Reliable Cloud services for demanding businesses.

, ,

Oracle Issues Emergency Patches for ‘JoltandBleed’ Vulnerabilities

Oracle pushed out an emergency update for vulnerabilities affecting several of its products that rely on its proprietary Jolt protocol. The bugs were discovered by researchers at ERPScan who named the series of five vulnerabilities JoltandBleed.

The vulnerabilities are severe, with two of the bugs scoring 9.9 and 10 on the CVSS scale.  Products affected include Oracle PeopleSoft Campus Solutions, Human Capital Management, Financial Management, and Supply Chain Management, as well other product using the Tuxedo 2 application server.

Oracle’s Jolt protocol is used by the Tuxedo 2 application server. ERPScan calls the vulnerabilities JoltandBleed because of similarities between the 2014 vulnerability discovered in OpenSSL HeartBleed bug.

According to Oracle, the vulnerabilities “may be exploited over a network without the need for a valid username and password… Since Oracle PeopleSoft products include and use Oracle Tuxedo in their distributions, PeopleSoft customers should apply the Tuxedo patches.” Oracle said customers need to “apply the updates provided by this security alert as soon as possible.”

Oracle made the patches available Tuesday for Oracle Fusion Middleware, which address all vulnerabilities. Oracle Tuxedo is a component of Oracle Fusion Middleware. ERPScan released its research on JoltandBleed Thursday in a paper released at the the DeepSec conference in Vienna, Austria.

ERPScan said the vulnerabilities open up affected products to attackers gaining full access to all data. It describes the vulnerabilities as such:

CVE-2017-10272 is a vulnerability of memory disclosure; its exploitation gives an attacker a chance to remotely read the memory of the server (9.9 on CVSS scale)

CVE-2017-10267 is a vulneralility of stack overflows (7.5 on CVSS scale)

CVE-2017-10278 is a vulneralility of heap overflows (7.0 on CVSS scale)

CVE-2017-10266 is a vulnerability that makes it possible for a malicious actor to brute-force passwords of DomainPWD which is used for the Jolt Protocol authentication (5.3 on CVSS scale)

CVE-2017-10269 is a vulnerability affecting the Jolt Protocol; it enables an attacker to compromise the whole PeopleSoft system. (10 on CVSS scale)

“This error is originated with that how Jolt Handler processes a command with opcode 0x32. If the package structure is incorrect, a programmer has to provide a Jolt client with a certain Jolt response indicating there is an error in the communication process,” researchers at ERPScan wrote.

Researchers said the underlying vulnerability was caused by a programmer that made a mistake in coding a function call that was responsible for packing data to transmit. “The confusion was between 2 functions, jtohi and htoji. Consequently, packing of a constant package length that must be 0x40 bytes is actually 0x40000000,” they wrote.

“Then a client initiates the transmission of 0x40000000 bytes of data. Manipulating the communication with the client, an attacker can achieve a stable work of a server side and sensitive data leakage. Initiating a mass of connections, the hacker passively collects the internal memory of the Jolt server,” ERPScan said.

This leads to the leakage of credentials when a user enters them through PeopleSoft system’s web interface, researchers said.

According to Oracle the (CVE-2017-10272) memory disclosure vulnerability is easy to exploit and allows a low privileged attacker with network access via Jolt to compromise Oracle Tuxedo.

“While the vulnerability is in Oracle Tuxedo, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Tuxedo accessible data as well as unauthorized access to critical data or complete access to all Oracle Tuxedo accessible data and unauthorized ability to cause a partial denial of service of Oracle Tuxedo,” Oracle wrote regarding CVE-2017-10272.

Source: ThreatPost

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

,

Top tips for successful Office 365 adoption

Office 365 is becoming a staple in many businesses across the UK. In a recent study conducted by Serviceteam IT, over 76% of businesses surveyed used Office 365 in their workplace. With access to almost 30 applications within the suite, Office 365 offers new ways to increase productivity, collaboration and flexibility within businesses.

If you purchase new, or renew existing, Office 365 licences:

SAVE AT LEAST 5%

This includes Exchange Online, SharePoint Online, Skype for Business, OneDrive for Business and the entire suite of Office 365 pricing.

