Category Archives: System Administration

How to Create a Folder Accessible to only a Specific User (Data Backup User)

Data backup is like taking an insurance on your data. Just as we cannot predict what will happen with our life and property the next moment, and take cover of a good insurance, the same is true for our data too. Our precious data may be lost due to various reasons – natural disasters (earth-quake, flood, storm, fire), man-made havoc (theft, arson, violence), equipment failure, hacker attack etc. Backup acts as a good insurance against all such incidents. So, let’s make sure to regularly backup data.

It’s most common take backups onto another storage device, such as an external USB drive or a network share. It’s definitely a good step, but such storage also can be targeted by malware and virus. For example, if you map a network share to a drive (such as map \\myserver\backupshare to the drive x:) or attach an external USB drive to your computer, malware can identify such a drive and do the same damage as it does to regular drives in a computer. To protect the backup drive from malware attack, take the following steps so that the drive / folder is accessible ONLY to your dedicated backup user account as explained in our other blog post “How to Handle Ransomware Threat: Be Cautious and Backup Data“.

NOTE: Though the following set of steps use the folder name “BackupShared” as an example, DO NOT use such an easy-to-guess account name. Choose something suitable for your case that does NOT include your name, username etc.

a) Right-click on the folder (in this case E:\BackupShared as an example), and from the context-menu click on ‘Properties’ option.

b) Click on ‘Security’ tab to select it. You will see the dialog below.
Create Secure Drive - Step B

c) Click on the ‘Advanced’ button. You will then see the dialog below.
Create Secure Drive - Step C

d) Click on the ‘Disable inheritance’ button, which will show the following dialog.
Create Secure Drive - Step D

e) Select the option ‘Remove all inherited permissions from this object’.

f) Remove all ‘Permission entries’ (if any) from the following dialog.
Create Secure Drive - Step F

g) Now click the ‘Add’ button in the above dialog, and you will see the following dialog.
Create Secure Drive - Step G

h) Click on ‘Select a principal’ and you will get the following dialog.
Create Secure Drive - Step H

i) Specify name of the backup-only user created in step (b) above and click on ‘OK’.
Create Secure Drive - Step I

j) You will next see the following dialog. In the ‘Basic permissions’ section, select ‘Full Control’. The other options within this dialog should be as shown below. Then click ‘OK’.
Create Secure Drive - Step J

k) Now click ‘Apply’ in the following dialog.
Create Secure Drive - Step K

l) Change the ‘Owner’ by clicking on the ‘Change’ link in the above dialog. This should be the same as the backup user.

m) Click ‘OK’ to close the dialog. You will come back to the following dialog.
Create Secure Drive - Step M

n) Open the ‘Sharing’ tab, and click ‘Share…’.
Create Secure Drive - Step N

o) Then you will see the following dialog.
Create Secure Drive - Step O

p) If the “backup username” does not appear in the box, click on the dropdown list and select ‘Find people…’. Specify the “backup username” in that dialog and click ‘OK’ to come back to the File Sharing dialog. Then click ‘Add’. Choose ‘Owner’ or ‘Read/Write’ as the ‘Permission Level’ for the user.

q) Click the ‘Share’ button to share the folder. Click ‘Done’ on the following dialog.
Create Secure Drive - Step Q

r) Click ‘Close’ in the following dialog to complete the security settings.
Create Secure Drive - Step R

Yes, you are really done! It took quite a number of steps to go through, but now you have secured a folder / drive from unapproved access by malware and hack attacks. This is a safe destination for your backup data. Go ahead, start the backup process now.

Threat to an IT Network from End User Activities

Background
A major goal of managing IT networks is to guard against security breaches. A hardware or software asset needs to be monitored on a regular basis, if possible continuously, so that appropriate preventive steps can be taken to keep the IT infrastructure running well as well as secured, because an organization’s success and reputation depends on its IT systems being protected. Though security threats may come from improper management of hardware and software assets, it is quite likely to be caused by end-user actions as well, such as unmonitored user activities.

