Symmetric IT's Tech Blog


Life's too short for complicated solutions.

iPhone Privacy Settings

iPhone Privacy Settings

iOS has some privacy settings that are quite often overlooked by casual users. Here are a few settings that should be considered:

1. Location Services App Usage

Applications in iOS11 can be restricted in their use of location services. There are 3 different options available per app:

  1. Always
  2. Never
  3. While Using the App

This is useful to keep a tight leash on how and when an app can use your location. Most apps don't need your location but those that do you can set to only while you are using the app:




Find this under Settings->Privacy->Location Services. Choose an app to change its settings.


2. System Services

iOS has a few system services that also use your location. Find this under Settings->Privacy->Location Services->System Services.




Here you can toggle various system services' ability to use your location. The 7 important items to note are the following:

  • Location based alerts
  • Location based Apple ads
  • Location based Suggestions
  • Significant Locations


  • iPhone Analytics
  • Popular near me
  • Routing & traffic

If you are privacy focused then we suggest disabling these options. The remaining options can be enabled or disabled based on your needs.

An option at the bottom of this screen gives you the ability to have the location icon show on screen when your location is being used by these system services. This is useful if you want to micro manage these services and their location usage (ie, pinpoint exactly what service invokes your location at what point).



3. Analytics

Find this under Settings->Privacy->Analytics. Here are 2 options that you can disable to prevent sending crash reports and other iPhone logs to Apple.



4. Advertising

Find this under Settings->Privacy->Advertising. Enable the option to limit ad tracking.




It's useful to always check these settings after an update to ensure that it hasn't defaulted back to different options.


Opening and Replacing the Hard Drive in a Samsung ATIV ONE 5 DP505A2G

Today we will show you how to replace a Samsung Ativ One 5 DP505A2G hard drive with a solid state hard drive. This is what this particular model looks like:


A neatly designed unit - basically a screen with a built-in laptop mainboard ;).


OPENING THE SAMSUNG DP505A2G

Disassembling this one looks hard but it's actually quite easy, there are no screws to remove on this model - you will need to pry off the back cover. A guitar pick is very useful for this type of situation. A screwdriver is likely to damage the case.

Place the Samsung screen down on a soft cloth or towel. Looking at the back, start in the lower right by the base (see picture below).



You will need to force the pick in between the chrome strip and plastic cover at an angle. You will need quite a bit of force, slide the pick sideways to start unhooking the cover. The cover will make a clicking sound each time a hook 'unclicks'. Slide the pick along the edge around the entire cover to unlatch the whole cover.

With the cover off you can easily replace the RAM and hard drive. Notice the hard drive in the top right corner:



Remove the hard drive and clone to a solid state hard drive. Symmetric IT prefer to use Samsung EVO drives:


Use your favorite cloning software, we recommend Macrium Reflect.


IMPROVEMENTS

Boot up time times improved dramatically after the solid state swap (boot time to a usable desktop):


BEFORE
AFTER
BOOT TIME*
3min+
< 40s

*Even a few seconds make a significant subjective improvement to the user, every second waiting for a PC to boot is like 10 minutes in the real world ;)

General usability has also improved. Things to check after the install: Is Windows and Office still activated? If Windows 7 you can disable disk defragmentation schedules.


CLOSING UP

To reinstall the back cover simply press in back into place, working your way around the edge. It may require a bit of force for the plastic hooks to slide underneath the edge. They do go in with a satisfying 'click'.


Recover Missing or Lost iCloud Contacts

Recover Missing or Lost iCloud Contacts

We had a case recently where iPhone contacts that were synced to an iCloud account suddenly disappeared. During the troubleshooting process the cause was unable to be determined. Either a glitch or via user interaction somehow the some of the contacts were lost/missing.


Logging into the web based side of the iCloud account confirmed the same - missing contacts on the web interface as well. There were no local backup of the contacts unfortunately.

Thankfully Apple provides a way to recover your missing contacts:


1. Log into icloud.com. Go to Settings:

2. Look for "Restore Contacts" towards the bottom under Advanced:

3. Now pick a contact 'set' that you would like to restore. Apple will replace all contacts and then it should sync down to your phone after the restore.

You should in most cases have a history of contacts going back around 1 month.

