Welcome to the backup wrap up.

The only podcast dedicated to the underappreciated heroes of

the data center backup admins.

We're continuing our coverage of ransomware, and today we're

again talking about preventing it.

We'll cover a range of preventative measures including application

whitelisting and blacklisting, inventorying service accounts, restricting

risky services, and the importance of establishing relationships now with red

and blue teams as well as law enforcement.

Let's keep ransomware out of your environment.

By the way, if you don't know who I am, I'm w Curtis Preston, AKA, Mr.

Backup, and I've been passionate about backup and recovery for over 30 years.

Ever since.

I had to tell my boss that there were no backups of the

database that we had just lost.

I don't want that to happen to me ever again.

I don't want it to happen to you.

That's why I do this podcast.

Here we turn Unappreciated backup admins into Cyber Recovery Heroes.

This is the backup wrap up.

Welcome to the show.

Before we get started, I just want to ask you to press the follow or subscribe

button so that you can always get this show, whether you're following

on an audio format or on YouTube.

Uh, either way we'd love to have you.

I'm your host, w Curtis Preston, AKA, Mr.

Backup, and with me, I have my.

Non-standard air conditioning installer, sympathizer Prasanna Malaiyandi.

How's it going?

Prasanna?

I am doing well, Curtis, and here's a question.

Do you have working air conditioning as of this moment?

No,

I do have, it's, it's at 95%.

Um, I'm doing a very non-standard.

I'm installing.

One of those portable air conditioners, but I'm installing it up on the wall so

that, because where I live, you know, I have an HOA and they won't let me

put like a window unit air conditioner.

Right.

So I have the, you know, but I don't, I don't have a spot to put it on the

floor, so I'm mounting it up on the wall.

So it involves lots of heavy.

Brackets and things like that, and lots of, uh, literal sweat

equity and putting it up.

And sadly I put it up and then, as you know, uh, had to take it down and

put it up again because I neglected to account for the distance between the

exhaust port and the window oopsies.

Yeah, that's not good.

Oopsie.

Do you, did you also cut a hole for the cord?

I did, I cut a hole for the,

Okay.

I cut a and, and I cut a very nice hole, a very nice hole for the cord.

That was the, another mistake in the first version.

Uh, it's what happens when you're just sort of winging it, you know?

Like, oh, I just need a shelf.

I just need a shelf.

And some brackets, I bought some nice brackets, you know?

might I recommend,

Yeah.

I know it's like above like a bed and things like that, that

sometimes people sleep in.

Yeah.

I recommend telling people whenever they sleep to put their head on the

other side away from the AC unit?

Well, they can sit up.

No, no, no.

I'm

What

in case something falls.

are you questioning?

The structural integrity of my air conditioning unit.

no, but just say that there we live in California.

There might be an earthquake, it might be enough that it shakes off even

though you do have a lip to keep it in

Yeah.

I.

Yeah, I do have a lip to keep it in place.

saying that having a 65 pound or whatever air conditioner fall on your head is

probably a lot worse than a 65 pound air conditioner falling on your foot.

Uh, yeah, that's probably true.

That's probably true.

So, uh, but thanks for that image.

Um.

So we're gonna continue our series in ransomware.

Uh, this one is gonna be talking about ransomware prevention.

In terms of other things that we can do, we've already talked about,

um, the, you know, we've talked about protecting the backup server.

We've talked about the, the three things that everyone

should do to prevent ransomware.

What are those three things?

Prasanna?

Patch

Yeah.

Patch management.

password

Password management.

M-F-A-P-P-M.

if you're not using, um.

If you're not using MFA at this point, uh, you're gonna hear, it's

gonna come up again in this episode, but this is in addition to that.

In addition to all the stuff that you did to, to, you know,

this is assuming you did that.

What's the next step?

These are the, please do these things.

Um, it will also make it harder for you to be attacked by

ransomware and the, the first one.

could make it harder for you to also use things too.

What

It's

this, this is true, right?

