Protecting Against Malicious Code

This post was originally published on this site

Original release date: September 28, 2018 | Last revised: April 11, 2019

What is malicious code?

Malicious code is unwanted files or programs that can cause harm to a computer or compromise data stored on a computer. Various classifications of malicious code include viruses, worms, and Trojan horses.

  • Viruses have the ability to damage or destroy files on a computer system and are spread by sharing an already infected removable media, opening malicious email attachments, and visiting malicious web pages.
  • Worms are a type of virus that self-propagates from computer to computer. Its functionality is to use all of your computer’s resources, which can cause your computer to stop responding.
  • Trojan Horses are computer programs that are hiding a virus or a potentially damaging program. It is not uncommon that free software contains a Trojan horse making a user think they are using legitimate software, instead the program is performing malicious actions on your computer.
  • Malicious data files are non-executable files—such as a Microsoft Word document, an Adobe PDF, a ZIP file, or an image file—that exploits weaknesses in the software program used to open it. Attackers frequently use malicious data files to install malware on a victim’s system, commonly distributing the files via email, social media, and websites.

How can you protect yourself against malicious code?

Following these security practices can help you reduce the risks associated with malicious code:

  • Install and maintain antivirus software. Antivirus software recognizes malware and protects your computer against it. Installing antivirus software from a reputable vendor is an important step in preventing and detecting infections. Always visit vendor sites directly rather than clicking on advertisements or email links. Because attackers are continually creating new viruses and other forms of malicious code, it is important to keep your antivirus software up-to-date.
  • Use caution with links and attachments. Take appropriate precautions when using email and web browsers to reduce the risk of an infection. Be wary of unsolicited email attachments and use caution when clicking on email links, even if they seem to come from people you know. (See Using Caution with Email Attachments for more information.)
  • Block pop-up advertisements. Pop-up blockers disable windows that could potentially contain malicious code. Most browsers have a free feature that can be enabled to block pop-up advertisements.
  • Use an account with limited permissions. When navigating the web, it’s a good security practice to use an account with limited permissions. If you do become infected, restricted permissions keep the malicious code from spreading and escalating to an administrative account.
  • Disable external media AutoRun and AutoPlay features. Disabling AutoRun and AutoPlay features prevents external media infected with malicious code from automatically running on your computer.
  • Change your passwords. If you believe your computer is infected, change your passwords. This includes any passwords for websites that may have been cached in your web browser. Create and use strong passwords, making them difficult for attackers to guess. (See Choosing and Protecting Passwords and Supplementing Passwords for more information.)
  • Keep software updated. Install software patches on your computer so attackers do not take advantage of known vulnerabilities. Consider enabling automatic updates, when available. (See Understanding Patches and Software Updates for more information.)
  • Back up data. Regularly back up your documents, photos, and important email messages to the cloud or to an external hard drive. In the event of an infection, your information will not be lost.
  • Install or enable a firewall. Firewalls can prevent some types of infection by blocking malicious traffic before it enters your computer. Some operating systems include a firewall; if the operating system you are using includes one, enable it. (See Understanding Firewalls for Home and Small Office Use for more information.)
  • Use anti-spyware tools. Spyware is a common virus source, but you can minimize infections by using a program that identifies and removes spyware. Most antivirus software includes an anti-spyware option; ensure you enable it.
  • Monitor accounts. Look for any unauthorized use of, or unusual activity on, your accounts—especially banking accounts. If you identify unauthorized or unusual activity, contact your account provider immediately.
  • Avoid using public Wi-Fi. Unsecured public Wi-Fi may allow an attacker to intercept your device’s network traffic and gain access to your personal information.

What do you need to know about antivirus software?

Antivirus software scans computer files and memory for patterns that indicate the possible presence of malicious code. You can perform antivirus scans automatically or manually.

  • Automatic scans – Most antivirus software can scan specific files or directories automatically. New virus information is added frequently, so it is a good idea to take advantage of this option.
  • Manual scans – If your antivirus software does not automatically scan new files, you should manually scan files and media you receive from an outside source before opening them, including email attachments, web downloads, CDs, DVDs, and USBs.

Although anti-virus software can be a powerful tool in helping protect your computer, it can sometimes induce problems by interfering with the performance of your computer. Too much antivirus software can affect your computer’s performance and the software’s effectiveness.

