Controls of CIA
It would be very entertaining to direct the CIA, but this is only available to Comrade Snowden. In this note (although the size of the note is too big), we will discuss the three pillars of information security, as everyone has already guessed: confidentiality, integrity (Integrity), availability (Availability). The material is not much like the one in the Russian-made textbooks, so I hope it will be interesting. I leave some concepts in the original, those who are aware of the translation do not need, and in the context, I think, everything will be very clear. Each of these three aspects is closely related to physical safety (Safety) and the violation of any of them can lead to negative consequences.
Consider today's popular cloud services, the main advantages of which are scalability and flexibility or elasticity. Trusting your data to another organization, for example, SP (service provider), you need to be sure that they will remain known only to us, i.e. ensure their confidentiality (C). What fixed assets (control types) can I use? Regardless of the platform, we can use ... cryptography or encryption, as you wish.
As the administrator of critical infrastructure components, it is often necessary to update them. How to be sure that the updates are exactly the original files from the developer, i.e. their integrity (i) is not broken. Especially for these purposes on the developer’s sites next to the link to the object, there is usually a line with additional identifying information — checksum or HASH. This is a one-way calculation of the reference value based on the HASH function (MD5, SHA-1). And these values ​​should coincide - on the site and yours, calculated after the download.
The following technology of ensuring I fully uses the above described - these are electronic signatures (according to Federal Law No. 63), or electronic digital signatures, as they were called before. There are 3 types of EP: simple and enhanced: qualified, unqualified. Depending on the type, the ES provides the “non-repudiation” of the author (non-repudiation) and / or the integrity of the sent message. The whole essence of the use of an ES is reduced to the technology of asymmetric encryption - an open and only private key to it. For the global use of an ES, a public key infrastructure (PKI) is specially formed, the main structural element of which is a CA (CA), where all ES entities believe a CA.
')
Now it is a little about availability. We have a lot of money, we will do redundancy (redundant) infrastructure. What is the benefit? High availability - clustering - fault tolerance. With force majeure, you can be sure that the systems will be available, and in the absence of negative factors, you can increase the speed. The important factor A is a competent installation of patches (patching). Before you update something you need to thoroughly test and coordinate all changes with change documentation.
Applying measures of organizational and technical security, we must not forget about physical access. If possible, and something is mandatory, use fences, video surveillance, special locks, etc.
So! Nobody wants to lose "acquired by overwork" - Assets. The damage from possible negative consequences is always - Threats. Impenetrable systems do not exist - Vulnerabilities. And the likelihood of damage from exploiting a vulnerability is Risk. If a CIA violation is a threat, then it is necessary to somehow counter this threat (risk mitigation - countermeasures).
Each admin is familiar and close, the so-called Technical controls. These are all technologies that are used to provide information security: FW, Port Security, ACL, AV, IPS, UTM, DLP, PKI, 802.1x, Passwords, etc. In principle, what else is needed? =)
What is needed is on the basis of what all this should function: Management controls - administrative management. A very competent Risk / Vulnerability assessment as a basis for a security policy approved by the head of the organization, as well as other regulatory documents governing the organization’s activities in the field of information security are all administrative management.
On the basis of management, operational or operational control is built - daily work schedules, instructions, plans for the next \ extra work (change management). All this should be correlated with security policy in order to determine the "normal" functioning of the IT infrastructure.
For ordinary users, it is recommended to do something like a policy squeeze (privacy policy, acceptable use policy), focusing on the fact that the user may or may not, i.e. to determine the areas of its influence and responsibility (work with mail, the Internet, removable media, disclosure of CT, etc.), it makes no sense for the user not to turn off the server equipment during the working day, because he should not have access to this area of ​​responsibility. These policies can be revised as often as necessary in terms of job responsibilities.
Global security policy (security policy) - is based on the area in which the organization operates and consists of many pages of text, diagrams, etc., describing all sorts of situations. Ideally, in this policy you can find the answer to any questions about information security in the organization.
The following risk reduction procedures associated with the subjective component should be reflected in the policy or other documents.
The main policy, with such changes in roles and responsibilities, should be the procedure for conducting a periodic audit, in order to identify possible overlapping “collisions of access rights”, when one entity obtains the rights of all entities for which he once performed duties, not to mention other IS issues.