What is meant by ‘Monitoring User Activity’
What does it mean to monitor “user activity”? It means checking for uncommon, unexpected, suspicious actions by users, including use of (specific) computers, network shares, applications, services, data etc. within the network. Being able to quickly identify any system misuse is an effective security mechanism, which might enable to stop an attack, and clean up any fallout.

In an IT environment users take many actions as part of day-to-day activities, such as run various applications, collect / create / process data, install & uninstall software, request to upgrade hardware & software etc. As part of managing the network, IT Administrators deploy new versions / patches of Operating Systems and applications, add and/or replace components / peripherals. The combination of existing software in the network and certain user actions might unknowingly open the door for security problems, such as attempt to hack the computers, copy / alter / delete data, download virus / malware etc. Sometimes these problems are inadvertent, but deliberate actions to compromise network security is possible, and are not uncommon. Effect of any such security breach can be devastating for an organization – ask the dozens of high-profile companies in the news for the wrong reasons over past couple of years! A potential problem indication can be as simple as a particular user logging into / trying to log into a computer (server / desktop) that is not expected or at an odd hour (beyond normal office hours), or a USB drive being plugged into a computer and such. At times it could be a genuine requirement, in which case the red-flag can be reviewed and discarded. In the other cases, that’s the main clue to track down and fix the problem. Being aware is essential to protect anything, or at least to assess and address any damage.

Challenges of monitoring user activity
Manual tracking of these events are hard to start with, and it gets increasing complex and time consuming. What is needed is an automated process that tracks users’ activities in detail as required. Every organization’s network has its own requirements, priorities, challenges. Accordingly, the relevant events can be setup to be monitored and alerts can be raised for review by the IT administrator.

But how to monitor effectively?
Finding the proverbial needle of security-threat in the haystack of activities is challenging. Automation is a viable way of identifying potential issues and narrowing down the list to actionable items. It’s not just the power of recording all possible actions & events in the network and analyzing those, the flexibility and ease of fitting the tool into an organization’s own requirement is just as important.

SARANGSoft SysExpertez is an application (Windows IT Asset management) that does this monitoring efficiently and with ease. SysExpertez enables the IT administrators to setup alerts on important user activities or even various status (e.g., a disk drive free space falling below a level, System Thermal State, System Power Supply State), so that all these events are reported with details, which can be reviewed as report as needed. A number of such reports are available in the ‘User Activity Reports’ section. Here are some of the reports generated on user activities in a network:
  • Currently Logged-in Users
  • Currently Logged-in Users by Computer
  • Users’ Login / Logout Times
  • Computer ON Status
  • User Logged into Different Computers
  • Users Logged into a Specific Computer
  • USB Device Plug-in
  • USB Device Plug-in by Computer

This variety of reports on end-user activities provide a good idea as to what is happening in the network related to the end-users. You can get a report as a whole as well as use ad-hoc queries regarding specific users or particular activities.

Detecting Prohibited Software

What is a ‘Prohibited software’?
Prohibited software refers to a software program or application, which is deemed inappropriate and not allowed to be installed in any computer in a specific IT environment. The reason in general are security vulnerability / threat that it can create to that computer or even to the entire IT environment. It’s a kind of banning or blacklisting a particular software for a specific IT environment. The reason for putting a software in such a category differs from organization to organization, depending on the domain of operation, data sensitivity, security concerns etc. Therefore, a software that is “prohibited” or blacklisted in one organization might be freely used in another, and vice versa. However, certain kinds of software are more likely to be marked as prohibited in workplaces.