  • Investigate your options in advance. Research available antivirus and anti-spyware software to determine the best choice for you. Consider the amount of malicious code the software recognizes and how frequently the virus definitions are updated. Also, check for known compatibility issues with other software you may be running on your computer.
  • Limit the number of programs you install. Packages that incorporate both antivirus and anti-spyware capabilities together are now available. If you decide to choose separate programs, you only need one antivirus program and one anti-spyware program. Installing more programs increases your risk for problems.

There are many antivirus software program vendors, and deciding which one to choose can be confusing. Antivirus software programs all typically perform the same type of functions, so your decision may be based on recommendations, features, availability, or price. Regardless of which package you choose, installing any antivirus software will increase your level of protection.

How do you recover if you become a victim of malicious code?

Using antivirus software is the best way to defend your computer against malicious code. If you think your computer is infected, run your antivirus software program. Ideally, your antivirus program will identify any malicious code on your computer and quarantine them so they no longer affect your system. You should also consider these additional steps:

  • Minimize the damage. If you are at work and have access to an information technology (IT) department, contact them immediately. The sooner they can investigate and “clean” your computer, the less likely it is to cause additional damage to your computer—and other computers on the network. If you are on a home computer or laptop, disconnect your computer from the internet; this will prevent the attacker from accessing your system.
  • Remove the malicious code. If you have antivirus software installed on your computer, update the software and perform a manual scan of your entire system. If you do not have antivirus software, you can purchase it online or in a computer store. If the software cannot locate and remove the infection, you may need to reinstall your operating system, usually with a system restore disk. Note that reinstalling or restoring the operating system typically erases all of your files and any additional software that you have installed on your computer. After reinstalling the operating system and any other software, install all of the appropriate patches to fix known vulnerabilities.

Threats to your computer will continue to evolve. Although you cannot eliminate every hazard, by using caution, installing and using antivirus software, and following other simple security practices, you can significantly reduce your risk and strengthen your protection against malicious code.

Author: CISA

This product is provided subject to this Notification and this Privacy & Use policy.

Adding more cores to a VMClient : Feature ‘Hot-Pluggable virtual HW’ is not licensed with this edition

This post was originally published on this site

I am trying to add more cores to a VM client running on  the following HP Server and I am getting the following error:

 

Feature ‘Hot-Pluggable virtual HW’ is not licensed with this edition.

 

What do I need to purchase in order to add more cores?  The server has 1 CPU and 6 cores?

 

Product: VMware vSphere 6 Hypervisor Licensed for 1 physical CPUs (unlimited cores per CPU)
License Key: H129K-0UL9L-28Y88-XXXX-XXXX
Expires: Never

Product Features:
    Up to 8-way virtual SMP

 

Reconfiguration fails on standalone with vim.fault.NoPermission during registry access

This post was originally published on this site

The relevant fragment of the worker log appears to be as below.  What could this be caused by?  Is there a possible workaround / solution?

—————–

 

2018-09-13T23:46:00.234+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Starting system reconfiguration …

2018-09-13T23:46:00.234+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=Default] Using temp dir C:WINDOWSTEMPvmware-tempvmware-SYSTEMsysReconfig

2018-09-13T23:46:00.281+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] ReconfigurationTransaction: cached guest system volume

2018-09-13T23:46:00.281+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] ReconfigurationTransaction: cached guest system volume

2018-09-13T23:46:00.281+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] LocalPathToGuestSystemFolder: .vstor2-mntapi20-shared-8C73F4D0000010000000000005000000WINDOWS

2018-09-13T23:46:00.281+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] LocalUndoFolder: .vstor2-mntapi20-shared-8C73F4D0000010000000000005000000WINDOWS$Reconfig$

2018-09-13T23:46:00.828+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=Default] [LoadTempHive] Registry hive .vstor2-mntapi20-shared-8C73F4D0000010000000000005000000WINDOWSsystem32configSYSTEM is loaded under the name mntApi233162130830690227

2018-09-13T23:46:02.109+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=Default] [LoadTempHive] Registry hive .vstor2-mntapi20-shared-8C73F4D0000010000000000005000000WINDOWSsystem32configSOFTWARE is loaded under the name mntApi233646505830690227

2018-09-13T23:46:02.109+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Populating predefined expressions …

2018-09-13T23:46:02.109+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Processing user-defined expressions …

2018-09-13T23:46:02.109+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Evaluating registry expression, Key = CurrentControlSetServicesACPIValueName StartValueType 1 dataPattern 0

