Did I DO THAT?!

I was thinking about all the times things went wrong during a conversion and/or migration.   From moving data from one computer or a complete Data Center the basics are the same.   Now a days it is easier than ever, and I know there are tools and companies that promise to take away the guess-work.   If you are not blessed with a budget to do this, but the need this can be helpful.

I try to split everything up into three groups.

1.  Group 1 — We know who owns the hardware and the software and the group affected.

2.  Group 2 — We know who might own the hardware and the software and the groups affected.

3.  Group 3 —  We have what?

Group 1 is easy because you have all the parts and can communicate with the responsible parties to make sure the move is completed and verified correctly.

Group 2 is usually were you spend the most time, because sometimes the data is confused or the owner has changed that nobody knows exactly who has ownership.   I suggest that you look at the logins on the servers and the logins on the application to see who is really using the system.   Then go to those users and admins to see who they report issues too.  The one that cares about any outages usually has ownership.

Group 3 is luck and sometimes wading thru red tape that is in people’s mind.
For example:  A data center had a laptop hooked to a camera that was focused on a key fob that number changed every minute or so.   When we moved the data center we were told that was for an old application and could never be touched.   Not only is this a security risk, but it is considered overly important.   After some investigation the people who used that weren’t even with the company no more because it had been sold off years ago.   So another company was using this camera on a key fob in our data center for there financial gains.   It was supposed to be turned off a year after the other company left, but the C-Level running the project left right after getting the payday.  So we had a camera and a key fob that should have been turned off 2 years prior.   This might not sound like much, but the time and efforts we had put into not touching the system with any upgrades and system wide security patches is a lot of time and money wasted.

So for Group 3 I usually do a much investigating as we can afford, and then there are two options:

1.  Don’t touch it.

2.  Turn it off and see who complains.

With virtualization you can usually clone a server to test the move, but as in my example I would need a camera, laptop, and key fob to move over.

Every migration is a challenge, but a little experience can go a long way.  If you need help please email me at support@cubejumpers.com  or respond to my blogs.  It is good to hear from my readers.  Have a good day.

Drones are the tools but what are drones?

As you may gather I really like drones.  The reason is that most people that spend enough time to learn the IT world are normally not a “Magic Mike XXL”  Body type.   I may be bias on this fact, but lets think more on the mobility side.   I went from being just a mere mortal to being able to jump buildings.    

*Note:  My facts should be right, but if something is let me know and I’ll change it.   No need to flame me.  I personally don’t care how many episodes there are to Star Trek.

What is drone?

Drone is an aircraft with no pilots.

Drone are officially known as unmanned aerial vehicle (UAV). It can be also said that they are flying robot. They are remotely controlled or they fly autonomously through software which guides with the help of GPS.

UAV’s have been mostly used by military but they are also used for search and rescue, surveillance, traffic monitoring, weather monitoring and firefighting, among other things.

 History of drones

Unarmed drones developed by American military organizations were first used in 2000 to fly over Afghanistan they were managed by CIA. They began to fly drone which were armed with missiles and guns after September 11 attacks. They were also used in 2001 air war in Taliban. CIA hadn’t used drone to attack anyone outside military target till February 2002. On 4th Feb 2002 CIA first time used drone for target killings and the target of non-other than Osama Bin laden.

Slowly they it became clear drones were much better to use for surveillance at war place as they can give exact coordinates and no life was at risk while using them.

UK also had a good share of usage of drones for killings and they started using armed drones in 2007.UK has a most notable drone for surveillance usage which is known as Watchkeeper. Watchkeeper was developed jointly by Israeli company and UK based company. UK ordered 54 Watchkeeper and with the cost of ground stations its total cost was £860m.

Some rumors where there that drone will be also having face recognition technology. Its potential alternative uses other than military usage where started as soon as military started finding them as they are quite costly to build.

Changes in usage of drones

Drones were opened to commercial field in 2015. But its development were started as back as 2010.

Drones were developed by courier services for delivering parcel containing food packages or other goods. They are known as parcelcopter.

But it didn’t started well, in 2014 when commercial usage of UAV was started for delivering parcel, it was blocked by FFA in 2014 for delivering goods. The first commercial delivery using UAV was done on 3rd March 2015. After only 10 days on 13th March 2015 FPS took flight to complete first drone based delivery in UK.