"Write more papers - more papers less problems." In principle, there is nothing more to say: SLA - service layer agreement, BPA - business partner agreement, MOU - memorandum of understanding, ISA - interconnect security agreement.
In general, as elsewhere, describe in a most detailed way the procedures of interaction and the responsibility of the parties for the disclosure, storage, processing, etc. You never know, have to go to court ...
Now let's do it. How much you need to spend to reduce the risk - quantitative risk analysis (quantitative analysis).
In addition to risk transfer, we can avoid it (avoidance - not allow BYOD), accept (accept - cheaper), reduce (mitigation - FW, AV), counteract (deterrence - mantrap). There is also a qualitative risk analysis, based on expert assessments (qualitative): Impact * Likelihood, a not very accurate type of analysis, but better than nothing.
To assess the reliability of the operation introduced the following concepts:
The answer on the surface: either get rid of vulnerabilities, or from threats. It is very likely that the threat will not get rid of. Therefore, everyone is trying to close the known vulnerabilities. About 0-day vunls now do not speak. Vulnerabilities are closed mainly through technical controls, the use of which should be described through change management. The work plan (test, monitoring, restoration) with a detailed description of the actions and time intervals indicating the responsible persons should be signed by all interested parties. A recovery plan is also needed in cases of force majeure. "No security issues after update".
The sad part. Incident management - something bad happened, and we did not have time to counteract. Our actions should coincide with the plan prepared in advance for such cases. Users must act according to instructions or policies (who to call, write or drop everything and run), and for this they need to be taught - Security awareness. Preparing a plan after the incident is pointless.
About the audit of the rights of users have already said - this is very important, otherwise it may happen that the “janitor t. Masha” will open the vault and will abruptly cease to be the janitor. Disabled employees are disabled (when they are sure that they are unnecessary to be removed), holiday-makers are not allowed. Conduct audits, both planned and sudden - the result should be a report of the audit. Such reports should be analyzed in order to determine the dynamics and, possibly, the impact on employees.
In many organizations, Pii is processed, in Russian PD. About the legislation of the Russian Federation not a word =). The data must be closed (encrypted), to protect against leaks, you can implement DLP (with encrypted data does not help, but do not forget about SSL parsing), prohibit the use of removable media using software, policies, scripts.
Three basic steps in a non enterprise incident: find, isolate, neutralize . In case of an incident in production, other recommendations should be followed. Do not disable temporary sources of information (most Volatility): registers, RAM, Cache, Process, while data is not collected and, if possible, use Middle volatile - swap file in the analysis.
For Least volatile - HDD, make a bit-by-bit disk image, calculate and compare the hash. Make a copy of the image and work only with it in Read-only mode, if necessary. From network devices to collect information via Syslog, if SIEM is deployed to collect reports, GiGo is network traffic, consider time shifts for accurate analysis (use NTP), screenshots are also useful, interview employees, if nothing happens, then hire employees from outside (do not forget about the agreement), be sure to monitor the integrity of the transfer of information from one subject to another (chain of custody).
Prepare, prepare, prepare. The more we prepare, the less time we spend on the answer. Rules are needed who should be notified first of all when a problem occurs (Chief, Help-desk, OIB). Further, competent staff must determine the priority: how important, complex, the scale of the incident. Apply countermeasures (isolate, neutralize). After eliminating the incident, it is necessary to update the knowledge base (lessons learned), improve the protection technologies, document the incident so that the next time you can respond more effectively or change the infrastructure and policies (policy & infrastructure update) so that the likelihood of this type of incident is minimal. If it is absolutely necessary, contact the law enforcement agencies, but you should take into account the fact that during the investigation you can get a very “good rake” and additional reputational risks. "Not sure, do not overtake!". Following incident response and impact assessment procedures, the infrastructure must be brought to a working state. To do this, the organization must develop a recovery plan - “Disaster / recovery plan”.
With employees, it is necessary to periodically conduct training on information security, with further testing of knowledge on issues related to their operating activities. Ideally, this should discipline users, which ultimately leads to a reduction in risk. At least the control of knowledge makes users remember the main aspects of the information security policy.
