Sunday, May 14, 2017

US-CERT : Indicators Associated With WannaCry Ransomware

U.S. Department of Homeland Security US-CERT
National Cyber Awareness System:

05/12/2017 09:36 PM EDT

Original release date: May 12, 2017 | Last revised: May 15, 2017

Systems Affected

Microsoft Windows operating systems


According to numerous open-source reports, a widespread ransomware campaign is affecting various organizations with reports of tens of thousands of infections in as many as 74 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan. The software can run in as many as 27 different languages.
The latest version of this ransomware variant, known as WannaCry, WCry, or Wanna Decryptor, was discovered the morning of May 12, 2017, by an independent security researcher and has spread rapidly over several hours, with initial reports beginning around 4:00 AM EDT, May 12, 2017. Open-source reporting indicates a requested ransom of .1781 bitcoins, roughly $300 U.S.

This Alert is the result of efforts between the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) to highlight known cyber threats. DHS and the FBI continue to pursue related information of threats to federal, state, and local government systems and as such, further releases of technical information may be forthcoming.


Initial reports indicate the hacker or hacking group behind the WannaCry campaign is gaining access to enterprise servers either through Remote Desktop Protocol (RDP) compromise or through the exploitation of a critical Windows SMB vulnerability. Microsoft released a security update for the MS17-010 vulnerability on March 14, 2017. Additionally, Microsoft released patches for Windows XP, Windows 8, and Windows Server 2003 operating systems on May 13, 2017. According to open sources, one possible infection vector is via phishing emails.

Technical Details

Indicators of Compromise (IOC)

IOCs are provided within the accompanying .xlsx file of this report.

Yara Signatures

rule Wanna_Cry_Ransomware_Generic {
              description = "Detects WannaCry Ransomware on Disk and in Virtual Page"
              author = "US-CERT Code Analysis Team"
              reference = "not set"                                        
              date = "2017/05/12"
       hash0 = "4DA1F312A214C07143ABEEAFB695D904"
              $s0 = {410044004D0049004E0024}
              $s1 = "WannaDecryptor"
              $s2 = "WANNACRY"
              $s3 = "Microsoft Enhanced RSA and AES Cryptographic"
              $s4 = "PKS"
              $s5 = "StartTask"
              $s6 = "wcry@123"
              $s7 = {2F6600002F72}
              $s8 = "unzip 0.15 Copyrigh"
              $s9 = "Global\WINDOWS_TASKOSHT_MUTEX"     
              $s10 = "Global\WINDOWS_TASKCST_MUTEX"
             $s11 = {7461736B736368652E657865000000005461736B5374617274000000742E776E7279000069636163}
             $s12 = {6C73202E202F6772616E742045766572796F6E653A46202F54202F43202F5100617474726962202B68}
             $s13 = "WNcry@2ol7"
             $s14 = "wcry@123"
             $s15 = "Global\MsWinZonesCacheCounterMutexA"
              $s0 and $s1 and $s2 and $s3 or $s4 and $s5 and $s6 and $s7 or $s8 and $s9 and $s10 or $s11 and $s12 or $s13 or $s14 or $s15
/*The following Yara ruleset is under the GNU-GPLv2 license ( and open to any user or organization, as long as you use it under this license.*/
rule MS17_010_WanaCry_worm {
              description = "Worm exploiting MS17-010 and dropping WannaCry Ransomware"
              author = "Felipe Molina (@felmoltor)"
              reference = ""
              date = "2017/05/12"
              $ms17010_str1="PC NETWORK PROGRAM 1.0"
              $ms17010_str3="Windows for Workgroups 3.1a"
              $wannacry_payload_substr1 = "h6agLCqPqVyXi2VSQ8O6Yb9ijBX54j"
              $wannacry_payload_substr2 = "h54WfF9cGigWFEx92bzmOd0UOaZlM"
              $wannacry_payload_substr3 = "tpGFEoLOU6+5I78Toh/nHs/RAP"
              all of them

