BusinessContinuity_0.jpg

NetConnect Blog - Your Resource For IT Tips, Tricks and News

Reviewing the Impact of the SSLv3 POODLE Vulnerability

Posted by Joe Dunnigan on Oct 24, 2014 4:55:00 PM

PoodleFlaw_SQ-300x300Attack of the POODLE
Last week, a new high profile web vulnerability was disclosed, dubbed 'POODLE' (Padding Oracle On Downgraded Legacy Encryption). This vulnerability received much press, partly due to the fact that a number of other vulnerabilities have hit the news recently (Heartbleed and Shellshock in particular).

The POODLE vulnerability deals with attacks that downgrade the level of encryption and security in an https connection between a web browser and server, forcing the communication to use the old and less secure SSLv3 protocol over newer implementations like TLS 1.0-1.2.

SSLv3 has been around for nearly 15 years, and has outlived its usefulness. However, most systems have kept it enabled so that legacy systems can still function. At one time, this was the highest protocol that web browsers supported for secure communications, but TLS has been available for many years now. IE6 is the only browser with any notable market share that requires SSLv3 in order to establish secure connections. Any recent versions of IE, Chrome, Firefox, Safari, etc. will support TLS.

Sniffer-2-01So, what does this mean for us?
Upon reporting the vulnerability, it was recommended that systems be configured to not offer SSLv3 for secure connections. This includes web servers, application servers and appliances, and web browsers, among many other devices. If a user tries to connect to a secure service via SSLv3 and this support has been turned off, they will not be able to use the service any longer. The recommended approach is to ensure that recent versions of web browsers and other client software are as up to date as possible.

The greatest risk to allowing SSLv3 in communications is the possibility of a man-in-the-middle attack, where an attacker could listen in on the secure https communications and crack the encryption to expose sensitive information (passwords, banking information, etc.). By disabling SSLv3, this threat is successfully mitigated. 

In fact, disabling SSLv3 has been a topic of discussion prior to this discovery, as weaknesses in the protocol have been known for some time. However, the risk associated was not deemed worth the trouble of potentially shutting out users who were using older web browsers or application clients. With the POODLE vulnerability disclosed, it was determined that the risk to information disclosure is too great, and moving forward with disabling the protocol will be necessary. With IE6 usage falling below 0.1% in most of the world, the impact should be significantly lower than in previous years.

What should I do now?
As with all vulnerabilities, it is important to determine exposure and take action to remediate the issue as quickly as possible. By keeping software and systems up to date with security patches and new software versions, we can help to curb the possibility of serious attacks and information exposure.​

To find out if you are vulnerable, contact us at NetWork Center, Inc. for more information.

Topics: Network Security, Security, Protection, IT Consulting

Your Information, Their Cloud

Posted by Tyler Voegele on Sep 18, 2014 3:30:00 PM

CloudServerBy now, you've probably heard a lot about the cloud and how most of our private data is soon going to be stored there. Be forewarned, 'the cloud' will be used many times in the following article. If you aren't sure what 'the cloud' is yet exactly let me explain it to you simply. When we talk about 'the cloud' it really is just a collection of servers that store data somewhere that is not residing in your physical location. That's it. Nothing fancy floating up there in the sky, other than actual real clouds. The number of people entering information into the cloud increases each year by a fascinating amount. Everything we do might soon be stored in servers around the US or even other parts of the world. Some of our mobile devices already automatically sync our data to cloud services such as Apple's iCloud. Our PCs and documents are now also making the move to cloud services and why wouldn't they? It is an easy, no-hassle way to store our information safely and securely, or so we think.   

We trust our personal and work data completely with companies providing these cloud solutions, but just how secure are these companies keeping our personal information? You've most likely heard of numerous security breaches with multiple companies which almost seems like a common occurrence. Data privacy legislation proceeds in a tempo that is unable to keep up with the speed of our technological process. You'll find it hard to get any universal rules or laws that could be applicable to any cloud services legally binding companies to uphold standards to protect us. So, what must we accept if we are going to store our data in the cloud?   

password security1. Passwords can be hacked. This isn't something new that you've probably heard. Security professionals have long been shaking their proverbial finger at us for a long time. People who want to obtain our information will use a dictionary and brute force attacks to hack our passwords. You will have to think of a strong password that can easily beat these attacks but also keep you sane from having to remember a 25 character mess. (More on this below.)  

2. Data can be captured en route. Fortunately, most cloud services encrypt data while it's going to and from their site, making it impossible to read even if someone were to obtain the files while in transit. Still, if you are using a cloud service in the web, make sure that you have "https" instead of "http" in front of the URL in your browsers address bar. Secure HTTP or HTTPS ensures you that the site you are currently using should be sending files...you guessed it, securely.  

