Missing Custom Power BI Visuals

One of the great new features of the July release was the ability to now get all of the Power BI Custom Visuals from within Power BI.  I had a bookmark to get the visuals from the Office Store, but it always seemed kind of a kludgy solution.  Personally, I liked the visuals better when they were on the Power BI website prior to March of 2017.  The filters worked better and they also included a sample file.  Now I have a different and more technical reason to not like the visuals in the Office Store, some of the Power BI Custom Visuals are not there.

Some Power BI Visuals Are Not in the Office Store

PowerBIFishCustomVisualThis week I decided to do a demo using the Aquarium custom visual.  As readers of my blog know, I have used the custom visual before, but it has been a while and I have changed PCs since then.  No worries I can always go download the visual from the store, right? Wrong. The aquarium visual is not available on the new store. Neither is Image Viewer, if one is looking to add that into your latest Power BI report it is not available. What happened?

So Long and Thanks for All of the Fish

I found out from Adam Saxton b | t  that moving Power BI custom visuals was not the simple cut and paste process that I had always assumed that it was.  The people who write custom visuals had to re-write them.  What’s more unlike when the custom visuals were housed on the Power BI Website, custom visual creators also had to pay $25 to register or $99 for their company.  This means that some custom visuals may never appear in the store as the people who created them aren’t willing to pay money to give them away.

If you have the custom visuals, or as in my case you know someone who can give you a copy of a Power BI custom visual which was published prior to the move over to the Office Store, the visual will still work when you upload it to the service.  I have also been told that Microsoft is working on adding the aquarium visual to the Office Store so at some point it will again be available for download.  For those who have noticed that the Box and Whisker custom visual is not the same as the previous version, I doubt they will be able to download the old one. If they can find someone to give it to them, it will still work.

If I do find out when the Aquarium visual will be available from the store again, I will update this post. Until then, if there is a visual you want, I would try asking on Twitter, as that worked for me.

****UPDATE: On August 4, 2017 the Enlighten Aquarium is now available again! Here’s a link to the Office Store.

Yours Always

Ginger Grant

Data aficionado et SQL Raconteur

Getting Started with Integrated Python and SQL Server 2017

As part of the effort Microsoft is making at incorporating analytics, Python is being added into SQL Server 2017.   This means SQL Server will support the two primary languages of Data Science within SQL Server, R and Python.  As I have previously reviewed using R in SQL Server, I wanted to also review using Python with SQL Server. Since Python is near the top of the most popular programming language charts, many people are interested in learning more about it.  As many data professionals are unfamiliar with Python, I wanted to introduce the topic not just here, but in my upcoming webinar for 24 Hours of PASS on Implementing Advanced Analytics with SQL Server 2017 and Python.

Installing Python in SQL Server

SQL Server 2017 Install Window

SQL Server 2017 Install Window

The process for using Python in SQL Server is very similar to the previous process of installing R.  Microsoft renamed R Services to Machine Learning Services, and now allows both R and Python to be installed, as shown in the screen.  Microsoft’s version of Python uses Anaconda, which is an open source analytics platform created by Continuum. This is where Python differs from other open source languages, as Continuum is providing the version of Python as it contains data science components which are not included in the standard distribution of Python. Continuum also sells an enterprise version of Anaconda, with of course more features than come with the free version. It is important to remember the python environment as you will need select the same distribution when running Python code outside of SQL Server.

Configuration Changes for Python

The last thing needed to run Python is to configure and restart the SQL Server Services. In a new query type the following command

sp_configure 'external scripts enabled', 1
GO
Reconfigure
GO

After restarting the SQL Server Service, SQL Server will now run Python code, or if you installed SQL Server with both R and Python as I did, both languages can be used.

