Upgrading Ubuntu from 17.04 to 17.10

In June of 2017 I upgraded my Ubuntu 16.10 (Yakkety Yak) LTS install to Ubuntu 17.04 (Zesty Zapus). In October of 2017 Ubuntu released 17.10. (Artful Aardvark). I had not needed to upgrade my Ubuntu 17.04 installation for a while, but I felt it was best to keep it up-to-date. I was also experiencing issues with it from day-to-day. I decided an upgrade might work to fix some of the issues I was having.

Continue reading Upgrading Ubuntu from 17.04 to 17.10

Checking Disks in Linux

To provide a little background: a few months back I accidentally washed a 32 GB flash drive. I waited a few weeks for it to completely dry out and then did not use it for almost four months. I formatted it recently in Windows and it did not seem to exhibit any issues, but I wanted to know with more assurance that it was reliable. Continue reading Checking Disks in Linux

How to Speed Up a Slow External Drive

Problem

A while back a user reached out to me describing a problem of slow access to an external, bus-powered hard drive they had purchased only half a year ago. They said it was a USB 3.0 hard drive and they had also made sure to plug the drive into a USB 3.0 compatible port on their recently purchased laptop. The user also mentioned that the anti-virus solution they were using had unusually long scan times, sometimes running for over 10 hours.

They also described an issue of not being able to properly eject this same external hard drive after using it at the end of the day, but that was a separate issue that will also be covered.

Troubleshooting Methodology

After gaining remote access to this system, so I could see what they were seeing, I checked the configuration of the laptop. They were right, the laptop was powerful with a nice quad-core Intel process, 8 GB of RAM, and a SSD hard drive. But, all of this had little to do with why this external hard drive enclosure, which was a spinning disk, was performing poorly. I loaded the contents of the drive in Windows File Explorer and found multiple folders at the root of the drive. The user began navigating into the the folders and subfolders to find some files they were having issues working with. We navigated down five and six levels deep, and at each level I saw many other folders within each directory. I thought I had spotted the first issue, an index that was far too large to be accessed quickly.

Navigating back out to the root of the external drive, I checked the properties of the folder in which we had just explored and found that while it was not large in size, it had tens of thousands of files and folders within the folder. We checked a few more folders together at the root of the drive and they were the same way, tens of thousands of files and folders within each one. I explained that the drive was formatted as NTFS and that this type of file system kept a Master File Table which was basically an index of every folder and file on the disk. As this Master File Table became larger and larger as times went on, it can also became fragmented. This fragmentation could drastically slowdown the load times of folders and files within folders, because the actuator that controlled the read/write heads would have to constantly bounce around the disk to enumerate the files and folders with all their attributes within a specified directory.

Resolution

We set about resolving this issue by lowering the overall number of files and folders on the disk. We used an application called 7-Zip to compress one of the folders at the root of the external drive and then deleted the original folder from the drive. This lowered the number of entires in the Master File Table, increasing performance almost immediately. Since the user had mentioned that they were seeing incredibly long scan times with their anti-virus solution, I also recommended we password protect the zipped files, which would keep their anti-virus solution from being able to scan the contents of the file.

Over the course of a few days the user managed to compress and password protect many unused folders at the root of the external drive. They reported back much faster performance of the external drive and the anti-virus scans were no longer taking unacceptable periods of time to complete.

Bonus: Cannot Safely Eject External Drive

We had one last issue to tackle. The user was still having an issue ejecting the disk safely after each use. We plugged in the external drive and were immediately able to safely eject the external drive. We systematically opened files on the external drive with each application they used to perform their work, saved the file, and then tried to eject the drive. Everything went smoothly until the user opened an AutoCAD application file, saved the file, and exited the program. The drive would no longer safely eject. We closed a “helper” program for AutoCAD we found in Task Manager and the drive safely ejected. I showed the user this workaround method and also mentioned that a reboot would allow them to safely eject the drive, too.

 

New Upcoming Feature in Windows: Controlled Folder Access and More…

This fall, just a few short months from the time of this writing, Microsoft will be releasing a minor update to follow the most recent Windows 10 Creators Update from earlier this year. It will include some new features, including a few that revolve around their built-in Windows Defender suite. With these changes to Windows Defender, Microsoft hopes to make their latest operating system more resistant to ransomware attacks which have become prolific over the last several years.

One of the features coming with the update is called Controlled Folder Access. Microsoft touts the feature as a direct response to ransomware. It will work via a whitelist approach, with Windows Defender only granting certain applications the privilege to access the data of a protected user account; otherwise, the application is not allowed to read, write, or modify any data a user might own such as documents, pictures, or videos.

