Symmetric IT's Tech Blog


Life's too short for complicated solutions.

8 Tips For Online Safety

8 Tips For Online Safety

We live in a hyper connected age unlike any before it. Your online safety and privacy is at risk on a daily basis. Here are 8 tips to keep you safer online:


1. INTERNET BROWSER SAFETY

New online threats emerge everyday and for the bad guys the race is on to find ways to compromise your browser with malware, security holes and malicious exploits. Your best defense is to ensure that you're using a modern browser such as Mozilla Firefox, Microsoft Edge or Google Chrome. These browsers update themselves automatically to keep ahead of all newly discovered threats. Also consider installing an ad blocker that blocks intrusive ads and unnecessary tracking scripts. An added bonus is a more enjoyable browsing experience by speeding up website load times.

2. EMAIL SAFETY

For all the convenience that email provides it is also one of the most prolific points of entry for scams and malware. There are some basic rules that will help to keep you safe: always assume an email is a scam. Always reject unsolicited advances and messages in your inbox. Be suspicious of all attachments and don't open anything unless you were expecting it, the bad guys are brilliant at hiding their traps in attachments. Lastly, never click on any links within an email.

3. ANTI VIRUS

Stick with a paid product that performs well in anti-virus comparative tests. Free products nearly always come with a catch unfortunately. Windows 10 has built in anti-virus and it's making great strides in efficiency but tends to be outpaced by top tier paid products. Symmetric IT endorses and supplies ESET Anti-Virus products.

4. UPDATES

Software programs nowadays are exploited and compromised mercilessly. If there is a security hole (and there IS) it will be exploited by someone, somewhere. You can't always stay ahead but you can put up a good fight with patches and up to date software. Apple Mac and Windows updates often break legitimate things but the pros outweigh the cons, so next time Windows nags you for an update it's best to let it have its way! (and if you're still on Windows 7, make upgrading to Windows 10 a priority).

5. PASSWORDS

So many passwords to remember! - just make sure you use different passwords for different services. So often victims are cross-compromised because they re-used a password for different services (think about your email password matching your PayPal password..). Secondly, strong passwords go hand in hand with security: Long passwords or even phrases(easy to remember!) with uppercase, lowercase, special characters and non-dictionary words are best.

6. SMARTPHONES

Controversial and very debatable - which smartphone ecosystem is more secure and respects your privacy the most, Apple's IOS or Google's Android? We are of the opinion that the walled garden approach of Apple tends to be more security/privacy oriented than Android's somewhat wild west approach. Whichever you choose, the same safety guidelines apply: Don't install apps thoughtlessly. Check what permissions they require and deny that which they don't. A minimum permission model is what is desired, a dictionary app certainly doesn't need access to your contacts!

7. PRIVACY SETTINGS

Your default privacy settings on all your favorite social media apps and websites often don't have your privacy as their number one concern; they tend to be more concerned with sharing your data with 3rd parties for extra profit. Facebook was caught red handed recently with misusing user personal data. Check each service's privacy settings individually and make sure you are aware of what you are sharing with the general public.

8. BACKUPS

All hard drives and storage media can and will fail eventually, when this does happen, as long as you have backups you will be OK. Ensure that you have multiple backups of your most precious data in more than one place (offsite if possible as well). Backup your smartphone as well - we treat it like a casual accessory but in most cases it's more expensive than a laptop and carries more information!

Hopefully this gives some food for thought when you interact online and how to stay safe while doing it. Comment if you have ideas to add.


More To Read

The government provides great resources that are aligned with Symmetric IT's services:

Protecting Business Data

Keeping Yourself Safe and Secure Online


Symmetric IT is an IT support company in Auckland. Contact us if you need world class IT support.




Image Designed by Freepik


iPhone Privacy Settings

iPhone Privacy Settings

iOS has some privacy settings that are quite often overlooked by casual users. Here are a few settings that should be considered:

1. Location Services App Usage

Applications in iOS11 can be restricted in their use of location services. There are 3 different options available per app:

  1. Always
  2. Never
  3. While Using the App

This is useful to keep a tight leash on how and when an app can use your location. Most apps don't need your location but those that do you can set to only while you are using the app:




Find this under Settings->Privacy->Location Services. Choose an app to change its settings.


2. System Services

iOS has a few system services that also use your location. Find this under Settings->Privacy->Location Services->System Services.




Here you can toggle various system services' ability to use your location. The 7 important items to note are the following:

  • Location based alerts
  • Location based Apple ads
  • Location based Suggestions
  • Significant Locations


  • iPhone Analytics
  • Popular near me
  • Routing & traffic

If you are privacy focused then we suggest disabling these options. The remaining options can be enabled or disabled based on your needs.

An option at the bottom of this screen gives you the ability to have the location icon show on screen when your location is being used by these system services. This is useful if you want to micro manage these services and their location usage (ie, pinpoint exactly what service invokes your location at what point).



3. Analytics

Find this under Settings->Privacy->Analytics. Here are 2 options that you can disable to prevent sending crash reports and other iPhone logs to Apple.



4. Advertising

Find this under Settings->Privacy->Advertising. Enable the option to limit ad tracking.




It's useful to always check these settings after an update to ensure that it hasn't defaulted back to different options.


Opening and Replacing the Hard Drive in a Samsung ATIV ONE 5 DP505A2G

Today we will show you how to replace a Samsung Ativ One 5 DP505A2G hard drive with a solid state hard drive. This is what this particular model looks like:


A neatly designed unit - basically a screen with a built-in laptop mainboard ;).