2018-09-13T23:46:02.109+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Evaluating registry expression, Key = MicrosoftWindows NTCurrentVersionValueName CurrentTypeValueType 0 dataPattern Multiprocessor.*

2018-09-13T23:46:02.125+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Evaluating registry expression, Key = CurrentControlSetControlCriticalDeviceDatabaseprimary_ide_channelValueName ServiceValueType 0 dataPattern atapi

2018-09-13T23:46:02.125+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Evaluating registry expression, Key = CurrentControlSetControlCriticalDeviceDatabasesecondary_ide_channelValueName ServiceValueType 0 dataPattern atapi

2018-09-13T23:46:02.125+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Applying reconfigurations …

2018-09-13T23:46:02.156+01:00 error vmware-converter-worker[05116] [Originator@6876 sub=task-3] Error 2 (opening key) saving registry key mntApi233162130830690227ControlSet001Servicesrhelfltr into .vstor2-mntapi20-shared-8C73F4D0000010000000000005000000WINDOWS$Reconfig$mntApi233162130830690227-ControlSet001-Services-rhelfltr-reg

2018-09-13T23:46:02.250+01:00 error vmware-converter-worker[05116] [Originator@6876 sub=task-3] Error 5 (error restoring key: Access is denied (5)) restoring registry key C:Program FilesVMwareVMware vCenter Converter StandalonedataSKUNKWORKS_FILLER into mntApi233162130830690227ControlSet001Servicesrhelfltr

2018-09-13T23:46:02.250+01:00 error vmware-converter-worker[05116] [Originator@6876 sub=task-3] Reconfiguration failed with: vim.fault.NoPermission

2018-09-13T23:46:02.250+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Rolling back the reconfiguration transaction…

2018-09-13T23:46:02.250+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Deleting pending files…

2018-09-13T23:46:02.250+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Writing the undo log …

2018-09-13T23:46:02.328+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=Default] Unloaded hive mntApi233646505830690227

2018-09-13T23:46:02.359+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=Default] Unloaded hive mntApi233162130830690227

2018-09-13T23:46:02.359+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=Default] Cleaning up temp directory C:WINDOWSTEMPvmware-tempvmware-SYSTEMsysReconfig …

2018-09-13T23:46:02.359+01:00 error vmware-converter-worker[05116] [Originator@6876 sub=task-3] TaskImpl has failed with MethodFault::Exception: converter.fault.ReconfigurationFault

2018-09-13T23:46:02.359+01:00 error vmware-converter-worker[05116] [Originator@6876 sub=Default] Task failed:

Announcing PowerShell Core 6.1

This post was originally published on this site

We’re proud to announce that the latest version of PowerShell has been released! This marks our second supported release of PowerShell Core, the open-source edition of PowerShell that works on Linux, macOS, and Windows!

By far, the biggest feature of this release is compatibility of built-in Windows modules with PowerShell Core. This means that you can natively run those modules/cmdlets with PowerShell Core and easily transition from Windows PowerShell.

Thanks to everyone that made this release possible, including our contributors, users, and anyone who filed issues and submitted feedback.

Just give me the bits!

For info on installing PowerShell Core 6.1, check out our installation docs.

What’s new?

We’ve released a slew of new features in 6.1, including:

  • Compatibility with 1900+ existing cmdlets in Windows 10 and Windows Server 2019
  • Built on top of .NET Core 2.1
  • Support for the latest versions of Windows, macOS, and Linux
    (see below)
  • Significant performance improvements
    • Markdown cmdlets
  • Experimental feature flags

For a more in-depth look at what’s included, take a look at our release notes, or for a complete list of changes, check out our CHANGELOG on GitHub.

Operating system support

You can always find an up-to-date list of support operating systems and PowerShell Core versions at https://aka.ms/pslifecycle.

On release, PowerShell Core 6.1 supports:

  • Windows 7/8.1/10
  • Windows Server 2008R2/2012/2012R2/2016 (and 2019 on release)
  • Windows Server Semi-Annual Channel (SAC)
  • macOS 10.12+
  • Ubuntu 14.04/16.04/18.04
  • Debian 8.7+/9
  • CentOS 7
  • Red Hat Enterprise Linux (RHEL) 7
  • OpenSUSE 42.3
  • Fedora 27/28

Platforms with unofficial “community” support also include:

  • Ubuntu 18.10
  • Arch Linux
  • Raspbian (ARM32)
  • Kali Linux
  • Alpine (experimental Docker image coming soon)

How can I provide feedback?