Hopefully this will help if you have misplaced your contacts.

Notes on Secure Remote Access in an Age of Ransomware

Notes on Secure Remote Access in an Age of Ransomware

Remote access to your servers and other PC's is essential for effective support. The problem is implementing this in a secure manner that only gives you access and keeps everything else out. Ransomware has abused remote desktop and ports exposed to the internet as an attack vector, not just the traditional avenues such as phishing and malicious websites.

In 2017 Wannacry used publicly exposed SMB ports as its primary attack vector and not via a coordinated email campaign. Remote desktop is also often compromised by user accounts with weak passwords, the attacker would guess a common username and brute force password options on the exposed RDP connection.

Let's look at remote desktop and Teamviewer as remote access tools and how to use them securely:

MICROSOFT REMOTE DESKTOP

RDP is still a great remote access tool but needs a few layers of security to make it safe:

  • Ideally the RDP endpoint should not be directly exposed to the internet. RDP should be accessed via a VPN. This reduces the endpoint's attack surface considerably.
  • The RDP default port (3389) should be changed. This can(and should) be done in 2 ways, the first being on the firewall, your firewall should redirect a non-default port to the endpoint. If the endpoint is a Windows machine then you can also change the listening port for RDP on the machine itself. Yes, security by obscurity is not security, it's simply cutting out the noise and adding another layer of 'security'. Changing the internal listening port also means more obscurity on the LAN side.
  • Monitor Security Event Logs for brute force attempts on your RDP endpoint. Event ID 4625 will show failed login attempts. If you have a publicly accessible RDP endpoint on the default port (3389) you will most certainly have a significant amount of failed login attempts in your logs. You'll also notice the attacker probably use different usernames such as 'guest', 'user' etc. Changing the listening port instantly cuts out almost all of the 'noise' from the internet.
  • Audit users every single user that has RDP access. Quite often it is not the administrator account that is compromised, it's usually a secondary account with a weak password. This has been the case in every single ransomware attack on servers that we have encountered.

TEAMVIEWER

A great tool for remote access that can be used in a variety of ways. Teamviewer has sharpened up their security recently after a breach, so this is why we are including them as an option. 2 Factor authentication as well as more control over what devices are allowed to access your Teamviewer account (all new devices should first be verified).

  1. Teamviewer Host is a great tool for unattended access. First and foremost you should have a strong password for access. Secondly 2-factor authentication should also be enabled.
  2. Teamviewer VPN combined with Remote Desktop is also a good combination. Use Teamviewer to establish a VPN to your endpoint. From there you can use traditional Remote Desktop to connect to the endpoint.

Teamviewer handles brute force attacks quite well, preventing multiple password attempts with timeouts but there are more options to configure Teamviewer to be more secure:

  • Disable the random 1 time use password
  • Setup an access Whitelist to only allow yourself
  • Set to lock computer on session finish (Options -> Advanced -> Lock Remote Computer = Always.)

From a security perspective, Teamviewer appears to be quite safe but one always has to consider future security holes that that can be abused to bypass all security layers and gain access to you or your endpoints.

In summary, the fewer ports you expose to the internet, the better. Also consider that no matter how many layers of security you implement, the possibility of software exploits always exist and these can potentially render all security moot.

Hopefully this gives you some ideas to consider when implementing a remote access strategy for your servers or PC's.

Do you use a different strategy? Been bitten once and now have experience? Let us know in the comments.


Symmetric IT provides IT and Computer Support in Auckland.



Investigating Dropbox Delta Incremental Syncing

Investigating Dropbox Delta Incremental Syncing

We will be investigating Dropbox's delta incremental syncing feature. This is the feature that only uploads the internal file changes of a big file when it has been updated. This is very efficient when working with large files that need to be synced to your cloud provider.

Delta sync advantages:

  • Saves network bandwidth
  • Saves upload time
  • Saves storage space
  • Creates a file history for recovery

A possible disadvantage is computational overheads in computing the delta differences. The advantages mostly outweigh the disadvantage though - I/O is generally more expensive than CPU cycles. 

We will look at the threshold at which Dropbox initiates a delta sync instead of uploading the entire file. For comparison we will compare this with Google drive and its mechanisms to handle and sync small changes inside large files.