3. Data breaches can happen. The data breach at Target, resulting in the loss of personal and credit card information of up to 110 million individuals, was a recent theft that took place during the normal processing and storage of data. People can sometimes get access to data, and what we store in the cloud is susceptible to whatever security practices companies currently have in place.  

4. Data loss can also happen. A data breach is the result of a malicious and probably intrusive action, and data loss may occur when disk drives die without the company having created a backup or having reliable redundancy. Small amounts of data were lost for some Amazon Web Service customers who suffered "a re-mirroring storm" due to human operator error in April 2011, showing that data loss could occur un-intentionally or intentionally in the event of a malicious attack.  

5. Denial of Services can stop you from obtaining your data. The assault by hundreds of thousands or millions of automated requests for service has to be detected and screened out before it ties up operations, but attackers have improvised increasingly sophisticated and distributed ways of conducting the assault, making it harder to detect which parts of the incoming traffic are the bad traffic versus legitimate users. This leaves you without access to your data and sometimes they shut down the service for an unknown amount of time to fix the problem.  

6. There could be malicious insiders. With the Edward Snowden case and NSA revelations in the headlines, malicious insiders might seem to be a common threat. If one exists inside a large cloud organization, the hazards are magnified. We must rely on the company to have practices in place to protect us, or have encrypted data to protect us from theft.    


We can break these problems down into 3 simple questions. Is my data securely stored? Is my data safe from outside intruders/attacks, and also protected from other tenants in the cloud service? Is my data protected from the cloud provider themselves or government officials trying to collect corporate server data? These are very important questions to ask our providers. The real question is, how can we protect ourselves from what almost seems like an inevitable breach in our personal data we store in the cloud?  

1. Read up about where you are storing your information. Every cloud provider has different guidelines and security about how they store your data. You wouldn't want your important or sensitive data stored in someone’s garage server would you?  They should even state whether or not they comply with government gathering data. Most big companies are cracking down on security measures and offer many ways to protect you such as two-factor authentication. I always recommend the extra step in enabling two-factor authentication. It may seem like a hassle, but if security is important to you then this step is a must.  

2. You need to get serious about passwords. Yes, yes, you've heard it one thousand-trillion-infinity times, but it's still a problem! The reason people lose sensitive and important data is almost always related in some way with weak passwords. Even worse, many people use the same password for multiple accounts making them even more vulnerable with cloud services. My favorite XKCD comic shows us how we've been creating our passwords all wrong. Creating a long password such as "correcthorsebatterystaple" is very easy to remember, but for a PC to guess it is very difficult. Obviously, simplicity is what we are going for, (Which is why most of us use the same "strong" password for many accounts.) so try to correlate your passwords with your service. You want to create a password in Google Drive cloud storage for your accounting documents? What about, "storagedocumentsaccountingworkgoogle." See? Easy as pie.

comic photo

3. Encrypt your data before sending it to the cloud. Encryption is, so far, the best way we can protect our data. Encrypting our data before we send it to our cloud storage is often the safest solution in many of the cases we made above. This way if someone was to obtain the data they would not be able to read the contents.  

4. Use an encrypted cloud service. This may not always be an option and there isn't many options as of late. The cloud provider in some way should provide local encryption and decryption of your files in addition to storing and backing them up. This means that the service takes care of both encrypting files on your computer and storing them safely in their cloud infrastructure. This way not only would intruders not have access to data, but also neither would the service providers or administrators.  

The bottom line is we need to think about where we are storing our data and how comfortable we are with storing it in sometimes less than reputable places. Whether we like it or not data is slowly migrating to cloud infrastructure in many businesses, but we also have a choice to choose what we do to protect ourselves and our data.   

Are you a candidate for cloud services? Are you currently using cloud services? How safe is your data? Contact NetWork Center, Inc. to talk to one of our engineers about your cloud services.

Contact Us Today!

Topics: NetWork Center Inc., Data Backup, Protection, Cloud computing, Security Technologies, IT Consulting

Securing Your Website with SSL

Posted by Joe Dunnigan on Sep 12, 2014 3:15:00 PM

SSL CertificatesWith the ever-increasing risk of privacy concerns and data breaches, it is important to know what steps can be taken to mitigate these risks. One area that can be addressed to increase security and decrease exposure to attacks is securing a website with SSL. This not only will this strengthen and encrypt communications between the user and the site they are visiting, but it will also increase visibility of the website, and show users that their actions on the site will remain private and secure.

