WDTalk

I had to tackle result5.google this past weekend, and what I thought at first was a virus was actually a re-direct to Russia. One of my friends was having problems searching, as his results were constantly being re-directed to advertising pages. He was running a small three computer network in his home with a Linksys wireless router.

Trying to access or download any type of anti-virus program was fruitless and scans with Microsoft Security Essentials and StopZilla turned up other viruses, but didn’t kill off result5.google. Neither did Malwarebytes.

Searches on Bing and Google returned plenty of posts on how to eliminate this problem, but only one helped – and that was to log onto the router, correct the DNS and change the password, then empty his computers’ history, temp pages and cookies. Seems his router’s DNS had been changed to 213.109.67.169 and 213.109.73.170, which a traceroute revealed pointed to Eastern Europe. When he installed his network, he neglected to change the router’s password from the vendor’s default, leaving himself open to exploits.

Typically, routers are marked with their serial numbers and MAC addresses, and from there you can search the vendors online support pages to determine its IP and how to log on to the router to change its password and settings.

I hope this helps anyone out there who is experiencing this problem.

- Steve

“Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.[No Title]

Microsoft Security Essentials is a free* download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure — when you’re green, you’re good. It’s that simple.

Microsoft Security Essentials runs quietly and efficiently in the background so that you are free to use your Windows-based PC the way you want—without interruptions or long computer wait times.”

I wonder how this offering from Microsoft will impact paid anti-virus software vendors? I know I’ll be installing this on all of my personal computers this evening.

I just read an article this afternoon about the fastest growing security threat in the hosting industry. Apparently this threat has grown over a hundred fold in just the last year alone. What is it?

SQL Injection

Why have SQL injection attempts grown so dramatically? It was pointed out, and I agree, because the bad guys are using (very sophisticated) automated tools. More and more, we’re seeing attempts not only to be disruptive, rather to be focused on identity theft. Anyone remember Heartland Payment Systems and TJX?

Who is Susceptible?

Certainly, if you’re processing lots of credit cards, you need to guard against SQL injection, but even if you aren’t, this exploit needs to be addressed. I did a quick Google search for SQL injection prevention and stumbled upon an SQL Injection Cheat Sheet at http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet. Since most SQL injection exploits are due to lax coding and poor application design practices, prevention measures like those outlined on this site can significantly minimize your risk of being compromised.

From Owasp.org

“SQL Injection flaws are introduced when software developers create dynamic database queries that include user supplied input. To avoid SQL injection flaws is simple. Developers need to either:
a) stop writing dynamic queries; and/or
b) prevent user supplied input which contains malicious SQL from affecting the logic of the executed query.”

I recently read through a thread (about network outages) on WHT that contained 177 pages of posts, 2644 replies and attracted 152,980 views. It was a very powerful thread about the destruction and ensuing consequences of a few very popular web hosting providers. The hacker himself posted in the thread (although his post was deleted rather quickly), claiming it was the provider’s lax security in the assignment of passwords that enabled the attack.  This reinforces a question I routinely pose on this blog.

Is YOUR mission critical data backed up and protected?

A quick Google search for remote backup software returned 6,810,000 results. I’d say that’s significant.

I think everyone agrees that mission critical data needs to be backed up, but how is debatable. In the hundreds of businesses I’ve serviced over the years, most in-house IT departments used DAT tapes. Very few actually physically removed those tapes from their premises every day. Even fewer remotely backed up their data. So maybe the better question to ask would be, “To what degree is your mission critical data backed up and protected?”

As an ex-RMA Manager (for a local networking firm), I witnessed quite a few defective DAT drives doing hard time on my shelves. I’ve also seen my share of managers scrambling to recover lost data following “unscheduled events” like virus contamination or hacks. Do you think it can’t happen to you? Keeping your fingers crossed isn’t the wisest strategy to ensure your business’s continued success.

Disaster Recovery and Business Continuity Plans are Important

I always recommend incorporating comprehensive disaster recovery and business continuity plans, then periodically reviewing their effectiveness. One part of that plan should be remote offsite backups. Very often incorporating a remote backup is as easy as downloading a software client onto your network server or personal computer. Many have setup wizards to walk you through the steps of connecting to the backup server, setting up your backup sets, creating a backup schedule and setting a secret encryption key. Typically, backup sets can be configured to run in a variety of ways – backing up data files at the end of the week or your My Documents folder multiple times per day.

Remote backups traveling across the Internet need to be encrypted so that you and only you have the ability to decrypt your data. I recommend programs that use DES, Triple-DES, Blowfish or Twofish algorithms for encryption.

Measuring the success of the data transfer is important. Look for programs with email notification of successful backups or backups with warnings (with log files attached).

Once your data is remotely backed up

Ok, you’ve backed up your data, but now have a need for one file, or an entire volume of data from two months ago. Is this possible? Simply answered – Yes. There are programs that allow instant access to any version of your data files, from the initial backup to the last incremental backup and EVERY version in between.

Locking down clients

Locking down clients simply refers to implementing procedures to protect critical backup sets from being accidentally changed or deleted, while flexible enough for administers to view and change those settings that control the level of usage each client is offered.

When to backup?

Most organizations schedule backups in the evening, during lulls in their business operations. Some programs allow you to run in silent modes (in the background) without displaying any Windows or Task Bar icons – allowing you to run backups throughout the day.

What if my backup gets interrupted?

Let’s say you start a backup and you lose power. Will the remote server retain the ongoing transfer, or bite the bullet? Features like event managers allow you to resume interrupted backups.

Does remote backup software offer file filters?

Most do – file filters allow you to include or exclude files from the backup selection, mostly via file extensions.

Just the tip of the iceberg

There are so many things that can and do go wrong in business every day. One thing is for sure. If you have hardware, particularly IT hardware, it will go down sooner or later. Power supplies fail, memory modules flake out, hard drives crash, DAT drives melt down – stuff happens. Some issues can be resolved in minutes or hours, but others may take days or weeks.

Backing up your mission critical data is an integral ingredient to averting disaster, but just the tip of the iceberg, in developing and managing a comprehensive disaster recovery and business continuity plan that will ensure your business’s continued success. Step back and ask yourself, “What if?” What if a disgruntled employee, possibly a sys admin, corrupted your main servers, then disappeared? What if your building burnt to the ground? What if that DAT drive refuses to release last night’s tape – holding it hostage with a strangle hold on its recording heads? What if? What if?

Surfing the Internet poses some very real dangers, one of those being phishing. The sole purpose of phishing is an attempt by a criminal to trick you into revealing personal information, while appearing to be from a valid or legitimate source, such as your ISP, hosting provider, financial institution or consultant.  

I recently took an online test to determine my ability to recognize phishing emails or websites. I aced it, but I’ve been in this industry for some time. Countless individuals fall prey to these schemes everyday.

Identity theft is on the rise. Don’t be it’s next victim! Do NOT give out your usernames and passwords, financial information, PIN numbers, your mother’s maiden name,  Social Security number, birthday, pet’s name or any other personal information that may help identify you. This information is used by phishers in an attempt to steal accounts, money, credits or your identity.

Please be wary of any message that asks you for personal information. Primary.Net, nor Hostirian will NEVER send unsolicited messages asking for your password or personal information.