BusinessContinuity_0.jpg

NetConnect Blog - Your Resource For IT Tips, Tricks and News

10 Reasons Everyone Needs a FISASCORE

Posted by NetWork Center, Inc. on Apr 26, 2018 10:26:33 AM

Security is at the forefront of what we do and keeping on top of the newest security offerings is why our customers trust us with their networks. We are excited to offer a new vulnerability assessment in partnership with SecurityStudio and would like to invite you to join our webinar on May 22nd at 2pm CDT on the 10 reasons why everyone should have a FISASCORE®. It's free to join and you can register by clicking the button below. In the meantime, check out more information on what exactly is a FISASCORE. 

Click Here to Register for Webinar!

What is a FISASCORE?

FISASCORE is a comprehensive, risk-based measurement of information security assigned to your company based on a proven and thorough assessment process.  Once completed, FISASCORE will identify critical vulnerabilities, control gaps/ deficiencies, and applicable threats to the security of your organization.

Why is a FISASCORE important?

FISASCORE allows businesses and organizations to know and understand how they are vulnerable and how they compare with peers within similar industries. FISASCORE can also be used to communicate the level of information security risk to interested third-parties (customers, stakeholders, auditors, regulators, etc.).

FISASCORE is constantly calibrated to the latest security threats used by attackers with controls designed to mediate those threats and protect data from unauthorized access, disclosure, distribution and destruction. The FISASCORE framework consists of a thorough evaluation of risks within four phases: Administrative Controls, Physical Controls, Internal Technical Controls, and External Technical Controls.

  • ADMINISTRATIVE CONTROLS are sometimes referred to as the “human” part of information security and are controls used to govern other parts of information security. Common administrative controls include policies, awareness training, guidelines, standards, and procedures.
  • PHYSICAL CONTROLS are the security controls that can often be touched and provide physical security to protect your information assets. Common physical controls include doors, locks, camera surveillance, and alarm systems.
  • INTERNAL TECHNICAL CONTROLS are the controls that are technical in nature and used within your organization’s technical domain (inside the gateways or firewalls). Internal technical controls include things such as firewalls, intrusion prevention systems, anti-virus software, and mobile device manage-ment (MDM).
  • EXTERNAL TECHNICAL CONTROLS are technical in nature and are used to protect outside access to your organization’s technical domain (outside the gateways or firewalls). External technical controls consist of search engine indexes, social media, DNS, port scanning, and vulnerability scanning.

Who needs a FISASCORE?

Every organization, big or small, should be aware of their most significant information security risks. FISASCORE will identify and address your organization’s risks through a standardized, consistent and efficient process that enables all members of your organization to quickly and confidently understand and quantify risks. 

Topics: Security, Network Security

Ransomware: A Tale of Three Companies

Posted by Michelle Killian, FRSecure Security Analyst on Apr 14, 2016 10:09:00 AM

Ransomware: A Tale of Three Companies

Our partner, FRSecure has been busy of late responding to calls regarding ransomware. They've seen a few success cases but not enough, so Michelle Killian, FRSecure Security Analyst, thought it would be useful to review three of the common scenarios they are encountering, what the outcome has typically been and what you can do to prepare and protect yourself from this nasty attack.

But First, What Is Ransomware?

“Ransomware?” you say. “What’s that?” Well, if you are lucky enough to not have been either directly or indirectly affected by ransomware, we'll give you a brief rundown:

Ransomware is a type of malware (malicious software) that attempts to block access to assets belonging to a victim (i.e. your files) and only unblock in exchange for a ransom payment.

The variant of ransomware running rampant today infects your device and encrypts (or locks) all the files you have access to, making them completely unusable to you unless you get the key to decrypt (or unlock) the files. The malware searches for and encrypts all applicable file types (including Word and Excel documents and PDFs) both on your device and on any shares you are mapped to, meaning the more access your device has, the more damage the malware can do.

While there are many ways your system can be infected, ransomware is typically delivered through an email phishing attack or website drive-by-download attack.

Attack Overview

Attack Overview

Download Overview

Download Overview

In order to decrypt the files, you have to get the key from the attacker who distributed the malware, which costs money, typically in the form of bitcoins. Up until recently, the attackers were demanding basically the same amount of ransom regardless of who they infected – typically between $500-1000, but they’ve now discovered that some targets are willing to pay much more and have started demanding ransom payments more proportional to the information they are holding hostage.

What FRSecure is Seeing

Michelle Killian lumped the companies FRSecure is hearing from, both in the field and from incident response calls,  into three broad categories. Read along and see which group your organization most closely aligns with and take away some action items to better prepare yourself!

Company 1: The Not-So-Lucky One

Company 1 calls shortly after getting that gut-wrenching pop-up notifying them that they’ve been ransomed, unsure of what to do or where to start. They haven’t really been good about consistently backing up their data so they don’t have a viable backup to restore from.

