Do you really need a strong password?

HELL YES! Anyone that does not use strong passwords are pretty much leaving their keys outside their front door with a sign saying “no trespassers”.

To give you a real life scenario that I’ve encountered, I managed the IT infrastructure for a new customer. One employee decided to use a super, awesome password (password1) and his account was compromised. His user account was used to send thousands of spam emails originating from the organisation’s mail server. The organisation’s mail server was blacklisted and other companies (customers) would no longer accept email from this organisation. They were not able to invoice orders and lost tens of thousands of dollars worth of revenue because one users password was easily compromised.

Why do you need to use a strong password?

  • People post so much information about themselves online that interests, friends, parents, birthplace, email addresses are easily attainable if you search hard enough.
  • There are machines capable of cycling through 6.2 billion password combinations every second.
  • If you use the same password for multiple accounts, don’t! It might be easier to remember but if it’s compromised, consider these other accounts gone.

I can’t enforce this enough: always use strong passwords. Strong passwords should be comprised of a combination of numbers, letters (upper and lower case), symbols etc. You can get creative and use some common words but substitute letters for numbers or symbols. Here are examples of strong and weak passwords:

  • Strong: Th!5IS@$t0ngPW,S0!$thisOne%
  • Weak: password, password123, 123456, hello

Where possible, try use a random password generator such as this, this, or this.

Protect your information 🙂

 

Installing Applications on a Terminal Server

Because of the Sophos issues that many of my clients experienced, many endpoints required a re-installation, particularly on Terminal Servers. This is a quick and easy reminder of best practices for installing applications on a terminal server.

  1. Log on to the server as a domain administrator
  2. Open up command prompt and type the following command
    change user /install
  3. Your session will now be ready to install applications that will work across all user profiles.
  4. Install the application required e.g. Microsoft Office
  5. Once you have finished the install open up command prompt again and type in
    change user /execute


Sophos: Shh/Updater-B False Positive

What a morning! I walk into work, sit down, getting ready to munch on my cheese and bacon roll, open Outlook, BAM! Email spam about Sophos AV, FML…

This morning a False Positive update was released to all Sophos endpoint machines. Any computer that was left running overnight would have automatically downloaded the update and applied it. The result, 667 Viruses Alerts. Uh-oh. Investigations began and we found out that it was indeed a false positive update released by Sophos.

Quick way to resolve this issue which is also outlined in the above Naked Security blog:

  1. Log into your Sophos Enterprise Console.
  2. Make sure that all your Anti-Virus and HIPS policies are configured to “Deny access only” if automatic cleanup is not possible
    On Access Policy
  3. Once you’ve edited all the policies that affect your endpoints, click on the Viruses/spyware link under Computer Alerts
  4. Select all the machines that have the SHH/Updater-B virus, right click > comply with > Group Anti-Virus and HIPS Policy
    Apply policy
  5. Confirm if the policy has been successfully applied
  6. Right click the computer with Same as policy and select Resolve Alerts and Errors. A window will appear and you will need to select all the computers with the SHH false positive and click Acknowledge.
  7. Repeat the process for any computers that are offline
  8. Email your angry clients and blame good ol’ Sophos for their worries 🙂

UPDATE:

So this False Positive has also deleted updating files across ALL APPLICATIONS including, but not limited to, Google, Adobe, CA ARCserve, Sophos, Quickbooks, NVIDIA…. and the list goes on.

It’s gonna be a loooooooooong day!

Testing SMTP using Telnet

As an IT admin, you might find yourself in a situation where you need to test sending emails without an email client such as Microsoft Outlook. When that time comes, a great way to test SMTP connectivity is leveraging TELNET.

Here are a few easy steps to test mail flow:

  1. Make sure you know what SMTP server you are trying to connect to e.g. smtp.example.net.au or if it’s an internal mail server you can use the FQDN or IP address e.g. MAILSERVER.local or 192.168.1.1
  2. Make sure you have telnet installed on your client machine, you can do this via the following technet article
  3. Open up command prompt on your machine, click on start > run and type in cmd.
  4. In the command prompt window, type: telnet servername/IP 25 and press enter.
    Note: telnet initiates a telnet connection, the server name is the mail server you are attempting to send mail from and 25 is the default SMTP port.
  5. Now type in the following to test mail flow:
    Note: after each step press enter
  • HELO mail server domain name e.g. HELO example.com
  • MAIL FROM:user@domain.com e.g. MAIL FROM:user@example.com
  • RCPT TO:user@externaldomain.com e.g. RCPT TO:user@gmail.com
  • DATA
  • Type in some test data, this will be the body of the email e.g. Hello Sir 🙂
  • To stop typing in text in the body, you need to press Enter followed by a full stop . the press Enter again.
  • QUIT to exit the telnet session
If your email comes through then you’re a winner, if not don’t stress, there will most likely be other restrictions in place to prevent you from sending emails from SMTP servers. Please note that this is the first point of mail flow testing and further troubleshooting may be required.
This is also a good way of finding out if the host you are connecting to is actually a mail server! Unless of course SMTP is on another port or firewall rules are in place.

Creating a Windows Batch Script

A few solutions that I will post in the future will utilise Windows Batch scripts (.bat) files. Here is a quick tutorial on how to create a batch script in Windows:

  1. In Windows Explorer, click on Tools (press alt key if you can’t see it), then select Folder Options
  2. Click the View tab. Under Advanced settings, untick Hide extensions for known file types and click OK to save changes.
    Folder Options
  3. Open your favorite text editor e.g. notepad
  4. Type in the Windows commands that you want to include in your batch script e.g. net stop spooler
  5. Click on File, then select Save as
  6. Under Save as type, click the dropbox and select All Files
    Save as image
    Type in a relevant name and make sure you add a .bat at the end e.g. StopSpool.bat
  7. Save the file to your required location e.g. desktop. Browse to the saved location and TEST script to see if it works. You will notice that the .bat extension will be displayed.

