Report on Cybersecurity Black Market, by RAND and Juniper

Posted on 29 March 2014 by Admin

RAND has published an interesting report on the cybersecurity black market. This report “Markets for Cybercrime Tools and Stolen Data” was sponsored by Juniper . (direct link to pdf).

This report is good reading for any security professional, worth to have a look!

Some highlights from the report

The hacker market has emerged as a playground of financially driven, highly organized, and sophisticated groups.
Black markets are organized and run for the purpose of cybercrime; they deal in exploit kits, botnets, Distributed Denial of Service (DDoS), attack
services, and the fruits of crime (e.g., stolen credit card numbers, compromised hosts).

Gray markets, by our definition, are limited to the exchange of vulnerabilities and exploits, the dis-covery and development of which are not illegal per se (legitimate companies, for instance, often pay for information about vulnerabilities in their own products), but can nevertheless be troubling because they also complicate the life of system defenders.

RAND-blackmarket2014a

Products include both goods (hacking tools, digital assets) and services (as-a-service hacking, digital asset handling).

RAND-blackmarket2014b

The black market can be more profitable than the illegal drug trade: Links to end-users are more direct, and because worldwide distribution is accomplished electronically, the requirements are negligible.

RAND-blackmarket2014c

Links

Posted in Cloud Security, Cybersecurity, ICT Leadership and Management, Risk Management, Security Management, Security Threats, Security Training, Awareness and Reports | Comments Off on Report on Cybersecurity Black Market, by RAND and Juniper

OpenStack concepts via Ubuntu Cloud Live in VirtualBox

Posted on 2 March 2014 by Admin

Ubuntu Cloud Live image is mentioned at Ubuntu’s site and instructions are given on how to boot the system from USB. This image is nowadays a little outdated (based on Essex release). For more serious experiments, please use more up-to-date release of OpenStack.

However, the live image can work well for the first introduction to the OpenStack concepts like

  • Nova for computing
    • nova-api
    • nova-compute
    • nova-network
    • nova-volume
      • (this was not working on the live image)
  • Glance for Virtual Disk Images
  • Keystone for Identity and
  • Horizon for web gui (dashboard)

The good side of the live system is that it comes with Openstack software installed. The bad side is that it might be missing some linux components like Openssh server. Since it is a live image, the changes are not permanent. However when using the VirtualBox, one can use snapshots feature to save the work and to continue later. (For portable VirtualBox, see here).

Essex architecture

Essex-architecture

Step 1. Starting up the OpenStack in VirtualBox

  • Tip: When booting the VM, one can choose the keyboard layout (press Shift/Alt during boot, select F3 keymap)

After booting, additional instructions can be found in the GettingStarted.txt document (see figure below)

essex-001-booted

However, I did not get the clipboard working across the host and guest, and then it can be more convinient to install the ssh sever, and use putty for giving commands from the host.

sudo apt-get install openssh-server
essex-001-openssh

For the situations, where VirtualBox “Host only” networkig is used, one can use offline method to install the openssh-server and ssh-import-id packages.

In order to be able to login remotely, check the IP address and define a password for ubuntu user:
ifconfig eth0
sudo passwd ubuntu
essex-002-passwd

Login via putty
essex-003-putty

Configure and start the OpenStack, and add a test image called cirros:
nova-setup.sh
start-openstack.sh
glance -T cloudlive -I ubuntu -K ubuntu123 -N http://127.0.0.1:5000/v2.0/ add name=”cirros” is_public=true container_format=ovf disk_format=raw < /srv/cirros-0.3.0-x86_64-disk.img

(for this glance command above, please see the GettingStarted file for correct syntax and format)
essex-004-startingopenstack

Step 2. Login to Horizon (dashboard)

One can use the web browser inside the VirtualBox, or one can also login remotely (depending on VirtualBox configuration).

After login, in the project area, lauch instance by using the cirros image
essex-005-launchinstance

The running instance can be seen also in the admin area
essex-006-instancevisible

Step 3. Login into new Virtual Machine “cirros”

Using the IP address information (172.20.1.2) in the Horizon, one can login from Controller node (hostname ubuntu) into cirros
essex-007-logintoVM

Step 4. Setup Command line interface (CLI)

Before one can use CLI effectively, one need to define certain environment variables.

One get the configuration file via the GUI: Choose Settings link, then “OpenStack Credentials” tab, then “Download RC File” button.
essex-007-openrc

Give those commands in the ssh session before executing OpenStack CLI commands
export OS_AUTH_URL=http://192.168.0.35:5000/v2.0
export OS_TENANT_ID=53c9fc86a0fd4348be511ff000088e61
export OS_TENANT_NAME=cloudlive
export OS_USERNAME=ubuntu
export OS_PASSWORD= ubuntu123
(the http link above depends on your configuration)

For example, list the active servers (instances running)
nova list
and look content of nova-setup.sh
essex-008-novasetup

One can find the MySql userid and passwrd for nova, and one can see how to admin command nova-manage is used to create an internal network.

the second script start-openstack.sh shows that if virtualization is not supported then qemu is used instead of kvm (ie. command kvm-ok shows that virtualization is not supported). And how the keystone is configured before services are started.

