Category Archives: Network Security

Avoid DNS Services Scam

Posted on by

Scam Warning PictureDo not pay a bill received from DNS Services. This is a SCAM to get you to pay for fake backup domain name services. The invoices appear legitimate because they list the name servers and mail records from your actual domain registrar or web host.

Unfortunately, this deceptive tactic is legal because it adheres to the U.S. Postal regulations by providing a clear disclaimer for a bill-type solicitation.  Don’t attempt to contact the company which just verifies your contact information. These types of scams have often already been flagged by the Better Business Bureau and Webutation.net. When you receive an invoice for technology services or products from an unknown company, don’t pay it and check with your IT support for verification.

DNS Services Scam Letter

About these ads

Firewall On

Posted on by

Unless you’re from the East or West coast, many people grew up not locking their doors. In lots of rural areas around the nation, there is still some of that mentality. In the mid 60′s, Star Trek began and everyone heard Captain Kirk say “Shields up Scotty and more power from the reactor!”.  Computing history is much the same as early on we were just happy that things worked, but then it became too easy to connect to other systems. It became clear that various people had different ideas about how technology worked and some saw no harm in malicious acts on computers as it wasn’t real life. Maybe art does parrot reality as we had our own Klingons, Romulans, and Ferengi.

The bottom line is that your computer firewall should be on. Even Apple has had to put down their arrogant and naive stance on security and began having a built-in OS X firewall in 2008.  The two main reasons why firewalls should be on are: privacy and safety. Without your firewall on, you’re pretty much telling the world take my information. Worse yet, that virus or trojan can freely infect your family, friends, and employer.

It’s fine to turn off the firewall for testing, but the firewall should be on, especially for critical functions like mail and database servers. Hint: If you have the firewall on when installing applications, exclusions will automatically be added or you’ll be alerted to the exact ports to add rather than having to grapple with turning firewalls on later. IT pros it’s not 1989 anymore and all about making your like super easy and ensuring job security from all the problems. That group policy you have to turn off all system firewalls is terrible network security and out of compliance for any regulation or management that are concerned about protecting confidentiality and proprietary information. If this is you, go to management now and tell them that there may be a day or two of intermittent issues turning the firewalls on. However, this step will save tons of money and time versus downtime from viruses and embarrassment or business loss from critical data leakage. Oh, and you should really just add firewall exclusions when enabling the firewall in group policy.

Windows Intune Overview

Posted on by

Windows IntuneLet’s face it, security is not sexy. Fear doesn’t sell and someone built that network and has very strong reactions to any suggestions of vulnerability. For most IT departments, it’s a struggle just to service the needs of users. Monitoring and updating systems is a distant last after the next 2 dozen things that are infinitely more fun and supposedly important. The problem is that everyone is struggling with the same issue: users are often more mobile and not getting back to log into the network and even if you have an update system, it’s either neglected or is just another thing not being maintained.

Enter Windows Intune, cloud based PC management. You see if you add up the cost of workstations (hardware, software, support, and training) you’ll come to the often startling realization that the big money isn’t in servers, storage, or related equipment. What’s more is that everyone knows that workstations are just the beginning of cost and usage challenges with the addition of tablets and smartphones. So Windows Intune offers a device client and cloud portal. In a nutshell for $11 per month, Intune includes the following:

  1. Forefront Endpoint Protection anti-virus client.
  2. Security update and software distribution policy enforced anytime users are connected to the web, including those pesky Adobe and Java updates.
  3. Built-in remote assistance for end-users regardless where they are located.
  4. Mobile device PIN security and wipe capability for Windows, Android, and Apple.
  5. Hardware and software asset tracking
  6. Upgrade protection for the next Windows OS

Your gut reaction may be that the price seems high. However, just add up the cost for a new Windows OS, much less the systems for remote assistance, updating, anti-virus, asset tracking, and mobile administration. As usual, you heard it here first. Contact us about a demo or try a Windows Intune free trial for 30 days.