Traditionally, a website would employ SSL (https) security only in areas of the site where the potential for sensitive user information was being transferred. This may include user login forms, shopping carts and checkout, or application forms that include sensitive information such as a social security number. Increasingly today we are finding that organizations recommend and sometimes require that SSL be present on the entire website to ensure that all communications between the client and the website are secured. If you are responsible for a small to mid-sized bank, you may have already received information from your security auditors recommending site-wide SSL be employed on your website. Even if all of your online banking processes are handled by a third party and not run directly through your website, you should still expect to see this recommendation show up on your next audit.

Another area that is seeing the increased need for SSL security on websites is the widespread availability and ease of use of content management systems such as Drupal and Wordpress (http://info.netcenter.net/Blog/bid/335313/Why-CMS-is-Important-for-Your-Business). These systems provide an easy-to-use backend for managing your website content and configuration. Typically you access the CMS by going to a login page on your website, entering your credentials, which then grants access to administration areas and content editing features. When logging in or performing content changes, having the communications between your web browser and the website backend encrypted helps ensure that your website stays safe from unauthorized access.

secure websiteUpgrading your site to use Always-On SSL is not a difficult process, but may involve additional costs and considerations. SSL certificates must be purchased, typically on a 1-3 year basis, and can expire if they are not renewed. Also, you may have to upgrade your website hosting plan, depending on what plan you currently have. Most providers should be able to assist with this transition and keep your site going while the upgrade happens.

Always-On SSL not only offers security benefits and the added sense of security for your users, but may also help your search rank. Recently, Google announced that they are giving an SEO rank boost to sites secured with HTTPS everywhere or Always-On SSL (AOSSL) (https://blog.digicert.com/google-gives-ssl-secured-sites-search-ranking-boost/). When Google crawls your site and sees that all pages are encrypted with HTTPS, your search rank is automatically increased. This has the potential to move your site up in search results, increasing exposure to potential customers. Right now this is a lightweight signal, but over time it will continue to be more important for ranking search results.

If you've considered adding SSL to your site in the past, or are currently using SSL for only certain areas on your site, there are more reasons now to consider adding Always-On SSL. You'll give your customers an added sense of security, and might even drive more traffic with better search rank. Contact NetWork Center, Inc. to find out how to secure your website using SSL security.

Contact Us Today! 

Topics: Technology Solutions, NetWork Center Inc., Security, Protection, Security Technologies, IT Solutions

Network Health: Do You Know if Your Network is Healthy?

Posted by Kyle Riveland on Sep 3, 2014 3:30:00 PM

emergency symbolWe all know computers and servers can catch infections, and most of us are well prepared to combat them. But, do you have insight into the core hardware and software health of not only your servers, but your switches, firewalls, SANs, etc.? While a common email virus is much like a head cold, an unhealthy SAN would be a more severe affliction that typically requires a few days in a hospital. An unhealthy SAN (or any other device) is largely a completely avoidable situation through preventative maintenance.   

Most people check in with doctors to get help with preventative maintenance of their personal health, so what can you do to gain insight on your network health? Fortunately, there are many options to prevent infection. Among them are:  

  • Gain insight into the health of your servers through monitoring logs and spot checking hardware

  • Monitor logs on your networking equipment, keep software levels up to their latest version

  • Ensure important core system hardware, such as SANs, are up-to-date and have no error conditions

  • Replace aging hardware periodically, as older hardware may be holding back the potential of your network

maintenanceThat seems like a lot of work for someone to do regularly! Fear not, much like doctors have a battery of tests to find ailments, there are many devices and software solutions available to help diagnose early warnings of degrading network health.   

Applications such as PRTG, IBM’s Tivoli Network Manager, ManageEngine’s software suite, Cacti, and myriad others can help you gather network metrics and provide alerting for issues on devices like switches, firewalls, or anything else that has an IP address. Some of these applications can even give you a history of the device with just a few clicks. If the device has SNMP (Simple Network Management Protocol), you can usually gather a multitude of metrics from it.  

Logs upon logs upon more logs. How can one keep up? Even the task of regularly monitoring a single server is daunting. Applications from companies such as ManageEngine, GFI, IPSwitch (What’s Up Gold), and others can gather all the logs for you in one tidy central location. Most of these programs give reporting and alerting so you can immediately attend to issues that arise and prevent them from getting worse. Many of the blue screens that happen in a Windows OS have early indicators before it actually happens. This type of software can help prevent the dreaded ‘Blue Screen of Death’ and avoid costly downtime.   

For other more specific items in your network, vendor software also available and can be sometimes just as good as 3rd party programs. As long as the software has alerting, it should be good enough to give you the tools necessary to combat network health issues as they arise.

Now that you have an idea of what is available, what’s next? Even after you choose these solutions, it is important to configure the software correctly. These tools are not going to be very useful if they only cover parts of your network (or worse, misconfigured). These situations would give you a false sense of security which could be very dangerous.  

