IT Security BS Degree Completed, Now What?

Yes, I finally finished my BS degree in IT Security a few months ago (little late with the message, I know). I feel that I learned more about IT Security related topics in the past few months due to already being in the IT Security position at work so the last few classes were somewhat easy. My last course was Linux as I wrote about before so I've been concentrating on learning as much about Linux security as time will allow during work. We have a few Linux devices here but I've mostly been learning penetration testing and vulnerability scanning with the help of Kali Linux (formerly known as Backtrack). I've been successful on a couple of social engineering attacks on a lab network and just making sure I do what I can to be ready to do some real testing on our network when appropriate. I see how even the good hackers can get in trouble, if you do not know what you are doing, it is very easy to take down a network, PC or server. I'll post more soon with maybe an example of some of the tricks I've learned. 

Hard drive dead, no backup!

Most of you know that this blog discusses computer related topics such as troubleshooting, virus protection and system recovery. There are more topics as well and in the system recovery category, I guess I should discuss more on hard drive backups. About two weeks ago, my 1TB hard drive died and I was unable to recover all my data (more on this in a minute). I had no recent backup stored somewhere else so I had to realize that I had lost that data forever unless I were to pay for a data recovery company to attempt to recover my data for me but those places are usually very expensive. After thinking about that option for a few days, I realized that 99% of my data was not critical to begin with so I began to relax. My wife on the other hand realized the fact that most of our recent pictures of our family had been lost because she was copying them to my hard drive.Being in the IT industry for over 10 years now, you would think I would know to back up my data on a regular basis. Truth is, I do know it, but was just lazy enough to think it would not happen to me. Anyway......I learned my lesson.

So, after she told me that, I decided to attempt to recover the data. I hooked up my hard drive with an external USB connector that allowed to me to see some of the data but not all of it. I recovered most of the pictures that she saved but the rest of the hard drive was corrupt. She is happy and now I will discuss what I should have done from the start:

1) Backup data regularly! This is essential for critical data such as financial and personal documents. There are multiple ways to backup data and for the sake time, I would recommend for starters, just use an external USB hard drive. 

2) Backup your backup data regularly!  What does this mean? It basically means to keep multiple hard drive backups. Why, because that shiny new external drive that you just purchased could go bad at any time too. So the best way to keep your data safe is to have multiple backups available.

3) Take advantage of free online hard drive backup options.  There are multiple online backup sites these days so I will just recommend a few that I have heard of that again are FREE up to a certain amount of data. If you want to back up a huge chunk of hard drive data, you will have to cough up some cash to do so with these sites. 

 ***Warning*** Never use an online site to backup certain critical data if you do not feel comfortable that your data will be safe or not. (Most) of these companies do encrypt the data that they backup but it is online and using their storage servers so just be careful on what you decide to backup. A website that I would recommend is Sugarsync. They accomplish the following:

It will automatically synchronize/backup your documents and has the security features below:
- Files are transmitted encrypted (128 bit AES) via SSL using a once only key.
- At the SugarSync end they are stored encrypted on one server and the keys stored on another.
- The keys are random and not generated from email addresses.
- Keys are accessible to some SugarSync employees, hence also files could be provided by SugarSync in response to a court order or search warrant.
- There is no encryption key stored on your computer.
You just select folders to be synced using check boxes and exclude sub folders not to be synced. For those wanting a special folder like Dropbox (another popular option), SugarSync also provides one called Magic Briefcase and there is a non-synced Web Archive.

In the end, Dell replaced my hard drive under warranty since it was less than 3 years old, but recovering all of my data would have cost me anywhere between $300-$2,000 depending on how bad the condition of the drive is. 

What do you use for data backups? Would you consider using an online backup solution? 


Power Supply or Systemboard?

A few days ago, a friend of mine asked me to fix his PC that would not turn on. I asked him all of the usual questions: (as I was thinking in my head is it going to be the power supply or systemboard?)

When did this start?
Last night when I was trying to turn it on.

What happened before this? The computer just shut off by itself.
Has it ever done this before? No

So from there, I began thinking in my head on at least 3 reasons why a computer would not turn back on:

1) The power supply unit (PSU) is dead.
2) The systemboard is dead.
3) The CPU is dead.

Based on 10 years of experience, these are the top 3 reasons that a computer would not turn back on after pressing the power button. I agreed to take the computer home and begin troubleshooting. First thing I did was clean the inside of the PC since it was full of dust. I have had other instances where a PC did not power on and after cleaning out the dust, it was perfectly fine again. Next, I tried turning on the computer and obviously, it did not power fans running....nothing. BUT, the green light on the power supply was working as well as the little LED light on the systemboard. Although I initially thought that the PSU was infact dead, I started doubting myself after reading some online troubleshooting about this type of issue.

Sidenote: Always go with your gut instinct....I am learning that this is true for multiple things in life. 