Windows XP BITS Pandemic

Posted on by

It’s amazing how many computers are still running Windows XP, which was released in 2001. Typically, the Microsoft product life cycle is 5 years standard support, plus another 5 years of extended support in which no major enhancements are released (10 Years total). The OS was so wildly popular that Microsoft extended the deadline, so that Windows XP Support ends in 2014. In comparison, the Mac OS X 10.0 Cheetah of 2001 was only supported through 2002 as is the standard 1 year support policy from Apple today.

In recent months, customers that utilize Windows Server Update Service to centrally managed and update workstations (something Apple also hasn’t done for Mac in the last 10 years) have begun to notice that some Windows XP machines are not getting updates. Even when you try to run Windows Update locally, you may receive an error message that contains the “0x8DDD0018” code or the “0×80246008” code when you try to download updates from the Microsoft Windows Update web site. While there seem to be various causes, it appears the OS may be so old that new policies change permissions for the Background Intelligent Transfer Service that must be running to download updates.

To fix problem Windows XP workstations, run the following locally or create a login script or group policy (does not affect Windows 7 workstations):

  1. Click Start and Run, type cmd, and then click OK.
  2. Type the following  command, and then press ENTER:
    sc sdset bits D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
  3. Then type net start  bits, and hit ENTER.
  4. Close the cmd window.

As of this writing, you have less than 18 months before XP is not supported – but at least you’ll have current updates. See http://support.microsoft.com/kb/910337 for the long version.

Firewalls and Cloud Computing

Posted on by

Cloud FirewallOne of the great things about cloud computing is that it lessens the cost and difficulty of protecting the perimeter network security with a firewall. Rules for SMTP (Simple Mail Transport Protocol) can often be eliminated, along with web publishing for corporate websites and SharePoint. Businesses can now use the power of the Internet outside of physical facilities to have web presence, messaging, data, and line-of-business applications at one or more online providers.

This shift in security impacts the type and configuration of your firewall. The 3 common issues we find with firewalls and cloud computing are:

1) Failure to eliminate unnecessary rules or holes in the perimeter and lower the attack plane of a business. Why leave the possibility open for malware to SPAM the world from your location and not disable unnecessary SMTP rules? The corollary is all protocols should not be allowed from the internal network outbound to the Internet.

2) Utilizing firewall caching is generally not recommended because in this real-time world, content continues to move and change regularly. Firewall caching should not be enabled with online services, as underlying cloud computing IP addresses may change with failover or normal service provider growth. If caching is enabled, then access to online services may be blocked and prevent users from working until the cache is cleared or disabled.

3) Inability to change or disable flood mitigation is also a common problem, that in some cases requires replacing the existing firewall solution. Since the bulk of corporate web traffic changes to numerous encrypted SSL connections to and from the same address, some firewalls may treat the traffic as an attack and intermittently block communications to online services. Before implementing cloud computing, verify if your firewall has the ability to change or disable flood mitigation. If not, you should replace the existing firewall or risk intermittent and unknown disruption to online services.

The bottom line is that as you narrow the cost and maintenance funnel of on-premise technology infrastructure, you should change your security strategy to eliminate legacy protection and provide maximum access to cloud computing services.

2012 Technology Predictions

Posted on by

2011 was another great year for technology with a continued explosion of smartphones, tablets, cloud computing, online backup, and managed services. The following are some intriguing possibilities for 2012:

