Category: Technical Issues

The Virus Checker Website

The website VirusTotal at https://www.virustotal.com was created to help people identify computer viruses. It does this by analysing infected files or URLs supplied to it and it’s a free service.

VirusTotal inspects items by using 70+ antivirus scanners and URL/domain blacklisting services, plus a range of tools to extract signals from the studied content.

How to use the Website

You can select a file on your computer and upload it to VirusTotal in your browser.

There is also the option of desktop uploaders, browser extensions and a programmatic API if this is to become a regular practice.

As with files, URLs can be submitted via several different means including the VirusTotal webpage, browser extensions and the API.

How Does the Virus Checker Work?

A submitted file or URL is scanned and the results shown on screen. The data and results are shared with VirusTotal partners who use the results to improve their own systems. As a result, by submitting files, URLs, domains, etc. to VirusTotal you are contributing to raise the global IT security level.

Scanning reports produced by VirusTotal are shared with the public VirusTotal community. Users can contribute comments and vote on whether particular content is harmful. In this way, users help to deepen the community’s collective understanding of potentially harmful content and identify false positives (i.e. harmless items detected as malicious by one or more scanners).

Commercial Service

The service provides qualified customers and anti-virus partners with tools to perform complex criteria-based searches to identify and access harmful files samples for further study. This helps organizations discover and analyse new threats and fashion new mitigations and defences.

VirusTotal not only tells you whether a given antivirus solution detected a submitted file as malicious, but also displays each engine’s detection label (e.g., I-Worm.Allaple.gen).

This is a valuable resource in the fight against computer viruses.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

ISO27001 Information Security

ISO 27001, also known as IEC 27001 is an information security standard and is published by the International Organization for Standardization  and the International Electrotechnical Commission.

Most organizations have some information security controls, but these may not be sufficiently comprehensive in their coverage. An information security management system (ISMS) can remedy this situation.

It specifies a management system and gives specific requirements. Organizations that meet the requirements may be certified by an accredited certification body following successful completion of an audit.

ISO 27001 requires that management:

  • Systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities, and impacts
  • Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable
  • Adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis

The ISO 27001 certification, like other ISO management system certifications, usually involves a three-stage external audit process.

Stage 1 is a preliminary, informal review of the ISMS, for example checking the existence and completeness of key documentation such as the organization’s information security policy, Statement of Applicability and Risk Treatment Plan. This stage serves to familiarize the auditors with the organization and vice versa.

Stage 2 is a more detailed and formal compliance audit, independently testing the ISMS against the requirements specified in ISO/ 27001. The auditors will seek evidence to confirm that the management system has been properly designed and implemented, and is in fact in operation (for example by confirming that a security committee or similar management body meets regularly to oversee the ISMS). Certification audits are usually conducted by ISO 27001 Lead Auditors. Passing this stage results in the ISMS being certified compliant with ISO/ 27001.

Stage 3 is Ongoing and involves follow-up reviews or audits to confirm that the organization remains in compliance with the standard. Certification maintenance requires periodic re-assessment audits to confirm that the ISMS continues to operate as specified and intended. These should happen at least annually but (by agreement with management) are often conducted more frequently, particularly while the ISMS is still maturing.

For detailed information on ISO 27001 refer to https://www.itgovernance.co.uk/iso27001

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Stop Remote Desktop Access

Remote desktop / remote control desktop / remote desktop protocol means to take control of one computer from another one.

This can be very useful if say you need to work at home but access some services from your workplace or files off your work computer etc.  It’s also used extensively by IT support staff.

Within a company network it can be safe but if you open your firewall to allow remote access through the firewall then this can be a problem.

Microsoft’s implementation of remote access has vulnerabilities that the hackers know about and they scan IP addresses looking for anyone that has left that door in their firewall available (typically RDP is on TCP port 3389).

Security experts believe that this vulnerability is extensively used by ransomware spreaders who can then bypass the password check and gain access to your systems.

If you use remote access through your firewall – make sure you’re safe or turn it off permanently.

Can There Be Safe Remote Access?

This depends on exactly what you want to achieve but the general advice from many security experts is to use a Virtual Private Network or just don’t allow remote access from outside of your firewall.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature