Optrics Insider – Remote Patching, COVID-19 Spam Email & CMR vs SMR NAS Hard Drives

Join Scott Young and Shaun Sturby from Optrics Engineering as they discuss work from home PCs and patches, the notable increase in COVID-19 related spam emails as well as CMR (conventional magnetic recording) vs. SMR (shingled magnetic recording) hard drives and what you need to consider when using either for network attached storage (NAS) devices.

Scott:

Shaun keeps tabs on what’s going on out in the IT world largely from a security and IT management perspective and I know you share these with our staff at our weekly meeting so we thought we’d do the same with you guys and pass those tips on so so what are the top three things you’re seeing out there this week Shaun?

Shaun:

The first thing that I want to talk about is all of these work from home pcs and patches. Last week was Patch Tuesday and Microsoft released about a hundred and twenty different patches. Lots were against Microsoft Office and the critical one was the one related to a remote code execution or RCE as it’s called in the industry. In this particular case it’s a malformed font, so if you’ve received an email or a document that has one of these malformed fonts you can open the document somewhere hidden in it will be one of these malformed fonts and when your PC goes to go and take a look at that font it’ll actually execute the malware writer’s code. So now your computer is not your computer it’s been joined to some sort of a botnet and possibly could be used for doing you know other things like sending out more malware or sending out spam. So if it’s a corporate owned device we definitely want to adopt it into our regular patching schedule but what about people working from home using their own pcs? Are they all patched and up-to-date and what about the other devices such as tablets and cell phones?

Scott:

Well that’s a good question and usually the patching tool that we recommend is ManageEngine’s Desktop Central, but there’s lots of different options out there and I think also F-secure, which is the antivirus, allows you to also keep an eye on on …

Shaun:

… and can push up patches.

Scott:

Okay that’s good to know. The other question I want to throw out there to people watching is with respects to employees who are using their own personal computers at home is the question you’re giving them access to your network and you’re also assuming perhaps that they have a patched computer and the question is what standards are you wanting the home users to have in terms of even being up-to-date on Windows 10 and not being on end-of-life Windows 7 or XP. What the patching expectations are? I guess to a certain degree you can’t force employees to do things on their own personal computers but you certainly can set standards and offer a work computer to connect to your network so something to think about. It’s just that what your organization’s policy is going to be around the use of personal computers to access the network the corporate network.

So let’s talk about the the second thing that you’re seeing out there.

Shaun:

The other interesting thing was around spam messages. Google reported that they saw more than 18 million daily malware and phishing emails specifically related to COVID-19 last week and this was on top of 240 million daily messages that were more generic coronavirus spam. These are scams related to personal protective equipment you know you want to buy the masks or the face shields or the other one a cure. Some these spammers are taking advantage of people’s fear to try and sell them the cure for this COVID-19.

Now in this case, Google’s reporting on what they see so these were also sent to Gmail addresses and Gmail for business addresses. The question to ask is how many of your users are implementing “shadow IT” and are using their personal Gmail addresses for work now? Google’s doing a great job at stopping all of these messages, but what if one sneaks through? Would your users be able to recognize spam messages? What kind of training do you have and while we are definitely keeping them up to speed on at the office, what about on their home email accounts? Do we want to reach out to them and you know offer to take a second look at spammy messages and say “yes we agree this is spam you should delete it”.

Scott:

I know that’s something that our staff are pretty good at anytime there’s a questionable email. They’re pretty good at sending it to you and and making sure you give it the thumbs up or a thumbs down, but that’s also a fair point that it’s easy when it’s internal email but wanted to personally use email that’s being used not just for themselves but also for the organization. Don’t let your guard down people make sure you double-check.

What’s the final thing that you’re seeing out there Shaun?

Shaun:

There was an article here recently about CMR vs. SMR or what are called “conventional magnetic recording” hard drives and “shingled magnetic recording” hard drives specifically being used in NAS, or network attached storage, computers or devices. So what’s the difference between a conventional magnetic recording hard drive and a shingled magnetic recording hard drive? Basically the shingled magnetic recording is overwriting and putting the tracks together on the hard drive a lot closer together and they can do that those tricks to do that and it’s great for getting more capacity in the same footprint for archive or cold storage type drives. What happened though was they did not disclose that they were using the shingled magnetic recording on drive specifically marketed towards network attached storage or NAS drive systems.

So people were finding that initially if you put in a bunch of hard drives they would work fine, but it was only when you went to replace one because of a failure or some other issue that the way the shingled magnetic recording drives (SMR drives) work they, especially if it was like a mixed environment where you had half of them were conventional and half of them are shingled, they don’t work the same way, they time out it takes a lot longer for them to do that process of rewriting the data much tighter together and so they were getting a lot of RAID rebuild errors. Well that’s a problem, so the industry is now demanding that the manufacturers completely disclose whether or not, especially for you know what’s critical storage, if they are using conventional magnetic recording or shingled just so that the buyer is aware and they can make that informed decision.

Scott:

I can see there’s a lot of most likely frustrated Network admins and IT staff who are trying desperately to make sure all their data is backed up and then they’re getting all these errors and they don’t don’t know why and it seems to me often it’s that thing you’d never think about or something new or that when you’re trying to troubleshoot something it’s just you’ve gone through all the checklists of things and and whether it shingled or not it’s probably the last on your list.

Shaun:

So that does highlight that you know to do it back up properly you have to have three copies in two different media in different locations.

Scott:

Right, fair enough well interesting okay anything else you want to add or or those are the top three things IT people should know this week?

Shaun:

No, those are the highlights that I had seen this week so I’m sure that there will be many many more things over the next week.

Scott:

Thanks for keeping your ear to the ground Shaun, much appreciated. I hope everyone found this discussion helpful and gave you some ideas some things to think about when it comes to patching computers, especially coming up with some sort of a plan or policy for your organization.

Watch out for the COVID spam. I’m sure you’ve seen it lots but not just for your work email addresses but personally email addresses and make sure your staff know what not to click and then finally pay attention to the type of hard drive you have especially for your for your critical backups.

Well thanks, Shaun much appreciated and if you found this use this video and interview useful please like, share and subscribe. If there is also if there’s a topic that you would find interesting that you’d like us to discuss down the road please put those in the comments we’d love to hear from you and of course if you have a question don’t hesitate to reach out to us through our website www.Optrics.com.

Have a great week, stay safe bye for now.

About the Author: Shannon Lewis

Leave a Reply

%d bloggers like this: