Are There Cracks In Your Security Foundation?

Security is a game changer for business operations. If you want to take advantage of the benefits of technologies like mobile, cloud, and big data, then security should be your number one priority. Without a secure foundation, your business remains vulnerable to attack. Use these tips to assess the current state of your foundation, fix any cracks you find, and prevent further issues.

Assess your vulnerability to attack

Hackers see small and midsize businesses as low-hanging fruit that often provide the gateway to more lucrative targets. As businesses become more interconnected, hackers can steal information from one business to gain access to another.
For the safety of both your business and others, ask the hard-hitting questions:

  • When did you last perform a security audit of your business functions?
  • Have you installed the recommended patches and upgrades for all devices that access your data, including employee mobile devices?
  • Do you update business policies to match current threats?
  • Do your employees know how hackers gain access to private data?
  • Do you enforce strong password use and two-factor authentication?
  • Do you have an incident response plan if an attack occurs?

An assessment answers these questions and reveals weaknesses in your defenses.

Fix foundation cracks

Mobile. Cloud. Big data. Without strong, secure networks, you cannot safely protect your business from the related threats and risks attending these technologies.
To many companies, mobile devices are vital to operations, and changes in apps, devices, and operating systems plague these devices with frequent security issues. Mobile application management (MAM) and mobile device management (MDM) can close the gaps and back doors hackers exploit. Educate employees on safe mobile device use and why policy enforcement is necessary.

Today, many businesses mix public and private cloud-based technology with on-premise traditional infrastructure. Your organization should determine the safest place to store data, how it is accessed, and how much protection surrounds it. Encryption and access control policies can protect sensitive data no matter where it resides on the network. Sound backup and disaster recovery plans can prevent downtime if an attack leads to data theft or destruction.

Businesses gather and store mountains of business data to achieve greater customer insight and competitive advantage. Event filtering, automated log scanning, and attack path analysis can reveal security risks in real time.

Prepare for future attacks

Security isn’t a one-time task. Your business should continually address vulnerabilities and cyber crime innovations by:

  • Planning frequent security audits to uncover and fix weaknesses.
  • Reviewing policies to ensure they address new threats.
  • Teaching employees to recognize malicious threats that aim to dupe them into providing unauthorized access to sensitive data.
  • Enforcing the basics, including strong passwords, software patches and upgrades, role-based access control, and white-listed and black-listed apps.
  • Creating backup and disaster recovery plans.
  • Preparing for the worst by creating incident response plans for the most likely attack types.

No single action will secure your business. Hackers seek cracks wherever they can find them. A solid foundation will force these criminals to look elsewhere.

Share XP Files With Windows 10

Summary

With Windows XP, you can share files and documents with other users on your computer and with other users on a network. There is a new user interface (UI) named Simple File Sharing and a new Shared Documents feature. This article describes the new file sharing UI and discusses the following topics:

  • How to turn Simple File Sharing on and off
  • How to manage and configure levels of access to shares and files
  • Guidelines for file sharing in Windows XP
  • Advanced troubleshoot file sharing problems
INTRODUCTION

On a Windows XP-based computer, you can share files among both local and remote users. Local users log on to your computer directly through their own accounts or through a Guest account. Remote users connect to your computer over the network and access the files that are shared on your computer.

You can access the Simple File Sharing UI by viewing a folder’s properties. Through the Simple File Sharing UI, you can configure both share and NTFS file system permissions at the folder level. These permissions apply to the folder, all the files in that folder, subfolders, and all the files in the subfolders. Files and folders that are created in or copied to a folder inherit the permissions that are defined for their parent folder. This article describes how to configure access to your files, depending on permission levels. Some information that this article contains about these permission levels is not documented in the operating system files or in the Help file.

More information

With file sharing in Windows XP, you can configure five levels of permissions. You can configure Levels 1, 2, 4, and 5 by using the Simple File Sharing UI. To do this, right-click the folder, and then click Sharing and Security to open the Simple File Sharing UI. To configure Level 3, copy a file or a folder into the “Shared Documents” folder under “My Computer.” This configuration does not change when you turn on or turn off Simple File Sharing. Level 1 is the most private and secure setting, while Level 5 is the most public and the most changeable (nonsecure) setting.

