You can’t afford not to read this

(Adapted from a post at Kent University : https://blogs.kent.ac.uk/isnews/you-cant-afford-not-to-read-this/ – but it’s so spot on, I thought I’d share it here)

You are probably likely to get at least one fake email this week. And it might be very convincing. You need to know what clues to look for so that you don’t lose work, personal data such as photos, or put University data at risk.

Good fakes look almost identical to genuine emails, and often appear to be from companies you know, such as:

  • Amazon
  • eBay
  • PayPal
  • phone companies like O2 and Vodafone
  • courier companies like DHL, and UPS
  • travel companies
  • student finance
  • local companies. Remember criminals don’t just copy large companies.

o2-phish-image

Clues to look for

  1. If it says you’ve ordered a service that you haven’t – it’s highly likely to be fake. Delete the email, even if it looks convincing. If you want to double-check, use a browser and find their website. From there you can check your online account or contact them.
  2. If there’s an attached file you weren’t expecting – don’t open or even preview it. Attachments are used to unleash a virus. They know you might be curious enough to want to look and see what it is. Do not look – delete it. Absolutely do not ‘enable content’ or ‘enable macros’.
  3. Check the email address it was sent from. Does it look like the expected sender? Is it readable, or unusual, or sent ‘on behalf of’ another email account? Note that even if it looks like the right sender, hackers can ‘hijack’ genuine email accounts – so look for other clues.
  4. Don’t click on links if you have any doubts. The link text you see on the screen might not match the website address it will go to. If you can, hover your mouse over them and the actual website address will appear. Is it a readable, sensible destination for that company?

If you’re not sure if it is fake or not

  • Contact the organisation outside of the email or go to their website independently. From there you can check your online account or contact them.
  • Never ‘Load remote content’ or ‘download pictures’ if you have any doubts at all.
  • If it is definitely fake, mark it as junk and delete it. Don’t reply, click links, view attachments or view images.

If you think you’ve responded to a fake

If you’ve previewed or opened an attachment which you now realise is fake, or clicked a link, or allowed ‘remote content’ or images to be seen in an email that is likely to be fake:

  • turn the power off your device immediately.
  • if you think your bank details have been compromised, contact your bank immediately.
  • contact the Service Desk (it.servicedesk@ncl.ac.uk or call x85999)

A note about your passwords

  • Never give out your CAMPUS password (or any other password). No reputable organisation will ask you to do this. Newcastle University IT staff do not need your password to perform maintenance on your account, and will never ask you to ‘verify your details’.
  • If you think your password has been compromised, contact the Service Desk, and change your password.
  • Don’t use the same password for more than one account. Just don’t do it.
  • Try and use a unique password with a mixture of letters, numbers and punctuation.

We do block most fake messages that are sent to your University email account, as we have ways of identifying them before they reach your Inbox. But some may still get through to you, unfortunately.

The Importance of Protecting AD Objects against accidental deletion

I’ve recently had to go through the process of restoring a series of OU objects which is not at all fun even with the AD Recycle Bin feature that came along with Windows Server 2008 R2.

It’s easy to make mistakes though but most can be averted with the ‘Protect Object from Accidental Deletion’ flag. In order to toggle this value in the ADUC console select View > Advanced Features.

Once selected the object tab is available which allows you to toggle the object.

Any OUs in the University Active Directory that have been created using the Server 2008/Vista or later AD tools will have the value set by default. Other objects such as users and computers do not get the value automatically.

If you would like to set the property on all OUs or all Objects in given OU then you can run the following commands using the Quest AD Commandlets with appropriate rights:

For OUs only

get-qadobject -sizelimit 0 -type OrganizationalUnit -SearchRoot "OU=MyOU,OU=Departments,DC=campus,DC=ncl,DC=ac,DC=uk" | Add-QADPermission -Deny -Account Everyone -ApplyTo ThisObjectOnly -Rights DeleteTree,Delete

For Computers Only

get-qadobject -sizelimit 0 -type OrganizationalUnit -SearchRoot "OU=MyOU,OU=Departments,DC=campus,DC=ncl,DC=ac,DC=uk" | Add-QADPermission -Deny -Account Everyone -ApplyTo ThisObjectOnly -Rights DeleteTree,Delete

For Everything

get-qadobject -sizelimit 0 -SearchRoot "OU=MyOU,OU=Departments,DC=campus,DC=ncl,DC=ac,DC=uk" | Add-QADPermission -Deny -Account Everyone -ApplyTo ThisObjectOnly -Rights DeleteTree,Delete

REMEMBER TO TEST YOUR SCRIPT FIRST!

