Featured

Upgrading a Non SSD​ Late 2014 Mac Mini to Fusion Drive

Introduction

Upgrading a Non-SSD Late 2014 Mac Mini to Fusion Drive. Today I have a little treat for you and hopefully, it will save you a little money in the process, although to be honest if you bought the Hard Disk version of the Late 2014 Mac Mini, you will probably be thinking that the little powerhouse is not really that great.

Continue reading “Upgrading a Non SSD​ Late 2014 Mac Mini to Fusion Drive”

Risks of Using Public Wi-Fi

Introduction

Mobile workers that enable the business to be flexible in working and allows key Team members to work remotely and provide services that would require on-site work, for certain team members this means that key IT infrastructure issues can be remotely brought back online and the issues resolved without the need to travel to site further delaying the resolution with the potential of loss of business and your ability to trade. For other workers, this enables fewer travels and cost savings on desk space as well as allowing team members to be productive whilst on the road.

Synopsys

Allowing team members to work from remote locations comes with advantages. However, remote working is not without its risks. If Team members work from cafés, on trains, or in airports, they are increasing the risks significantly of becoming victims of cybercrime that has the potential to be damaging to your reputation and ability to trade.

Executive summary

When considering whether to connect to the public Wi-Fi network at your local coffee shop, the airport, etc. The massive flaw discovered in WPA2, the encryption standard that secures all modern Wi-Fi networks. These networks are outside of the control of the Security, and Infrastructure teams. This means that IT teams are unable to guarantee that you are not at risk from Cyber Crime.

One of the biggest threats with free Wi-Fi is the ability for hackers to position themselves between you and the connection point. So, instead of talking directly with the hotspot, you end up sending your information to the hacker. The hacker also has access to every piece of information you send out—emails, phone numbers, credit card information, business data, the list goes on. And once a hacker has that information, you’ve basically given them the keys to the kingdom. While you may think ‘okay, I’m not checking my personal email or logging into my bank account, I’m just checking the sports scores,’ remember anything you do on a public Wi-Fi network is NOT secure. Any information you share or access on these networks is as good as gone.

The mantra of connecting to these Public Free Hotspots should be “Do I REALLY need to connect”.

Risk Matrix Scoring

Risk Probability Ratings:

DescriptionDescriptorScale
May only occur in exceptional circumstances, highly unlikelyVery Low1
Is unlikely to occur in normal circumstances, but could occur at some timeLow2
Likely to occur in some circumstances or at some timeModerate3
Is likely to occur at some time in normal circumstancesHigh4
Is highly likely to occur at some time in normal circumstancesVery High5

Risk Impact Ratings:

DescriptionDescriptorScale
Insignificant disruption to internal business or corporate objectives
Little or no loss of front-line service
No environmental impact
No reputational impact
Low financial loss <£100k
Negligible1
Minor disruption to internal business or corporate objectives
Minor disruption to front line service
Minor environmental impact
Minor reputational impact
Moderate financial loss >£100k <£500k
Marginal2
Noticeable disruption to internal business and corporate objectives
Moderate direct effect on front line services
Moderate damage to environment
Extensive reputational impact due to press coverage
Regulatory criticism
High financial impact >£500k < £1m
Significant3
Major disruption to corporate objectives or front-line services
High reputational impact – national press and TV coverage
Major detriment to environment
Minor regulatory enforcement
Major financial impact >£1m <£2.5m
Critical4
Critical long-term disruption to corporate objectives and front-line services
Critical reputational impact 
Regulatory intervention by Central Govt.
Significant damage to the environment
Huge financial impact >£2.5m
Catastrophic5

Risks of Using Public Wi-Fi

There are dozens of online tutorials showing hackers how to compromise public Wi-Fi, some of them with millions of views. The most common method of attack is known as “Man in the Middle.” In this simple technique, traffic is intercepted between a user’s device and the destination by making the victim’s device think the hacker’s machine is the access point to the internet. A similar, albeit more sinister, method is called the “Evil Twin.” Here’s how it works: You log on to the free Wi-Fi in your hotel room, thinking you’re joining the hotel’s network. But somewhere nearby, a hacker is boosting a stronger Wi-Fi signal off of their laptop, tricking you into using it by labelling it with the hotel’s name. Trying to save time and company money, and recognizing the name of the hotel, you innocently connect to the hacker’s network. As you surf the web or do your online banking, all your activity is being monitored by this stranger.

Below is a table of the most common types of cybercrime that your company could be exposed to from using Free Public Wi-Fi along with the risk probability and the Risk Rating scores.