Turning on and turning off Simple File Sharing

Note Windows XP Home Edition-based computers always have Simple File Sharing enabled.

By default, the Simple File Sharing UI is turned on in Windows XP Professional-based computers that are joined to a workgroup. Windows XP Professional-based computers that are joined to a domain use only the classic file sharing and security interface. When you use the Simple File Sharing UI (that is located in the folder’s properties), both share and file permissions are configured.

If you turn off Simple File Sharing, you have more control over the permissions to individual users. However, you must have advanced knowledge of NTFS and share permissions to help keep your folders and files more secure. If you turn off Simple File Sharing, the Shared Documents feature is not turned off.

To turn Simple File Sharing on or off in Windows XP Professional, follow these steps:

  1. Click Start, and then click My Computer on the desktop.
  2. On the Tools menu, click Folder Options.
  3. Click the View tab, and then select the Use Simple File Sharing (Recommended) check box to turn on Simple File Sharing. (Clear this check box to turn off this feature.)

Managing levels of access to shares and to files

You can use Simple File Sharing to configure five levels of access to shares and files:

  • Level 1: My Documents (Private)
  • Level 2: My Documents (Default)
  • Level 3: Files in shared documents available to local users
  • Level 4: Shared Files on the Network (Readable by Everyone)
  • Level 5: Shared Files on the Network (Readable and Writable by Everyone)

Notes

  • By default, files that are stored in “My Documents” are at Level 2.
  • Levels 1, 2, and 3 folders are available only to a user who is logging on locally. Users who log on locally include a user who logs on to a Windows XP Professional-based computer from a Remote Desktop (RDP) session.
  • Levels 4 and 5 folders are available to users who log on locally and remote users from the network.

The following table describes the permissions:

Access Level Everyone (NTFS/File) Owner System Administrators Everyone (Share)
Level 1 Not available Full Control Full Control Not available Not available
Level 2 Not available Full Control Full Control Full Control Not available
Level 3 Read Full Control Full Control Full Control Not available
Level 4 Read Full Control Full Control Full Control Read
Level 5 Change Full Control Full Control Full Control Full Control
 Level 1: My Documents (Private)

The owner of the file or folder has read and write permission to the file or folder. Nobody else may read or write to the folder or the files in it. All subfolders that are contained in a folder that is marked as private remain private unless you change the parent folder permissions.

If you are a Computer Administrator and create a user password for your account by using the User Accounts Control Panel tool, you are prompted to make your files and folder private.

Note The option to make a folder private (Level 1) is available only to a user account in its own My Documents folder.

To configure a folder and all the files in it to Level 1, follow these steps:

  1. Right-click the folder, and then click Sharing and Security.
  2. Select the Make this Folder Private check box, and then click OK.

Local NTFS Permissions:

  • Owner: Full Control
  • System: Full Control

Network Share Permissions:

  • Not Shared

Level 2 (Default): My Documents (Default)

The owner of the file or folder and local Computer Administrators have read and write permission to the file or folder. Nobody else may read or write to the folder or the files in it. This is the default setting for all the folders and files in each user’s My Documents folder.
To configure a folder and all the files in it to Level 2, follow these steps:

  1. Right-click the folder, and then click Sharing and Security.
  2. Make sure that both the Make this Folder Private and the Share this folder on the network check boxes are cleared, and then click OK.

Local NTFS Permissions:

  • Owner: Full Control
  • Administrators: Full Control
  • System: Full Control

Network Share Permissions:

  • Not Shared

Level 3: Files in shared documents available to local users

Files are shared with users who log on to the computer locally. Local Computer Administrators can read, write, and delete the files in the Shared Documents folder. Restricted Users can only read the files in the Shared Documents folder. In Windows XP Professional, Power Users may also read, write, or delete any files in the Shared Documents Folder. The Power Users group is available only in Windows XP Professional. Remote users cannot access folders or files at Level 3. To allow remote users to access files, you must share them out on the network (Level 4 or 5).

To configure a file or a folder and all the files in it to Level 3, start Microsoft Windows Explorer, and then copy or move the file or folder to the Shared Documents folder under My Computer.

