Packet Pushers Heavy Networking Podcast

Packet Pushers Heavy Networking Podcast

NEW Heavy Networking 624 Podcast: Solving Network Problems With NMIS

The latest Packet Pushers Heavy Networking 624 podcast is out, feat. IT Network experts Keith Sinclair, NMIS founder, joining Greg Ferro from Packet Pushers. They’ll discuss; 
  • NMIS capabilities for network management and monitoring
  • How to disaster proof your Network and operate at maximum efficiency
  • Latest Product features incl. Enterprise Service Monitoring
  • Future proofing your business with Operational Process Automation (OPA) against the great resignation
  • The NMIS product pipeline and how the market is changing
  • Real-world cases on how Opmantek’s solutions can save your team time & resources – Hear more below!

Book a Demo

Listen to the Podcast Now!


Podcast: (47.52 MB)


For all this and more, fill out the form and book in today.
FirstWave Extends and Expands Contract With Telstra

FirstWave Extends and Expands Contract With Telstra

FirstWave Cloud Technology Limited  (ASX: FCT) (FirstWave), the global cybersecurity technology company, announces the extension and expansion of its contract with key customer Telstra, Australia’s largest telecommunications company.

The contract has been extended for an additional two years with a further two-year option, and the scope has been expanded to include additional cybersecurity services provided through FirstWave’s CyberCision platform.

In FY21 approximately $6.5m revenue was generated from the Telstra agreement with over 95% being recurring revenues.

FirstWave CEO Danny Maher said ”We are pleased to deepen our longstanding relationship with Telstra, our largest customer. The expanded scope of our extended contract reflects Telstra’s increased focus on its cybersecurity offerings and confidence in FirstWave’s capabilities to provide its customers with best-in-class cybersecurity technology.”

Telstra CEO, Andy Penn recently noted the significant increase in malicious cyber activity Telstra has seen across its networks and the deteriorating threat environment being faced by its customers. We look forward to protecting more Telstra customers from cyberattacks and growing our revenues together with Telstra through the wider implementation of our CyberCision platform.

In addition to the extended agreement, FirstWave and Telstra have commenced a collaborative marketing campaign to strengthen the marketing and sales of the contracted products through Telstra’s sales teams and channels. The joint effort, led by FirstWave Chief Marketing Officer Ehsan Jahandarpour, is expected to deliver an enhanced customer experience for Telstra customers and increase revenues for both companies.

Following its recent restructure driven by the acquisition of Opmantek, FirstWave is prioritising Telstra as a key account and is focused on improving its sales enablement process with key account management to open significant new revenue streams.

Download the FirstWave ASX announcement here

 

Supplementary notice – Telstra Contract Renewal FirstWave Cloud Technology Limited (ASX: FCT)

 

 

(FirstWave), the global cybersecurity technology company wishes to provide further information about its extended and expanded contract with key customer Telstra.

Telstra has been a key client for FirstWave throughout FirstWave’s history. Revenues from the contract comprise of recurring fees to FirstWave from Telstra for administrative, support and infrastructure services of around $2m per annum with the remaining revenues being derived on a per-user fee for licensing and support from Telstra’s resale of FirstWave’s security services to Telstra’s end customers.

Telstra’s end customer contracts vary in length from one to five years and hence in some instances are longer than the current FirstWave / Telstra agreement. These contracts would survive termination generating future revenue and requiring continuing licensing and support even if the Telstra agreement was not renewed in the future and these contracts were still current.

Under the terms of the reseller agreement with Telstra, FirstWave retains exclusive rights to FirstWave’s intellectual property. This contract renewal also provided an opportunity to define and agree to additional new security products and services aligned with Telstra’s security product growth strategy.

Download the FirstWave ASX announcement here

Using Configuration Management to Detect Unwanted Software

Using Configuration Management to Detect Unwanted Software

The Log4j vulnerability is the latest cyber exploit, bringing a CVSS critical score of 10. It allows attackers to execute arbitrary Java code on remote computers, including accessing sensitive information. 

Only a year since the world addressed the SolarWinds supply chain attack, it’s another  confirmation that network professionals must adopt long-term risk-management strategies. 

