Codechef4u is a community for computer professionals,by computer professionals,just like you; who loves sharing and helping each others,Join them
Share your post

Preventive guidelines to stay safe from Wannacry Ransomware or any other cyber-attack

Preventive guidelines from Wannacry Ransomware or any other cyber-attack


Previously I shared around seven post on computer and web security, toady I am sharing this post on latest hot topic Wannacry Ransomware attack and prevention. You can use these guidelines as preventive steps for any other cyber-attacks. Before sharing all steps, I will explain some security terms related to cyberattack.  

What is malware?

This is type of virus(software) which is specifically designed to disrupt, damage, or gain authorized access to a computer system.

What is Ransomware?

This is a malicious software designed to block access to a computer system until a sum of money is paid, Software uses cryptovirology that blocks access to data until a ransom is paid and displays a message requesting payment to unlock it.

What is cryptovirology:

Cryptovirology is a field that studies how to use cryptography to design powerful malicious software.

What is Wanna Cry Ransomware?

A type of virus that infect computers, and then prevent the user from accessing the operating system, or encrypts all the data stored on the computer,
The user asks the ransom to pay a fixed amount of money, as opposed to decrypting files or allowing access again to the operating system.

Top 10 Preventive Measures from Wannacry malware or any other cyber-attack,

    1.  Keep your computers updated

Most cyberattacks targets out-of-date systems frequently, best example is WannaCrypt ransomware worm.

a.      Best preventive measure is keep your computer updated.

b.      Keep all security software’s updated, if you are using any third-party security software/tool keep that updated. 

c.       Keep all your important software’s updated.

Almost all infected computers from Wannacry Ransomware are not updated with Microsoft latest security update or using old XP,2003 operating systems.

Microsoft guidelines to prevent Wannacry are,

To prevent infection, users and organizations are advised to apply patches to Windows systems as mentioned in Microsoft Security Bulletin MS17-010.

https://technet.microsoft.com/library/security/MS17-010

For those using Windows Defender, please use following update

https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt

 2.  Create an internal policy

a.      Create data and internet use policy for your employees.

d.      Cerate policy for employees to avoid clicking spam and harmful links/fraudulent messages in email or using a poor password.

e.      Avoid using untrusted videos and attachments from emails and websites.

f.        Ensure integrity of the codes /scripts being used in database, authentication and sensitive systems, check regularly for the integrity of the information stored in the databases.

g.      Restrict users install and run unwanted and not trusted software applications.

h.      Make policy for remote connections and least privileged users.

 

  3.  Regular important data and files backup

 Keep your files backed up regularly and periodically, that includes important database,  software, files/documents backup.

  4.  Security software and required security tools

Its recommended to use Firewalls, network security tools and anti-virus software’s.

  5.  Safe web browsing and external data policy

a.      Block harmful and not trusted website in your network or computer.

b.      Follow safe practices when browsing the web. Ensure the web browsers are secured enough with appropriate content controls.

c.       Deploy web and email filters on the network, Scan all emails, attachments, and downloads both on the host and at the mail gateway with a reputable antivirus solution.

d.      Implement strict External Device (USB drive) usage policy.

  6.  Employee awareness, education and knowledge sharing about information and data  security

a.       Be aware of fraudulent and fake advertise/spam e-mail messages that use names like popular services such as PayePal like PayPal,google like gogle or use popular service names without commas or excessive characters.

b.      Educate employee about data security and security flaws.

c.       Educate people how to use your business system and company data.

d.      Restrict execution of not trusted powershell /WSCRIPT, executable code and Disable macros in MS Office products.

  7.  Hire security experts

a.      There is not a single software\tool available in market with 100% secure, invest in security experts that helps to prevent your business from security risks.

b.      One of the best ways for you to discover if there are any holes or security risks present in your infrastructure is to hire a security consultant.

 

  8.  Create strong passwords and change them frequently

a.      Change your password frequently never use the same password for all your accounts, if you are doing that then you are inviting for attack.

b.      Try to create complex and unique passwords that combine numbers, symbols and other factors to ensure it is safe and secure.

  9.  Security review on your applications

a.      Review your web/mobile application security frequently.

b.      Penetration and full security testing is must for your web and mobile applications.

  10.  Ensure and confirm external links and messages

a.      Never click on a link that you do not trust on a web page and websites, never click links from social media that you do not trust.

b.      If you receive a message from your friend with a link, ask him before opening the link to confirm, (infected machines send random messages with links).

 

References:

https://answers.microsoft.com/en-us/windows/forum/windows_10-security/wanna-cry-ransomware/5afdb045-8f36-4f55-a992-53398d21ed07

http://www.business2community.com/cybersecurity/8-ways-businesses-can-prevent-cyber-attacks-01251164#CdjMTEc9iYyq2pqu.97

http://www.cyberswachhtakendra.gov.in/alerts/wannacry_ransomware.html

https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/#sm.001pbez1210y9d1510v9ukijwjrbf

My first application using Angular.js and Asp.net,Sql Server

Introduction 

In this post, I am going to explain in detail a sample example that will insert, update, delete, and display retrieved data using simple Asp.net,AngularJS Ajax and SQL Server.

sample application in detail with steps 

I will explain example in detail with some following steps

Step 1(Database code MS SQL Server)

MsSQL Table

Create Sql server simple table names Employee with columns ID, Name, Email, and Address.