RiskDescriptionProbabilityRating
Rogue Wi-Fi networks Team Members could be tricked into using a Rogue Wi-Fi Network set up by an attacker. That network enticingly called “Free Wi-Fi” may be set up precisely to harvest your business’s valuable data.4/53/4
Man-in-the-middle attacks. Connecting to free, public Wi-Fi Brings business risks from having your company data intercepted by third parties. This is because hackers have the ability to position themselves between your Team Members who are using the Wi-Fi and the connection point.45
Distribution of malware over unsecured Wi-Fi. Hackers can also use an unsecured Wi-Fi connection to distribute malware. Having infected software on your computers and devices can be financially crippling to your business.35
Snooping and sniffingAnother public Wi-Fi risk is hackers using special software kits enabling them to eavesdrop on Wi-Fi signals. This allows cybercriminals to access everything your remote workers are doing online, potentially enabling them to capture login credentials and even hijack your accounts.44
Malicious attacks through ad-hocsAd hocs are peer-to-peer networks which connect two computers directly. When remote workers use a public Wi-Fi network, their devices are likely to be set to discover new networks, making it possible for hackers to connect directly to them.35
Password and username vulnerabilityUsing a public Wi-Fi makes Team Members vulnerable to having passwords and usernames stolen when you log on.  Websites utilizing secure socket layer or HTTPs provide a needed level of security, however this would still not stop the computer being directly Attacked35
Exposure to worm attacks.Worms act much like viruses, with one key difference. Viruses must have a program to attack in order to successfully compromise a system, while worms can wreak havoc all by themselves. When connected to a public Wi-Fi, you run the risk of a worm travelling from another device that’s connected to the network to your computer.24
Installation of IMRATsIMRATs are malicious in nature and are Remote Control and command pieces of the software that can give an attacker direct access to the computer and remove view both the documents stored, keyboard presses and direct access to the Hard drive and other computer functions, this can even be executed when the computer leaves the Public Wi-Fi and can be undetectable even by firewall and anti malware solutions.45
Physical SecurityNot all security is related to protecting Company network and devices but also that of Team members, loss or stolen laptops and devices can be used to gain access to internal network and may put the user at risk of harm or serious physical injury by using high value assets in a public place34

Mitigations 

Using unsecured public Wi-Fi can allow others to see important emails, encrypted messages and unsecured logins. Of course, it would be possible for a cybercriminal to use the access to hack The Corporate device as well. Here are important steps to take before using public Wi-Fi:

  • Convert to the more secure HTTPS for your website and applications, if you haven’t already done so. HTTPS-enabled websites provide critical security and protect users’ personal information such as login credentials.
  • Set up a virtual private network (VPN) for your company network. This should be an always-on VPN connection to your network, shielding their activity from cybercriminals on public Wi-Fi.
  • Advise remote users to turn off Wi-Fi auto-connect settings and Bluetooth discoverability settings. This helps prevent hackers from gaining direct peer-to-peer access to user devices without them realizing it.
  • Ensure that all remote workers have a firewall enabled on devices at all times.
  • Make sure your network and all worker devices are covered by good anti-malware software–including anti-sniffing protection.
  • Use a mobile hotspot provided through your mobile carrier, or tether laptops to a mobile device, and avoid using public Wi-Fi altogether.
  • Set up policies regarding the above, and periodically educate workers so they understand the risks and the importance of taking protective steps.
  • Turn off file sharing and utilise the Windows and macOS features to enable Public Hotspot mode that will add an extra hurdle to potential hackers to overcome
  • Ensure that you are not shoulder surfed and ensure that you are aware of your surroundings if you feel uncomfortable then pack the laptop away and move to a new more populated area.

Recommendations

To ensure that your business and Team members remain safe both in a cyber and personal way the following recommendations are implemented in addition to providing further information to remote workers on how to remain safe and protect the business from undue risks the following should be put into place

  • An always-on VPN Solution that does not allow split tunnelling 
    • This means that the VPN will always be on and active without the user needing to remember
    • Block all internet traffic that is not sent over the VPN
    • Ensure that Windows updates can be sent over the VPN line
  • Remove the Split tunnel to remove the possibility of connecting to home networked servers or other computers 
    • This will ensure that all traffic is secure
    • No data is to be transmitted outside of the VPN
  • Ensure that all Domain GPO’s are trimmed and one for remote workers is set up to direct the End-User Device to the internal update and SCCM servers
    • This will ensure that DNS issues can be picked it
    • Creates a central GPO that can be quickly edited and audited to resolve any issues
  • Ensure the software firewall is enabled
    • This is a last line of defence but one that should be incorporated
    • Ensure this drops pings so that the EUD is almost invisible to the network
  • Ensure the AV server can push latest DAT’s and other updates to the EUD’s
    • This is going to require good management of the AV server 
  • Use GPO’s to stop the EUD’s being file servers
    • This ensures that the risk of being infected with an IMRAT is lessened
    • Adds to the stealth protections of the EUD
  • Enable GPO to not search and connect to Public or insecure hotspots
    • This takes out the human factor and would require a conscious action
  • Provide all remote workers with privacy screens to protect them from passive “shoulder surfing”

With the above it is also good practice to educate the remote working team members of the dangers not only to the IT infrastructure but to themselves and ensure that they are always conscious of surroundings and what they are doing and to make the decision if the work they are doing is really required to be performed in a public place. 

