Category Archives: IT Security

How to Create a Folder Accessible to only a Specific User (Data Backup User)

Data backup is like taking an insurance on your data. Just as we cannot predict what will happen with our life and property the next moment, and take cover of a good insurance, the same is true for our data too. Our precious data may be lost due to various reasons – natural disasters (earth-quake, flood, storm, fire), man-made havoc (theft, arson, violence), equipment failure, hacker attack etc. Backup acts as a good insurance against all such incidents. So, let’s make sure to regularly backup data.

It’s most common take backups onto another storage device, such as an external USB drive or a network share. It’s definitely a good step, but such storage also can be targeted by malware and virus. For example, if you map a network share to a drive (such as map \\myserver\backupshare to the drive x:) or attach an external USB drive to your computer, malware can identify such a drive and do the same damage as it does to regular drives in a computer. To protect the backup drive from malware attack, take the following steps so that the drive / folder is accessible ONLY to your dedicated backup user account as explained in our other blog post “How to Handle Ransomware Threat: Be Cautious and Backup Data“.

NOTE: Though the following set of steps use the folder name “BackupShared” as an example, DO NOT use such an easy-to-guess account name. Choose something suitable for your case that does NOT include your name, username etc.

a) Right-click on the folder (in this case E:\BackupShared as an example), and from the context-menu click on ‘Properties’ option.

b) Click on ‘Security’ tab to select it. You will see the dialog below.
Create Secure Drive - Step B

c) Click on the ‘Advanced’ button. You will then see the dialog below.
Create Secure Drive - Step C

d) Click on the ‘Disable inheritance’ button, which will show the following dialog.
Create Secure Drive - Step D

e) Select the option ‘Remove all inherited permissions from this object’.

f) Remove all ‘Permission entries’ (if any) from the following dialog.
Create Secure Drive - Step F

g) Now click the ‘Add’ button in the above dialog, and you will see the following dialog.
Create Secure Drive - Step G

h) Click on ‘Select a principal’ and you will get the following dialog.
Create Secure Drive - Step H

i) Specify name of the backup-only user created in step (b) above and click on ‘OK’.
Create Secure Drive - Step I

j) You will next see the following dialog. In the ‘Basic permissions’ section, select ‘Full Control’. The other options within this dialog should be as shown below. Then click ‘OK’.
Create Secure Drive - Step J

k) Now click ‘Apply’ in the following dialog.
Create Secure Drive - Step K

l) Change the ‘Owner’ by clicking on the ‘Change’ link in the above dialog. This should be the same as the backup user.

m) Click ‘OK’ to close the dialog. You will come back to the following dialog.
Create Secure Drive - Step M

n) Open the ‘Sharing’ tab, and click ‘Share…’.
Create Secure Drive - Step N

o) Then you will see the following dialog.
Create Secure Drive - Step O

p) If the “backup username” does not appear in the box, click on the dropdown list and select ‘Find people…’. Specify the “backup username” in that dialog and click ‘OK’ to come back to the File Sharing dialog. Then click ‘Add’. Choose ‘Owner’ or ‘Read/Write’ as the ‘Permission Level’ for the user.

q) Click the ‘Share’ button to share the folder. Click ‘Done’ on the following dialog.
Create Secure Drive - Step Q

r) Click ‘Close’ in the following dialog to complete the security settings.
Create Secure Drive - Step R

Yes, you are really done! It took quite a number of steps to go through, but now you have secured a folder / drive from unapproved access by malware and hack attacks. This is a safe destination for your backup data. Go ahead, start the backup process now.

2016: IT Security Challenges

A recently published report by Gartner & Raytheon (Dec-2015) makes some security predictions for the year 2016. The picture is not comforting at all. The already scary level of attacks by cyber criminals will rise even more because of the cyber terrorists (including the “Syrian Electronic Army” or SEA in short), who will be working in sync with ISIS and other such groups.

1.  The US Elections Cycle Will Drive Significant Themed Attacks: The level of use of social and online media for US Presidential election process will exceed all earlier instances. The candidates have started opening websites with their own profile and are regularly updating those with campaign schedules, time tables, issue-based debates etc. They are also using facebook, Twitter, Instagram etc. as campaign tools. A 2014 survey showed nearly 74% of US adults use social networking. According to a recent survey by Pew Research Center, nearly 92% of the Americans are on social media. Of them 96% adults read news on Presidential election there. They have less interest and trust in traditional media like TV, newspaper etc. The candidates also are paying more attention to their Ads in social media sites.
This will make things easier for the hackers and spammers. Pretending to campaign on behalf of some candidate(s), they will present attractive / interesting topics or use offers as bait to trap / cheat users visiting social media as well as push malware, spam etc. in their email / computer.

2.  The attack on Google, Bing etc. will reach an extremely high level. There will be attacks through facebook, Twitter “friend” / “connection”. Serious attacks like Highly Transient Web Threat (HTWT) will also happen.

3.  Addition of the GTLD system will provide new opportunities for attackers: The top ten botnets like “Cutwell”, “Rustock”, “Mega-D” etc. will become even more powerful and active. They have been spreading spam to about 100 million computers around the world, which is 88% of all the 100s of billions of spam sent daily. In 2016, it might grow by 15 times or more!
Since multinational corporations and marketing agencies are becoming increasingly dependent on online services and web-based systems, there is big growth in “cloud computing”. Now the cyber criminals / terrorists are making “cloud computing” systems as their major target.

4.  The cyber criminals will attack the “traditional customer authentication” methods used for online banking and financial transactions to steal funds from bank accounts. There will be tremendous rise in the “Man in the Browser” (MITB) Trojan attack incidents.

