File Auditing is a MUST for Server Admins

File-Count Audits are a necessity in modern computing and security. Any number of security and auditing tools will automate this process for you, and notify you of discrepencies, but even the smallest IT firms can easily perform this task by hand with a simple search application. First, let’s discuss why.

Recently, companies as large as LexisNexis had their networks compromised by files that could’ve been anything from remote access trojans to botnet zombies. One article on Slashdot mentions that a file named nbc.exe was placed on the servers and resided there for months. Months!? Really? Nobody caught that? The file name is obviously suspicious, but not once did it come up in an audit of new files? People fall for “system.exe” or “OS.exe” or “Windows.exe” all the time – but to have a corporate server with a file named nbc.exe and nobody to take a second glance at it is quite poor.

I get it, some companies have extremely large datasets. Auditing every little change might be practically impossible, or at the very least, excruciatingly expensive (both in terms of financial and system resources!). Still, even when the data you house changes, it isn’t typically going to be executable data. This is an easy thing to spot! Even free tools like the one shown above, WinDirStat, can be used to keep a running count and list of .exe files on your server. Your .exe filecount should practically never change, particularly without your knowledge. Some Windows Update installers / uninstallers might include new .exe files, but typically your server isn’t in a position to have the active number of executable files in flux.

Say you even have User directories on your Active Directory server, and a user uploads a .exe file into their directory. You still have no reason not to audit the contents of those directories, and perhaps enforce a security policy that executables cannot be stored on the server.

Performing a file-count audit once a month, even if it is just of critical filetypes such as .dll, .exe, and .bat; simple behaviors like this can protect you in the long run. Even if you don’t know every file name in every folder, just get a count of how many .EXE files there are, and if that number changes without you doing something, then you can pull the list of executables. Even with nothing to compare it to, I would hope a name like “nbc.exe” would jump out, particularly if it were in a nested folder where nobody would normally place a file. Use common sense and protect yourself, your company, and your customers.

A call for stronger key lengths

I remember when a 128-bit SSL certificate meant that my transaction was secure. Now we’re wondering what gaps in the security there may be, even when looking at 4,096 bit encryption!

When we’re talking “key length” – we’re talking about those number of bits we use to “measure” encryption for every day purposes. A key allows you to then decrypt the encrypted data (a file, a picture, a credit card number, etc…). With good security practices the key is not related to the crytographic method used to obscure the data, it is merely what allows you to then decrypt the file. Kind of like how your car key doesn’t actually start the engine, it just triggers the ignition to do the rest for you. A higher “bit value” means there are more possibilities for each key, the integer multiplied by powers of two.

All of that aside, when we talk about something being “4,096 bit” – currently considered highly sophisticated encryption – we’re still only talking about a comparitively small amount of data. CPUs are getting faster by leaps and bounds. Memory is so widely available that sloppy coding has been “Standard Procedure” for over a decade. Storage drives are getting physically smaller, while storing more data than ever before in human history. You can walk in to a store and buy a 3TB hard drive. In the 1980’s, terabytes were still theoretical measurements. So I ask – why are we “settling” for encryption like 4,096 bit? Shor’s algorithm seems to be on path to crack every password and read every encrypted document that you’ve ever created, so why not lock things down tighter.

Google has stepped up encryption plans in response to the NSA news going public, but that is only half of the battle. It is also nothing more than a PR battle – Google knew what was going on, they were the ones who complied. To make a sudden scramble and speed up their implementation is only for show, it’s not like they were as surprised about the leaks as the rest of us. It just irks me that they’re going for brownie points with this stunt, being so public about it.

I believe that everything should be encrypted, all the time. HTTPS shouldn’t be necessary anymore, HTTP should simply exist as a secure platform. As should all of the data stored on your computer, and on the web. After the revelations that these large companies have been buddy buddy with the NSA, it’s safe to assume that things like Microsoft’s “Bitlocker” encryption isn’t enough. We need something better, something open source and publicly verified by many independent voices. And not only that, but something that is strong. If I used 2:1 encryption on every files on my hard drive at work, I would still have a massive amount of free disk space. Computational limitations of encryption are of no concern to nmost people as memory, storage capacity, processing power, and bandwidth get larger and larger. Take my 60GB of data, wrap it with 120GB of fluff, so now I have a total of 180GB sitting on my disk drive. So what, I still have 820+ free gigs of storage!