The default folder list includes Documents, Pictures, Movies, and Desktop and are hard-coded into the feature with no option for removal, but additional folders can be added manually through the Windows Defender Security Center. There will also be an option to add custom software to the whitelist, but Microsoft states that most software should already be pre-whitelisted. If an application is not whitelisted and attempts to alter data within a protected folder it will be automatically blacklisted and the user will be notified. Although this feature has many benefits, Microsoft will have the feature disabled by default. It can also be enabled in the Windows Defender Security Center under Virus & threat protection settings, as seen below.

How to enable Controlled Folder Access in Windows Defender Security Center Diagram
Controlled Folder Access settings window, courtesy of Microsoft Blog.

Other features coming with the Fall Creators Update include a Cloud Clipboard which will allow copy and pasting between multiple Windows 10 devices; a Timeline feature, which will be similar to the app switcher found on many mobile phone operating systems; Pick Up Where You Left Off, which will be an application synchronization service that developers can use much like the Cloud Clipboard; and OneDrive Files On-Demand, which will allow access to files, even if they are only stored in the cloud and not locally.

Windows 10 is also getting a design language refresh. Microsoft is moving away from the Metro UI to offer a more consistent, depth-enabled interface with lighting and motion effects. It is being likened to Google’s own Material Design. Overall, a welcome change, but one that may be more resource demanding.

Will you be upgrading? What feature do you look forward to most? Leave a comment below!

How to Upgrade Ubuntu Distribution Versions in 5 Simple Steps

A few days ago I was attempting to install the OpenSCAP security compliance evaluation tool on a system I had running Ubuntu 16.10 (Yakkety Yak) LTS. The base package of OpenSCAP was in my distribution’s repositories and I was able to easily install it. But, it turns out the SCAP Workbench package, which I also really wanted, was only available in Ubuntu 17.04 (Zesty Zapus). My choices were to attempt to build from source with directions for Fedora or upgrade my current Ubuntu distribution to 17.04. Continue reading How to Upgrade Ubuntu Distribution Versions in 5 Simple Steps

How to Update to Windows 10 Creators Edition

Microsoft recently released their next major evolutionary update to Windows 10 called Creators Update. It boasts a lot of new features and innovations. New additions in the update include Paint 3D, Remix 3D, and greater support for augmented reality with Windows Mixed Reality. Some new features include better Cortana integration with more apps, the ability to easily broadcast games live with Microsoft’s Beam service, and blue light reduction (like Night Shift in iOS). Edge even got a feature update with tab grouping.

There is also a larger feature that has gamers excited called Game Mode. There has been some early testing done and it was found that enabling this mode with slower, cheaper processors did see a performance increase while gaming.

As far as new security features, Microsoft is investing heavily in Windows Defender. They have given Windows Defender its own home with a new applet called Windows Defender Security Center. It gives much more information and allows for overall easier management of security features. Windows Defender Security Center includes other security measures for management, such as Windows Firewall and browser security settings. Additionally, Windows Hello now allows for proximity auto-locking when paired with a bluetooth device. Microsoft also added a privacy dashboard which will allow one to manage activity data across multiple services and more simply change privacy settings.

All of these features and updates are exciting for anyone interested in technology. But, before one dives straight into the update, even if offered automatically, there are some things one might consider doing first. Below is an outlined process by which one might go about performing the Windows 10 Creators Update.

1. Preflight Check

There are certain things that should be completed as a precaution before performing this upgrade to Windows 10 Creators Update. First thing, always make a backup. Disk2vhd is exceptionally good for this and is available for free from Microsoft, included as part of the Sysinternals Suite. Disk2vhd could not be more simple to use. Once you download, unzip the file, and run it, follow these directions:

  1. Be sure to check the Use Vhdx and Use Volume Shadow Copy options.
  2. Choose a path where to save the image file and give it a name.
    • The author strongly recommends a USB 3.0 external drive with adequate capacity on which to store the image, when considering a path.
  3. Check the box of the appropriate volumes which should be included, excluding any external volumes.
  4. Click the Create button.

Disk2vhd
Disk2vhd utility from Microsoft.

Depending on how much data is on the volume(s) selected and the transfer speed of the drive used, the time required to complete the backup can range from 30 minutes to several hours. Browse into the image once it is created to make sure it is not corrupt and your files will be accessible, in case the update procedure fails. This can be done by right-clicking the drive and selecting Mount, then opening Disk Management and right-clicking the mounted Disk and selecting Online. When done, in Disk Management right-click the mounted Disk and select Unmount. An additional prompt will appear, just click OK.

Just for safe measure, be sure to unplug the external hard drive after safely ejecting it.

2. Start the Update

If the Creators Update does not appear automatically, it can be started by browsing to the following Microsoft Creators Update page and clicking the Update now button.

This will download a small utility which starts the update. Launching the utility brings up the Windows 10 Update Assistant. Click the Update now button. This will perform a check to see if your system passes the requirements for the update. The utility will then begin downloading and installing the update automatically. Depending on the speed of your connection to the remote server (the Internet), this download can take several minutes to several hours. Feel free to work in the meantime and minimize the window.