Adoption of Office 365 is not a straightforward process however, and resistance to change can be common when attempting to adopt new technologies. Driving adoption requires an understanding of the specific challenges your workers face and how Office 365 can provide a clear solution to these issues. Office 365 adoption is a continuous process. The suite is constantly being updated, with new applications designed to change the way in which businesses operate. This means that the adoption process is never fully complete. Businesses need to be aware of the changes that have been made and how to maximise the use of any new applications. Here are some top tips to help ensure the smooth adoption of Office 365 in your business.

Before deploying Office 365:

1. Expand beyond user training:

With over 28 applications that are designed to work together within a single user interface. These applications offer the opportunity to revolutionise the way in which individuals work both individually and within a team. In order to make the best use of Office 365, it is useless for firms to simply offer individual training on specific applications. Instead a continuous user adoption program must be initiated at the start of the migration to ensure that the best use of the suite is made.

2. Why are you adopting Office 365

Ensuring that everyone within the business understands why you’re adopting Office 365 is a key step in avoiding the resistance to change. If you want people to buy into the value of the new technology you need to ensure that those promoting the adoption understand why Office 365 is valuable for the business.

One strategy that could be used to increase understanding of the benefits of Office 365 is an awareness campaign for staff. This could include sending out a top tips email that includes ways they can use Office 365 to help them work better.

3. Lead by example

Choosing passionate and excited people to champion the move to Office 365 can help to ease the pressure on the core team implementing the technology. These champions can help to teach their peers how to complete their daily tasks more effectively through the use of Office 365. Generally younger employees are more responsive to changes in technology, so encourage these employees to lead by example.

4. Map current business process

Due to the multitude of applications available, employees may find it difficult to understand how these apps can work together effectively. One way to encourage employees to make full use of the applications available to them to understand the processes they follow in order to complete their work on a day to day basis. From this, mapping these processes inside of Office 365 can help to illustrate to employees how they can complete tasks more effectively.

5. Set up channels for feedback

It is important that during the adoption process champions and other employees are able to give feedback on the adoption process. This means that if additional training is required this can be arranged or the adoption plan altered if this is needed.

Don’t have Office 365 yet? Click the link for a free no obligation 30 day trial of Office 365 E5 for 25 users. Our Microsoft experts will be close at hand to help you make the most of the trial and unlock all the benefits. Call us on 0121 468 0101. When the trial has completed you can decide to continue and purchase the Office 365 subscription which is right for you. We can migrate your data and systems over so you’re ready to start using it straight away.

How to install Office 365:

1. Decide which plan you want to use

There are a number of different options for Office 365 plans that are available to businesses. Businesses can therefore decide which applications they are likely to need and then select the plan that is right for them. Serviceteam IT can offer advice and support in helping to decide which product is best for you.

2. Create accounts and add your domain

The next stage of the installation process is to use the Setup Wizard in order to create account for your users and add your own domain. The wizard allows you to personalise each users ID and email address.

3. Install Office 365

The last stage once all the user accounts have been set up is to install Office 365. Go to https://portal.office.com/OLS/MySoftware. Once you’ve logged in click install and this should install Office 365 on your employees’ computer.

After deployment:

After the deployment of Office 365 it is important to maintain a focus on user adoption. Typically, after deployment there are some applications that are underutilised. Applications such as Mail and OneDrive are often used frequently, whilst others such as Yammer are less widely used. In addition, changes to applications over time means that users may get confused if there is not a continuous plan in place to train users. These are a number of steps that can be taken after deployment to ensure the use of Office 365 is maximised.

1. Check in with staff regularly

You can use Microsoft’s Activity Reports in the Admin Centre to see which apps are being used the most. This information can then be used as part of the check-ins. You can then ask employees why they’re not using certain applications and provide training and tips as to how to maximise the use of the apps that are being underutilised. You can also monitor the activity reports to see if you can downsize individuals’ licenses if they are not using certain applications frequently enough to warrant having them.

2. Plan for changes and updates

It is important to have in place a plan for any changes that may take place to avoid employee confusion. Subscribing to Microsoft’s weekly updates email can help to ensure that you stay ahead of the game and prepare for changes.