Stored procedure:

Create stored procedure to retrieve data; here I created stored procedure to retrieve data only

To insert, update, and delete operation I am going to use parameterized inline query but I recommend using stored procedure or entity framework for it.

Stored procedure to retrieve data

CREATE PROCEDURE
[dbo].[GetAllEmployees_SP]  
AS
BEGIN
   SELECT
            [ID] ,
            [EmployeeName] as Name,
            [Email] as EmailID,
            [Address]
            FROM [dbo].[Employee] Where DeletedDate is null
END

Step 2(Angular JS View):

AngularJS View and Asp.net UI mix code

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
    <script src="http://ajax.googleapis.com/ajax/libs/angularjs/1.4.8/angular.min.js"></script>
    <script src="Content/js/Employee.js"></script>
</head>
<body>
 
    <form id="form1" runat="server">
     <div ng-app="myApp" ng-controller="myEmpCntrl">
        <table border="1" cellpadding="10" align="center" class="table table-bordered table-striped">
            <tr>
                <td colspan="4">
                <table>
               <tr>
                <td>              
                </td>
                <td> Name:
                <input type="text" id="txtEmpName" ng-model="EmpName" />
                </td>
                <td>
                   Email:
                <input type="text" id="txtEmpEmail" ng-model="EmpEmail" />
                </td>
                <td>
                 Address:
                  <input type="text" id="txtEmpAddress" ng-model="EmpAddress" />
                </td>
              </tr>
               <tr>   
               <td colspan="3" style="text-align:right">  
                 <button ng-click="Save()">Save</button>              
                </td>
               </tr>
                </table>
             </td>
            </tr>
            <tr>
                <th>
                    Employee Id
                </th>
                <th>
                    Employee Name
                </th>
                <th>
                    Address
                </th>
                <th>
                    Email Id
                </th>
            </tr>
            <tr ng-repeat="emp in Employees|orderBy :'Name'">
                <td>
                    <input type="text" id="Text2" ng-model="emp.Id" />
                </td>
                <td>
                     <input type="text" id="Text1" ng-model="emp.Name" />
                </td>
                <td>
                    <input type="text" id="Text3" ng-model="emp.Address" />
                </td>
                <td>
                    <input type="text" id="Text4" ng-model="emp.EmailId" />
                </td>
                <td>
                    <button ng-click="Update(emp.Id,emp.Name,emp.Address,emp.EmailId)" >Update</button>
                    <button ng-click="Delete(emp.Id)" >Delete</button>
                </td>
            </tr>
            <tr>
                <td>
                    <button ng-click="fillList()" >Refresh</button>
                </td>
                </tr>
        </table>
 
            </div>
    </form>
</body>
</html>

Setp 3(AngularJS Controller And Model Code)

AngularJS Controller and Ajax Code (Employee.js fie)

// Angular app bootstrap start here
var app = angular.module("myApp", []);
//Angular controller
app.controller("myEmpCntrl", function ($scope, $http) {
//Angular  $scope and model data
    $scope.EmpID = 0;
    $scope.EmpName = "";
    $scope.EmpAddress = "";
    $scope.EmpEmail = "";
 
    // Angular Ajax function  used to Create or insert data in to employee table
    $scope.Save = function () {
        var httpreq = {
            method: 'POST',
            url: 'Default.aspx/Create',
            headers: {
                'Content-Type': 'application/json; charset=utf-8',
                'dataType': 'json'
            },
            data: { EmpName: $scope.EmpName, EmpAddress: $scope.EmpAddress, EmpEmail: $scope.EmpEmail }
        }
        $http(httpreq).success(function (response) {
            $scope.fillList();
            alert("Saved successfully.");
        })
    };
 
    // Angular ajax function deletes employee data for selected employee
    $scope.Delete = function (EmpId) {
        if (confirm("Are you sure want to delete?")) {
            var httpreq = {
                method: 'POST',
                url: 'Default.aspx/Delete',
                headers: {
                    'Content-Type': 'application/json; charset=utf-8',
                    'dataType': 'json'
                },
                data: { ID: EmpId }
            }
            $http(httpreq).success(function (response) {
                $scope.fillList();
                alert("Deleted successfully.");
            })
        }
    };
 
    // Angular ajax function update Employee data
    $scope.Update = function (EmpId, EmpName, EmpAddress, EmpEmailId) {
        if (confirm("Are you sure want to Update?")) {
            var httpreq = {
                method: 'POST',
                url: 'Default.aspx/Update',
                headers: {
 