Please talk to any of our sales staff or techs, and we can give you additional information or answer any questions you may have.

Contact Us Today!

Topics: NetWork Center Inc., Security, Protection, IT Consulting, IT Solutions

Privacy in the Digital Age

Posted by Jeff Bolstad on Jul 11, 2014 4:00:00 PM

Camera Cell Phone Privacy resized 600The Supreme Court recently ruled on some very divisive cases. Disregarding split decisions and personal opinions, the court did manage a unanimous decision very relevant to all of us. On June 26, Riley v. California, also affecting U.S. v. Wurie, received a 9-0 decision determining that police could not search the contents of a cell phone without a warrant. That in itself may come as a relief, but the reasons for the ruling provide more insight and range far greater than whether your cell phone can implicate you without probable cause.

The reasons in Justice Roberts’ opinion for ruling the way the court did boils down to the fact that your phone (and by extension other mobile devices, including laptops, tablets, flash drivers, etc.) can carry volume of intrusive data far greater than what you could find by searching someone’s other possessions. Not only do they rule that the amount of data that these “digital containers” can hold vastly outstrips what would normally be in a person’s physical possession, but it often serves as a central repository for so many different sources (I have more than a dozen separate accounts linked to my phone at the moment for example) that accessing it without permission would be too big of a violation of individual rights (lower courts have already ruled that data not specifically targeted by a warrant cannot be held and any copies law enforcement gathers must be destroyed). The court explained that a search of a single digital device could potentially expose more private data to officials than the most exhaustive search of a house or similar physical location.

So while this obviously has an immediate effect on how personal electronics can be treated, it also provides a glimpse into how access to digital information will be treated from a legal standpoint going forward. This has implications not just for phones, tablets, and laptops, but home PCs, servers, network storage, and cloud storage. Cloud storage is probably the most interesting in terms of separate individuals and companies being stored on the same physical media, and determining ownership of equipment versus data stored on that equipment.

smart phone appsUltimately, it would appear that with this ruling the Supreme Court is trying to adapt the Fourth Amendment for the digital age. More and more frequently, people rely on their mobile devices to organize their lives and store their personal information, and increasingly turn to digital methods to handle day to day activities. This judgment acknowledges that fact and tries to ensure that law enforcement cannot operate outside the bounds of the laws set forth. It can also effect existing methods of how data is gathered and parsed (the biggest instance that comes to mind being the NSA’s data gathering and how they use that data). It also should be an opportunity for businesses to review how they handle private information and what is considered outside the scope of their monitoring. Mobile device management and security policies afford a great range of control over end user’s devices. This also raises the question about how invasive these security policies should be, and at what point should data from end users and data from the company be separated. Some companies work around this issue with company provided devices, but BYOD continues to be prevalent, and an increasing digital business model will raise more questions about privacy as we move forward. Hopefully not just in the United States but worldwide, companies and governments can judiciously use data as they need without becoming too invasive or sacrificing people’s privacy without valid reason.

Topics: Security, Protection

Heartbleed: Do We Still Need to Worry?

Posted by Tyler Voegele on Jul 2, 2014 4:00:00 PM

Heartbleed.svg resized 600It's been a little over two months since the security vulnerability Heartbleed was announced and a fix was provided. The Heartbleed flaw, which allows attackers to extract information from the memory of the servers that run versions 1.0.1 through 1.0.1f OpenSSL allows attackers to gain passwords and other information from strings of text taken from the memory leaks.

Have you audited yourself or the sites you frequent? According to a recent study the OpenSSL bug Heartbleed was discovered on more than 300,000 servers that remained vulnerable. In April that number was around 600,000. Nearly dropping half in the past few months is great, but nowhere near completely patched and it's only getting worse. Patched servers are slowing to a snail’s pace. Since the time between last month and this month it has only gone down by around 9,000 servers.

It seems that patching is going to almost halt altogether. What does this mean for you and the security of some SSL servers? SSL is the fundamental secured communication that most websites rely on. If you still haven't updated to protect yourself against the vulnerability then you are still vulnerable to someone gaining your sensitive information such as username, password, or encryption keys.

An updated list of the most recognizable and popular websites was created shortly after the release in patches for the vulnerability that are now not affected by the Heartbleed OpenSSL encryption bug. Below are a few of the entries most notable:

heartbleed virus- Google.com is not vulnerable to Heartbleed.

- Chase.com is not vulnerable to Heartbleed.

- BankofAmerica.com is not vulnerable to Heartbleed.

- WellsFargo.com is not vulnerable to Heartbleed.

- Facebook.com is not vulnerable to Heartbleed.

- YouTube.com is not vulnerable to Heartbleed.

- Wikipedia.org is not vulnerable to Heartbleed.

