Monday, February 20, 2023

Information Security vs IT Security vs Cyber Security

Information security, IT security, and cyber security are all related terms that refer to the protection of digital assets against unauthorized access, theft, or damage. While there is some overlap between these terms, they have different emphases and scopes.

Information security is a broad term that encompasses all measures taken to protect sensitive data, such as personal information, financial data, and intellectual property. It involves securing data in all its forms, including physical storage devices, electronic storage, and transfer.

IT security, on the other hand, focuses on securing the technology infrastructure of an organization, such as networks, servers, and devices, and ensuring that they operate reliably, securely, and efficiently. IT security also involves the implementation and management of security measures that can protect the infrastructure from unauthorized access, cyber attacks, and other threats.

Cybersecurity is a subset of IT security that deals specifically with protecting digital assets against cyber threats, such as malware, phishing, hacking, and other types of cyber attacks. Cybersecurity involves a range of technologies, practices, and policies that aim to prevent, detect, and respond to cyber threats.

While information security, IT security, and cyber security have some overlap, they also have distinct areas of focus and implementation.

Overlapping areas:

  • Risk management: All three disciplines are concerned with identifying, assessing, and managing risks to the organization's digital assets and information.
  • Access control: Controlling access to information and systems is a critical component of all three disciplines. Access controls ensure that only authorized individuals can access data and resources.
  • Incident response: All three areas involve creating plans and procedures for responding to security incidents, such as data breaches, cyber attacks, and system failures.


Non-overlapping areas:

  • Information security: This area has a broader focus and covers the protection of information in all forms, including physical documents, intellectual property, and sensitive data. Information security is not limited to technology-related risks and includes physical security, policy management, and regulatory compliance.
  • IT security: This area is focused on protecting the technology infrastructure of the organization, such as servers, networks, and devices. IT security is concerned with maintaining the availability, confidentiality, and integrity of the technology infrastructure.
  • Cybersecurity: This area is specifically focused on protecting against cyber threats, such as malware, hacking, and phishing. Cybersecurity involves a range of technologies, practices, and policies that aim to prevent, detect, and respond to cyber threats.


In summary, information security is a broad term that covers all measures taken to protect sensitive data, while IT security and cyber security are subsets of information security that focus on protecting the technology infrastructure and digital assets of an organization against various types of threats.

Wednesday, November 30, 2022

Should the Shadow IT at Your Organization be prevented...?

 Introduction

“Shadow IT” typically refers to staff members’ work-related use of IT-related hardware, software or cloud services without the knowledge of the IT organization. Employees engage in shadow IT mostly to work more efficiently. Employees sometime feel like they need to work around existing security controls of the organization to get their job done. Some common examples of Shadow IT include:

  • Slack, Trello, and other productivity tools
  •  Skype and other VOIP tools
  •  Google Docs, Gmail, Drive, and other elements of the Google Suite, Microsoft 365 (if  not officially licensed or sanctioned by the IT department)
  • Dropbox, Megaupload, and other peer-to-peer file-sharing and cloud collaboration tools
  • Apple AirDrop and other bluetooth-based sharing tools
  • WhatsApp and other messaging apps
  • Flash drives and HDDs
  • Personal laptops, tablets, and smartphones.

Use of SaaS and Cloud Services is growing at the staggering pace. This rapid growth has increased the adoption of Shadow IT. While organizations consciously embrace cloud applications, others are often introduced by employees in an ad-hoc manner to aid business productivity or for personal applications.

While Shadow IT is not inherently dangerous, certain features like file sharing/storage and collaboration (e.g., Google Docs) can result in sensitive data leaks. Beyond security risks, this can also waste money if different departments are unknowingly purchasing duplicate solutions.

Recommendations:

Below recommendations shall be implemented to control Shadow IT operations within your organization network infrastructure.