DROPBOX


TEST 1 (50MB)

We generated a 50MB file filled with random data from here (pinetools.com). We then dropped the file in our Dropbox folder and timed the upload until the tray icon shows all files up to date:

Upload speed is approximately 8MBit/s. The 50MB file uploaded in approximately 60 seconds.

Next we made a small internal change by changing 2 bytes inside the file using a hex editor. We then measure the time it took for Dropbox to equalize after pressing the save button. Time to equalize took 8 seconds.

It's clear that Dropbox initiates delta syncing at the 50MB level already otherwise it would have taken another 60 seconds to upload the changes.

TEST 2 (25MB)

Next we halve the file size to 25MB. The upload took 31 seconds as expected. Changing 2 bytes inside the file and saving takes 6 seconds to upload. So once again we can safely say the delta syncing is happening at 25MB level.

TEST 3 (10MB)

Next we upload a 10MB file. The upload takes 17 seconds. Still long enough to discern between full and delta uploads. The sync took 6.5 seconds. We can still assume that delta syncing happens at 10MB level.

TEST 4 (5MB)

5MB took 10.5 seconds to upload in full. The changed upload took 6 seconds. Delta sync still active at 5MB level.

TEST 5 (2MB)

For the 2MB test we will limit Dropbox to 100KB/s upload to be able to have a more accurate result between a full upload and a changed upload. As expected the upload takes longer (25 seconds). The changed upload after 2 bytes took 5 seconds. So delta sync still active.

TEST 6 (500KB)

500KB took 8.5 seconds to upload and the changed upload took 3.6 seconds.


GOOGLE DRIVE


TEST 1

Next we compare it to Google Drive, which is now called "Backup and sync from Google". Dropping the 25MB file into the Google folder takes 38 seconds to sync. Changing 2 bytes and saving the file takes another 39 seconds to finish syncing.

TEST 2

10MB took 23 seconds to upload, the changed version took 23 seconds as well.

The rest of the tests all exhibited the same results, equal full uploads and changed uploads, so we will exclude them for the sake of brevity.


To summarize:


25MB

10MB

5MB

2MB

(limit 100KB/s

upload)




FULL
CHANGE
FULL
CHANGED
FULL
CHANGEDFULLCHANGED
Dropbox
31s
6s
17s
6.5s
10s
6s
25s
2s

Google Drive
38s
39s
23s
23s
13s
13s
27s
27s

The table above clearly illustrates that Google drive simply uploads the full file everytime where as Dropbox does a delta sync in all circumstances.


Compressed Files Insight and Disproving Filecloud Claims

Googling 'delta sync' has a link to this blog that states that delta sync is a myth and hyperbole. It also mentions that file compression renders it useless and the only useful scenario is uncompressed files such as logs.

Lets run a test on a 30MB file with random non-repeating data inside a compressed zip file:


(Curiously, the non-repeating data means that the file is larger after compression).

RESULTS

The full upload took 32s.
Next we'll add a 1KB text file to the zip file, and measure the time to sync: 4s.
Next we change some random internal bytes using a hex editor and measure the sync time: 7 seconds.

This proves that delta sync can be implemented independent of file type or contents. The delta comparison occurs at byte level thus it is completely file type agnostic. It simply doesn't care or matter what the contents of the file is. The advantages remain clear, disproving the above mentioned blog.

CONCLUSION

Dropbox applies a delta sync algorithm to all files. There doesn't seem to be a threshold at which it just uploads the entire file instead of implementing a delta sync. Dropbox may upload full files at an extremely small sizes (ie, 5KB or so) but at this stage delta sync becomes irrelevant.

Google drive uploads the full file every time regardless of size. This is ineffective and bandwidth intensive.

In extreme cases this becomes almost unusable. Imagine a scenario where you're storing files greater than 500mb up to a few gigabytes, any changes to those files will trigger a full upload in services such as Google Drive, Onedrive etc.

Delta sync opens up possibilities such as keeping a virtual machine image inside a cloud provider folder while keeping it in sync both local and in cloud.

Hopefully this will help you make an informed decision when choosing a cloud storage provider.


Credits:

Symmetric IT is an IT support provider in Auckland.