CryptoLocker     Photo: Malwarebytes.org

CryptoLocker Photo: Malwarebytes.org

These are usually painfully quick and unsatisfying conversations. While FRSecure always recommends doing some research on the particular malware strain to see if a key has been obtained and shared, odds are, if you don’t have a backup of your data, your only real option to get your data back is to pay up. For Company 1, this is exactly the outcome and after learning the ins and outs of Bitcoin, they are back up and running, less $500, and working diligently on formalizing their backup strategy.

FRSecure Does Not Support Paying The Ransom

For the record, FRSecure does not encourage paying the ransom as the best solution to this problem. Paying only encourages this type of activity to continue to grow and makes you a bigger target for future attacks. Additionally, FRSecure has seen many instances where the decryption process hasn’t gone smoothly and not all files are recovered. However, if there is no other way to get the information that’s been ransomed and it’s necessary for operations then sometimes this is the only solution.

Company 2: The Oh-So-Close-But-Not-Quite One

Company 2 got the same pop-up notification with ransom-payment instructions, but threw high-fives all around because they’ve got good backups and regularly test them, so they knew that this was but a blip in the road. They restored the systems they determined to be impacted by the malware from backup and resumed operations as normal.

Until they got a call from a user freaking out because their data was no longer usable. Turns out there was a small subset of the organization that was supposed to be segmented off (but wasn’t) and for all intents and purposes was thought to be no longer in use (but was) so the share wasn’t being backed up regularly. And the data stored on this share was pretty important.

So, while Company 2 was able to successfully restore most of their files from backup, because they didn’t have an updated inventory of their data resources, they still ended up paying a ransom to get the files from the not-so-segmented share back. And now they are focused on a top-to-bottom user access review and data mapping exercise to make sure they know where all their data lives and who has (and who should have) access to it.

Company 3: The Ready-For-Your-Stupid-Virus One

Company 3 called in advance of getting the ubiquitous pop-up. They noticed some files they were working on were changing and becoming inaccessible and suspected they might be in process of being infected by  ransomware. With a little digging we were able to confirm their suspicions and set about containing the malware.

The one nice thing about ransomware is that it’s pretty easy to determine where the attack started because the device where the infection initiated will be the device that provides the notification and instructions on how to pay up. But, on the flip side, once the pop-up shows up, it’s too late to contain the malware. So, you have to do some work while it’s in process of spreading to find the source and contain in.

For Company 3 there was some suspicion around a particular attachment and a particular user (based on internal conversations and where the file changes were taking place) so it was relatively easy to pinpoint the source. With that knowledge, we were able to isolate the system (disconnect it from the network and internet) and work on replacing the infected files.

Company 3 not only had replication of data to the cloud but also maintained regular offsite backups. The data being replicated in the cloud had already uploaded the encrypted versions of the files so we had to pinpoint when the ransomware was downloaded so we could revert back to the clean files, but after about four hours, Company 3 was back up and running with no ransom paid. Even so, Company 3 is not resting on their laurels, they used this close call to conduct additional user training on the perils of email and phishing attacks.

How To Protect Your Company (and Yourself)

One thing Killian would like to point out when talking about ransomware is that this virus does not discriminate. It will hit you at home and take your $500 just as readily as it will at the office. So her advice is advice that can be implemented in both environments and should be strongly considered if you place any value on the information residing on whatever device you use (PC, Mac, smartphone, tablet… all devices are fair game for this bugger).

What You Can Do:

  • Inventory your data: This is Information Security 101, but we aren’t generally that great about it. Do you know where all of your information is stored? Map out all of your data repositories and then audit regularly to make sure it’s still appropriate.
  • Back it up: This is your #1 defense against ransomware. Determine how long is acceptable for you to be out of commission (1 hour, 1 day, 1 week?) and build out an appropriate backup strategy that ensures you can meet that acceptable level. Consider multiple types of backups in the event one gets compromised and regularly test the effectiveness of the backups. Side note: many versions of the ransomware either destroy your shadow copy or encrypt it before notifying you that you’ve been ransomed so do not let your shadow copy be your only backup solution.
  • Implement need-to-know access: Do you know, with certainty, who has access to what information? Or do you take a “everyone needs access to everything” approach? Play out a few table top exercises with ransomware and you may be re-thinking that approach. Use user access to data as a strategy to protect you from attacks to limit the exposure to information impacted from any one user. And like data inventory, review this access periodically and audit users to ensure nothing is changing.
  • Continue to train users: Make sure your user base knows what the current risks are to them so they are better able to protect both themselves and  your organization. Train them on the signs of ransomware so they can report it before the pop-up does, which can help mitigate the damage done. Remember that your users are computing at home so they have a vested interested in being a bit more technical – teach them about disconnecting from the internet, unplugging from the network, and the importance of controlling access to information.
  • Strengthen technical controls: there are some pretty easy solutions that you can implement that can help protect you from installing ransomware, including:
    • Block EXE file attachments so users cannot directly run executable files from emails.
    • Disable macros in Office applications, where malicious code is often embedded.
    • Implement web filtering for malicious sites to block known security risks sites.
    • Remove local admin rights so users are forced to enter in a privileged username and password to run new software.
    • Develop and implement a patch and vulnerability management program; many variants use vulnerabilities in applications to infiltrate your system.
    • Implement group policies and other restrictions on common payload entry points, such as the %AppData% folder.
  • Check online for solutions: If you don’t have a good backup to restore from, before you give in and pay the ransom, do some research to see if a key has been uncovered. Great sources to consider include Malwarebytes, Kaspersky Ransomware Decryptor  and BleepingComputer. Do not remove the malware until you are sure all of your files have been successfully recovered.

