I'm Tellin' ya now - Latest Comments

Re: About Mike

Stephan — Mon, 21 Jan 2019 03:46:58 -0000

Hi Mike,

i'am a big fan of the hardening guide/security hardening
guide in private and at work. Last year at VMworld EU i was very happy to see
you live, talking about TPM c:

At work we started shortly with VIC and while VIC was
spinng up new container VMs a saw in vROps that these VMs weren't sec.
hardening guide compliant.

So i was thinking that may be you could speak with these
guys from Sofia that they implement in VIC security hardenend compliant VMs AS
cVM's Kind regards, Stephan

Re: Announcing the vSphere 6.7 Update 1 Security Configuration Guide

tbenz9 — Fri, 02 Nov 2018 13:34:19 -0000

Excellent work! Thanks Mike, You're hard work makes our jobs easier.

Re: vSphere VM Encryption White Paper now available

Edwin Ma — Thu, 05 Apr 2018 07:02:31 -0000

VMware VM Encryption workload impact on CPU.

Based on "VMWARE vSPHERE VIRTUAL MACHINE ENCRYPTION PERFORMANCE" document. the VM encryption would impact CPU about 10%~50%. Generally, if we enable this feature on ESXi host. How much buffer of CPU we should reserve for VM encryption ?
BTW, besides AES-NI on BIOS, Are there some Hardware AES offload adapters we could select ?

Thank you for your feedback.

Edwin Ma
Orange Business Service (Singapore)

Re: Zero to Windows Domain Controller in 4 reboots!

Dennis Bray — Tue, 05 Aug 2014 15:02:00 -0000

Thanks! It is time for me to refresh my lab VMs to R2. I will definitely incorporate this into the approach.

Re: Zero to Windows Domain Controller in 4 reboots!

nickmarshall9 — Mon, 04 Aug 2014 16:08:52 -0000

Nice, we'll have to look into this for the upcoming AutoLab refresh.
I want to be able to create a more modular system and this will come in handy.

Re: Survey: What questions does the security guy ask all the time?

Jirah Cox — Mon, 16 Sep 2013 14:03:15 -0000

- Do hosts have lockdown mode enabled?
- Are hosts joined to AD?
- Are hosts using NTP and are they in sync?
- Which VMs are using VMware Tools time sync?

Re: Survey: What questions does the security guy ask all the time?

Rob — Fri, 13 Sep 2013 22:49:31 -0000

I had a nice post typed up and twitter ate it, so here's the short version - correlate and filter. I want to see a VM reboot event, be able to look and see that user X rebooted it through the OS (using Tools maybe?), and see What VC rights that user has if any, all in vCenter. Show me manual processes that skip automation, like a manual VM decommission rather than using the vCO workflows. I can get this stuff now, but there's a lot of looking in 2-5 places or sifting through results. This would bring true Single Pane of Glass management to vCenter.

Re: Survey: What questions does the security guy ask all the time?

Guest — Fri, 13 Sep 2013 19:00:49 -0000

My security officer wants to check some vmx entries to see if they exist on VMs as part of the hardening guide.

I would rather he didnt have to search through the vCenter Client to get this information and the other info which you listed most of above.

Re: Dude, that’s so Meta

vSketch — Thu, 11 Oct 2012 06:50:04 -0000

You threw 'security' in there as if it were a foregone conclusion. This type of metadata 'could' also lead to more identity theft, stalking, tracking, etc.... I think the only thing that could be worse would be if Google had a patent for this... who do you trust to handle your personal data more securely, pretentious hiptsers or Google?

Re: Software Defined Security

Chris Cicotte — Mon, 17 Sep 2012 22:33:07 -0000

Mike,
Great post. I wouldn't worry too much about the published APIs as they could be protected against unauthorized use and a DDoS attack. Also, I think the digitally signed meta data could also help with multi-tenacy. A service provider would add a customer identifier to the meta data or the customer would add the identifier if the worload was created onsite. You could even go so far as to think this could become a standard of some sort to allow for the ease of mobility between clouds.

Re: Software Defined Security

Shane Williford — Fri, 07 Sep 2012 08:57:22 -0000

Interesting line of thinking there Mike. Of course I'm all for security and compliance (who isn't) but curious as to the potential increased overhead your suggestion may bring. Would a change like you suggest be more of a barrier to vSphere Mgmt than is needed? I guess it all boils down to 1. how much security an org desires; 2. what amt of security an org requires, compliance/legally-wise; 3. addt'l admin overhead an org is willing to take on.

Again, I'm not against increased security (really :) ), but since I'm a 'visual' person would just like to see this in action.
Good write up!

(@coolsport00)

Re: Going Rogue- How did that data get in the cloud?

John Baker — Wed, 04 Jul 2012 06:02:53 -0000

I thought the Romulans were the first species the Federation found that did not need to de-cloak to fire weapons. Discuss!!

Good post. Very relevant.

Re: BTOGG – Google Glass and future security implications

Sketch — Fri, 29 Jun 2012 06:45:05 -0000

in order to stop people from 'forgetting' to turn off their visual streams, companies are going to have to start installing WiFi "jammers". While its illegal (in the US) to jam "cell" frequencies, I don't think its illegal to do so for WiFi signals after they're found - that's not to say someone can't stream over 3g or 4g... I'm thinking that future "security" will have to incorporate active signal scanning.

Re: About Mike

Mitch Pronschinske — Thu, 16 Feb 2012 15:28:33 -0000

Mike,

I was hoping you'd let me repost some of your blog content at DZone.com. Brian Gracely is in our Most Valuable Blogger program, and we've been happily reposting the Cloudcast for some time now. Let me know if you want to get some of your content out to the dev. community - I'm sure they'd appreciate it.

Best,

Eric Genesky
egenesky@dzone .com
Content Curator
DZone, Inc.

Re: A dinner with infamy

daniel shugrue — Thu, 29 Dec 2011 15:59:57 -0000

Great post, and fun to read after hearing about it over drinks in Herzilya. Must have been wild to meet Mitnick after all these years. Gotta say, tho, that I'm curious about your rush to forgive him. I mean I can see forgetting about it and having a good time, but has he actually turned is life around? Is he giving back to society? Having read "Ghost in the Wires" I'm not sure I read any real contrition or regret in his writing.

Re: A dinner with infamy

A. — Fri, 25 Nov 2011 20:04:01 -0000

Great history xD. I loved it, even retweeted the tweet mentioned....

Re: About Mike

Ronald Santocucci — Thu, 03 Nov 2011 22:40:02 -0000

Mike: Your dad was a great guy, along with Jimmy Kelly. I had a lot of laughs with John.

Re: A dinner with infamy

Guest — Tue, 06 Sep 2011 15:15:10 -0000

"It was almost 25 years ago and he has since paid his dues. It’s all good and I hold no grudge. Life is too short. There are plenty of people who have done things that landed them in jail and they have not turned their lives around and tried to give back to society like he has. So, he’s makes a living but it’s now an honest living."

Right, and that's why he is releasing his "official autobiography" only immediately after the agreement that all profits from a book would go to the victims of your crime had expired.