As always, you can file issues on GitHub to let us know about any features you’d like added or bugs that you encounter. Additionally, you can join us for the PowerShell Community Call on the 3rd Thursday of every month. The Community Call is a great opportunity to talk directly to the team, hear about the latest developments in PowerShell, and to voice your opinions into ongoing feature design.

Of course, we’re always looking for contributions that make PowerShell better. We love when our community helps out with code contributions, but you don’t have to be a rockstar developer to make a difference in PowerShell, as we’re also happy to accept test and documentation contributions as well.

Thanks, and enjoy PowerShell 6.1!

Joey Aiello
Program Manager, PowerShell

New Look and Features for PowerShell Gallery

This post was originally published on this site

The PowerShell Gallery and PowerShellGet have just been updated to provide new features, performance improvements, and a new modern design.  

NOTE: This post has important information for publishers in the “Accounts and publishing” section. 

PowerShell Gallery Home Page

PowerShell Gallery Home Page

The PowerShell Gallery is the place to find PowerShell code that is shared by the community, Microsoft, and other companies. The site has averaged over 21 million downloads per month for the past 6 months, and has more than 3,800 unique packages available for use. It’s amazing when we consider we were handling just under 4 million downloads in July 2017. We clearly needed to invest in the PowerShell Gallery to support that kind of growth.

We have been working for some time to improve the performance of the PowerShell Gallery. The result is now available to everyone, and includes new features, performance enhancements, security improvements to accounts and publishing keys, and better alignment with the NuGet.org codebase that we rely on for our service and cmdlets.

New features and performance enhancements

Most users should see an improvement in package download speeds from the PowerShell Gallery. The new release takes advantage of CDN to provide faster downloads, particularly for those outside the United States. This should be most noticeable when installing a module with many dependencies.  

The new updates include things users have requested for a long time, including:

  • A manual download option from the PowerShell Gallery. It cannot replace install-module / install-script, but does solve some specific issues for those with private repositories or older versions of PowerShell.
  • A change to Install-Module and Install-Script to simply install to the current user scope when not running in an elevated PowerShell session.

The new user experience is more than just a face-lift, as providing a modern UI also improves the performance. The PowerShell Gallery pages now display only the most critical information initially, and move the details to expanding sections in the UI. This makes the pages faster and easier for users to find the content they want to see.

Accounts and publishing improvements

The changes with the most immediate impact in this release are for publishers and users with PowerShell Gallery accounts.   

Most important: Publishers must update to PowerShellGet module version 1.6.8 or higher to publish to the PowerShell Gallery. Older versions of PowerShellGet are fine for find, save, install, and update functions, but not for publishing.    

The PowerShell Gallery implemented several security best practices:

  • New API keys you create will have an expiration that ranges from 1 to 365 days.
  • We will not show the value of an API key in the UI, and the value must be copied immediately after creating or regenerating it.
  • Multiple API keys can be created, and defined for specific uses – such as only being available to publish packages with specific names.
  • Your existing API key will still work, and will be listed as a “Full access API key”. However, you will not be able to view the current API key value or refresh it. If you lose the key value, you will need to create a new key that has an expiration date.

These changes are explained in more detail in the PowerShell Gallery documentation, and are the most significant changes included in this release.

Account management in the Powershell Gallery is also improved, and adds support for

  • Two factor authentication for accessing the PowerShell Gallery account. This is a security best practice and is highly recommended.
  • Changing the email address or login account associated with their PowerShell Gallery ID

You can find out more about the new Account settings features here.

Aligning with NuGet

The previous versions of PowerShell Gallery and PowerShellGet were based on older versions of NuGet. With this change we are aligning much more closely with the current state of the NuGet server and client. Many of the changes listed above – including the account and API key management – came directly from the NuGet updates. Another feature NuGet implemented is the ability to delete a package they have published accidentally, within the first hour after publishing.

 As we move closer to alignment with how NuGet.org works, we expect to provide new features that are available from the NuGet team.  Other changes we are considering that are available today at NuGet.org include support for namespaces and organizational accounts.

Let us know what you think

If you have any feedback on the changes we have made, or future changes we should consider, please do let us know. Visit https://aka.ms/PowerShellGalleryIssues to review what others are saying, or to let us know of other things we should be looking into.

 

ESXi 6.0 U3 installation stuck on enter root password page

This post was originally published on this site

HI while installing custom made ESXi 6.0 image into HP Proliant DL380 Gen 10 server, I am stuck on enter root password page.