  1. Apple failure in the enterprise. 2012 will be the start of a general decline for Apple. While it will be subtle and not a function of revenue, the stock price cannot remain so high. Windows and Droid offer better features and more choice at a fraction of iPhone. With no tools to manage iPads in Active Directory, Microsoft will have a distinct advantage in the enterprise for Windows 8 tablets (without the need for the problematic iTunes) at less cost, and easier to use for consumers as well. The huge gamble with digital publishing will face stiff resistance from government, Google, and Amazon.
  2. Windows will have 35% of smartphone market share, mainly because of choice of manufacturers (addition of Nokia worldwide), easier to use Metro style interface, and more productivity without third-party apps. Apple will still lead, followed closely by Droid, and then Windows. 2012 will be the swing year because of the high cost of iPhone with no foreseeable advantages in features.
  3. Windows 8 Tablet takes the enterprise. Manageability will be key with Active Directory, along with integration for on-premise and online services from Office 365 to CRM and Dynamics (all without downloading apps).
  4. SEO for everyone. You’ve been hearing the XM spots about the top 5 things all business owners should know to dominate the competition, but 2012 will mark an exponential explosion of content on the web. For those wanting to compete, the 10 page brochure site will be replaced by the average 125 page site for customers.
  5. Big data forces storage recognition and online backup use. The average small to medium-sized business will have 2-3 terabytes of data in which technology like Storage Attached Networks (SAN) must be used for quick restore from snapshots and cheap replication for off-site backup. Tapes will take days for backup and failure rate and cost will be too great.
  6. Social media rules as content marketing. Video will be a key differentiator along with learning the ins and outs of the major platforms. Don’t join the conversation. Listen to customers, monitor competitors, and broadcast useful content for visits to your site.
  7. Software as a service or cloud computing will overtake on-premise options. Whether it is Office 365 or Google Apps, that business continuity thing that everyone wants but was too complex and expensive is now in reach – not including at less cost than on-premise with no upgrade concerns and better availability and security.
  8. IT jobs are changing and many will be lost. Mamas don’t let your babies grow up in IT. That huge area of infrastructure need will be decimated by online services and everyone in the industry must bring true business skills to the table and do brain work to help your organization.
  9. Managed Services will handle the majority of most business IT needs with more knowledge and resources at less cost than training, retaining, and growing full IT staffs.
  10. Mayan Calendar will start over. Or maybe it won’t, but the world is definitely not going to end.

Cloud Computing Security

Posted on by

This is your story for October which is National Security Month. It is based upon real events, but the events are dramatized and the names have been changed to protect the innocent:

Marcus now got it, but of course it was too late. The number of attacks at the same time was astonishing. His mind was still reeling on how employees - not thieves, hackers, or competitors – could do such a thing. The problem was what could he do? There was no hard proof for a civil action, the DA was gridlocked dealing with the meth epidemic, and killing the SOBs would just land him in prison. The dagger was many lost customers thought these pirates were the bomb. Few remembered his knowledge started the relationship or that Marcus trained and managed the staff that gave them service. He also couldn’t cry foul to the press, on the Internet, or to customers because of legal exposure and he would be perceived as the bad guy.

Marcus had brought Joey up in the business from ground zero. Eagle Scout Joey had no college education, but learned fast and worked his butt off. A couple of years later, Joey convinced Marcus to hire his other Eagle  Scout pal, Nick. Same drill, except Nick was in IT. The company prospered and things seemed to be going well, until one day Joey and Nick decided they could do better than old man Marcus. The plan was simple. Joey would run off the good people and tell others the company was going bankrupt, while approaching customers with his concerns and that he was starting a similar venture. Meanwhile, Nick had full access to all files, e-mail, and backup. By the time Joey and Nick quit to start their pirate adventure, Marcus’ business had been run into the ground with some customers buying products and services from the pirates while they were still employed by Marcus. Just for spite, Nick also gave an external hard drive to a competitor to try to fully destroy Marcus.

So, Marcus decided to hire a managed services company with an emphasis in business productivity and security. They were cheaper than Nick with a full staff and their only motive was protecting the company. Marcus was shocked to learn that the external hard drive backup could be restored to any workstation with a free trial copy of the backup software. It was also an eye-opener that Nick had full access to all files and could even read his e-mail and the e-mail of the other sales people. So then Marcus took the recommendation to move to online backup and cloud computing.

The backup was encrypted and keyed to a system that only matched one vendor, even though the software was widely used. Marcus could restore any files himself and better yet, the files were not in a readable format for even the vendor staff to access. Moving critical documents online meant only Marcus was the administrator of the site and access to all files was recorded by date/time and user.  Marcus eliminated a file and mail server and all the associated software and technical services to maintain and upgrade going forward. Better yet his costs were lower and he gained business continuity, regardless of disaster or harm to the physical brick and mortar of the company. Now 5 years later, Marcus is more prosperous and taking back customers from the pirates, after being forced to change virtually all business tactics and strategy.

