Category Archives: Security

First looks into Interplanetary File System

By | | , , , , , , , , , , , , , , ,
1 Comment

The cryptocurrency craze has elevated another strong candidate in recent months. Filecoin, is leading the voice of a decentralized Internet, the next generation Web 3.0. In this blog, I am not going to write much about the Filecoin frenzy but the underlying distributed file system that powers this phenomenon – The Interplanetary File System.

[ Note: This is still a very new area for me, and the rest of the content of this blog is still nascent and developing ]

Interplanetary File System

Tremulous Client-Server web architecture

The entire Internet architecture is almost client and server. Your clients like browsers, apps, connect to Web services served from a collection of servers. As Web 3.0 approaches (some say it is already here), the client-server model is no longer perceived as the Internet architecture of choice. Billions, and billions of users, applications, devices relying solely on a centralized service would lead to many impactful consequences, and the reasons for decentralization, away from the client-server architecture models of the Internet are cogent.

Continue reading

Setting up Nextcloud on FreeNAS Part 1

By | | , , , , , , , , , , , , , , ,
Leave a comment

I have started to enhance the work that I did last weekend with Nextcloud on FreeNAS™. I promised to share the innards of my work but first I have to set the right expectations for the readers. This blog is just a documentation of the early work I have been doing to get Nextcloud on FreeNAS™ off the ground quickly. Also there are far better blogs than mine on the Nextcloud topic.

Note:

Nextcloud 17 (latest version is version 21)

Continue reading

Encryption Key Management in TrueNAS

By | | , , , , , , ,
Leave a comment

iXsystems™ TrueNAS® has moved up a notch when it comes to encrypting data structures in the storage . In additional to supporting self encrypting disks (SEDs) and zpool encryption, version 12.0 added dataset and zvol encryption as well.

The world has become a dangerous place. The security hacks, the data leaks, the ransomware scourge have dominated the IT news in 2021, and we are only 3 months into the year. These cybersecurity threats are about to get worse and we have to be vigilant to deescalate the impacts of these threats. As such, TrueNAS® Enterprise has progressed forward to protect the data structures in its storage arrays, in addition to many other security features depicted below:

TrueNAS Multilayer Security

Key Management Interoperability Protocol (KMIP)

One of the prominent cybersecurity features in TrueNAS® Enterprise is KMIP support in version 12.0.

What is KMIP? KMIP is a client-server framework for encryption key management. It is a standard released in 2010 and governed by OASIS Open. OASIS stands for Organization for the Advancement of Structured Information Standards.

Continue reading

Relinquishing Freedom in our Digital Future

By | | , , , , , , , , ,
Leave a comment

There was a TV cartoon show I loved when I was a kid called “Wait till your Father gets home“. I was probably 5 or 6 then, but I can still remember the mother was practically nagging all the time of having the father to come back to deal with the problems and issues caused by the kids, and sometimes the dog.

This patriarchal mentality of having the male manning (yeah, it is not a gender neutral word) the household is also, unfortunately, mimicked in our societies, in general, being obedient and subservient to the government of the day. This is especially true in East Asian societies, .

While dissent of this mindset is sprouting in the younger generation of these societies, you can see the dichotomy of the older generation and the younger one in the recent protests in Thailand and the on-going one in Myanmar. The older generation is likely fearful of the consequences and there are strong inclinations to accept and subject their freedom to be ruled by the rulers of the day. It is almost like part of their psyche and DNA.

So when I read the article published by Data Storage Asean titled “Malaysians Optimistic on Giving the Government Increased Access to Personal Data for Better Services“, I was in two minds. Why are we giving away our Personal Data when we do not get a guarantee that the our privacy is protected?

Data Privacy should be in our own hands

Why are we giving away our freedom in new digital Malaysia when in history, we have not been truly protected of that freedom? 

Continue reading

Valuing the security value of NAS storage

By | | , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
1 Comment

Garmin paid, reportedly millions. Do you sleep well at night knowing that the scourge of ransomware is rampant and ever threatening your business. Is your storage safe enough or have you invested in a storage which was the economical (also to be known as cheap) to your pocket?

Garmin was hacked by ransomware

I have highlighted this before. NAS (Network Attached Storage) has become the goldmine for ransomware. And in the mire of this COVID-19 pandemic, the lackadaisical attitude of securing the NAS storage remains. Too often than not, end users and customers, especially in the small medium enterprises segment, continue to search for the most economical NAS storage to use in their business.

Is price the only factor?

Why do customers and end users like to look at the price? Is an economical capital outlay of a cheap NAS storage with 3-year hardware and shallow technical support that significant to appease the pocket gods? Some end users might decided to rent cloud file storage, Hotel California style until they counted the 3-year “rental” price.

Continue reading

Resilient Integrated Data Protection against Ransomware

By | | , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Leave a comment

Early in the year, I wrote about NAS systems being a high impact target for ransomware. I called NAS a goldmine for ransomware. This is still very true because NAS systems are the workhorses of many organizations. They serve files and folders and from it, the sharing and collaboration of Work.

Another common function for NAS systems is being a target for backups. In small medium organizations, backup software often direct their backups to a network drive in the network. Even for larger enterprise customers too, NAS is the common destination for backups.