 

My logical disk is show at remote section and not on local. I can still choose remote location and pressing enter takes me to set root password.

 

This is where I am stuck, I try to enter password to root section but as soon as I hit seven characters it says password mismatch, even though I have not enter password on confirm password section.

Pressing enter key dose not seem to work here but still can press back (F9) and ESC key.

 

Not sure what the problem is.

 

The custom image consist of ESXi 6.0.0 offline bundle and contains this driver VIB package from HP website found below:

Drivers & Software – HPE Support Center.

DSC Resource Kit Release September 2018

This post was originally published on this site

We just released the DSC Resource Kit!

This release includes updates to 11 DSC resource modules. In the past 6 weeks, 146 pull requests have been merged and 105 issues have been closed, all thanks to our amazing community!

The modules updated in this release are:

  • CertificateDsc
  • NetworkingDsc
  • SecurityPolicyDsc
  • SharePointDsc
  • SqlServerDsc
  • StorageDsc
  • xActiveDirectory
  • xDatabase
  • xExchange
  • xRemoteDesktopSessionHost
  • xWebAdministration

For a detailed list of the resource modules and fixes in this release, see the Included in this Release section below.

Our last community call for the DSC Resource Kit was on August 29. A recording of our updates will be available on YouTube soon. Join us for the next call at 12PM (Pacific time) on October 10 to ask questions and give feedback about your experience with the DSC Resource Kit.

The next DSC Resource Kit release will be going out one week later than usual on Wednesday, October 24, 2018. This will not shift any other dates, so the community call will still be on October 10, and the following release will be on November 28.

We strongly encourage you to update to the newest version of all modules using the PowerShell Gallery, and don’t forget to give us your feedback in the comments below, on GitHub, or on Twitter (@PowerShell_Team)!

Please see our documentation here for information on the support of these resource modules.

Included in this Release

You can see a detailed summary of all changes included in this release in the table below. For past release notes, go to the README.md or CHANGELOG.md file on the GitHub repository page for a specific module (see the How to Find DSC Resource Modules on GitHub section below for details on finding the GitHub page for a specific module).