A lot of times security is at war with usability,

Yep.

right?

Um, and I, I tell the following, uh, story, which I know I've told here

before, but I remember back when I first.

Um, you know, did backup software.

We used this lovely thing called RSH.

Right.

And all you had to have was, uh, you know, an entry in, uh,

I forgot the name of the file.

There was a file in the, the, you know, the, your, your, your home directory,

which even if it was root you, if you had that file, um, and, and it had

the name of the host you were coming from in that file, you could RSH.

As root without a password.

And, and I happen to know that one company where I, um, installed backup software.

One of the many that I did throughout the years, household name company.

Um, when I got there, they had RSH as root from every Unix

host to every other Unix host.

And this was like a major company.

yeah.

Um, why, why do I bring that up?

Um, it, it, you know, I, I just remember how much the security people hated that.

Right?

Yeah,

And, but, but lemme just finish.

But the reason was that the tool in question was our dump.

Our dump wouldn't work if you didn't, if you couldn't RSH

as root without a password.

Yeah.

Okay, so that's one side.

Now let's go to the other extreme, right where I think you've told a

story on the podcast before the one company you worked at where the network

people locked down every single server.

yeah, yeah.

It was the most secure company that I'd ever worked at.

It was the complete opposite of that other company and, um,

where we, we were prepping for Y 2K and that they were really.

It was, it was a very secure environment where they did, they did all the

things that we asked people to do and, and you weren't able to get

from one server to another server.

It's like, the question was, why do you need to get from server A to server B?

Right?

Uh, you, you needed a reason to be able to communicate between those

two servers and then they would open up only the port that you needed.

And I was the, the one crazy guy that, you know, my server needed

to talk to all the servers because.

Backup.

And they didn't like that, and they kept trying to shut it down.

And then, and, and then they, and then they kept trying

to like sniff the problem.

The problem with net backup, uh, well, one of the problems with net backup is

that it uses a random series of ports.

And, um, so they did not like that and they kept shutting things down.

And Yes, uh, it, it just, it was, uh, so let's just say this.

This thing of security, being at war with usability is not, it's not a new problem.

Yep.

Um, and the first thing that I want to talk about it, it's just something that

I want you to think about because as I recall the last time you and I talked

about it, I think you were against it.

Um.

And, and, and we'll, we'll see.

Um,

yeah.

that is this concept of application white listing.

Uh, and in my notes, I have this as the silver bullet.

And why do I say that?

And we can argue as to whether or not it's a good silver bullet.

But why do I say it's a silver bullet,

Because you're basically restricting what runs in the environment.

right?

I.

you control what runs, then there's less likelihood that you will be

using something that is malicious.

Right, right.

So if we, if we say only, you know, Microsoft Word and SQL Server and

SharePoint are the only things that are allowed to run on this box.

If there's something other than that malware based, then it just

won't be able to run because it's not whitelisted, right?

Yeah.

It is a giant pain in the butt.

Geez.

Can, can we agree that application white listing is a giant pain in the butt?

What do you think?

Yeah.

No, I agree.

Yeah.

Is it however, something that we should think about in certain circumstances?

For example, if you have a very well, uh, understood.

End user community, that they all use the same 17 applications.

Right?

Yeah.

And you could, you could lock it down to the same 17 applications for all of those.

And then of course you will absolutely have some users who are special.

Their name will probably be Curtis or Prasanna.

'cause we always want to do stuff that's outside of the norm.

Right.

Um.

You, you, you'll have a handful of power users that will end

up with 37 other applications.

I, I think that in those scenario, like we don't, maybe we don't have to

do it for, well, there, there's just, there are areas where maybe it's harder

to do than others and I'm thinking

or functional units.

Right, right.

Yeah,

Um, if there's an area where you can do this, I guess I'm

just saying think about it.

yeah.