Initial Analysis

The WannaCry ransomware received and analyzed by US-CERT is a loader that contains an AES-encrypted DLL. During runtime, the loader writes a file to disk named “t.wry”. The malware then uses an embedded 128-bit key to decrypt this file. This DLL, which is then loaded into the parent process, is the actual Wanna Cry Ransomware responsible for encrypting the user’s files. Using this cryptographic loading method, the WannaCry DLL is never directly exposed on disk and not vulnerable to antivirus software scans.
The newly loaded DLL immediately begins encrypting files on the victim’s system and encrypts the user’s files with 128-bit AES. A random key is generated for the encryption of each file.
The malware also attempts to access the IPC$ shares and SMB resources the victim system has access to. This access permits the malware to spread itself laterally on a compromised network. However, the malware never attempts to attain a password from the victim’s account in order to access the IPC$ share.
This malware is designed  to spread laterally on a network by gaining unauthorized access to the IPC$ share on network resources on the network on which it is operating.


Ransomware not only targets home users; businesses can also become infected with ransomware, leading to negative consequences, including
  • temporary or permanent loss of sensitive or proprietary information,
  • disruption to regular operations,
  • financial losses incurred to restore systems and files, and
  • potential harm to an organization’s reputation.
Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed.


Recommended Steps for Prevention
  • Apply the Microsoft patch for the MS17-010 SMB vulnerability dated March 14, 2017.
·         Enable strong spam filters to prevent phishing e-mails from reaching the end users and authenticate in-bound e-mail using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent e-mail spoofing. 
·         Scan all incoming and outgoing e-mails to detect threats and filter executable files from reaching the end users.
·         Ensure anti-virus and anti-malware solutions are set to automatically conduct regular scans.
·         Manage the use of privileged accounts. Implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary. 
·         Configure access controls including file, directory, and network share permissions with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares. 
·         Disable macro scripts from Microsoft Office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full Office suite applications.
  • Develop, institute and practice employee education programs for identifying scams, malicious links, and attempted social engineering.
  • Have regular penetration tests run against the network. No less than once a year. Ideally, as often as possible/practical.
  • Test your backups to ensure they work correctly upon use.
Recommended Steps for Remediation
  • Contact law enforcement. We strongly encourage you to contact a local FBI field office upon discovery to report an intrusion and request assistance. Maintain and provide relevant logs.
  • Implement your security incident response and business continuity plan. Ideally, organizations should ensure they have appropriate backups so their response is simply to restore the data from a known clean backup. 
Defending Against Ransomware Generally
Precautionary measures to mitigate ransomware threats include:
  • Ensure anti-virus software is up-to-date.
  • Implement a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location. Backup copies of sensitive data should not be readily accessible from local networks.
  • Scrutinize links contained in e-mails, and do not open attachments included in unsolicited e-mails.
  • Only download software – especially free software – from sites you know and trust.
  • Enable automated patches for your operating system and Web browser.
Report Notice
DHS and FBI encourages recipients who identify the use of tool(s) or techniques discussed in this document to report information to DHS or law enforcement immediately. We encourage you to contact DHS’s National Cybersecurity and Communications Integration Center (NCCIC) ( or 888-282-0870), or the FBI through a local field office or the FBI’s Cyber Division ( or 855-292-3937) to report an intrusion and to request incident response resources or technical assistance.


Revision History

  • May 12, 2017: Initial post
  • May 14, 2017: Corrected Syntax in the second Yara Rule
  • May 14, 2017: Added Microsoft link to patches for Windows XP, Windows 8, and Windows Server 2003
  • May 14, 2017: Corrected Syntax in the first Yara Rule

This product is provided subject to this Notification and this Privacy & Use policy.

A copy of this publication is available at If you need help or have questions, please send an email to Do not reply to this message since this email was sent from a notification-only address that is not monitored. To ensure you receive future US-CERT products, please add to your address book.


Sign up for email updates
Manage Preferences  |  Unsubscribe  |  Help

This email was sent to using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (888) 282-0870
Powered by GovDelivery

Wanna CryRansomware : How to protect personal and enterprises systems

What is ransomware?

