BusinessContinuity_0.jpg

NetConnect Blog - Your Resource For IT Tips, Tricks and News

Why 3CX Phone System with Ubiquiti Infrastructure?

Posted by Jeremy Hostrup on Mar 17, 2016 10:00:00 AM

Recently, we’ve started selling a new line of products to try to expand our services offering to benefit our customers. I had the opportunity to look into and test a number of products and we made the decision to go with 3CX phone system, Ubiquiti switches and firewalls to provide a very cost effective, functional environment for (generally) smaller businesses. I’d like to take this opportunity to discuss each of those providers and how they work together.

picture1.jpg3CX provides a lot of features for a comparatively small cost. The high level features that I’ll discuss in more details are:

  • Easy Admin and Install
  • Android and IOS Clients
  • Windows and Mac Softphones
  • Unified Communications
  • Web Conferencing

The administrative web page for 3CX is very simple and intuitive to use. 3CX runs on a windows server easing management as well. One of the nicest features I’ve seen is that when I provision a user, the system automatically generates a welcome email with the installation instructions for the soft clients as well as the provisioning file. The windows client has a professional appearance and provides instant messaging and presence information, directory information, voicemails, and many other features.

Another feature that is provided with the system is web conferencing using WebRTC. Essentially, WebRTC allows you to have video conferencing without installing anything. With a couple clicks, you can have a video web conference using Google Chrome and have people join from almost any computer with an Internet connection, Android phone, and iOS phone (apps required for mobile). These web conferences give you the ability to share your screen, and provide remote support by allowing you to control another’s computer if you are given permission.

picture2.jpg3CX licensing is also a very simple model. Essentially, you pay for the number of simultaneous calls that you’re going to have. All that information is provided on their web page: www.3cx.com.

Ubiquiti Unifi switches and firewalls provide a very nice infrastructure for small businesses. Ubiquiti has done a very nice job with software defined networking with this product line at a very reasonable cost. They offer firewalls, POE switches, and access points. The configuration for the devices is all via the Unifi controller and that also provides statistics for the devices. Shown is a screen shot of the initial dashboard. More information about their Unifi products can be found here: https://www.ubnt.com/enterprise/.

For more information on how 3CX phone systems along with Ubiquiti switches and firewalls can benefit your business, contact the knowledgable team at Network Center, Inc. by following the link below. 

ContactUsButton.jpg

 

Topics: Firewall, 3CX Phone System, Ubiquiti Switches

Getting Granular with Security Policies and Procedures

Posted by Jeff Bolstad on Nov 1, 2013 5:28:00 PM

Secure NetworkIn our previous post, Tyler gave a great overview of different aspects of IT Security, and mentioned a top-down approach. Let’s look at IT Security as starting at the broadest point, security implementations that have a single point but affect the entire network. Then moving to devices and practices that affect the entire organization but have multiple points of implementation. And finally narrowing it down further to items that affect specific items, whether it is a unique group within the company, or specialized hardware and software.

A great place to start when reducing a network’s vulnerability is securing it against outside threats. There are a multitude of options that add a layer of protection. These options include hardware appliances such as firewalls, intrusion prevention systems, mail filters, and web filters. Some options can also be offered as part of a cloud-based solution. This is especially true of the last two items listed, but this also entails relinquishing a certain amount of control over these systems.

Moving down the list of possible security measures, there are a number of options that can be implemented and managed from a single point, but have multiple points of failure. Included in this group are more familiar methods like anti-virus and anti-malware products, user training, and application and operating system patches. I say multiple points of failure because protection can fail based on the individuals or machines. Anti-virus is one of the most common options mentioned when it comes to protecting a network, but it cannot protect a network alone. Proper configuration can go a long way in mitigating damage.

Network SecurityAn increasingly prevalent area of security concern is managing mobile devices. This becomes especially true as more users are allowed to bring personal devices into the workplace. This introduces concerns of lost or stolen devices, company data being exposed over an unsecured network, ownership of information, whose responsibility it is to support those devices, and separation of home/work functions on these devices. End user device policies help address a number of these issues, and services such as MAAS 360 allows for greater control and security over both corporate devices and those provided by the end user. Another option for mobile devices, predominantly laptops and tablets, are VPN connections back to the corporate network. These machines can also benefit from measures such as whole disk encryption and TPM.  These are all great possibilities for improving security, but are ineffective if employees don’t take the proper precautions as well.

Employees can make or break security as easily as anything. Proper training will mitigate a vast amount of problems you can encounter, provided employees adhere to the new policies. This includes proper procedures for securing unattended devices, procedures for reporting lost/stolen devices, and acceptable use of company resources. Having to spend five minutes talking to a user about an email attachment they’re unsure of beats two hours of cleaning up an infected machine, or worse an infected server.