Are Opmantek products affected? Opmantek does not release software written in Java or Log4J, nor do the projects we depend on directly utilize Java or Log4J. 

Leverage Configuration Data to Identify Risk

It can be difficult to identify if Log4j is being used, as it’s often bundled with other software. A configuration management system provides means to audit a resource configuration and inventory elements against a defined security policy.

Business Service Monitoring

Gather Configuration Data

Get data into the system through integration or direct collection

Business Service Monitoring

Extract Operational Information

Process the data to extract information about change and compliance

Business Service Monitoring

Gather Configuration Data

Get data into the system through integration or direct collection

Detecting Log4j on a Server with opConfig

Like any organization, our internal teams use a variety of third party software. In the case of the Log4J vulnerability, we needed to confirm if the library was installed on our servers, patch it, and ensure it wouldn’t then be installed in future. 

Between our product, development and test servers we had about 50 Linux servers to check, so we needed to find a quick, automated solution.

Detection

Unfortunately, the software does not use a Linux package manager, so we can not use RPM and APT commands.  There is a simple way to verify if the software was installed, look in / (root directory and all child directories) to see if there were any files containing the name log4j.

The Linux command we needed was:

  • sudo find / -name “*log4j*”

We wanted to run this command quickly and easily on 50 Linux servers.  A new command set was needed which we called “Linux_Log4j”. We created a new command set file for this and similar things called “Linux_Software_Installed.nmis”.

Linux_Software_Installed Command Set

Command sets in opConfig are stored in /usr/local/omk/conf/command_sets.d by default.  We copied an existing one and edited it to make it reflect what we needed. ​​This change could also be made in the GUI, editing an existing command set and adding a new command collection.  Most importantly, this needed to have os_info matching Linux only and we needed to change the two commands. In the most recent version of opConfig for NMIS9 these files are JSON.

To understand the contents it is quite straightforward, os_info means only run these commands when these os_info conditions are met.  Each of the command sections are simple and the tagging system is powerful:

  • privileged: means does this require elevated privileges to run, e.g. sudo access
  • command: the command you want to run, which is also how the data is saved into the system
  • exec: optional if you want to save the command as some other name, use the exec as the command which is actually executed and the command item will be the name of the command to run.
  • tags: HOURLY means this will automatically run every hour, Linux and operations are handy for finding the command, detect-change and report-change means that opConfig will monitor this command output for change and if a change is found raise an event. 

Linux_Software_Installed.json

The final command set looks like this:

{

   “Linux_Log4j” : {

      “commands” : [

         {

            “privileged” : “true”,

            “command” : “Log4jSearch”,

            “exec” : “sudo find / -name \”*log4j*\””,

            “tags” : [

               “HOURLY”,

               “Linux”,

               “operations”,

               “detect-change”,

               “report-change”

            ]

         }

      ],

      “scheduling_info” : {

         “run_commands_on_separate_connection” : “false”

      },

      “os_info” : {

         “os” : “/(Linux|CentOS|Ubuntu)/”

      }

   }

}

Running the Command Set

Because it is tagged with “HOURLY” the command set will run automatically every hour.  If you want to run it manually for testing, you run the following command:

sudo /usr/local/omk/bin/opconfig-cli.pl quiet=1 nodes=NODE-TO-TEST-WITH act=run_command_sets tags=HOURLY debug=true

Check for any errors, if all good, run manually for all nodes or wait an hour or so.

You may need to increase the timeout if you see the console lines as below.

[2021-12-22 03:58:48.21513] [23682] [warn] failed to make session privileged: read timed-out

[2021-12-22 03:58:48.21573] [23682] [warn] Failed to run command Log4jSearch: Could not make session privileged: read timed-out

[2021-12-22 03:58:48.21587] [23682] [warn] Command timed out – partial response was: “”

The /usr/local/omk/conf/opCommon.json file can be edited and the value for opconfig_command_timeout increased to a suitable number of seconds.

Running as Non-Privileged

You may not have (or want to use) the privileged user (using sudo). In this case, a more suitable exec string is below (and remember to set “privileged”: “false”).