Python Development Environments

SQL Server Management Studio is designed for writing TSQL code, not Python.  The process for implementing Python code in SQL Server would be first to create and test the code in Python, then once the code is working, deploy the code in SQL Server.  There are a number of different User Interfaces that you might want to consider when writing Python.  Python comes with IDLE, but as it rather a feature bereft application, chances are that if one is coding Python, they want to use some other user interface.  Some of the more common ones are JetBrain’s PyCharm , Atom Python Tools or the UI Windows developers use the most, Visual Studio with Python language support.  Selecting and setting up the environments is a surprisingly complex process.  Python is a very flexible language and is widely used beyond the realm of data science to do things like create web applications.  For this reason, the environments selected matter as they create different ecosystems.

Incorporating Python to solve Data Science Solutions

24HoursofPASS2017-PreconPreviewIn my upcoming session for 24 hours of PASS, I will review the pros and cons of several development environments, and let you know which one I selected and the steps needed to make it work.  We will also take a look at implementing some Python code in SQL Server so that we can perform advanced analytical analysis with Python.

Yours Always

Ginger Grant

Data aficionado et SQL Raconteur

 

Power BI – Beyond the Basics

When helping clients recently with their Power BI implementations, I have noticed that when talking to people about Power BI there seems to be some areas where there continues to be a log of questions.  While it is easy to find a plethora of information about getting started with Power BI, when it comes to implementing a solution, the information is scarce.  How do you handle releases? Should an implementation contain only one data model? Is Power BI’s data secured on the cloud? Is it required to have Office 365 use Power BI? Do you have to have Power BI Premier to have the Power BI run locally?

Advanced Power BI Techniques in Norway

While I have discussed some best practice techniques on my blog, as usual new features released in Power BI have a

Norway Parliament Building in Oslo

Norway Parliament Building in Oslo

tendency to change some of the available options.  For example, App workspaces, the updated take on Content Packs released a few months ago, now offer a new method for releasing not only dashboards but the reports behind them and the ability to easily migrate sources. I am excited that I will have the opportunity to discuss the answers to the questions received by doing a full day of training at SQL Saturday Oslo. I am looking forward to visiting Oslo, which is home to the best preserved Viking Ship, an Opera House designed to be walked on and the home of the guy who painted the Scream.  If you happen to reside somewhere where it is possible to make the journey to Norway, please register to attend this full day of interactive training.  We will cover all of these items and go into detail about Power BI administration, security and new features and design techniques which will improve Power BI implementation techniques.

sqlsat667_osloFor those of you who are unable to attend, I feel obliged to answer some of the questions I posed earlier.  Implementations generally require more than one data model.  Power BI is encrypted both in transit and at rest. You do not need to have Office 365 to run Power BI.  Power BI can be run locally with Power BI Report Server, which is part of SQL Server 2016 Enterprise with Software Assurance, and you do not need to sign up with Power BI Premier to install it.

I hope to see you in Norway.

Yours Always

Ginger Grant

Data aficionado et SQL Raconteur

 

On Premises Power BI with Power BI Report Server

On June 12, Microsoft officially released the Power BI Report Server.  The version that was released had a different set of features than what was  promised when the product was announced earlier, which I discussed in a previous post. Some of the features and versions of SQL Server which are available to receive the Power BI Report Server upgrade were clarified at MS Data Summit.  This post contains everything you need to know to determine if you can upgrade from a current SQL Server Reporting Services Instance, what features are included in Power BI Report Server and what time frame those who want to use it should follow.

Power BI Report Server Only Connects to Analysis Services Data Sources

The most glaring change from what was announced earlier, is Power BI Report Server can only connect to analysis services data sources, both tabular and multidimensional.  If you want to connect to SQL Server, Oracle or Excel or all three, use the Power BI Web Service.  Only going to the cloud version will users be able to create a data mashup or connect to anything but SQL Server.