Importance of detecting ‘Prohibited Software
Computer users of an IT network often install different kinds of software – within the organization (e.g., on a server share), from a friend / colleague, download from the Internet, and such. Many of these software turn out to be failing in the security standards and cause vulnerability / threat to the entire network. New software of various types and increasing complexity are emerging on a regular basis. There are a lot of free software available on the Internet that are quite useful. For example, Adobe PDF Reader, Internet browsers (Firefox, Chrome, IE, Safari, Opera), Skype etc. are from highly reputed software publishers and widely used at home as well as in small to large organizations. There are also many popular games, media players, chat applications etc. From our own experience, a widely used “free” media player app also tries to install a bunch of other software, and even if you opt out of all of them, they still silently slip in a couple of questionable software into your computer! First of all, these are unknown software, on top of that they sneak into your system. How comfortable / happy does that make you feel? In most cases, the adverse effect of such software on the IT system is unknown for a while. As a result, IT network security threat increases significantly as more such software are installed. Software from commercial software providers are regularly reviewed and updated, but some of the commonly used software do not go through proper follow-up and are rarely updated. Any security flaw in such software remains and create a backdoor for hackers and malicious programs to penetrate an organization’s IT network.
On the other hand, there are some popular software including gaming, media, and social networking, usage of which is likely to affect focus and productivity of employees. Presence of such software in workplace can also lead to various compliance issues. Also, if employees in an office downloads various software from the Internet and installs on work computers, it can lead to serious legal issues, such as license violations.
That’s why every organization needs to know what software are installed on its computers and if those are required and acceptable for business reasons. If not, such software should be identified as “prohibited” and arrangements made to stop those from being installed on any work computer. Controlling software installation is not a choice anymore; it’s a required step to address security, productivity, legal, and compliance issues.

Importance of ‘Software Asset Management’ in this regard
Detection of ‘Prohibited Software’ is a part of the bigger area ‘Software Asset Management’. Software asset management (SAM) is a business practice that involves managing and optimizing the purchase, deployment, maintenance, utilization, and disposal of software applications within an organization.
Proper software asset management is necessary for effective security practices to help combat cyber-attacks that can damage an organization in various ways. An effective SAM practice delivers intelligence on software across the network, providing clear visibility of entire network inventory that helps Network Administrator to take more informed software security decisions. SAM helps to minimize the attack-surface of an organization by detecting unauthorized and unsupported software and preventing them from being installed, or at least to be removed.

Methods of tracking ‘Prohibited Software’
Traditionally, the method known as ‘application blacklisting’ is used to track the unwanted applications. This method works by maintaining a list of applications that are to be denied system access and preventing them from being installed and executed. However, since the number, variety, and complexity of applications are increasing day by day, that approach is hard to follow these days.
The opposite approach to ‘blacklisting’ is ‘application whitelisting’. In this approach, an authorized list of applications is maintained. When a new application is going to be installed, it is automatically checked against the “authorized list”. If the application is not in the list, it’s not permitted to be installed. This depends more on the honor system.

Are these methods full-proof?
Nowadays applications are coming with increasing levels of complexity, variety, in increasing numbers. So, ‘application blacklisting’ process is not likely to be full-proof. On the other hand, the ‘application whitelisting’ method also might not be practical, because of the administrative resources required to create and maintain an effective whitelist often turns out to be inadequate.

Any way out of this problem?
Considering the possible threat to the IT network, it’s not recommended to rely on manual processes to detect the unwanted software. Rather we have to rely on an automated system that can detect such applications automatically without any manual intervention – a system that continuously monitors the IT network and immediately informs about the presence of any unknown or unwanted software.
SARANGSoft SysExpertez provides this functionality along with full-fledged IT Asset Management (tracking of hardware, software, and users) in a Windows network. Let’s see how SysExpertez helps detect the unauthorized / unwanted software within a Windows network.

Role of SysExpertez in detecting ‘Prohibited Software’
SysExpertez categories installed software broadly in three distinct categories.
1. Licensed: is associated with legal copies of commercially published software from reputed providers, license for which are purchased and budget is allocated for such software to be renewed / upgraded; e.g., Microsoft Office, SQL Server, Adobe Photoshop, Oracle database, AutoCAD etc.

