mVirtualOffice.com

Tech Hints for Everyday People

  • home
  • about

Social Media Widget – Getting Your Custom Icons to Work

May 12, 2012 by Leave a Comment

Social Media Widget, created by Brian, has to be one of the coolest widgets out there to handle all your social network connections.  It comes with lots of features out of the box but it is dynamic enough to allow end users to easily customize on their own.

As I was creating one of my websites, I wanted to leverage this widget but customize the icons to better fit my design.  But alas, I was not able to make it work initially. Upon further research (I got it to work), it was nothing more than correctly identifying the path to the icon folder!

Because there are so many variations involving hosting providers, WordPress installation methods, etc., it can get downright confusing.

Since Brian has done an excellent job of describing what needs to be done, I am simply going to outline minor tweaks I made to get my customized icons to work.

ENVIRONMENT

Host:  Hostgator Hatchling (limited to one domain assigned to the hosting package)

WordPress:  v.3.3.1

Framework:  StudioPress Genesis 1.8.1

Theme:  Magazine Child Theme, v2

Widget:  Social-Media-Widget-2.9.4

Icons:  Gray, 32px, created with Adobe CS5 Fireworks

INSTRUCTIONS

  1. Log into Hostgator cpanel
  2. Navigate to WP-CONTENT, then create a folder called “icons”
  3. Copy files into this “icons” folder (as instructed by Brian, naming convention MUST BE IDENTICAL to his existing icon names.  Let’s use facebook.png as an example.  First, match the file name including lower letters. Second, make sure it ends in .png file fomat. Third, you can ONLY use 16px, 32px or 64px sizes.  Other sizes will not work.   Whatever size you decide, it should be standard across different icons)
  4. Install widget as instructed
  5. From the WP dashboard, click on APPEARANCE–>WIDGETS, then drag over the Social Media Widget to your target destination (in my case, the primary side bar after SEARCH widget)
  6. For my website, I made the following changes:
    • Title:  Connect with Us
    • Icon Size: 32px
    • Icon Pack:  Custom Icons
    • Added my profile URL links for Facebook, Twitter, Linked In, and RSS.
  7. For the CUSTOMS ICON URL,  the default (sample) value was: http://wwww.yoursite.com/wordpress/wp-content/your-icons (another example Brian gave was: http://www.yoursite.com/blog/wp-conent/icons)  In my case with Hostgator, the formatting was slightly different:  http://wwww.yoursite.com/wp-content/icons
  8. For the CUSTOM ICONS PATH, the default (sample) value was: /path/to/your-icons.  I changed this to: /home/your-cpanel-user-id/public_html/wp-content/icons
  9. At this point, all my custom buttons showed up in my page.

When in doubt, contact your hosting provider for the exact path.  Hostgator online chat technician was awesome.  Good luck.

RESOURCES:

Hostgator – Server Path, Absolute Path

Filed Under: Virtual Technologies Tagged With: ABSOLUTE PATH, GENESIS FRAMEWORK, HOSTGATOR, MAGAZINE THEME, SERVER PATH, SOCAIL MEDIA WIDGET, STUDIOPRESS, WORDPRESS

How to Create Drop Caps in Genesis and Thesis

May 11, 2012 by Leave a Comment

How To Create Drop Caps - Sample Text
Drop cap is simple enlarging the first letter of a body of text to draw readers attention. It is a very popular effect used in magazines and newspapers as well as online content because it is attractive and effective.

OVERVIEW

There are many different ways of accomplishing this task but the most effective way I found was through the use of a CSS stylesheet.

You may be aware that CSS stylesheet is allows design information to be stored in one location to make it easier to make broad changes (i.e. font size, font type, color, etc.)

