Defeat Ransomware: Use Microsoft File Server Resource Manager (FSRM) – with a twist!

You may have seen some advice floating about on the internet, showing  you how to use Microsoft’s File Server Resource Manager (FSRM) to prevent Ransomware.

The problem with these articles is that they all involve maintaining a block list. You’ll find those block lists rarely keep up with new variants of Ransomware. So, in this article, i’m going to show you how to defeat ransomware – with a twist!

Lemons... good for lemonade. Not so good at beating Ransomware!

Lemons… good for lemonade. Not so good at beating Ransomware!

Continue reading

Advertisements

Windows Deployment – Advanced – Part 1. Performing Domain Joins Securely

In the first of this new multi-part series, I will show you how to take you Windows Deployment to the next level.

(For this series, we're assuming your running Server 2012 R2 with the latest updates, and the latest release of MDT 2013).

This article looks at locking down the os.deploy account that you use to automatically join computers to the domain.

So, let us improve the security of the mdt join account. This account which we have specified in CustomSettings.ini (Windows Deployment, Part 1: Configuring the Deployment Environment) and which is used by MDT to join the target computer to the domain.

If we leave this account as a Domain User, then MDT will be able to join the first few computers it installs into the domain but then will fail to join any others.

This is because by default Domain Users can only join 10 computers to the domain.

In our initial article, we made the account a member of the domain admins group – of course, perfectly acceptable in a lab environment, but not so in the real world.

This is because of these three facts:

  • The domain admin password is visible in the customsettings.ini
  • The domain admin password is sent in plain text across the network
  • The domain admin password is temporarily stored on the remote pc

So, how do we overcome this??

Continue reading

60 days to go: Is this the biggest security threat of 2015?

The clock is ticking….

th

With less than two months from now, Microsoft will stop supporting Server 2003, leaving many businesses with a major security headache.

From July 14th 2015, Microsoft will no longer issue security patches for Server 2003, leaving it open to an ever increasing risk of virus, spyware and malware infection, not to mention a plethora or security holes allowing hackers to gain access to a businesses network (67% of IT security breaches happen with businesses employing less than 100 staff).
microsoft-windows-server-2003-qih-800

How to reset a forgotten server admin password…

A few weeks ago, we had a call from a business who’s IT support company had gone AWOL.

This left the business with a server they were unable to access – you see, the IT support company hadn’t provided their customer with any passwords or documentation for their server.

hqdefault

So, when we got the call, the company I work for did as any good IT support business would…  we donned our superhero capes and got stuck in….

 

Here’s how you do it:

Continue reading

Password Security: Useful Advice

Many hackers enter computer systems simply by guessing passwords, and with the top passwords of 2012, 2013 and 2014 being password, 123456 and 12345678, we’re not exactly making things difficult for them! (of 40 million Adobe account passwords leaked online, 2 million were 123456).

Increases in computer processing power makes cracking your password that much easier and faster.

pkq5jgcdees02krlfo0jAs they say, the best password is one that you can’t remember – using that approach, you should look to using a password manager,  such as Lastpass, Roboform or Keepass

However, even the best and strongest passwords can eventually be defeated mathematically given enough time and computer processing power.  Whilst the use of strong passwords acts as a firm deterrent against password guessing attacks, and buys additional time against other attacks, where possible, you’ll want to look at using two-factor authentication – that is something you know (a password), and something you have (ie. a mobile phone).

When you login to a site that supports two-factor authentication (such as a bank), you’ll enter your password, and a one time generated code generated via either a text message or an app on your phone.  As codes are generally refreshed every minute, even if a hacker had obtained your password,  they wouldn’t have your one time password.

Continue reading