2. Approved: There are many free but wonderful software available. Depending on an organization’s needs and policies, its IT team can identify some of those as “Approved”; e.g., Adobe PDF Reader, Skype, Firefox & Chrome browsers, some text editors (like Notepad++, TextPad) etc., which are suitable / beneficial for use in workplace;

3. Prohibited: There are some software that an organization might choose not to allow in its network for various reasons – security threat, productivity loss, legal / compliance issues etc. These generally include games, media players, chat apps etc. Any installation of such software within the IT network should be detected ASAP, and immediately acted upon (such as uninstall and prevent future occurrences);

SysExpertez helps put the known and relevant software into one of above three (3) categories – Licensed, Approved, and Prohibited. If any software outside these three lists is installed on any computer within the network, SysExpertez can detect that, classify it as an “Unknown”, and immediately notify the IT Administrator about it. The IT Administrator can investigate the case, and either

  1. Accept it as one of the first two categories (i.e., Licensed or Approved), or
  2. Put it in the Prohibited category and instruct the user(s) of the concerned PC(s) to immediately uninstall the software (and refrain from installing it in the future).

Monitoring of software assets helps keep the network safer and comply with legal and standards requirements.

Preventing data loss on your computers

Introduction
Data have become intrinsic part of modern human life. We are constantly searching for data, right from the time we wake up every morning. While some of the data are live and online, a lot of data are collected, processed, organized, and stored for quick and easy access at any time. These data (stored in files and folders) are valuable for our personal needs. Those can be photos, videos, music, research outcomes, write-ups, important documents and so on. If those are lost for any reason, it would significantly affect our lives, professionally and/or personally (often emotionally). That’s why it’s easily understandable why we often fear of losing such data due to some unexpected problem.

Types of data loss and some precautionary steps
Though we often think about “data protection”, which includes guarding it against preying eyes and hands of hackers and such, “data backup” is intricately involved in the process. The term ‘data backup’ means to copy data files to another medium (such as a disk or tape) as a precaution, in case the original storage medium (generally the hard disk built into the computer) fails. Data backup is crucial for businesses as well as individuals.

There are many ways that your data can be lost. The common reasons are hardware failure, corrupted files, virus / malware, accidental deletions, and of course natural disasters (storm, earthquake, flood etc.) or man-made disasters (vandalism, theft, terrorist attack, arson etc.). Let’s look at few safekeeping approaches to prevent data loss as part of a comprehensive data protection plan.

a) Create a standardized file / folder organization
It helps to develop a standard way of organizing and storing your files, so that you (and your users) will know where a particular kind of file are expected to be. Once this first step is done, backing up data files will be more accurate and precise, and it will save time and hassle while retrieving any lost data to its original location.

Organizing files and folders is the key to a data protection and restoration plan.

b) Identify which (kind of) files need to be preserved
Once you have organized your files and folders, determine which are important for you. Though you are the best judge deciding what are your important files, here are some ideas for your convenience.

The following types of files are important:
  • The files you can’t do without
  • The files you will need in the future
  • The files related to products & services you sell (for businesses)
  • Files that you cannot re-create
  • Files that you can re-create but don’t want to
  • Files you regularly use and/or refer to and/or update

On the other hand, the following types of files are less important:
  • Files you have not used (not viewed or edited) for a few years.

The following types of files might be good candidates to not be included in backup (or should even be deleted from your computer to keep it clean):
  • Files you cannot remember why those are there.
  • Files you know are not useful for you any more or are known be outdated.

c) Avoid storing documents on the same drive where Operating System is installed
On Windows, most document editing applications save the document file in the ‘My Document’ folder, which is very well known. As a result, malwares and virus often target the files there, making the files vulnerable.