- Twitter.com is not vulnerable to Heartbleed.

- Amazon.com is not vulnerable to Heartbleed.

- Linkedin.com does not use SSL.

- eBay.com does not use SSL.

- Bing.com does not use SSL.

- Pinterest.com is not vulnerable to Heartbleed

- Ask.com does not use SSL.

- Msn.com does not use SSL.

- Instagram.com is not vulnerable to Heartbleed.

- Tumblr.com is not vulnerable to Heartbleed.

- Microsoft.com does not use SSL.

- Paypal.com is not vulnerable to Heartbleed.

- Imbd.com is not vulnerable to Heartbleed.

- Apple.com does not use SSL.

- CNN.com does not use SSL.

- Craigslist.org is not vulnerable to Heartbleed.

- Reddit.com is not vulnerable to Heartbleed.

- Netflix.com does not use SSL.

- Adobe.com is not vulnerable to Heartbleed.

- Dropbox.com is not vulnerable to Heartbleed.

- Mozilla.org is not vulnerable to Heartbleed.

- Pandora.com is not vulnerable to Heartbleed.

So what's next? Since the announcements of vulnerabilities like Heartbleed, Apple's SSL bug GoToFail, and many more, how can we predict what's next? Well, there really is no easy way other than preparing ourselves for the worst. Vulnerabilities like Heartbleed should heighten our sense of security and the need to be aware of it in our environments. As bad as Heartbleed was, and still is since countless of thousands of websites remain unpatched, it actually marked an improvement in what we consider a critical security hole. Make sure your organization has a plan to patch defects and prevent possible attacks that could compromise your servers. With Heartbleed fresh in our minds it’s the best time to take a look at what the best ways to stay secure are. 

If you'd like help on planning, implementing, and creating security policies contact our specialists at Network Center, Inc. today!

Contact Us Today! 

Topics: Technology Solutions, Network Security, Security, Protection

Luck, Lifecycle Management, & Technology Debt

Posted by Jon Ryan on Jun 6, 2014 4:28:00 PM

Many companies underestimate the impact and cost a system failure would have on their business. Your IT Infrastructure in many cases is a silent hero that just churns away in its own room, out of sight and out of mind. But when it goes down, the impact can be unimaginable.  The easiest way to test this is to imagine what turning off one of your servers would do to your company’s productivity. How much would that cost you per hour, per person? The fact that it hasn’t happened to your business can give you a false sense of security, but you have to be careful not to confuse luck with technology reliability. Let’s take a look at how some companies mismanage their infrastructure lifecycle and end up with a large technology debt.  recycle keyboard resized 600

Lifecycle Management

Lifecycle management is interpreted differently from company to company. Unfortunately, it is more common for a business to invest time and budget into other aspects of their company rather than their IT Infrastructure. Getting on a lifecycle management schedule will help you make sound purchases and keep your infrastructure up to date and reliable.  

retired computer1 resized 600Antiquated Gear

“We have all of this gear and it is still running fine.” Many companies use the warranty of products to manage the lifecycle of their infrastructure. It may shock you to know that the common product warranty is 3 -5 years, usually with a 2 year extension. Best case scenario you are looking at the total lifecycle of hardware at 7 years. By law, manufacturers are required to provide replacement parts for their products for 7 years. After that time, you are left to finding old stock or used parts through web storefronts. Let’s think about it for a minute. What really drives lifecycle management? Hardware reliability, repair costs, warranty, and budget are all determining factors. But let’s talk about one of the other driving factors that is maybe not so well known.  

Business Process

Hardware and software limitation can have a negative impact on how you operate your business. Are you missing out on newer technology because you are still using a 32 bit server? Do you turn down technology advancements because your network won’t be able to handle the increased traffic? Your overall company business process can suffer from antiquated hardware and software, leaving your processes and efficiencies stuck on technology from the past.  

Technology Debt

With the retirement of Server 2003, more and more companies are finding out they have a technology debt. For years they’ve relied on old gear to do the core processing of their everyday business. Server operating systems took a big leap with the original release of Server 2003. Businesses implemented it and relied on it for many years. The problem is there were restrictions that we didn’t even know about at the time. Now with its retirement, businesses are caught having to replace it whether they budgeted for it or not. Many companies haven’t been upgrading their infrastructure using lifecycle management.  It’s at this point that you really find out what your technology debt is. In simple terms, it’s all of the antiquated hardware and software that should have been systematically updated over the years, but wasn’t. Your technology purchases all come to a head at one time. Most companies have gotten accustomed to not budgeting for technology each year. Now imagine what happens when you have to spend $50,000 - $100,000 or more in one year.  