Secure destruction of data

We’ve recently been asked how we dispose of our hard disk drives/tapes while ensuring that sensitive data is protected.  Depending on the nature of the data we use a 2 stage method.

Media for disposal or reuse within the University

Hard disks are wiped using the freely available DBAN. I’ll use their own description of the software:

Darik’s Boot and Nuke (“DBAN”) is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction. DBAN is a means of ensuring due diligence in computer recycling, a way of preventing identity theft if you want to sell a computer, and a good way to totally clean a Microsoft Windows installation of viruses and spyware.

Tapes are erased using the built in library features. Completing this stage would make media suitable for internal transfer and reuse within the University.

In order to use DBAN yourself you simply need to burn a copy of the ISO which creates a bootable CD/DVD. After that simply follow the on screen instructions.

Disposal (WEEE)

If the media holding the data is to be disposed of or recycled the University has a contract for WEEE contractor- www.secondbyteit.co.uk.

Second Byte provide Hard drive erasure and Certificates of data destruction. Each piece of equipment is given a reference by the contractor and certificates of destruction are provided. These are stored electronically centrally.

Hard drives are removed from machines during booking in, placed in secure containers and moved to a separate area of their warehouse. Only specific members of staff are allowed to handle hard drives. All hard drives are sanitized again using DBAN working to DOD 5220.22-M with 7 passes even if clients have sanitized them or if they have asked for disposal. All hard drives that clients have asked to be destroyed are recycled after being sanitized.

Any tapes or other media are physically destroyed certificates of destruction provided.

Free ebook: Security and Privacy for Office 2010 Users

Responsibility for data security has to be shared among all the members of an organisation. We always have security in mind whenever we put services into production, and the hope is that we build things in such a way that end users only need to apply common sense to avoid breaches.

Having said that, it’s not possible to be too aware of the issues around security and privacy, so it’s not a bad idea for people to read this ebook by prolific author Mitch Tulloch. It’s aimed at the group of people that Microsoft calls “Information Workers”, but what that really means in this instance is any user of Microsoft Office or Office 365.

  • Get practical, proactive guidance for using the security and privacy management features in Office 2010 and Office 365
  • Walk through everyday scenarios, and discover everyday techniques that help you take charge
  • Understand common risks and learn best practices you can apply right away

You can see more details at the O’Reilly site, or just go and grab the free PDF from http://download.microsoft.com/download/F/F/2/FF2EECEE-397A-45B9-83A4-821243F8DFFD/668836ebook.pdf

Updated the Information security guidance on the ISS website + InfoSec Workshops

There is now updated information security guidance on the ISS web site.

This new guidance, along with a printer-friendly desktop companion, can be accessed here

Published information includes…

  • Understanding Information Security
  • Accessing ICT Services
  • Protecting your data and devices
  • Encryption
  • Scam Emails
  • Email and Internet
  • Protecting ICT services

A web link is also provided to the University’s Information Security Policy.

This guidance is aimed at all users of ICT across the University. More technical guidance for ICT personnel will be published in the near future and will be based on the feedback received through the planned Information Security Workshops.

The information security workshops for computing officers will be taking place on the dates and times shown below. If you are interested in attending, please reserve your place using the links:

The workshops will take place in Claremont Tower, room 701. Please see the attachment for more information.

1. InfoSec Workshop, Mon 19 March, 09:30 – 11:30
2. InfoSec Workshop, Wed 21 March, 09:30 – 11:30
3. InfoSec Workshop, Mon 26 March, 09:30 – 11:30
4. InfoSec Workshop, Wed 28 March, 09:30 – 11:30

http://www.ncl.ac.uk/iss/support/security/

Ten Immutable Laws Of Security

Interesting article on TechNet:

Law #1:

If a bad guy can persuade you to run his program on your computer, it’s not solely your computer anymore.

Law #2:

If a bad guy can alter the operating system on your computer, it’s not your computer anymore.

Law #3:

If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.

Law #4:

If you allow a bad guy to run active content in your website, it’s not your website any more.

Law #5:

Weak passwords trump strong security.

Law #6:

A computer is only as secure as the administrator is trustworthy.

Law #7:

Encrypted data is only as secure as its decryption key.

Law #8:

An out-of-date antimalware scanner is only marginally better than no scanner at all.