Whether it is a virus or software failure, the majority of computer problems affect the Operating System. Quite often the solution is to reinstall Windows, and at times after reformatting that drive. In such an instance, you must make sure to copy / backup all of your own files (not the system or application files) from the drive, including the ‘My Documents’ folder; otherwise everything on the drive will be lost. You can create a separate drive on the same physical hard disk, and store all your own files and folders on the second drive. If the OS drive needs to be reset, your data drive will still be unaffected.

It is also possible for the hard disk itself to go bad (disk crash), in which case all drives on that disk will be lost. You can replace the hard disk and reinstall Windows and the applications to get it back to working condition, but in this case your files and folders on the data drive has also been lost. To handle such cases, you can use an external hard disk to store your data files. Or you can just use regular backup from your data drive to an external disk.

d) Backup regularly
You can alert yourself to take a set of security measures to protect data loss, but if your data is not backed up, it’s very likely that you WILL LOSE IT. So, ensure that your data is backed up regularly, and test the backup to ensure that your data can be recovered when you need it.

How often should you back up? That depends on how much data you can allow to lose if your system crashes completely. A week’s work? A day’s work? An hour’s work? Depending on that you have to schedule your backups.
There are numerous backup programs with varieties of features. You can easily try out
  • SARANGSoft filexpertez (file-expert-ease) for backing up a Windows PC. It’s a comprehensive file and folder management tool for home, office, school / college, everywhere.
  • SARANGSoft WinBackup Business for backing up all PCs and servers in a Windows network (domain or workgroup) through a centrally managed arrangement.

Both the products are feature-rich and flexible, yet easy to understand and use. These do not cost much, and there is a no-obligation 30-day free trial available.

e) Automate your backup procedures
All of us are busy. There are too many things to do every day, and too little time! Even though you might be very sincere about regular data backup, it’s quite possible that you forget to run backup at times, and that leads to an inconsistent data backup arrangement. Ideally, backup should be arranged to run in a consistent manner without any manual intervention. Depending on the importance of your data, you may schedule the backup operation to run it automatically. The only thing you should bother about is to check that the backup are really happening. It helps if the backup program can send you a notification when it backup is done, either successfully or ending in failure (in which case you can look into the issue and fix it).

f) Encrypt your data while backing up
Using encryption during backup of your data is another layer of protection for the data.
Encryption changes the backed up data in a way to making it unreadable by anyone, except who has the password “key”, which allows him/her to decrypt the data back to its original usable form.
There are various types of encryption mechanism available, and some programs use it.

g) Create a local backup arrangement
All the important files should be backed up locally first. Make sure that the backed up files are available at your office / home. That ensures for easy access and recovery, as well as control of the data.

h) Create an off-site backup arrangement
It’s a great idea to arrange for a different location than your office / home to keep a copy of the backed up files. It provides “redundancy” as well as prepares for “disasters”.
If the local backup is damaged or lost for any reason, the off-site backup copy will save your day.

i) Use of “cloud” as remote storage for backed up data
Nowadays, it’s increasingly common to use cloud as the remote data storage. There are many benefits to using cloud storage, most notable being the virtual indestructibility of cloud storage and its accessibility. Files stored in the cloud are assured beyond any other level for reliability and those can be accessed at any time from any place with Internet access and your own user credentials. As far as the disaster recovery is concerned, data from cloud can be restored without any hassle. Also, the cost of cloud data storage and restoration is significantly lower than traditional data storage and restoration.
SARANGSoft CloudScape is a unique cloud storage browser for the Windows platform to seamlessly integrate cloud storage (AWS-S3 and Azure) with local storage (PC’s hard drive). Its Windows Explorer-like user interface enables easy transfer (including drag & drop) of files and folders to and from cloud, thereby making cloud storage an extension of your local PC storage. It maintains full folder hierarchy between a PC and cloud storage, which is not very common for such tools.

Ending Note
Making plans and implementing those takes time, effort, resources, and costs money. That’s why many of us defer doing it. However, the cost of not backing up data can be so severe, the upfront effort for the backup process is worth everything you put into it.