In UK an independent franchise tested drone to deliver pizza in 2013 named it as Domicopter.

DHL parcelcopter is successfully delivering parcels in Germany.

Amazon are developing drones for delivery since 2012, they have even completed 9 prototypes. It has been named as Amazon Prime Air.

 

Other Usages of Drone 

  • Drones as a size of Bee are also used for spying by USA militaries since 2012.
  • Healthcare is also highly benefited by this drones. They are used to transport Vaccines and medicines in remote areas in emergencies. There are also drone which carry defibrillators and rapid deliver them in few minutes at a time of cardiac arrest. It also has live stream communication facility so people in control room can instruct how to use defibrillators and what to do till the ambulance arrives.
  • Drones are also use to keep an eye on smuggling, prison smuggling too. As they keep an eye on things being delivered to prison.
  • Google has been planning to use drone for 3D mapping. It can improve images create by satellites. Pix4D’s software creates 3D maps from drone images.
  • Drones transmitting 3D images are also use to keep an eye on deforestation and protecting wildlife by stopping illegal hunting.

Drone which where once just used in science fiction movies today are real. Companies are putting tons of millions of $ in R&D for drones. There commercial market is still open and sky is the limit for them if they are successful.

 

 

 

 

 

633 Words

 

Virtualized Cloud Next Best Thing

What is virtualization?

Cloud is based on ‘virtualization’ to give users more control over cloud. Virtualization is the key to open the locks of operating systems. Like you can setup a virtual computer which is windows based on your Mac. So hypothetically speaking it means that users don’t need to worry that about software running in which OS. While on cloud virtualization is important as sellers won’t know what OS will be used by customer.

 What is cloud?

Cloud the so called next big thing, it has changed how people used to work. It’s one the main benefit is that it is very easy to use. It won’t be wrong to say that cloud has changed how people use to work. It has affected the way people use to travel, now you don’t need to carry your presentation in hard disk etc. It is always with you in your cloud storage. Cloud has user authentication, which means security here is very good. Even cloud is used to mitigate DDOS, so security is really not something you should worry about on the cloud.

Difference between virtualization and Cloud?

Virtualization is one of fundamental element of cloud computing, it helps cloud computing deliver what it states. While cloud computing is a type of on-demand service over the internet.

Using cloud computing is 100% safe? I would say no. Why?

  • Data spoofing, someone else looking what you are doing. Your privacy can be intruded.
  • Government intrusion can be biggest problem for this platform. It is said that rather worrying about privacy on cloud people should more fear from government intrusion.
  • Risk of cyber-attack. Recently what happened with apple icloud has frightened people for using cloud storage.

But what cloud storage gives you is more than what it takes from you. But if you choose the correcCloud Storage has come in the eye of every person, it stores your data online on servers which are running 24×7, so know don’t need to carry them they are just not with you but still one click away. To access those files only one thing is important you need that is internet regardless of any platform you use to access those files, it can be done using PC, laptop, iPhone, iPad, android device or windows based phone. You use Linux or windows it has nothing to do with cloud storage.

It is like one of your hard disk which is located at a remote location and also which doesn’t get corrupted.

 

Cloud storage can be used in many ways like for backup of files, storing pictures, storing highly important office files, etc.

 

What is office365?

Office files are really important document, storing them on cloud solves the problem of losing them. As I earlier said security is not something that you should worry about if your files are on the cloud. Office365 cloud based office solution developed by Microsoft is one of the example. Office365 is direct rival software of Google’s application.

 

New Office365 is designed to take user experience to whole new level. It has encryption based on every file and also expanded data-loss prevention technology for the data stored in SharePoint online or Onedrive.

Office 365 Management Activity API gives data of who is doing what and with whose data stored online is SharePoint Online, Exchange Online, and Azure Active Directory. It makes audit easier for organization.

The Future

Cloud still has many things to provide, major companies are investing high amount of money in cloud R&D as they find that there is still a market to be conquered. It is also founded that in 2011 Microsoft had allotted its 90% R&D budget only for Cloud R&D department.

Does IT Make You Feel Better?