There’s no doubt about it, ransomware stinks. But it is a good reminder of how a strong information security program can protect you and how sticking to the basics (asset management, access control, backup management, user training) will continue to pay off.

Blog post provided by: 

* Killian, Michelle.  http://www.frsecure.com/ransomware-a-tale-of-three-companies/. N.p., 7 Mar. 2016. Web.12 Apr. 2016. <http://www.frsecure.com/ransomware-a-tale-of-three-companies/>.

Are you interested in improving your processes to reach your security goals? Reach out to the team at Network Center, Inc. for more information on how utilitzing FRSecure can positively impact your company. 

ContactUsButton.jpg

Topics: Network Security, Security, Ransomware

Dear Ransomware...

Posted by Sean Todd on Apr 8, 2016 1:00:00 PM

Dear Ransomware – let’s get familiar

First, let’s define what ransomware is. Basically, it’s a piece of malware that is able to infect a device that will prevent an end user from either accessing the device itself, or the data on the device. Typically, the person responsible for creating the ransomware will require the user to pay a fee in order to regain access to the infected files or system. Even when you think you’ve got your environment configured with the right layers of software designed to prevent an infiltration of potentially destructive ransomware, there’s still a good chance you may become a victim.

lock_image.jpgSounds like a pain right? Well, it could get much more serious than that pretty quickly. Let’s assume that device is on your corporate network. Let’s also assume that the user of that device has access to files on the network. See where this is going? It now has the potential to affect files across the network. All that business critical data is now that the mercy of a cyber-criminal demanding a ransom payment before giving you back your access, if at all. You don’t just lose access to the files, you have the potential to lose productivity, legal fees, IT services, customer service, etc. it adds up quickly.

So what exactly does this ransomware do? The most common side effect is file encryption. Encryption that is at this point is pretty much impossible to crack. It has the ability to encrypt not only data on your local device, but also data across the network that the user has access to. Without a good backup or paying the ransom, you can say good-bye to your data. Even a backup will only get you back to the point in time where it was last successfully run. That means if you’re backup ran last night, and the ransomware hit today at 4pm, you’ve pretty much lost an entire day of work for not only a single individual, but potentially an entire company.

But I have antivirus, that’s enough right? I hate to be the bearer of bad news, but antivirus software alone simply isn’t enough anymore. You need a layered approach to your preventative arsenal.ransomware2.jpg

  1. Education – Educate yourself and end users on how to detect these threats. Limit the amount of casual internet browsing and if an email seems fishy, there’s a good chance it is. Remember, ransomware can infect you in multiple ways.
  2. Email Filtering – Use a spam service to filter email before it gets to your mail server and inbox. Even users of a hosted email platforms should consider using 3rd party email filtering as an added layer of security.
  3. Web Filtering – Ransomware doesn’t just come from email. It can come from very popular legitimate websites as well. Utilizing some type of web filtering could help prevent access to infected websites or syndicated ads carrying malicious code.
  4. Antivirus – Use reputable antivirus. This is usually the last point in the preventative stage. Having up to date antivirus could be your saving grace, although there are never any guarantees. Even older versions of antivirus with up to date virus definitions could make you vulnerable. Much like the cyber criminals who are continuously trying to evade the various levels of protection, antivirus vendors are constantly evaluating and improving their software in order to combat the latest threats.

It's unfortunate that there are new stories daily of companies large and small being targeted by these malicious campaigns. There’s no doubt it will only get worse before it gets better as these threats are constantly evolving. They tend to get more destructive with each iteration and some aren’t even offering the option to decrypt anymore. Your best defense is a multi-layered approach. The more layers, the less chance of becoming the latest victim. Bottom line, it needs to be taken seriously.

Topics: Email Security, Network Security, Security, Ransomware

Protection in an Online World

Posted by Jeff Bolstad on Aug 14, 2015 4:00:00 PM

Security-ImageIncreasingly, people are being forced to integrate their lives with an online presence. Making purchases online, social media, work requirements, smart TVs, smart phones, networked appliances. It’s safe to say that it will be quite difficult for people to remain disconnected from the rest of the world going forward. However, with the convenience that comes with this expanded connectivity, individuals and businesses face constant threats as a result of this connection being open 24/7. This link shows real-time threats around the world. So are the old methods of protection still viable in today’s environment?