Local NTFS Permissions:

  • Owner: Full Control
  • Administrators: Full Control
  • Power Users: Change
  • Restricted Users: Read
  • System: Full Control

Network Share Permissions:

  • Not Shared

Level 4: Shared on the Network (Read-Only)

Files are shared for everyone to read on the network. All local users, including the Guest account, can read the files. But they cannot modify the contents. Any user can read and change your files.

To configure a folder and all the files in it to Level 4, follow these steps:

  1. Right-click the folder, and then click Sharing and Security.
  2. Click to select the Share this folder on the network check box, click to clear the Allow network users to change my files check box, and then click OK.

Local NTFS Permissions:

  • Owner: Full Control
  • Administrators: Full Control
  • System: Full Control
  • Everyone: Read

Network Share Permissions:

  • Everyone: Read

Level 5: Shared on the network (Read and Write)

This level is the most available and least secure access level. Any user (local or remote) can read, write, change, or delete a file in a folder shared at this access level. We recommend that this level be used only for a closed network that has a firewall configured. All local users including the Guest account can also read and modify the files.

To configure a folder and all the files in it to Level 5, follow these steps:

  1. Right-click the folder, and then click Sharing and Security.
  2. Click to select the Share this folder on the network check box, click to select the Allow network users to change my files check box, and then click OK.

Local NTFS Permissions:

  • Owner: Full Control
  • Administrators: Full Control
  • System: Full Control
  • Everyone: Change

Network Share Permissions:

  • Everyone: Full Control

Note All NTFS permissions that refer to Everyone include the Guest account.

All the levels that this article describes are mutually exclusive. Private folders (Level 1) cannot be shared unless they are no longer private. Shared folders (Level 4 and 5) cannot be made private until they are unshared.

If you create a folder in the Shared Documents folder (Level 3), share it on the network, and then allow network users to change your files (Level 5), the permissions for Level 5 are effective for the folder, the files in that folder, and the subfolders. The other files and folders in the Shared Documents folder remain configured at Level 3.

Note The only exception is if you have a folder (SampleSubFolder) that is shared at Level 4 inside a folder (SampleFolder) that is shared at Level 5. Remote users have the correct access level to each shared folder. Locally logged-on users have writable (Level 5) permissions to the parent (SampleFolder) and child (SampleSubFolder) folders.

Note If you are not comfortable with the information that is presented in this section, ask someone for help or contact support. For information about how to contact support, visit the Microsoft Help and Support contact information Web site:

Guidelines

We recommend that you only share folders on the network that remote users on other computers must access. We recommend that you do not share the root of the system drive. When you do this, your computer is more vulnerable to malicious remote users. The Sharing tab of the drive’s Properties dialog box contains a warning when you try to share a root folder (for example, C:\). To continue, you must click the If you understand the risk but still want to share the root of the drive, click here link. Only computer administrators can share the root of the drive.

Files on a read-only device such as a CD-ROM shared at Level 4 or 5 are available only if the CD-ROM is in the CD drive. Any CD-ROM that is in the CD drive is available to all users on the network.

A file’s permission may differ from the parent folder if one of the following conditions is true:

  • You use the move command at a command prompt to move a file into the folder from a folder on the same drive that has different permissions.
  • You use a script to move the file into the folder from a folder on the same drive that has different permissions.
  • You run Cacls.exe at a command prompt or a script to change file permissions.
  • Files existed on the hard disk before you installed Windows XP.
  • You changed a file’s permissions while Simple File Sharing was turned off on Windows XP Professional.

Note NTFS permissions are not maintained on file move operations when you use Windows Explorer with Simple File Sharing turned on.

If you turn on and turn off Simple File Sharing, the permissions on files are not changed. The NTFS and share permissions do not change until you change the permissions in the interface. If you set the permissions with Simple File Sharing enabled, only Access Control Entries (ACEs) on files that are used for Simple File Sharing are affected. The following ACEs in the Discretionary Access Control List (DACL) of the files or folders are affected by the Simple File Sharing interface:

  • Owner
  • Administrators
  • Everyone
  • System

Advanced troubleshooting for configuring file sharing in Windows XP

Note This section is intended for advanced computer users. If you are not comfortable with advanced troubleshooting, ask someone for help or contact support. For information about how to contact support, see the Microsoft Help and Support contact information Web site:

Expected upgrade behavior

A Windows 2000 Professional-based or a Windows NT 4.0-based computer that is joined to a domain or a workgroup that is upgraded to Windows XP Professional maintains its domain or workgroup membership respectively and has the classic file sharing and security UI turned on. NTFS and share permissions are not changed with the upgrade.