Conclusion

In 2014 experts from Kaspersky Lab uncovered a very sophisticated hacking campaign called “Dark Hotel.” Operating for more than seven years and believed to be a sophisticated economic espionage campaign by an unknown country, Dark Hotel targeted CEOs, government agencies, U.S. executives, NGOs, and other high-value targets while they were in Asia. When executives connected to their luxury hotel’s Wi-Fi network and downloaded what they believed were regular software updates, their devices were infected with malware. This malware could sit inactive and undetected for several months before being remotely accessed to obtain sensitive information on the device.

What is the best way to protect yourself against these kinds of Wi-Fi threats? Although antivirus protection and firewalls are essential methods of cyber defence, they are useless against hackers on unsecured Wi-Fi networks. The best defence against this is to not risk using something that is inherently insecure in the first place, especially where your IT Team does not have control over what is on and goes in and out of the network to protect its team members and its business interests.

The New Network UnFi’d (The pre story)

Ok, guys as per the previous posts, over here in Sunny Lincolnshire we have a new network, its actually been through a few iterations from the last x6 Airport devices and the Cisco SOHO switch but I thought I would share the new network as it has been asked about since I mentioned it.

Continue reading “The New Network UnFi’d (The pre story)”

Deploying SCCM 2016 Current Branch – Part 3

Awesome so we have made it this far in the current series of posts, it’s not an easy one to write and I know it’s not easy to read, now that we are at the last steps of the installation stage, I am even getting a little tired of doing it. So as a quick overview of what will be coming up in the next few months:

Continue reading “Deploying SCCM 2016 Current Branch – Part 3”

Deploying SCCM 2016 Current Branch – Part 2

Well Part 1 was pretty brutal and it only gets worse for you from here when installing SCCM, I may be a little cynical but I enjoy the configuration of SCCM more that the act of installing everything, I am far too impatient and it has never been an easy task to get SCCM ready for install.

Continue reading “Deploying SCCM 2016 Current Branch – Part 2”

Deploying SCCM 2016 Current Branch – Part 1

Something that I have been doing a lot more of for the last year or so and I have really gotten back into it. I dipped out when SMS 2.0 went over to SCCM 2003 (yes I am that old :o). I went off and did the RIS (Remote Installation Service)  and later WDS (Windows Deployment Service) for which I have done blogs on in the past and I really enjoyed those technologies and playing with the automation, not obvious to the casual observer is that a good grounding in WSUS (Windows Update Services) and WDS makes life a lot easier when it comes to SCCM, a lot of the batch scripting and PowerShell Scripting comes in handy.

Continue reading “Deploying SCCM 2016 Current Branch – Part 1”

I’m Back

Wow, so it has been a hell of a long time between the blog posts and so much has changed and I have so much to share with the world, I would love to have an excuse as to why I have not written a post but I have been from London to Glasgow and everywhere in-between since my last post and I have worked with some very talented individuals and some amazing companies. So I thought I would quickly write this to kind of set a schedule for myself and try and get back into the blogging for the website. 

Continue reading “I’m Back”

Antivirus Software

Firstly sorry for the long delay in posting it has been nearly a year since my last blog post and I am assuming this is going to be written for the pure benefit of myself and google analytics. Its been so long because I have been kept busy by Serco and the Lincolnshire CC account.

Continue reading “Antivirus Software”

P2V Deployments

P2V Deployments – This is a brief outline of the steps required to perform a successful P2V (Physical to Virtual) migration. Whilst this is generally for the use of VMWare converter using a VMWare ESX host. The following steps for Hyper-V and other Server or non-server virtualisation products. I will not go into the full details of how the converter works as this can be found readily on the internet.

Continue reading “P2V Deployments”

Installing and configuring your WDS Server

After yesterday’s post, it really fired me up to do a few more of the old projects, even though my old formatting and typing as well as the information being somewhat out of date I thought I would still go over it and publish it rather than it sitting on the deepest depths of the NAS in a folder labelled “OLD PROJECTS”. Whilst WDS is one of the longest documents I have ever written its still a fascinating piece of underused and unloved technology that has matured over time and is great for deploying Windows Servers and Desktops.

Continue reading “Installing and configuring your WDS Server”

Windows Deployment Server (WDS)

Windows Deployment Server – With all the talk of the Brexit and the unfortunate conclusion, the fear of the new beginnings I thought I would take a break from reading the news and listening to the political ramblings of the masses, and have a throwback Thursday and rehash some of my projects, this to re-write them so that they no longer look like the original and to anonymise the project paperwork so that the original client cannot be discovered.

Continue reading “Windows Deployment Server (WDS)”