For individuals, the go-to methods have usually been good anti-virus and password complexity, as well as being aware of who is getting your personal information. This all holds true still. New technologies though are creating new holes. Smartphones can carry our lives on them, in the form of texts, emails, purchase history, credit card information, social media sites, and passwords. These devices have been deemed to have enough personal information on them that they require a warrant in order to be searched for information by arresting officers, where as previously they were considered covered under routine searches. But while the government may be realizing how sensitive these devices are, many people don’t take action to ensure their security. By taking a few simple steps, and being careful about what you put on your phone, it’s possible to greatly improve security on your phone, both when you’re using it, and in the unfortunate event that it is lost or stolen. While not infallible, these steps can make it much harder for a malicious entity to compromise your personal security.

So if you’re protected at home, there’s still all the businesses you are forced to interact with, or the business you are a part of, and they have to fight a constant battle as well. There have been a significant number of breaches just this year, and millions of people are affected yearly. So is it the new normal that we just have to live with the inevitable breaches of personal data? Not if companies adopt responsible policies towards security and enforce them. It’s one thing to say we have a security policy in place, but if users are not facing consequences for loading company files on a flash drive to take home, or leaving their password on a sticky note on their desk, there’s really no incentive to follow the policy. But beyond more vigilant users, what are businesses doing? 

The mainstays for protection from outside sources are always having proper hardware and software security. This includes Firewalls, Intrusion Prevention, Web Filters, Spam Filets, and Anti-Virus. Company-wide security policies enforced at the workstation and server level add another layer, and managing what outside devices are allowed to connect to the company network provides a further buffer against malicious intent. But one of the biggest things that can help companies avoid trouble is not becoming complacent.  Frequent review that systems are up to date and making sure they are the best system for the task at hand can go a long ways towards preventing the kind of event that makes headlines in today’s business world. That often translates to having someone appointed to make sure reviews happen of the network and security systems, and that any flaws are found and corrected as quickly as possible. 

Some IT experts are quoted as saying that security breaches are a matter of when, not if, for a lot of companies. But many companies could adopt a more aggressive stance when it comes to security and preventative measures, and individuals can become more aware and diligent in the protection of their own systems, which will raise the bar for IT security as a whole.

If you have any questions regarding security for your business, feel free to contact us. 

NCI Contact Us Button

Topics: Security

Reviewing the Impact of the SSLv3 POODLE Vulnerability

Posted by Joe Dunnigan on Oct 24, 2014 4:55:00 PM

PoodleFlaw_SQ-300x300Attack of the POODLE
Last week, a new high profile web vulnerability was disclosed, dubbed 'POODLE' (Padding Oracle On Downgraded Legacy Encryption). This vulnerability received much press, partly due to the fact that a number of other vulnerabilities have hit the news recently (Heartbleed and Shellshock in particular).

The POODLE vulnerability deals with attacks that downgrade the level of encryption and security in an https connection between a web browser and server, forcing the communication to use the old and less secure SSLv3 protocol over newer implementations like TLS 1.0-1.2.

SSLv3 has been around for nearly 15 years, and has outlived its usefulness. However, most systems have kept it enabled so that legacy systems can still function. At one time, this was the highest protocol that web browsers supported for secure communications, but TLS has been available for many years now. IE6 is the only browser with any notable market share that requires SSLv3 in order to establish secure connections. Any recent versions of IE, Chrome, Firefox, Safari, etc. will support TLS.

Sniffer-2-01So, what does this mean for us?
Upon reporting the vulnerability, it was recommended that systems be configured to not offer SSLv3 for secure connections. This includes web servers, application servers and appliances, and web browsers, among many other devices. If a user tries to connect to a secure service via SSLv3 and this support has been turned off, they will not be able to use the service any longer. The recommended approach is to ensure that recent versions of web browsers and other client software are as up to date as possible.

The greatest risk to allowing SSLv3 in communications is the possibility of a man-in-the-middle attack, where an attacker could listen in on the secure https communications and crack the encryption to expose sensitive information (passwords, banking information, etc.). By disabling SSLv3, this threat is successfully mitigated. 

In fact, disabling SSLv3 has been a topic of discussion prior to this discovery, as weaknesses in the protocol have been known for some time. However, the risk associated was not deemed worth the trouble of potentially shutting out users who were using older web browsers or application clients. With the POODLE vulnerability disclosed, it was determined that the risk to information disclosure is too great, and moving forward with disabling the protocol will be necessary. With IE6 usage falling below 0.1% in most of the world, the impact should be significantly lower than in previous years.

What should I do now?
As with all vulnerabilities, it is important to determine exposure and take action to remediate the issue as quickly as possible. By keeping software and systems up to date with security patches and new software versions, we can help to curb the possibility of serious attacks and information exposure.​

To find out if you are vulnerable, contact us at NetWork Center, Inc. for more information.