So I started looking around and there were some very good suggestions (see below in the resource section), but I just could not make any of them to work in my particular situation so I decided to outline how I did it.  Hope it will work for you as well 😉

REQUIREMENT

  • WordPress.ORG v.3.3.1 or higher (this article applies to self-hosted wordpress.ORG, NOT wordpress.COM)
  • Genesis Framework v.1.8.1 or higher
  • Genesis Child theme – any version

STEP-BY-STEP INSTRUCTIONS

In general, I do NOT like installing WordPress plugins for two reasons:

  1. Security – WordPress gets updated quite often to address security issues; I find that most plugins are not maintained often (free ones anyway)
  2. Performance – there is an inverse relationship between the number of installed plugins vs. web server performance.  More plugins force a web server to work harder, meaning your site may run slow (not good in terms of user experience)

So here is how I used CSS declarations to utilize dropcaps:

Step 1 – I use Hostgator so I logged in, then opened up a file manager

Step 2 – Navigated to where the style.css was located within the magazine child theme folder;

Step 3 – Opened it for editing

Step 4 – opened another Firefox window and downloaded Eka Kurniawan’s plugin (see below for the link)

Step 5 – Open the dropcap-shortcode.php in your text editor and copy the highlighted text

How to Create Drop Caps Style CSS code(here is the actual code)

span.dropcap {

display: inline;

float: left;

margin: 0;

padding: .25em .08em 0 0;

#padding: 0.25em 0.08em 0.2em 0.00em;/* override for Microsoft Internet Explorer browsers*/

_padding: 0.25em 0.08em 0.4em 0.00em; /* override for IE browsers 6.0 and older */

font-size: 3.2em;

line-height: .4em;

text-transform: capitalize;

color: #c30;

font-family: Georgia, Times New Romans, Trebuchet MS, Lucida Grande;

}

Step 6 – Switching to the FF window containing the Genesis – Magazine STYLE.CSS, past the code to the end;

Step 7 – Go to you page or post and simply use <span class=”dropcode”> </span> HTML tags to make your first letter a drop cap.  That’s it!

LAST WORDS

  • backup your style.css before making any changes; that way, you can revert to your backup if your new changes are no good;
  • If you have existing (and lots of) posts and pages, you can try using the automated route as outlined in the Binaryturf.com article.  Unfortunately, this did not work for me because each of my post/page contained an image at the top

RESOURCES

Greg Rikaby – http://gregrickaby.com/2011/04/how-to-create-drop-caps-in-thesis-and-genesis.html
Binary Turf – http://www.binaryturf.com/code-auto-dropcap-thesis-wordpress-themes/
Eka Kurniawan – http://wordpress.org/extend/plugins/drop-cap-shortcode/

Filed Under: Virtual Technologies Tagged With: DROP CAP, DROP CAPS, DROPCAP, DROPCAPS, GENESIS, MAGAZINE CHILD THEME, STUDIOPRESS, STYLE.CSS, WORDPRESS

Solution to your trouble with HP zr2740w monitor with HP Elitebook 8560w?

March 12, 2012 by Leave a Comment

I needed some additional screen real estate to efficiently handle coding / graphics design work so I decided to purchase an external monitor for my HP Elitebook 8560w Workstation Notebook (without a docking station)).

I ultimately decided to purchase HP zr2740w 27″ LED monitor over Dell Ultra Sharp 27″, Apple Cinema Display 27″ and HP’s own 2711x because:

  1. zr2740w has superior IPS panel (advantage over 2711x);
  2. zr2740w has higher resolution at 2550×1440 WQHD (advantage over 2711x with 1920×1080 HD);
  3. zr2740w has superior LED lighting vs LCD lighting (advantage over Dell and Apple);
  4. zr2740w has cheaper price than Apple or Dell;
  5. zr2740w has a three year warranty (advantage over Apples one year warranty)

I purchased the monitor directly from HP Direct because:

  1. they offered free overnight shipping;
  2. offered a discounted price ($679 as of March 10, 2012)

Yes, I could have avoided paying sales tax by purchasing from an online retailer but HP offered 30 day satisfaction guarantee.  On top of that, if you made a purchase with an Amex OPEN credit card, you could receive up to 10% cash rebate (5% for purchases less than $1,000; 10% for $1,000 or higher purchase) from American Express.

