Paste your Bing Webmaster Tools verification code here

Cybercrime focuses on small businesses, keep safe

Modern hackers generally try to exploit and attack computer systems that are not updated or patched, this does not count the thousands of script-kiddies that run the scripts created by the developer-hackers or the attacks reported to come from funded organisations be that crime organisations or government organisations.

In the past hackers where through to only concentrate on the big business, most will probably remember what happened when sony was attacked! and more recent the issue with lenovo and smart fish incident. These big hacks are making big news and highlights security issues and cybercrime to the general public. Most of the big companies employee staff to watch their network and to react to a security threat, some dont take it as serious and these tend to be the organisations that get hit.

However, there is a reported trend for hacking focus to shift to smaller companies.

Standard Virus protection these days runs out to about 20-100 euros depending on supplier and brand. Unfortunalty, security researchers have claimed that AntiVirus protection alone in some cases is only roughly 20% effective at protecting a computer from modern day hacking methods.

Security can be a huge investment for anybody to do correctly and safely, many smaller companies do not have the resources to secure themselves and their business from these types of attacks and makes them easy prey. Its bad enough if you have your website attached and defamed what if your an online merchant https://www.pcisecuritystandards.org/smb/ shows a list of things that a small business should be aware of its a mine field.

Symantec, said in 2012 that small business attacks were up by 30%, and mobile attacks where up 58% and these figure continues to grow day by day.

Security specialists claim that the highest percentage of discovered attacks are via web browsing activities and email. In fact these two tools are the mainstay for most businesses and if they are not protected you are really asking for trouble.

The basics of security for any small company is fairly simple first make sure you have a firewall in place and configured correctly to block all incoming traffic except to public services, it is generally my preferred way to block all outgoing ports except the ones you need open as well to block Denial of service attacks.

It is imperative that you have a modern continually updated virus protection solution for all computers connected to your network, even if you are using linux or Mac its best not to skimp here. Second is a well known malware detection and removal product also dont skimp here, most malware is in fact just annoying like in adware and such causing pop ups and the like some are not however and can lead to major problems remember lenovo, this is the worst kind confidential data leaking to the public domain…..
The next line of defence is web filtering, not so you can monitor your staff but that the websites know to host hacking software are blocked before you lose valuable data.

Once all this basic system is running you must keep on top of it updating the software regularly and checking the logs daily to make sure nothing goes un-noticed!. Go out and employee somebody to do this or get a reliable managed services provider that can take care of this.

If you go for an onsite employee, figure roughly anything between 45,000 – 110,000 euros per year for a IT Security expert in house. Add to this about 80-150 euros for the anti virus and malware software for each PC and server on your network. Web-filtering/Email spam filtering can be done on site but normally this is provided by a third party cloud supplier this is going to be in the region of 15 to 20 euros per user protected

And if you have done this you can feel reasonably safe performing your day to day work.

The other option is a managed service provider for a monthly fee will take care of all of this for you and provide you a daily/weekly/monthly report of the status of your network and PCs without the need to pay fixed staff costs.

Good luck and stay safe..

Posted in General | Leave a comment

Superfish vulnerability adware pre-installed on computer systems

Through the years computer manufactures in a bid to provide, “more for less”, tend to package together software with their hardware. This software usually fits fairly well with the PC and is normally quite useful to the new pc owner.

However sometimes this does go wrong, as in the recent events when a company pre-loaded software on to a range of their notebooks, and it was discovered that it was in fact adware.

Adware, can be defined as any software package that as the ability to automatically display unwanted advertisements with the end intention to generate revenue for the owner of the adware software. Advertisement can be displayed anywhere at anytime on the ‘infected’, machine, and is generally quite annoying. Adware, also has the possibility of running in-built functionality this is generally used to allow the adware author to focus advertisements based on your browser history. But basically it can analyse the internet websites you visit with your internet browser.

In this case adware developed by an American advertising company, was found to be a potential security threat for its users as it allowed potential cyberattacks including inception of passwords and sensitive data traversing through the webbrowser. 20th Feb 2015, American Homeland Security has recommended that people using Lenovo notebooks remove this software completely from their machine to avoid potential cyberattacks.

What is quite disturbing here is that the underlying libraries used by this adware is also used with a family security product called KeepMyFamilySecure. During research it turns out that there are many software packages currently known to be effected by this issue.