By default, if you upgrade a computer that is running Microsoft Windows 98, Windows 98 Second Edition, or Windows Millennium Edition that has “per share” sharing permissions to Windows XP, Simple File Sharing is always turned on. Shares that have passwords assigned to them are removed, and shares that have blank passwords remain shared after the upgrade.

If you upgrade a computer that is running Windows 98, Windows 98 Second Edition, or Windows Millennium Edition to Windows XP Professional and that computer is logged on to a domain, if that computer has share level access turned on and joins the domain while the Setup program is running, the computer starts with Simple File Sharing turned off.
By default, a Windows 98, Windows 98 Second Edition, or Windows Millennium Edition-based computer that is upgraded to Windows XP Home has Simple File Sharing turned on.

Known issues

For remote users to access files from the network (Levels 4 and 5), the Internet Connection Firewall (ICF) must be disabled on the network interface that the remote users connect through.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

298804 Internet firewalls can prevent browsing and file sharing

When Simple File Sharing is turned on, remote administration and remote registry editing does not work as expected from a remote computer, and connections to administrative shares (such as C$) do not work because all remote users authenticate as Guest. Guest accounts do not have administrative rights. When Simple File Sharing is turned on, if you configure specific user ACEs, remote users are not affected when Simple File Sharing is turned on because all remote users authenticate as Guest when Simple File Sharing is turned on.

Remote users may receive an “Access Denied” message on a share that they had connected to successfully before. This behavior occurs after the hard disk is converted to NTFS. This behavior occurs on Windows XP-based computers that have Simple File Sharing turned on that were upgraded from Windows 98, Windows 98 Second Edition, or Windows Millennium Edition. This behavior occurs because the default permissions of a hard disk that is converted to NTFS do not contain the Everyone group. The Everyone group is required for remote users who are using the Guest account to access the files To reset the permissions, stop sharing, and reshare the affected folders.

Behavior that is affected when Simple File Sharing is turned on

  • The Simple File Sharing UI in the properties of a folder configures both share and file permissions.
  • Remote users always authenticate as the Guest account.For more information, click the following article number to view the article in the Microsoft Knowledge Base:
    302927 Computer Management displays user account names when logged on as Guest
  • Windows Explorer does not keep permissions on files that are moved in the same NTFS drive. The permissions are always inherited from the parent folder.
  • On Windows XP Professional-based computers that have Simple File Sharing turned on and Windows XP Home Edition-based computers, the Shared Folders (Fsmgmt.msc) and Computer Management (Compmgmt.msc) tools reflect a simpler sharing and security UI.
  • In the Computer Management and Shared Folders consoles, the New File Share command is unavailable when you right-click the Shares icon. Also, if you right-click any listed share, the Properties and Stop Share commands are unavailable.

Behavior that is not caused by turning on Simple File Sharing

  • In Windows XP Home Edition, the Computer Management snap-in does not display the Local Users and Groups node. The Local Users and Groups snap-in cannot be added to a custom snap-in. This behavior is a limitation of Windows XP Home Edition. It is not caused by Simple File Sharing.
  • If you turn off the Guest account in the User Accounts Control Panel tool, only the guest’s ability to log on locally is affected. The account is not disabled.
  • Remote users cannot authenticate by using an account that has a blank password. This authentication is configured separately.
  • Windows XP Home Edition cannot join a domain. It can only be configured as a member of a workgroup.For more information, click the following article number to view the article in the Microsoft Knowledge Base:
    303606 Can log on without password by using Guest account after upgrade from Windows 2000
References

For information about how to configure file sharing in Windows Vista, visit the following Microsoft Web site:

Properties

Article ID: 304040 – Last Review: 06/19/2014 13:14:00 – Revision: 19.0

    • Microsoft Windows XP Home Edition

  • Microsoft Windows XP Professional

Crooks Launch ‘Customer Service’ Website For Victims

By Herb Weisbaum

Now here’s a first — crooks who realize the importance of customer service.