Module Name Version Release Notes
CertificateDsc 4.2.0.0
  • Added a CODE_OF_CONDUCT.md with the same content as in the README.md – fixes Issue 139.
  • Refactored module folder structure to move resource to root folder of repository and remove test harness – fixes Issue 142.
  • Updated Examples to support deployment to PowerShell Gallery scripts.
  • Correct configuration names in Examples – fixes Issue 150.
  • Correct filename case of CertificateDsc.Common.psm1 – fixes Issue 149.
  • Remove exclusion of all tags in appveyor.yml, so all common tests can be run if opt-in.
  • PfxImport:
    • Added requirements to README.MD to specify cryptographic algorithm support – fixes Issue 153.
    • Changed Path parameter to be optional to fix error when ensuring certificate is absent and certificate file does not exist on disk – fixes Issue 136.
    • Removed ShouldProcess because it is not required by DSC Resources.
    • Minor style corrections.
    • Changed unit tests to be non-destructive.
    • Improved naming and description of example files.
    • Added localization string ID suffix for all strings.
  • Added .VSCode settings for applying DSC PSSA rules – fixes Issue 157.
NetworkingDsc 6.1.0.0
  • MSFT_Firewall:
    • Added full stop to end of MOF field descriptions.
    • Support for [, ] and * characters in the Name property added – fixes Issue 348.
    • Improved unit tests to meet style guidelines.
SecurityPolicyDsc 2.5.0.0
  • Added handler for null value in SecurityOption
  • Moved the helper module out from DSCResource folder to the Modules folder.
  • Fixed SecurityPolicyResourceHelper.Tests.ps1 so it possible to run the tests locally.
  • Fixed minor typos.
SharePointDsc 2.5.0.0
  • SPAppCatalog
    • Updated resource to retrieve the Farm account instead of requiring it to be specifically used
  • SPDatabaseAAG
    • Updated readme.md to specify that this resource also updates the database connection string
  • SPDiagnosticsProvider
    • Fixed issue where enabling providers did not work
  • SPFarm
    • Added ability to check and update CentralAdministrationPort
  • SPLogLevel
    • Added High as TraceLevel, which was not included yet
  • SPRemoteFarmTrust
    • Updated readme.md file to add a link that was lost during earlier updates
  • SPSearchServiceApp
    • Updated Set method to check if service application pool exists. Resource will throw an error if it does not exist
  • SPSearchTopology
    • Fixed issue where Get method threw an error when the specified service application didn’t exist yet
    • Fixed issue where the resource would fail is the FQDN was specified
  • SPShellAdmins
    • Added ExcludeDatabases parameter for AllDatabases
  • SPSite
    • Added ability to check and update QuotaTemplate, OwnerAlias and SecondaryOwnerAlias
  • SPSiteUrl
    • New resource to manage site collection urls for host named site collections
  • SPTrustedIdentityTokenIssuerProviderRealm
    • Fixed issue where Get method threw an error when the realm didn’t exist yet
  • SPUserProfileServiceApp
    • Fix for issue where an update conflict error was thrown when new service application was created
    • Added SiteNamingConflictResolution parameter to the resource
SqlServerDsc 12.0.0.0
  • Changes to SqlServerDatabaseMail
    • DisplayName is now properly treated as display name for the originating email address (issue 1200). Nick Reilingh (@NReilingh)
      • DisplayName property now defaults to email address instead of server name.
      • Minor improvements to documentation.
  • Changes to SqlAGDatabase
  • Changes to SqlDatabaseOwner
    • BREAKING CHANGE: Support multiple instances on the same node. The parameter InstanceName is now Key and cannot be omitted (issue 1197).
  • Changes to SqlSetup
    • Added new parameters to allow to define the startup types for the Sql Engine service, the Agent service, the Analysis service and the Integration Service. The new optional parameters are respectively SqlSvcStartupType, AgtSvcStartupType, AsSvcStartupType, IsSvcStartupType and RsSvcStartupType (issue 1165. Maxime Daniou (@mdaniou)
StorageDsc 4.1.0.0
  • Enabled PSSA rule violations to fail build – Fixes Issue 149.
  • Fixed markdown rule violations in CHANGELOG.MD.
  • Disk:
    • Corrected message strings.
    • Added message when partition resize required but AllowDestructive parameter is not enabled.
    • Fix error when Size not specified and AllowDestructive is $true and partition can be expanded – Fixes Issue 162.
    • Fix incorrect error displaying when newly created partition is not made Read/Write.
    • Change verbose messages to show warnings when a partition resize would have occured but the AllowDestructive flag is set to $false.
xActiveDirectory 2.21.0.0
xDatabase 1.9.0.0
  • xDatabase Test-TargetResource will now check DacPacVersion if DacPacPath parameter and DB exist. If the DacPacApplicationVersion is supplied and matches the deployed version we will return $true. (issue 41)
xExchange 1.23.0.0
  • Fixes issue with xExchMaintenanceMode on Exchange 2016 where the cluster does not get paused when going into maintenance mode. Also fixes issue where services fail to stop, start, pause, or resume.
  • Explicitly cast member types in Get-DscConfiguration return hashtables to align with the types defined in the resource schemas. Fixes an issue where Get-DscConfiguration fails to return a value.
  • xExchClientAccessServer: Fixes issue where AlternateServiceAccountConfiguration or RemoveAlternateServiceAccountCredentials parameters can”t be used at the same time as other optional parameters.
  • xExchInstall: Fixes issue where Test-TargetResource returns true if setup is running. Fixes issue where setup is not detected as having been successfully completed even if setup was successful. Adds initial set of unit tests for xExchInstall and related functions.
  • Remove VerbosePreference from function parameters and update all calls to changed functions.
  • Fixes multiple PSScriptAnalyzer issues. Specifically, fixes all instances of PSAvoidTrailingWhitespace, PSAvoidGlobalVars, PSAvoidUsingConvertToSecureStringWithPlainText, PSUseSingularNouns, and fixes many instances of PSUseDeclaredVarsMoreThanAssignments.
  • Add support for Exchange Server 2019 – Preview
xRemoteDesktopSessionHost 1.8.0.0
  • Changes to xRDSessionDeployment
    • Fixed issue where an initial deployment failed due to a convert to lowercase (issue 39).
    • Added unit tests to test Get, Test and Set results in this resource.
  • Change to xRDRemoteApp
    • Fixed issue where this resource ignored the CollectionName provided in the parameters (issue 41).
    • Changed key values in schema.mof to only Alias and CollectionName, DisplayName and FilePath are not key values.
    • Added Ensure property (Absent or Present) to enable removal of RemoteApps.
    • Added unit tests to test Get, Test and Set results in this resource.
xWebAdministration 2.2.0.0
  • Added new parameter “Location” to WebApplcationHandler extending functionality to address [392]
  • Changes to xWebAdministration
    • Update section header for WebApplicationHandler in README.
    • Fix tests for helper function Get-LocalizedData in Helper.Tests.ps1 that referenced the wrong path.
  • Remove duplication in MSFT_xWebsite.psm1. Krzysztof Morcinek (@kmorcinek)
  • Updates xIISMimeTypeMapping to add MIME type mapping for nested paths

