WindowsNetworking.com - Monthly Newsletter - July 2016

Welcome to the WindowsNetworking.com newsletter by Debra Littlejohn Shinder, MVP. Each month we will bring you interesting and helpful information on the world of Windows Networking. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to: dshinder@windowsnetworking.com

 

1. What will a Quantum Leap in Computing Mean for Security?

Quantum computers might seem to be the Holy Grail of the technology world, but is it a technology that’s right around the corner or just fodder for science fiction for the foreseeable future? And if and when quantum computing becomes the norm, what will that mean for network security?
Most IT professionals have only a vague idea of what quantum theory is and how quantum computers will work – and that’s a lot more than the average person on the street has. Of course, the average person doesn’t know how traditional binary computers work, either, but most IT pros have a reasonable understanding of the relationship of bits and bytes to the information that they represent.
Quantum theory attempts to explain how matter and energy behave at the atomic and subatomic levels, where our traditional laws of physics don’t apply. Physicist Max Planck first presented quantum theory in 1900 and later won a Nobel prize for it. Albert Einstein, Louis de Broglie, Werner Heisenberg, Niels Bohr and Erwin Schrodinger all famously contributed to the study of quantum mechanics, which is based on the premise that an object exists in all possible states simultaneously until it is observed and that precise simultaneous measurement of two complementary values is impossible. An alternative interpretation of quantum theory, preferred by Stephen Hawking and others, is the multiverse (or many worlds) theory that Star Trek fans will recognize as the basis for many interesting plot lines.
What does this have to do with computers? A quantum computer would follow the laws of quantum physics, which means instead of data being processed based on two exclusive states (the 0 and 1 of binary computing), it would have the ability to be in multiple states simultaneously. Particles can represent values of 0, 1 or a superposition of both 0 and 1 whereby it behaves as if it’s in both states at the same time. The particles are called qubits (for quantum bit). The practical effect is that a quantum computer could be exponentially more powerful and faster than traditional supercomputers.
Quantum computing has moved beyond the theoretical. The first quantum algorithm was developed in 1994 by Peter Shor. A quantum computer, like traditional computers, is based on the Turing machine concept, created by Alan Turing in the 1930s. The quantum Turing machine, unlike its traditional counterpart, can perform many different calculations at the same time. We think of today’s computers as capable of multi-tasking but they really don’t – they just switch between different tasks so quickly that it seems as if they do. A quantum computer really can perform multiple tasks simultaneously, making it potentially millions of times more powerful than today’s systems.
Although some special purpose “proof of concept” quantum computers have already been built, the technology is by no means ready for prime time. There are still many challenges to be overcome before quantum components replace silicon chips. However, just a little over half a century ago, in the days of massive vacuum tube based computers that filled entire room and cost millions of dollars to provide a small fraction of the processing power of today’s cheapest smart phones, the idea of today’s GHz-speed integrated circuit based systems would have seemed like an impossible dream. Quantum computing is coming; the question isn’t whether but when. And when it does, everything will change – including network security.
Therein lies the rub. The good news is that quantum computing, with its promise of infinite processing power and unlimited storage, also has the potential to bring with it amazing advances in our ability to create accurate computer modeling that could enable great leaps forward in fields from healthcare to space travel to weather prediction (and heaven knows we could use more accuracy in the latter area). We could finally see true speech recognition that really works, and artificial intelligence applications that aren’t feasible with today’s computer systems.
But as with any new technology, there is a dark side. Putting aside the scary issues inherent in a world of genuinely intelligent machines, quantum tech also has ramifications for the way we secure data – some of which are positive and some that aren’t. We rely on encryption of our data to protect it from interception as it travels across our networks and from access when it’s at rest on hard drives or other storage devices. The strength of that encryption lies, in part, in the length of the keys that are used. 2048 bit keys are considered highly secure, because it would take millions of years for our current computer to crack them using brute force attacks. Quantum computing will change all that.
A quantum system, vastly faster and more powerful, may be able to decrypt currently strong encryption in days or even hours. Many of the cryptography methods we routinely use today such as the public key ciphers and key exchange methods used by SSL/TLS connections, could be rendered useless. Back a few years ago, Kaspersky Labs’ blog put forth the speculation that quantum computers could mean the end of security.
Luckily, that headline was a bit overly dramatic (as the blog post itself concedes if you read to the end). The same quantum technology that can break our current cryptography will also enable much stronger encryption methods than we have today. The good news is that technology companies are already working on developing “post-quantum” encryption methods that will be able to withstand the onslaught of massively powerful machines. Google recently announced that its researchers are working on a cryptography algorithm they call New Hope that is being tested on the Chrome Canary web browser. Earlier this year, Microsoft Research corporate vice president Peter Lee noted that quantum computing is one of the largest areas of investment in that division.
Of course, where there is a security mechanism, there’s going to be someone working hard to defeat it. Quantum hacking is a “thing” now, with organizations – both legit security researchers and black hats – that are devoted to finding ways to break quantum crypto. 
Of course, it’s important to remember that encryption is only one component of security. You can encrypt data with the strongest and most unbreakable algorithms in the world, and it won’t matter if an attack is able to social engineer his way to obtaining the credentials of authorized users. That’s why security is and must remain a multi-layered strategic implementation that includes user education, two-factor authentication, physical security, and more.
Just as for want of a nail, a kingdom was lost, in the same way the security battle can be lost in spite of quantum encryption, for want of a user who is savvy enough to resist the human factors of persuasion, deception, intimidation, and financial rewards or emotional appeal. Quantum computing is still in the future, but before we have to address its challenges, we must solve the security problems of today.