·       Discover Shadow IT by Monitoring for Unsanctioned Applications

Logs from firewalls, network access controllers, DHCP servers and other network security devices shall be used to detect shadow IT. Further logs from the WiFi access points can also be used to detect unregistered devices that are connected to the Corporate Wi-Fi network.

Organizations need to establish a process to critically analyze these application signatures and identify a list of unsanctioned applications that are being used within the network by employees. This shall be achieved either through automated tools or through a manual process.

Once the unsanctioned applications are detected, organizations need to properly manage them by identifying

o   Business needs,

o   Risk and compliance issues,

o   Frequency and usage patterns of these applications,

o   Opportunities for streamlining and cost reduction

·       Maintain an Approved List of Software

Once the applications are detected and evaluated as mentioned above, organizations need to create a list of approved and unapproved apps and share with employees to remind them of what is accepted within the company. 

Having an approved list of software will certainly help the IT team to regulate the type of software that can be installed on computers.

·       Regulate access to approved software through perimeter security controls.

organizations shall implement necessary controls at the perimeter firewalls to regulate and control the access to allowed SaaS offerings and websites by configuring URL filtering and application signature filtering in the firewall. This shall be decided after conducting a comprehensive survey of business requirements and with the approval of senior management on the new strategy to regulate shadow IT.

·       Registering allowed devices that can be connected to Corporate network:

There are several technical controls that can be implemented within organization's existing network infrastructure to control access to the office network. For example WiFi enterprise Authentication, Switch port security, Network access controllers etc can be used.

·       Conduct Awareness sessions to educate end users.

Lack of awareness of authorized solutions may drive employees to select unauthorized solutions.

·       Establish a Procedure for New Technology Purchases

Organizations need to establish a procedure to ensure the security and the business requirement of new purchases of SaaS and any other applications and IT technologies. Employees require prior approval for any new purchases rather than they make their own purchase decisions with company given credit cards.

·       Response Quickly to Purchase Requests

IT team also need to speed up the response time and reduce the evaluation period for tech requests. By fast-tracking the decision-making process.

·       Vendor Management

Essential tasks, such as vendor management, needs to be handled by the IT departments as they have a better understanding of the process rather than allowing employees to do so.

·       Establish a Collaborative Culture

Collaborative culture needs to be grown within the organization IT team and business units/employees that need to procure SaaS applications for the growth of the business. It is imperative build relationships with these SaaS buyers. That helps IT Team to know their needs, remove communication barriers, and empower them.

·       Embrace Shadow IT—Securely

No matter how hard organization trying to mitigate Shadow IT within organizations, shadow SaaS will continue to grow. With the growth of SaaS, employees no longer need IT’s assistance or permission to purchase the most powerful applications in the world. They just need an email address and credit card, oftentimes using free accounts that can be upgraded later. Organization shall acknowledge the benefits and create a framework that lets employees use the right tool for the job while maintaining governance and control over the technologies and data of the organization.

 

Thursday, July 7, 2022

Secure remote backups with Rsync and SSH

Many Linux users know rsync as a file transfer utility. Rsync is an efficient tool for automating remote backups of Linux, Windows, and even Mac OS X systems.

Prerequisites:
To perform secure remote backups, rsync and SSH must be installed installed on both local and target remote machine. Rsync can use SSH as a secure transport agent.
Make sure rsync is installed by opening a terminal session and typing rsync --version on each machine. You should see a message like rsync version 2.X.X protocol version X.
To ensure that sshd is running on a remote machine, enter a terminal session and type ssh <user>@<remote IP address>.

When all the prerequisites are met, select the folder that needs to be sync from local to the remote host and create a folder in the destination to store the backed up data.

rsync -avz -e ssh /some/small/directory/ remote_user@remotehost.com:/backup/destination/directory/

Please note that the trailing slash in the source directory causes rsync to copy only the contents of the source directory. Omitting the trailing slash causes rsync to copy both the directory name and its contents to the destination.