It is necessary to categorize (labeling) all data by importance / severity, in approximately the same way as it is done with the information constituting GT, for commercial information and in accordance with the legislation on CI and PD. The banks provide their own categorization regarding financial documentation. For such information, a mandatory access policy (MAC) is applied and users must understand that access to information is determined solely by production necessity. Processing, transportation and destruction of critical information in the same way should be done correctly in accordance with regulatory documentation. GT not to throw in the trash and hard drives do not resell =)
User habits are also a sore subject: passwords under the keyboard, an unlocked computer, documents left on the table, found near the flash drive office, help for “strangers” to get to the office - all this should be excluded and explained with real examples and emerging risks, as for the organization, and for the user (deprivation of bonuses, administrative liability, etc.). To all you need to add and the rules for the use of social networks (if they are not prohibited), the opening of links and advertisements, "favorite" user Internet resources.
Natural disaster risks can also occur in production - natural and man-made risks (fire, earthquake, flood, lightning) that can slow down production activities. To speed up the process of returning to normal operation, it is desirable to have BCP - business continuity plan - conceptual actions, the main part of which is BIA - business impact analysis.
It needs to identify critical systems, communications, and their impact on business continuity. Install RTO, RPO, to strive for. Have several scenarios, assess the risks, preferably quantitatively. Determine the possible loss of part of the business and fines from regulators.
For example, we decided to deploy a Hot site - this is cool, but very expensive. If something happens to the main site, the hot standby, having all the information and technical capabilities of the duplicate (Fully operational) will perform the replacement. We want to save - Warm site: requires more time for commissioning, does not have operational information, is only a copy of the hardware. In general,rogue low-budget organization - at least to organize a cold site, well, or nothing ... As you know, everything depends on the value of the assets.
Thus, the developed Disaster recovery plan should be based on existing assets of the organization. When assets change, it is reviewed and constantly monitored. From this it follows that BCP -> 1 DRP + 2 DRP + ... + n DRP -> IT contingency plans for each DRP. IT contingency plan estimates single system or asset. In order to know what to do in emergency situations, Succession planning is developed, it makes sense to develop it only before these situations occur.
About redundancy and fault tolerance, which generate the implementation of HA -> Clustering -> Load Balancing, discussed above. RedundantArraryID (RAID) can also be attributed to the same: 0 - strip, 1 - mirror, 5, 6 - with a bit, combined 10, 50 and 60. The use of these technical tools and technologies is the best practice for designing BCP.
Backup plan . Here it is necessary to determine how often it is necessary to make backups and their volumes: full, incremental and differential. Usually full backups are done on weekends, incremental in the evening of the working day. Yes, and you only need to back up what you really need; there is no sense to litter the storage system with any garbage.
So, in the article I tried to talk about information security management methods, risk assessment and a little bit about technology. Recalling the work at the enterprise, a dangerous type of activity, I can say that the concepts described above are really very important and often help out, both when working with integrators and contractors, and in emergency situations when there is a need for an urgent “relocation” of the infrastructure.
As always, I will be glad to see your comments.
I understand that the volume is too big, so thank you for mastering to the end!
PS About working with users. After training, you can conduct tests, as I wrote, or after a while you can arrange a “test purchase”: send a letter from an unknown name, indicate “work bonus / additional leave / something else with details in the file” in the subject line and put This file with the script in the attachment, which, after opening it, notifies you about the user. It will be interesting, the main thing is not to burn yourself, so regulate your actions.
Consider today's popular cloud services, the main advantages of which are scalability and flexibility or elasticity. Trusting your data to another organization, for example, SP (service provider), you need to be sure that they will remain known only to us, i.e. ensure their confidentiality (C). What fixed assets (control types) can I use? Regardless of the platform, we can use ... cryptography or encryption, as you wish.
- File by file encryption - before sending critical information for the "perimeter", regardless of the services provided (ha, okay, SP encrypts in his cloud), it is necessary to encrypt all information locally beforehand. Similarly, if information is stored on mobile devices - full device / disk encryption, as a prerequisite for use.
- The next condition is the delineation of access to resources (Access control, Information separation, in the context of Technical controls, it will be clear why. The main application scheme is MAC-DAC (not to be confused with what you know with) and RBAC. Using these schemes, we can protect ourselves from unauthorized access to information.
- Well, a little toy, but also effective means - steganography. Those who are not familiar - OpenPaff to help. You can try to bypass DLP =), ensuring the confidentiality of sensitive information bypassing the security policy.