If you application white listing, I think it would be, it would go a long

way to stopping ransomware or any

I think there's different ways you can implement application whitelisting,

One way is to sort of say, Hey, here is a list of approved IT applications

that you are allowed to install and deploy, but don't necessarily prevent

people from installing other things.

You sort of use the honor system or IT policies just like everyone has, right?

You sign a code of conduct when you join a

right.

right?

Or the employee handbook, right?

and then could we perhaps monitor for anything that is outside

the white list and then send off the, the CLS and alerts when it

Yep.

Yeah.

Yeah.

Right.

So you can at least start a process so you're not getting in the

way, but at least you're having an ability to monitor and figure

out, okay, what are people doing?

Does this make sense?

And maybe you also have a list of applications, because I think in

addition to having a list of applications that you approve in that white list,

it's also important to have a list of applications that you block.

Yeah.

Which is also as equally as important,

what would, what would the name of that process be?

Application blacklist.

Yes.

Okay.

You, you said that like, it, you weren't sure.

Yes.

It's the opposite of a white list, right?

Application blacklist.

Right.

So you could, you could have a, a series of apps.

Um, and, and I would put a lot of the security software that is

often installed by, um, uh, cyber attackers as, um, bl blacklisted.

Again, there are exceptions to the blacklist where you need to install

it, and then you want to find out who, who is actually trying to

install such, such tools, right?

Um.

And I think another thing Curtis, that becomes interesting is days a lot

of people just use SaaS application.

So by using a SaaS application, you don't even have to worry about

application whitelisting as much anymore.

Isn't SaaS so great?

There are things I don't like, as, you know, there are things I

don't like about the SaaS world.

I'm concern very much about all the data that's out there, but, um, but this is

definitely a, an advantage of the SaaS.

Uh, you know, we're, I mean, as we are talking, we are using a SaaS application.

Mm-Hmm.

I don't know how we would do this back in the day.

Right.

I guess we could, what, what was that tool that we used to O-B-O-B-C-O-B-S-O-B-S.

We, we used to use OBS, um, and theoretically we could do that, but we

would still need a way to see each other.

Um, which,

have FaceTime running in parallel.

would be a SaaS.

Yeah,

Yeah.

There.

You know what I remember back in the very early days, I remember

software that you used on your laptop.

You had a piece of software running on your laptop.

They had a piece of software running on their laptop, and those two pieces

of software directly communicated, um, to, to webcam to each other.

Man, those were such, so, so bad in terms of quality.

Yeah.

Oh yeah.

So yeah, that the, the SaaS world makes things a lot easier.

Um.

All right, so enough of that.

So now let's talk about disabling other attack vectors.

Now, one of the things that came up when, um, we had Dwayne on with the, the, the

red team, uh, episode, which at this point is now about five or six episodes back.

Is this idea that there are service accounts out there that are running

with like, no, no password default passwords are really crappy passwords.

Right?

What's a, what's a service account?

Why does this matter?

So a service account is like a special privileged account that runs on the system

and is used for things that need to happen without necessarily user interaction.

an example, backup.

Right.

So normally you have a backup service account that runs on

the system and kicks off backups that need to happen on the system

Do you remember the special thing he said about the backup service account?

that it had access to everything.

It had a access to everything without logging,

Yeah.

right.

Oh, that's right.

Right,

Yeah.

so it can access all the files that it wants, download all the files it wants,

because that's what backup is, right?

Override all the files it wants, because that's what Restore is without

triggering any alarms of any kind.

Yeah,

here you have it installed with the password of backup

or, or maybe it's installed with net backup or networker or TSM.

Um.

Yeah.

Or Veeam, right?

Uh, please, please don't do that.

Right?

So, so I wanna talk about, so we need to figure out how many

service accounts are out there.

And so there is this, uh, there is this concept of a service account inventory.

Um, and when I, when I googled that there, you know, there, there, there were

some, uh, some things that you could do.

Obviously they talked about things like reviewing the documentation, uh, you know,

any documentation you have as to where you would typically install service accounts.