As encryption gets better, crytographic keys need to become stronger. Eventually we’ll move beyond passphrases and keys, passwords and PINs… voice encryption, retinal scans, and finger print identification… those are possible, and just the tip of the iceberg when it comes to security. Heartbeats, thoughts, even the way we breathe are all being experimented with as methods of identification. But who knows what it will take to ensure our security and privacy in the future.

Maybe the political divide ISN'T as bad as it seems

On this September 11th anniversary, I find myself reflective. It seems like every time I go on Facebook, someone is posting something politically charged. I’m guilty of getting involved in the conversations, myself, but it really does seem rampant. Even outside of election seasons. It’s like it never stops! But I’ve been thinking lately that maybe things aren’t as bad as they seem.

Facebook has allowed everything from rumors to facts to be spread with speed and ease never before seen. Insults fly back and forth just as fast as they did in “chatrooms” over a decade ago. It’s the fact that content doesn’t need to be generated, it can simply be shared, that helps account for the volume of armchair activism we see today. Clicking the like button or the share regurgitates the same message out to hundreds of your friends – no need to fact check or verify, leave that to someone else. It’s on the Internet, someone else must have referenced it – you can’t put it on the internet if it’s not true.

But all jokes aside, maybe things aren’t as bad as we have the impression they are. People are partisan. Even those who try not to be will undoubtedly have a vehement reaction to something, they just haven’t found their hot-button issue, yet. But the reason we think it is worse than it is, is because we are further outside of our comfort zones than we have ever been as a society. It’s not just 24 hours news networks. It’s not just access to websites that will always promote “your point of view” (this is the Internet, SOMEONE out there will agree with you, no matter what your views are). It’s the fact that we are suddenly “friends” with people we don’t see eye to eye with. Your “Facebook friends” aren’t like your “real life” friends. They are people you went to high school with, people you’ve worked with, people you went to college with. Some of them are friends of friends, or people you know from an organization or met at an event. Fifteen years ago, you would surround yourself with likeminded friends, the people you knew in high school or college and actually spent time with them. If someone drove you crazy, you would slowly weed them out of your day-to-day life, and just have polite conversations here and there. But here in 2013, you don’t want to “unfriend” someone because they could be offended – or if you’re stubborn, you certainly wouldn’t want to give them the impression that they “won” some kind of argument on the Internet!

I’m trying, very hard, to not have the same grim outlook that Jeff Jarvis has today. Maybe the political divide isn’t as bad as we think it is. Maybe we’re just finally seeing it for what it is. Maybe we’re finally able to see more than our own side. And maybe that’s a good thing.

Why an iPhone 5C could be a bad idea

photo credit: Sonny Dickson

Today, I expect Apple to make a mistake. Now, I could be wrong, but here is my brief prediction for today’s press conference.

Apple will announce the new iPhone “5S” – faster than the iPhone 5, 128 GB of storage, and available in traditional white, black, and the new Champagne Gold. Distinct from that will be the iPhone “5C” – a phone nearly identical to the current iPhone 5, but available in a variety of new colors, similar to the old iPod lineup. A rainbow of color available, but on an underwhelmingly basic phone.

Why this is a mistake: Apple is simply leaving money on the table. While I have no doubt that people who already own the iPhone 5 would drop everything just to have a green or blue or pink iPhone 5 (and thus Apple is still going to make money) those same people would also love to have the “upgraded” and higher performing “5S” type model. But the 5S, I believe, is going to remain exclusive, and only be available in one new color – so that the elite status of the iPhone 5S owner can be shown off.

Others have made similar predictions, but I seem to be the only one out there who thinks this is a terrible idea on Apple’s part. Microsoft just picked up Nokia and is going to start gaining steam. Google already has the Motorola team and is working on future Nexus devices. Competition is heating up, and the iOS7 announcement didn’t seem to really “do the trick” for a lot of people. Apple’s responsibility to its shareholders is to profit as much as possible. The person who wants a cool color can also be the person who wants a faster phone. Again, my prediction is that the 5C will be more budget priced and the specs will be nearly identical to the existing iPhone 5, but the “5S” that is likely to launch with the new champagne gold color I expect to add a little bit of CPU performance, possibly even 128GB of storage, because, why not? So will Apple actually make this mistake? Or am I off base and all of the speeds, and sizes, and color options will be available to all buyers? We’ll find out. But I’ll tell you one thing: I expect sales of clear iPhone cases to rise!