Tuesday, March 15, 2022

Dell Inspiron 14 5000 Series with Ubuntu 20.04 does not turn on

Remove kernel

sharma@Sharma-LAP:~/Downloads/new-kernal$ dpkg -l | grep linux-image
ii  linux-image-5.13.0-30-generic              5.13.0-30.33~20.04.1                amd64        Signed kernel image generic
ii  linux-image-generic-hwe-20.04              5.13.0.30.33~20.04.17               amd64        Generic Linux kernel image
ii  linux-image-unsigned-5.16.0-051600-generic 5.16.0-051600.202201092355          amd64        Linux kernel image for version 5.16.0 on 64 bit x86 SMP
sharma@Sharma-LAP:~/Downloads/new-kernal$
sharma@Sharma-LAP:~/Downloads/new-kernal$
sharma@Sharma-LAP:~/Downloads/new-kernal$ dpkg -l | grep linux-head
ii  linux-headers-5.13.0-30-generic            5.13.0-30.33~20.04.1                amd64        Linux kernel headers for version 5.13.0 on 64 bit x86 SMP
ii  linux-headers-5.16.0-051600                5.16.0-051600.202201092355          all          Header files related to Linux kernel version 5.16.0
ii  linux-headers-5.16.0-051600-generic        5.16.0-051600.202201092355          amd64        Linux kernel headers for version 5.16.0 on 64 bit x86 SMP
ii  linux-headers-generic-hwe-20.04            5.13.0.30.33~20.04.17               amd64        Generic Linux kernel headers
sharma@Sharma-LAP:~/Downloads/new-kernal$
sharma@Sharma-LAP:~/Downloads/new-kernal$
sharma@Sharma-LAP:~/Downloads/new-kernal$
sharma@Sharma-LAP:~/Downloads/new-kernal$ sudo apt-get purge linux-image-unsigned-5.16.0-051600-generic






The following steps will remove a given kernel along with its drivers drivers, and lets the package manager know that you don’t want it again if you do an update. You should remove the specific broken kernel and it’s headers, don’t remove the super package linux-generic this is the package that Ubuntu uses to upgrade the kernel and headers when they become available. If you remove it you wont get kernel updates automatically and will have to specifically run apt-get to get them.

    Open Terminal (if it’s not already open)
    List the available kernels:

    dpkg -l | grep linux-image

    Remove the kernel(s) you don’t want:

    sudo apt-get purge linux-image-5.8.0-53-generic

    Remove the headers as well:

    sudo apt-get purge linux-headers-5.8.0-53-generic

    Reboot





wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.16.11/amd64/linux-headers-5.16.11-051611-generic_5.16.11-051611.202202230823_amd64.deb
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.16.11/amd64/linux-headers-5.16.11-051611_5.16.11-051611.202202230823_all.deb
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.16.11/amd64/linux-image-unsigned-5.16.11-051611-generic_5.16.11-051611.202202230823_amd64.deb
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.16.11/amd64/linux-modules-5.16.11-051611-generic_5.16.11-051611.202202230823_amd64.deb



cd ~/Downloads

wget -c https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.16/amd64/linux-headers-5.16.0-051600_5.16.0-051600.202201092355_all.deb
wget -c https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.16/amd64/linux-headers-5.16.0-051600-generic_5.16.0-051600.202201092355_amd64.deb
wget -c https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.16/amd64/linux-image-unsigned-5.16.0-051600-generic_5.16.0-051600.202201092355_amd64.deb
wget -c https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.16/amd64/linux-modules-5.16.0-051600-generic_5.16.0-051600.202201092355_amd64.deb

sudo dpkg -i *.deb
sudo apt -f install






wget -c https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.16.13/amd64/linux-headers-5.16.13-051613_5.16.13-051613.202203082004_all.deb
wget -c https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.16.13/amd64/linux-headers-5.16.13-051613-generic_5.16.13-051613.202203082004_amd64.deb
wget -c https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.16.13/amd64/linux-image-unsigned-5.16.13-051613-generic_5.16.13-051613.202203082004_amd64.deb
wget -c https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.16.13/amd64/linux-modules-5.16.13-051613-generic_5.16.13-051613.202203082004_amd64.deb
                                