In this country we want to be safe.  As part of that we have created organizations to do this.  The problem is these organizations are not setup to work across non-physical borders.   In the digital age borders are not physical but they are mental blocks on “That is how we have always done it.”   Like the picture on my article.  Somebody put Made in the USA on a mug and charge you more money.  This is like putting someone on hold when they call 911 to go to lunch.   The internet is full of Bull droppings, and the idea you are going to investigate all the wild claims just looks bad.   This is like giving someone a sense of humor, it sounds good in theory but reality it may not work.   How do you weed out the outrageous claims vs the real threats?

As all of you know online privacy is just a myth. FBI, CIA, NSA all are snooping on you. What you type, what you click upon everything is recorded. Every information is being outsourced and watched upon. You might feel you are safe and nothing to do with this all but one wrong word you enter and bam!! FBI is at your door. Yes this how FBI is operating now a days. They are on the verge of controlling what you see online to control what you are being shown. In short it is like will become a puppet.

Edward snowden everyone knows who he is and what he told us. He is the one who exposed that NSA are tracking and snooping your all files by providing those highly confidential documents to the guardian. Those documents also showed that it was not only American spies but it also included Israeli and German spies. Who are involved in warrantless spying of domestic life not only in USA but also overseas. Numerous documents show that, beyond the espionage performed for counterterrorism purposes, the NSA and its partners carried out political and industrial espionage, including the bugging of EU and UN buildings and the collection of phone and email data from Brazil’s Ministry of Mines and Energy.

Private Companies threat to your security

Twitter and Facebook are quite easy to spy. But even private companies store your cookies and clickstream. Like Gmail or Paypal any of would happily outsource your data if FBI come asking even without a warrant. Services like foursquare can also outsource your location as it location based app can locate you with the help of GPS. This companies are tracking your every key stroke online. You’re highly sensitive personal data like Social Security number, phone calls, arrest record, credit card transactions and online viewing preferences as well as your medical and insurance records and even personal prescriptions is also recorded.

Current Incident

We all know that some weeks ago FBI triggered when a person just twitted that he has hacked into plane’s system. Well that can only happen if they are snooping around and it is should be taken lightly now. FBI had no proofs but still they acted and nearly pulled the trigger. It was that he was sure enough that anyone can plug a laptop and play with the plane functions. Later it was announced that Robert was stating this problems since days and he choose twitter to take out the frustration. “I was probably a little blunter than I should have been, I’m just so frustrated that nothing is getting fixed.” This is what Roberts told.

Just like there are many information which can be used against you posted by you. FBI or CIA won’t come without any reason but one wrong information and they are at your doors. If you think it is just US? No you are wrong than. UK is allegedly accused by snowden for tapping fiber optic cable. Even media are tapping now phones. The famous England soccer player Paul Gascoigne whose phone was being tapped by the media for 9 years.

So it is just clear if you are like posting anything online which can be used against you don’t do it. Security can be attained from hackers but from your government no you don’t get it. So you must think about what you are posting as FBI or CIA can jump to you without any warrant.

 

Update Active Directory Data with 2 Command Lines and Excel.

If you go to Microsoft TechNet you can read about all the switches for Get & Set ADUsers, but here is a quick how to and what is usually asked.

1.  Get-ADUser :  If you use this command you will GET AD User Info.  You will not make any changes or accidentally cause global thermal nuclear war.  It is a view only.

Import-Module ActiveDirectory
$date = Get-Date -Format “MM-dd-yyyy_hh-mm-ss”
$File = “Company Name” + $date + “.csv”
Get-ADUser | export-csv -NoTypeInformation $File

———————————————————

1. Import-Module ActiveDirectory    — This loads the AD Module so Powershell knows the commands.
2. $date = Get-Date -Format “MM-dd-yyyy_hh-mm-ss” —  If you run a lot of tests like I do I use a date stamp so I don’t overwrite files.
3. $File = “Company Name” + $date + “.csv”  — Company or App Name just for easy reference.   I reuse these 3 lines on almost every script I use.
4. Get-ADUser -Properties *  | export-csv -NoTypeInformation $File  — This will connect to the domain the computer your running again is connected to.  There are many switches, but this is just a basic how to.

—————————————————————

Now you have this CSV file.  Open it in Excel and save it as an Excel Spreadsheet.   Then you can manipulate anything and everything using Excel.    Copy, Cut, Paste, and Merge to your heart’s content.  Just keep all the rows and don’t change the header row.   Then save the data into a file I call UpdateAD_LongDATE.csv    Then this is where the Set comes into play.