3. Provide on-demand micro-training

In order to ensure that employees stay up-to-date with any changes that are made to apps, micro-training resources may need to be provided. This doesn’t have to be a difficult task. Microsoft produce a large amount of ‘how-to’ resources and videos and there are large banks of resources that can be easily found online.

For more information on Office 365 and the advantages of use in your business check out our other blogs on Office 365.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , , ,

Azure ExpressRoute Interconnect: Navigate to Azure

Our UK Cloud Snapshot Survey 2017 exposed a number of challenges facing UK organisations, including GDPR, Brexit, Data Sovereignty and the increase in Cyber Security attacks. One of the less difficult issues to address, for over 70% of the surveyed respondents, are the options to connect a private network to the cloud, such as Azure ExpressRoute. 35.7% use Azure, and yet very few use Azure ExpressRoute, in fact only 28.3% used a direct Cloud Connect to any of their cloud services.

Why use Azure ExpressRoute?

As I’ve covered before, in Cloud Connectivity Providers Explained, Azure ExpressRoute is a service that enables customers to create private connections between Microsoft Azure data centres and their own networks, such as on-premise infrastructure or colocation. Azure ExpressRoute connections are direct, they don’t rely on public internet, and offer far greater reliability, significantly more security and lower latency (speed) than can be achieved over a typical internet connection. Almost always Azure ExpressRoute connections can result in cost-savings. You can find out more detail regarding Azure ExpressRoute here: ExpressRoute Overview: Extend your on-premises network to Azure.

Azure ExpressRoute Network Overview

Azure ExpressRoute Network Overview

How to get Azure ExpressRoute

In order to take advantage of all the goodies Azure ExpressRoute can provide, we work with ExpressRoute connectivity partner providers. One of our partners is Megaport, who are one of the most accomplished ExpressRoute partners in the world, supporting 18 ExpressRoute locations across the globe. Megaport was the world’s first SDN-based Elastic Interconnection platform designed to provide a secure, seamless, and on-demand way for enterprises, networks, and services to interconnect.

Provisioning connections between data centres and external services has always been a problem, either due to cost or due to complexity. A decade ago I remember the only viable option was a direct Point-to-Point, which unless the two locations were within reasonable proximity, high capacity connections were an eye-watering expense. Connections between diverse geo-locations, such as between countries, required backhauls and XConnects between friendly data centres or peers, often taking weeks or months to provision. You can read more about the many DIY options in Cloud Network Providers | Connect Your Private Network to the Cloud.

Why use Serviceteam IT & Megaport

  • Megaport want what we want:
  • consistent connectivity to optimise the provisioning process
  • flexible contractual terms
  • to make connectivity options broader, simpler, and far more streamlined.

“For the last three years, we have rapidly expanded our network and one of the biggest values of Megaport is the ability to provision service to Azure specifically from any location to any Azure region in less than a couple of minutes. Our business model complements the cloud business model: no lock-in contracts, pay-as-you-go, and you only pay for what you need.”
Matt Simpson, Director of Global Cloud Strategy, Megaport.

True multi-platform cloud connectivity

One of the things that allows Megaport to stand out against their competitors for Serviceteam IT is the shared commitment to a vendor-agnostic vision of the cloud. By consolidating multiple cloud vendors, enabling customers to quickly and simply deploy multi-cloud environments, leveraging multiple public cloud options as well as their own data centres, which are all accessible from a single interface.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

,

Microsoft Azure Applications | Glossary

Microsoft Azure is a cloud computing service for managing applications and services. Azure was announced in October 2008 as Windows Azure before changing its name to Microsoft Azure in 2014.

Microsoft Azure is a widely used computing service, with over 600 Azure services for users, you would think that an Intern for an IT company would be an expert, right? Well, sadly no. I’m the first to admit that as well as lacking knowledge in AWS, I knew as much about that as  I did Azure.

However, fast forward a few weeks, and while I’m still no expert, I think I know my fair share and it’s all down to this glossary of key terms. While I used it to build my knowledge pretty much from scratch, it can also be used to fill in any gaps or even to refresh your memory. Either way, I can honestly say that without this glossary, I wouldn’t have been able to do half of the things I have – blagging can only take you so far.

