Friday, June 21, 2019

Mounting / Unmounting encrypted external drive over command line in Ubuntu 18.04

/ by  / with No comments /

If you have an encrypted external disk (or an internal disk that is not in fstab), you will see an entry for it in Nautilus. You can click on this volume, and am prompted for a password to decrypt and mount the device. However if you want mount and unmount the same over command line.

I follow the below steps to mount and unmount encrypted partitions.

You may require to install cryptsetup first.

sudo apt-get install cryptsetup

To decrypt the volume:

sudo cryptsetup luksOpen /dev/sda1 my_encrypted_volume

Now you can mount it as usual:

sudo mkdir /media/my_device
sudo mount /dev/mapper/my_encrypted_volume /media/my_device

To lock the container again, it needs to be unmounted first:

sudo umount /media/my_device
sudo cryptsetup luksClose my_encrypted_volume

To automatically put it in the /media location, use the udisks tool

sudo udisks --mount /dev/mapper/my_encrypted_volume



Friday, December 7, 2018

Phishing Attacks Dos and Don’ts for Employees

/ by  / with No comments /


Phishing is a fake email, text or social media message with the intent of having you click on a link or open an attachment. By doing so, the criminals are hoping to get you to change your password so they can access your information, get into your computer to find your financial information, or infect your phone, tablet or smartphone with malicious software allowing them to see everything you do.

Dos

  1. Do ask yourself if the email is from someone you know, or if the subject line is odd or suspect.
  2. Do check email content for spelling and grammar mistakes if you feel the email is suspicious.
  3. Do ask yourself if you were expecting a new document or zip file.
  4. Do delete any suspicious emails from your inbox and then from your deleted folder.
  5. Do verify the legitimacy of requests or sources. Look up the company contact information from which the email, text or call claims to be. Then call the company yourself to verify that the email or text is legitimate. If you suspect a credit card scam, hang up with the caller and dial the toll-free number on the back of your credit card to verify the call.
  6. Do participate in up-to-date security training sessions within the com.
  7. Do scan files, received as attachments, for viruses before opening them. "This can be accomplished by going to the downloads folder, right clicking on the file and then choosing 'scan for viruses'".
  8. Do report phishing scams / any suspicious emails to information security department of your organization.

Don’ts

  1. Don’t open suspicious emails claiming to be from Ceylinco Life, any other financial institution, from your friend or other trustworthy organization if you are not expecting them. Common phishing phrases include “verify your account,” “Dear Valued Customer,” “within the next 48 hours,” “click this link” and “open this attachment.”
  2. Don’t click on a link from an email or open an attachment that you're unfamiliar with or even if it’s from someone you know. If you weren’t expecting grandma to send you an email containing your bank statements, for instance, ask her if she did send you something before opening it.
  3. Don’t click on a link or attachments in suspicious emails with grammar and spelling mistakes. Phishing emails are known to contain spelling mistakes and bad grammar; threats; attachments with incorrect or suspicious filenames or extensions (e.g., .zip, .exe, .vbs, .bin, .com, .pif or .zzx); and links for unexpected e-cards, tracking for unknown packages, pictures or videos.
  4. Don’t click — only hover your mouse over — links in suspicious emails to see the real web address. If it doesn’t match the link typed in the message where the email says it will take you, it could lead you to a malicious website or a malicious file as an attachment, which will spread malicious software on your computer. Even if the links match, it’s better not to click links in emails unless you’re absolutely certain it comes from a reliable source.
  5. Don’t provide any personal information (i.e., login, account information, date of birth, social security number, etc.) via email, phone, text or social messages.
  6. Don’t visit websites that contain pirated information. When browsing websites, don’t visit or download files from suspicious websites. If downloading a file, always download it from the vendor’s or author’s website. This will eliminate the chances of getting pirated software.

Clues to Identify Phishing Scams

There are clues that a message is an attack. Here are the most common ones:

  1. A message asking you to click a link to view a statement (often a bank statement, for example).
  2. A tremendous sense of urgency that demands “immediate action” before something bad happens, like threatening to close an account or send you to jail. The attacker wants to rush you into making a mistake. For example, your bank account has been frozen and you need to click the link immediately to rectify the situation.
  3. Pressuring you to bypass or ignore your policies or procedures at work.
  4. A text message with a link telling you your account has been compromised.
  5. Your refund awaits or there's money waiting for you from a lottery or other source. The fraudster is asking you to visit a fraudulent website, click on an attachment or wire money to receive a cash prize (that never arrives).
  6. A generic salutation like “Dear Customer.” Most companies or friends contacting you know your name.
  7. Requesting highly sensitive information, such as your credit card number, password, or any other information that a legitimate sender should already know.
  8. The message says it comes from an official organization, but has poor grammar or spelling or uses a personal email address like @gmail.com.
  9. The message comes from an official email (such as your boss) but has a Reply-To address going to someone’s personal email account.
  10. A funny joke from what seems like a friend or coworker that conceals a malicious link or attachment.
  11. You receive a message from someone you know, but the tone or wording just does not sound like him or her.