“exec” : “find / -name \”*log4j*\” 2>/dev/null”,

Diagnose

Now we can go to the opConfig GUI and find the matching nodes.

Access the Commands Overview

From the opConfig menu, select “Views → Recent Commands” and you should see a screen which looks like below. 

First we can see how many instances of “Log4jSearch” we have collected.In the box enter “Log4jSearch” change the select to “Command” and click “Go”. You will have a list of nodes and the command name.  

Next, click on the “Advanced” button on the right.

Click on the Node Name to see the command output.

Here we can see this node has some possible files of concern.

Remediation

In this case remediation requires one of the operations team to install updated versions of Log4j or the packages from vendors using it. The Opmantek development team use Vagrant to automate this kind of activity and the issue was quickly resolved.

Conclusion

Using the Operational Process Automation methodology of detect, diagnose and act, Opmantek was able to identify which of our servers required change within 15 minutes.

Ready to see what opConfig can do for your organization?

Get in touch to speak with a network engineer. We’re a technically led team, so prepare for a conversation about solutions, not sales.

Or, get started straight away with a time-unlimited 20 node license.

Concerned with Log4Shell or Log4J Vulnerability?

Concerned with Log4Shell or Log4J Vulnerability?

Every Christmas for the last while we have been getting security alerts, last year we got the issues with Solarwinds and this year we got Log4Shell/Log4J CVE-2021-44228 with a CVSS score of 10 (the highest score).

 

Is the Log4Shell or Log4J vulnerability an issue for Opmantek?

No. Opmantek products do not use Java or Log4J, see more details here: Opmantek Products and Apache Log4J Vulnerability.

What is the Log4Shell Vulnerability? 

The Log4Shell is a zero-day vulnerability in Log4J, which allows attackers to execute arbitrary Java code on the remote computers, including accessing sensitive information.  The CVSS score is 10, the highest possible score.  You can read more details here: Log4Shell – Wikipedia.

 

What is Apache Log4J?

Apache Log4J is a popular library used by many products written in Java.  It provides a consistent way for applications to log messages including information, debug, errors, etc.  It has become the primary way Java applications do logging and is widely used.

 

How can Opmantek help you find computers that are using Log4J?

Log4J is a Java library which means that there are files installed onto the computer which Java loads when it runs the program.  You can search for these files using Linux commands and determine if the files exist on the server.

 

You can find a handy How-To guide here: Using opConfig to Detect Log4j on a server


The Log4Shell vulnerability is a serious one and should be treated as such.  Opmantek’s software is not vulnerable to Log4Shell, and if you are using Opmantek software you can use opConfig to assist you to find the computers which need to be patched.

 

How to stabilise & audit using network configuration and compliance monitoring

How to stabilise & audit using network configuration and compliance monitoring

What is Network Configuration and Compliance Monitoring

Network Configuration and Compliance Monitoring (or NCCM) is a system that works closely with all devices in a set network, transmitting and receiving data from a wide range of devices to ensure that everything is acting in a compliant manner. In addition to this, NCCM can ensure that your devices are configured correctly, and in the case that they are not, can schedule reconfigurations at a time that is convenient to the user.

Automating NCCM processes is often required because companies often have thousands of devices that cannot be handled manually, making the entire process far simpler and more accurate through automation. One example of an NCCM is Opmantek’s “NMIS”, a network management system designed to offer comprehensive information to network engineers to assist in the diagnosis and resolution of network problems.

Change detection and rectification

When dealing with a device configuration, there are relatively few commands that you need to be aware of to know exactly how it is set up. In theory, by remembering these and applying them to a new device, it should act identically to the previous one. When these configurations change and nobody is informed, however, it can become incredibly difficult to replace the device should it become faulty.

By implementing effective change detection, which discovers any configuration adjustments in a device, you can stay on top of all of your device configurations and replace them with ease. Additionally, you can receive alerts to let you know of every configuration change, and how many times the configuration has changed. This change detection can be used with products such as “opConfig”, which processes and records configuration changes across entire networks.

Device configuration changes

The configuration backups are all saved without restriction, so reverting to any previous configuration is incredibly simple. Your NCCM can keep hourly backups of your configuration settings, allowing you to revert a previous device, router or switch to a previous version when the device was working as intended. This will either resolve the issue or inform you that the issue is likely with the hardware in use (in which case you can simply install new hardware with the successful configuration in place).