Windows 10 Upgrade Assistant
Windows 10 Upgrade Assistant window.

Once the update process is completed, the Windows 10 Update Assistant will prompt for a restart of the computer. It also kicks off a 30 minute countdown timer, so be sure to be close at hand when this part of the upgrade process approaches. An unexpected, automated reboot could cause loss of data.

3. The Update Process

Below is a video of the update process. There are several reboots and it took almost an hour to complete on a 2014 iMac with an Intel Core i5 processor and 1 TB spinning disk drive.

4. Post Update

After the update is finished, you will be guided through some of the new settings, displayed below.

First Screen
First screen after last reboot of update.

Privacy Setting Page
Privacy settings configuration screen.

Cortona Setup Screen
Cortona setup screen.

5. It is Complete

After everything is complete, if there are no issues, you will be presented with the following screen.

Windows 10 Creators Update Thank You
Windows 10 Update Assistant Thank You screen.

Noticeable Changes

I immediately noticed that the iMac on which this upgrade was performed seemed to run much quicker than it previously had. It is hard to tell if this is due to the optimization of Windows 10 in this update or because the update was like refreshing the system. Applications seem to launch faster and boots seem quicker, as well.

What results have you noticed after the update?

Post a comment below with anything you experienced or what you think about the Creators Update.

How to Stop ISPs From Selling Your Browsing Habits

Laws are beginning to change around what Internet Service Providers can do with the data they collect on the browsing habits of their customers. This has raised concerns with some customers regarding their privacy. People are now looking for ways to keep their browsing habits private and away from their Internet Service Providers. While there is a lot of information on the Internet already on exactly how to achieve the results desired, not all of it is equal. We would like to take the time to clear things up and raise awareness for what is now becoming a concern for many.

Disclaimer: There is no such thing as “perfect security.” None of these methods provide a perfect way by which to protect your browsing habits from being seen by everyone. The main purpose of the article is to merely make it harder for your Internet Service Provider to track your browsing habits, so they cannot use it for monetary gain.

Secure Sockets Layer (Native, Free)

Secure Sockets Layer, commonly referred to as “SSL,” is a method by which two computers can communicate with one another in a private, authenticated manner. Most people encounter SSL when they browse the web with their favorite web browser. It is the underlying technology that allows us to login, bank, shop, and do so much more, all securely. It also does not allow for any eavesdropping of the communications between the two computers involved. At this point in time, this means even your own Internet Service Provider (or anyone else in-between) cannot peer into the information that is being sent back and forth–it is encrypted.

Even though this is a great solution that works natively and automatically, it does not stop some browsing data from “leaking.” The leaked data to which we refer is the initial request for the website. An Internet Service Provider and everyone else can see this initial request for the website. After the initial request is sent, all other browsing data transferred is protected once the SSL connection is established. A SSL connection can also be verified in most browsers by looking at or near the address bar and finding a padlock symbol or the word “Secure,” in the case of Google Chrome, at the time of this writing. One may also look for the term “https” in the URL of a webpage.

Since SSL also provides authentication, many websites are moving in that direction already, so it is a very seamless process for those browsing. There are also popular browser plugins like “HTTPS Everywhere” that attempt to always establish a SSL connection to a website when possible.

Virtual Private Networks (Paid)

One way to combat the initial data leak issue of SSL is to attempt to anonymize browsing habits. A good way to do so is to use a Virtual Private Network, or VPN. There are many different uses for VPNs, but for the purpose of anonymizing browsing habits we will involve a VPN provider. There are many reputable VPN providers, so our intention is not to provide a list. Instead, feel free to contact us if you have concerns about reputable VPN providers.

This technology allows a subscriber to form a secure, virtual private tunnel to the servers of a VPN provider in order to encapsulate all of the data being sent between the subscriber and the VPN provider. This includes the initial request for a webpage that using SSL alone does not protect.

The anonymization of the data comes from how browsing data goes out onto the Internet after it reaches the VPN provider. It goes out along with the data of everyone else, from the same point of origin. Finding the browsing data of one specific person once it emerges onto the Internet from a VPN provider has been likened to trying to find one specific snowflake during a blizzard in the middle of winter. While it is not impossible, it is highly improbable.

Tor Onion Network (Free)

A free alternative to using a paid VPN provider is to utilize the Tor Network. We understand there are a lot of negative connotations associated with the Tor Network and a lot of people avoid it for this reason, but it has legitimate uses. The Tor Network allows one to anonymize their browsing habits in much the same way as that of a VPN provider. The way it differs is that it encapsulates all of the transmitted data in the same way Russian Nesting Dolls encapsulate smaller dolls within ever larger ones. In this analogy the browsing data is the innermost doll and as the data is passed along the network each “node” removes one encapsulating doll until the browsing data emerges at the end of its path, at the “exit node,” and is sent to the intended website.

