Archive for October, 2008

Last week Microsoft published Security Bulletin MS08-067. This bulletin describes a vulnerability in the Windows server service, affecting Windows 2000, XP, Vista, 2003 and 2008.

Microsoft have also released a corresponding “out-of-band” (i.e., not contained in the monthly batch of updates) update in the shape of KB958644. The update is available from Microsoft Update.

Novosco are actively encouraging all of our customers to deploy the update as soon as possible (on all Windows hosts - clients and servers). You can do so by visiting the Microsoft Update website or by deploying with Windows Server Update Services or some other 3rd party deployment tool.

But why all the fuss? Well, this particular vulnerability is wormable - meaning that potentially (more on “potentially” later) the vulnerability can be exploited by a worm, i.e., self-replicating malicious code that seeks out vulnerable hosts and infects them from your laptop while you’re writing your blog post…

Talking about worms in this way takes me back to those bygone halcyon days when Windows anti-virus was “optional”, host based firewalls were unheard of and the only reason to use a firewall in the enterprise was to take advantage of its NAT capabilities and not fork out for expensive publicly routable IP addresses for your network. It was also the time before we had all deployed WSUS or some other automatic update solution. Right?

Wrong! Even though we now have written policies defining that laptops must have host-based firewalls and AV, and we have fancy UTM devices at the network perimeter, all too often we still have the problem that updates are being ignored. Consider this situation: a user goes home with their company laptop (which hasn’t been updated in the last 8 months) and browses the web for a while from their home internet connection. Because Internet Explorer hasn’t been patched they get burned by some exploit which drops a Trojan containing code which in turn exploits the MS08-067 vulnerability. The user didn’t really do anything wrong, wasn’t an local administrator and knows nothing of the infection. Next day they plug their laptop into the corporate network and while they’re at the coffee machine ten minutes later they see the IT admins running past on their way to the server room as the “whole network’s down!!!!”.

Update mangement would have saved that company on two counts - the first by patching the user’s laptop. If it wasn’t vulnerable the malicious code wouldn’t have got onto it in the first place. The second; even if the laptop hadn’t been patched (say the user was off work for a while and got infected anyway) the servers would have been patched and wouldn’t have been vulnerable so no downtime would have occurred.

That example’s a bit simplified, certainly a layered security solution of best practices, AV and UTM would have helped. But I think it serves to get the message across - the fuss surrounding this update is symptomatic of a bigger problem.

Now I put “potentially” in bold above for a reason - there is no worm exploiting this vulnerability (that we know of, yet). Right now, there is however a recognisable trojan which is being used in targeted attacks. And, there’s publicly available exploit code in the wild which means you can bet that VXers are beavering away trying to develop a suitable worm. So you have a choice - patch now or don’t. You can choose not to and give me the old excuses about the risks of deploying patches (breaking applications etc) but that’s why Microsoft genuinely recommend that you test their updates with your applications and if you’re really that worried you should seriously think about a test environment, but if (maybe when) the worm hits and you get burned I’ll try not to say “I told you so”.

Remember folks - “Proactive patching is better than reactive repair”.

Posted in: Technology Tags: Microsoft, security, update

Left to right: Simon Hamilton - Technical Director, John Lennon - Sales Director, David Mulligan - Solution Architect

Novosco ranked 43^rd place in Ireland’s top 50 fastest growing technology companies

Belfast & Dublin,  29th October  2008 — Novosco, a leading provider of virtual infrastructure announced today that it has once again been awarded a ranking in the Deloitte Technology Fast 50 Awards, Ireland.  Ranked for the ninth consecutive year, Novosco is uniquely also one of only three companies to additionally receive a prestigious Fast 50 ‘Gold Standard Award’.

The Deloitte Technology Fast 50 Awards recognise and rank the fastest-growing technology companies in the Republic of Ireland and Northern Ireland.  Now in its ninth year, the programme allows innovative technology companies to demonstrate and receive recognition for growth strategies and successes.  This year, the Fast 50 ‘Gold Standard Awards’ have also been introduced to recognise companies that have successfully been ranked for seven or more years.

“Novosco is delighted to be ranked for the ninth time in the Deloitte Top 50 Technology Awards and is one of only three companies to achieve a ranking every year of the awards,” said Patrick McAliskey, Managing Director for Novosco.  “Through the use of innovative technology and strong vendor partnerships, Novosco is leading the industry in the concept of ‘infrastructure virtualisation’ and is positioned to transform the IT world for clients throughout the UK & Ireland”.

IT virtualisation is the act of isolating or unbinding one computing resource from others - from the data centre to the desktop.  It essentially lets one computer do the job of multiple computers, by sharing the resources of a single computer across multiple environments.  It offers organisations of all sizes great cost savings and efficiencies in reducing their carbon footprint.  With over 18 year’s virtualisation experience, Novosco has successfully assisted customers in implementing various aspects of virtualisation; from Server virtualisation right through to running virtual applications and desktops. The Awards which took place in the Guinness Storehouse, Dublin are based on percentage turnover over the past 5 years.  Novosco’s ranking is testament to the fact that turnover has grown substantially, with a customer acquisition growth rate of over 110% within both private and public sectors.

With the demand for Virtualisation technology forecasted to grow at a phenomenal rate, Novosco’s position as Ireland’s leading virtualisation expert is set to continue to go from strength to strength.

About Novosco

Novosco is one of Ireland’s leading providers of virtual IT infrastructure and services and is committed to assisting customers in the evaluation of all potential solutions, including the optimisation of current IT systems.  With established hardware/software vendor partnerships including Citrix, EMC, Microsoft and VMware, Novosco offers the highest level of accreditation in Ireland for Virtualisation solutions.  This approach enables Novosco to develop and deliver cost-effective solutions that are an asset to client’s businesses.  Novosco have provided solutions to a range of clients including government establishments and private sector organisations of all sizes.

For more information visit www.novosco.com

For more information on the final Technology Fast 50 ranking list visit www.fast50.ie.

Posted in: Press Releases Tags: awards, business, Novosco

Learn how to reduce your IT costs and increase performance at this free one-day Citrix Virtualisation Solutions Seminar, Dublin.

Are you excited about the power of VDI, but find the economics and performance lacking? Join us at Clontarf Castle to find out how Citrix is changing the way the world looks at end-to-end virtualisation.

Topics Covered

Citrix XenDesktop - Virtualising Windows-based desktops.
XenDesktop is the industry’s first complete Virtual Desktop Infrastructure (VDI) system - moving beyond the limitations of existing products to ensure the simple, secure and cost effective delivery of Windows desktops to any office worker.

Citrix XenApp - Delivering Windows-based applications.
This application delivery system automatically selects the best delivery method for the user, the application, and the location.

Citrix XenServer - Virtualising Windows-based servers.
The XenServer product line is an enterprise-class server solution for virtualising servers in the data centre as a flexible aggregated pool of computing and storage resources. XenServer combines comprehensive server virtualisation capabilities with unparalleled scalability, performance and ease-of-use.

Who Should Attend

All IT Decision Makers

When

From 09.30 to 16.30 on 16th October 2008

Where

Clontarf Castle, Dublin

Places are limited and allocated on a first come, first served basis - so register now, by clicking the following link, to ensure your free place. We look forward to seeing you there!

Posted in: Events Tags: Citrix, virtualisation