Protecting Data Against Malware

Before I proceed any further please be warned that you will need some knowledge of Linux to understand some of the finer points. Even if you don’t you may still be able to grasp the basic ideas. Also please note that the terms ‘folder’ and ‘directory’ are used interchangeably – the former tends to be used by Windows and the latter by Linux.

In recent times we have seen a rise in malware that attacks the user’s own data. Something like Cryptolocker will encrypt files on the user’s computer and then make a ransom demand to pay for the required unlocking code. Malware has been associated with big time crime for a long time now and yet I feel there is something more sinister about this than say stealing a person’s credit card details. In the case of the latter, it tends at least to be the bank that loses out (not that I am making any excuses – even if the banking industry is far too rich, theft is still theft!). On the other hand if you are a serious computer user, then your computer data is a highly valuable asset, be it your documents, photos or music collection, and to lose it could be very costly in terms of years of work or memories.

I am going to look briefly at the idea of installing a Linux server on your network and using certain features of Linux to protect files from being attacked from within the Windows network. The server can be used to store photos and music as well as data backups from your working computers. A relatively old machine will often suffice for this purpose, though you may need to install a decent sized hard drive (e.g. 1TB).

Here are some examples of things that can be done.

  1. Share a directory via Samba with read-only access. This is good for the likes of photos and music that will never need to be modified once uploaded. Material can be uploaded via either FTP or a hidden symbolic link (see item 3 below).
  2. Some files (e.g. data backups) may need to be regularly updated from a computer, in which case full read-write access will be required. Ideally there needs to be a way of hiding the folder from someone/something idly browsing the network, while still making the folder accessible to an application that knows its path. This can be done by placing the real folder inside a hidden folder on a read-write Samba share. Any file or directory whose name starts with a period ( ‘.’) is hidden in Linux, though when sharing via Samba it will be visible by default on the Windows network. To fully hide it you will need to add the following line in the settings for the given share within the smb.conf file and restart the Samba service.
    veto files = /.*/

    As a result, the folder being hidden will itself become invisible to anything or anyone browsing the network, but given the full path of the sub-folder (i.e. the real folder containing your data), it is still possible to make direct access from within Windows. (N.B. You can’t browse the hidden folder itself, even given its path, but you can browse any folder under it, given the full path thereof.)

  3. Following on from the above, you can also put a symbolic link inside a hidden directory, pointing it to a directory that is otherwise contained within a read-only share. This provides a secret ‘back door’ route to provide read-write access to an otherwise read-only folder.
  4. If you want to protect individual directories and/or files within a Samba share that is otherwise read-write, you can do so using Linux file permissions. The best way is probably to set the owner to ‘root’ and then set the permissions to 644 for data files or 755 for executables and directories.

On a final note, if you are making backups via a read-write link, make sure that your backup system keeps some sort of rolling history and not just a constant overwrite of the same files – otherwise malicious damage to data could go unnoticed and be copied to the one and only backup!


Secure Memorable Passwords

We all tend to have lots of internet passwords these days. Some of the security advice given includes:-

  1. Make your passwords strong with a good variety of different character types.
  2. Do not use the same password across multiple sites.

Whilst these are good guidelines it is all too easy to disregard these considerations simply to be able to remember one’s own passwords. What is the answer? I’d like to briefly share my own experience and a solution that I have come up with that has proved really helpful.

It is worth mentioning briefly that password managers can be very useful. Personally I use RoboForm, which although paid for, I find to be very good. For a modest annual subscription you can securely sync all your passwords across an unlimited number of devices. There are alternative programs available, probably both free and paid for.

I’m not going to describe my method of creating passwords in exact detail, as it might compromise my own security! I will however describe in broad principle how the idea works. The first thing is to think of a memorable number several digits long – maybe a phone number or a date of birth, but avoid using your own. I’ve got a few such numbers so that there is scope for changing a particular password if the need arises. Then take three letters from the name of the given web site, according to predefined rule that you have devised. These could just be the first three letters of the name or you could devise a slightly more complicated rule. Then mix the three letters with your memorable number according to another pre-defined rule. You then have what looks like a random password, but to you yourself is fully predictable. For extra password strength, you can consider things like making one of the letters uppercase and/or adding a non-alphanumeric character somewhere in the password.

Why back up your data?

Do you need to back up your computer data? The short answer has got to be a definite ‘YES’. Let us have a look at some of the reasons why.

Firstly there are what one might describe as ‘ultimate’ threats such as fire and theft. To lose one’s home or business through fire, whilst still a measurable threat, is nevertheless a very rare event that is never going to happen to the vast majority of us. To fall victim to theft, whist still an uncommon event, is something that probably affects most of us at least once in a lifetime.

If however you are a regular computer user, then the loss of data due to computer related problems almost certainly will happen to you at some point. This might take the form of a hardware failure, malware attack or the accidental deletion or corruption of files. I’ve seen tragic cases over the years, such as a whole family losing years of work including the children’s school work, simply because the hard drive failed and there was no backup. This sort of thing is simply a threat that cannot be ignored. Continue reading “Why back up your data?”