Anyway, my excitement quickly turned sour when I hooked it up to my HP Elitebook 8560w workstation notebook (XU083UT#ABA) via the DisplayPort cable (included with the monitor).  All I could see was a (lighted) empty screen and no matter how much I tried tweaking the Windows 7 Professional display configuration, the external screen did not display any data.  After 30 minutes of frustration, I finally called the HP Small Business tech support (800.334.5144).

He made me go through the usual battery of questions to triage the problem:

1.  What is the notebook configuration (Model XU083UT#ABA, BIOS f.20, 16 GB memory, ATI m5950 1GB v.ersion 8.850.7.3000 – 20111116

2.  Is the master power switch on (in addition to the soft power on/off switch in front of the monitor, there is a physical on/off switch where the power cord gets plugged in)?

3. Is the DisplayPort cable HP OEM part (there are some incompatibility issues with third-party DP cables) and tightly plugged in?

4. Reset the BIOS to factory default

5. Try using a DVI or VGA cords (could not try DVI because my notebook does not come with one;  could not try VGA because the monitor does NOT come with a VGA port!)?

6.  Run scanning tools from here (http://www.hp.com/go/ispe) using the Internet Explorer (the scan did not work; app got stuck and got nowhere);

7.  Reset the monitor to factory configuration by unplugging the monitor from power, then hold the power button for 60sec while plugging in the power cord.

When I mentioned that googling “HP Elitebook 8560w zr2740w problem” produced results with people who are having same problems (with questions being posted at hp forums to boot with HP engineers providing a beta display driver!), the tech agent told me he would escalate my case to a level 2 support agent.

An hour later, a level 2 agent sent me an email with an ftp link to SP56103.exe file with the caveat that it is in BETA and that a final driver will be published at the end of March 2012.

When I was waiting, I found the newest AMD Catalyst Control Center (CCC) software (v.3.00.0851) here and got my monitor to work (you may encounter some installation error messages; just ignore them and reboot) so I did not try the SP56103 driver.  I will uninstall my latest CCC app and install the final driver from HP later.

Now that the monitor is working (FHD or 1920×1080 on my notebook and 2560×1440 WQHD on my external monitor), I can get some serious work done!

Filed Under: LED monitor, technologies, Virtual Technologies Tagged With: 27 Monitor, HP Elitebook 8560w, LED monitor, troubleshooting, zr2740w

Modify custom_functions.php and custom.css DIYtheme files

February 4, 2012 by Leave a Comment

DIY Thesis Theme for WordPress is an awesome framework for WordPress that provides excellent web site customization flexibilities.  One cool feature allows users to modify  custom.css and custom_functions.php files via text editor that gives almost limitless possibilities in terms of design and functionality. Although there are number of other excellent fram

But the ease of which a user can  make changes to these two files can be a double-edged sword.  Especially if one makes a single typo in the custom_functions.php file which can instantly disable the entire sit.  Furthermore, if a person makes a change that causes a fatal error, the user may not be able to correct it using the WordPress application.

In this post, I will outline detailed steps to minimize the risk and what to do about it should you encounter that problem.

Back up custom_functions.php and custom.css files

Because there are many variations between hosting providers and graphical user interfaces, I am going to assume the following:

  • You have WordPress v3.1 or higher;
  • You have DIYtheme v1.8 or higher;
  • You have access to your hosting server via cpanel;
  • You can use cpanel file manager to access web files;

Step 1: Login to your host via cPanel (fig 2.1)

Step 2: Click on the File Manager icon (fig 2.2)

Step 3: If you have multiple domains associated with your cpanel, choose the appropriate domain (fig.2.3).  By the way, you will note that by “GO” button is grayed out.  That is because my account access timed out when I took this screenshot.  Simply log out and log back in and you will be able to click on the “GO” button.

fig 2.1-cpanel

fig 2.2-file manager

fig.2.3-select domain

Step 4:  Navigate to this path (“public_html/mvirtualoffice.com/wp-content/themes/thesis_18/custom“).  Please note that cPanel file manager works slightly different than that of Windows Explorer.  To drill down the file directory, you need to click on the folder icon (fig.3.1.A).  Clicking on the file or directory name allows you to change the name of that file/directory (fig.3.1.B).