Uh, there are active directory tools such as, uh, you know, PowerShell

that you can look for, things like.

Special account flags and two special account flags pop up.

Do you know what they are?

I'm gonna guess no.

Why would you know this?

Right?

The two special account flags that they popped up are, don't expire.

Password or password?

Not required.

Ugh.

Password not required.

Um, you know, look for group membership, like domain admins, enterprise admins,

um, you know, and look for the types of applications that need service accounts.

What kinds of applications besides backup would you think those are?

Right,

Anything that runs as like a Damon process right in the background on the system,

right.

Um.

security software

Right.

Security software, ironically enough, u uses a service account antivirus.

Right.

Um, the, um, go ahead.

But I think though a service account, you cannot, normally, you're not allowed

to log in using a service account,

Right.

right.

It is just for things that are already on the system to be able to operate

with different privileges on the system.

Yeah.

Right.

You can't log in like in the traditional sense, but you can log in from an

API perspective and do the things that that thing is supposed to do.

And so all I'm saying is figure out what those are and give them real passwords.

If you've got accounts, service accounts that say, don't, you know, no password

required, it seems like that is bad.

Yeah, and I think the other thing to mention is the service accounts are

basically on a per machine basis.

Yes.

So it's not like you can go look in active directory and say, Hey, where,

what are all my service accounts?

You have to hit every single box and say, what are the service accounts available?

And that's why you use things like PowerShell and other things

make sure, okay, what is there?

And this inventory shouldn't be on a one-time basis either

Right.

applications get added.

Remove systems come online, get decommissioned.

Yeah, a very regular thing.

You should be out there looking for new service accounts.

So I'm hearing that the most common way that systems are compromised these

days is, um, sole and credentials.

What's the second?

Most common way.

What was that for those not watching the video version on YouTube?

Uh, Prasanna just made a, a, I think that was, was that like a phishing reel?

Uh,

it's a phishing reel and then, uh, pull it back in

um, yeah.

phishing with a pH, uh, phishing and, uh, and spearphishing, which

is a very specific type of phishing.

The, and this is often via, um, email, right?

And so another thing I'd like you to consider is, again,

these are all optional things.

Um, you know, some less optional I think than others.

But this is something to consider and that is the idea of putting in some

type of monitoring system, filtering system in your email system in

order to, uh, see if you can catch.

You know, use ai, um, and, and other tools to identify phishing,

uh, attacks on the front end.

and I believe that many of the SaaS email providers like Microsoft and

Google have pretty extensive phishing protections already built in, but

it doesn't mean you shouldn't use a third party solution as well.

I think that's true everywhere, right?

That there's often

Yeah.

os tools that are available, but there are, um.

Uh, third party tools that may be more extensive.

The question, they will also be more expensive,

Yeah.

Extensive and expensive.

Um, all right, so we gotta talk about my favorite boogieman.

What, what is it?

Port 3 9, 2 2, I

Is that.

Or is it three?

Five.

Five, three.

Is that the port for RDP, the Ransomware deployment Protocol?

Um, yeah.

I,

Nine.

what's that?

3, 3, 8,

3, 3, 8.

get that tattooed on your forehead.

Um, I'm, I'm suddenly, I'm thinking about, um, 2 4, 6 0 1 from, um, Les Mis,

Yeah.

so.

Please shut off RDP at, at a bare minimum, restrict RDP, so that it,

you know, so that the RDP port is only accessible via a particular network.

And that network should only be accessible via A VPN, which

is only accessible via MFA.

We're gonna get back to that and, you know, restrict s and b as much as you can.

Um, I'm sorry.

Restrict RDP as much as you can.

Uh, and then also, you know, I threw out SMB.

Lemme just throw that out.

Um, windows has a default administrative share.

What's up with that?

Right?

it admin dollar?

Yeah.

Um, that's what it's, and, and, and you can access the entire, uh, c drive, right?

Um, turn that sucker off.

Why, why is it there?

Um, you know, why is it there?

Why is it on by default?