Topics: Network Security, Security, Protection, IT Consulting

Shellshock: It Has Nothing to Do with Ninja Turtles

Posted by Brian Johnson on Oct 17, 2014 4:13:04 PM

shellshock-bug-100457107-largeI’m probably starting to show my age, but when I hear the word “Shellshock” the first thing I think of is the old Teenage Mutant Ninja Turtles cartoons. But unfortunately, the Shellshock we are talking about has nothing to do with pizza-loving reptiles, and everything to do with a gaping security hole affecting many of your Internet-connected devices. Here’s what Shellshock (a.k.a. the “Bash bug”) is all about and why you should care:

What is it?

There are a few terms and technologies contributing to the Shellshock nickname. First up is Bash, which is a command-line interface used in Mac, Linux, and many other operating systems and devices. This interface, often referred to as accessing the “shell,” can be used to enter commands to perform various actions on a system, such as editing files, running tools, or initiating a restart or shutdown. 

The heart of the Shellshock problem is that when these Bash commands are tweaked for potentially malicious purposes, really really really bad stuff can happen all across the Internet. 

I don’t run Macs or Linux – so can I stop reading now?

No – please don’t! This still matters to you. You may not directly run these operating systems on the machines you use every day, but Linux is everywhere. It could be found on video cameras, routers and other devices on your home or work network, and is prevalent on thousands and thousands of Web servers scattered across the Internet. 

To understand the seriousness of this issue, we have to get a little nerdy first and look at an example Bash command:

/bin/eject

This simple command, when executed on some Linux servers, will eject the CD drive. No harm done there, right? 

Ok, but what if I could somehow modify that command and, from my comfy office in Waconia, use it to make a server across the Internet eject its CD drive? Wouldn’t that be cool? Well, if my target server was vulnerable to Shellshock, I could do exactly that with this command:

 curl -H "User-Agent: () { :; }; /bin/eject" http://www.example.com/

Again, this looks like a bunch of gibberish, right? But when we break it down, here’s essentially what this command is doing: first, it is asking www.example.com to display its Web content, much like it would if you visited www.example.com in a Web browser. Next, as my computer and the Web site send data back and forth to complete this connection, my computer sends the characters () { :; };. And here’s the bug: the server misinterprets the /bin/eject command as something to ignore or discard, and runs it instead. Wa-lah! The CD tray pops open!

Microsoft-Court-Email-Orders-01I don’t run a Web server either – why am I still reading?

In the example above I used a command which caused a Web server to eject its CD tray. Just a silly trick to show friends at parties, right? But use your imagination and think of some of the more sinister things I could do with this Shellshock vulnerability. Maybe I could figure out a way to make thousands of these severs attack your corporate network. Or I could craft a command to make the server send me sensitive information it has stored about you, such as your name, address, phone number, password, purchase history, credit card information…the possibilities are endless! 

And keep in mind, this vulnerability does not require any advanced skills on my part. I do not have to steal any usernames or passwords of people who administer these servers, download any special software or take a master’s class in hacking. Nope, just a quick Google search and about 10 minutes of my time would be all I needed to start launching attacks on vulnerable servers and potentially do damage to your networks, accounts and sensitive information. And that is why you should be concerned with Shellshock.

So what can I do about it?

If you are running Macs in your environments, check the support article Apple has published about the Bash bug, and download/install the appropriate patch.

On Linux systems, you can usually do a quick Google search for the type of Linux you run and the word “Shellshock” to find articles and instructions containing a fix. For instance, I run Ubuntu, and by searching for Ubuntu Shellshock I was treated to this nice article which walks me through patching the bug.

Don’t stop here. In your home or corporate network, you need to check other devices that may be vulnerable, such as video cameras, routers and backup devices. Tripwire offers a free tool to scan up to 100 internal IP addresses for free. Depending on what devices are identified as being vulnerable, head to that vendor’s Web site and search for any knowledge base articles or updates that might be available.

If you are concerned about Shellshock on your servers that are accessible via the Internet, this tool can help you test them.

Conclusion

Shellshock is a big deal – some experts say even bigger than Heartbleed. But as you can see above, Shellshock is not a real simple vulnerability to explain. I have had several conversations with clients who misunderstand it as “I don’t run Macs or Linux, so I don’t need to care.” Hopefully I was able to show you that is simply not the case, and you can help your fellow friends/family/coworkers better understand the bug when the opportunity arises. 

If you have any questions about Shellshock or perhaps want your network scanned for the vulnerability, we welcome the chance to talk to you. Contact NetWork Center, Inc. or FRSecure for any questions. 

This blog post is written by our guest blogger Brian Johnson, Information Security Analyst with our partner in information security, FRSecure

Topics: Technology Solutions, Network Security, Security, Security Technologies, IT Solutions

Securing Your Website with SSL

Posted by Joe Dunnigan on Sep 12, 2014 3:15:00 PM

SSL CertificatesWith the ever-increasing risk of privacy concerns and data breaches, it is important to know what steps can be taken to mitigate these risks. One area that can be addressed to increase security and decrease exposure to attacks is securing a website with SSL. This not only will this strengthen and encrypt communications between the user and the site they are visiting, but it will also increase visibility of the website, and show users that their actions on the site will remain private and secure.