It’s the latest twist in the global CryptoLocker ransomware attack. This diabolically nasty malware locks up all of the victim’s personal files — and in some cases, backup files, too — with state-of-the-art encryption. The bad guys have the only decryption key and they demand $300 or two Bitcoins to get it.

“It’s been a disaster for many of the people hit with it,” said Lawrence Abrams who has been tracking the spread of this infection on BleepingComputer.com

Within the past few days, the criminal gang behind CryptoLocker created a site for victims who need help making their required extortion payments.

“These guys have some big cojones,” said security expert Brian Krebs, who writes the blog KrebsOnSecurity.

The CryptoLocker Decryption Service allows victims to check the status of their “order” (the ransom payment) and complete the transaction. I am not making this up!

Those who paid the ransom (with either Green Dot cards or Bitcoins), but did not get the decryption key — or got one that didn’t work — can download it again.

Those who missed the 72-hour deadline can also get their key, but the price jumps from two Bitcoins to 10. At today’s market value, that’s nearly $4,000. And Green Dot is not accepted with this extended-deadline service.

Why are the CryptoLocker crooks doing this?

“They were leaving money on the table,” Abrams told me. “They created this site to capture all of the money they were losing because people couldn’t figure out how to make the ransom payment or missed the deadline.”

The bad guys also ran into some technical problems after they launched their attack. It turns out that when antivirus software removes CryptoLocker from an infected computer, the victim can no longer pay the ransom and decrypt their files. To do that, they had to re-install the CryptoLocker malware, something that was not only weird, but cumbersome.

By using the customer service site, victims can get a key that will unscramble their files without the need to re-infect their computers.

Is this the new reality?

Law enforcement and cyber security experts always advise victims of ransomware attacks not to pay the ransom. After all, that extortion money goes to fund a criminal operation, and there’s no guarantee the files will be released.

But when you’re the victim, when all of your data has been encrypted and you don’t have a suitable backup, you’re faced with two choices: pay up or have those files frozen forever. That’s why so many people are paying and why security experts fear more of this nasty malware is on the way.

“Anytime you see an underground business that is doing well, you will always see more people copying it,” said Krebs. “Unfortunately, I think these destructive attacks are here to stay and they’re only going to get worse and more intense.”

Sean Sullivan, security advisor at F-Secure, agrees.

Until now, ransomware attacks have been limited by the lack of a global payment method. It took a lot of work to get paid in different parts of the world. Bitcoin, the new digital currency, solves that problem.

“CryptoLocker, using Bitcoin, might finally have reduced the overhead of not having a global form of payment,” Sullivan said. “We’re getting to the tipping point where ransomware will become epidemic because it’s not that hard to get paid anymore.”

New zip file being send

BleepingComputer.com
The new CryptoBlocker delivery vehicle is a Zip file that requires a password to open. This is designed to fool antivirus software that can now detect the malware hidden in a regular zip file. Open that file and your files are toast.

CryptoLocker: A new method of attack

There are various ways for malware to infect your computer. Security experts tell me CryptoLocker is delivered in a Zip file attachment. Open that attachment and the malware is loaded onto your machine.

Some antivirus software can now detect CryptoLocker hidden in a Zip file and prevent the infection. So, a couple of days ago, the bad guys modified their attack.

According to Lawrence Abrams at Bleeping Computer, the Zip files containing CryptoLocker are now password protected. That little trick gets them past the security software.

Abrams said it appears the password “PaSdIaoQ” is the same for everyone. Open that attachment and your files are toast.

How do you protect yourself?

It’s the same advice you’re heard before: Don’t open attachments from an unknown sender, have up-to-date security software and back-up your files religiously. And because CryptoLocker can compromise files already backed-up, you need to reassess how you do your backups.

Network drives (whether physical or in the cloud) that are always connected to your computer are often vulnerable. Krebs suggests doing a manual backup and then disconnecting the drive when you’re done. It’s a lot more work, but much safer.