Servers and network scanning

In addition to tracking the configuration of your devices, it’s also possible to use an NCCM as a performance tracking tool. By performing automated network management, the system is also taking in significant amounts of data, including the levels of packet loss within servers over a set period of time. This can help you in an audit to establish whether the performance of a particular server is degrading. If the performance declines, you can compare this data with configuration changes to ensure that your network is using the optimal settings, and resolve the issue without having to go through a more thorough investigation of your network. The data is already collected and ready to be analysed.

Try Opmantek’s products

If you’re interested in Opmantek’s range of products and would like to learn more, listen to Packet Pushers’ episode with Keith Sinclair, or contact us today. We are proud to offer effective solutions to IT departments, providing meaningful and actionable data to assist in the troubleshooting process.

Automation, is it just a buzzword?

Automation, is it just a buzzword?

When you hear Opmantek refer to ‘Automation’, it’s not just a buzzword – it’s kind of a big deal! But..what exactly is it, and why should you care? Let’s get to the nuts and bolts of it.

Robotic Process Automation (RPA) focuses on automating human processes and functional tasks.
Operational Process Automation (OPA) is the next evolution of RPA, which delivers specifically to IT and network operations teams and carries out advanced analysis and troubleshooting tasks.
So, whilst RPA focuses on only automating actions, OPA also integrates thinking and decision making.
When Opmantek talks about Automation, it’s OPA we’re referring to – It Detects, Diagnoses and Acts.

But “How does that help me?” I hear you ask…

The purpose of OPA is to get the right systems and workflows in place to:

  • Remove repetitive tasks from your workload
  • Predict faults before they arise
  • Remediate issues on your behalf
  • Assist you with maintenance tasks, and
  • Interpret complex data for you

In short, OPA serves to augment a network engineering or system administration role. That’s right, it’s the extra set of hands you didn’t know you had and allows you to give your tasks to machines.

Meet the new recruit

The good news is your newest team member doesn’t eat, sleep, or take time off! They complete tasks accurately and the same way each time, and like a human – learn and become more efficient as time goes on. The great news is they come experienced and will hit the ground running, but OPA can also be trained to take on more complex tasks that are specific to your network.

OPA’s Resumé

Let’s look at some of OPA’s experience working in real organizations.

Telecommunications Carrier – USA

In a Network Operations Center (NOC) environment: the team gets an alert, does some diagnosis and if they deem the problem can’t be fixed remotely, a field service team member is sent out to resolve the fault.
During recent snowstorms, field service calls were extremely high and they were finding over 50% to be false reports. That’s right, real-world field services team members were being sent into the snow to fix faults that didn’t exist.

OPA came onboard to handle alerts and find the source of problems. Event storms were brought to zero, deduplication was no longer a problem and only real events were pushed to the human team. Consequently, field service calls were reduced and the network was brought back to normal in half the time.

Energy Company – USA

New federal and state mandates required the company to provide in-depth and detailed accounting audits of devices and software licenses.

Their existing team didn’t have extensive IT experience, they were working in the confines of a highly restricted secure network, and they had a very limited budget to find a solution.
With OPA on the team, they can now generate detailed ad-hoc reports for internal management or audit demands. Federal and State audit requirements are now met and they’ve even saved 30% on their annual budget.

Wireless Internet Service Provider – USA

A WISP with infrastructure based in desert areas was experiencing equipment failure due to temperature shifts. They were constantly inundated with alerts and the resolution process involved physically attending the site to restart the affected equipment.

Failing to meet their service level agreements, they were losing customers.
They’ve now revised their operational playbook to incorporate OPA. Issues are being automatically remediated as they occur, and an escalation process has been built to look out for symptoms before they’re even triggered into events. They now proactively resolve faults before they turn into issues, with customers unaware there was ever even a problem.

Curious to see whether OPA could be the right fit for your organization? Speak to a network engineer about your requirements and learn more about automation. We’re a technically led team, so prepare for a conversation about solutions, not sales;

Book a Demo