Step 5. Create a VirtualBox snapshot

essex-008-createvirtualboxsnapshot3

Step 6. Play around

Test and try various linux and openstack commands! See the links below …

Links to Essex material

OpenStack (Essex) Videos

Open Stack Essex: Architecture and Demo Video (6 min)

OpenStack material

Additional

  • For more serious experiments, please use more up-to-date release of OpenStack. The Essex release is nowadays outdated.
  • Please note, that by using UNetbootin to create a bootable USB, one can include the persistance as well. (ie. when not using VirtualBox)
Posted in Cloud Computing, For Fun or Interest, ICT, ICT Training and Courses, Tests, Tips | Comments Off on OpenStack concepts via Ubuntu Cloud Live in VirtualBox

M2M/IoT Sector Map, by Beecham Research

Posted on 14 January 2014 by Admin

Beecham Research has created a very nice M2M Sector map. It has divided the industry into 9 service sectors.

Please see their site for the original (bigger) picture, it is downloadable here.

M2m-sectormap

Posted in ICT Business, ICT Leadership and Management, Internet of Things and M2M | Comments Off on M2M/IoT Sector Map, by Beecham Research

Global State of Information Security Survey, by PwC

Posted on 12 January 2014 by Admin

Global State of Information Security Survey by PwC is interesting reading. It contains several questions and answers from various fields of industry. Definitely worth to have a look.

GSISS1

GSISS2

Posted in ICT Leadership and Management, Risk Management, Security Management, Telecom Security | Comments Off on Global State of Information Security Survey, by PwC

Vtiger CRM, Tool for general Customer Relationship Management or for personal CRM use

Posted on 16 December 2013 by Admin

Vtiger CRM is a multiuser web-based Customer Relationship Management tool. Vtiger page at sourceforge describes it as follows:

Vtiger CRM enables sales, support, and marketing teams to organize and collaborate to measurably improve customer experiences and business outcomes. Vtiger CRM also includes email, inventory, project management, and other tools, providing a complete the business management suite.

It is possible to customize Vtiger, and that’s makes it atractive use case for Vtiger to use it as a Personal CRM, ie. for a consultant, professional or freelancer.

The figure below shows a typical Administrator’s view. Most frequently used functions are on the top menu bar, while the rest of the functions can be reached via “More” button.

VtigerCRM3-adminview

Main Features are related to Sales, Marketing and Support:

  • Calendar and Task Management
  • Email Marketing
  • Lead Management
  • Opportunity Management
  • Support Management

Other features:

  • Project Management
  • Inventory Management
  • Customer Portal
  • Document and File Management
  • Reporting

Links

Vtiger as Personal CRM

The figure below shows a customized menu bar and custom language together with the main use cases for personal CRM.

VtigerCRM4-customerview

Use cases for Personal CRM are:

  • Calendar and task management
  • Potentials
    • ie. Your plans to potentially achieve something
  • Programs
    • Your execution of plans as programs rather than as projects
  • HelpDesk
    • Support requests to you, ideally related to Program or Service Contract
  • Notes
    • Provides additional collections of information
    • Example:
      • Market Research notes can be created for Accounts, and stored in MarketResearch folder making it easy to find notes for particular account or view all notes by looking notes in the corresponding folder.

Tips

  • Language file “US_Custom” for the Personal CRM contains following changes to US language:
    • Opportunity -> Potential
    • Trouble Tickets -> HelpDesk
    • Documents -> Notes
    • Organization -> Account
    • Projects -> Programs
    • Language file installation: As admin, Import with Module Manager -> Custom -> Import
    • Language file for user: As user, choose a new language called “US Custom”, and click home icon to see the changes
  • Windows installation modifications
    • bind mysql to localhost only
      • In file “my.ini”, define line “bind-address = 127.0.0.1” under section “[vtigermysqld]”
    • bind apache to localhost only
      • In file “httpd.conf”, define line “Listen 127.0.0.1:8888”
    • For any issues related to running the apache and mysql service, please see start and stop scripts, startvTiger.bat and stopvTiger.bat
      • for example, in stopvTiger.bat only 1 shutdown command is needed for mysql, and running it twice might cause an error which can cause that the service is not automatically removed. One can fix this by skipping the second “mysqladmin shutdown” command just before the line “mysqld –remove vtigercrmMysql540”
Posted in Anvanced Tools, ICT Leadership and Management, Recommended Free Tools | Comments Off on Vtiger CRM, Tool for general Customer Relationship Management or for personal CRM use

Corruption Perceptions Index

Posted on 5 December 2013 by Admin

Transparency International has published the 2013 results for “Corruption Perceptions Index“.

Based on expert opinion, the index measures the perceived levels of public sector corruption in countries worldwide, scoring them from 0 (highly corrupt) to 100 (very clean).

CPI2013

Posted in ICT Leadership and Management, Security Management | Comments Off on Corruption Perceptions Index

Global Innovation Index

Posted on 5 December 2013 by Admin

There is an interesting effort to rank and compare countries on innovation. It is called Global Innovation Index (GII).

Link to WIPO’s GII pages.

The Global Innovation Index (GII) is a recognition of the key role that innovation serves as a driver of economic growth and prosperity. The GII is a valuable benchmarking tool to facilitate public-private dialogue, whereby policymakers, business leaders and other stakeholders can evaluate progress on a continual basis.

GII-2013A

GII Ranking list

GII-2013

Links:

Posted in ICT Leadership and Management, Innovation and new tech | Comments Off on Global Innovation Index