Vendor Status Date Notified Date Updated

  • Atom Security, Inc Affected 20 Feb 2015 20 Feb 2015
  • KeepMyFamilySecure Affected 19 Feb 2015 20 Feb 2015
  • Komodia Affected 19 Feb 2015 20 Feb 2015
  • Kurupira Affected – 20 Feb 2015
  • Lavasoft Affected 20 Feb 2015 20 Feb 2015
  • Lenovo Affected 19 Feb 2015 20 Feb 2015
  • Qustodio Affected 19 Feb 2015 20 Feb 2015
  • Superfish Affected 19 Feb 2015 20 Feb 2015
  • Websecure Ltd Affected 20 Feb 2015 20 Feb 2015
  • ##How to clean it up

    Somebody has setup a quick check for your browser you can goto Check Superfish.

    Lifehacker has provided a manual way to remove the VisualDiscovery software:

    My recommended, alternative method is to use Emsisoft malware tools

    Or you can of course do the removal manually for the VisualDiscovery software, this doesn’t cover other infections though, so beware that you might not be safe.

    How to scan for and remove Superfish from your computer manually

    If you suspect you have the adware Superfish on your computer, perform a scan with the free Emsisoft Emergency Kit which flags the adware on your computer. To remove Superfish, perform the following steps:

    Press the Windows key + “R” to open the run window.
    Type “certmgr.msc” and hit Enter to open the Windows Certificate Manager.
    Navigate to “Trusted Root Certification Authorities” and its sub-element “Certificates” in the folder tree to the left.
    Check for the certificate entry “Superfish, Inc” on the right side of the window.
    Select it and press the Delete key or right-click and select “Delete”.
    Now, your browser doesn’t trust made-up SSL certificates of that adware anymore and you’re on the safe side.

    Posted in Security | Tagged , , | Leave a comment

    Really cool Cyber threat map

    Having a quick browse around for malware and virus related information I found this map, showing the global cyber threat, as I thought it was real cool I am sharing.. ;)

    Ok this time I have actually added the link so you can see it.. I will get used to wordpress soon. Promise

    http://cybermap.kaspersky.com

    Posted in General | Leave a comment

    vsftp

    From notes november 2010, but hopefully still working ;)

     

    Here you can setup a secure ftp server on Debian.

     

    #apt-get update && apt-get install vsftpd

    #cat /etc/pam.d

    auth required pam_pwdfile.so pwdfile /etc/ftpusers
    account required pam_permit.so

    #htpasswd -d -c /etc/ftpusers testuser1

    #mkdir -p /srv/ftp
    #chown -R ftp /srv/ftp
    #chgrp -R ftp /srv/ftp

     

    #cat /etc/vsftpd.conf

    #seccomp_sandbox=NO

    listen=YES
    anonymous_enable=NO
    local_enable=YES
    virtual_use_local_privs=YES
    write_enable=YES
    secure_chroot_dir=/srv
    pam_service_name=vsftpd
    guest_enable=YES
    user_sub_token=$USER
    local_root=/srv/ftp/$USER

    allow_writeable_chroot=YES
    chroot_local_user=YES
    connect_from_port_20=YES
    hide_ids=YES
    local_umask=022
    guest_username=ftp
    #Logging
    xferlog_enable=YES
    log_ftp_protocol=YES
    setproctitle_enable=YES
    data_connection_timeout=500
    allow_writeable_chroot=YES

    httpaswd -d /etc/ftpusers name_of_user

    cd /srv/ftp
    mkdir name_of_user
    chown -R ftp name_of_user
    chgrp -R ftp name_of_user

     

    Posted in Linux | Tagged | Leave a comment

    Vulnerability in Microsoft software

    So very important this one..

    Basically if your using any windows operating system with VPN or signed into active directory in a public place or travelling in hotels and such there could be somebody in the middle looking at your data!

    This kinda pretty much covers most business and business traveler.

    Make sure you update you Servers and desktops

    https://technet.microsoft.com/library/security/MS15-011

    Posted in General | Leave a comment

    Using an encrypted usb key for gpg and ssh keys

    This is one form the archives but probably still useful to somebody..

    Ok this is the way I store my gpg and ssh keys on an encrypted usb stick, this is really only relavant to linux users using laptops however there is an element of geek factor so ill
    go ahead and explain how its done..

    first we need to find the model of stick you are using insert and use dmesg to find the details:

    You should see something like this in this case I have used 1 large partion you can use many partitions but what what you are interested in is the sdc: sdc1 information the Model and the distributer in this case Distributer = Kingston Model = DataTraveller

    Next create a file in /etc/udev/rules.d called 60-udev.rules :

    in this I am saying that my usbstick will get mounted as /dev/mydev/usbstick each time it is put in the computer.