Step 5:  Create a backup directory called backup-20120204 by first clicking on the New Folder icon (fig.3.2.A) then completing the name field (fig.3.2.B).  Because I frequently change my custom_functions.php and custom.css files, I use a date (yyymmdd) format for my own tracking needs but obviously you can choose any naming convention to suit your needs

Step 6: While holding down the CTRL button, click on the custom.css and custom_functions.php files (fig.3.3). While still holding the CTRL button, drag the highlighted files into the newly created backup directory. 

Please note that dragging and dropping the highlighted files while pressing down the CTRL performs a COPY function.  If you were to do this step without pressing down the CTRL key will instead perform a MOVE function.

fig.3.1

fig.3.2

fig.3.3

 

Modifying custom_functions.php

There are two ways to modify a custom_functions.php file.   You can do it directly through cPanel or DIYtheme.  I chose DIYtheme route because it is faster to make rapid, on-the-fly changes.

Step 1: Log into WordPress

Step 2: Click on the Thesis link to expand the drop down list

Step 3: Click on the Custom File Editor

Step 4:  Select custom_functions.php from the drop down menu and click edit

fig.4.1

fig.4.2

fig.4.3

Recovering from a custom_functions.php error

There are two possiblescenarios:

Scenario 1:  File is corrupted but you can still access the WordPress-DIYtheme application
Scenario 2:  File is corrupted and you CANNOT access the website,Wordpres or DIYtheme application

For scenario 1, fixing it is quite easy.  Just open custom_functions.php version prior to the broken one in notepad, copy and paste via DIYtheme’s Custom File Editor.

For scenario 2, involving a fatal error where you are unable to access the front end (website/WordPress/DIYtheme), you need to log in using your cPanel credential and either copy & paste using cPanel’s editor, or just upload the custom_functions.php text file version that is working.

Thanks for reading!

Filed Under: Virtual Technologies

Where is the terminal application under Ubuntu 11.10?

January 31, 2012 by Leave a Comment

I have been using Ubuntu 11.04 Natty Narwhal for awhile so I was able to find what I needed quickly, including my trusty command line interface application called terminal.

After upgrading to Ubuntu 11.10, I just couldn’t figure out where the terminal app was located.  After searching around a bit, I finally found it by clicking on the Ubuntu logo and typing in “terminal” in the search box.  Little bit clunky like how Windows Vista arbitrarily moved around applications from Windows XP (thank goodness Vista was retired though!)

 

 

Filed Under: Virtual Technologies

Visio 2010 crashing with Windows 7

October 21, 2011 by 1 Comment

Microsoft Visio 2010 is an excellent tool to draw various objects, including network schematics.

However, my Visio 2010 under Microsoft Windows 7 Ultimate (64 bit) kept crashing

Same here, remove the add on.

In Visio select File/Options/Add-Ins/

Manage COM Add-Ins/Click Go

Select ‘Send to Bluetooth’

Click Remove

 

Yeah finally this worked for me Tools -> Trust Center -> Add-ins-> Check “Disable all aplication Add-ins”.

 

Filed Under: Virtual Technologies

Personal VPN

October 19, 2011 by Leave a Comment

It’s a truth universally acknowledged that public Wi-Fi hotspots aren’t secure, but they’re so convenient that most of us use them anyway. That’s why there was something of a panic last year when Eric Butler showed everyone how easy it is to hijack Facebook, Twitter and PayPal accounts on open Wi-Fi networks via his FireSheep Firefox add-on.