Ransomware is a kind of cyber-attack that involves hackers taking control of a computer system and blocking access to it until a ransom is paid. For cyber criminals to gain access to the system they need to download a type of malicious software onto a device within the network. This is often done by getting a victim to click on a link or download it by mistake.

Once the software is on a victim's computer the hackers can launch an attack that locks all files it can find within a network. This tends to be a gradual process with files being encrypted one after another. 

Large companies with sophisticated security systems are able to spot this occurring and can isolate documents to minimize damage. Individuals might not be so lucky and could end up losing access to all of their information. 
Cyber criminals often demand payment in return for unlocking the files. This is normally in the form of bitcoin, the online cryptocurrency. 

Friday, May 5, 2017

Converged vs. Hyper-Converged Storage

Converged vs. Hyper-Converged Infrastructure Solutions

Storage Transformation - from Legacy to Hyper Converged

Hyper-Converged Infrastructure: Main Differentiation

Let's say a company is implementing server or desktop virtualization. In a non-converged architecture, physical servers run a virtualization hyper-visor, which then manages each of the virtual machines (VMs) created on that server. The data storage for those physical and virtual machines is provided by direct attached storage (DAS), network attached storage (NAS) or a storage area network (SAN).
In a converged architecture, the storage is attached directly to the physical servers. Flash storage generally is used for high-performance applications and for caching storage from the attached disk-based storage.
The hyper-converged infrastructure has the storage controller function running as a service on each node in the cluster to improve scalability and resilience. Even VMware is getting into the act. The company's new reference architecture, called EVO (previously known as Project Mystic or Marvin) is a hyper-converged offering designed to compete with companies such as NutanixSimpliVity or NIMBOXX. The two systems, EVO:RAIL and EVO:RACK, were announced at VMworld 2014 in August. Previously, VMware was active only in the converged infrastructure market with the VCE partnership.
Using Nutanix as an example, the storage logic controller, which normally is part of SAN hardware, becomes a software service attached to each VM at the hypervisor level. The software defined storage takes all of the local storage across the cluster and configures it as a single storage pool. Data that needs to be kept local for the fastest response could be stored locally, while data that is used less frequently can be stored on one of the servers that might have spare capacity.