Cybersecurity Dos and Don'ts Your Employees Should Follow

/ by  / with No comments /


DO:Check Mark

  1. Use care when entering passwords in front of others
  2. Create and maintain strong passwords and change them every 60-90 days (We recommend a combination of lowercase & uppercase letters and special characters)
  3. Change your password immediately if you suspect that it has been compromised
  4. Report suspicious activity to the IT team/CSIRT to help minimize cyber risks
  5. Protect personal computers and devices with anti-virus/anti-malware software when working remotely, and keep it current

DO NOT:

  1. Allow others to use your login ID or password
  2. Use the same password for every applicationX Mark
  3. Store passwords on a piece of paper or other easily accessible document
  4. Open email or attachments if the sender is unknown or suspicious
  5. ​Get caught by phishing attempts, which can occur via email, phone, instant message, SMS or social media
  6. Provide information such as login IDs, passwords, social security numbers, account numbers, etc. via unencrypted email
  7. Leave your laptop or mobile device unattended while in a public place. Lost or stolen equipment, including mobile devices connected to corporate network, should be reported immediately
  8. Keep open files containing personal or confidential information on your desks or in an unlocked file cabinet when away from your office/desk
  9. Install unauthorized programs on your work (or home) computer
  10. Plug in personal devices without permission from IT

Tuesday, October 30, 2018

How to Turn On Sandbox Feature in Windows Defender Antivirus

/ by  / with No comments /

Sandboxing is a process that runs an application in a safe environment isolated from the rest of the operating system and applications on a computer. So that if a sandboxed application gets compromised, the technique prevents its damage from spreading outside the closed area.

Microsoft Windows built-in anti-malware tool, Windows Defender, has become the very first antivirus software to have the ability to run inside a sandbox environment.

Windows Defender running on Windows 10, version 1703 (also known as the Creators Update) or later, support the sandbox feature, which is not enabled by default, but you can turn the feature on by running following command on your system:
  • Open Start and Search for "CMD" or "Command Prompt"
  • Right Click on it and select "Run as administrator."
  • Type: "setx /M MP_FORCE_USE_SANDBOX 1" and then press ENTER
  • Then restart your computer, that’s it

Tuesday, November 14, 2017

Common Secure Server Setups For Your Web Application

/ by  / with No comments /

I have been receiving many queries from my industry peers regarding the best practice recommendations to securely deploy a web server. In many places the common observation was deploying the web server (i.e. Apache) database server (i.e. MySQL) in a single server. Server could be a physical machine or a virtual machine, they have deployed them in DMZ and have granted access to Internet users.

As best practice guidelines to securely deploy the web server, I recommend below implementations:
  • 3-Tier Architecture is the most secure and scalable solution. Using this architecture the software is divided into 3 different tiers: Presentation tier, Logic tier, and Data tier. Each tier shall be developed and maintained as an independent tier with adequate level of security measures including relevant firewall protections in place.
  • The best placement is to put the database servers in a trusted zone of their own. 
  • Inter-zone communication must be limited to the minimum required for service and monitoring purposes. Only inbound connection from web server to the database server shall be allowed and that shall be enforced at a firewall.
  • Reverse-proxy accepts untrusted connections from the internet, can only connect to services on application servers. A reverse-proxy, Apache+mod_security/varnish/nginx/WAF/whatever, shall be run in the proxy zone and also load-balancing/failover shall be added here if needed too.
  • Load balancers can be added to a server environment to improve performance and reliability by distributing the workload across multiple servers. If one of the servers that is load balanced fails, the other servers will handle the incoming traffic until the failed server becomes healthy again. It can also be used to serve multiple applications through the same domain and port, by using a layer 7 (application layer) reverse proxy.
  • An HTTP accelerator, or caching HTTP reverse proxy, can be used to reduce the time it takes to serve content to a user through a variety of techniques. The main technique employed with an HTTP accelerator is caching responses from a web or application server in memory, so future requests for the same content can be served quickly, with less unnecessary interaction with the web or application servers.
  • You shall configure public IP addressing only in the proxy zone, private addressing elsewhere. Server outside proxy zone shall not have a public IP, NAT, or a default route to the internet.
  • As you will need to comply with PCI-DSS requirements also, you shall ensure that you have firewall at each internet connection and between DMZ, HSZ and other internal networks.
  • To improve performance of a database system that performs many reads compared to writes, such as a CMS, is to use master-slave database replication. Master-slave replication requires a master and one or more slave nodes. In this setup, all updates are sent to the master node and reads can be distributed across all nodes.