Of course, not everything you do in an open Wi-Fi environment can be picked up by digital eavesdropping. Secure HTTPS servers are great, but it’s likely that your e-mail account and many social networking sites don’t use HTTPS servers, or maybe just use them for logging in. Or worse, have you submit your user name and password from an HTTP page to get to an HTTPS server. {There is at least one add-on for Firefox that offers HTTPS protection, but only for certain sites.}

In the end, online transactions are only as secure as their most open link, and the most open link of all is the gap between the laptop and the wireless access point. The technology that can really close that link is a tunneling virtual private network (VPN). VPNs establish a secure tunnel between your device and the first server you connect to.

Theoretically, if you’re employed at a company that uses a VPN, you could use that corporate VPN to secure your coffee-shop connection — but most companies frown on such use of their resources. So the obvious choice is to rent a connection from a personal VPN provider.
3 personal VPNs

Introduction
HotSpotVPN
StrongVPN
WiTopia
Conclusions

Personal VPN services have been marketing themselves as hotspot security measures for almost a decade. Once you get past the initial learning hump, it’s a relatively simple and inexpensive way to lock down your communications. I looked at three of the more established players: HotSpotVPN, StrongVPN and WiTopia.
Choosing a VPN

The first step is to understand what these providers offer. For a fee, personal VPN providers provide an end-to-end secure connection to one of their servers, which can be located in a variety of places. Personal VPN providers offer some choice of servers, so you can pick those nearest to you for better response time, but some charge extra for wider choice. In addition to security, this can provide you with anonymous browsing and a virtual regional presence (so that if you’re abroad, you can appear to be logging on in the United States and retain access to regionally restricted sites like Hulu or Netflix On Demand).

The personal VPN providers reviewed here offer two basic flavors of VPN. The most basic (and slightly cheaper) is built into the operating systems of practically every computing device: point-to-point tunneling protocol (PPTP). VPN providers give you settings for their servers to plug into your operating system. It’s robust enough for most people, but is blocked in certain regions and by certain service providers. It also requires mucking around in your operating system for configuration and selection of a separate network device, which might not be feasible if you’re on the road using a company laptop for some personal surfing.

A more robust and recent development is an SSL-based technology from OpenVPN, which uses client software to manage connections. This works on Windows, Mac and various Linux and Unix platforms.

Once configured, these services all work the same way: You turn on the OpenVPN client software when you’re ready to connect to a public hotspot and make sure the OpenVPN software isn’t showing a red (not connected) or yellow (attempting to sync up) color. If it’s green, you’re connected to a VPN server that’s either owned or leased by your VPN provider, and can enter passwords in a public Wi-Fi hotspot with confidence.

Filed Under: Virtual Technologies

Hard Drive Encryption – TrueCrypt (Free, open source)

October 19, 2011 by Leave a Comment

Introduction

TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc).

Files can be copied to and from a mounted TrueCrypt volume just like they are copied to/from any normal disk (for example, by simple drag-and-drop operations). Files are automatically being decrypted on the fly (in memory/RAM) while they are being read or copied from an encrypted TrueCrypt volume. Similarly, files that are being written or copied to the TrueCrypt volume are automatically being encrypted on the fly (right before they are written to the disk) in RAM. Note that this does not mean that the whole file that is to be encrypted/decrypted must be stored in RAM before it can be encrypted/decrypted. There are no extra memory (RAM) requirements for TrueCrypt. For an illustration of how this is accomplished, see the following paragraph.

