Protecting Data Against Malware

Before I proceed any further please be warned that you will need some knowledge of Linux to understand some of the finer points. Even if you don’t you may still be able to grasp the basic ideas. Also please note that the terms ‘folder’ and ‘directory’ are used interchangeably – the former tends to be used by Windows and the latter by Linux.

In recent times we have seen a rise in malware that attacks the user’s own data. Something like Cryptolocker will encrypt files on the user’s computer and then make a ransom demand to pay for the required unlocking code. Malware has been associated with big time crime for a long time now and yet I feel there is something more sinister about this than say stealing a person’s credit card details. In the case of the latter, it tends at least to be the bank that loses out (not that I am making any excuses – even if the banking industry is far too rich, theft is still theft!). On the other hand if you are a serious computer user, then your computer data is a highly valuable asset, be it your documents, photos or music collection, and to lose it could be very costly in terms of years of work or memories.

I am going to look briefly at the idea of installing a Linux server on your network and using certain features of Linux to protect files from being attacked from within the Windows network. The server can be used to store photos and music as well as data backups from your working computers. A relatively old machine will often suffice for this purpose, though you may need to install a decent sized hard drive (e.g. 1TB).

Here are some examples of things that can be done.

  1. Share a directory via Samba with read-only access. This is good for the likes of photos and music that will never need to be modified once uploaded. Material can be uploaded via either FTP or a hidden symbolic link (see item 3 below).
  2. Some files (e.g. data backups) may need to be regularly updated from a computer, in which case full read-write access will be required. Ideally there needs to be a way of hiding the folder from someone/something idly browsing the network, while still making the folder accessible to an application that knows its path. This can be done by placing the real folder inside a hidden folder on a read-write Samba share. Any file or directory whose name starts with a period ( ‘.’) is hidden in Linux, though when sharing via Samba it will be visible by default on the Windows network. To fully hide it you will need to add the following line in the settings for the given share within the smb.conf file and restart the Samba service.
    veto files = /.*/

    As a result, the folder being hidden will itself become invisible to anything or anyone browsing the network, but given the full path of the sub-folder (i.e. the real folder containing your data), it is still possible to make direct access from within Windows. (N.B. You can’t browse the hidden folder itself, even given its path, but you can browse any folder under it, given the full path thereof.)

  3. Following on from the above, you can also put a symbolic link inside a hidden directory, pointing it to a directory that is otherwise contained within a read-only share. This provides a secret ‘back door’ route to provide read-write access to an otherwise read-only folder.
  4. If you want to protect individual directories and/or files within a Samba share that is otherwise read-write, you can do so using Linux file permissions. The best way is probably to set the owner to ‘root’ and then set the permissions to 644 for data files or 755 for executables and directories.

On a final note, if you are making backups via a read-write link, make sure that your backup system keeps some sort of rolling history and not just a constant overwrite of the same files – otherwise malicious damage to data could go unnoticed and be copied to the one and only backup!

 

Secure Memorable Passwords

We all tend to have lots of internet passwords these days. Some of the security advice given includes:-

  1. Make your passwords strong with a good variety of different character types.
  2. Do not use the same password across multiple sites.

Whilst these are good guidelines it is all too easy to disregard these considerations simply to be able to remember one’s own passwords. What is the answer? I’d like to briefly share my own experience and a solution that I have come up with that has proved really helpful.

It is worth mentioning briefly that password managers can be very useful. Personally I use RoboForm, which although paid for, I find to be very good. For a modest annual subscription you can securely sync all your passwords across an unlimited number of devices. There are alternative programs available, probably both free and paid for.

I’m not going to describe my method of creating passwords in exact detail, as it might compromise my own security! I will however describe in broad principle how the idea works. The first thing is to think of a memorable number several digits long – maybe a phone number or a date of birth, but avoid using your own. I’ve got a few such numbers so that there is scope for changing a particular password if the need arises. Then take three letters from the name of the given web site, according to predefined rule that you have devised. These could just be the first three letters of the name or you could devise a slightly more complicated rule. Then mix the three letters with your memorable number according to another pre-defined rule. You then have what looks like a random password, but to you yourself is fully predictable. For extra password strength, you can consider things like making one of the letters uppercase and/or adding a non-alphanumeric character somewhere in the password.