Now you have the File UpdateAD_LongDate.csv that has all the records you want to update.  No new records will be added, just updated.   So I run the Get script one more time to have a backup copy of the current information.   Then you run the Command to Set-ADUsers and instant change-O.

Nothing fancy, but you just updated the entire AD User records with 2 command lines and Excel.   It takes longer for HR, Legal, and IT to agree on policies then it takes to do the work.   If you find someone really good with details and a little OCD.  I would have them work the spreadsheet to make sure the data is the way you want it.   You can change the data as much as you want, but run a Get command every now and then just in case they want you to change it back.  Nothing is worse when you have to make changes so many time it just goes back to the way it was because quote “Easier than fixing the issue.”

Unless you have this set somewhere in your Global Policy or using a key to encode all scripts, you will need to Set-ExecutionPolicy to unrestricted.   Normally I have found that all PowerShell that can be run remotely are put on a single PowerShell running server.   I will be writing in the future why and what my favorite setup for PowerShell is, but right now this will have to do.   Make this change on any computer your running the script from.   It wont run unless you do this.   Also there are other commands out there for earlier versions of PowerShell that still work.   You can even use searches to pull only the data you want.   This is just a quick and dirty way to get a job done with limited skills.

 

No good deed goes unpunished

One of the reasons I like to do this blog is so I can express my thoughts on a subject on news that might not be directly related to security.

*Note:  Game of Thrones spoiler due to a reference, but I think it really proves a point.

Honey, I need you to help me.  Okay Daddy, burn burn burn.

Click Here for Full Article

I was reading MSN this morning and saw this article.  In a nutshell AIG is suing for not making enough on the bailout and want more.   I”m not going to rail on about fair and unfair, and the spirit of blah blah blah, this is a security website.   Why does this matter to me at all?

What are the 3 most important things in any business?

1.  DATA

2. DATA

3. DATA

Everything else can be replaced.  From this article you get people that are trying to own assets that have been “given” to the government due to the bail out.

So here is the rub.  A few days  ago there was a breach into Government Employee Records.  Click Here For More Info:

Does it feel like I am off subject?  You went from talking about unclaimed resources AIG is suing for control by the government and liberated government personnel records?

The largest security hole in the universe is people.  They have vices, wants, and needs.   Any combination can cause them to lose their moral compass for a few hours.   Because right now there are BILLIONS of BILLIONS of Dollars sitting out there that if the owner of that data was to change….   Nah, nobody would do this?  How dare you!  Every person is vetted at the highest level…cough..cough(Snowden).   As Hank Williams Jr sung it, ” For 42 dollars my friend lost his life.”    So if 42 is less than Billions of Billions of dollars then we can conclude yes..someone would kill for it.

I have taken some leaps of faith on this article that might sound wildly stupid.   And I hope they all are, but stranger things have happen.  The “Why” is relevant after the fact to see how someone could be motivate, but most of the time the “How” is what you are looking for.

3 Simple Rules to Keep your Active Directory Safe

Hello World!

A long time ago I heard someone say that GUI will overtake the market and command line will become obsolete.   With a GUI (Graphic User Interface) I can do more with my eyes seeing what I want to find.  AKA “Point and Click”   This is a valid statement for some businesses, but not many.   This usually is the case when the CEO of the corporation is also the Head Janitor.   You get my point.   For the rest of us we use tools to make the data more manageable, and easier to work with.   Usually for large data this leaves S & S (Scripting and Spreadsheet) duty for you to manage your environment.

There a few relativity easy steps you can take to insure your Active Directory is running in peak performance.  Or at least isn’t a complete cluster.

1.  Standardize Data —  This is the most important thing you can do.  For a state don’t use different names and nicknames but an uniformed code or standard acronyms.  Example:  OH, Ohio, and/or Buckeye1.   All three say Ohio, but that can be 3 different searches that might only pick up a small amount of the needed data.

2.  Disable unused Accounts —  If you have a removal or disable process I would take a look at the longest amount of time an account is needed.   Obviously for legal or regulatory reasons you keep your accounts as needed, but disabling and account can be enabled very simply and quickly.   Second to Social Hacking unused and open accounts are the second biggest whole in an AD environment.

