Security News: Citrix Breach

If you haven’t heard, Citrix was breached through a compromised employee account due to password spraying.

Password spraying is an attack that that attempts to access a large number of accounts (usernames) with a few commonly used passwords. Traditional brute-force attacks attempt to gain unauthorized access to a single account by guessing the password.

The exploitation of weak passwords has become an increasing area of worry for all of us in the IT area where security is relevant. It’s been said that a compromised account was used to access and steal 6TB of sensitive data from email, file shares, and database applications.

At this point the question in your mind is or should be: What could have helped to prevented this?

My simple response is: Develop a policy of using and enforcing strong passwords, configuring proactive authentication monitoring to take the time to look for password spraying and please audit user passwords against common and aquired leaked password lists.

Citrix said it “still doesn’t know what specific data was stolen, but an initial investigation appears to show the attackers may have obtained business documents”.

While Citrix is moving as quickly as possible,  its a sad turn of events that companies are reactive only and measures to prevent such attacks are lacking.

Is this your company? Let’s hope not, because you can be next.

For more info from Citrix stop by their blog – https://www.citrix.com/blogs/2019/03/08/citrix-investigating-unauthorized-access-to-internal-network/

Techshort: What is microk8s?

microk8s is Kubernetes, installed locally! microk8s is designed to be a fast and lightweight upstream Kubernetes install isolated from your host but not via a virtual machine. This isolation is achieved by packaging all the upstream binaries for Kubernetes, Docker.io, iptables, and CNI in a single appliication container

What I have learned is that if you have been a user of Docker then
Kubernetes is a lightweight variant.

Installing microk8s is simple (on Ubuntu 18.04):
Here are some quick steps to get started:

sudo snap install microk8s --classic

Once installed confirm its running with the following:

microk8s.kubectl cluster-info

You can (I have) expose the management UI – Buddy of mine say’s I shouldn’t. Do this by enabling it with the following command:

microk8s.enable dns dashboard ingress

Then expose this vis the host with the following:

microk8s.kubectl proxy --accept-hosts=.* --address=0.0.0.0 &

Now you can get to the dashboard by using the host’s IP address or host name:

http://{ip_or_hostname}:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

Anyhow, more information can be located here: https://microk8s.io/docs/

Techshort: Difference between horizontal and vertical scaling

As system & application owners we encounter a point where we need to grow our environment, but the question that often occurs is in what way do we scale.

So let’s start with some defining methods of scaling today:

Horizontal scaling – where you scale by adding more machines (workers) into your pool of resources.

Vertical scaling – where you scale by adding more power (CPU, RAM, DISK) to an existing resource.

Use case:

Horizontal-scaling is easy as you can add more machines into the existing pool of resources, whereas vertical-scaling, on the contrary, may be limited to the capacity of a single machine. Scaling beyond that capacity results in downtime and comes with an upper limit.

Limitations:

I have been reading that hypervisors may pose limitations to the ability to scale as different hypervisors impose different limits on the number of resources that can be allocated

An example would be: VMware ESXi 6.7 – Limits such as: Each VM can support up to 128 virtual CPUs, 6.1 TB of memory, VM disk file sizes up to 62 TB and up to 10 virtual network interface controllers (NICs). Although there has been added support for things such as NVMe (virtual nonvolatile memory). The absolute limitations do present a scalability limitaiton.

Why are you thinking about this?

My recent work with Kubernetes & Docker has me looking at how they function from a resource level and I see the potential for them to surpass what I can do today with hypervisors alone.

ADPREP Error – Promoting Windows Server 2016 in 2008 R2 Forest/domain

When promoting a Windows Server 2016 to DC, adprep fails with an error that an attribute or value already exists. I am unsure if I caused this by attemping to add mutiple DC’s at the same time (race condition).

Error: The DN is CN=Send-As,CN=Extended-Rights,CN=Configuration,DC=.

The error logs were located: C:\Windows\debug\adprep\logs\

Entry DN: CN=Send-As,CN=Extended-Rights,CN=Configuration,DC=<domain>
changetype: modify
Attribute 0) appliesTo:7b8b558a-93a5-4af7-adca-c017e67f1057

Add error on entry starting on line 1: Attribute Or Value Exists

The server side error is: 0x2083 The specified value already exists.

The ADPrep log will point you to a ldif.err log which details the objects which are causing conflict and preventing this update.

Using ADSIEdit remove the conflicting GUID’s located under the Configuration

1: CN=Send-As,CN=Extended-Rights,CN=Configuration,DC=companywear,DC=local

2: CN=Receive-As,CN=Extended-Rights,CN=Configuration,DC=companywear,DC=local

3: CN=Personal-Information,CN=Extended-Rights,CN=Configuration,DC=companywear,DC=local

4: CN=Public-Information,CN=Extended-Rights,CN=Configuration,DC=companywear,DC=local

5: CN=Validated-SPN,CN=Extended-Rights,CN=Configuration,DC=companywear,DC=local

6: CN=Allowed-To-Authenticate,CN=Extended-Rights,CN=Configuration,DC=companywear,DC=local

7: CN=MS-TS-GatewayAccess,CN=Extended-Rights,CN=Configuration,DC=companywear,DC=local

Once removed rerun your domain controller promotion again

Installing Docker on Ubuntu 18.04

To start, make sure our system is up to date

Update your systems:
sudo apt-get update
sudo apt-get upgrade

Once the system is up to date, we install Docker followed by portainer which is a simple management solution for Docker. It consists of a web UI that allows you to easily manage your Docker containers, images, networks, etc.. For more info – https://portainer.readthedocs.io/en/stable/

sudo apt install docker.io
sudo systemctl enable docker
sudo systemctl start docker
sudo systemctl status docker

Once that is done, we are now ready to install the program portainer as our first docker container…. This will enable you to manage Docker

Create a disk for you portainer instance

sudo docker volume create portainer_data

sudo docker run -d \
–name=”portainer” \
–restart on-failure \
-p 9000:9000 \
-v /var/run/docker.sock:/var/run/docker.sock \
-v portainer_data:/data \
portainer/portainer

Now you should be able to connect to portainer…. To do this you navigate to http://IP.OF.HOST:9000

It will prompt you to create a username, once you do that, click on create user After that choose Local and then click on connect.

Done!