Securing Your Network Against Ransomware

Ransomware spiked in 2024, with attacks like LockBit 3.0 hitting small and mid-sized businesses hard, costing millions in downtime and recovery. Sysadmins, securing your network is non-negotiable in this threat landscape.

The Issue: Phishing emails and unpatched vulnerabilities (like those in outdated VPNs or Windows Server 2016) let ransomware slip through, encrypting critical data and halting operations.

Quick Fix:

1. Patch Religiously: Use tools like SCCM or Intune to auto-deploy updates for OS and apps. Prioritize CVEs with high severity (e.g., CVE-2024-29847).

2. Segment Networks: Isolate critical systems with VLANs to limit ransomware spread. Use pfSense or Cisco for easy setup.

3. Backup Smart: Follow the 3-2-1 rule (3 copies, 2 local, 1 offsite). Test restores monthly with Veeam or rsync.

 Tip: Deploy an EDR solution like CrowdStrike Falcon for real-time threat detection. It’s a game-changer for catching ransomware early. 

UPDATED: How to Deploy EDR you can read here : https://reydmanit.blogspot.com/2025/01/deploying-crowdstrike-falcon-for-real.html

Ninite.com - download commonly installed programs all at once when setting up a new computer.

 Ninite.com is a free and user-friendly service that simplifies the process of installing and updating commonly used software on Windows computers. It is particularly popular among IT professionals and everyday users because it saves time and eliminates the hassle of downloading and installing applications individually.

Key Features:

1. Batch Installation:

   • Ninite allows you to select multiple applications from its list of supported programs.
   • It then creates a custom installer that installs all the selected applications in one go.

2. Automatic Settings:

   • Ninite installs software with default settings.
   • It automatically declines any offers for toolbars or additional software (often included in installers as "bloatware").

3. No Manual Interaction:

   • Once you start the installation process, it requires no further input. You can leave it running unattended.

4. Automatic Updates:

   • Ninite checks for the latest versions of the selected applications and installs them, ensuring that you always have up-to-date software.

5. No Administrator Privileges Required for Basic Users:

   • Standard users can use Ninite to install or update applications without needing admin rights (if the software allows non-admin installations).

6. Supported Applications:

   • Ninite supports a wide range of popular applications, including web browsers (Chrome, Firefox), messaging apps (Skype, Zoom), media players (VLC), utilities (WinRAR, 7-Zip), developer tools, antivirus programs, and more.

7. Safe and Trusted:

   • Ninite downloads software directly from official sources and verifies digital signatures to ensure safety and authenticity.

8. Pro Version for IT Professionals:

   • Ninite Pro offers advanced features such as remote management, automatic deployment across networks, and integration with IT tools, making it a valuable resource for IT administrators.

How It Works:

1. Visit Ninite.com.
2. Select the applications you want to install or update.
3. Download the custom installer.
4. Run the installer on your computer, and Ninite takes care of the rest.

Advantages:

• Saves time, especially during system setups or when managing multiple machines.
• Eliminates unnecessary add-ons and bloatware.
• Reduces the complexity of keeping software up-to-date.

Limitations:

• Only supports Windows systems.
• The list of available applications is limited to popular software; not all programs are included.
• Advanced features are restricted to Ninite Pro, which requires a subscription.

Ninite is a simple yet powerful tool, particularly useful for IT professionals managing several devices or anyone looking for a hassle-free way to install and update software.

Golden rule 16

 Maintain Clear Change Management

Meaning:
Document, review, and control all changes to systems, configurations, networks, and applications to prevent unexpected issues and ensure smooth operations.

Why it matters:

1. Reduces downtime: Proper planning avoids service interruptions.

2. Minimizes errors: Reviewing changes helps catch mistakes before they affect users.

3. Ensures accountability: Tracks who made changes and why.

4. Supports troubleshooting: Documentation makes it easier to trace problems back to specific changes.

5. Complies with policies: Many organizations and regulations require documented change management.

Best Practices:

• Require approval for critical changes before implementation.

• Maintain a change log with details, dates, and responsible personnel.

• Test significant changes in a staging environment first.

• Communicate planned changes to affected users or teams.

• Review and update change management processes regularly.