Connecting to one data source is not what was promised when the Power BI Report Server was announced in May.  Various Power BI Product members held a session at the Microsoft Data Summit where attendees were able to ask questions.  I asked,  “When are we going to be able to use Power BI Report Server with data sources other than analysis services?”  In a room full of people, I was assured that it was a top priority of the team to release the same data connectivity functionality for Power BI Report Server that currently exists for Power BI Services and the current plan was to release this functionality the next release.

Power BI Report Server Releases are Planned for Three Times a Year

Power BI Desktop currently has a monthly release schedule.  The Power BI Service is often updated more frequently than that, PowerBIRSas Microsoft tends to make changes when they are complete, rather than hold them for a given date.  In a corporate environment, it is sometimes difficult to accommodate such frequent releases.  Power BI Report Server has a planned release cycle of three times a year, with exceptions of hot fixes or security patches.  The next release of Power BI Report Server is planned for the fall.

To ensure that the version of Power BI Desktop matches Power BI Report Server, there is now a version of the Power BI Desktop for Power BI Reporting Server. The icon is exactly the same, but when you start the program the splash screen is different, as it shows you that you are running Power BI Report Server, in the top left corner.  When running the Power BI Desktop, the title also clearly says report server.  It is possible to run both, as I am presently doing on my PC.  One of the pitfalls of doing this, is when you click on a PBIX file, the Desktop version which loads is the last one you installed.  The Power BI Desktop Report Server version contains functionality which is not supported in Power BI Report Server, as it allows you to connect to other data sources and run R, neither of which will work in Power BI Report Server.  Since the next release of Power BI Report Server, the one which should support connectivity to more than analysis services, is going to be part of the next fall release, that release should contain the data mashup capabilities in the future Power BI Report Server Desktop version.

No Dashboards for Power BI Report Server

As I talked about in a previous post, there is no dashboard capability for Power BI Report Server, as it creates reports and other desktop features.  Power BI Service features, like Dashboards and Workspaces, are not available in the desktop or in Power BI Report Server. In the meeting that the product team held, someone else in the room asked a question which I promised to answer in a previous post. “Are there plans to add dashboards in a future release of Power BI Report Server?” The answer was no. Microsoft does not consider that a Power BI Report Feature and does not have the desktop feature in the product road map.

Yours Always

Ginger Grant

Data aficionado et SQL Raconteur

Power BI Data Insights

 

2,500 people sat in the semi-darkness of the MS Data Insight Summit, joining who knows how many watching the live stream, watching and listening to the upcoming changes to  Power BI.  Some of the announcements were expected, like the General Availability [GA] release of Power BI Premium and Power BI Report Server on June 12.  Although there is a lot of documentation on both products, there was still more information to be learned now they are released.  Microsoft also announced they were creating a new product offering, Power BI Embedded.  As part of the product realignment, the ability to embed Power BI into applications was moved to only being a Premier feature.  This move caused an uproar in the marketplace as many companies wanted to continue using Power BI Embedded, but could not justify paying Power BI Premier pricing.  Power BI Embedded was created to address the sticker shock. This new Power BI product has two different pricing levels, EM1 and EM2, starting at $625 per month.  Not a whole lot of information has been publicly released regarding Power BI Embedded, but it is designed to have a limited feature set, focused on just embedding Power BI.

Power BI Upcoming Features

Microsoft demonstrated some upcoming features of desktop which were predictably very impressive.  They created an amazing time line custom visual which I really hope to use soon.  Another neat feature which was demonstrated in the keynote was drill down pages.  This feature allows users to create pages which will be displayed when the field is selected on the previous screen, and the data will reflect the selection.  As there can be a lot of different filters which can be created for Power BI, a new bookmark feature will be coming soon which will allow users to save the context of the report, which saves all of the selections made with all of the slicers. With this feature, the next time the report is viewed, only the selections people find important will be accessed.  These new features are scheduled for released in the next three months.