‘Til next time,
Deb

dshinder@windowsnetworking.com

=======================

Quotes of the Month

Einstein’s theory of relativity does a fantastic job for explaining big things. Quantum mechanics is fantastic for the other end of the spectrum – for small things. – Brian Greene

If anybody says he can think about quantum physics without getting giddy, that only shows he has not understood the first thing about them. – Niels Bohr

For the record: Quantum mechanics does not deny the existence of objective reality. Nor does it imply that mere thoughts can change external events. Effects still require causes, so if you want to change the universe, you need to act on it. – Lawrence M. Krauss

=======================

2. Windows Server 2012 Security from End to Edge and Beyond – Order Today!

Windows Server 2012 Security from End to Edge and Beyond By Thomas Shinder, Debra Littlejohn Shinder and Yuri Diogenes From architecture to deployment, this book takes you through the steps for securing a Windows Server 2012-based enterprise network in today’s highly mobile, BYOD, cloud-centric computing world. Includes test lab guides for trying out solutions in a non-production environment. Order your copy of Windows Server 2012 Security from End to Edge and Beyond. You'll be glad you did

Click here to Order your copy today

 

3. WindowsNetworking.com Articles of Interest

This month on WindowsNetworking.com, we bring you a new installment for one popular article series, along with four brand new standalone articles.

Deep Dive into Office 365 Deployment (Part 2)

In part 1 of this article series, author Nirmal Sharma explained a little about Microsoft Cloud Services and customer requirements, and a high level overview of the requirements that had been received from a customer who want to use 365 services such as Email, Lync, SharePoint, and dynamic CRM and also be able to build a Hybrid cloud environment. In Part 2, he continues with an assessment of the customer environment that was done after receipt of the customer requirements.

Using PowerShell to Create Azure NSGs

Microsoft Azure is quickly becoming the platform of choice for deploying virtual machines in the cloud. But early versions of Azure infrastructure-as-a-service (IaaS) offerings were somewhat clunky as far as configuration was concerned, especially in the area of access control. As a result, Microsoft has introduced a better way of configuring secure access to Azure virtual machines. This new approach is called Network Security Groups (NSGs). In this article, Mitch Tulloch explains how they work and how you can use Windows PowerShell to create them.