mkdir tmp
cd tmp
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.16.11/amd64/linux-headers-5.16.11-051611-generic_5.16.11-051611.202202230823_amd64.deb
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.16.11/amd64/linux-headers-5.16.11-051611_5.16.11-051611.202202230823_all.deb
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.16.11/amd64/linux-image-unsigned-5.16.11-051611-generic_5.16.11-051611.202202230823_amd64.deb
wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.16.11/amd64/linux-modules-5.16.11-051611-generic_5.16.11-051611.202202230823_amd64.deb


sudo dpkg -i *.deb

You'll get an error while installing ..._all.deb since you've got outdated libc6 and libssl3 versions. You'll notice that sudo apt install libssl3 doesn't work, let's fix that.

    Add the Ubuntu 22.04 repo:

sudo add-apt-repository "deb http://ca.archive.ubuntu.com/ubuntu jammy main"

    Now if you try to install libssl3 it'll tell you to run the following command instead:

sudo apt --fix-broken install

    Now I think you're good to go, but I also ran the dpkg command once more to make sure:

sudo dpkg -i *.deb




https://wiki.ubuntu.com/UEFI/SecureBoot/DKMS







Option 1. Install Linux Kernel 5.16 with PPA
Import TuxInvader PPA

The first option to install the Linux 5.16 kernels is to install the ppa:tuxinvader/lts-mainline by TuxInvader. This has some of the most up-to-date 5.16, and the previous 5.15 kernel builds and is often updated regularly.

The drawback is this is an untrusted PPA and not an official release by the Pop!_OS or Ubuntu official teams, but given the history of the PPA, it is safe as any other reputable PPA. You should not be installing this on a sensitive or production-type system anyway.

First, install the LTS Mainline Tuxinvader PPA:

sudo add-apt-repository ppa:tuxinvader/lts-mainline -y

Once installed, update your repository list.

sudo apt update

Next, proceed to the installation of the Linux Kernel. Make sure at this point any sensitive documents are backed up just in case of anything going wrong.
Install Linux Kernel 5.16 from Tux PPA

Next, install the 5.16 generic Linux kernel drivers by executing the following command.

sudo apt-get install linux-generic-5.16 -y

Once complete, you will need to reboot your system for the new kernel to be fully activated.

reboot

Once logged back into your system, run the following command to confirm the new kernel version is running.

sudo uname -r

Example output:

5.16.0-051600-generic

Option 2. Install Linux Kern




Remove a PPA from the source list in the terminal

Not my preferred method at all. I don’t recommend it as well but it gets the job done.

You can remove the PPA from the sources list where these PPAs are stored. PPA repositories are store in the form of PPA_Name.list.

Use the following command to see all the PPAs added in your system:

ls /etc/apt/sources.list.d

Look for your desire PPA here and then remove the .list file associated with the PPA using the following command:

sudo rm -i /etc/apt/sources.list.d/PPA_Name.list

The -i option with rm command asks before removing a file. Consider this a safety check.
Method 4. Remove a PPA by using ppa-purge in the terminal

You might have noticed that in all the above three methods we only talked about deleting or removing a PPA. What about the applications installed using these PPAs? Will they be removed as a result of removing the PPA? The answer is NO.

So this is when PPA Purge comes in picture. It not only disables the PPA but also uninstalls all the programs installed by the PPA or revert them to original version provided by your distribution.

Install ppa-purge by using the following command:

sudo apt-get install ppa-purge

Now use it in following manner to purge the PPA:

sudo ppa-purge ppa-url

The URL of the PPA can be found in the Software Sources list.

I hope you’ll find at least one good method to delete or remove a PPA and uninstall the corresponding applications. Cheers :)