Thursday, October 19, 2017

Ransomware for Mobile Devices on the Rise

/ by  / with No comments /


In year 2016 and 2017, malware researchers have spotted a rapid growth in mobile malware including ransomware. Most of the smart phones and other mobile devices either receive no or late operating system updates leaving the device vulnerable to malicious attacks such as advertising trojans that exploit super-user rights.

Mobile ransomware masquerades as a legitimate app in third party app stores, popular games, flash and video players or as a system update. They lurk in to app-stores and also spread by means of exploit kits using yet-unknown vulnerabilities. Further your device could get infected by visiting pornographic websites, forums or clicking on a spam link in text messages.

Blocker ransomware are currently the most popular means to infect mobile devices. On mobiles, they act simply by overlaying the interface of every app with their own, so a victim can’t use any application at all. Sometime these malware lock mobile devices by hijacking the PIN which is used to secure the device. It just uses the device’s own built-in security against you, until you pay the attackers.



How to Protect Your Devices:

  1. Avoid any installation of untrusted applications. Install applications only from official app-stores such as Google Play. To enforce application installations only from trusted sources, go to Android settings, choose Security, and make sure that the “Unknown Sources” box is not checked.
     
  2. Avoid clicking on in-app advertisements. Sometimes in-app ads will direct you to malicious website with exploit kits.
     
  3. Avoid clicking on spam links in text messages.
     
  4. Regularly update your device’s firmware and its installed apps.
     
  5. Install a strong security solution which detects mobile malware.
Reference:
  1. https://www.techrepublic.com/article/report-mobile-ransomware-attacks-soared-in-2017-up-250-in-q1/
  2. https://securelist.com/ksn-report-mobile-ransomware-in-2014-2016/75183/
  3. https://www.kaspersky.com/blog/mobile-ransomware-2016/12491/

Sunday, July 30, 2017

Update (Offline) Ubuntu 16.04 Kernal to Latest Version

/ by  / with No comments /

Recently I was experiencing Wifi connectivity issue on my Ubuntu 16.04. It was running on Ubuntu 16.04 kernal version 4.4.0.x. Even though #lspci command output showed the presence of WiFi Network card, it was not detected by the Ubuntu Network Manager. After couple of trial and error attempts, I decided to upgrade the Ubuntu Kernal to a latest stable version. However due to not having Internet connectivity, I decided to  do it offline. Below are the steps I followed.

To detect the presence of Wifi hardware, I used #lspci command. lspci is s utility for displaying information about PCI buses in the system and devices connected to them.

#lspci
..........
01:00.0 Network controller: Intel Corporation Wireless 3165 (rev 79)
..........

In order to start with offline kernal upgrade, first the required kernel version needs to be downloaded. It can be downloaded from Ubuntu website. To see what kernel versions are available for installations type this into your browser address bar:
http://kernel.ubuntu.com/~kernel-ppa/mainline/ 
 
After deciding the kernel version 4.10.0 to be installed, I downloaded the below listed .deb packages. I didn't want "low latency" just "generic" plus "all".


http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.10/linux-headers-4.10.0-041000_4.10.0-041000.201702191831_all.deb
http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.10/linux-headers-4.10.0-041000-generic_4.10.0-041000.201702191831_amd64.deb
http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.10/linux-image-4.10.0-041000-generic_4.10.0-041000.201702191831_amd64.deb

I wanted to install the 64bit edition. Therefore I downloaded above three packages. Depending on your requirement, you may also need to download three packages (two header packages and one image package).

Given that you have the internet connectivity, you can download them using #wget utility.
cd /tmp
wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.10/linux-headers-4.10.0-041000_4.10.0-041000.201702191831_all.deb
wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.10/linux-headers-4.10.0-041000-generic_4.10.0-041000.201702191831_amd64.deb
wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.10/linux-image-4.10.0-041000-generic_4.10.0-041000.201702191831_amd64.deb

After downloading the above three packages. I entered the below command to installed them. You need to be inside the folder which contain above three *.deb packages..
#sudo dpkg -i *.deb

Upon completion of the installtion process. I updated the Grub using below command.
#sudo update grub

Remember manually installed Kernels like I've just done, are not automatically deleted by Ubuntu. Ubuntu automatically deletes older kernel versions it installs only keeping the current version and the version previous to it. Therefore monitor the size of your /boot directory and periodically remove kernels you manually installed and no longer need. Don't use rm (remove) command, follow instructions found using google.

In addition to the above method, if you have the internet connectivity, Using Ukuu (which stands for ‘Ubuntu Kernel Update Utility’) is another way to do it. This straightforward desktop app help you install a new kernel in Ubuntu, Linux Mint, and other Ubuntu-based distributions, using the “mainline” kernels published by Canonical.
Subscribe to: Comments (Atom)