Tuesday, October 25, 2016

Secure your site using Cloudflare for free

Want to secure your site immediately due to the rise in DDOS attacks?
Use Cloudflare

what is cloudflare?

It is a CDN - Content Delivery Network, with added security measures.

In short it caches your website content across all its servers around the world. So that it can serve your website consumers at a quicker pace.


While preventing your site from a DDOS attack / Spam Bot/ SQL Injection. There are many players in CDN which is led by Akamai. 

Usage of cloudflare is known to improve the performance of your website and the security.
The process is fairly simple. Try it out.


Monday, October 17, 2016

Ransomware Risk Mitigation


RANSOMWARE:
Malware that locks/encrypts your system / files and requires you to pay a ransom amount to decrypt/unlock your system/files.


RANSOMWARE is a serious issue addressed by all the AV companies and the security agencies like the FBI.
The average ransom demand is now $679

RANSOMWARE targets end users and targets on enterprise users is on the rise usually by spear phishing emails.


Stages of RANSOMWARE:

Infection: The script / program / exe file that contains the code to encrypt all your system files.

Search & Encrypt: Most of the times, the file type is configured. The script searches for system files / .docx xlsx and other specified files and starts encryption.

Notification: The affected system is notified that the system is locked and a ransom needs to be paid.
Along with a countdown timer indicating the time left to pay ransom after which you will never be able to recover the data. 

Something like this:


RANSOMWARE is not a Virus.

RANSOMWARE informs the user after the attack and requires you to pay up to free your data which is held ransom.

Why isn’t your antivirus/ security suite not enough?
AV’s work on signature recognition of a file / program to detect whether it is a good egg or a bad one.

There are quite a few famous RANSOMWARE such as TesCrypt, Locky, Waltrix etc. But the main problem is that there are many types of custom RANSOMWARE. Which renders the signature recognition useless. 


Ransomware has gained a lot of steam in the past year. It has even evolved to “Ransomware as a Service”, it is being sold on the market like any other software service. One might also witness a very immense competition between rival groups, with each group sharing the decrypting keys of its rival.


Preventing a RANSOMWARE Attack:

Employee Training: Most of the employees working in enterprise / Health Industry are not aware of RANSOMWARE. They need to be made aware and trained in how to prevent and report such an occurrence.

Phishing: Beware of phishing emails. RANSOMWARE can also be disguised in macros and sent across via email stating “2016 Store Rollout Plain.xlsx” (something that looks genuine) Macros have unlimited ability to execute a program or script.  Disable macros when not required.

Click Bait: Many links are leached with RANSOMWARE infections causing the script / payload to download via JavaScript and other means and affects the system

Internet: If you are aware that files are being encrypted, shut down the internet immediately and also power off the system. This will help you in preventing the infection spread. Disconnect any network drives connected to the system. As RANSOMWARE has a tendency to go after it too.

Backup: Have a scheduled backup taken often. In case of RANSOMWARE infection system can be restored using the backup/ windows restore. Beware some RANSOMWARE even encrypt the shadow/ backup files.

Public Wi-Fi: Beware of public wifi’s best if you prevent using public Wi-Fi for official work. Using man in the middle attack via a pineapple router the attacker can easily move the infection to your system.

Update: Keep updating your system via patches and the softwares, applications which you use regularly to safeguard against the latest vulnerabilities.

Show Hidden File Extensions:  This could prevent the user from running an exe file disguised as a video or picture file.

Misc: You will need a behavior driven detection system that looks out for malicious activity of a program or a user. Since RANSOMWARE attack can be unique every time, having such a detection system will truly serve the purpose. Ex: https://www.barkly.com/


In case you are attacked:
·         Inform the authorities.
·         Isolate the system from network.
·         There are many free tools out there that might help you unlock. You may try them. Ex: Trend Micro Crypto-RANSOMWARE File Decryptor Tool
·         Paying the Ransom should be your last option. Many organizations have ended up paying. Many cases the decrypter key is not provided even after the payment of the ransom.

References: Osterman Research

Wednesday, October 12, 2016

JMeter Memory error

As I was running a load test on an WCF service for the first time with JMeter, once the samples reached 30k the JMeter UI froze up and I had to close JMeter abruptly. I happened to check on the JMeter logs and found that this was the last entry
jmeter.threads.JMeterThread: Test failed! java.lang.OutOfMemoryError: Java heap space

As usual I turned to google and found out that this error can be forgone by increasing the Java heap space.

This line in  jmeter.bat or jmeter.sh script which tells the launching instance of JMeter how much heap size it should use. 

JVM_ARGS="-Xms512m -Xmx512m" jmeter.sh

I changed it to -Xms1024m at both places and relaunched JMeter.  (Please Note that your system that has JMeter setup has sufficient RAM )

It FIXed the problem. 

I am able to test the application now, crossing the previous 30k sample and going beyond till I stop the test manually.

Also I found the below article with a couple of more fixes that you might need in case you are facing the above error still.