SSH on Windows 10 with Fall 2017 Update!

Featured

It has come to my attention that you can now install SSH on Windows 10 version 1709 “Fall Creators Update” (OS Build 10.0.16299). To find what version of Windows 10 you are currently running, hit Windows Key + R and type winver.


windows-10-1709.png

Installing OpenSSH on Windows 10 is done inside the Optional Feature section. You simply have to type in Manage Optional Features into the Windows 10 Search. Open the result. That is a lot of manual work, but it can be done with PowerShell or CMD line, located at the bottom of this post.

2017-11-28 14_03_09-.png

Once the window is open click on Add a Feature. Here you will see OpenSSH Client (Beta) and OpenSSh Server (Beta). Select the OpenSSH Client (Beta). It will install in a matter of seconds.

You will need to do a reboot, but soon as you are back into your system you can simply open up PowerShell or the Command Prompt and type ssh. This is because openSSH client binaries have been appended to the System Environment Variables PATH.

OpenSSH is still in beta and therefore has limitations, but this is still a great feature to have on Windows 10. Working with a lot of Linux distributions in the Public Cloud offerings use to be a hassle. No more PuTTY, PSEXEC or WinRM!

You can simply do it with PowerShell as well:

get-windowsoptionalfeature -online //This list all optional features
get-WindowsOptionalFeature -Online -FeatureName "*OpenSSH*" //This only find the feature with OpenSSH
Enable-WindowsOptionalFeature -Online -FeatureName "*OpenSSH*Client*" -All //This install OpenSSH Client

//Disable the Optional Feature by
Disable-WindowsOptionalFeature -Online -FeatureName "*OpenSSH*"

Or with command-line

<span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span>
dism /online /get-capabilities | findstr /i "OpenSSH.Client"
Advertisements

Meltdown and Spectre vulnerabilities — PowerShell Script

Microsoft has released a PowerShell module that lets the average user check if the chip vulnerabilities are enabled on your system or not. Microsoft has already known about this issue since June 2017, but has only started to release the update for Windows OS. To make sure that you pass the checks, you will need to have an updated Windows OS with the January 2018 Security updates, and the BIOS/Firmware update for your PC.

I thought it would be best to provide the average computer user a quick way to test the system and therefore I have created this simple script. This script first turns Admin mode on, but that might require you to confirm the User Account Control (UAC) window. Then it will make sure ExecutionPolicy is set to RemoteSigned. After this, the script will check to see if PSRepository called PSGallery is trusted. Once all of that is done the script will run SpeculationControlSettings and give you an output like this.

You can find the script explained below or download it from my GitHub page.

The image above is full of read and False checks, but take a good look at the suggested actions. Installing/updating BIOS/Firmware and the January 2018 Security Update will fix the False readings to true. I am unable to install the BIOS without Company Admin password, but I have installed the January 2018 Security Update. You can see that image below.

 


### Checks if Administration mode is on ###
Function Test_Admin {
$currentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())
$currentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)
}
if ((Test_Admin) -eq $false) {
if ($elevated)
{
# tried to elevate, did not work, aborting
}
else {
Start-Process powershell.exe -Verb RunAs -ArgumentList ('-noprofile -noexit -file "{0}" -elevated' -f ($myinvocation.MyCommand.Definition))
}

exit
}

### Runs Meltdown_Spectre Script ###
Function Meltdown_Spectre {
Set-ExecutionPolicy RemoteSigned -Scope Currentuser
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
Get-ExecutionPolicy
Install-Module -Name SpeculationControl
Import-Module SpeculationControl
Get-SpeculationControlSettings
}

Function Run {
Test_Admin
Meltdown_Spectre
}

Run

How Cyber Extortion will affect GDPR

GDPR has been on everyone’s mind for the last 2 years, especially the organizations that do business in Europe. GDPR is all about accountability – organizations must comply with these new regulations, and they must demonstrate their compliance with detailed documentation. This documentation must showcase that there is a process in place that ensures that personal- and sensitive data are protected and/or can be deleted at the request of the user/organization.