Let’s suppose that there is an .avi video file stored on a TrueCrypt volume (therefore, the video file is entirely encrypted). The user provides the correct password (and/or keyfile) and mounts (opens) the TrueCrypt volume. When the user double clicks the icon of the video file, the operating system launches the application associated with the file type – typically a media player. The media player then begins loading a small initial portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) in order to play it. While the portion is being loaded, TrueCrypt is automatically decrypting it (in RAM). The decrypted portion of the video (stored in RAM) is then played by the media player. While this portion is being played, the media player begins loading another small portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) and the process repeats. This process is called on-the-fly encryption/decryption and it works for all file types (not only for video files).
Note that TrueCrypt never saves any decrypted data to a disk – it only stores them temporarily in RAM (memory). Even when the volume is mounted, data stored in the volume is still encrypted. When you restart Windows or turn off your computer, the volume will be dismounted and files stored in it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), files stored in the volume are inaccessible (and encrypted). To make them accessible again, you have to mount the volume (and provide the correct password and/or keyfile).

Filed Under: Virtual Technologies

Hard drive encryptions

October 19, 2011 by Leave a Comment

BitLocker Drive Encryption is a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft’s Windows Vista and Windows 7 desktop operating systems, as well as the Windows Server 2008 and Windows Server 2008 R2 server platforms. It is designed to protect data by providing encryption for entire volumes. By default it uses the AES encryption algorithm in CBC mode with a 128 bit key, combined with the Elephant diffuser for additional disk encryption specific security not provided by AES.[1][2]

BitLocker is available only in the Enterprise and Ultimate editions of Windows Vista and Windows 7.[1] Users of other versions of Windows that don’t include BitLocker could use a third-party encryption program to satisfy the need for full drive encryption (see Comparison of disk encryption software). In the RTM release of Windows Vista, only the operating system volume could be encrypted using the GUI and encrypting other volumes required using WMI-based scripts included in Windows Vista in the %Windir%\System32 folder. [3] An example of how to use the WMI interface is in the script manage-bde.wsf, that can be used to set up and manage BitLocker from the command line. With Windows Vista Service Pack 1 and Windows Server 2008, volumes other than the operating system volume can be BitLocker-protected using the graphical Control Panel applet as well. [4]

The latest version of BitLocker, included in Windows 7 and Windows Server 2008 R2, adds the ability to encrypt removable drives.

 

Security concerns

According to Microsoft sources,[16][17] BitLocker does not contain an intentionally built-in backdoor; there is no way for law enforcement to have a guaranteed passage to the data on the user’s drives that is provided by Microsoft. The lack of any backdoor has been a concern to the UK Home Office,[18] which tried entering into talks with Microsoft to get one introduced, though Microsoft developer Niels Ferguson and other Microsoft spokesmen state that they have not granted the wish to have one added.[19][20] Although the AES encryption algorithm used in BitLocker is in the public domain, its actual implementation in BitLocker, as well as other components of the software, are closed source; however, the code is available for scrutiny by Microsoft partners and enterprises, subject to a non-disclosure agreement.

Notwithstanding the claims of Niels Ferguson and others, Microsoft Services states in Exploration of Windows 7, Advanced Forensics Topic (page 70), “BitLocker has a number of ‘Recovery’ scenarios that we can exploit”, and “BitLocker, at its core, is a password technology, we simply have to get the password…”.

The “Transparent operation mode” and “User authentication mode” of BitLocker use the TPM hardware to detect if there are unauthorized changes to the pre-boot environment, including the BIOS and MBR.[21] If any unauthorized changes are detected, BitLocker requests a recovery key on a USB device, or a recovery password entered by hand. Either of these cryptographic secrets are used to decrypt the Volume Master Key (VMK) and allow the bootup process to continue.[21]

Nevertheless, in February 2008, a group of security researchers published details of a so called “cold boot attack” that allows a BitLocker-protected machine to be compromised by booting the machine off removable media, such as a USB drive, into another operating system, then dumping the contents of pre-boot memory.[22] The attack relies on the fact that DRAM retains information for up to several minutes (or even longer if cooled) after power has been removed. Use of a TPM module alone does not offer any protection, as the keys are held in memory while Windows is running, although two-factor authentication, i.e. using TPM together with a PIN, offers better protection for machines that are not powered on when physical access to them is obtained. Similar full disk encryption mechanisms of other vendors and other operating systems, including Linux and Mac OS X, are vulnerable to the same attack.[22] The authors recommend that computers be powered down when not in physical control of the owner (rather than be left in a “sleep” state) and that a password also be required to boot the machine.