Krebs warns that we are now dealing with a new generation of malware. Once it’s done its damage, you cannot undo it yourself.

“This is scary stuff,” he said. “People need to rethink how they protect their important files.”

In a new article on his blog, Krebs recommends two tools that can block CryptoLocker infections: CryptoPrevent from Foolish IT for individual windows users and the CryptoLocker Prevention Kit from Third Tier for small business administrators.

More Info:

Herb Weisbaum is The ConsumerMan

Don’t Click ‘Like’ On Facebook

Facebook has changed the way people do a lot of things online. For example, you probably notice yourself reflexively clicking ‘like’ on anything your friends post on Facebook, even if it’s just to acknowledge you saw it. Scammers are taking advantage of that reflex for a dangerous scam called “like-farming.”

What is like-farming?

Like-farming is when scammers post an attention-grabbing story on Facebook for the express purpose of cultivating likes and shares. Based on the way Facebook works, the more likes and shares a post has, the more likely it is to show up in people’s News Feeds.

Be careful what you like on Facebook.© AP Photo/Mary Altaffer Be careful what you like on Facebook. This gives the scammer more eyeballs for posts that trick people out of information or send them to malicious downloads. The big question, of course, is why Facebook doesn’t stop these posts before they get too big. And that’s where the real scam comes in.

How the scam works

Scammers have found a simple way to fly under the radar during the early phases of their operation. The story they originally post to Facebook has nothing dangerous about it. It’s just a regular story that anyone might post.

Only after the post gets a certain number of likes and shares does the scammer edit it and add something malicious. They might start promoting products or sell the page information in an attempt to get credit card data. In fact, if you go back through your history of liked posts, you might find that some of them have changed to something you wouldn’t have liked in a million years. By the way, if you’re not sure how to review your likes, click here for the step-by-step instructions.

So, what kinds of stories do scammers start with to trick people into liking and sharing?

Posts that should give you pause

One popular type of story is the emotional one. You’ve definitely seen the posts showing rescue animals and asking you to like if you think they’re cute. Or maybe it’s a medical story where you’re asked to like that the person was cured or to let them know they’re still beautiful after surgery.

There are also the posts that ask for a like to show that you’re against something the government is doing, or that you disagree with something terrible happening in the world. Or maybe it’s the ones that say “If I get X number of likes, then something amazing will happen for me” or “I was challenged to get X number of likes.”

Basically, any post that asks you to like it for emotional reasons, unless you know the person who created the original post, is quite probably a like-farm post. Of course, emotional posts aren’t the only types of post you need to watch for.

Other types of scam posts to avoid

There are a lot of scams on Facebook and most of them can be used for like-farming. A popular one, for example, is a post that asks you to like or share so you can win something cool. These pop up most often when Apple launches a new iPhone or iPad.

You might have seen recently during the huge Powerball frenzy people posting on Facebook saying anyone who likes their post will get a share of their winnings. How real do you think those were?

Just on Thursday, police in Australia warned Facebook users of a like farming scam that attempted to lure customers of Qantas Airlines.

What about brain-teaser posts, such as the ones that have you like or share if you can read the words backwards or solve a tricky math problem? Yep, those are often like-farm posts, too.

It isn’t just posts either; it can also be pages. A scammer might set up a page for “I love puppies” or what appears to be a worthy company or organization. It puts up enough content to get a lot of likes, then switches the content to spam and scams. Once you’ve liked the page, everything new the scammers put up goes on your News Feed and, in some cases, your friends’ feeds as well.

How to avoid like-farming

Your best bet to avoid like-farming is to be very judicious about what you like and share on Facebook. Don’t just reflexively click “like” on everything. Take a look at where the post is coming from. If it’s from someone you don’t recognize, it could be a friend of a friend or it could be a complete stranger. It would be good to find out.

Notice the content and whether it promises anything for liking or sharing. If it does, it’s a good clue that it’s a scam of some kind. The same goes if you feel pushed or pressured into clicking like or share.

Don’t forget that, in the end, minimizing your likes is more than just a good security measure. It also reduces the clutter in your friends’ news feeds, and their clutter in yours, so you can all spend more time seeing the really important posts. That’s a win-win for everyone.

Article from MSN Money