As the administrator of critical infrastructure components, it is often necessary to update them. How to be sure that the updates are exactly the original files from the developer, i.e. their integrity (i) is not broken. Especially for these purposes on the developer’s sites next to the link to the object, there is usually a line with additional identifying information — checksum or HASH. This is a one-way calculation of the reference value based on the HASH function (MD5, SHA-1). And these values ​​should coincide - on the site and yours, calculated after the download.
The following technology of ensuring I fully uses the above described - these are electronic signatures (according to Federal Law No. 63), or electronic digital signatures, as they were called before. There are 3 types of EP: simple and enhanced: qualified, unqualified. Depending on the type, the ES provides the “non-repudiation” of the author (non-repudiation) and / or the integrity of the sent message. The whole essence of the use of an ES is reduced to the technology of asymmetric encryption - an open and only private key to it. For the global use of an ES, a public key infrastructure (PKI) is specially formed, the main structural element of which is a CA (CA), where all ES entities believe a CA.
')
Now it is a little about availability. We have a lot of money, we will do redundancy (redundant) infrastructure. What is the benefit? High availability - clustering - fault tolerance. With force majeure, you can be sure that the systems will be available, and in the absence of negative factors, you can increase the speed. The important factor A is a competent installation of patches (patching). Before you update something you need to thoroughly test and coordinate all changes with change documentation.
Applying measures of organizational and technical security, we must not forget about physical access. If possible, and something is mandatory, use fences, video surveillance, special locks, etc.
"Make money, make money, and the rest is all rubbish ..."
So! Nobody wants to lose "acquired by overwork" - Assets. The damage from possible negative consequences is always - Threats. Impenetrable systems do not exist - Vulnerabilities. And the likelihood of damage from exploiting a vulnerability is Risk. If a CIA violation is a threat, then it is necessary to somehow counter this threat (risk mitigation - countermeasures).
Each admin is familiar and close, the so-called Technical controls. These are all technologies that are used to provide information security: FW, Port Security, ACL, AV, IPS, UTM, DLP, PKI, 802.1x, Passwords, etc. In principle, what else is needed? =)
What is needed is on the basis of what all this should function: Management controls - administrative management. A very competent Risk / Vulnerability assessment as a basis for a security policy approved by the head of the organization, as well as other regulatory documents governing the organization’s activities in the field of information security are all administrative management.
On the basis of management, operational or operational control is built - daily work schedules, instructions, plans for the next \ extra work (change management). All this should be correlated with security policy in order to determine the "normal" functioning of the IT infrastructure.
On the importance of policies (management controls) “Everything that is stipulated is recommended, everything that is written is being executed!”
For ordinary users, it is recommended to do something like a policy squeeze (privacy policy, acceptable use policy), focusing on the fact that the user may or may not, i.e. to determine the areas of its influence and responsibility (work with mail, the Internet, removable media, disclosure of CT, etc.), it makes no sense for the user not to turn off the server equipment during the working day, because he should not have access to this area of ​​responsibility. These policies can be revised as often as necessary in terms of job responsibilities.
Global security policy (security policy) - is based on the area in which the organization operates and consists of many pages of text, diagrams, etc., describing all sorts of situations. Ideally, in this policy you can find the answer to any questions about information security in the organization.
The following risk reduction procedures associated with the subjective component should be reflected in the policy or other documents.
- Mandatory vacations: (hard to believe), during this period, an employee is prohibited from appearing at work and contacting company employees to reduce or detect fraud (fraud, embezzlement, neglect) - the Discovering or deterrent mechanism. For example, SuperAdmin went into compulsory leave, in his place sent another skilled person to identify violations of SuperAdmin policy. Usually effective in financial institutions. From the experience of working in a bank, I can say that everything described is true, but I never met once in Planned vacations. In theory, this should help with the dismissal of the employee, so that the organization would always be ready for his substitution (cross-training).
- Approximately the same thing, only without mandatory vacation (just as it is in most organizations) - Job rotation.
- One of the most important methods of control is the division of duties, the principle of 2 persons, etc. (Separation of Duties). A critical operation consisting of several iterations cannot be performed by one subject - each subject controls its area of ​​responsibility.
- Immediately follows another important factor - the minimum privileges (rights) for the performance of duties or the principle of necessity and sufficiency (Least privileges). For example, you (the networker) have access to information that has a chipboard, this is enough to have access to any chipboard documents, but is there a need to access documents, for example, by physical security sensors, are they also chipboard? The answer is no! This information is not your responsibility. Therefore, first the rights are divided (according to the minimum principle), and only then responsibility is assigned.