Once a BitLocker-protected machine is running, its keys are stored in memory where they may be susceptible to attack by a process that is able to access physical memory, for example through a 1394 DMA channel.[23] Any cryptographic material in memory is at risk from this attack, which is therefore not specific to BitLocker.

 

Filed Under: Virtual Technologies

Virtual Machine Security Precautions

October 19, 2011 by Leave a Comment

Overview

We strongly recommend treating each virtual machine as if it was a physical machine for most activities. Virtual machines are vulnerable to most of the same things as physical machines including data loss/corruption, hardware failures, viruses, and hackers. Install and use virus scanning software. Take regular updates to your operating system, preferably via an automatic update system. Make regular backups of important data. Follow the recommended best practices for your guest operating system. In most cases, simply treat your virtual workstation as you would any other machine.

Security Recommendations

We strongly recommend you treat each virtual machine as though it is a real machine for the purposes of security.

  1. Install Anti-Virus Software
    While MIT does its best to prevent virus attacks, no computer is immune to them. Anti-virus software needs to be installed separately on the Virtual Machine, even if virus protection is already installed on the Macintosh operating system itself. For more information about virus protection, distributed by MIT at no cost, see: Virus Software.
  2. Exclude Virtual Machine folders from your Macintosh’s Anti-Virus Scans
    To prevent damage to your virtual machines, the virus protection software on your Macintosh must be configured to exclude the Virtual Machine’s folder from its scans. This is due to an incompatibility between VMware Fusion 2.x and 3.x and McAfee Security 1.0 for Macintosh, or VirusScan 8.6.x for Macintosh. Learn how
  3. Utilize Anti-Spyware Software
    While virus protection software offers some protection from spyware, we recommend using MS Defender on your Windows virtual machines for additional protection. For more information about spyware, see: Dealing with Spyware and Other Malware
  4. Choose Strong Passwords
    Weak passwords can be guessed, thus giving someone else access to your files and your system. Create passwords that are at least eight characters long, containing numbers, upper and lower case letters, and symbols. More information on creating strong passwords can be found at http://ist.mit.edu/security/passwords
  5. Follow Security Recommendations
    IS&T provides platform-specific security recommendations to address security concerns with each operating system. See: Security Recommendations by Platform
  6. Keep your Operating Systems Updated
    It is equally important to keep your host and virtual operating systems updated as compromises can occur in either kind of system. Install operating system security updates to keep your system current and protected from known vulnerabilities. We strongly recommend utilizing automatic updates, but note that virtual systems can only take updates when they are running. If your virtual system has not been started in some time (or is rarely left running long enough to take an update), we recommend you run a manual update as soon as you start your virtual system. For more information, see: MIT Windows Automatic Update Service, Red Hat Network.
  7. Maintain Like Risk Postures for All Machines (Virtual and Host)
    Your system is only as secure as the least secure virtual or host machine. All guests on a host machine should have like risk posture – same level of accessibility, data sensitivity and level of protection. If any guest is more vulnerable than other guests or your host, it could be an entry to compromise the rest of your system.
  8. Limit Host Access
    Access to the host should be limited (firewalled off).
  9. Snapshots of Virtual Machines
    When taking a snapshot of a virtual machine and then branching off, make sure to save the image at the instance before the branch (the trunk) rather than at the branch level to ensure security patches are most up to date.