Power BI Community

KeynotePowerBICommunity

Art credit to Josh Sivey who was kind enough to send this

One of the last things that Microsoft did was to thank the user community for their involvement with Power BI. Since many of the new features added are based upon feedback from the user community, Microsoft really works hard to engage the larger user community to help share information regarding the product as well as mine the ideas from https://ideas.powerbi.com . It was nice of Microsoft to recognize people in the community. Even though the slide was not up for very long, lots of people notice who was recognized.

There is material for a number of other posts from this conference, so please subscribe to hear more information about Power BI very soon.

Yours Always

Ginger Grant

Data aficionado et SQL Raconteur

Incorporating Cognitive Services

There has been a lot of very advanced research on developing algorithms which can analyze facial expressions, voice authentication and language understanding. Microsoft has decided to make this research available by creating a series of products which allow people to incorporate advanced research into their applications.  The cognitive service that I investigated first was the Language Understanding Intelligent Service [LUIS].

Teaching the Computer to Understand Text with Cognitive Services

There is a very good example of how to make LUIS understand text here.  In the sample, you can click on a button containing text or enter text free form. What LUIS does with the text is shown on the grey box on the right, JSON script is returned displaysLUISScreenthe score LUIS gave to the intent “TurnOn”. LUIS does not turn on lights for you, but there is a really good example of some code where people are using LUIS to control their home automation.

Before you can implement a solution with LUIS you need to define the intents which are listed in the JSON script.  An intent is an action you have defined. Some example intents might be to Find a Hotel in Seattle or Tell me Amazon’s Stock Price or a lot of the other things people have Alexa do for them. The scope of what you would have LUIS do for you is a lot more focused, as the number of Intents allowed is limited, and you will have to write the code to perform the Intent.

Steps to Understand LUIS Text

As right now LUIS is in preview mode, and therefore free, this is a great time to start learning the new technology. To get started, you will need to create an account at www.luis.ai, and once that is complete, create a New App. When creating an app, on of the number of different supported languages must be selected. No key is required, as a free key will be generated later. An app requires Intents, LUIS evaluates the text to see if it indicates the Intent is likely. The text that is evaluated is compared to an Utterance, which you also need to create. For example, if you have an Intent for “SearchHotels” an Utterance would be Find me a Hotel. While this is a perfectly good Utterance, there is no reference to a location, which is something pretty important when looking for hotels.  Entities are the descriptive parts of the Utterance. If I said show me hotels in [$geography] and replaced what was in the brackets with a city, then I would have a better idea of what hotels to return.  If I add the pre-built entity geography, then LUIS will be able to describe a location, which of course can be added to my utterances if I put square brackets[] around the entity name and a dollar sign $ in front of the name. I can add words people may use to describe a location with Features. If I add the word “near”, I can add the synonym catty-corner so that LUIS will understand that that word means “near”.  Once I have a complete list of Intents, Utterances, and Features, I can train the application for it to be tested and used in a component.

Applying Cognitive Services in Real World ApplicationsHotelBot2

Once I have a customized App created for LUIS to understand text, I used that to create a BOT to explore how I could use the rules I implemented in the website. I used the Microsoft Bot Framework to create an application which calls the LUIS component I created.  To reference the code created in LUIS, the application contains a reference key which provides the ability to call LUIS  from within my application.  As I don’t write much about C# code here, I didn’t include the code here, but I would be happy to share it if you would like.  Just drop me a line and I will post it.

 

Yours Always

Ginger Grant

Data aficionado et SQL Raconteur

 

 

 

 

 

Power BI Premium: Power BI for the Enterprise

When talking to clients who are implementing large implementations with Power BI, I have heard a lot of complaints. There is no good way to create a report which you just want to give to a client once. If you created the report with a workgroup, a pro feature, you cannot share with other users unless they also have a Pro License. The data size limits are too low for large users. The licensing model is really expensive for large users. Microsoft sought to resolve these problems with Power BI Premium, which allows companies to essentially buy their own Power BI Server.