DevOps Dilemma

The “agile” movement and the DevOps model together form the foundation for “next generation IT” – but because they involve a totally new way of thinking and working, even many of those who embrace the ideas and ideals that they represent aren’t completely sure of how this brave new world will work in the long run. Change of this magnitude doesn’t come easily to many – and that’s especially true when it’s presented almost as an article of faith or a mandate from on high, without any honest explanation of the real benefits and drawbacks (as it has been presented to many IT professionals). In this article, Deb Shinder takes a look at some of the defining characteristics of these methodologies, where companies go wrong in implementing them, and how to enjoy the benefits while avoiding the pitfalls.  

Getting Ready for Azure Stack

Most IT pros know that Azure is Microsoft's infrastructure as a service (IaaS) offering in the cloud, but not as many are familiar with Azure Stack, which is essentially your own private Azure deployment in your on-premises datacenter. Security and privacy concerns still hold many companies back from committing to the cloud, but if you want and need the kind of power and agility that Azure can provide, Azure Stack is the hybrid solution that can take your network to the next level. In this article, Deb Shinder delves into what Azure Stack is, how it works and when and why you would use it.

Interview: Evolution of Win Mgmt

Enterprise IT has changed a great deal over the last couple of decades. The job of the administrator has evolved from having god-like control over users' workstations to managing applications running in the cloud and devices that are not company-owned. Microsoft System Center is now a popular platform for managing both on-premises and cloud-based assets. To gain some insight into where Windows management has been, where it is now at present, and what might be coming for us ahead in the next few years, Mitch Tulloch interviewed System Center expert Mike Long for this article.

4. Administrator KB Tip of the Month

Querying Specific Operating System Types in Active Directory

This tip shows how to use DSQuery to find systems running Windows 7 and Windows 8\8.1. In case you need to get a list of computer accounts that belong to a specific Operating System family, you can use DSQuery commands as listed in below commands:
Querying Windows 8 and Windows 8.1 Computers:

• dsquery * -filter "(&(&(sAMAccountType=805306369)(objectCategory=computer)
  (operatingSystemVersion=6*)(operatingSystem=Windows 8*)))" -limit 0 -attr name operatingsystem

Querying Windows 7 Computers:

• Dsquery * -filter "(&(&(sAMAccountType=805306369)(objectCategory=computer)
  (operatingSystemVersion=6*)(operatingSystem=Windows 7*)))" -limit 0 -attr name operatingsystem

This month’s tip was provided by Nirmal Sharma, who is a MCSEx3, MCITP and Microsoft MVP in Directory Services. He specializes in Active Directory, Microsoft Azure, Failover clusters, Hyper-V, and System Center products and has been involved with Microsoft Technologies since 1994.

5. Windows Networking Links of the Month

• Cybersecurity firms step up intel sharing despite issues of trust
• Thousands of hacked CCTV devices used in DDoS attacks
• Networking advances that improve storage performance
• The growing diversity of virtual network operating systems
• Bluetooth 5 standard brings range, speed and capacity boost for IoT
• Hyperconverged systems show promise in reducing data center complexity

6. Ask Sgt. Deb

Questions about Azure

QUESTION:

Hey, Deb, we’re checking out Azure for my company but I’m a little confused about a few things. I know I can run Windows Server or Linux but I’m not sure about the types of virtual disks I can use and also trying to work out the differences between Azure and Hyper-V. I read somewhere that you can’t use VHDX format disks. Is that right? Thanks! – Charlie P.

ANSWER:

Azure is a complex subject and it can be confusing when you first dive in. To address your second issue first, Azure VMs are similar to Hyper-V first gen VMs. You can move VHD-format virtual disks between Hyper-V and Azure, but Azure VMs don’t (yet) support generation 2 Hyper-V VM features such as booting from a SCSI virtual hard disk or virtual DVD or Secure Boot. Also many people are surprised (and unhappy) to discover that their Azure VMs only support one virtual network adapter (and thus only one external IP address). This is true of all but the larger size VMs, A8 and A9, which can use a second NIC for limited purposes.
It's true that VHDX disks aren’t supported, but you can convert them to VHD using Hyper-V Manager or the convert-VHD cmdlet and then upload it to an Azure storage account to use it with your virtual machines.
For more info on all of this, see the Azure FAQ here