Much like the VPN provider, an “exit node” in the Tor Network does have access to all of the browsing data in an unencrypted form as it exits the Tor Network and emerges onto the Internet, but the best way to deal with this is to also use SSL.

Security in Layers

The best solution at the time of this writing is to use a combination of SSL and either a VPN provider or the Tor Network. In this way, the initial request for a website is anonymized and all of the data transmitted between the website and the computer used for browsing is encrypted and authenticated, end-to-end. While this is not a perfect solution, it does serve its ultimate purpose of stopping Internet Service Providers from seeing what requests and data is being transferred across their network, when privacy is the main concern.

This blog post also appeared on the InfoTECH Solutions’ Blog.

CompTIA Cybersecurity Analyst+

There are many people that have taken what is considered the Trinity of CompTIA: A+, Network+, and Security+. But, what comes after Security+? Some people in the security industry suggest tests like the CompTIA Advanced Security Practitioner (CASP), Systems Security Certified Practitioner (SSCP), or even the Certified Ethical Hacker (CEH) exam, but those seem like a jump away from the fundamentals that Security+ offers. That is why CompTIA has introduced an exam that fits in between Security+ and CompTIA Advanced Security Practitioner (CASP) called CompTIA Cybersecurity Analyst+ (CSA+).

CompTIA Cybersecurity Analyst+ (CS0-0001)

Like any other exam from the people over at CompTIA, the Cybersecurity Analyst+ test is vendor neutral. It aims to test applicable knowledge with tools used by security professionals for tasks such as threat detection, data analysis, and vulnerability assessment. The ideal candidate should also know how to detect and combat malware and Advance Persistent Threats (APTs) through skills such as user and network behavior analytics. They should be able to show proficient use with tools such as Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Security Information Event Manager (SIEM), and packet sniffers.

Experience

It is recommended that the candidate looking to take this exam should have 3-4 years of experience in a security role. But, if a candidate feels they do not have the required experience required to take Cybersecurity Analyst+, Security+ is a good exam to take first. For candidates with almost no security experience or knowledge, it is recommended the candidate sit for Network+ to demonstrate core competencies required for Security+ and then Cybersecurity Analyst+.

Exam Objectives

Domain % of Exam
1.0 Threat Management 27%
2.0 Vulnerability Management 26%
3.0 Cyber Incident Response 23%
4.0 Security Architecture and Tool Sets 21%
Total 100%

Testing Methods

The Cybersecurity Analyst+ exam is comprised of both multiple choice and performance-based questions. Overall, the exam has 85 questions and allows one to sit for 165 minutes (2:45 H). The performance-based questions are simulations of tasks performed by security analyst in their daily roles. Candidates may be requested to look over log files, tool output to determine false positives, or Event Viewer logs to determine systems with malware. In order to prepare for these questions, CompTIA recommends experience with open-source analytics tools, team work and cyberwarfare exercises with red teams (pen testing) and blue teams (incident responders).

Software

In order to prepare for the Cybersecurity Analyst+ exam, some of the mentioned open-source platforms include Wireshark, a popular packet sniffer; Bro and Snort, two popular Intrusion Detection Systems; and AlienVault Open Source SEIM, a popular Security Information and Event Management (SIEM) platform. The exam is not limited to these softwares, nor is their inclusion an indicator that they will be included on the exam.

Launch Date

At the time of this writing, the CompTIA website states that the exam will be available on February 15, 2017 and will cost $320 for one exam voucher. Potential candidates can also signup for more details at the bottom of the new page and receive sample questions and exam objectives.

You can also download CompTIA Cybersecurity Analyst+ Exam Objectives.

Wiley also has a book, CompTIA Cybersecurity Analyst (CSA+) Study Guide: Exam CS0-001, written by Michael J. Chapple and David Seidl.

How to Install VirtualBox Guest Additions in Security Onion 14.05

After having to piece together a VirtualBox Guest Addition installation method from some old articles, I decided to put together one for Security Onion 14.05.

Once you have Security Onion 14.05 installed and running, start the Terminal Emulator and walk through the following commands, one-by-one:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
sudo shutdown -r now

After the reboots, launch the Terminal Emulator and run the following commands:

sudo apt-get install build-essential module-assistant dkms
sudo add-apt-repository universe
sudo apt update
sudo m-a prepare

In the virtual machine window, select Devices > Insert Guest Additions CD image

cd /media/%username%/VBOXADDITIONS (tab complete)
sudo ./VBoxLinuxAdditions.run
sudo shutdown -r now

After the reboot, the VirtualBox Guest Additions should be installed and all features should be available.

As a last step, select Devices > Optical Drives > Remove disk from virtual drive…