Power BI Premium Pricing

The pricing model for Power BI Premium is a lot different than Power BI has been in the past as they are moving away from the per user model and moving more towards a company license model, with three PowerBIPremiertiers.  You will need to spend more money than listed in the three premium tiers. Pricing has become complicated and you might want to review the calculator site to figure it out. Premium Pricing covers the cost of the server, and unlimited read-only licenses. Everyone who creates reports will still need a Power BI Pro License.  If you have an Office 365 E5 subscription, you will have a license already.  If not, Power BI report creation requires a license. There is talk that Microsoft will develop additional tiers, for example something for education, development and for embedded only, but none of these have been Officially announced.  Currently there are the three tiers only.

Power BI Embedding Premium Only Feature

If you currently run Power BI Embedded, in the future you will need a Power BI Premium License as this feature will not be available for Pro.  Embedded is going to have one API, and that API is going to need to run on Power BI Premium. There has been a lot of discussion around this as there are a number of users who do not spend that much money on Power BI licenses, and they do not know what they are going to do going forward.  While there have been distinct cutoff dates published for the free features of Power BI, I have not found any hard cutoff dates when Power BI Embedded applications must be migrated to Premium or they start working. I have read rumors about a license of less than $1,000 a month for Power BI Embedded, but this has not been published, so is only speculation at this point.

More details will be coming out closer to the release date, which is targeted for sometime before July 1, 2017.  I anticipate that Microsoft will be releasing more information at the Data Insights Summit on June 12-13 and I will be there to find out what the latest information will be and will post it here.

Yours Always

Ginger Grant

Data aficionado et SQL Raconteur

 

Changes to the Power BI Free Version Include No Sharing

NoSharingIncluded in the recent list of announcements Microsoft made about Power BI Local and Power BI Premium are a series of changes to the Power BI Free version which will go into effect on June 1. The free edition of Power BI will no longer be able to share reports. Currently free users could create reports and share them with others, which will be discontinued.  Only Power BI Pro Editions will be able to share reports.  Currently Power BI Pro users can create reports which can be shared with Free versions as long as no Pro features are used.  This means that if a Power BI report is set to automatically refresh the data, that report cannot be shared as Free versions do not have the ability to create reports which have data refreshed automatically. If the report was recreated to remove the automatic updates and instead refreshed manually, then the report could be shared with Free versions.  Starting June 1, the sharing feature will be removed. No longer can Power BI Pro users share anything to Power BI Free users.  If you have a Power BI Free account, there is no way to share information in the service. The Power BI Desktop will continue to be free but since you cannot print the content within it and sharing a PBIX file means that you will always be sharing the entire data model, this is of limited value.

Future Releases of the Free Version

Microsoft does plan on continuing the free version and improving it.  In the future, it will include features previous included only in the Pro version.  While previously the data sets which the Free version was able to connect with were limited, they will soon match all of the data sets included in the Pro version. Data refresh will be supported, as will streaming and higher data storage rates. Other than sharing and workgroups, which are pretty big features, Pro and Free will have the same feature set.

How Power BI Free Accounts Can Share for One Year

If you have a Free Power BI account and have logged into the account prior to May 2, you have a year to use a Pro license. It does not matter if you have previously used a Power BI Pro Trial.  This trial is a new one, and is available to anyone with a free account. After that, shared reports will not be accessible, unless the account starts paying for the Pro license.

There are a lot of conversations regarding the changes to the free account, and the other recent Power BI announcements.  In my next post, I will be discussing the Power BI Premier option.  To be notified of my latest posts, please subscribe to this blog using the link on this page.

