Silicon Shecky

Infosec Practitioner

Connect

So here we go…

By Leave a Comment

I can’t express how important it is to make sure you not only document your network, but what a pain it is when you don’t.

6 weeks of planning and having to map out Active Directory comes to a head for myself this week as I take care of the last parts of the redesign. Of course a lot fo this time could have been prevented with the proper documentation.

And I don’t mean just listing out what harware you have and how its connected. Active Directory, Network Shares, Security on the shares, all of it should be documented. Not just in case you need to change things, but to show what work has been done, so others can understand what has been done, how things are set up, and more importantly why they are done that way.

It also help out when trying to track down potential causes of issues. It doesn’t matter if its SBS or not, it should be done. Use Visio, make a network notebook, whatever floats your boat, but just do it

Well Well Well, Look what they figured out…

By Leave a Comment

So it seems that a company called Beyond Trust did a little research into Microsoft’s disclosed vulnerabilities, and found that 92% of them could have been avoided if people didn’t have Admin rights.  You can read the full article at Computer World.

Honestly, I would have thought it was quite obvious that this was a big problem. Even with the UAC in Vista and Windows 7, it is a problem, and Microsoft just won’t admit to it.  Someone needs to hit them with a clue by four I think.

First Advice

By Leave a Comment

So, as I was at work today, I got a call to go out on my 7th virus removal in the last 6 weeks. Yeah 1 a week at different clients does seem a bit much, but considering how skittish people are at running Windows Updates, things like this happens.

To those who want to know what I tend to use to clean machines of malware, let me tell you.

First off turn off the System Restore. Malware loves to hide there and it is nigh impossible to clean out of the restore points. Kill them, get rid of them.

Now then the software I use includes Ad-Aware, Malwarebytes, Spybot, and HiJack This. If possible keep these programs with their latests versions on your USB thumb drive. They are invaluable.

Make sure that they are as up to date as possible (yes sometimes you need to run them without checking for updates cause the malware will prevent updates from being downloaded) in safe mode.

Just remember google is your friend in these instances, and removal of the malware can take a long time. If you can just wipe and reload the machine, that of course is the preffered method, but use your own judgement.