We assist customers with their lifecycle management so that their IT budgets are smaller per year and more predictable. Don’t leave your hardware and software integrity up to luck. Contact a NetWork Center, Inc. sales associate to find out how to get a lifecycle management model that works for your company.

Contact Us Today! 

Topics: Technology Solutions, Protection

Windows Server 2003: Time to Say Our Goodbyes

Posted by Tyler Voegele on Mar 3, 2014 1:20:00 PM

UpgradeWindows Server 2003 is close to reaching its end of support date: July 14, 2015. Though this might seem like a long time from now, you should start planning and upgrading as soon as you can. As with Windows XP, which is now one month from its end of support date, the same will happen to Windows Server 2003. There will be no patches or security updates. 

So now you ask yourself this question, why make the move from Server 2003 to Server 2012. Some of the most concerning reasons for people not upgrading are cost and not knowing the performance enhancements that come with the newer Operating Systems. 

Cost

If you look at keeping Windows Server 2003, think about cost first and foremost. What would the difference in cost be in proportion to upgrading your environment? To run a secure IT infrastructure you will have to put twice the amount of resources into monitoring, shielding, and protecting any servers on 2003. Along with protecting the servers themselves you will also have to work to make sure the old applications will still function. Server 2003 doesn't suddenly stop working as soon as support is over, but your risk involved will increase. You may need to consider training staff about threats more often, installing an intrusion detection system, or even segmenting the servers in your network. Electricity prices may also pay a factor in why you might decide to upgrade. If you have 10 physical servers running Windows Server 2003, your price for electricity will drastically change if you were to virtualize all of them and use one physical host machine.

Optimizations, Stability, and Security

What kind of optimizations could you get from the newer Windows Servers? Windows Server 2008 and 2012 are able to be utilized in ways that Windows Server 2003 is not able. For instance, the architecture used for 2003 limits the ability for performance enhancements and for software to use specific features that the newer versions are able to utilize. Simply put, the newer versions can outperform the old. This should not be news in the technology world, as everyone knows that newer Operating Systems have more functionality than later versions. Another big upside with applications running in the newer server versions is processing power. With newer server OS's, programmers are able to utilize more resources. Windows Server 2003 is 10 years old and very limited by its time and simply cannot take full advantage of modern hardware. Microsoft has brought up concerns with possible performance issues in some versions of Windows Server 2003. Microsoft also has articles about performance bottlenecks in continuing use with Windows Server 2003

Windows 2003 InfographicAnother reason you should look into upgrading is many Windows 2003 Servers are running on physical hardware. Now that we live in an age of virtualization and cloud computing, it reduces more risks than housing every server on a physical media. If you are running eight year-old hardware with Windows Server 2003 on it and the server fails, what what would be your plan? Would the down time effect you drastically? What if you could avoid the potential downtime by planning, migrating, and proactively scheduling an upgrade? Hardware fails. It is a fact that many businesses have faced a time or two. If you run old hardware and software, you will risk the possibility of it failing and causing more headaches than it is worth.

One of the main reason you should want to upgrade from Windows 2003 is from lack of security. The biggest concern for most companies is to keep their assets that lie in the digital world safe. Windows 2003 could raise a lot of concern after the support has ended. Not only could the Operating System be exploited with malicious intent, but you could face limitations that also cause software running on the Operating System to be unsecured.

Upgrading From Windows Server 2003

So, what options can you think about when moving to a newer environment? Sometimes the most obvious transition is utilizing the environment you already have. Leveraging a virtual environment is usually the best option, and if your environment isn't virtualized already, you should consider doing so. Converting physical boxes into virtual machines is normally a very easy process, and along with the benefits of having everything managed centrally, a virtual environment is very practical for any business. Most of the time, applications that run on Windows Server 2003 can work as well in Windows Server 2012 or run in a compatibility mode. Even if you are not able to run applications in the new server versions you will at least have a virtual copy of the Server 2003 running in new hardware. 

Another option you may consider is migrating to the cloud. Not many think of having their environment moved to the cloud, but it is an option that could fit your business needs. Moving your server infrastructure into a cloud based environment can help businesses that do not always have IT staff to support them and can be more cost effective. 

Start your planning and risk analysis as soon as possible because the more you stay ahead of old hardware, software, and applications the better off your business will be as a whole. Remember, having a plan is the biggest step in your effort to stay updated. If you have any questions about planning, implementing, or maintaining your technical infrastructure, contact our experienced staff at NetWork Center, Inc. today and ask them about Windows Server 2003 End of Support.

Contact NetWork Center, Inc.