📘 Recommended Resources on IT Change Management

1. Atlassian – IT Change Management: ITIL Framework & Best Practices
   This guide provides an overview of IT change management, emphasizing the importance of minimizing disruptions while making changes to critical systems and services. It discusses the ITIL framework and best practices for effective change management.
   👉 Read more here https://www.atlassian.com/itsm/change-management?utm_source=chatgpt.com

2. SolarWinds – Change Management Best Practices for ITSM
   This article explores five ITSM change management best practices that enhance change management in a digital environment, including defining a change management policy and streamlining change review and approval processes.
   👉 Explore the article https://www.solarwinds.com/itsm-best-practices/itsm-change-management?utm_source=chatgpt.com

3. NinjaOne – A Complete Guide to IT Change Management
   This documentation serves as an audit trail, allowing organizations to review the entire change process, identify any deviations, and learn from past experiences to continuously improve risk mitigation strategies.
   👉 Learn more here https://www.ninjaone.com/blog/it-change-management/?utm_source=chatgpt.com

4. Faddom – The Top 11 IT Change Management Best Practices
   This resource provides tips on developing a clear change management policy, using a centralized change request system, deploying smaller releases to reduce risk, and fostering communication and collaboration.
   👉 Dive into the details https://faddom.com/it-change-management-best-practices/?utm_source=chatgpt.com

5. N-able – ITIL Change Management: Processes, Best Practices, and Tools
   This article discusses ITIL change management processes, best practices, and tools to minimize risks and secure IT infrastructure, highlighting the importance of automating workflows to reduce errors and improve efficiency.
   👉 Read the full article https://www.n-able.com/blog/effective-itil-change-management-minimize-risks-and-secure-it-infrastructure?utm_source=chatgpt.com

Golden Rule 15

 Follow the Principle of Least Privilege

Meaning:
Give users, applications, and services only the minimum access rights necessary to perform their tasks. Avoid granting unnecessary permissions.

Why it matters:

1. Improves security: Reduces the risk of accidental or malicious misuse.

2. Limits damage: If an account is compromised, the potential impact is minimized.

3. Enhances compliance: Many regulations require strict access controls.

4. Reduces human error: Users can’t accidentally modify or delete critical systems or data.

Best Practices:

• Review permissions regularly and remove unnecessary access.

• Apply role-based access control (RBAC) where possible.

• Avoid giving admin/root privileges unless absolutely required.

• Use temporary elevated privileges only when needed.

• Audit and log access to sensitive systems for accountability.

  PoLP in the Context of ITIL

  While ITIL (Information Technology Infrastructure Library) doesn't explicitly define the Principle of Least Privilege, it emphasizes the importance of security and access control within its processes.

  Relevant ITIL Processes:

  • Change Management: Ensures that changes to IT services are made with minimal risk and disruption. Implementing PoLP can prevent unauthorized changes and reduce potential security vulnerabilities.

  • Access Management: Focuses on granting authorized users the right to use a service while preventing access to unauthorized users. PoLP is integral to this process, ensuring users have only the access necessary for their roles.

  • Information Security Management: Aims to protect the confidentiality, integrity, and availability of information. Adhering to PoLP helps in safeguarding sensitive data and systems.

  
  
  

GoldeN Rules- 14

 Monitor Systems Continuously

• Meaning:
  Keep a constant eye on servers, networks, applications, and critical systems to detect performance issues, errors, or security threats before they impact users or business operations.

  Why it matters:

  1. Early problem detection: Catch issues before they escalate into outages or data loss.

  2. Improves reliability: Ensures systems run smoothly and efficiently.

  3. Enhances security: Detect suspicious activity or breaches in real time.

  4. Optimizes performance: Helps identify bottlenecks or underused resources.

  5. Supports planning: Provides data for capacity planning and infrastructure improvements.

  Best Practices:

  • Use monitoring tools like Nagios, Zabbix, PRTG, or built-in cloud monitoring.

  • Set up alerts for critical thresholds (CPU, memory, disk usage, network traffic).

  • Track logs and events regularly for anomalies.

  • Analyze historical trends to anticipate future issues.

  • Review and adjust monitoring configurations as systems evolve.

  My personal Recommendations:

  1. Atera

  • Overview: Atera is an all-in-one IT management platform designed for Managed Service Providers (MSPs) and IT departments. It integrates Remote Monitoring and Management (RMM), patch management, and help desk functionalities.

  • Key Features: Automation, ticketing system, real-time monitoring, and reporting.

  • Ideal For: Organizations seeking a unified solution for IT operations.

  • Learn More: Wikipedia

  2. Wiz

  • Overview: Wiz is a cloud security platform that provides comprehensive visibility into cloud environments, identifying vulnerabilities and misconfigurations.