The main policy, with such changes in roles and responsibilities, should be the procedure for conducting a periodic audit, in order to identify possible overlapping “collisions of access rights”, when one entity obtains the rights of all entities for which he once performed duties, not to mention other IS issues.
Risks when integrating with third-party organizations.
"Write more papers - more papers less problems." In principle, there is nothing more to say: SLA - service layer agreement, BPA - business partner agreement, MOU - memorandum of understanding, ISA - interconnect security agreement.
In general, as elsewhere, describe in a most detailed way the procedures of interaction and the responsibility of the parties for the disclosure, storage, processing, etc. You never know, have to go to court ...
We considered, we wrote
Now let's do it. How much you need to spend to reduce the risk - quantitative risk analysis (quantitative analysis).
, – , 1100, – 250 , (risk transference). SLE (single loss) – = 1100. ARO – annual rate occurrence – (1 5 ) = 0.2. ALE – annual loss expect ( ) = SLE * ARO = 220, . . In addition to risk transfer, we can avoid it (avoidance - not allow BYOD), accept (accept - cheaper), reduce (mitigation - FW, AV), counteract (deterrence - mantrap). There is also a qualitative risk analysis, based on expert assessments (qualitative): Impact * Likelihood, a not very accurate type of analysis, but better than nothing.
To assess the reliability of the operation introduced the following concepts:
- MTBF - meantime between failure - how many hours worked between failures, reliability.
- MTTR - meantime to restore - the time required for recovery, speed.
- MTTF - meantime to failure - how long it worked before failure, after deployment.
- Threat vector is the technology that will be attacked (email, web, IM, Tel).
- RTO - recovery time objective - how much time will be restored.
- RPO - recovery point objective - how old version of the copy to use.
How to reduce the risk?
The answer on the surface: either get rid of vulnerabilities, or from threats. It is very likely that the threat will not get rid of. Therefore, everyone is trying to close the known vulnerabilities. About 0-day vunls now do not speak. Vulnerabilities are closed mainly through technical controls, the use of which should be described through change management. The work plan (test, monitoring, restoration) with a detailed description of the actions and time intervals indicating the responsible persons should be signed by all interested parties. A recovery plan is also needed in cases of force majeure. "No security issues after update".
The sad part. Incident management - something bad happened, and we did not have time to counteract. Our actions should coincide with the plan prepared in advance for such cases. Users must act according to instructions or policies (who to call, write or drop everything and run), and for this they need to be taught - Security awareness. Preparing a plan after the incident is pointless.
About the audit of the rights of users have already said - this is very important, otherwise it may happen that the “janitor t. Masha” will open the vault and will abruptly cease to be the janitor. Disabled employees are disabled (when they are sure that they are unnecessary to be removed), holiday-makers are not allowed. Conduct audits, both planned and sudden - the result should be a report of the audit. Such reports should be analyzed in order to determine the dynamics and, possibly, the impact on employees.
In many organizations, Pii is processed, in Russian PD. About the legislation of the Russian Federation not a word =). The data must be closed (encrypted), to protect against leaks, you can implement DLP (with encrypted data does not help, but do not forget about SSL parsing), prohibit the use of removable media using software, policies, scripts.
If the incident occurred, then you need to investigate - Forensics.
Three basic steps in a non enterprise incident: find, isolate, neutralize . In case of an incident in production, other recommendations should be followed. Do not disable temporary sources of information (most Volatility): registers, RAM, Cache, Process, while data is not collected and, if possible, use Middle volatile - swap file in the analysis.
For Least volatile - HDD, make a bit-by-bit disk image, calculate and compare the hash. Make a copy of the image and work only with it in Read-only mode, if necessary. From network devices to collect information via Syslog, if SIEM is deployed to collect reports, GiGo is network traffic, consider time shifts for accurate analysis (use NTP), screenshots are also useful, interview employees, if nothing happens, then hire employees from outside (do not forget about the agreement), be sure to monitor the integrity of the transfer of information from one subject to another (chain of custody).
If you want peace, prepare for war! How to resist (Incident response).