Hyper-Converged Infrastructure Costs

Like traditional infrastructures, the cost of a hyper-converged infrastructure can vary dramatically depending on the underlying hypervisor. An infrastructure built on VMware's vSphere or Microsoft's Hyper-V can have fairly costly licensing built in. Nutanix, which supports Hyper-V, also supports the free, open source KVM, the default hypervisor in OpenStack cloud software. However, as with any open source application, "free" can be a relative term, since there are other costs involved in configuring the software for use in a given environment.
Because the storage controller is a software service, there is no need for the expensive SAN or NAS hardware in the hyper-converged infrastructure, the company says. The hypervisor communicates to the software from the Nutanix software vendor in the same manner as it did to the SAN or NAS so there is no re configuring of the storage, the company says. However, the Nutanix software eliminates the need for the IT team to configure Logical Unit Numbers (LUNs), volumes or read groups, simplifying the storage management function.
Niel Miles, software defined data center solutions manager at Hewlett-Packard, described "software defined" as programmatic controls of the corporate infrastructure as a company moves forward, while speaking at the HP Discover 2014 conference in Las Vegas earlier this year. He said this approach adds "business agility," noting that it increases the company's ability to address automation, orchestration, and control more quickly and effectively. Existing technology cannot keep up with these changes, requiring the additional software layer to respond more quickly than was possible in the past.
For those looking to reuse their existing hardware to take advantage of a hyper-converged infrastructure, several companies offer approaches more similiar to the converged infrastructure approach of discrete server, storage and network devices, but with software defined technology added to improve performance and capabilities.
One such company is Atlantis of Mountain View, CA, which offers software defined storage system that can convert direct-attached storage (DAS) into a pooled array, increasing the number of VMs that can share the storage and effectively creating a hyper-converged infrastructure. The technological secret sauce is Atlantis USX, a software platform that resides between the VM and storage infrastructures, the company says.
In August, Sunnyvale CA-based Maxta introduced the MaxDeploy Hyperconverged Reference Architecture built on Intel server boards and systems. MaxDeploy pre-validations include testing with server-side flash technology and magnetic disk drives to support a spectrum of cost / performance options, the company says. Maxta's VM-centric offering simplified IT management and reduces storage administration by enabling customers to manage VMs and not storage.
Generally speaking, the investment in a converged infrastructure system will be made in conjunction with a greenfield project rather than a forklift upgrade, says Todd Pavone, executive VP of product development and strategy for VCE. Companies that consider a converged infrastructure will know already that they need to expand their computing environment so a pilot project with a converged infrastructure system will be cost-effective. Rolling out x86-based servers in a building-block chassis permits the company to test the new environment with new hardware that would have already been budgeted for expansion.
From a CapEx perspective, Pavone says, hardware is essentially neutral. The downstream savings is from lower support and maintenance costs.
New investments for a hyper-converged infrastructure differs because the hardware cannot be decoupled should the pilot program prove unsuccessful. Because the software is a key component to a hyper-converged infrastructure, initial entry costs could be higher, Pavone says.
But Duncan Epping from VMware's EVO:RAIL (aka MARVIN) team suggests that upfront costs for converged systems need to be taken into account when considering upgrading a company's infrastructure. For hyper-converged systems, he says integration with existing infrastructure and figuring out how to manage different platform needs to be included in the financial considerations as well.
While many of the vendors that provide components and systems in the converged market are established vendors, EMC, Cisco, NetApp, Hewlett-Packard, for example, Epping says, "Some vendors in the hyper-converged space are relatively new; can you trust them with your mission-critical workloads?"  
Not all of the companies offering hyper-converged offerings are new, however. Among the established IT vendors with hyper-converged products are the aforementioned EMC, Dell, Nutanix and Epping's own VMware. Though VMware is a bit unique, as Epping explains, "EVO:RAIL is not a pure VMware offering, it is a partner program that enables customers to select a hyper-converged offering from their preferred vendor."
Among the relative newcomers in the hyper-converged space are GridstoreSimplVityYottabytePivot3, and Maxta.

Converged Infrastructure: Main Differentiation

There are two approaches to building a converged infrastructure, explains Bharat Badrinath, senior vice president of solutions marketing at EMC. The first is using the building-block approach, such as that used in the VCE Vblock environment, where fully configured systems -- including servers, storage, networking and virtualization software -- are installed in a large chassis as a single building block. The infrastructure is expanded by adding additional building blocks.
While one of the main arguments in favor of a converged infrastructure is that it comes pre-configured and simply snaps into place, that also is one of the key arguments against this building-block technology approach as well. As Chris Ward noted in his Tom’s IT Pro article To Converge Infrastructure or not, That is the Question, because all the parts are pre-configured, the users of the products have a predefined configuration. If the IT manager wants a configuration that is different from the system a provider offers, they are essentially out of luck.
The same holds true for the components themselves. Because each component is selected and configured by the vendor, the user does not have the option to choose a router or storage array customized for them. Also, the building-block approach ties the user in to updating patches on the vendor's timetable, rather than the user's. Patches must be updated in the pre-configured systems in order to maintain support.
It is possible to build a converged infrastructure without using the building block approach. The second approach is using a reference architecture, such as the one dubbed VSPEX by EMC, which allows the company to use existing hardware, such as a conforming router, storage array or server, to build the equivalent of a pre-configured Vblock system.