Law #9:

Absolute anonymity isn’t practically achievable, online or offline.

Law #10:

Technology is not a panacea.

http://technet.microsoft….y/hh278941.aspx

Patching ProLiant Firmware & Software with HPSUM (HP Smart Update Manager) on Windows Systems

This will hopefully be of help with for people using HP Proliant Servers who want quickly to patch their Firmware and Software to the very latest versions

ProLiant Support Packs (PSP) represent operating system (OS) specific bundles of ProLiant optimized drivers, utilities, and management agents. These bundles of software are tested together to ensure proper installation and functionality.

This means that the The Proliant support packs will not necessarily contain the latest versions, just a baseline tested combination and that the software\firmware in use could still be vulnerable or lack the updated functionality in later versions.

It’s possible (and painful) to install updates via the System Management Homepage but this requires lots of restarts and lots of waiting around. The easiest method is to use HPSUM (HP Smart Update Manager) which ships as part of the ProLiant Support Pack but has the ability to download the very latest Firmware and Patches from HP as part of the update process.
Here is how to do it:

1. Extract the ProLiant Support Pack

2. Locate and run setup.exe. This will start the Windows GUI (there is also a command
line version setupc.exe for Windows Server Core)

3. Select the Check ftp.hp.com option and set ‘Type of updates to use’ to ‘Both’.

4. Select ‘Start Inventory’

5. If asked for permission to download from HP.com select yes.

6. At the next screen select Local Host > Next

7. At the next screen it is important to select the currently installed ProLiant Support Pack and ‘ALLOW NON-BUNDLE PRODUCTS’ and ‘ALLOW NON-BUNDLE VERSIONS’. If these options are not checked components will not be update above the level of the currently installed Support Pack.

8. At the next screen you will see all of the very latest updates available. Select the ones you want and hit install. Restarts are optional but some components swill not update until after the next restart.

Free e-book: Keep Yourself and Your Stuff Safe Online

Microsoft has teamed up with author Linda McCarthy to offer a free downloadable version of her new book Own Your Space – Keep Yourself and Your Stuff Safe Online. The book covers a variety of computer security and online safetly topics and is aimed at internet savvy teens, as well as parents and educators. Personally I’d say that the chances of teens reading it all the way through aren’t great, but parents of online offspring should definitely get up to speed with this stuff.

Frankly I’d recommend that anyone who uses the internet and isn’t as capable as Sarah Connor at fighting off the machines, should read this.

Own Your Space

Both PDF and XPS versions are available at the Microsoft Download Center.

Free e-book: Introducing Windows Server 2008 R2

All you need is a Windows Live ID.

Free e-book offer from Microsoft Press: Introducing Windows Server 2008 R2
Learn about the features of Windows Server 2008 R2 in the areas of virtualization, management, the web application platform, scalability and reliability, and interoperability with Windows 7. Sign in to download Introducing Windows Server 2008 R2, written by industry experts Charlie Russel and Craig Zacker along with the Windows Server team at Microsoft.

http://www.microsoft.com/…dowsserver.aspx

Security Principals, ACE, ACLs, DACLs, and SACLs

As a follow up to an earlier post I made on Advanced NTFS Permissions I thought I’d post some notes I made recently on Security Principals, ACE, ACLs, DACLs, and SACLs

Security Principals

A security principal is an entity that can be authenticated by the system, such as a user account, a computer account, or a thread or process that runs in the security context of a user or computer account and Security groups of these accounts. The important thing to remember is that each principal is automatically assigned a security identifier (SID)when it is created and that these are unique. This is why a domain computer cannot access domain resources if its account is deleted even when a new account with the same name exists.

Access Control Entry (ACE)

An Access Control Entry (ACE) is an element in an access control list (see below). Each ACE controls or monitors access to an object. We see an ACE when we look in the list of security principals which have access tab on an object.
Access Control Lists (ACL)
Broadly speaking an ACLs are the lists of security principals (users, groups and computers that have access to an object. There are two types of ACL. The DACL and the SACL.

Discretionary access control lists (DACLs).

DACLs identify the users and groups that are assigned or denied access permissions on an object. If a DACL does not explicitly identify a security principal it will be denied access to that object.

System access control lists (SACLs).

SACLs identify the users and groups that you want to audit when they successfully access or fail to access an object. Auditing is used to monitor events related to system or network security. A SACL can be found by selecting the Advanced Security settings on an object button and selecting the Auditing Tab

Security