Thought:  I use the 90 day policy, but some do 180 days for removal, but disabling them and moving them to an OU that isn’t being used will make sure they are not being used as a Trojan Horse.

3.  Balance between Password and Person.   If you make a password to short I can break in, but if you make it to long it will be written down and I will get it and break in.   People are creatures of habits.  I have found if you make an account length over 8 that most people will write it down.   The best practice I have seen to this dilemma is to make standard user accounts 8 characters, but make service and admin accounts more characters.  The service account passwords should be stored in a password vault anyways, and admin accounts should be held by people who know what they are doing.

 

Low Budget High Damage or Da LBHD BOMB

Companies nowadays are at greater risk of cyber-attack than ever before.

Cybercriminals have found ways to monetize almost every type of data, from Social Security numbers, to payroll, credit card numbers, and personal information of every kind. Once stolen, this information is often sold by the cybercriminal to other entities on the black market. This stolen data is then used to open lines of credit, make fraudulent purchases, carry out medical or insurance fraud, and many other illegal and harmful activities. Companies that have their data stolen often face severe consequences, including lawsuits, fines and penalties, and loss of customers. Large companies such as Target, Home Depot, and Sony, among many others, have all been in the news recently after hacker were able to successfully break into their networks and steal confidential data. These large companies are often able to absorb the impact of a data breach due to their size and resources. Small and medium sized companies fare much worst as they often do not have the required capital to deal with a cyber-attack which compromises customer data. Sadly, there are many cases of small businesses that are forced the shut down after a major breach. 

Cyber security risk should be evaluated by senior management no differently than financial, operational, or legal risk. When evaluating risk, management must weigh the value of their company’s computer resources, data, intellectual property, and other valuable assets, against the probability and impact of a successful breach. Resources should then be allocated accordingly in order to minimize risk. The time and money spent on cyber security should be thought of as an investment into the longevity of the company’s assets, similar to how time and money spent on vehicle maintenance is an investment into the longevity of the vehicle.

 There is no industry recognized figure on how much should be spent on cyber security as variables are different for every company. A popular approach among small and medium sized businesses with limited resources is the risk assessment. A proper risk assessment hinges on the company’s understanding of four factors, assets, threats, criticality of assets, and probability of a threat successfully impacting an asset. Perhaps most importantly, a company must have a good understanding of the assets that it owns, both physical assets like servers and people, and virtual assets like data and intellectual property. Once these assets are defined, the company must identify threats that may possibly impact these assets, such as theft of data by a hacker, natural disaster through a hurricane, or other such threats. Once these two are identified, a chart can be created with two axis, impact and probability. For each group of assets, the company can determine the risk based on the chart. For a given threat, the higher the impact of the threat and the higher its probability of occurrence, the higher the risk is for that scenario. Scenarios with higher risks should be addressed first as they are the most probable and would cause the company the most damage if realized. The risk assessment approach, although not foolproof, is a great way of stopping attacks as it addresses the most critical assets first. These are typically the assets that hackers and cybercriminals are seeking at a company.

 

 

Emergency Service SWATing

Law enforcement in the United States is one of the best equipped and well-funded forces in the world. Every year, Local, State, and Federal government agencies spend Billions of dollars funding and outfitting their law enforcement units. These units include everything from local police and sheriff’s departments, to large agencies such as the FBI and CIA. As well equipped and outfitted as these agencies are, just like any organization, they often make mistakes. Oftentimes these mistakes occur due to incorrect of misleading information. One type of incident that has recently gained popularity are incidents of SWATing.

 

Swatting is the act of tricking an emergency service into dispatching an emergency response team based on the false report of an ongoing critical incident. Episodes range from large to small, from the deployment of bomb squads, SWAT units and other police units and the concurrent evacuations of schools and businesses, to a single fabricated police report meant to discredit an individual as a prank or personal vendetta. Incidents of SWATing are particularly dangerous as they involve armed police or federal agents responding to the home or business of the unaware SWATing victim under the impression that there is an active threat. SWATing incidents in the past have led to injury and even death for either the victim or the responding officers. In one case in 2015 in Sentinel, Oklahoma, Washita County dispatchers received 911 calls from someone who identified himself as Dallas Horton and told dispatchers he had placed a bomb in a local preschool. Washita County Sheriff’s Deputies and Sentinel Police Chief Louis Ross made forced entry into Horton’s residence. Ross, who was wearing a bulletproof vest, was shot several times by Horton. Further investigation revealed that the calls did not originate from the home and led Oklahoma State Bureau of Investigation agents to believe Horton was unaware that it was law enforcement officers making entry. James Edward Holly confessed to investigators that he made the calls with two “nonfunctioning” phones because he was angry with Horton.