Topics: Technology Solutions, NetWork Center Inc., Protection

The Importance of Warranty and Maintenance Plans

Posted by Kyle Riveland on Feb 18, 2014 11:30:00 AM

3YR WARRANTYSome people may think this goes without saying, but at the same time there has been an inordinate amount of situations where a faulty server had a lapsed warranty, or software maintenance was missing. Since the only time that you need this in place is when something is wrong, that is unfortunately the time you find out. Let’s take a look at the two main categories where warranty and maintenance plans have the biggest effect on a business.  

Hardware  

The typical server warranty is 3 years, and there are almost always options to extend that at the time of sale and even after the normal warranty has lapsed. Networking equipment is normally 1-3 years, and have mostly the same options for extending warranty. Of course different vendors may offer different options, so your mileage may vary.  

The question you should ask is “how much downtime can we afford.” Of course, most businesses would answer “none.” Since it’s inevitable that server hardware will eventually fail, everyone knows better and we have to be ready for such times. Not everyone can afford high availability and fault tolerant environments when it comes to server hardware to avoid the downtime of a failed server or network device. 

A lot of time is lost when you need a part replaced for a device that is not under warranty or maintenance. When calling the vendor, you can be rerouted to different departments. The vendor may require you to purchase an extension before even ordering the part. If the failure happens on a weekend, that may not get processed until the next business day. Part costs, shipping, and labor are usually high.  

A warranty not only gets you replacements for little to no cost, it also gets you the parts much quicker. Typical warranty replacement parts are automatically delivered overnight. Calls to the vendor will hopefully get routed to the tech quicker (I’ll leave good/bad vendor support calls to another blogger). If the warranty allows weekend support, your issue may be resolved before Monday.  


hardware maintenanceSoftware  

There is typically no set maintenance for software. Some companies have phone support for software built in. Others have a forum where you could post questions and wait for answers. If a software company offers paid maintenance, it usually gets access to any/all types of communication available. This can be very important if the software is mission critical.   

The time lost can be similar to hardware, and just as costly. If your entire company uses a particular software product, what happens when the product fails? All your users either will not be able to do anything, or they will have to fall back to a slower manual process.    

No one will know the software better than the vendor. Bugs in software are about as inevitable as hardware crashes. When that happens, your software maintenance will allow immediate access to possibly get a resolution, or at the very least, patched in the next revision. Maintenance may also allow free updates to newer versions with some vendors.   

So what is the best way to determine where you stand with warranties and maintenance plans? List your mission critical hardware and software. Most vendors have provided tools on their websites to check your warranty and maintenance status. Then determine how much it will cost your company to not have access to these services and devices for any period of time. This will help you justify whether you should have active warranty or maintenance plans. The upfront cost of the plans may seem like too much now, but the cost may be much worse without the plans in place.

If you have any questions about warranty and maintenance plans, please contact NetWork Center, Inc. 


Contact NetWork Center, Inc.

Topics: Technology Solutions, Protection

Getting Granular with Security Policies and Procedures

Posted by Jeff Bolstad on Nov 1, 2013 5:28:00 PM

Secure NetworkIn our previous post, Tyler gave a great overview of different aspects of IT Security, and mentioned a top-down approach. Let’s look at IT Security as starting at the broadest point, security implementations that have a single point but affect the entire network. Then moving to devices and practices that affect the entire organization but have multiple points of implementation. And finally narrowing it down further to items that affect specific items, whether it is a unique group within the company, or specialized hardware and software.

A great place to start when reducing a network’s vulnerability is securing it against outside threats. There are a multitude of options that add a layer of protection. These options include hardware appliances such as firewalls, intrusion prevention systems, mail filters, and web filters. Some options can also be offered as part of a cloud-based solution. This is especially true of the last two items listed, but this also entails relinquishing a certain amount of control over these systems.

Moving down the list of possible security measures, there are a number of options that can be implemented and managed from a single point, but have multiple points of failure. Included in this group are more familiar methods like anti-virus and anti-malware products, user training, and application and operating system patches. I say multiple points of failure because protection can fail based on the individuals or machines. Anti-virus is one of the most common options mentioned when it comes to protecting a network, but it cannot protect a network alone. Proper configuration can go a long way in mitigating damage.

Network SecurityAn increasingly prevalent area of security concern is managing mobile devices. This becomes especially true as more users are allowed to bring personal devices into the workplace. This introduces concerns of lost or stolen devices, company data being exposed over an unsecured network, ownership of information, whose responsibility it is to support those devices, and separation of home/work functions on these devices. End user device policies help address a number of these issues, and services such as MAAS 360 allows for greater control and security over both corporate devices and those provided by the end user. Another option for mobile devices, predominantly laptops and tablets, are VPN connections back to the corporate network. These machines can also benefit from measures such as whole disk encryption and TPM.  These are all great possibilities for improving security, but are ineffective if employees don’t take the proper precautions as well.