Traditionally, a website would employ SSL (https) security only in areas of the site where the potential for sensitive user information was being transferred. This may include user login forms, shopping carts and checkout, or application forms that include sensitive information such as a social security number. Increasingly today we are finding that organizations recommend and sometimes require that SSL be present on the entire website to ensure that all communications between the client and the website are secured. If you are responsible for a small to mid-sized bank, you may have already received information from your security auditors recommending site-wide SSL be employed on your website. Even if all of your online banking processes are handled by a third party and not run directly through your website, you should still expect to see this recommendation show up on your next audit.

Another area that is seeing the increased need for SSL security on websites is the widespread availability and ease of use of content management systems such as Drupal and Wordpress (http://info.netcenter.net/Blog/bid/335313/Why-CMS-is-Important-for-Your-Business). These systems provide an easy-to-use backend for managing your website content and configuration. Typically you access the CMS by going to a login page on your website, entering your credentials, which then grants access to administration areas and content editing features. When logging in or performing content changes, having the communications between your web browser and the website backend encrypted helps ensure that your website stays safe from unauthorized access.

secure websiteUpgrading your site to use Always-On SSL is not a difficult process, but may involve additional costs and considerations. SSL certificates must be purchased, typically on a 1-3 year basis, and can expire if they are not renewed. Also, you may have to upgrade your website hosting plan, depending on what plan you currently have. Most providers should be able to assist with this transition and keep your site going while the upgrade happens.

Always-On SSL not only offers security benefits and the added sense of security for your users, but may also help your search rank. Recently, Google announced that they are giving an SEO rank boost to sites secured with HTTPS everywhere or Always-On SSL (AOSSL) (https://blog.digicert.com/google-gives-ssl-secured-sites-search-ranking-boost/). When Google crawls your site and sees that all pages are encrypted with HTTPS, your search rank is automatically increased. This has the potential to move your site up in search results, increasing exposure to potential customers. Right now this is a lightweight signal, but over time it will continue to be more important for ranking search results.

If you've considered adding SSL to your site in the past, or are currently using SSL for only certain areas on your site, there are more reasons now to consider adding Always-On SSL. You'll give your customers an added sense of security, and might even drive more traffic with better search rank. Contact NetWork Center, Inc. to find out how to secure your website using SSL security.

Contact Us Today! 

Topics: Technology Solutions, NetWork Center Inc., Security, Protection, Security Technologies, IT Solutions

Network Health: Do You Know if Your Network is Healthy?

Posted by Kyle Riveland on Sep 3, 2014 3:30:00 PM

emergency symbolWe all know computers and servers can catch infections, and most of us are well prepared to combat them. But, do you have insight into the core hardware and software health of not only your servers, but your switches, firewalls, SANs, etc.? While a common email virus is much like a head cold, an unhealthy SAN would be a more severe affliction that typically requires a few days in a hospital. An unhealthy SAN (or any other device) is largely a completely avoidable situation through preventative maintenance.   

Most people check in with doctors to get help with preventative maintenance of their personal health, so what can you do to gain insight on your network health? Fortunately, there are many options to prevent infection. Among them are:  

  • Gain insight into the health of your servers through monitoring logs and spot checking hardware

  • Monitor logs on your networking equipment, keep software levels up to their latest version

  • Ensure important core system hardware, such as SANs, are up-to-date and have no error conditions

  • Replace aging hardware periodically, as older hardware may be holding back the potential of your network

maintenanceThat seems like a lot of work for someone to do regularly! Fear not, much like doctors have a battery of tests to find ailments, there are many devices and software solutions available to help diagnose early warnings of degrading network health.   

Applications such as PRTG, IBM’s Tivoli Network Manager, ManageEngine’s software suite, Cacti, and myriad others can help you gather network metrics and provide alerting for issues on devices like switches, firewalls, or anything else that has an IP address. Some of these applications can even give you a history of the device with just a few clicks. If the device has SNMP (Simple Network Management Protocol), you can usually gather a multitude of metrics from it.  

Logs upon logs upon more logs. How can one keep up? Even the task of regularly monitoring a single server is daunting. Applications from companies such as ManageEngine, GFI, IPSwitch (What’s Up Gold), and others can gather all the logs for you in one tidy central location. Most of these programs give reporting and alerting so you can immediately attend to issues that arise and prevent them from getting worse. Many of the blue screens that happen in a Windows OS have early indicators before it actually happens. This type of software can help prevent the dreaded ‘Blue Screen of Death’ and avoid costly downtime.   

For other more specific items in your network, vendor software also available and can be sometimes just as good as 3rd party programs. As long as the software has alerting, it should be good enough to give you the tools necessary to combat network health issues as they arise.

Now that you have an idea of what is available, what’s next? Even after you choose these solutions, it is important to configure the software correctly. These tools are not going to be very useful if they only cover parts of your network (or worse, misconfigured). These situations would give you a false sense of security which could be very dangerous.  

