There is a newly disclosed code-execution vulnerability in VMware vCenter. VMware was quick to release a patch (within a day) and it can be found here.
The severity of this vulnerability as well as the fact that there are exploits available for both Windows and Linux servers, kicked off a flurry of mass scanning for vulnerable vCenter Servers.
Code execution, no authorization required
CVE-2021-21972 allows hacker with no authorization to upload files to vulnerable vCenter servers that are publicly accessible over port 443, researchers from security firm Tenable said. Successful exploits will result in hackers gaining unfettered remote code-execution privileges in the underlying operating system. The vulnerability stems from a lack of authentication in the vRealize Operations plugin, which is installed by default.
The flaw has received a severity score of 9.8 out of 10.0 on the Common Vulnerability Scoring System Version 3.0. Mikhail Klyuchnikov, the Positive Technologies researcher who discovered the vulnerability and privately reported it to VMware, compared the risk posed by CVE-2021-21972 to that of CVE-2019-19781, a critical vulnerability in the Citrix Application Delivery Controller
The management stresses that are pressed upon small business owners during this time of crisis are many fold. How do you keep your business afloat during the crisis that diminishes your ability to react, with your staff either working from home, or limited in their ability to interact with each other and customers.
Companies need to rethink their operating model based on how their staff work best, including operations and IT. I know this is old news, but the push to digital tech is accelerating and the skill sets necessary to maintain, plan and grow as well as maintain appropriate security are becoming more and more difficult for small companies that don’t have the resources to employee multiple IT staff and keep their skills up to date.
This provides a new opportunity to review the benefits of a managed IT provider – providing a bench of skilled technology staff as well as a standardized approach to hardware, software management and security for both the endpoints and the overall company.
If you are unfamiliar with the managed IT business model, here is a quick overview: Managed IT services is a subscription based model, usually scoped around the number of devices, with pricing driven by consumption, monitoring, backups and security. This model helps in several ways, but primarily it aligns the cost structure to drive positive proactive maintenance of both infrastructure as well as planning for future growth and expansion to minimize risk. Risk management is something that every business understands. The Managed IT provider assumes and manages much of the risk for the company it serves by applying standardized methodologies to your infrastructure and software systems.
Some questions to ask yourself to determine if your company is ready for a managed IT solution:
- Do you have sufficiently trained staff or time to formally deal with proper maintenance, updates and repairs/replacement?
- Did your IT team achieve its goals last year, or were they hampered by lack of time, skills or support?
- Did your organization have too many outages or downtime?
- Did you lose data due to lack of a proper disaster recovery plan, malware or ransomware?
- Were you able to quickly pivot to a remote workforce and have the tools necessary to maintain and support that workforce?
These are all areas that a managed IT solution provider can help your business cope with the stresses and changes happening in the IT requirements due to Covid.
I recommend you reach out to your local providers and get a better understanding on how managed IT can help your business survive and thrive during these trying times.
Many times, we have been contacted by companies that want us to ‘replace our hyper-visor infrastructure’ or ‘update our server infrastructure’ because of perceived issues in performance or user experience. Unfortunately, by bypassing the critical step of a full network and infrastructure assessment, companies miss out on identifying the root cause of security issues and network performance.
Do you know all your infrastructure assets and what bandwidth they are using?
What are the critical infrastructure is not longer under warranty or service support?
How much traffic is traversing your branch office internet connection?
Network and infrastructure assessments are not a one time and done process. Having fresh insight on your network and potential bottlenecks and security issues brings a piece of mind to any IT Manager, CIO and CSO.
Having our team identify and rank your organization’s pain points gives you the tools to apply budget appropriately and meet the growing demand of your companies IT needs.
A recent article in the NY Times, highlighted the fact that we have moved away from our phones as the primary mode of interacting with content on the internet, as we sheltered at home. In addition, there has been a huge increase in the use of video chat, including Zoom, Google Classroom and Microsoft Teams, as we look at ways to perform the face to face interactions that we took for granted, in our day to day lives and work environments.
Working from home has changed many company’s employee interactions with high reliance on the tools that allow them to do their jobs, while still being home to take care of children who are also remotely learning. As a Managed Service Provider, we have been hard pressed to assist our clients in expanding the availability of remote access to critical software tools, stuck at their corporate offices and co-location facilities. Companies that readily integrated cloud services, such as Office 365, Google Suite and Egnyte have fared better and been more easily able to transition to this difficult, distributed work force.
If your company has not thought about how they are going to support their home-workers, it is a good time to evaluate the services of a good Managed Service Provider that can help you create a strategic plan to provide services, maintain and support your remote teams. The home environment adds other security issues as well, with unknown firewalls, wifi and IOT devices with potential access to your company’s data.
If your company is in search of good advice, we’re here to help in the San Francisco Bay Area as well as the Anchorage Metro.
Like many other industries, hospitality is undergoing a digital transformation. Guest WiFi access has gone from being an amenity–and something that would simply enhance the guest experience–to being just one of many services that are critical to meeting guests’ needs. Today, properties are swarming with devices, having grown more than 3X since 2012 to an average of 3.5 devices per room. Today, Cisco Meraki is announcing an expansion to our wireless and switch portfolio and solutions designed specifically for the hospitality industry, as well as new products applicable to the broader market.
In hospitality, it’s not enough to simply support the increased device density. Properties must differentiate by developing services such as rapid, personalized check-in, location-assisted experiences, and increased guest attentiveness. WiFi in particular, and the network in general, provide the critical backbone to innovate and deliver these services.
The new Meraki MR30H simplifies wireless for hotels, dorms, and multi–dwelling units. 802.11ac Wave 2 technology delivers robust wireless access in challenging RF environments, and its small form-factor with integrated four port gigabit Ethernet switch enables deployments in a range of environments without the need to deploy an additional tabletop Ethernet switch. Additionally, integrated location analytics deliver insights into client behavior such as foot traffic, dwell time, and repeat visit rates, and Bluetooth low energy (BLE) powers advanced location applications such as those leveraging beacons.
Along with the MR30H, we are introducing the MR33, an 802.11ac Wave 2 2×2 MIMO access point. It’s similar to the MR32 (including built-in location analytics and Bluetooth low energy), but in a smaller form factor and at a lower price.
Meraki is also announcing a major expansion of our switch portfolio, with the introduction of the MS225 and MS250 families. Available in 24-port and 48-port models, both families support physical and virtual stacking, PoE+, and feature 10 GbE SFP+ uplinks. Both are fully compatible with previous generation Meraki switch families, and additionally the MS250 supports the same layer 3 routing technology featured in the Meraki MS350 line. Naturally, these new switches are ideal to support the increased device density seen in hospitality and many other industries.
All of these new products are available to order today. If you’re curious to learn more about them, register for a wireless webinar or switch webinar and see what they’re all about!
Pablo Estrada – December 6, 2016
Original blog post here: http://blogs.cisco.com/wireless/meraki-new-solutions-hospitality
The transition from wired to wireless networks is happening across the business world, especially as the technology underpinning wireless advances. Besides the convenience factor, wireless is also increasingly preferred over wired networks due to the security benefits available through proper implementation. However, many IT departments and companies are unfamiliar with the security advantages of wireless, especially given its shaky reputation in the past. Here is what you need to know about the wireless of today and how it stacks up against wired networks.
Many of today’s sleekest, most sophisticated data centers have the humblest of beginnings. Whether you are upgrading your existing facility, building a new one, or considering outsourcing your data center to one of the growing number of hardened hosting facilities, here are five things to think about while preparing for the future.
Software-Defined Networking, or SDN, has, in the last few years, experienced a meteoric rise to prevalence. Read more