Simple VirtualBox Set-Up for Linux Server Fun: Part 2

In part 1 we created a Virtual Machine (VM) for Ubuntu Server:

We are ready to install Ubuntu Server to this VM. First, click the ‘Run…’ button with the green arrow at the top of the list of virtual machines. VirtualBox has a ‘First Start Wizard’ that will ask you to select installation media. Use this to select the ISO file you downloaded from the Ubuntu Server download page. Once selected, VirtualBox will load the ISO and boot to it as if it were a real computer booting from an actual CD.

The next screen it displays will be a list of languages to choose from. These are only the languages used by the Ubuntu Server ISO / CD menu. I picked English.

We are taken to a “pre-boot” environment where we can choose to install Ubuntu Server, and where advanced users can choose to boot Ubuntu into using kernel boot arguments. For this guide, just select Install Ubuntu Server.

Seems redundant, but I tell the installer program itself to use English.

Tell the installer that it’s located in the United States.

Do not have the installer detect your keyboard layout. The detection program seems like a good idea but really it takes extra time and won’t always detect the right keyboard. I choose no at this stage.

Tell the installer that the keyboard’s origin is the USA.

Select the keyboard. USA is conveniently the default.

The installer will present a screen with a progress bar. It will start probing the hardware in your computer to find the installation CD, load additional components for the installer, and detect your network hardware. Most home users have a router that uses DHCP to automagically assign IPs behind the scenes. Under the VirtualBox defaults, the installer will automatically setup your networking by communicating with your VirtualBox’s NAT DHCP server behind the scenes. All this takes just a minute.

Select the hostname for the Ubuntu Server we’re installing. The hostname I chose was ‘machine2′:

The Ubuntu Server installer will now try to establish the system clock behind the scenes. For most systems, this means connecting to some networked time server. Once it is finished, it will ask you if the correct time was chosen. Usually this works without a hitch. No need to adjust anything here.

The installer will now try to detect all your disks by quickly scanning the computer, or in our case, our VM.

Once this is done, the partitioner will start up. Read up on partitioning if you don’t know what it is. In a nutshell, it allows you to divide your physical hard drive into different logical drives. You’ll be presented with some options for default partitioning schemes. The installer preselects ‘Guided – set up LVM and use entire disk’ but I’ve chosen ‘Guided – use entire disk’. LVM means Logical Volume Manager and it allows Linux to do very cool things with your hard drive space, especially if you have multiple hard drives and partitions. It is absolutely worth tinkering with another time. Since this is a simple VM, we don’t need the extra overhead of Logical Volume Manager.

Select the single disk we created through VirtualBox’s Virtual Machine Creation Wizard.

Review the changes we want to make to the disk. Select Yes to continue the installation.

The Ubuntu Server installer will start writing the partitioning changes to the disk.

Next it will install the base system.

After installing the base system, you will be asked to provide a name. This is really arbitrary, but its intended that a real name goes here. I chose ‘muser1′.

Create a username. Here I chose ‘umachine2′.

Create a password.

Re-type the password. Don’t mess up!

With the base system installed and a user set up, the Ubuntu Server installer is almost ready to start installing additional packages.

Before installing user programs that may make use of umachine2’s home directory, the installer asks if the home directory should be encrypted. For anyone who doesn’t know what that it, think of it as a ‘User’ folder like in windows. Its designed to hold most of your personal stuff. I don’t need home directories to be encrypted. Encryption and de-encryption of the home directory adds a little extra overhead the VM doesn’t need. I choose no.

The installer asks for HTTP Proxy information in case it needs a Proxy to access the internet. I don’t use an HTTP proxy.

Ubuntu will always ask whether the system administrator wants manual updating, automatic updating, or automatic updating for important security updates. Ubuntu Server can also have it’s updates and more managed via Landscape, Cannonical’s enterprise-class Ubuntu Managment service. I keep it simple and turn off automatic updating.

The APT package manager used by Ubuntu, Debian, and their variants, makes it very easy to do a system update. APT is also the primary tool to install any software on Ubuntu systems. Ubuntu Server comes with Aptitude in addition to APT, a terminal-based GUI for APT. The next screen in the installer is a little like Aptitude in that we can select from a list some common software packages, some of which are combinations of multiple packages. I choose only the OpenSSH Server package because OpenSSH is the best way to login remotely to a linux machine, as I’ll show in part 3.

The installer will use APT behind the scenes to download the OpenSSH Server packages from remote package servers. After downloading, it will install the packages.

When package installation is completed, the installer is almost done. Before we can start using the system, the installer needs to install a bootloader to our hard drive. A bootloader sits at the beginning of your hard drive and is the first thing on virtual disk image the VM will run at boot. When the bootloader is run, it will assist the system in loading the proper linux kernel and the rest of the system we’re installing.