So since at this point thinking that the power supply is dead, I tell the client that either the systemboard or CPU are most likely the issue. I advised them that unless we replace both at once, it is difficult to tell which one might be bad. I took a chance thinking it was the systemboard so I purchased a replacement one online and tested it. Guess what.....SAME ISSUE!!! The computer still did not turn on! 

I then remembered that I had a spare PC in my closet that I do not use often and I figured that I could use the power supply from it to test with.....sure enough, the PC booted up like normal. But all of the online troubleshooting I did lead me to believe that the power supply was bad......

So I decided to test the PSU offline with the
paperclip method. (Please adhere to the caution warnings when trying this). The PSU worked! But it was obviously still bad because it was not powering on the computer. It may have been generating minimal power due to the paperclip but that's it. 

Conclusion......after ordering a replacement power supply, the computer is back up and running. I was able to return the systemboard since it was not the issue. Again, it is tricky to troubleshoot power issues when some lights come on or fans work, etc. The best way to be prepared is to have a spare part to test with. And again, go with your gut instinct! If I would have tested my spare power supply first, it would have saved me time and money.

One more class left, why not take Linux?

So after this semester, I have to take one more elective to graduate with my BSAS-IT degree from USF. It can be any upper-level course but I figured that I would stay true to form and finish up with an IT course if possible. After looking through many courses, I figured that Linux would be a perfect fit since most of the hacking tools I have been learning about seem to use some form of Linux and I really do not know too much about the OS. 

To get ready for Linux, I installed a Linux OS version called
Kubuntu since it somewhat resembles using a Windows based GUI. I will play around with this version before class starts in January to get the feel for some commands. I also installed BackTrack penetration testing tool so I can begin to learn it as I am learning Linux. I am still contemplating the specific road to travel in the IT Security world and becoming an ethical hacker is one option. I plan on studying for some certification exams once my degree is complete. More to come on these tests later....stay tuned for more information on my Linux class coming up soon.

Continuing the Journey in IT Security

Yup, I'm still here. I'm not going to make any excuses for not writing for the past few months. So I will just get down to my current thoughts. I am continuing my IT Security classes at USF Polytechnic. I have about one year left before graduating with a BSAS-IT with an information security specialization. I am now focusing on the security classes which include Cryptography, Network security and Firewalls and Information Security Management. So far, these classes are helping me learn more about the current security environment where I work as well as reinforcing topics that I feel knowledgable in such as virus protection and PC security. As I stated a few months ago, this blog will slowly turn into IT Security related information and I continue to immerse myself into this field. I love troubleshooting PCs but over the past couple of years, I have become passionate about protecting the network as well as personal PC protection. I have not really attempted any type of hacks in a lab setting but I may do that in the future since that is one way to see where your network is vulnerable. FYI: I do NOT recommend attempting to hack any other company or you might end up in jail like this guy. I guess that is all for now. My next post might be related to a recent homework example involving using AES encryption.

IT Security focus

Hello everyone,
I know I have not written on this blog since January and I do apologize. There have been a few changes in my life since then so I just have not had time to write any articles. RChase Computer Consulting is still going strong and I am currently evaluating the best avenue to further continue this blog. One of the my changes in my life is the career path that is seriously interesting me these days....IT Security. I am currently going back to school to finish a BS degree in IT Security and hopefully I will also complete the CISSP certification soon thereafter. Over the past few months, I have done some IT Security related projects at my job and I very much enjoy this area of IT. I plan on continuing to write on this blog but with an IT security focus. Mostly this means I will start to focus articles related to firewalls, virus protection, hacker attacks, and PC security. I will still continue to consult about PC upgrades and repairs but IT Security will be the focus going forward. Stay tuned for what I am learning about IT Security.

Google Redirect Virus Issues

Today I thought I would take a moment to discuss a serious issue that many of my friends and co-workers have experienced while doing Google web searches. There is something called the Google redirect virus which is an attack that hijacks Google search results and redirects the browser to unwanted malicious websites. The Google redirect virus is a well hidden malware program and its removal is nearly impossible under normal circumstances. Usually, TDL3 Rootkit or some other rootkit infection causes the Google redirect virus. It gets installed through a trojan horse and it hides your google search results and replaces them with spam advertisements or websites which promote malware or some other online scam. The Google Redirect Virus is not easily detected by Anti-virus programs and other security software and so its removal becomes even more difficult. By the way, it does not matter if you use Internet Explorer, Firefox or Google Chrome, the redirect virus affects all 3. Some people have even said that it affects other search engines such as Yahoo and Bing. I have only seen it affect Google searches.

I have come across this redirect virus over 30 times now and I've been able to clean it everytime. It is very difficult to clean manually so I recommend using an application known as
FixRedirectVirus - a particular application which has been developed by a computer technician within the UK to eliminate the redirect virus on your computer. The owner of the software is so confident that the procedure will work that he is offering a 60 day full money-back guarantee. It may be worth it to get this issue resolved as fast as possible before it gets worse.

Computer Blogs - Blog Catalog Blog Directory My Zimbio Privacy Policy