How to Find Released DSC Resource Modules

To see a list of all released DSC Resource Kit modules, go to the PowerShell Gallery and display all modules tagged as DSCResourceKit. You can also enter a module’s name in the search box in the upper right corner of the PowerShell Gallery to find a specific module.

Of course, you can also always use PowerShellGet (available starting in WMF 5.0) to find modules with DSC Resources:

# To list all modules that tagged as DSCResourceKit
Find-Module -Tag DSCResourceKit 
# To list all DSC resources from all sources 
Find-DscResource

Please note only those modules released by the PowerShell Team are currently considered part of the ‘DSC Resource Kit’ regardless of the presence of the ‘DSC Resource Kit’ tag in the PowerShell Gallery.

To find a specific module, go directly to its URL on the PowerShell Gallery:
http://www.powershellgallery.com/packages/< module name >
For example:
http://www.powershellgallery.com/packages/xWebAdministration

How to Install DSC Resource Modules From the PowerShell Gallery

We recommend that you use PowerShellGet to install DSC resource modules:

Install-Module -Name < module name >

For example:

Install-Module -Name xWebAdministration

To update all previously installed modules at once, open an elevated PowerShell prompt and use this command:

Update-Module

After installing modules, you can discover all DSC resources available to your local system with this command:

Get-DscResource

How to Find DSC Resource Modules on GitHub

All resource modules in the DSC Resource Kit are available open-source on GitHub.
You can see the most recent state of a resource module by visiting its GitHub page at:
https://github.com/PowerShell/< module name >
For example, for the CertificateDsc module, go to:
https://github.com/PowerShell/CertificateDsc.

All DSC modules are also listed as submodules of the DscResources repository in the DscResources folder and the xDscResources folder.

How to Contribute

You are more than welcome to contribute to the development of the DSC Resource Kit! There are several different ways you can help. You can create new DSC resources or modules, add test automation, improve documentation, fix existing issues, or open new ones.
See our contributing guide for more info on how to become a DSC Resource Kit contributor.

If you would like to help, please take a look at the list of open issues for the DscResources repository.
You can also check issues for specific resource modules by going to:
https://github.com/PowerShell/< module name >/issues
For example:
https://github.com/PowerShell/xPSDesiredStateConfiguration/issues

Your help in developing the DSC Resource Kit is invaluable to us!

Questions, comments?

If you’re looking into using PowerShell DSC, have questions or issues with a current resource, or would like a new resource, let us know in the comments below, on Twitter (@PowerShell_Team), or by creating an issue on GitHub.

Katie Keim
Software Engineer
PowerShell DSC Team
@katiedsc (Twitter)
@kwirkykat (GitHub)

What is Malware

This post was originally published on this site

Malware is software–a computer program–used to perform malicious actions. In fact, the term malware is a combination of the words malicious and software. Cyber criminals install malware on your computers or devices to gain control over them or gain access to what they contain. Once installed, these attackers can use malware to spy on your online activities, steal your passwords and files, or use your system to attack others.

Securing Enterprise Wireless Networks

This post was originally published on this site

Original release date: September 4, 2018 | Last revised: September 28, 2018

What is enterprise network security?

Enterprise network security is the protection of a network that connects systems, mainframes, and devices―like smartphones and tablets―within an enterprise. Companies, universities, governments, and other entities use enterprise networks to help connect their users to information and people. As networks grow in size and complexity, security concerns also increase.

What security threats do enterprise wireless networks face?

Unlike wired networks, which have robust security tools—such as firewalls, intrusion prevention systems, content filters, and antivirus and anti-malware detection programs—wireless networks (also called Wi-Fi) provide wireless access points that can be susceptible to infiltration. Because they may lack the same protections as wired networks, wireless networks and devices can fall victim to a variety of attacks designed to gain access to an enterprise network. An attacker could gain access to an organization’s network through a wireless access point to conduct malicious activities—including packet sniffing, creating rouge access points, password theft, and man-in-the-middle attacks. These attacks could hinder network connectivity, slow processes, or even crash the organization’s system. (See Securing Wireless Networks for more information on threats to wireless networks.)

