoretype PKCS12 -destkeystore CERTIFICATES.ks – deststoretype JCEKS -deststorepass password -srcalias consoleproxy -destalias consoleproxy -srcstorepass password
6. Import the root certificate to the same keystore:
   /keytool -importcert -alias root -file DigiCertHighAssuranceEVRootCA.crt -storetype JCEKS -keystore CERTIFICATES.ks -storepass password
7. Import the Intermediate certificate to the same keystore:
   ./keytool -importcert -alias intermediate -file DigiCertHighAssuranceCA-3.crt -storetype JCEKS -keystore CERTIFICATES.ks -storepass password
8. Verify the CERTIFICATES.ks keystore:
   ./keytool -list -keystore CERTIFICATES.ks -storetype JCEKS -storepass password
9. Provide the necessary permission:
   chown vcloud:vcloud /opt/vmware/vcloud-director/jre/bin/CERTIFICATES.ks
10. Stop the VCD service: service vmware-vcd stop
11. Run the configure command: /opt/vmware/vcloud-director/bin/configure
12. When prompted for the certificate, point to the following: /opt/vmware/vclouddirector/jre/bin/CERTIFICATES.ks
13. When prompted to start the cell, press y and Enter

Source: http://virtxpress.wordpress.com/2013/12/22/using-wildcard-certificates-in-vcloud-director/

When you look at a MAC address on a Cisco router or switch, it is displayed as 4 digits dot 4 digits dot 4 digits.  Windows displays them with dashes between each byte and Linux colons between each byte.  Many people edit mac addresses to change them to the Cisco format in order to paste them into a Cisco config.  You can just remove the dashes or paste with colons and Cisco devices will accept the MAC address; however, they will not take dashes as delimiters.