General Archives - Page 3 of 12

26. September 202028. September 2020

ExaGrid Time-Lock – Who’s (still) afraid of ransomware?

Introduction

Ransomware currently represents one of the most prominent threats to IT infrastructures. Reports of successful attacks are accumulating, the attacks are getting closer. More than 30% of all companies, institutes, universities or public authorities in Germany have already dealt with such attacks. In some cases, a ransom was paid to get access to their own data again.

Even with payment, success is never certain. After all, one negotiates with criminals. Authorities therefore advise against payment.

The essential protective measure against the consequences of such an attack is an up-to-date and consistent backup.

Ransomware vs. Backup

Unfortunately, attackers also know about the importance of backups. The currently circulating malware, such as Emotet or Ryuk, contain code that actively searches for backups on the net. Using previously obtained access data for Active Directory accounts or by attacking via RDP exploits or using the brand-new Zerologon exploit an attempt could be made to take over the systems that operate the data backup in the company or hold the backup data.

The automatic attack is often followed by hackers in the flesh who actively browse the net and try to destroy all backups. This is often an easy task, since backups today are preferably held on hard disk systems, permanently connected to the infrastructure.

The reason is obvious: If all backups are deleted or also encrypted, the compliance of the “customer” to pay his ransom increases by far.

Many approaches have therefore already been conceived to store the backup data out of reach of an attacker. A very simple and secure variant is an Air-Gap – a physical separation of the backup media from the system. For example, LTO tapes can be physically removed from the library.

Without this kind of time-consuming manual extraction – which would also have to be performed daily – the data remains latently vulnerable. It doesn’t matter whether it is stored on disk systems, dedup appliances, tapes in a library or even in an S3 cloud repository.

S3 cloud providers have therefore proposed an API extension called “Immutability” some time ago. With this, at least the backups in the cloud layer can be made immune to changes for a certain time.

Some of these solutions are natively supported by Veeam. Amazon AWS is one of them. Microsoft Azure is currently still missing. Furthermore S3 memory is not suitable for every application. A primary backup with Veeam on S3 is for example not directly possible. The S3 layer is only available as an extension of a scale-out backup repository.

13. June 202013. June 2020

VMware vExpert 2020 application (2nd round)

The VMware vExpert program is VMware’s global evangelism and advocacy program. The vExpert program was designed by VMware to reward community members for evangelizing VMware’s products and services. Each year the title vExpert is awarded to people who have contributed to the community in an outstanding way. That can be bloggers, book authors, public speakers, VMUG leaders, VMTN contributors, VCDX and other IT professionals who share their knowledge.

Application

Application opens twice a year. Currently the second half application is open from June 1st to June 25th.

Why to become a vExpert

Yes there are benefits (I will come back to that later), but that’s not the point. Being a vExpert is not about what to get, but what you can give. Many vExperts put a lot of their spare time into the community. Preparing a blog post, a VMUG presentation or organizing a VMUG meeting consumes a lot of time. For those community warriors is the vExpert program.

Since I’ve joined the vExpert program I made a lot of friends in the community. I also witnessed a very warm welcome as a newcomer by seasoned vExperts. To name just a few there was Ather Beg from Britain, Andreas Lesslhumer from Austria and Vladan Seget from Reunion Island.

15. May 202015. May 2020

VMUG GermanyVirtual Events 2020

Forced by the Corona Crisis we had to postpone our German VMUG UserCon 2020 to December 11th 2020. Meanwhile we’ll provide short bi-weekly virtual events. One hour, one speaker, one topic.

First speaker will be Niels Hagoort (VMware), co-author of Host Resources Deep Dive und Clustering Deep Dive.

May, 20th 2020 at 17:00 (CEST) – vSphere 7 What’s new mit Niels Hagoort (VMware)
June, 3rd 2020 at 17:00 (CEST) – vROps 8.1 Cloud mit Thomas Kopton (VMware)
June, 17th 2020 at 17:00 (CEST) – vSphere + Kubernetes mit Alexander Ullah (VMware)

You can join the Zoom session for free (VMUG registration required).

14. May 202014. May 2020

Elasticsky.de online again

On Monday night we’ve encountered massive problems on the blog ElasticSky.de. Page load was affected and visitors got an Internal Server Error 500.

We do apologize for the inconvenience.

Although it looked like an attack, the disturbance originated from a configuration issue that struck the website a couple of hours after the configuration change. Worse than that we’ve applied two changes which made troubleshooting even more difficult. The most likely suspect wasn’t the one that caused the problems.

Note to self: Careful with not-so-well known hosting functions! Do only change one parameter at a time. 😉