                    'Content-Type': 'application/json; charset=utf-8',
                    'dataType': 'json'
                },
                data: { ID: EmpId, EmpName: EmpName, EmpAddress: EmpAddress, EmpEmail: EmpEmailId }
            }
            $http(httpreq).success(function (response) {
                $scope.fillList();
                alert("Updated successfully.");
            })
        }
    };
 
    //Angular ajax function retrieve and display employee data in table
    $scope.fillList = function () {
        var httpreq = {
            method: 'POST',
            url: 'Default.aspx/GetEmployeeList',
            headers: {
                'Content-Type': 'application/json; charset=utf-8',
                'dataType': 'json'
            },
            data: {}
        }
        $http(httpreq).success(function (data) {
 
            $scope.Employees = data.d;
 
        })
    };
    $scope.fillList();
});

 

Step 4(Asp.net Server side call to database)

Asp.net Server side Code

 

    //Employee class
    public class Employee
    {
        public int Id { get; set; }
        public string Name { get; set; }
        public string Address { get; set; }
        public string EmailId { get; set; }
 
    }

 

        //Web method is used to insert employee data into Employee table
        //using sql parameterized query
        [System.Web.Services.WebMethod()]
        public static void Create(string EmpName, string EmpEmail, string EmpAddress)
        {
            var constring = GetConnectionString();
            using (SqlConnection con = new SqlConnection(constring))
            {
                using (SqlCommand cmd = new SqlCommand())
                {
                    cmd.Connection = con;
                    cmd.CommandText = "INSERT INTO Employee (EmployeeName,Email,Address) values (@EmployeeName,@Email,@Address);";
                    cmd.Parameters.AddWithValue("@EmployeeName", EmpName);
                    cmd.Parameters.AddWithValue("@Email", EmpEmail);
                    cmd.Parameters.AddWithValue("@Address", EmpAddress);
                    con.Open();
                    cmd.ExecuteNonQuery();
                    con.Close();
                }
            }
        }
 
        //Web method is used to delete employee data from Employee table
        //using sql parameterized query
        [System.Web.Services.WebMethod()]
        public static void Delete(int ID)
        {
            var constring = GetConnectionString();
            using (SqlConnection con = new SqlConnection(constring))
            {
                using (SqlCommand cmd = new SqlCommand())
                {
                    cmd.Connection = con;
                    cmd.CommandText = "UPDATE Employee SET DeletedDate=Getdate() WHERE ID=@ID;";
                    cmd.Parameters.AddWithValue("@ID", ID);
                    con.Open();
                    cmd.ExecuteNonQuery();
                    con.Close();
 
                }
            }
        }
 
        //Web method is used to Update employee data into Employee table
        //using sql parameterized query
        [System.Web.Services.WebMethod()]
        public static void Update(int ID,string EmpName,string EmpAddress,string EmpEmail)
        {
            var constring = GetConnectionString();
            using (SqlConnection con = new SqlConnection(constring))
            {
                using (SqlCommand cmd = new SqlCommand())
                {
                    cmd.Connection = con;
                    cmd.CommandText = "UPDATE Employee SET EmployeeName=@EmployeeName,Email=@Email,Address=@Address WHERE ID=@ID;";
                    cmd.Parameters.AddWithValue("@ID", ID);
                    cmd.Parameters.AddWithValue("@EmployeeName", EmpName);
                    cmd.Parameters.AddWithValue("@Email", EmpEmail);
                    cmd.Parameters.AddWithValue("@Address", EmpAddress);
                    con.Open();
                    cmd.ExecuteNonQuery();
                    con.Close();
                }
            }
        }
 
        //Web method retrieves data from sql server table
        [System.Web.Services.WebMethod()]
        public static List<Employee> GetEmployeeList()
        {
            var constring = GetConnectionString();
            List<Employee> Employees = new List<Employee>();
            DataSet ds = new DataSet();
            using (SqlConnection con = new SqlConnection(constring))
            {
                using (SqlCommand cmd = new SqlCommand("GetAllEmployees_SP", con))
                {
                   cmd.CommandType = CommandType.StoredProcedure;
                    using (SqlDataAdapter da = new SqlDataAdapter(cmd))
                    {
                        da.Fill(ds);
                    }
                }
            }
 
            if (ds != null && ds.Tables.Count > 0)
            {
                foreach (DataRow dr in ds.Tables[0].Rows)
                    Employees.Add(new Employee()
                    {
                        Id = int.Parse(dr["ID"].ToString()),
                        Name = dr["Name"].ToString(),
                        Address = dr["Address"].ToString(),
                        EmailId = dr["EmailID"].ToString()
                    });
            }
            return Employees;
        }
 
        //connection string
        public static string GetConnectionString()
        {
            string constring = ConfigurationManager.ConnectionStrings["C4Example"].ConnectionString;
            return constring;
 
        }

 

Google Angular 2 finally arrives

In 2010 Google and its developers introduced cool web development JavaScript framework AngularJS to world; it quickly became one of the hottest web technologies. Last night (on 15 Sep 2016) finally Google released most awaiting and excited version of Angular 2 rewritten with Microsoft's TypeScript, offers payload size and performance enhancements.