Please talk to any of our sales staff or techs, and we can give you additional information or answer any questions you may have.

Contact Us Today!

Topics: NetWork Center Inc., Security, Protection, IT Consulting, IT Solutions

Privacy in the Digital Age

Posted by Jeff Bolstad on Jul 11, 2014 4:00:00 PM

Camera Cell Phone Privacy resized 600The Supreme Court recently ruled on some very divisive cases. Disregarding split decisions and personal opinions, the court did manage a unanimous decision very relevant to all of us. On June 26, Riley v. California, also affecting U.S. v. Wurie, received a 9-0 decision determining that police could not search the contents of a cell phone without a warrant. That in itself may come as a relief, but the reasons for the ruling provide more insight and range far greater than whether your cell phone can implicate you without probable cause.

The reasons in Justice Roberts’ opinion for ruling the way the court did boils down to the fact that your phone (and by extension other mobile devices, including laptops, tablets, flash drivers, etc.) can carry volume of intrusive data far greater than what you could find by searching someone’s other possessions. Not only do they rule that the amount of data that these “digital containers” can hold vastly outstrips what would normally be in a person’s physical possession, but it often serves as a central repository for so many different sources (I have more than a dozen separate accounts linked to my phone at the moment for example) that accessing it without permission would be too big of a violation of individual rights (lower courts have already ruled that data not specifically targeted by a warrant cannot be held and any copies law enforcement gathers must be destroyed). The court explained that a search of a single digital device could potentially expose more private data to officials than the most exhaustive search of a house or similar physical location.

So while this obviously has an immediate effect on how personal electronics can be treated, it also provides a glimpse into how access to digital information will be treated from a legal standpoint going forward. This has implications not just for phones, tablets, and laptops, but home PCs, servers, network storage, and cloud storage. Cloud storage is probably the most interesting in terms of separate individuals and companies being stored on the same physical media, and determining ownership of equipment versus data stored on that equipment.

smart phone appsUltimately, it would appear that with this ruling the Supreme Court is trying to adapt the Fourth Amendment for the digital age. More and more frequently, people rely on their mobile devices to organize their lives and store their personal information, and increasingly turn to digital methods to handle day to day activities. This judgment acknowledges that fact and tries to ensure that law enforcement cannot operate outside the bounds of the laws set forth. It can also effect existing methods of how data is gathered and parsed (the biggest instance that comes to mind being the NSA’s data gathering and how they use that data). It also should be an opportunity for businesses to review how they handle private information and what is considered outside the scope of their monitoring. Mobile device management and security policies afford a great range of control over end user’s devices. This also raises the question about how invasive these security policies should be, and at what point should data from end users and data from the company be separated. Some companies work around this issue with company provided devices, but BYOD continues to be prevalent, and an increasing digital business model will raise more questions about privacy as we move forward. Hopefully not just in the United States but worldwide, companies and governments can judiciously use data as they need without becoming too invasive or sacrificing people’s privacy without valid reason.

Topics: Security, Protection

Heartbleed: Do We Still Need to Worry?

Posted by Tyler Voegele on Jul 2, 2014 4:00:00 PM

Heartbleed.svg resized 600It's been a little over two months since the security vulnerability Heartbleed was announced and a fix was provided. The Heartbleed flaw, which allows attackers to extract information from the memory of the servers that run versions 1.0.1 through 1.0.1f OpenSSL allows attackers to gain passwords and other information from strings of text taken from the memory leaks.

Have you audited yourself or the sites you frequent? According to a recent study the OpenSSL bug Heartbleed was discovered on more than 300,000 servers that remained vulnerable. In April that number was around 600,000. Nearly dropping half in the past few months is great, but nowhere near completely patched and it's only getting worse. Patched servers are slowing to a snail’s pace. Since the time between last month and this month it has only gone down by around 9,000 servers.

It seems that patching is going to almost halt altogether. What does this mean for you and the security of some SSL servers? SSL is the fundamental secured communication that most websites rely on. If you still haven't updated to protect yourself against the vulnerability then you are still vulnerable to someone gaining your sensitive information such as username, password, or encryption keys.

An updated list of the most recognizable and popular websites was created shortly after the release in patches for the vulnerability that are now not affected by the Heartbleed OpenSSL encryption bug. Below are a few of the entries most notable:

heartbleed virus- Google.com is not vulnerable to Heartbleed.

- Chase.com is not vulnerable to Heartbleed.

- BankofAmerica.com is not vulnerable to Heartbleed.

- WellsFargo.com is not vulnerable to Heartbleed.

- Facebook.com is not vulnerable to Heartbleed.

- YouTube.com is not vulnerable to Heartbleed.

- Wikipedia.org is not vulnerable to Heartbleed.

- Twitter.com is not vulnerable to Heartbleed.

- Amazon.com is not vulnerable to Heartbleed.

- Linkedin.com does not use SSL.