I, you know, I, I'm sure you know if you've got, by the way, if

you disagree with me, uh, feel free to do so in the comments.

I would love to hear, uh, why the default administrative share.

Is not just fundamentally evil like RDP, um, but this is an s and b share

that is on by default in Windows server.

Uh, and when Windows desktop

Is it?

Isn't it at Windows desktop though?

Yes.

'cause I've used it.

Okay, because, so I was recently setting up my mom's new

Mm-Hmm

windows

mm-Hmm.

And when I went, because I was copying data over and I went to go

access it another laptop, and it basically said sharing is disabled.

Network sharing.

That's a good question, right.

Um, I'm not a Windows person.

Uh, I.

Neither am I.

It took me a while and I wanted to pull out my hair,

Yeah.

But, um, the, um, you should tell your mom to upgrade to a real computer.

Um,

she likes her windows.

Laptops.

I'm not gonna argue with her.

uh, yeah, uh, I know a lot of people like windows.

I just, you know, I close windows whenever I can.

Anyway.

Um, so the next thing, uh, let's talk about, and I, I alluded to

it already, and that is if your.

Normal workday process requires A VPN.

What do you think about having an MFA on that VPN?

Oh, you definitely should.

Yeah, this is

but,

of, of everything on this list.

If you are allowing computers outside your company to access your company resources,

and you're not using A VPN and you're not using MFA for that VPNI, you know, this.

I, I don't know what to say.

I have the question for you.

Okay.

Is it still technically considered MFA if you have an OTP in

order to be able to log into

I think, yeah, I think the, the OTP, um, you know, uh, I think

that, well, assuming that OTP has, uh, MFA built into it, right?

Um.

it's like an RSA token, right?

Yeah.

Yeah.

I mean, so I'm assuming, I, I'd assume that if you're using Okta or something

like that, that you are going to enforce

MFA.

on your entire environment.

If you do, I'm, I'm good.

I'm just saying if you're remotely letting people access stuff inside

your computing environment and you're not using MFA, uh, you know.

Yeah.

That's like you're asking for it kind of thing, right?

Going back to what you previously said about credential stuffing

Yes, exactly right.

Why is that, by the way?

What, what do you mean by that statement you just made?

Because if you don't have MFA, then someone might compromise credentials

somewhere else and say a user happens to reuse their passwords, they have access

to your environment because they're able to connect via VPN without requiring MFA.

There you go.

But I wanna add one thing to

Yeah.

Even with MFA, train your users not to get hit by MFA fatigue.

Yeah.

Right.

We've seen so many attacks where the attacker bombards the system

with MFA requests and then the user's like, fine, fine.

I give up.

I don't know what's going on.

Yeah.

like, okay, it's me.

Yeah.

This, this goes back to the stuff that we talked about last week, about training

the people that work in your environment.

Right?

Um, let them know what MFA, you know, an MFA fatigue attack is, and

Yeah.

to watch for it and to not, I.

Respond to it the way that you just described.

Yeah, yeah.

Whatever.

Just leave me alone, you know?

Or

that's what happened with the Okta attack,

Yes.

Yeah.

many months ago.

Yeah.

Um, so here's another one that, that the link that you shared

me, I think is fascinating.

Um, the next thing I have on the list is reputable antivirus

or anti-malware software.

Uh, what, what did that article talk about?

Yeah.

So this was an article which happened to be published today.

We're recording this.

Um, and it was from the register, uh, and it basically said that.

More than half the people.

Even though antivirus tools are available on the operating system,

Mm-Hmm.

install third party antivirus solutions.

Yeah.

And one of the things that I found at the very bottom of this article,

which I thought was interesting, they said malware writers, the first thing

that they do is they'll probably go and test against the standard tools.

Right.

And by having a third party, you're now adding an additional layer of defense to

protect you against being attacked and being, uh, infected by these malware.

Yeah.

You know, and those tools are, they're just like any of these tools.

Nothing is.

