Andrew Perry
IT
Services

Protecting Data Against Malware

Before I proceed any further please be warned that you will need some knowledge of Linux to understand some of the finer points. Even if you don’t you may still be able to grasp the basic ideas. Also please note that the terms ‘folder’ and ‘directory’ are used interchangeably – the former tends to be used by Windows and the latter by Linux.

In recent times we have seen a rise in malware that attacks the user’s own data. Something like Cryptolocker will encrypt files on the user’s computer and then make a ransom demand to pay for the required unlocking code. Malware has been associated with big time crime for a long time now and yet I feel there is something more sinister about this than say stealing a person’s credit card details. In the case of the latter, it tends at least to be the bank that loses out (not that I am making any excuses – even if the banking industry is far too rich, theft is still theft!). On the other hand if you are a serious computer user, then your computer data is a highly valuable asset, be it your documents, photos or music collection, and to lose it could be very costly in terms of years of work or memories.

I am going to look briefly at the idea of installing a Linux server on your network and using certain features of Linux to protect files from being attacked from within the Windows network. The server can be used to store photos and music as well as data backups from your working computers. A relatively old machine will often suffice for this purpose, though you may need to install a decent sized hard drive (e.g. 1TB).

Here are some examples of things that can be done.

  1. Share a directory via Samba with read-only access. This is good for the likes of photos and music that will never need to be modified once uploaded. Material can be uploaded via either FTP or a hidden symbolic link (see item 3 below).
  2. Some files (e.g. data backups) may need to be regularly updated from a computer, in which case full read-write access will be required. Ideally there needs to be a way of hiding the folder from someone/something idly browsing the network, while still making the folder accessible to an application that knows its path. This can be done by placing the real folder inside a hidden folder on a read-write Samba share. Any file or directory whose name starts with a period ( ‘.’) is hidden in Linux, though when sharing via Samba it will be visible by default on the Windows network. To fully hide it you will need to add the following line in the settings for the given share within the smb.conf file and restart the Samba service.
    veto files = /.*/

    As a result, the folder being hidden will itself become invisible to anything or anyone browsing the network, but given the full path of the sub-folder (i.e. the real folder containing your data), it is still possible to make direct access from within Windows. (N.B. You can’t browse the hidden folder itself, even given its path, but you can browse any folder under it, given the full path thereof.)

  3. Following on from the above, you can also put a symbolic link inside a hidden directory, pointing it to a directory that is otherwise contained within a read-only share. This provides a secret ‘back door’ route to provide read-write access to an otherwise read-only folder.
  4. If you want to protect individual directories and/or files within a Samba share that is otherwise read-write, you can do so using Linux file permissions. The best way is probably to set the owner to ‘root’ and then set the permissions to 644 for data files or 755 for executables and directories.

On a final note, if you are making backups via a read-write link, make sure that your backup system keeps some sort of rolling history and not just a constant overwrite of the same files – otherwise malicious damage to data could go unnoticed and be copied to the one and only backup!

 

Secure Memorable Passwords

We all tend to have lots of internet passwords these days. Some of the security advice given includes:- Make your passwords strong with a good variety of different character types. Do not use the same password across multiple sites. Whilst these are good guidelines it is all too easy to disregard these considerations simply to…Continue Reading

Copying Photos to a Tablet

I have always been very hot on backing up computer data, even to the extent that when taking a camera on holiday I like to be able to back up my pictures to a separate device on a daily basis in case anything goes wrong with the camera or memory card. I have always resisted…Continue Reading

Why back up your data?

Do you need to back up your computer data? The short answer has got to be a definite ‘YES’. Let us have a look at some of the reasons why. Firstly there are what one might describe as ‘ultimate’ threats such as fire and theft. To lose one’s home or business through fire, whilst still…Continue Reading

Custom User Databases

One of the services that I offer in connection with web design and development is that of customised user databases. What exactly do I mean by that? If your web site is developed using a content management system such as WordPress then it is driven by a database. This means that all the actual content…Continue Reading