Defeat Ransomware: Use Microsoft File Server Resource Manager (FSRM) – with a twist!

You may have seen some advice floating about on the internet, showing  you how to use Microsoft’s File Server Resource Manager (FSRM) to prevent Ransomware.

The problem with these articles is that they all involve maintaining a block list. You’ll find those block lists rarely keep up with new variants of Ransomware. So, in this article, i’m going to show you how to defeat ransomware – with a twist!

Lemons... good for lemonade. Not so good at beating Ransomware!

Lemons… good for lemonade. Not so good at beating Ransomware!

Continue reading

Education. Education. Education

No, I’m not referring to one of Labour’s winning manifesto policies of the 1997 UK general election, in this case, I’m talking about educating end users about ICT security.

What lead me to write this article was an interesting issue I recently came across. I say issue, it was more of a surprise. A pleasant one I may add…

Think before you click!

pointer

In a typical world, most computers users are click happy. See an advert… click, new message pops up on screen… click, new email comes through… click!

In the brief pauses between the clicking of clicks, the computer user spends very little time, if any, to review what is actually being clicked on…

So, it came as a surprise (after many months and years of what I thought was a seemingly fruitless effort in trying to educate people), out of the blue, one of our customers emailed me to notify me that they had received a suspicious email, and could I investigate…

Sure enough, not only had the suspicious email happily passed across no less than four different AV & Malware venders to reach the users mailbox, none of the 56 vendors from Virus Total detected an issue either!

Of course, being highly suspicious, I sent the sample to one of our AV providers, an hour later they responded stating the attachment was in fact infected with a brand new virus: Halifax_Reactivation.pdf – PDF/Phishing.Agent.AV trojan and would be added to the next signature, which rolled out a few hours later.

So in the end, rather than a fruitless effort to make users aware of the risks; in this case at least, education proved itself to be above all else, a vital first defence against infection and potentially prevented major damaged to the business (imagine if that virus happened to be a new breed of Cryptolocker!).

Oh, and of course, that particular user was publicly thanked for bringing the problem to our attention, followed up with information from our AV vender…

TSN

Windows Deployment – Advanced – Part 1. Performing Domain Joins Securely

In the first of this new multi-part series, I will show you how to take you Windows Deployment to the next level.

(For this series, we're assuming your running Server 2012 R2 with the latest updates, and the latest release of MDT 2013).

This article looks at locking down the os.deploy account that you use to automatically join computers to the domain.

So, let us improve the security of the mdt join account. This account which we have specified in CustomSettings.ini (Windows Deployment, Part 1: Configuring the Deployment Environment) and which is used by MDT to join the target computer to the domain.

If we leave this account as a Domain User, then MDT will be able to join the first few computers it installs into the domain but then will fail to join any others.

This is because by default Domain Users can only join 10 computers to the domain.

In our initial article, we made the account a member of the domain admins group – of course, perfectly acceptable in a lab environment, but not so in the real world.

This is because of these three facts:

  • The domain admin password is visible in the customsettings.ini
  • The domain admin password is sent in plain text across the network
  • The domain admin password is temporarily stored on the remote pc

So, how do we overcome this??

Continue reading

60 days to go: Is this the biggest security threat of 2015?

The clock is ticking….

th

With less than two months from now, Microsoft will stop supporting Server 2003, leaving many businesses with a major security headache.

From July 14th 2015, Microsoft will no longer issue security patches for Server 2003, leaving it open to an ever increasing risk of virus, spyware and malware infection, not to mention a plethora or security holes allowing hackers to gain access to a businesses network (67% of IT security breaches happen with businesses employing less than 100 staff).
microsoft-windows-server-2003-qih-800

How to reset a forgotten server admin password…

A few weeks ago, we had a call from a business who’s IT support company had gone AWOL.

This left the business with a server they were unable to access – you see, the IT support company hadn’t provided their customer with any passwords or documentation for their server.

hqdefault

So, when we got the call, the company I work for did as any good IT support business would…  we donned our superhero capes and got stuck in….

 

Here’s how you do it:

Continue reading