Credit: shutterstock.com

This post is not created to give a complete understanding of the full extent of GDPR, but to point out a trend in the cyber extortion otherwise known as hacker blackmail/ransomware. This can be defined as an online extortion, by holding data hostage. It sounds scary, and under GDRP, any ransomware attacks must be notified within 72 hours of discovery. This could without a doubt hurt the organization’s publicly, and also have financial consequences, but it is a requirement that information about organizations that haven’t complied with GDPR is made public.

The picture above shows the WannaCry ransom note. During the WannaCry outbreak, bitcoin was used to pay the $300 demand needed to unlock the data. Since bitcoin uses blockchain technology, a twitter account called @Actual_Ransom has been following the three blockchains. WannaCry gained around 60 bitcoins, and that is still rising today. If we use today’s bitcoin prices 1 BTC equaling 16,834 USD, the total price for 60 BTC equaling a staggering 1,010,070.40 USD. It is crazy (and scary) to think about the fact that the increase in popularity of bitcoin/cryptocurrency has fueled cybercriminals.

GDPR is coming into force on 25 of May 2018 – security experts predict that hackers or scammers will begin to steal data with ransomware, and then blackmail the victims by threatening to report them to GDPR commissioner. Paying these criminals ransom might be cheaper than risking the maximum fine of either 20 million EURO or 4% of the annual turnover of the organization.

So – how can one protect oneself from this?

Cyber extortioners make easy money by using ransomware, but we must first debunk the myths of what can protect you.

Firewalls or other perimeter defenses are just that – defenses that try to protect you, but even they might not have the correct tools. Most organizations today are not using best practices. Cybercriminals are successful because unused ports, or outdated security protocols are still in place.

Internal IT has a lot of pressure, and are always being downsized, because IT doesn’t make money directly. Many organization’s IT infrastructure was created years ago, and the people that implemented it have since left, leaving gaps of unknown security risks. IT Administrators do not always follow the best practice security approach, mainly because security has been on the back of people’s mind for so long.

Backups are the most overlooked myth. Usually people take backups, but do not actually know how to restore from those backups. Also, organizations often never monitor backups, thus resulting in incomplete backups or filled backup drives.

I remember when I was working in the US and we got affected by ransomware. The first thing I did was to instruct all the employees to unplug the ethernet cable from their computer. This immensely stopped the attack, and allowed us to isolate the computer(s) that got infected. As soon as we found out the user whose computer was infected, we also disabled the Active Directory rights for that user. This brings us to the first prevention method.

  1. Disconnect from the network immediately, when a breach has been discovered, to reduce not only the amount of your files to be encrypted, but also the files in the shared folders that you could be connected to.
  2. Do not make payments. Shortly after WannaCry was spreading around the world, the company who leased the email account that allowed you to receive the code in the ransom note was turned off. This caused a lot of organizations who already paid ransom, to not receive the so-called release code. Studies show that only 33% of companies received a release code.
  3. Consult third-party cyber security experts/organizations to frequently attack your organizations IT infrastructure or applications. It could also be useful to test the feedback of the staff by sending phishing emails to employees as well.
  4. Backups are listed as a myth, but if done correctly with a detailed backup and recovery test done at least quarterly, could prevent your data being locked out due to the cybercriminals.

Esther Pauline “Eppie” Lederer who used to be an American advice columnist wrote back in 1975, “If you think education is expensive, try ignorance”. This is still true in today’s digital world. Internet ignorance all starts with people’s blind belief that they are secure. Organizations do not spend enough time training their staff in security awareness, and people generally feel a false sense of security provided by firewalls and virus protection software. Organizations will undergo major changes in the coming months due to the new GDPR requirements. This change brings a wonderful opportunity for organizations to go through their security protocols, and spend some time educating every level of employee on how little it takes to be attacked, and how major the impact of a simple attack could be. Cyber extortioners are just sitting there, waiting for us to make a single mistake.