Luckily, through the use of administrator defined policies, choices can be taken out of the hands of end users, preventing files in certain locations or with certain extensions from being executed, limiting access to potentially damaging websites, and limiting access to company data, among other options.

Network SecurityRemaining security measures should fall solely to IT ideally. These include user account security, server and application hardening and patching, and keeping third party applications properly patched. This can be achieved on a machine by machine basis or through the use of products such as WSUS and Shavlik.  Additionally, once these policies are in place, regular monitoring and review of polices should take place.

You can of course drill down into more and more specific security measures, but this must be balanced against the resources needed to implement them. Not all of these options are feasible for all organizations, but through identifying those with the greatest benefits, security can be vastly improved for a corporate environment. A regular review of your security measures will allow your security to evolve as the threats faced do.

If you have any questions about network security, please contact NetWork Center, Inc.

Contact NetWork Center, Inc. 

Topics: Technology Solutions, Security, Protection, Security Technologies, Firewall

Getting Serious About IT Security

Posted by Tyler Voegele on Oct 25, 2013 5:15:00 PM

We can all agree that the Internet, PCs, mobile devices, servers, and other equipment are essential to everyday business, and without them we would not be able to complete our work. Also, everyone knows by now the impact and multitude of viruses, malware infections, and even hackers that can affect our businesses. It's no secret to how much money can be spent on these problems to try to properly resolve them, so why don't we give it as much attention as any other area? We need to be more proactive in our view towards security. More often than not, the only time we think about security is when it is already too late.

Let’s take a look at some statistics to make more sense of how breaches are effected today:

IT SecurityIT SecurityIT Securityhttp://www.verizonenterprise.com/DBIR/2013/

What are your biggest concerns with IT security? Preventing data loss? Preventing outages? Keeping security up-to-date? To better understand you have to determine where your valued assets lie or maybe you want to focus more on certain parts of your business structure. I like to think of security in three seperate layers. It may be an oversimplification, but it's easier to understand where you should focus time and energy when starting to get serious about security. One of the first road blocks many people come to find when beginning to secure the entirety of their network is where extactly to start.

1. External Network/Edge Devices
2. Core Network/Server Structure
3. Endpoint Devices/BYOD 

As I mentioned, this is a very broad view into your network, and at some point we have to look at cost of dealing with security breaches and spending money to be more secure. Let’s say you want to go with the top-down approach. It is a more comprehensive strategy towards IT security and is definetly not the only way it can be done. I’ve outlined some key steps that I think are very important and the components that are involved in each step.

1.       Create Security Policies and Procedures

This is by far one of the most important and hardest steps you will do. You should create an overall security policy document, BYOD security policy, and determine an action plan for an overall security audit, and also establish a risk management framework and determine the level of risk the business is willing to tolerate. After developing these policies you have to train the staff to adhere to them. Training staff is equally as important as sticking to a training schedule.These documents should always be continuously updated to make sure you can adapt to future security needs. After completeing documenation and an action plan you’ll be better equiped at knowing where to spend time, focus resources, and tackle the big projects. Preparation and adaptiveness are the keys to security success.

2.       Inventory Equipment and Data

Finding old, outdated, or decommissioned equipment and replacing or removing it is important to keeping vulnerability out of the business. Eleminating unnecessary or old data, starting to keep track of what you have, and whether or not it is secure is important to keeping data loss to a minimum. Creating an inventory of what equipment is in the network and asset tagging equipment helps logging and maintentence which is the last step.

3.       Fix Secuirty Holes and Update Equipement

Run tests to see where the security flaws in your network are. Having external auditors run tests both internally and externally is a good idea. Updating software, firmware, operating systems, and antivirus are usually a top priority. Applying security patches when needed and creating secure configurations throughout the network is also important. Create a maintenance window for all equipment and devices you've done, getting up to date. Protect your network against external and internal attacks. Manage the network perimeter of devices at all locations. Create filters for unwanted access both internally and externally.

 4.       Harden Network Security

You’ve probably already documented the policies for most of this step. They may include locking down the operating system and software you run. Creating Group Policies for workstations, servers, and users might also be part of  your policies and is also important. Locking down firewalls and other network equipment is probably one of the most important steps to hardening your security. Why? At least 92% of attacks originate from the external facing part of your network. Put in place policies to disable features that allow users to either remove, disable, or inhibit the functions of a firewall and virus protection suite. Managing user privileges, management processes, and limiting the number of privileged accounts is important. Preventing data loss by creating secure backups is a must to save you in case of critical failures.

 5.       Protecting Mobile Users and Endpoint Devices

Securing users that authenticate from the external world is a must. PCs and other media used to access internal resources need to be as secure as the servers themselves. Manage risks related to the use, processing, storage, and transmission of information or data. Data needs to be kept safe and made sure it is not lost or stolen. Apply a security baseline to all devices. Protect the data in transit as well as outside the network. Those who log into the business through mobile means must have guidelines and restrictions in place to prevent any possible data loss.