  • Key Features: Agentless scanning, risk assessment, and compliance monitoring.

  • Ideal For: Enterprises operating in multi-cloud environments.

  • Learn More: wiz.io

  
  

  • For comprehensive monitoring: PRTG Network Monitor offers an all-in-one solution suitable for various IT infrastructures.

  • For AI-driven insights: Dynatrace provides advanced observability with its AI-powered Davis engine.

  • For open-source flexibility: Zabbix allows extensive customization to meet specific monitoring needs.

  • For cloud-native environments: Datadog excels in monitoring cloud-scale applications and infrastructure.

  
  
  
  
  
  
  
  
  

• 
  

Microsoft Addresses Issues in Windows 11 Build 26052. You may loose data.

 Microsoft recently released an update for Windows 11 build 26052, addressing several critical issues that users have encountered since its release. Among the most notable problems was a bug that caused a significant amount of data to be deleted during a rollback of the version from the PC.

The company acknowledged that rolling back to previous Dev or Canary builds could result in damage to Dev Drives and potential data loss. Consequently, users are strongly advised to create backups of the contents of Dev Drives before attempting a rollback to mitigate any potential loss.

Interestingly, some users had already experienced this bug before Microsoft officially published the update, underscoring the urgency of the issue.

In addition to the data loss bug, Microsoft identified another significant issue in build 26052: a flaw causing the Settings app to crash. Specifically, problems arose with the "Display connection" section, which displayed incorrectly, leading to crashes when navigating from "Settings" to "System" > "Display" > "Graphics". To address this, Microsoft announced plans to remove this section entirely in a future release.

Moreover, users installing Windows 11 build 26052 reported encountering various other issues. Green screens appeared upon launching popular games, streaming content playback in Microsoft Store apps encountered problems, and users encountered black screens during installation.

In a positive development, Microsoft had previously confirmed the inclusion of a public preview version of "Sudo for Windows" in build 26052. This announcement marks a significant milestone, as the company has made the sudo utility project available on GitHub under the open-source MIT license. Notably, "Sudo for Windows" marks its debut 44 years after the release of the first version of sudo on 4.1BSD.

As Microsoft continues to address these issues and enhance the Windows 11 experience, users are encouraged to stay updated with the latest releases and patches to ensure optimal performance and security.

Writing Effective ChatGPT Prompts: Best Practices and Character Choices

ChatGPT, powered by OpenAI's powerful language model, offers a versatile tool for natural language interactions. Crafting effective prompts is crucial to obtain the desired responses from the model. This short article outlines best practices for writing ChatGPT prompts and discusses the choice of characters.

1. Clarity and Context:

Begin your prompts with a clear and concise statement to provide context for the desired response. Clearly communicate the information you seek, allowing the model to better understand and generate relevant content.

Example:

Unclear: "Tell me about it."

Clear: "Describe the environmental impact of renewable energy sources."

2. Use Specificity:

Be specific in your prompts to guide the model toward more precise responses. If you're looking for detailed information or answers, ask questions that require specific knowledge.

Example:

Vague: "Discuss technology."

Specific: "Explain the key features and benefits of blockchain technology."

3. Be Mindful of Context Length:

ChatGPT has token limits, so it's essential to consider the length of your prompt. If your prompt is too lengthy, the response may be cut off. Aim for concise and well-structured queries.

Example:

Long: "In the following paragraph, analyze the societal impacts of advancements in artificial intelligence, including both positive and negative aspects."

Concise: "Discuss the societal impacts of AI advancements."

4. Avoid Unnecessary Complexity:

While it's crucial to be specific, avoid overly complex or convoluted prompts. Simplicity often leads to better comprehension by the model.

Example:

Complex: "Elaborate on the intricate interplay between technological innovation and socio-economic evolution in the modern era."

Simple: "Explain how technology impacts society."

5. Character Choices:

Choose characters that align with the context of your prompts. Backslashes and forward slashes can generally be used interchangeably, but be aware of any special characters that may have specific meanings in your programming context.

Example:

Neutral: "Tell me about your hobbies."

Context-Specific: "Describe your favorite programming language (e.g., Python)."

Conclusion:

Writing effective ChatGPT prompts involves balancing clarity, specificity, and conciseness. By adhering to these best practices, you can enhance your interactions with the model and obtain more relevant and coherent responses. Experiment with different prompts to find the style that works best for your specific use case, and always stay mindful of the unique characteristics of the language model you are working with.

Written by AI )