Employees can make or break security as easily as anything. Proper training will mitigate a vast amount of problems you can encounter, provided employees adhere to the new policies. This includes proper procedures for securing unattended devices, procedures for reporting lost/stolen devices, and acceptable use of company resources. Having to spend five minutes talking to a user about an email attachment they’re unsure of beats two hours of cleaning up an infected machine, or worse an infected server.

Luckily, through the use of administrator defined policies, choices can be taken out of the hands of end users, preventing files in certain locations or with certain extensions from being executed, limiting access to potentially damaging websites, and limiting access to company data, among other options.

Network SecurityRemaining security measures should fall solely to IT ideally. These include user account security, server and application hardening and patching, and keeping third party applications properly patched. This can be achieved on a machine by machine basis or through the use of products such as WSUS and Shavlik.  Additionally, once these policies are in place, regular monitoring and review of polices should take place.

You can of course drill down into more and more specific security measures, but this must be balanced against the resources needed to implement them. Not all of these options are feasible for all organizations, but through identifying those with the greatest benefits, security can be vastly improved for a corporate environment. A regular review of your security measures will allow your security to evolve as the threats faced do.

If you have any questions about network security, please contact NetWork Center, Inc.

Contact NetWork Center, Inc. 

Topics: Technology Solutions, Security, Protection, Security Technologies, Firewall

Better Endpoint Protection: Hardware Firewall Security

Posted by Tyler Voegele on Aug 26, 2013 11:15:00 AM

Every business needs a firewall or some form of protection from external threats. Firewalls can protect from external, malicious users, network infections, and packet flooding attacks from reaching the internal resources of your network. They can also prevent your users from connecting to things that may harm the network.

With all kinds of hardware security technology out there, it can be a little challenging to choose which device is right for you. When thinking about upgrading or strengthening your security at the Internet facing part of your network, there are several things to take into consideration.

Firewall TypesSecurity Technologies

There are three types of firewalls: stateless packet filtering, stateful packet filtering, and application-layer firewalls. Each of these provides filtering at different levels within a network. Packet filtering firewalls allow only packets to pass, which are allowed as per your firewall policy. Every packet has information contained inside, such as its source, destination, port ranges, etc. Each packet passing through is inspected and the firewall then decides to pass it or not. The packet filtering can be divided into two parts: stateless and stateful.

Stateless:

If the information about the passing packets is not remembered by the firewall, then this type of filtering is called stateless packet filtering. Every packet that passes through this type of firewall is handled on an individual basis by the set of rules that were set up manually. Previously forwarded packets belonging to a connection have no bearing on the filter’s decision to forward or drop the packet.

Stateful:

If the firewall remembers the information about the previously passed packets, then that type of filtering is stateful packet filtering. The packet filtering firewalls inspect these TCP or UDP packet streams to allow or deny them. Stateful packet filtering firewalls also monitor the state of a connection and gather the information about it. With this intelligence, the firewall can not only make decisions based on the defined rules but also make decisions from prior packets that have passed through it.


Application-Layer

Application-layer firewalls, or proxy-firewalls, do not just look at the packet data; they also look at the actual data that is being transported between the application-layer. They know how certain protocols work, such as HTTP and FTP.  Since they are application-aware and inspect the contents of the traffic, you are able to block specific content such as websites, viruses, or software. They can then look to see if the data that is in the packet is valid for specific protocols, and if it is not, it can be dropped.


Other ConsiderationsSecurity Technologies

The first thing to ask yourself when you are deciding on a firewall is what are you are trying to accomplish. Whether you want a firewall that handles stateful-packet inspection, or a firewall with extra features such as IDS and IPS built in, there are options for them all. You will want to clearly identify what is important to you and figure out where the bulk of your security needs lie. With so many different options for firewall technologies, there are also a lot of features to think about. Below are just a few features that are worth considering:

  • Monitoring and Reporting

  • Spam Filtering

  • High Availability

  • URL Screening

  • Anti-Virus

  • Bandwidth Sizing

  • Layered Security

  • Remote Connections

  • Physical Interfaces

  • Intrusion Detection

  • Intrusion Prevention

  • Web Caching

When you compare the costs of different firewalls, you also need to take into account any of the extra costs associated with the features that you will want to implement. If you choose a firewall with specific features and capabilities, there can sometimes be an extra fee in licensing.

If you're in the market for a new firewall, take some time to identify the needs you are looking for. Firewalls are still one of the best ways to protect yourself from any threats to your network, and with so many options you can do almost anything. If you have any questions or want to know more about firewall security, please contact NetWork Center, Inc. 

Contact NetWork Center, Inc.

Topics: NetWork Center Inc., Network Security, Security, Protection, Security Technologies, Firewall, Filtering

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all