Search This Blog

Monday 13 April 2015

Stop and Think Security Smart

Most of us are already aware that emails can contain hidden nasties but not all of us are aware what we can do to protect ourselves, this guide is to help you know what to do when you get an email that you are unsure of.

The Golden Rules

If you receive an email and you do not know who it is from or what it is about then, stop and think Security Smart.
If you receive a link in Facebook to something you do not know about from a friend, stop and think Security Smart.
If you receive an email attachment and you do not know what it is, stop and think Security Smart.
You would not let someone into your home without Photo ID, do not let the criminals into your Computer without first asking, do I know who you are?

What to do - The Email Attachment

media_1428917766485.png
Here is a classic email attachment malware, the email is sent from a generic fake email address like support@yourcompany.com and is addressed to you, it has an attachment called something.ZIP and it asks you to
Update something on your computer because there is a problem
Take delivery of a parcel or invoice that we are waiting on
Accept a sales enquiry by opening their attached request
In 99.9% of cases these are always a criminal email targetting you, when you see an email like this delete it and then inform our Help Desk and we will investigate for you.

What to do - The FaceBook Video

media_1428918039409.png
Many times we when access Face Book we see a video posted by a friend and we click on it, but when we do we are asked to install a new video player so we can watch it. Note the arrow showing that we need to install a player to see the video.
in 99.9% of cases these are always the criminals again, do not install anything from this site, it will give the criminals access to your Computer.

What to do - The Email Link

media_1428918306598.png
The last common kind of email is the link to the criminals website, note the email above, it looks like it is from Google and it seems to say something that is acceptable and understandable, so you are inclined to click the link.
These are called phishing emails, its just a tech way of saying fishing and the criminals are fishing for you, if you click their link they have hooked you!
If a genuine site needs to contact you, when you next login the site will tell you what you need to do, genuine systems do not send emails like this.
Delete the email and do not click on any links.

How to stop our natural reaction

The criminals are targetting some of our basic instincts
  1. That we are naturally curious to find out more
  2. That we fear we may miss out on something if we do not take action
  3. That we go into automatic mode and do not always stop to think what we are doing
This happens to everyone, it is part of who we are, but all we need to do is stop anytime we are working on our computers and if something is happening you are unsure of or you are being asked to do install something you did not choose to do...
Stop and Think Security Smart!

Friday 28 November 2014

Exchange 2013 CU6 - Mail Enabled Public Folders reject emails externally with a NDR

Users who send emails to a Mail Enabled Public Folder see an NDR when emailing externally even though the folder is set to allow emails without authentication.

NDR after CU6

media_1417171710422.png
When you send an email to the Mail Enabled Publci Folder post CU6 you will receive an NDR such as the above.

Exchange CU6 Update Notes

media_1417171733522.png
The change to the security is explained in the Exchane 2013 CU6 Notes here

Add Anonymous Permissions

media_1417171784962.png
To allow emails to be sent to the folder you can use the above Power Shell to enable Anonymous CreateItems permission on the folder.
Add-PublicFolderClientPermission "\Customer Feedback" -AccessRights CreateItems -User Anonymous

Monday 8 September 2014

Shadow Protect Server does not connect when you change a Server Computer Name

If you change the Computer Name of a Server with Shadow Protect Installed you will need to change the name in the applicaiton before it will connect to the service.

1. Disconnected State

media_1410167949244.png

When you open Shadow Protect you will see the server is in a disconnected state and will show the error The RPC server is unavailable. In this case the server needs to be renamed from DAG to THUR

2. Rename Server

media_1410167956123.png

Right click on the server and choose Edit.

3. Edit Server Details

media_1410167962196.png

Under the Server Name and Server Address change the name to be the correct Computer and NetBios Name.

4. Restart Service

media_1410167988957.png

You now need to restart the ShadowProtect Service.

media_1410168063824.png

Tuesday 15 July 2014

How to delete files from a QNAP NAS using SSH

Sometimes a QNAP NAS can get so full you cannot access it via SMB or delete files via the Web Management. Here is how to remove files via SSH.