Yours Always

Ginger Grant

Data aficionado et SQL Raconteur

 

Running Power BI Locally with the Power BI Report Server

Power BI Now Available on your Local Server

Power BI: Now available without being on the cloud

Microsoft had an lot of announcements about Power BI this week, so many that it was easy to miss some of the finer details, including those which are going to be important in making decisions going forward.  Since the announcements are changes which will be effective soon, in the case of the free tier of Power BI on June 1, and released “… generally available late in the second quarter of 2017” this will give Power BI users time to adjust to the changes. In a nutshell, Microsoft has announced they are adding a cloud service called Power BI Premium which will allow people to create capacity instead of per-user licenses, the free edition will no longer to be able to share files, Power BI Embedded is going to be migrated to the Power BI Service from Azure, and finally, at long last, it will be possible to run Power BI reports locally and without needing anything in the cloud.

Running Power BI without a Cloud

It is not possible to run Power BI reports locally right now, but sometime before the 1st of July 2017,  users who have SQL Server 2016 Enterprise Edition per-core and active Software Assurance [SA] can deploy Power BI Report Server.  This means that no one is going to have to wait for SQL Server 2017 for Power BI on premise as it will be available sometime in June.  The functionality in SQL Server 2017 SQL Server Reporting Server [SSRS]. Community Technology Preview edition is going to be available in Power BI Report Server, with the addition of the ability to include custom visuals and many data sources, which the CTP version did not do. The Power BI Server includes all of the functionality of SSRS This means that users will not need an SSRS Server and a Power BI Server, as the Power BI Server will be able to do both.  If you want to migrate all of the reports created in SSRS from 2008 R2, and SSRS Mobile Reports, you can migrate these reports to the new Power BI Report Server. You can use Power BI Reporting Server for reports created on earlier versions, as long as you have a version of SQL Server 2016 Enterprise per-core edition with SA. The Power BI Report Server will be a separate install with separate release schedules, which currently are planned about once a quarter. Power BI Report Server will also be able to publish reports to mobile devices as well. If the reports uses data in the cloud, you can employ a Data Gateway as the Power BI Reporting Server can use the gateway to access cloud data. Of course if all of the data in the report is located on-premises, no gateway will be required.

Power BI Pro Licenses for On-Premise Reporting

While there is going to be no additional cost for running reports locally, or looking at them, creating and sharing reports for the Power BI Report will require a Power BI Pro License.  The Power BI Desktop is going to be free, and there is still going to be a free version of Power BI. There will also be a  new desktop version of Power BI for Reporting Services which will be on the same version as the Server, which will have fewer updates. This means if you support Power BI Service Reports and Power BI Report Server Reports you will have two versions of the Desktop, the Reporting Services Power BI Desktop and the Power BI Service Desktop.  Both are designed to run on the same machine. So far I have not had any problems having both other than remembering which is which as the icons are the same.  You have to load the software to see that the top line has (Report Server).

Starting June 1, free Power BI license holders will no longer be able to share reports.  Reports created with a free license can be viewed only by the person with the free account.

Power BI Desktop does not have Dashboards, and neither will Power BI

When it is released, Power BI Report Server will be displaying reports created from the Power BI Desktop.  Dashboards are not created in the Power BI Desktop application, meaning that there will be no Power BI Dashboards in the Power BI Report Server.  While this may change in a later release, it is not available in the first release, which also does not support R or custom visuals either.  To display and distribute dashboards, use the Power BI service.

I am sure there will be more announcements about this and other upcoming Power BI features. Many will most likely be announced at Microsoft’s Data Summit Conference in June, which I will fortunately have the opportunity to attend.  If you are going to be there as well, drop me a line or ping me on twitter at @desertislesql and perhaps we can meet in person.
 ***Update I have a post which covers the released version of Power BI Report Server.  Click here to find what was changed since this post was written.
Yours Always

Ginger Grant

Data aficionado et SQL Raconteur

 

 