Best Practices

  • Don’t register a virtual machine for DHCP on wireless.
  • When copying or backing up a VM image:
    1. Make sure the virtual machine is powered off.
    2. Do not copy the lockfile directory (the only subdirectory that ends in “.lck”).</li>
  • When restoring from backup use move, not copy. This prevents issues with duplicate Mac Addresses on the same network.
  • Treat each VM as a standalone computer for security purposes. Install virus scanning software. Take regular OS updates.
  • Enable “Time synchronization between the virtual machine and the host operating system” via the VMware Tools installed on the virtual machine.
  • Networking: use NAT Networking. This should be the default setting for your virtual machines.
    Advanced users, particularly running Linux guests, may discover they want or need to deal with the additional complexity of setting up a Bridged network interface.
  • Carefully plan your disk allocations. Do not over-allocate your disk. It is dangerous to tell VMware to make images that, if they all grew to their full size, would take up more disk space than you have free. If this happens, VMware may pop up an alert warning you when you’re about to use up more space than you have. That would give you a chance to free up disk space or exit cleanly. We don’t recommend relying on the warning. There’s no guarantee it will appear before bad things (data loss or corruption) happen.

Backups

The importance of backing up your data cannot be stressed enough. Virtual machines are at just as much risk, if not more, for data loss due to hardware failure, file corruption, system compromise, and other events. If data loss happens, a backup can make a world of difference in recovering from such an event. How you use your virtual machine (VM) will determine the best way to do backups for your VMs.

  1. You have important software/data in the VM (research, data, etc):
    Install TSM within your virtual machine and have it run regular backups of the data within your virtual machine. This method does not preserve your virtual machine, just the data within it. For more information on using TSM for virtual machines, see: TSM Backup Accounts
  2. Your VM is an appliance:
    We recommend that the system administrator manually makes backups. This preserves both the virtual machine and your data within it. Simply, drag and copy the VM somewhere (e.g., an external drive). Exclude your VM files from regular backups via TSM. See items 2 and 3 below for reasons. For more information, see: Q. I want to make a backup/copy of my virtual machine. What is the best way to do so?

Things to note regarding virtual machine backups:

  • A virtual machine image is actually comprised of several files. All of those have to be in sync or behavior is erratic.
  • From outside the virtual machine (host machine), if a backup is made when the virtual machine is running, the results are inconsistent. Backup your virtual machine files on the host machine when the virtual machine is not running.
  • To backup virtual machines using Mac OS X 10.5’s Time Machine, users will need to be running Mac OS X 10.5.2 or later. When backed up using Time Machine, virtual machines are duplicated and may take up considerable space on your backup drive.

Security Risks Specific to Virtual Machines

While virtual machines are at risk of all the same things as any other machine, you should be aware of a few additional issues.

  1. If a host is compromised, scripts can be run on the host that can interact with the guest at whatever privilege level the guest is logged in as. This can result in malicious trojans being installed on the host and guest machines.
  2. A virtual machine that is not virus protected, compromised, and in a shared networking configuration can be used by an attacker to scan both the private and public address spaces. The other virtual machines on the host (if not patched) can also be exploited via the network, so a software firewall on each of the guests is recommended.
  3. (Enterprise version) When turning on shared folders, they can be accessed through a compromised guest. Files can then be placed on the host and attackers can access other guests’ file systems.

http://kb.mit.edu/confluence/display/ist/VMware+Security+Recommendations+and+Best+Practices

 

Filed Under: Virtual Technologies

Next Page »

Sponsors

Udemy.com Homepage 300x250

Categories

  • Cellphones
  • front-top-slider
  • hosting
  • Laptops
  • Product Reviews
    • Mobile
    • software
  • Security
    • Browser Security
  • technologies
    • LED monitor
  • ubuntu
  • virtual machines
    • virtualbox
      • sharing folders with host OS
  • Virtual Technologies
  • web hosting
    • hostgator
  • Windows 7
    • dell 6510 troubleshooting
  • wordpress tips
    • DIYtheme

Copyright © 2021 · News Pro Theme on Genesis Framework · WordPress · Log in