Login to the Device via SSH using putty

media_1397129217652.png
Open putty and connect to the NAS via the Management IP address using SSH

Login

media_1397129239523.png
Login to the device with Admin User only

List the Mount Points

media_1397129646501.png
Use the command df to show the mount points on the disks. On a QNAP NAS look for the folders /share/MD0_DATA

Change Folder

media_1397129728042.png
Use the command cd /share/MD0_DATA to change to that folder

Show Shares

media_1397129733495.png
You now show the shares on your QNAP NAS with the command ls

Change to Folder to be Deleted

media_1397129750088.png
To delete a folder, change to the parent folder and then you are ready for remove the folders and files

Remove Folders

media_1397131147295.png
You can then remove the folders and files with the command
rm -rf /share/MD0_DATA/ShareName/Folder

Confirm the Disk Space Reduction

media_1397129898597.png
In the Web Management GUI you can now confirm the disk space as it reduces

Cannot access Network Shares on Windows 8

I had an instance where I had a Windows 8 laptop with a local Administrator but when I tried to browse to the C$ share I was displayed the error "multiple connections are not allowed"  from command line I got an Access Denied message.  All this was even though I was using the right credentials.

It turns out to be a UAC filtering policy in Windows 8 that blocks access unless you use Remote Desktop to the OS.

The solution is in this Microsoft KB article http://support.microsoft.com/kb/951016

A big thanks to Helge Klein for this one.

http://helgeklein.com/blog/2011/08/access-denied-trying-to-connect-to-administrative-shares-on-windows-7/

Thursday 3 July 2014

Hosted Exchange - How to check if a Mailbox allows Outlook Anywhere

Some Mailboxes in Hosted Exchange may not allow Outlook Anywhere, this is when they have been created as Basic Users and have been upgraded to Standard Users. The guide shows how to check this and how to rectify this.

#1 Get-CASMailbox

media_1404378896854.png

Open the Exchange Management Shell and run the commandlet Get-CASMailbox user.name@domain.com | FL

This will now display all the properties for the CAS Mailbox.

#2 MAPIBlockOutlookRpcHttp

media_1404378902317.png

Check the property MAPIBlockOutlookRpcHttp if this is set to True then the user is blocked from Outlook Anywhere.

#3 Change Setting

media_1404378944523.png

Extend the commandlet to change the setting for the mailbox using the boolean setting True False

Get-CASMailbox user.name@domain.com | Set-CASMailbox -MAPIBlockOutlookRpcHttp $false

#4 Check Change

media_1404378958112.png

Run the Get-CASMailbox user.name@domain.com and check the setting has now changed to False

Monday 30 June 2014

UPS - How to configure an APC UPS Management Card

Configuring a APC UPS Management card is not difficult you just need to be patient and make sure it is all done right.

#1 Login

media_1404151121072.png

The default login for an APC is apc and apc

#2 Status

media_1404151154912.png

Once logged on you can see the Status of the device, the internal temperature and runtime are important to note.

#3 Configuration - Power Settings

media_1404151208866.png

Choose the Configuration, Power Settings option and then set the Rated Output Voltage to your country voltage, this is 240V in the UK.

#4 Configuration - Shutdown

media_1404151235583.png

Choose the Configuration, Shutdown option and then for Low Battery Duration select a time no less than 10 minutes otherwise you will not have enough time to shut down your servers before the UPS discharges.

#5 Administration - Local Admin

media_1404151298920.png

Choose the Administration, Local Users, Administrator option and set the User Name to ups-admin and set a password.

#6 Administration - Device

media_1404151311279.png

Choose the Administration, Local Users, Device option and uncheck the Access Box to disable the Device User.

#7 Administration - Read Only

media_1404151336073.png

Choose the Administration, Local Users, Read Only option and set the username to ups-read and set a password.

#8 Configuration Auto Log Off

media_1404151353678.png

Choose the Administration, Auto Log Off option and set the timeout to 10.

#9 DNS

media_1404151389019.png

Choose the Administration, Network, DNS option and then enter your DNS Servers, Host Name and Domain Name.

#10 SMTP Server

media_1404151488053.png

Choose the Administration, Notification, Email, Server option and then enter your SMTP Smart Host and From Address.

#11 Recipients

media_1404151520529.png

Choose the Administration, Notification, Email, Recipients option and enter your email address, change the SMT P Server to recipient.

#12 Test Email

media_1404151547593.png

Choose Administration, Notification, Test and then test to make sure your notification works.

#13 Identification

media_1404151580532.png

Choose the Administration, General, Identification option and enter the details.

#14 Time

media_1404151604931.png

Choose the Administration, General, Date Time option and set the Time Zone, set the NTP Server.

#15 Daylight Savings

media_1404151631480.png

Choose the Administration, General, Daylight Savings option and set the Traditional Daylight Savings.

#16 Date Format

media_1404151641223.png

Choose the Administration, General, Date Time, Date Format and set your regional format.