Um, what's that?

Nothing is perfect,

Yeah, nothing is perfect, but, um, you know, you know, maybe I'm an old

schooler here and I, I believe in the concept of these third party tools.

Um,

another stat which I will call out, said that,

oh,

when they

I don't like the stat.

I don't.

they looked at the statistics.

They found that twice the number of people had third party software for if they

were in the age group of 65 and above, versus in the age group of 45 and below.

To that, I just wanna say bleep,

uh, whatever.

Um, all right.

The, the final.

But antivirus is important though,

Antivirus is important.

Yeah.

Antivirus, anti-malware.

Um, the, um, um, the next group of things that I want to talk about are, again,

this isn't so much preventing, um, you know, preventing an attack as much as

it is, you know, preparing for one.

Well, no.

Yeah.

I guess this is.

preventing,

This is all also preventing, nevermind.

yeah.

The, the next group of things are, are a little bit different.

And that is this idea of proactively going and doing things

to see, to see what you can see.

Right?

Uh, and the first is this concept of an automated pen test.

What is that?

So a pen test is a penetration

Mm-Hmm.

where you can hire a company, you can procure software, where it will basically

test your network, your systems, to see are there any common vulnerabilities?

Are ports closed?

Do you have RDP exposed to the internet?

Things like that to help you understand, okay, where are

the gaps in my systems today?

Right.

And, and they range, um, everywhere from like, uh, 29, 9, 9, you know, uh,

we'll do a pen test of your company.

And I don't mean to imply that there's no value there, but there's definitely less

value there than the the, the next option.

And that is this concept of a red team.

Again, we had Dwayne Lalo on here from Pulsar Security.

They are a red team, right?

It's a fascinating episode, by the way, if you didn't, if you didn't

Mm.

take a look at that.

Uh, it's about, I don't know, six weeks or so ago at this point, the

idea that this is for those of you that have seen the movie sneakers,

this is the guys in the movie sneakers.

Those of you that haven't seen the movie sneakers, go watch the movie sneakers.

it.

It's.

It ages actually pretty well.

There's some stuff in there, just like any movie that centers around computers.

There's some stuff in there that's complete bs, but, you know, um,

You're not gonna recommend hackers or the net

no, I'm not gonna recommend Hackers or the net or swordfish.

Um, the net that, oh man, can't even.

You remember it was about hitting the escape button.

You remember how the escape button was like the

uh, Sandra Bullock, right?

Wasn't that Sandra Bullock?

Yeah.

Yeah.

Um, interestingly enough that when you, when you, when you bring up those three

movies, the only thing I remember, the pretty girls that were in those

three movies, I don't, and the fact that the computer stuff was, was crap.

Right?

Um, anyway.

Somehow I got distracted.

What?

Where were we talking about?

red

We were talking about red teams, right?

So this is a professional team whose job it is to infiltrate

your environment at your request.

And this is hardcore stuff, right?

Yeah, they're think like the hackers, right?

They

Yeah.

almost ethical hackers if you think about it.

Yeah.

Yeah.

Um, I remember Dwayne said that they kind of backed away from that

term that they use, they use, um, I forgot what the term that they use

instead, but basically Yeah, yeah.

That, that there, there's like a more all inclusive term that

they now use, but the, um.

This is a company that you hire that is going to do all sorts of things to

try to break into your environment.

And, um, I, I remember one of his stories was about they hacked this

company via a TV that was in the lobby.

Right.

And they did it by going and getting, they got, they figured out what the TV was.

They figured out the brand of the tv.

And then they went and got that TV and they tore it apart and then, you

know, um, this is hardcore stuff.

insecure wifi

Yeah,

in it that

yeah, yeah.

Um, and uh, this involves, this involves things like, uh, it could be phy, there's

also physical, uh, penetration tests.

Right.

So, you know, I remember, um, uh, listening to Kevin Mitnick,

which I know not everybody.