Happy scripting 🙂

Cleanup Windows & Java Temporary Files using a Batch Script

Recently, there was a breakout of malware tricking people to install a fake “anti-virus” software, which in turn infected their machines. Mind you, the primary reason machines get infected in the first place is because people are browsing dodgy websites so BE CAREFUL or get PROTECTED!

The infected files are usually downloaded to a temporary internet files folder or java temporary folder and are executed/installed from there. It’s always good practice to clear out these temporary files to prevent malicious activity as well as save you some disk space. This batch script can be used as a scheduled task or deployed through your favourite monitoring tool to “cleanup” these temporary files.

This script should work on all Windows platforms so happy cleaning 🙂

Delete All Temporary Files

Note: copy and paste the below code into notepad and save as the text file as a .bat file. Change the “Save as type” to All Files and make sure you add a .bat to the end of the name e.g. Cleanup.bat. There is a tutorial post located here.

@echo off
::Written by Samontech
::Determine which version of Windows is installed
::Set Variable Version to unknown

SET Version=Unknown

VER | FINDSTR /IL “5.0” > NUL
IF %ERRORLEVEL% EQU 0 SET Version=”Windows 2000″

VER | FINDSTR /IL “5.1.” > NUL
IF %ERRORLEVEL% EQU 0 SET Version=”Windows XP”

VER | FINDSTR /IL “5.2.” > NUL
IF %ERRORLEVEL% EQU 0 SET Version=”Windows 2003″

VER | FINDSTR /IL “6.0.” > NUL
IF %ERRORLEVEL% EQU 0 SET Version=”Windows Vista”

VER | FINDSTR /IL “6.1.” > NUL
IF %ERRORLEVEL% EQU 0 SET Version=”Windows 7″

VER | FINDSTR /IL “6.2.” > NUL
IF %ERRORLEVEL% EQU 0 SET Version=”Windows 8″

VER | FINDSTR /IL “6.3.” > NUL
IF %ERRORLEVEL% EQU 0 SET Version=”Windows 8.1″

ECHO The version of Windows found is %VERSION%

IF %VERSION% == “Windows XP” GOTO XP
IF %VERSION% == “Windows 2000” GOTO XP
IF %VERSION% == “Windows 2003” GOTO XP
IF %VERSION% == “Windows Vista” GOTO WIN7
IF %VERSION% == “Windows 7” GOTO WIN7
IF %VERSION% == “Windows 8” GOTO WIN7
IF %VERSION% == “Windows 8.1” GOTO WIN7

::If no versions are found go to UNKNOWN
GOTO UNKNOWN

:WIN7
ECHO WIN7 script to execute
cd /D C:\users
ECHO Clean Temp Folder
for /D %%a in (*.*) do DEL /F /S /Q “%%a\AppData\Local\Temp\*.*”
for /D %%a in (*.*) do FOR /D %%b IN (“%%a\AppData\Local\Temp\*.*”) DO RMDIR /S /Q “%%b”
ECHO Clean IE Cache
for /D %%a in (*.*) do DEL /F /S /Q “%%a\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*”
for /D %%a in (*.*) do FOR /D %%b IN (“%%a\AppData\Local\Microsoft\Windows\Temporary Internet Files\*.*”) DO RMDIR /S /Q “%%b”
ECHO Clean JAVA Cache
for /D %%a in (*.*) do DEL /F /S /Q “%%a\AppData\LocalLow\Sun\Java\Deployment\cache\*.*”
for /D %%a in (*.*) do FOR /D %%b IN (“%%a\AppData\LocalLow\Sun\Java\Deployment\cache\*.*”) DO RMDIR /S /Q “%%b”

GOTO FINISH

:XP
ECHO XP script to execute
cd /D “C:\Documents and Settings”
ECHO Clean Temp Folder
for /D %%a in (*.*) do DEL /F /S /Q “%%a\Local Settings\Temp\*.*”
for /D %%a in (*.*) do FOR /D %%b IN (“%%a\Local Settings\Temp\*.*”) DO RMDIR /S /Q “%%b”
ECHO Clean IE Cache
for /D %%a in (*.*) do DEL /F /S /Q “%%a\Local Settings\Temporary Internet Files\*.*”
for /D %%a in (*.*) do FOR /D %%b IN (“%%a\Local Settings\Temporary Internet Files\*.*”) DO RMDIR /S /Q “%%b”
ECHO Clean JAVA Cache
for /D %%a in (*.*) do DEL /F /S /Q “%%a\Application Data\Sun\Java\Deployment\cache\*.*”
for /D %%a in (*.*) do FOR /D %%b IN (“%%a\Application Data\Sun\Java\Deployment\cache\*.*”) DO RMDIR /S /Q “%%b”

GOTO FINISH

:FINISH
ECHO Temporary files successfully deleted
GOTO END

:UNKNOWN
ECHO Operating System Unknown

:END

 

Edit: Added Windows 8 paramater 🙂 special thanks to wampbox for that!

Quickie Intro

I’m a 23 year old IT professional (oooooh :D) just wanting to help out with some of the knowledge and experience I’ve gained over the 5 years I’ve been in the industry. I’ve relied on my pal google to help me throughout the years and here’s hoping that I can help others out there too!

I’ll do my best to make computer stuffs sound interesting so that you aren’t yawning *yawwwwn* while reading these posts, but it won’t be all IT related. I’ll be putting random things that I find interesting up as well so you can either love it or hate it 🙂

Enjoy