Backup to NAS system

Typical NAS backup for small medium organizations.

Backup to Data Domain with NAS Protocols

Backup to Data Domain with NAS (NFS, CIFS) Protocols

Ransomware is obviously targeting the backup as another high impact target, with the potential to disrupt the rescue and the restoration of the work files and folders.

Continue reading

A Dialogue between 2 Drives

By | | , , , , , , , , , , , , , , , , , , , , , , , , , , ,
Leave a comment

I was talking to an end user who was slowly getting exposed to the cloud amid this Covid-19 pandemic. The whole work from home thingy was not new to him, but the scale of the practice suddenly escalated when more than 80 of his staff have to work from wherever they were stuck at during the past 6 weeks. Initially all of his staff had to alternate their folders and files access because their Sonicwall® Global Client license and SSL VPN Clients were inadequate. Even after their upgrade of the licenses, the performance of getting the folders and files through the Z: drive was poor and the network was chocked up. I told them that regardless, the SMB protocol of the NAS shared folders was chatty and generated a lot of network traffic on the VPN, along with the inadequacies of running this over the wide area Internet network. Staff productivity obviously nosedived.

We are now exploring putting their work in the cloud but maintaining a consistent synchronized set of folders and files at all times. Wasabi® Cloud has emerged the most attractive price/GB/month and no egress or API requests fees.

Combining 2 shared drives into one

NAS Drive talking to Cloud Drive like 2 buddies

Now here is a story of 2 Drives

The end user is not an IT savvy user. They were unfamiliar with Cloud Storage other than the free personal ones like Google Drive, or Dropbox. They have more than 200TB and I have introduced to them Wasabi® Cloud. They were very familiar with their Z:, their NAS Drive. I introduced to them the Cloud Drive.

NAS: Hey, how’s it going?

Cloud: Not bad. My boss and your boss are talking about bringing me and Wasabi® Cloud to join your gang. Hope you are OK with that.

Continue reading

NAS is the next Ransomware goldmine

By | | , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
2 Comments

I get an email like this almost every day:

It is from one of my FreeNAS customers daily security run logs, emailed to our support@katanalogic.com alias. It is attempting a brute force attack trying to crack the authentication barrier via the exposed SSH port.

Just days after the installation was completed months ago, a bot has been doing IP port scans on our system, and found the SSH port open. (We used it for remote support). It has been trying every since, and we have been observing the source IP addresses.

The new Ransomware attack vector

This is not surprising to me. Ransomware has become more sophisticated and more damaging than ever because the monetary returns from the ransomware are far more effective and lucrative than other cybersecurity threats so far. And the easiest preys are the weakest link in the People, Process and Technology chain. Phishing breaches through social engineering, emails are the most common attack vectors, but there are vhishing (via voicemail) and smshing (via SMS) out there too. Of course, we do not discount other attack vectors such as mal-advertising sites, or exploits and so on. Anything to deliver the ransomware payload.

The new attack vector via NAS (Network Attached Storage) and it is easy to understand why.

Continue reading

Perils of avoiding BC and DR

By | | , , , , , , , , , , ,
Leave a comment

News in recent months have been unfavourable, even to the point of poignancy. Maybe I didn’t have all the details to place my opinion, but it has appeared that these recent events have neglected the practice of  BC (business continuity) and DR (disaster recovery).

The recent bad news

The most recent is one close to home. The KLIA (Kuala Lumpur International Airport) and KLIA2 operations were disrupted quite significantly for 4 days due to “network switch” failure. I followed the news and comments quite intently in those bad days, and I did not see any single comment discussing about BC or DR. If BC and DR were present at the airports, the airport operations would have been restored within minutes or hours, not days. Investigations are still on-going to find out what really happened in the KLIA/KLIA2 incident.

Continue reading

Digital Transformation means Change in People

By | | , , , , , , , , , , , ,
Leave a comment

I wrote about Digital Transformation a few weeks ago. In the heart of it, People are the real key to the transformation of every organization. Following up what I described earlier, Change is the factor that People in every organization have to embrace.

Drowning and going blind

We are swarmed by technology. We are inundated with everything digital and we are attracted to the latest buzz and hype. In the sea of it all, these things have made us, the People reliant of technology. This reliance, this needy dependency, has made us complacent. We settle because the boring and mundane tasks have been taken away from us. Moreover, the constant firehose feeding our lives has created “digital drowning“, a situation I would like describe as gasping for a breather to think clearly. We are bogged by digital quagmire, blinded by what shiny things and we lose sight of the strategic focus.

We shrivel and we go back to what we think is our comfort zone.

Change is constant and uncomfortable

I once read that our known comfort zone is no longer our safety zone. That idea of everyone’s safety zone has been obliterated aeons ago. I love the following quote from Seth Godin, my absolute marketing guru.

No alt text provided for this image

As he rightly pointed out, “There is no ‘ever after’. There’s just the chaos of now“. We don’t arrive at a comfortable place after the change. There is no comfortable place or safety place for that matter … at all. The Digital Transformation or what ever Information Age we described our generation earlier, is constant change. We have to ride the hungry bear and we have to saddle the ferocious dragon at all times. We have to learn to ride the bucking bronco!

So, we learn. We change and change. Continue reading