Copying Photos to a Tablet

I have always been very hot on backing up computer data, even to the extent that when taking a camera on holiday I like to be able to back up my pictures to a separate device on a daily basis in case anything goes wrong with the camera or memory card. I have always resisted the idea of taking a laptop on holiday as computing is my livelihood and the laptop constitutes too much of a work item! As a result, when we got an iPad I bought a camera dongle to transfer photos on to the device from the memory card. Whilst this fulfils the need to back up the pictures and also makes them available for instant viewing, I find the whole setup on the iPad very user unfriendly in terms of organising and managing photos compared to a traditional desktop platform, added to which I have also found the camera dongles to be somewhat temperamental at times.

So maybe it is better to take the laptop away after all as a backup device, but even so it is good to be able to transfer the photos on to a tablet for viewing. As well as the iPad I now also have a Kindle Fire, an Android based device.

If photos are to be initially stored and organised on a computer, how then do we go about transferring them to a tablet? I’ve actually found it to be very easy, but there are a few useful things to consider.

File sizes. A tablet device will typically have much less storage space than a computer. At the same time a photo from a modern digital camera will have a pixel count much bigger than a tablet screen. For example a 12 megapixel camera with a 4:3 ratio will generate images of 4000×3000 pixels, whereas a full size iPad screen is only 2048×1536 pixels (i.e. only about 26% the size of the 12MP image). It would therefore make sense to reduce the size of each image for the purpose of uploading to a tablet. Personally I use IrfanView, which has a very good batch processing facility included, and it is free. I have always found that when saving JPEG images for screen viewing, saving at 90% quality gives a good compromise between storage size and quality.

Copying and syncing. On the Kindle Fire it has proved very simple. Just copy folders of photos from the computer directly into the “Internal Storage/Pictures” folder on the device and albums will immediately appear in the photos section with names corresponding to those of the associated sub-folders. With an iPad, the same can be done in principle but not by the same method of directly copying the folders. Instead you will need to use iTunes to carry out the synchronisation, but the end result is basically the same.

Photo order. The photos should normally display in chronological order (i.e. by date/time taken) and this is done using the Exif data from the files (standard metadata tags held in an image file). After uploading my photos I initially found that in some of the older albums there were a number of photos out of order. On further investigation it turned out that the offending items were those pictures that happened to be taken in portrait mode. This is because at the time, the images had been rotated by a method that caused the Exif data to be lost. Very frustrating but all is not lost. Exiftool is a very handy tool for editing the Exif data in a file. It is a command based utility and I have a written a small DOS batch file (download here) that uses it to resequence all the JPEG image files in a given folder. The batch file works on the assumption that the filename sequence matches the chronological order of the photos (likely to be the case more often than not). On running it you need to specify the folder and provide a date and base time. The image files are then all resequenced in one second increments. The batch file can easily be modified to do things differently if required. (N.B. The DOS command prompt still exists on the more modern versions of Windows!)

Hope there are some useful hints here. Enjoy your photos.

Why back up your data?

Do you need to back up your computer data? The short answer has got to be a definite ‘YES’. Let us have a look at some of the reasons why.

Firstly there are what one might describe as ‘ultimate’ threats such as fire and theft. To lose one’s home or business through fire, whilst still a measurable threat, is nevertheless a very rare event that is never going to happen to the vast majority of us. To fall victim to theft, whist still an uncommon event, is something that probably affects most of us at least once in a lifetime.

If however you are a regular computer user, then the loss of data due to computer related problems almost certainly will happen to you at some point. This might take the form of a hardware failure, malware attack or the accidental deletion or corruption of files. I’ve seen tragic cases over the years, such as a whole family losing years of work including the children’s school work, simply because the hard drive failed and there was no backup. This sort of thing is simply a threat that cannot be ignored. Continue reading “Why back up your data?”