IoT Security Concerns

When looking at IoT implementations, the topic of security always comes up.  Many people remember October 21, 2016 as the day IoT devices broke the internet. After the investigation event was complete, it turns out the that it the outtages were not exactly caused by IoT devices. A majority of the denial of service attacks came from things like home routers, which most people would not classify as an IoT devices. When looking at all of the different ways that IoT devices can be modified to do bad things a few different ideas come to mind in terms of risk.  How easy is it for a non-authorized user to gain access to a given device and what kind of device is it? If the device is a network router, that is a big problem. If the device is a water sensor and you need a lot of networking equipment to modify it, then the risk can be classified as a low risk. How an IoT device is modified is also a problem. If the IoT device is hacked in such a way that it becomes unusable, because the code ran out the the battery power that is a bigger deal than an IoT device which can be fixed by power cyling the device, which returns it to the factory configuration. Many times the code used to take over the device prevents any remote control access. This means a person needs to physically go power cycle the infected device. This can be a problem as some of these devices are inaccessible and are designed to be replaced not maintained. Power cycling stops the immediate problem but it does not prevent the same exploitation from happening again. New firmware or patches need to be applied to prevent the problem, requiring maintenance of the device again.

Knowing something about the people involved and the process used to gain access can help assessing risk. Unfortunately a number of devices have been released which have no security as they leave ports open which can be readily hacked, instead of say implementing SSL. Telnet, HTTP, DNS, Port 80, Port 22, and RDP all of these are ready targets for attack. There are also broadly speaking three classifications of users who work on accessing things which they don’t have access. Knowing about these three kinds of users and how they go about the process of gaining access.

Terminology changes over time, and to understand the risk, one needs to understand the language used by the people who access networks outside of the way the software was designed.  For starters, the word Hacker is not used much. The word is overused and has come to mean people who have ill-intent, instead of the original version of people who were looking for flaws, not exploiting them. The people who access networks are known as Penetration testers, which is commonly abbreviated as pen testers. They not only figure out how things are broken but more importantly how to fix problems which they have found before someone takes advantage of the flaw.

Nation State Attacks

Many governments employ legions of developers to access or destroy.   With nearly unlimited resources at their disposal, they are very successful when they want to target software for attack, as was seen when the Iranian centrifuges exploded.  They also have the ability to completely mask where the unauthorized code came from, as that is standard operating procedure.  If code is ascribed to be from the area near I-95 exit 41, you can pretty much guarantee that it came from somewhere else.  It is virtually impossible to trace the origins of Nation State attacks as they ensure nothing is ever what it seems. If there are clues as to the origins of the software, they are added as intentional misdirection to throw people off the trail or to affix blame someone else.  They have dedicated hardware designed to break access codes in a matter of seconds. There is no stopping this type of attack. They have little interest in most things so the risk is fortunately low.

White Hats

These penetration testers generally make their living hacking by permission. Firms hire them to see how vulnerable their networks or IoT Devices are.  The white hats contact the vendors and provide warnings about things like the ability to access all of the memory on a single VM server if one knows how to overload a specific buffer, which is getting to be more common as servers are virtualized both on site and in the cloud, which is after all someone else’s server.  These people are trying to help make the code better. Of course, all pen testers are not all white hats, there are grey and black hats too.  These people know enough to cause or prevent real damage.

scriptKiddieScript Kiddies

Like everything else there are varying levels of skills involved in pen testing.  The lowest skill level is known as a Script Kiddies. People who penetrate networks are not the evil geniuses portrayed in Hollywood, they just know where to download Kali Linux which comes with a tool called Metaspolit. This tool contains a database of libraries which can be run against networks. Knowing how to run a program is not a great skill but then again given how poorly so much of the software is written, you don’t have to be an evil genius to say spy on a TrendNet webcam, as they did not fix their software until the FTC made them do it. The IoT hack that broke the internet? That capability was readily available as a canned exploit. Fortunately these common types of unauthorized access are the easiest to defeat.  IoT systems need to be designed to avoid simple and well known intrusions, which is something that I will be talking about in my presentation for 24 Hours of Pass.  Hopefully you will get a chance to attend live or watch the upcoming recording.

Yours Always

Ginger Grant

Data aficionado et SQL Raconteur