Yes, we want to install the GRUB bootloader. GRUB is a default bootloader for most Linux systems. Cool thing about GRUB is that it enables you to boot into different OSes like Windows and other Linux versions.

The installer will then finish the installation and finally complete.

Continue to reboot into the new system.

Does reboot…

Reboot happens. Now enter in a username and password.

Ta-Da! A shell prompt;

What to do next? See the final steps I take with my VMs in the next post in this series, part 3.

Simple VirtualBox Set-Up for Linux Server Fun: Part 1

In this part of Simple VirtualBox Set-Up for Linux Server Fun, I’ll detail the step-by-step process of creating a virtual machine in VirtualBox.

Step 1: Download VirtbualBox and Ubuntu Server

Visit the VirtualBox download page to download the latest VirtualBox. Also, get the Extension Pack for VirtualBox.

There are a few options for downloading Ubuntu Server. Canonical keeps all versions of Ubuntu in a nice releases site you can easily navigate. From there, you can download any version using a few protocols including FTP and BitTorrent. If you have unreliable internet like I do, the most reliable way to download is via BitTorrent. Transmission is a good BitTtorrent client for Mac. uTorrent is also a good client that will run on Windows.

Step 2: Install VirtualBox

Sun made the VirtualBox installation a straight-forward process for every platform. Notice I said Sun instead of Oracle? VirtualBox was created by Sun Microsystems first, then Sun Microsystems was bought by Oracle Corporation. Its worth noting that much of Oracle’s good software was originally made by Sun.

Each download of VirtualBox comes with a User Manual full of useful information. In addition to instructions on how to use the VirtualBox GUI (Graphical User Interface), instructions on the CLI (Command Line Interface) are also in the User Manual. The CLI for VirtualBox offers some very advanced features beyond the scope of this simple guide. The User Manual is a great place to go to learn more about virtualization. It can also be found online.

Step 3: Create a Virtual Machine

The VirtualBox GUI has a Virtual Machine creation wizard. It will walk you through the basic components of a virtual machine. First, we select an OS. Conveniently, VirtualBox allows us to select Linux / Ubuntu 64 bit as an OS. I’ve chosen to name mine ‘Machine2′.

Next, we select the amount to RAM to allocate to the VM. Stand-alone linux doesn’t use much RAM to begin with, and since a server has no GUI, this VM will use even less RAM. Some installations can run with as little as 256MB. I’ve given this installation 512MB:

Opt to create a new Virtual Hard Disk.

VirtualBox supports several formats. The default is Virtual Disk Image (VD) and is the best choice for most VirtualBox VMs because of it’s native support.

Now we choose how the Virtual Disk Image is stored on the hard drive. A Fixed Size means the 8GB chosen for the virtual machine will immediately use 8GB of precious hard drive space. Dynamically-Allocated means that the 8GB of storage space won’t be used immediately by the Virtual Machine, but instead be used efficiently on an as-needed basis. Dynamically-Allocated is what I’ve chosen.

Choose the size and location of the virtual hard disk. Being able to choose the location of the virtual hard disk is a really nice feature offered by the VirtualBox GUI. Particularly, it allows those of us using small SSDs to offload big virtual disk images to a storage HDD. I’ve chosen to have this Virtual Disk Image installed to the default location:

At this point, everything is finished. Go to part 2 and install the Ubuntu Server.

Simple VirtualBox Set Up for Linux Server Fun Intro

I use VirtualBox to experiment with Linux all the time and yesterday I realized that I’ve set up Linux VMs on VirtualBox a dozen or so times by now. Each install involves a bit of googling around to remember how to do some routine tasks. I thought it might be more efficient to have all the documentation I need in one place, saving tab space on my browser. So why not place it here where others can see it?

Thus, I bring you the Simple VirtualBox Set-Up for Linux Server Fun three part series.

  1. In Part 1, noobs will learn how to create their own Virtual Machines using the VirtualBox GUI.
  2. In Part 2, linux novices will discover how to install Ubuntu Server into a VirtualBox VM.
  3. In Part 3, I’ll show some ways to get more out of your new Ubuntu Server VM.

Ubuntu Server and VirtualBox are the same from platform to platform so the concepts in this series should be helpful to most recent and future VirtualBox setups with a Ubuntu Server guest. Specifically, I’ll use Ubuntu Server 10.04.3 LTS 64bit, the virtualization host will be OS X Mointain Lion 10.8, and the version of VirtualBox is 4.2.1.

So stay tuned! I’m aiming to get all three parts done by tomorrow, Monday, October 8, 2012.