5.  The cyber terrorists will also attach in guise of lucrative offers in emails (possibly as attachments) with attractive topics, pictures, invites as well fake web links, so that you step into their trap to reveal important personal information.

6.  The criminals will also use “BlackHatSEO” to get the fake sites and/or links in front of you in search engine results by suppressing the genuine websites. For this they will use various SEO techniques, including paid SEO.

7.  Fake Advertisements in the name of reputed media houses will be used to inject virus into those organizations’ websites. The hackers and spammers will use the still-in-use outdated technologies, such as unsupported and unpatched old software.

8.  The tiny URLs used in facebook and Twitter are quite popular among users. Since those are easy to utilize, the criminals will target the tiny URLs to bring people to malware-ridden 100s of thousands of fake websites.
According to an estimate from a few years back by a security software firm, nearly 300,000 fake websites are launched EVERYDAY just to lure unsuspecting users and infect their computers with malware and virus.

9.  The cyber criminals are going to use “SQL Injection” attack against the famous multinational banks, commercial and marketing companies around the world, including USA. Along with that they will use Phishing (stealing data through browser / email), Vishing (stealing data via phone calls), Smishing (via SMS to mobile phones) attacks.

10. There will be major increase in the cyber terrorists’ use of “foreign language spam” as well as “identity theft” attacks to steal our “digital signatures” for online (commercial / legal / financial) activities.

The only protection is to be super-careful (being paranoid is OK), even for individuals, because our own personal finances can be ruined by such attacks. A whole lot of people have already been burnt by “ransomware” (a kind of malware). Phishing and Vishing are still going on, and people continue to fall for those. On the other hand, a lot of computer users are oblivious about upgrading their software — Operating Systems, Applications, Browsers etc., even if free upgrades are widely available. There are a lot of people who derive extra pleasure in using pirated software, without understanding how dangerous it is for THEMSELVES. The big software companies can afford to lose a couple of billions in lost revenue due to piracy, but a compromised computer can terribly affect an individual’s life or a small business. It really doesn’t cost much when it’s spread over the lifetime of a computer and software. However, some people still find it necessary to avoid paying the dues and lead a risky life. Also, some computer users indiscriminately download and install “free” software from the Internet. Is “free” a business model for anyone? Yes, there are some legitimate “free” (mostly open source) software organizations, but they are well known. Why use software from a random company that pops up in a Google search? Does anyone buy any other thing like that? In real life do you use an item handed out by a complete stranger? Hopefully not.

It’s important to practice “Safe Computing”:
a)  Use ONLY legitimate software
b)  Use RELIABLE anti-virus from a REPUTED company
c)  Regularly update / patch software
d)  Monitor network to detect intrusion / infection
e)  Take automatic backup of all important data

The challenges are grave. The threats are real. The repercussions can be devastating. It’s worth being extra careful.

How important is to know the network inventory?

What is ‘Network Inventory’?
An IT network consists of various types of hardware (client PCs, servers, printers, and other peripherals) and software as well as the users. The hardware and software are commonly referred to as Network Assets, which constitute the entire network inventory.

At the simplest level, network inventory is a basic list of devices connected within the network. However, at a more advanced level, it can evolve to contain detailed information about software installed, hotfixes applied, services, and much more.

How important is to know your Network Assets?
Managing the IT infrastructure of an organization is undoubtedly a challenging task. The assets in the network get deployed, updated, removed fairly frequently, and often without any set pattern, to support the operational needs of the organization and the overall computing environment (security issues, virus / hacker threats, product updates and enhancements etc.). Keeping track of the users and their access privileges is an integral part of IT management. One of the biggest challenges to managing the network is the lack of comprehensive knowledge and understanding of the network, which are essential for decision-making and planning about the growth and improvement of IT infrastructure.
If you are a network administrator, you have to face these common questions:
  • How many computers (client PCs and servers) are in the network (domain or workgroup)?
  • Which of these computers are active vs. inactive, have been added / modified?
  • What hardware components (CPU, RAM, motherboard, hard discs and partitions, network card / chip, video and audio card / chip etc.) are in those client PCs and servers?
  • What Operating System (Windows) version is running on each PC and server?
  • What Service Packs for the OS have been installed on each PC and server?
  • What software applications (including version, manufacturer etc.) are running on each PC and server?
  • What all services are running on each PC and server?
And many more like these. Without these details you will never know the actual state of your network. Proper network asset management is impossible without the knowledge of the network assets.
What exactly is “IT Network Asset Management”?

IT Network Asset Management (also called IT Inventory Management) is an important part of an organization’s business strategy. It involves collecting detailed hardware and software inventory information, which are used to make decisions about purchase as well as redistribution of hardware and software over time.

IT asset management helps an IT organization manage its systems more effectively, and saves time and money by avoiding unnecessary asset purchase and/or disposing off existing resources.

How do organizations manage their network assets? Is it sufficient for them?
It’s quite common for System Managers / Admins to manually monitor the entire network, at times with dedicated personnel. That’s a challenging task, which is repetitive, error-prone, time consuming, and to a high degree wasteful of qualified systems professionals. A tool that automatically monitors the network for such information and presents a consolidated view helps with the latest status as well as not take up important human resources for such tasks.

SysExpertez: A solution for network asset tracking, monitoring, and management
SARANGSoft SysExpertez is a comprehensive asset, domain, and operations management application with a number of exciting features that help manage IT assets, Active Directory domains, and operations in the network. It automates and simplifies the repetitive tasks and quickly provides accurate results through an easy-to-use interface.

It’s like a set of CCTVs within your network, so that you as the System Manager / Admin can get a full view through the “Admin Console”, as if sitting in a “Control Room”. The powerful Admin Console is super-easy to use with a simple menu-driven UI that also looks and feels great.