Converged Infrastructure Costs

As noted, each building block consists of separate hardware that is prepackaged and tested to work almost as a plug-and-play module. Unlike the hyper-converged infrastructure, the separate components of the converged infrastructure can be decoupled from the rest of the components and used in a standalone environment, Bardinath says. The simplicity of simply adding a fully configured and tested infrastructure block makes it easier to expand and maintain the network without needing to spend a lot of time reconfiguring the various components, he says. The blocks effectively snap together similar to the colorful Lego-brand building blocks found in a child’s toy box.
Pricing for converged infrastructure building blocks will vary by vendor, of course, but Unisys provides the following comparison: the base price for a Unisys Forward! system starts at $89,000. By contrast, a customer buying the same equipment and software a la carte would pay in excess of $100,000.
Companies that plan to migrate to the VSPEX reference design and use their existing server, storage and network hardware can work with a reseller or use a do-it-yourself approach to configure their existing hardware to meet the VSPEX design, he says. Such an approach would permit a company with a more modern network to migrate to the converged infrastructure at a lower cost. However, he says, most companies tend to deploy converged infrastructures in pilot projects, such as migrating from Microsoft Exchange 2010 to 2014, or in new data centers to reduce the hardware expense.
One advantage of the converged infrastructure is lower support and maintenance costs, he says. Data centers with hardware from a variety of vendors can run into finger-pointing problems when hardware issues arise. A Vblock is supported by a single vendor that takes responsibility for all of the internal components, regardless of the manufacturer.
"Technology is the easy part," Badrinath says. "The people part is much more tricky." Finding qualified engineers that can work on the wide variety of hardware from various vendors found in many data centers can be a real challenge, he notes.

Thursday, May 4, 2017

What is Hyper-Converged Storage ?


Hyperconverged infrastructure combines x86-based compute and storage resources with intelligent software to create flexible building blocks that replace legacy infrastructure consisting of separate servers, storage networks, and storage arrays.

At its simplest, storage virtualisation abstracts all the available physical storage – whether inside servers or in separate storage subsystems – into generic virtualised blocks. These are added to a shared pool which can then be carved up into new logical volumes, all managed by a distributed storage controller. A logical volume could draw its individual blocks from multiple physical devices, plus the controller supports multiple storage classes, and therefore tiers. It may also be able to replicate, mirror, snapshot and migrate data in the background, invisibly to the host file systems, never mind the applications.

“The storage virtualisation layer is what makes hyper-convergence data center-friendly,” explains Everett Dolgner, director of storage and replication product management for WAN specialist Silver Peak. “[Hyper-convergence] puts all the storage back in the server, but without an abstraction layer that's a problem – there's a reason we took it out of the servers and invented SANs in the first place!”

Generally speaking, there are two approaches companies can take to building a converged infrastructure:
  • The hardware-focused, building-block approach of VCE (a joint venture of EMC, Cisco, and VMware), simply known as converged infrastructure;
  • The software defined approach of Nutanix, VMware, and others called hyper-converged infrastructure

How Nutanix Hyper-Converged works ?

The Nutanix Solution Nutanix converges the entire datacenter stack including compute, storage, storage networking, and virtualization. Complex and expensive legacy infrastructure is replaced by simple 2U appliances that enable enterprises to start small and scale one node at a time. Each server, also known as a node, includes Intel-powered x86 hardware with flash SSDs and HDDs. Nutanix software running on each node distributes all operating functions across the cluster for superior performance and resilience. 

In order to understand what is Converged and Hyper-converged Infrastructure , please see below video tutorial. 

Who is leader in the market ? 




Atlantis Computing 





Thursday, March 17, 2016

Prevent : Locky” ransomware / Crypto Virus

Ransomware / Crypto Locker / Locky Virus


A type of malicious software designed to block access to a computer system until a sum of money is paid.