Uh, liked or appreciates Kevin Mitnick, but, uh, I, I did learn

a lot from his talk and it was, uh, this, it, it was about him.

Um, basically, I.

Going into a building.

It was like a, it was like a commercial building and he went into the bathroom

and he just waited into the bathroom for some other person to come and he

used his badge scanner, which works up to like six feet away or something.

And he's sitting in a.

Bathroom skull waiting for some other kind of coat.

And then he is scanning the guy's badge and then he uses that

badge to get into the building.

Right.

This is the, you know, this is some, some, some hardcore stuff.

It's like something outta Hollywood.

Yeah.

It is like something outta Hollywood, but the, you know, these are people that this

is what they do and, um, they enjoy it.

They're good at it.

And you should definitely look into the concept of a red team.

Now, what about a blue team?

They're the ones who are trying to protect your environment

Right?

potential attackers.

Right.

And so.

They're like the defense.

Right.

Yeah.

They are the defense and they're also the ones that you would bring

in when you have a cyber attack.

Right?

Yep.

Um, and so one of the things that I talk a lot about is that

you need to establish that.

Um, and again, another one of the, another one of the experts that we've

had on here that uh, is from a blue team is Mike Sailor from Black Swan

Security, and we're gonna have, we're gonna have him on some more, and I.

He, uh, he talks a lot about, he's been in many of these attacks

and he completely agrees with me.

Of course he does.

'cause this is what he does.

That now is the time to form a relationship with the blue team.

Why would, if, if there's somebody that I would call in, in the time

of a cyber attack, why would I want to get a relationship with them now?

Because a cyber attack attack is very stressful.

You'd rather have that relationship prebuilt so you understand what's

expected, what each person is gonna do, the roles and responsibilities

such that when you do have that cyber attack, everyone can just be

like, okay, let's go, go, go, go, go.

Everyone knows what they need to do.

Yeah.

You know, uh, the analogy that I'm gonna use is gonna be kind of funny and,

and I know you know this story, but it has nothing to do with cyber attack.

The time, the time to get a relationship with somebody like

this is before you need them.

Right.

And I'm thinking about the time that I cut into the main supply line of my

house, uh, the water sup, the water, the, the water main for my house.

And uh, this was when I was replacing my front yard.

I have a 400 square foot front yard.

Right?

It is very, you know, it's California, so my yard is not that big.

And, uh, I was digging it up to put down, um, you know, the, I was

gonna put down artificial turf.

And it's kind of funny that when you put our artificial turf, the first

thing you have to do is you have to dig up the yard and you have to, you

dig down like six inches and then you put paver, uh, uh, base there.

So you basically pave your yard.

And then on top of that you put an inch of sand.

And then on top of that you put the grass.

Now.

I was digging and I knew where my water main was.

And the really funny thing is, was I don't want to damage my water main while

I'm doing this, but I'm not a hundred percent sure what a water main is.

So I'm just gonna dig around my water main to find my water main, to

make sure I don't hit my water main.

In the process, process of doing that, I hit my water main.

Now, what does this have to do with this?

The point was that I knew exactly where to go because there was, there's

a guy that lives that way, like.

300 yards from my house, and I went right to that guy's house and I was like,

um, you know, I just did this thing.

Luckily, luckily, I will say it was on the, on the other side of the valve that

off.

the water department supplies, because if I had broken it on their side, then that

would've been a, a whole different thing.

Right.

Yeah.

But, uh, it was, I remember it was like a Sunday.

And, and by the way, cyber attacks never come when it's convenient.

They do it on purpose, right?

They, they, there, there will be a bunch of cyber attacks, uh, tomorrow.

Yep.

Uh, we're in the US tomorrow, the, the day we're recording this, tomorrow is

July 4th, and there will be a bunch of, uh, a lot of people have a four day

weekend because, um, you know, I think, I think it should be a federal law that

July 4th, can't fall on a Thursday, but it is, it's on a Thursday tomorrow, so

a lot of people will just take Friday off, so they have a four day weekend.