2011 Technology Predictions

Posted on by

2010 was a great year for technology with an explosion of smartphones, tablets, and controller-less gaming. The following are some intriguing possibilities for 2011:

  1. Cloud computing will continue to increase with Microsoft Office 365 adding 15 million users 
  2. Google Apps will add more corporate features and 9 million more users.
  3. Unified messaging will still be hot with iPhone doubling the number of units sold through Verizon.
  4. Despite the increase, Droid will have similar numbers and Windows Phone 7 a 40% increase in sales for larger tiles, faster operation, and best corporate integration.
  5. RIMM will decommission proprietary Blackberry messaging in favor of Microsoft ActiveSync to ensure survival.
  6. Virtualization of core systems will be even more the norm with Microsoft Hyperv continuing to take dominant market share to the detriment of VMWare.
  7. Usage of HTML 5 for websites will begin in earnest marking the eventual demise of Java, Flash, and Silverlight.
  8. Network security and data protection will be a key concern as both iPhone and Droid will suffer a massive virus attack.
  9. Apple will release a gaming device and Google a new gaming marketplace, but Microsoft will continue to dominate with Xbox/Live.
  10. Windows 7 x64 will be the defacto standard workstation operating system by the end of 2011.

Top 5 Network Security Myths

Posted on by

Network security has changed greatly in the last 10 years, but we still see that Sonicwall or Watchguard for a firewall, XP workstations with no Windows Firewall, and Vipre or the anti-virus of the day. The following are the most common network security myths:

1) The biggest concern is stopping the bad guys coming in. Wrong. The largest risk is employees inadvertently or maliciously causing loss of productivity, leakage of proprietary and confidential information, and non-compliance with laws or regulations.

2) Security must be layered with multi-vendor products. While it is true that the best security should be layered, using a bunch of incompatible manufacturer products just adds complexity and cost. Most Microsoft shops are unaware that the Microsoft Forefront suite provides better protection at less cost and complexity.

3) Open culture doesn’t allow for controls. While some environments are too limiting, little or no administrative workstation access is a must and at the very least web filtering should block pornography and tasteless or offensive sites to avoid costly hostile worker suits.

4) Hardware firewalls are the preferred. Maybe 15-20 years ago. Software runs on faster equipment, can scan for malware before it hits the desktop, costs less, has fewer vulnerabilities, and must be replaced less often than a 3 year Sonicwall.

5) Windows firewall and User Access Control should be off. The firewall should be on for workstations and servers, along with the UAC. It’s fine to disable these functions for testing, but the encapsulation and user initiated direction stop prying and prevent malware access.

Social Integration

Posted on by

Social media is here to stay and every business must address security, reputation, and marketing. A management stance and strategy must be defined for each area. The bottom line is that many businesses will either adapt to changing business culture or parish. 

Over the years, the largest productivity loss on the Internet has changed from pornography to shopping and now social media. If you’re not filtering and tracking e-mail and web browsing, then viruses, phishing, and leakage of confidential information will result in significant business loss. It makes no sense to set a policy without a way to enforce it. Remote monitoring and network security are more sophisticated and cost-effective than ever. While you may choose to block Facebook and Ebay, Twitter and LinkedIn will likely be necessary business tools.

Since the line between personal and business life continues to blur, it is a personal and business responsibility to monitor reputation. Whether it is Google Alerts or TweetDeck or a paid service, you should monitor: business name, keyword phrases, employees, and competitor names.

Social media should be a part of your marketing, sales, and business conversion. Define goals, tactics for a campaign, and simple measurements for success. Whether you are trying to track and increase website traffic or improve customer relationship management, the trend is shorter and more frequent and meaningful content. Those that provide something useful for free or solve common problems seem to draw the most interest. Avoid adding to the noise and simply tweeting famous quotes or blogging mundane definitions.

Finally, social integration in business is about new approaches and innovation. Those who continue to cling to archaic thinking and repeating tired processes will be pushed aside by forward-thinking incumbents or a slew of new market players. Are you embracing cloud computing and online backup or the costly upgrade/failure/maintenance legacy treadmill with on-premise systems and tape? Does your sales team spam the market with ineffective e-mail and voice mail or connect with LinkedIn and Twitter?  Winners now and in the future will have lower cost, faster communication, and a more relevant message.