How can you minimize the risks to enterprise Wi-Fi networks?

Network security protocols have advanced to offset the constant evolution of attacks. Wi-Fi Protected Access 2 (WPA2) incorporates Advanced Encryption Standard (AES) and is the standard employed today to secure wireless enterprises. In June 2018, the Wi-Fi Alliance began certifying devices that support Wi-Fi Protected Access 3 (WPA3), which replaces WPA2. Users should employ the new standards as WPA3 devices become available. IT security professionals and network administrators should also consider these additional best practices to help safeguard their enterprise Wi-Fi networks:

  • Deploy a wireless intrusion detection system (WIDS) and a wireless intrusion prevention system (WIPS) on every network.
  • Ensure existing equipment is free from known vulnerabilities by updating all software in accordance with developer service pack issuance.
  • Use existing equipment that can be securely configured.
  • Ensure all equipment meets Federal Information Processing Standards (FIPS) 140-2 compliance for encryption.
  • Ensure compliance with the most current National Institute of Standards and Technology. (See Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i.)
  • Establish multifactor authentication for access to your network. If this is not possible, consider other secure authentication means beyond a single shared password, such as Active Directory service authentication or an alternative method (e.g., tokens) to create multifactor authentication into your network.
  • Use Extensible Authentication Protocol-Transport Layer Security certificate-based methods (or better) to secure the entire authentication transaction and communication.
  • Use Counter Mode Cipher Block Chaining Message Authentication Code Protocol, a form of AES encryption used by Wireless Application Protocol 2 (WAP) enterprise networks sparingly. If possible, use more complex encryption technologies that conform to FIPS 140-2 as they are developed and approved.
  • Implement a guest Wi-Fi network that is separate from the main network. Employ routers with multiple Service Set Identifiers (SSIDs) or engage other wireless isolation features to ensure that organizational information is not accessible to guest network traffic or by engaging other wireless isolation features.

What else can you do to secure your network?

Employing active WIDS/WIPS enables network administrators to create and enforce wireless security by monitoring, detecting, and mitigating potential risks. Both WIDS and WIPS will detect and automatically disconnect unauthorized devices. WIDS provides the ability to automatically monitor and detect the presence of any unauthorized, rogue access points, while WIPS deploys countermeasures to identified threats. Some common threats mitigated by WIPS are rogue access points, misconfigured access points, client misassociation, unauthorized association, man-in-the-middle attacks, ad-hoc networks, Media Access Control spoofing, honeypot/evil twin attacks, and denial-of-service attacks.

The following list includes best practices to secure WIDS/WIPS sensor networks. Administrators should tailor these practices based on  local considerations and applicable compliance requirements. For more in-depth guidance, see A Guide to Securing Networks for Wi-Fi (IEEE 802.11 Family).

  • Use a rogue detection process capability. This capability should detect Wi-Fi access via a rogue client or WAP, regardless of the authentication or encryption techniques used by the offending device (e.g., network address translation, encrypted, soft WAPs).
  • Set the WIDS/WIPS sensors to
    • detect 802.11a/b/g/n/ac devices connected to the wired or wireless network and
    • detect and block multiple WAPs from a single sensor device over multiple wireless channels.
  • Enforce a “no Wi-Fi” policy per subnet and across multiple subnets.
  • Provide minimal secure communications between sensor and server, and identify a specific minimum allowable Kbps―the system shall provide automatic classification of clients and WAPs based upon enterprise policy and governance.
  • Provide automated (event-triggered) and scheduled reporting that is customizable.
  • Segment reporting and administration based on enterprise requirements.
  • Produce event logs and live packet captures over the air and display these directly on analyst workstations.
  • Import site drawings for site planning and location tracking requirements.
  • Manually create simple building layouts with auto-scale capability within the application.
  • Place sensors and WAPs electronically on building maps to maintain accurate records of sensor placement and future locations.
  • Have at least four different levels of permissions allowing WIPS administrators to delegate specific view and administrator privileges to other administrators.
  • Meet all applicable standards and, if Federal Government, comply with the Federal Acquisition Regulation.

Author: NCCIC

This product is provided subject to this Notification and this Privacy & Use policy.