 

Cases of SWATing occur because law enforcement jumps to conclusions when they receive an emergency distress call. They assume that the call is legitimate, and that real lives are in danger, and so they respond accordingly. Little effort is spent on verifying that the call is legitimate, mostly because time is of the essence in these types of emergency cases. In order to prevent future cases of SWATing, judges have started doling out lengthy prison terms to the perpetrators of these acts. In 2014, a 15-year-old boy was convicted as a domestic terrorist and sentenced to 25 years to life in federal prison for swatting a gamer. Sources report Paul Horner to be the first person in history to be charged for swatting. Prosecutors in the case were able to prove that Horner made multiple false threats against rival online gamers which resulted in SWAT teams raiding their residences. Law enforcement hope that the risk of imprisonment will be a deterrent for potential future SWATing cases, as currently there are no technological means for preventing such incidents.

With friends and family that work in Emergency Services I think this is one of the most despicable things you can do.  One day it could be you needing Emergency Services and they are busy dealing with some hoax.  This even isn’t a hard thing to do so bragging really makes you look bad.  They give you a number to call them for help, you call, and THEY HELP.  I think there are some parts of public works and safety that should stay neutral ground with the understanding that security needs to be in place to combat this type of threat.  Just because I might sway a few people not to cut off their own noses doesn’t mean someone with other plans wouldn’t or couldn’t exploit the same hole.   Be Cool, but Be Vigilant.

I want a drone

Drones on Amazon:  Click Here

Technology has become an enabling factor in many aspect of our modern world. As technology advances, so does its capabilities and uses. For the past decade, military and police forces throughout the world have been developing and utilizing drones to carry out missions that are impractical or too dangerous for humans to perform. At its inception, drone technology was very expensive and reserved to only the most wealthy governments and organizations. Nowadays, the prices of drones have dropped dramatically and many entry-level models are within the reach of the average consumer. In addition, most countries throughout the world do not prohibit the purchase or use of drones by private citizens.

Although drones have many positive and beneficial uses, as with any technology, there is always a segment of society that will find negative or illegal uses for technology. It’s not difficult to read news stories of people using drones to spy on their neighbors through an open window or over a privacy fence. More harmful cases can be found where criminals used drones to scope out a property before burglarizing it, or keep tabs on police while carrying out a crime. Hackers have even found a way to program drones to steal credit card numbers and personal information by flying over an unprotected WiFi access point.

There are many reasons that drones have become popular as a tool in carrying out crime. Among the most common reasons are:

Separation – Drones are a great way for criminals to separate themselves from the crime. Many off-the-shelf drones available today have the capability to capture video and send the video back to the controller, allowing the criminal to operate at a distance of 100 feet of more. If the drone is detected, or law enforcement shows up to investigate, it is very easy for the criminal to ditch the controller and deny any wrongdoing.

Functionality – Many of the drones available today, even the off-the-shelf units that can be bought at an electronics or toy store, have functionality that couldn’t be imagined only a couple of decades ago. Everything from recording video and audio, picking up and releasing items, and operating at distances of over a quarter-mile from the receiver, help the criminal carry out their crime.

Cost – Just as consumer electronics such as televisions and computers have dropped in price over the past decade, so has the price of more specialized electronics such as drones. A drone that cost several thousand dollars only a few years ago can be purchased today for several hundred.

Stealth – Not only are drones functional, but they are also quiet. Electronic motors help keep noise to a minimum. Criminals that use drones as part of their toolkit benefit from the stealth of the drone as it allows them to get closer to their intended target without being detected.

As with any tool or technology, there are good uses and bad uses. It’s important to be aware that, although there are many beneficial aspects of drone technology, there are also ways that they can be used to cause harm.