What is Microsoft Azure

Microsoft Azure is a cloud service from the global software giant, Microsoft. Azure offers a vast range of useful compute and application resources. These are all offered on-demand and in a cost-effective manner which helps businesses scale and grow.

What I have learnt from creating this glossary is that even the complicated sounding terminology usually has a simple explanation. Which can be useful when developing your knowledge on technical topics. I must stress that these do not need to be committed to memory – and you certainly don’t need to know the ins and outs of every detail.

Microsoft Azure Glossary

App Service App – this app provides resources for hosting a website or web application or mobile app back end.

Affinity Group- these ensure that resources created within the same affinity group are hosted by servers that are close together. This enables these resources to communication quicker and easier.

Availability set – is a collection of virtual machines that are managed together to provide application redundancy and reliability. This use of this ensures that during either a planned or unplanned maintenance event at least on virtual machine is available.

Azure Classic Deployment Model – this is a model used to deploy resources in Azure.

Azure command-line interface (CLI) – this interface can be used to manage Azure services from Windows, macOS and Linux.

Azure PowerShell – this is a command-line interface to manage Azure services via a command line from Windows PCs.

Blob Storage – this is storage that handles all unstructured data, scaling up or down as your needs change. This storage means that users will no longer have to manage it which saves time and effort.

Cloud Services – allows you to develop, package and deploy applications and services to the cloud.

Endpoint – Endpoints allow you to make VMs placed in different networks, irrespective of whether it is within Azure/on premise/other cloud.

Instance Level Public IP Address – these are associated directly to the Virtual Machines Instances rather than to the Cloud Services when you back all the Virtual Machines within.

Public Virtual IP Address – when you create a Cloud Service in Azure, you will be assigned with Virtual Public IP Address. This address will not be released until all the VMs placed insider the Cloud services is successfully deleted or stopped.

Portal – this is a secure portal used to deploy and manage Azure services. There are two portal Azure portal and Classic Portal.

Region – this is an area that does not cross national borders and contain one or more data centers.

Resource – this is an item that is a part of your Azure solution that users can use to deploy different types of resources.

Resource group – this service holds related resources for an application which is located within Resource Manager.

Shared access signature (SAS) – this is a signature that enables you to grant limited access to a resource, without exposing your account key.

Regional Virtual Network (VNet) – is a service in which enables users to securely connect Azure resources to each other using virtual networks. A VNet is a representation of your own network in the cloud.

Resource Group – this is a container that holds related resources for an Azure solution. The resource group can include all resources for the solution or only ones that that you want to manage as a group.

Reserved Virtual IP Address – users can reserve IP addresses for the subscription.

Storage Account – this is an account in which gives users access to the Azure Blob, Queue, Table, and File services in Azure storage.

Subscription – this is an agreement between a customer and Microsoft in which enables the user to obtain Azure services. The pricing is dependent on the offer chosen for the subscription.

Tag – this is an indexing terms that enables users to categorise resources for ease of management or billing. This enables users to organise complex collections of resources in an easy manner.

Virtual Network – this is a network that provides connectivity between your Azure resources that is located from all other Azure tenants.

Virtual Machine – multiple virtual machine can run at the same time and they allow the software implementation of a physical computer that runs an operating system.

Virtual Machine Extension – this is a resource in which implements behaviours or feature that either help other programs work or give the ability for the user to interact with a running computer.

X-PLAT CLI this is a command line interface for Windows, Linux and IOS Platforms.

I hope that you will find this Microsoft Azure glossary just as useful as I did, whether that’s to learn something brand new or to expand and refresh your knowledge. Feel free to leave a comment in the section below about any questions or suggestions you may have.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , , , , , ,

Top 10 Reasons to Use Office 365

Our top 10 reasons to use Office 365 should include the Hybrid option, then you don’t have to make a choice between cloud or on-premise. You get the best of both worlds. For the majority of businesses, Office 365 makes much more sense, and Microsoft is not a consumer-grade advertising provider. Here are our Top 10 reasons why we think Office 365 is best.