OPENING THE SAMSUNG DP505A2G

Disassembling this one looks hard but it's actually quite easy, there are no screws to remove on this model - you will need to pry off the back cover. A guitar pick is very useful for this type of situation. A screwdriver is likely to damage the case.

Place the Samsung screen down on a soft cloth or towel. Looking at the back, start in the lower right by the base (see picture below).



You will need to force the pick in between the chrome strip and plastic cover at an angle. You will need quite a bit of force, slide the pick sideways to start unhooking the cover. The cover will make a clicking sound each time a hook 'unclicks'. Slide the pick along the edge around the entire cover to unlatch the whole cover.

With the cover off you can easily replace the RAM and hard drive. Notice the hard drive in the top right corner:



Remove the hard drive and clone to a solid state hard drive. Symmetric IT prefer to use Samsung EVO drives:


Use your favorite cloning software, we recommend Macrium Reflect.


IMPROVEMENTS

Boot up time times improved dramatically after the solid state swap (boot time to a usable desktop):


BEFORE
AFTER
BOOT TIME*
3min+
< 40s

*Even a few seconds make a significant subjective improvement to the user, every second waiting for a PC to boot is like 10 minutes in the real world ;)

General usability has also improved. Things to check after the install: Is Windows and Office still activated? If Windows 7 you can disable disk defragmentation schedules.


CLOSING UP

To reinstall the back cover simply press in back into place, working your way around the edge. It may require a bit of force for the plastic hooks to slide underneath the edge. They do go in with a satisfying 'click'.


Recover Missing or Lost iCloud Contacts

Recover Missing or Lost iCloud Contacts

We had a case recently where iPhone contacts that were synced to an iCloud account suddenly disappeared. During the troubleshooting process the cause was unable to be determined. Either a glitch or via user interaction somehow the some of the contacts were lost/missing.


Logging into the web based side of the iCloud account confirmed the same - missing contacts on the web interface as well. There were no local backup of the contacts unfortunately.

Thankfully Apple provides a way to recover your missing contacts:


1. Log into icloud.com. Go to Settings:

2. Look for "Restore Contacts" towards the bottom under Advanced:

3. Now pick a contact 'set' that you would like to restore. Apple will replace all contacts and then it should sync down to your phone after the restore.

You should in most cases have a history of contacts going back around 1 month.

Hopefully this will help if you have misplaced your contacts.

Notes on Secure Remote Access in an Age of Ransomware

Notes on Secure Remote Access in an Age of Ransomware

Remote access to your servers and other PC's is essential for effective support. The problem is implementing this in a secure manner that only gives you access and keeps everything else out. Ransomware has abused remote desktop and ports exposed to the internet as an attack vector, not just the traditional avenues such as phishing and malicious websites.

In 2017 Wannacry used publicly exposed SMB ports as its primary attack vector and not via a coordinated email campaign. Remote desktop is also often compromised by user accounts with weak passwords, the attacker would guess a common username and brute force password options on the exposed RDP connection.

Let's look at remote desktop and Teamviewer as remote access tools and how to use them securely:

MICROSOFT REMOTE DESKTOP

RDP is still a great remote access tool but needs a few layers of security to make it safe:

  • Ideally the RDP endpoint should not be directly exposed to the internet. RDP should be accessed via a VPN. This reduces the endpoint's attack surface considerably.
  • The RDP default port (3389) should be changed. This can(and should) be done in 2 ways, the first being on the firewall, your firewall should redirect a non-default port to the endpoint. If the endpoint is a Windows machine then you can also change the listening port for RDP on the machine itself. Yes, security by obscurity is not security, it's simply cutting out the noise and adding another layer of 'security'. Changing the internal listening port also means more obscurity on the LAN side.
  • Monitor Security Event Logs for brute force attempts on your RDP endpoint. Event ID 4625 will show failed login attempts. If you have a publicly accessible RDP endpoint on the default port (3389) you will most certainly have a significant amount of failed login attempts in your logs. You'll also notice the attacker probably use different usernames such as 'guest', 'user' etc. Changing the listening port instantly cuts out almost all of the 'noise' from the internet.
  • Audit users every single user that has RDP access. Quite often it is not the administrator account that is compromised, it's usually a secondary account with a weak password. This has been the case in every single ransomware attack on servers that we have encountered.

TEAMVIEWER

A great tool for remote access that can be used in a variety of ways. Teamviewer has sharpened up their security recently after a breach, so this is why we are including them as an option. 2 Factor authentication as well as more control over what devices are allowed to access your Teamviewer account (all new devices should first be verified).

  1. Teamviewer Host is a great tool for unattended access. First and foremost you should have a strong password for access. Secondly 2-factor authentication should also be enabled.
  2. Teamviewer VPN combined with Remote Desktop is also a good combination. Use Teamviewer to establish a VPN to your endpoint. From there you can use traditional Remote Desktop to connect to the endpoint.

Teamviewer handles brute force attacks quite well, preventing multiple password attempts with timeouts but there are more options to configure Teamviewer to be more secure:

  • Disable the random 1 time use password
  • Setup an access Whitelist to only allow yourself
  • Set to lock computer on session finish (Options -> Advanced -> Lock Remote Computer = Always.)

From a security perspective, Teamviewer appears to be quite safe but one always has to consider future security holes that that can be abused to bypass all security layers and gain access to you or your endpoints.

In summary, the fewer ports you expose to the internet, the better. Also consider that no matter how many layers of security you implement, the possibility of software exploits always exist and these can potentially render all security moot.

Hopefully this gives you some ideas to consider when implementing a remote access strategy for your servers or PC's.

Do you use a different strategy? Been bitten once and now have experience? Let us know in the comments.


Symmetric IT provides IT and Computer Support in Auckland.