 6.       Stabilize and Monitor

Establishing a monitoring strategy is important to maintain support of the policies you’ve created and preventing further exploits that could arise. Continuously monitor the network and analyze logs for unusual activity that could indicate an attack. This is were having an IDS or IPS helps immensly. Without de-emphasizing prevention, focus on better and faster detection through a mix of people, processes, and technology. Tentatively monitoring users can be the difference between pinpointing malicious intent whether intentional or unintentional. Further educate the users of the business to keep policies in check and to make sure they are understood.

IT Security
There is no way to absolutely prevent everything from happening. We can only strengthen our ability to try and detect, prevent, and fix threats that can slip through our defenses. Attackers don’t rely on a single tactic to breach your defenses and neither should you. Remember, there is no “one-size fits all” strategy and many of the things I am suggesting are a great start to a security plan you can implement.

Keep an eye out for the next security blog posts defining more detailed approaches to the top-down approach I explained in this post.

Questions? Comments? We’d love to hear from you! Leave a comment or email us with your questions and we will gladly respond!

 Contact NetWork Center, Inc.

Topics: Technology Solutions, NetWork Center Inc., Email Security, Network Security, Data Backup, Security, Security Technologies, Firewall

Better Endpoint Protection: Hardware Firewall Security

Posted by Tyler Voegele on Aug 26, 2013 11:15:00 AM

Every business needs a firewall or some form of protection from external threats. Firewalls can protect from external, malicious users, network infections, and packet flooding attacks from reaching the internal resources of your network. They can also prevent your users from connecting to things that may harm the network.

With all kinds of hardware security technology out there, it can be a little challenging to choose which device is right for you. When thinking about upgrading or strengthening your security at the Internet facing part of your network, there are several things to take into consideration.

Firewall TypesSecurity Technologies

There are three types of firewalls: stateless packet filtering, stateful packet filtering, and application-layer firewalls. Each of these provides filtering at different levels within a network. Packet filtering firewalls allow only packets to pass, which are allowed as per your firewall policy. Every packet has information contained inside, such as its source, destination, port ranges, etc. Each packet passing through is inspected and the firewall then decides to pass it or not. The packet filtering can be divided into two parts: stateless and stateful.

Stateless:

If the information about the passing packets is not remembered by the firewall, then this type of filtering is called stateless packet filtering. Every packet that passes through this type of firewall is handled on an individual basis by the set of rules that were set up manually. Previously forwarded packets belonging to a connection have no bearing on the filter’s decision to forward or drop the packet.

Stateful:

If the firewall remembers the information about the previously passed packets, then that type of filtering is stateful packet filtering. The packet filtering firewalls inspect these TCP or UDP packet streams to allow or deny them. Stateful packet filtering firewalls also monitor the state of a connection and gather the information about it. With this intelligence, the firewall can not only make decisions based on the defined rules but also make decisions from prior packets that have passed through it.


Application-Layer

Application-layer firewalls, or proxy-firewalls, do not just look at the packet data; they also look at the actual data that is being transported between the application-layer. They know how certain protocols work, such as HTTP and FTP.  Since they are application-aware and inspect the contents of the traffic, you are able to block specific content such as websites, viruses, or software. They can then look to see if the data that is in the packet is valid for specific protocols, and if it is not, it can be dropped.


Other ConsiderationsSecurity Technologies

The first thing to ask yourself when you are deciding on a firewall is what are you are trying to accomplish. Whether you want a firewall that handles stateful-packet inspection, or a firewall with extra features such as IDS and IPS built in, there are options for them all. You will want to clearly identify what is important to you and figure out where the bulk of your security needs lie. With so many different options for firewall technologies, there are also a lot of features to think about. Below are just a few features that are worth considering:

  • Monitoring and Reporting

  • Spam Filtering

  • High Availability

  • URL Screening

  • Anti-Virus

  • Bandwidth Sizing

  • Layered Security

  • Remote Connections

  • Physical Interfaces

  • Intrusion Detection

  • Intrusion Prevention

  • Web Caching

When you compare the costs of different firewalls, you also need to take into account any of the extra costs associated with the features that you will want to implement. If you choose a firewall with specific features and capabilities, there can sometimes be an extra fee in licensing.

If you're in the market for a new firewall, take some time to identify the needs you are looking for. Firewalls are still one of the best ways to protect yourself from any threats to your network, and with so many options you can do almost anything. If you have any questions or want to know more about firewall security, please contact NetWork Center, Inc. 

Contact NetWork Center, Inc.

Topics: NetWork Center Inc., Network Security, Security, Protection, Security Technologies, Firewall, Filtering

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all