Locky, a new family of ransomware that emerged in the last few weeks, has quickly made a mark for itself. Computer security companies say it has become a commonly seen type of ransomware, which is used to hold a computer’s files hostage pending a ransom payment.
 “The idea that someone external to you can encrypt all of your data and then you have no way to retrieve that data unless you pay them I think is just absolutely terrifying.”
Trustwave's SpiderLabs said on Wednesday that 18 percent of 4 million spam messages it collected in the last week were ransomware-related, including many linked to Locky



Once it is affected on your system, the only way to decrypt your file is to pay ransom money but we have always an option to prevent this in advance

Ransomware Prevention
  •  Install latest Windows Update on all systems
  •  Implement group policy for Office suites 


** above link in German  convert it to English

  •        Update AntiVirus definition 

                 Download run following onetime AV scanner

1)     Run ESET one time online scanner
2)     Combofix one time scanner
3)     RogueKiller one time scanner

** Install MalwareBytes Anti Ransomware   (not a onetime scanner, just install it. Do not consider this as replacement of AV software , this can we used only for “Ransomware” detection and prevention )

  • Remove Local Admin rights
  • Enable System Restore
  • Deploy a software Restriction Policy
  • Configure SAN snapshots
  • Increase backup retention period

For further reading on CryptoLocker, please see

Monday, April 13, 2015

Microsoft Announces Nano Server for Modern Apps and Cloud

For more info visit :

Today Microsoft announced new container technologies as well as Nano Server, a purpose-built operating system designed to run born-in-the-cloud applications and containers. As customers adopt modern applications and next-generation cloud technologies, they need an OS that delivers speed, agility and lower resource consumption.

Nano Server is a deeply refactored version of Windows Server with a small footprint and remotely managed installation, optimized for the cloud and a DevOps workflow.  It is designed for fewer patch and update events, faster restarts, better resource utilization and tighter security. Informed directly by our learnings from building and managing some of the world’s largest hyperscale cloud environments, and available in the next version of Windows Server, Nano Server focuses on two scenarios:
  1. Born-in-the-cloud applications – support for multiple programming languages and runtimes. (e.g. C#, Java, Node.js, Python, etc.) running in containers, virtual machines, or on physical servers.
  2. Microsoft Cloud Platform infrastructure – support for compute clusters running Hyper-V and storage clusters running Scale-out File Server.
Nano Server will allow customers to install just the components they require and nothing more. The initial results are promising.  Based on the current builds, compared to Server, Nano Server has:
  • 93 percent lower VHD size
  • 92 percent fewer critical bulletins
  • 80 percent fewer reboots
To achieve these benefits, we removed the GUI stack, 32 bit support (WOW64), MSI and a number of default Server Core components. There is no local logon or Remote Desktop support. All management is performed remotely via WMI and PowerShell. We are also adding Windows Server Roles and Features using Features on Demand and DISM. We are improving remote manageability via PowerShell with Desired State Configuration as well as remote file transfer, remote script authoring and remote debugging.  We are working on a set of new Web-based management tools to replace local inbox management tools.
Because Nano Server is a refactored version of Windows Server it will be API-compatible with other versions of Windows Server within the subset of components it includes. Visual Studio is fully supported with Nano Server, including remote debugging functionality and notifications when APIs reference unsupported Nano Server components.
We are working with Microsoft Visual Studio and System Center as well as partners like Chef to ensure that Nano Server works seamlessly in a DevOps continuous deployment and management workflow. In fact, we are thrilled to see that partners like Chef are already excited about Nano Server.  According to James Casey, VP of Engineering, Chef, "The collaboration between Chef and Microsoft engineering brings best-in-class automation for the container-optimized Nano Server. The Nano Server, provisioned and managed with Chef, provides a perfect platform for high velocity IT and a DevOps workflow."
We will have much more to share on the future of our datacenter offerings in the coming weeks. To hear more about Nano Server, come to our sessions at BUILD and Ignite or watch them on Channel 9 after the show.