Completed the (ISC)2 CBK Review Seminar

Easily this was the biggest test cram I’ve ever done. The (ISC)2 Review Seminar itself was 5 days of 8 hour reviews that covered the entire CISSP CBK. After each day I read chapters from the CBK book whenever I could find some spare time. I even color-coded the outside of the book so that it would be quicker to navigate:

Pretty, right? I even spelled DRP and BCP right! What do these acronyms mean? Excellent question! I’ll briefly explain all the sections covered by the CISSP CBK as of 2011. FYI: (ISC)2 revised the CBK after 2012, so don’t take these 100% at face value.

  • Access Control – This is the fattest chapter in the book and hands-down the most important. Its so fundamental that I won’t explain it here, so just Google it or buy the CBK and read it. By a small margin, most of the exam questions are supposed to be from this section.
  • Application Security -This chapter goes over the Software Development Life Cycle (SDLC), to what degree every part of the SDLC should be secured, an introduction to auditing, types of malware, everything you would want to know besides implementation details on managing the security of data and databases, and brief coverage on web application security.
  • Disaster Recovery Planning (DRP) and Business Continuity Planning (BCP) - This is the chapter that really drives home the importance of an organization’s full-on security initiative from the top-down. A quick and unofficial way to summarize this would be the ‘Bus Factor’, described to me by a baker I once met. Basically, someone has the ‘Bus Factor’ if their being hit by a bus at 60+mph would demolish your business.. For the baker, this would be the one guy who knows how to maintain and repair his stone wheat mill. For a poorly managed business operating an information system, this could be Joe sys admin who keeps the passwords in the pages of a random book only he knows about. This is like a miniature business impact analysis. Got it? Separation of duties is a very important concept here and a BCP takes it to an extreme. A business continuity planning as well of disaster planning. Disaster planning can be everything from backups, load balancers, to hot-sites ready to go when another system fails. This chapter goes over many aspects of DRPs. One thing that is stressed to no end is that an organization’s ‘overarching strategy’ should include security and that support for a security initiative must come from the top. If it gets mandated from the top, then everybody knows they need to be involved.
  • Cryptography – To me, the most interesting chapter in the book. Fundamental cryptographic concepts are covered here. Be clear on the basics of symmetric ciphers before moving forward in this chapter. Then, gain an understanding of asymmetric encryption algorithms. Its very essential to be know how to differentiate between these. Another concept to wrap one’s head around is confidential messages with proof of origin (non-reputation). Understand hash functions, digital signatures, keys and key management, and then finally, attacks such as cryptanalysis attacks and statistical attacks.
  • Information Security Governance and Risk Management – Do not spend too much time on this chapter. It is a great introduction to the concepts but Information Security Governance and especially Risk Management are different animals in the real world. (What do I mean by this? Just look at NIST SP 800-37’s rescription of the Risk Management Framework aka RMF) As with the BCP and DRP chapter, a common theme here is that an organization’s ‘overarching strategy’ should include security and that support for a security initiative must come from the top.
  • Leal, Regulations, Investigations, and Compliance – The CISSP Code of Ethics states that all CISSPs must obey the law. This chapter is deceptively important. There are a number of tricky test questions that involve this material.
  • Operations Security – Ever wondered why some restrictive policies exist? Read this chapter for a good discussion on that. The section about personnel is a definite highlight.
  • Physical and Environmental Security – This chapter contains a lot of material that is used word-for-word on the test. While little of the test covers physical and environmental security, a read though this will guarantee at least a few correct answers on the exam, if not several.
  • Security Architecture and Design – The instructor made a special effort to focus on this section of the book. Security architecture provides a framework for protecting assets business stakeholders care about. NIST’s 800 Series define a security architecture, i.e. Other security architectures include Zachman Framework, SABSA Framework, TOGAF Framework, and part of the ITIL. Its important to know what these are, the concepts shared by all of them, and key differences among them.
  • Telecommunications and Network Security – Anyone who does not know TCP/IP and the 7 layer OSI model will need to pay extra attention to this chapter. For each layer the CBK describes security concerns. For others, everything in here is a basic review.

Overall the experience was quite exciting because I got to meet a classroom’s worth of security professionals. Genius me lost all of their contact info but regardless, I realized that it isn’t so hard to talk security speak. Half of it is understanding some very important distinctions that the CISSP CBK can be a good introduction to.

This introduction to the CISSP CBK has really evoked from me a lot of questions on the more technical side of what we learned. Half of why this curiosity remains is because many of the security professionals there actually didn’t understand the technical / implementation side of information security. As it turns out, the CISSP is actually a management certification. Other certifications like CEH go more in depth on the technical side of information security. In addition to CEH, network and cryptographic security topics are probably the most feasible topics for me to learn more about as long as I have access to Google. I’d wager that because the strategic and tactical side of information security changes less, the technical and implementation side is the most active.

Other aspects of the CBK like security architecture are much more high level and probably unique to any given organization. For this, the NIST 800 SPs are probably the best peek one can get into information security on an organizational level.