This is when cyber attacks happened, right?

So it was a Sunday afternoon and luckily I had, I had already established a

relationship with this plumber guy, and I went over and I just knocked

on his door and I'm like, I realize it's five o'clock on a Sunday and

you're clearly having dinner with your family, but I just blew up my house so.

Could you help me please?

anything he could do that would be awesome.

And he came over and, uh, repaired my water main, you know, I had to,

we had to dig a big hole, a much bigger hole to get access to the pipe.

Yeah.

And, um, you know, and he repaired it.

And then, uh, he said, uh, I was like, how much do I owe you?

I was prepared for 500 bucks.

Or more.

And he said 150 bucks because he did it like off the clock

and you know, his own thing.

And I was like, dude, you know where, where do I sign?

Right?

You're like, thank you for saving me.

Yeah.

you know, calling a plumber for an emergency repair on

a Sunday AF in the evening.

It was gonna cost him.

least 400 bucks before they even do anything.

Yeah.

And so this is what I'm saying is like, just get a relationship now.

Get a relationship now with your local FBI department.

Uh, by the way, Mike talked about that a lot.

What?

InfraGard?

InfraGard

was the name of the IBM, I'm sorry.

The IRS.

Ah.

Not the I.

Meant to, uh, help, uh, people combat cyber crime and, um, you know, look

into InfraGard, get a relationship with the FBI get, uh, and or whatever

it is where you happen to live.

Yeah.

And, um, but now's the time to do that.

Any further thoughts on that?

No.

I think, yeah, having those pre-established relationships especially

as these blue teams, red teams, right?

They're probably keeping up to date on the latest of what's happening out there, so

Yeah.

also a great resource for that too.

Yeah.

You wanna, you wanna have them on speed dial, right?

Like,

Yeah.

you get the thing, you make the call, they're on their way.

Not, not, you know, I'm having a Google Blue, blue teams or cyber.

Who do I call when I have a ransomware attack?

Um, that's not the time to be doing that.

It's already stressful.

Busters.

What's that?

You said, who are you gonna call when you have a

Oh, Gus

said, ghost busters.

that, that's a old joke, man.

You know, you're dating yourself.

Um,

that's a good movie though.

Movie, um, ruined by later attempts at.

Sequels, but whatever,

go there.

We shall

we should not go there.

Alright.

Good movie.

All right, well, this has been a good episode.

Further things that you can do to prevent ransomware and to prepare

yourself to be able to defend ransomware if and when it happens,

although it's more a win than an F.

Uh, any final thoughts?

Prasanna?

No, uh, was a great conversation.

I'm dying in the heat out here.

Uh, we're in our middle of our heat wave, so

What, what's temperature outside right now?

I think it's 103.

Uh, and what's the temperature inside?

Uh, about 84.

I really should turn on the air conditioner.

Um, so you, you wanna know what the temperature is

outside Where I am right now.

75?

75 is exactly what it's, that is San Diego versus the Bay Area.

Um, you know, in a nutshell, um.

Yeah, just different parts of the Bay Area, right?

Because certain parts of the Bay Area can be quite cold, actually.

I was looking at the thing they said up in San Francisco.

It's in the sixties, like low sixties,

Yeah.

if you go to the East Bay, uh, Livermore Pleasant in that

area, it's I think 108 degrees.

Well, coldest winter I ever spent was the summer in San Francisco, mark Twain.

All right.

Well thanks a lot Pana.

Thank you to the listeners.

Uh, I hope you're getting something outta this and remember to hit that

subscribe or follow button so that you can, um, you can get us every time.

And um, that is a wrap.

The backup wrap up is written, recorded, and produced by me w Curtis Preston.

If you need backup or Dr.

Consulting content generation or expert witness work,

check out backup central.com.

You can also find links from my O'Reilly Books on the same website.

Remember, this is an independent podcast and any opinions that

you hear are those of the speaker and not necessarily an employer.

Thanks for listening.