Windows Server 2012 TOP 10 Feature

At this past Windows Server Workshop in Redmond, Washington, Microsoft presented its upcoming version of Windows Server, currently referred to as Windows Server 2012(formerly code-named Windows Server 8), although it's sure to have a new name when the final release comes. But the name is the least of the changes you'll see with the new release. Window Server 8 is without a doubt one of the biggest server releases Microsoft has ever produced, and the list of enhancements is way too long for one column. Nonetheless, here are my top 10 standout features from Windows Server 8.
1. Multiserver support in Server Manager—Windows Server 8 features a completely redesigned Server Manager. It's no longer oriented toward single-server management as it is in Windows Server 2008 R2. Because it embraces the cloud concept, the new Server Manager can manage multiple servers, and it provides an all-new dashboard that lets you drill down into local and remote servers.
2. Server Core is the default—Windows Server 8 uses the minimalist Server Core as the default server environment, marking a huge change away from dependence on the GUI for management. One super feature of this change is that the GUI is now considered a feature. Therefore, you can perform your initial server configuration through the GUI, then remove it when you're ready to move into production. Unlike Server 2008 R2, there's no need to reinstall the OS to get rid of the GUI.
3. Ubiquitous PowerShell management—Going hand-in-hand with the move away from the GUI is the move to PowerShell as the primary management tool. Server 2008 R2 started this trend and provided more than 200 cmdlets for server management. Windows Server 8 expands the available cmdlets to more than 2,300, providing cmdlets for managing all Windows Server applications. For instance, Server 2008 R2 doesn't have built-in cmdlets for Hyper-V, but Windows Server 8 provides a full set of PowerShell cmdlets for managing Hyper-V 3.0.
4. Built-in NIC teaming—Another overdue feature is the capability to provide NIC teaming natively in the OS. VMware's ESX Server has provided NIC teaming for some time. Prior to Windows Server 8, you could get NIC teaming for Windows only via specialized NICs from Broadcom and Intel. The new built-in Windows Server 8 NIC teaming works across heterogeneous vendor NICs and can provide support for load balancing as well as failover over NICs from different vendors.
5. SMB 2.2—The Windows Server Message Block (SMB) file sharing protocol has also been significantly enhanced in Windows Server 8. SMB 2.2 adds file server resiliency with no special configuration. In addition, server applications such as Microsoft SQL Server can now have their databases stored on SMB 2.2 shares, which gives them the benefits of SMB 2.2 with no configuration changes to the SQL Server databases.
6. Data deduplication—Windows Server 8 provides built-in data deduplication, a feature typically found in high-end SANs. Windows Server 8's data deduplication runs in the background, and it can automatically detect duplicate data, save the duplicated data in a separate system store, and replace the data in the original files with pointers to the system store.
7. Expanded cluster scalability—Windows Failover Clustering has also taken a big jump in scalability. VMware's vSphere supported clusters consisting of up to 32 hosts. Previous versions of Windows Server were limited to 16 nodes. Windows Server 8 clusters can support up to 63 nodes and up to 4,000 virtual machines (VMs) per cluster, effectively leap-frogging VMware's VM cluster support.
8. Multiple concurrent Live Migrations—Live Migration was introduced with Hyper-V 2.0, which was part of the Server 2008 R2 release. Although it filled an important gap, it lagged behind VMware's VMotion because Hyper-V 2.0 could perform only one Live Migration at a time; VMware's ESX Server could perform multiple concurrent VMotions. Hyper-V 3.0 brings that same ability to Windows Server 8 and the next release of Hyper-V Server as well.
9. Storage Live Migration—The addition of Storage Live Migration to Hyper-V 3.0 really closes the feature gap with VMware. Like VMware's Storage VMotion, Hyper-V 3.0's Storage Live Migration lets you move a VM's virtual disk, configuration, and snapshot files to a new storage location with no interruption of end-user connectivity to the VM.
10. Live Migration without shared storage—Unexpectedly, Microsoft really carved out a clear advantage in the small-to-midsized business virtualization market by introducing the ability to perform Live Migration and Storage Live Migration without requiring shared storage on the back end. The ability to perform Live Migration without a SAN back end helps bring the advantages of virtualization and high availability to smaller businesses that can't afford the cost or complexities of a SAN.

US-CERT : Indicators Associated With WannaCry Ransomware

National Cyber Awareness System: TA17-132A: Indicators Associated With WannaCry Ransomware 05/12/2017 09:36 PM EDT Ori...