    Now, I will create a LUKS partition on the ZIP disk. As root I run:

    Next you need to set up a directory you want to mount the stick as in my case /data2/private

    To make it easier I have two scripts one to mount and one to unmount the stick but first we need to put a filesystem on the stick. First mount the virtual file area

    So now we need to mount it..

    and of course unmount it

    So we now have an encrypted usbstick with a filesystem. All we do now in move your ~/.gnupg and ~/.ssh directories

    to the filearea and link them from your home directory

    Posted in General | Leave a comment

    speedtest

    Every now and then is is handy to check the speed of an internet connection.

    There a lots of websites around the internet that allow you to do this but each has their issues here is a handy script I found on the internet that does just that

    its a python script so fairly portable, it will work on linux and MacOSX.

    Basically copy this script to your cli run it and wait ..:0

    # vim:ts=4:sw=4:expandtab</pre>

    Posted in Sysadmin | Leave a comment

    How I replicate my Bash enviroment circa 2008

    Being a linux guy at heart, I normally use the bash environment, each time I logged in to a different server I needed to setup a completely new environment for bash. here is my original from 2008 ;)

    At the top of your .bashrc script add this:

    Each time you change something make sure you change the version and the date..

    in your ~/bin directory create a bash script called profileupdate

    $ cat profileupdate

    Next create a file in ~/etc called accounts The format of this file is @

    You need to make sure that you have added you ssh key to all of these accounts

    $ ssh-copy-id @

    You will have to give your password

    make sure you can login with no password issue ssh @ you should login with your key only.

    If this is a success then you are almost there.

    run ~/bin/profileupdate

    quantrill@pa2sq:~/bin

    $ ./profileupdate

    ** quantrill@servername1 **
    ssh: connect to host servername1 port 22: No route to host
    Failed to create authorized_keys2 file on quantrill@servername1!

    ** quantrill@servername2 **
    desert256.vim 100% 10KB 10.2KB/s 00:00
    .vimrc 100% 23KB 23.4KB/s 00:00
    .bashrc 100% 2984 2.9KB/s 00:00

    here servername1 failed check ssh keys and if you can connect
    servername2 was a success.

    Posted in Sysadmin | Tagged | Leave a comment

    Linux under subversion control

    Below is the procedure to put linux machines under subversion control

    First on the subversion server create a directory

    All the work now is done on the workstation or server you wish to have under subversion control

    First import the initial repository contents

    Next checkout a copy from the subversion server, makesure you use a different name for the working-directory (simons-test-etc)

    Now move and copy to allow the subversion controlled directory to become the primary directory on the machine

    Check its under svn control

    Make sure you can still use sudo!

    Thats it the machine is now under subversion control any changes in the configuration can be tracked, this is the method/process however I am working on a centralised way in which we can track configuration changes.

    Posted in Linux, Sysadmin | Leave a comment

    Cross compiling aprx for 32bit from 64bit host

    I run aprx I-Gate for RF feed to aprs.is to support the local area network.

    I develop on a 64 bit version of debian (Testing) but run the node on a 32bit version of stable. Here is my setup and package requirement

    On the stable system you need to add the testing repo to the sources list

    And install glib for the version on testing. This is to allow the cross compiled version to run without updating the host node to testing

    On the 64 bit machine you need to supply 32bit compile flag to the autoconf tool

    then its just a case of copying over the compiled binary to the host

    restart the node and you now have the running version without the need to compile on a machine with low resources.

    Posted in Ham Radio, Linux | Leave a comment
    • about.me

      Simon Quantrill

      Simon Quantrill

      Staying on top of IT

      I am a seasoned Information Technologist, I am an expert in putting Infrastructure and Technology with Open Source, tools & projects strategically and securely to work within the business model and financial confines of modern day enterprise.

      As IT Operational manager, I have created a state of the art computing centres for multi site businesses

      More recently to provide an enviroment for Metocean consultancy, Weather Forecasting, Search and Rescue Services and Vessel Response Consultancy to the Oil and Gas industry.

      I pride my self on being able to work under pressure and keep to committed project timelines in whatever is thrown at me. My strengths really show through when in the the middle of a ‘good challenge’.

      I am an avid user of Debian Linux and know my way around most open source product e.g. postfix, bind, mysql, postgrl, apache wordpress etc etc. I have a background in Electronic and Computer Engineering starting my career tinkering with the subsea electronics on R.O.V systems. I moved fairly quickly into IT starting with Networking, Security and intergration. I have always taken on challanging projects and have enjoyed find out how things work, and of course helping others understand.

    • Subscribe to my blog using email:

      Enter your email address:

      Delivered by FeedBurner