Custom User Databases

One of the services that I offer in connection with web design and development is that of customised user databases. What exactly do I mean by that?

If your web site is developed using a content management system such as WordPress then it is driven by a database. This means that all the actual content of the site is stored in the database. This includes the menus, the text that goes into each page, the layout of each page and the links to all the images (though these themselves have to be uploaded as actual files). When you log on to the WordPress control panel, you are able to manage all this information via a user friendly interface, enabling you to create a page, edit a page, upload an image file, add a menu item etc.

If this is all you require then you really don’t need to worry any more about databases as the content management system looks after it all for you. On the other hand it may be that you need some database driven data in connection with a more specialised aspect of your site. Such data might be managed separately from the WordPress admin panel, but can still be managed in a user friendly way from a web based interface. The best way to explain this is to show a couple of examples from my existing sites.

Example 1 – Diary Schedule

You will find this on my church web site at http://www.longcroftchristianfellowship.org.uk/ under “Meetings & Events”. Here you will find a series of pages showing the schedule for the current and upcoming months with each month being laid out as a calendar page. Behind the scenes the meetings/events are stored in a single database table, with each meeting/event occupying a single record. Each record comprises a number of fields defining the various pieces of information relating to the item, e.g. date, time, description, venue, contact, and so on.

This may sound simple so far, but there is a lot more we can do. For example, because of the nature of this particular data, there is a lot of repetitive information that would become very tedious to type in every time, considering that in a typical week we have two Sunday services at fixed times and a Thursday night prayer meeting at a fixed time. To overcome this difficulty there is a separate database table that defines the activities within a typical week and month. Weekly meetings are referenced by the day of the week and time; monthly meetings are referenced by the week/day (e.g. 2nd Monday) and time. When we want to add a block of new months to the schedule, we visit a special admin page to carry out the operation. This page works by reading the schedule of typical weeks/months and automatically building the data for each month from this information. Once this is done, the user can then make any specific edits required – to add extra meetings, to delete ones that are not taking place and so on.

The admin interface can also make use of views. A view is basically a given subset of a full database table, so for example we can just look at the data for a given day of the week. This can be useful if for example we need to make the same edit to all instances of a particular meeting on a particular day. The database management facility also allows us to make the same edit simultaneously on a set of selected records in a single operation, thus saving tedious repetitive edits.

Example 2 – Family Tree

I have published my own family tree online and you will find this at http://www.andperry.co.uk/family-tree/. On initial consideration a family tree may seem quite a complex data structure, but in fact the way that it is linked together in a database can be very simple. Only two tables are actually needed to achieve this, as follows:-

  • People – This table contains a single record for each individual person in the tree. Each record contains all the information relating to the individual such as name, gender, birth details, death details and occupation.
  • Families – Each record essentially defines a husband/wife relationship and contains a link to the personal record for each partner. It is also possible for a record in this table to contain only one person if the details of the corresponding spouse are not known. Against each partner there is a family number which is normally set to 1, but enables a person to be included in more than one family record if he/she has been married more than once. Other items of information stored in this table include marriage details, a ‘divorced’ indicator and an ‘unmarried’ indicator.

The tree is built simply by including a field in each personal record creating a link to the family record that defines his/her parentage. Although the two tables provide the minimum requirement for building the tree, there is in fact a third table specifying all the place names in use. Because of the nature of a typical family tree, some place names will be used repeatedly, perhaps many times. Where a place name needs to be entered in a personal or family record, the web page for doing this takes the name from a drop-down list, which in turn is generated from the place name table. By requiring place names to be selected in this way, we can save typing and also minimise errors/inconsistencies when adding new data to the tree.

Conclusion

By using these two simple examples, I have hopefully given a little bit of an idea of what can be done with database applications. It is nevertheless a vast subject and there is virtually no limit to what you can do. If you have any specific requirements for your own web site then please do not hesitate to come and talk to me.