Prepare, prepare, prepare. The more we prepare, the less time we spend on the answer. Rules are needed who should be notified first of all when a problem occurs (Chief, Help-desk, OIB). Further, competent staff must determine the priority: how important, complex, the scale of the incident. Apply countermeasures (isolate, neutralize). After eliminating the incident, it is necessary to update the knowledge base (lessons learned), improve the protection technologies, document the incident so that the next time you can respond more effectively or change the infrastructure and policies (policy & infrastructure update) so that the likelihood of this type of incident is minimal. If it is absolutely necessary, contact the law enforcement agencies, but you should take into account the fact that during the investigation you can get a very “good rake” and additional reputational risks. "Not sure, do not overtake!". Following incident response and impact assessment procedures, the infrastructure must be brought to a working state. To do this, the organization must develop a recovery plan - “Disaster / recovery plan”.
Information security training - alert, so armed.
With employees, it is necessary to periodically conduct training on information security, with further testing of knowledge on issues related to their operating activities. Ideally, this should discipline users, which ultimately leads to a reduction in risk. At least the control of knowledge makes users remember the main aspects of the information security policy.
It is necessary to categorize (labeling) all data by importance / severity, in approximately the same way as it is done with the information constituting GT, for commercial information and in accordance with the legislation on CI and PD. The banks provide their own categorization regarding financial documentation. For such information, a mandatory access policy (MAC) is applied and users must understand that access to information is determined solely by production necessity. Processing, transportation and destruction of critical information in the same way should be done correctly in accordance with regulatory documentation. GT not to throw in the trash and hard drives do not resell =)
User habits are also a sore subject: passwords under the keyboard, an unlocked computer, documents left on the table, found near the flash drive office, help for “strangers” to get to the office - all this should be excluded and explained with real examples and emerging risks, as for the organization, and for the user (deprivation of bonuses, administrative liability, etc.). To all you need to add and the rules for the use of social networks (if they are not prohibited), the opening of links and advertisements, "favorite" user Internet resources.
Natural disaster risks can also occur in production - natural and man-made risks (fire, earthquake, flood, lightning) that can slow down production activities. To speed up the process of returning to normal operation, it is desirable to have BCP - business continuity plan - conceptual actions, the main part of which is BIA - business impact analysis.
It needs to identify critical systems, communications, and their impact on business continuity. Install RTO, RPO, to strive for. Have several scenarios, assess the risks, preferably quantitatively. Determine the possible loss of part of the business and fines from regulators.
For example, we decided to deploy a Hot site - this is cool, but very expensive. If something happens to the main site, the hot standby, having all the information and technical capabilities of the duplicate (Fully operational) will perform the replacement. We want to save - Warm site: requires more time for commissioning, does not have operational information, is only a copy of the hardware. In general,
Thus, the developed Disaster recovery plan should be based on existing assets of the organization. When assets change, it is reviewed and constantly monitored. From this it follows that BCP -> 1 DRP + 2 DRP + ... + n DRP -> IT contingency plans for each DRP. IT contingency plan estimates single system or asset. In order to know what to do in emergency situations, Succession planning is developed, it makes sense to develop it only before these situations occur.
About redundancy and fault tolerance, which generate the implementation of HA -> Clustering -> Load Balancing, discussed above. RedundantArraryID (RAID) can also be attributed to the same: 0 - strip, 1 - mirror, 5, 6 - with a bit, combined 10, 50 and 60. The use of these technical tools and technologies is the best practice for designing BCP.
Backup plan . Here it is necessary to determine how often it is necessary to make backups and their volumes: full, incremental and differential. Usually full backups are done on weekends, incremental in the evening of the working day. Yes, and you only need to back up what you really need; there is no sense to litter the storage system with any garbage.
So, in the article I tried to talk about information security management methods, risk assessment and a little bit about technology. Recalling the work at the enterprise, a dangerous type of activity, I can say that the concepts described above are really very important and often help out, both when working with integrators and contractors, and in emergency situations when there is a need for an urgent “relocation” of the infrastructure.
As always, I will be glad to see your comments.
I understand that the volume is too big, so thank you for mastering to the end!
PS About working with users. After training, you can conduct tests, as I wrote, or after a while you can arrange a “test purchase”: send a letter from an unknown name, indicate “work bonus / additional leave / something else with details in the file” in the subject line and put This file with the script in the attachment, which, after opening it, notifies you about the user. It will be interesting, the main thing is not to burn yourself, so regulate your actions.
Source: https://habr.com/ru/post/230605/
All Articles