- eBay.com does not use SSL.

- Bing.com does not use SSL.

- Pinterest.com is not vulnerable to Heartbleed

- Ask.com does not use SSL.

- Msn.com does not use SSL.

- Instagram.com is not vulnerable to Heartbleed.

- Tumblr.com is not vulnerable to Heartbleed.

- Microsoft.com does not use SSL.

- Paypal.com is not vulnerable to Heartbleed.

- Imbd.com is not vulnerable to Heartbleed.

- Apple.com does not use SSL.

- CNN.com does not use SSL.

- Craigslist.org is not vulnerable to Heartbleed.

- Reddit.com is not vulnerable to Heartbleed.

- Netflix.com does not use SSL.

- Adobe.com is not vulnerable to Heartbleed.

- Dropbox.com is not vulnerable to Heartbleed.

- Mozilla.org is not vulnerable to Heartbleed.

- Pandora.com is not vulnerable to Heartbleed.

So what's next? Since the announcements of vulnerabilities like Heartbleed, Apple's SSL bug GoToFail, and many more, how can we predict what's next? Well, there really is no easy way other than preparing ourselves for the worst. Vulnerabilities like Heartbleed should heighten our sense of security and the need to be aware of it in our environments. As bad as Heartbleed was, and still is since countless of thousands of websites remain unpatched, it actually marked an improvement in what we consider a critical security hole. Make sure your organization has a plan to patch defects and prevent possible attacks that could compromise your servers. With Heartbleed fresh in our minds it’s the best time to take a look at what the best ways to stay secure are. 

If you'd like help on planning, implementing, and creating security policies contact our specialists at Network Center, Inc. today!

Contact Us Today! 

Topics: Technology Solutions, Network Security, Security, Protection

Browser Based Zero-Day Exploits

Posted by Sean Todd on Apr 29, 2014 1:25:00 PM
Browser image

The web has been abuzz with yet another potential security exploit and the information surrounding it can be confusing. We’ve seen advisories from many sources, and even they are conflicting. Below is the information we’ve been able to identify after sorting through this information in an effort to make it more clear who is affected and what you should do about it.

What is it:
There are actually 2 zero day exploits. One is related to Internet Explorer, and the other is related to Adobe flash.

1. The Internet Explorer vulnerability was identified recently by FireEye and known as ‘Use-After-Free’ vulnerability. It allows hackers to potentially gain complete access to a PC via visiting a website with malicious Adobe flash software on it. In this case, even though Adobe may be patched, IE still has the vulnerability. Outlook, Outlook Express, and Windows Mail are affected as well as they open HTML documents.

2. The Adobe Flash vulnerability has a security update issued today from Adobe and affects all browsers with the Adobe flash plugin enabled. Updating Adobe Flash in IE environments doesn’t make you immune to the IE exploit represented above.

Who is affected:
IE Vulnerability: Internet Explorer versions 6-11
Adobe Flash: All browsers


Adobe Mitigation:

Internet Explorer Mitigation:

IE Zero-Day Advisories:

  • Microsoft Security Advisory 2963983
  • Department of Homeland Security – US-CERT Response
  • ***Updated: Microsoft Issues Emergency Internet Explorer Patch – click here to get the patch

Flash Zero-Day Advisories:

In the end, the best defense is end-user education. Regardless of the fix implemented, there are other exploits that will eventually be uncovered and good browsing habits will help in eliminating their impact.

If you have any questions regarding this Zero Day Exploit, feel free to contact us.

Contact NetWork Center, Inc. 

Topics: Technology Solutions, NetWork Center Inc., Security

Security in Microsoft Dynamics CRM 2013 – How to Handle Exceptions, Part 3

Posted by Sarah Jelinek on Apr 18, 2014 3:00:00 PM

In part one and part two of this series we looked at using Sharing and Teams in CRM to help handle the records that have security exceptions in CRM. In our final part, we will explore the use of Access Teams, a new feature in CRM 2013.

One difficulty with using teams or sharing the records with users or teams is that there is no easy or direct way to see the individuals who have access. You would need to look at Sharing on the record to see those given access. You would also need to view the Team record to see its members, and the person sharing the record would need to decide what permissions to assign the user or team. 

This is where Access Teams will help you easily give users access to the record and see who had been provided access on the form. An administrator would also predetermine the security permissions, so there is less configuration for the user adding individuals to the Access Team for a record.

Setting up Access Teams in Microsoft Dynamics CRM is a process that needs to be completed by someone that can customize entities and forms in CRM. Some of the steps listed presume that the user configuring Access Teams is familiar with these practices and therefore this article will not go in depth in the customization basics.

To use access teams, we will need to complete the following:

  1. Enable the entity or record type to allow the use of Access Teams.

  2. Create an Access Team Template for that entity.

  3. Add a sub-grid to the form of the entity and configure it for use with Access Teams

  4. Add users to the Access Team

First you need to enable the entity or record type for use with Access Teams. This is done within the Entity Definition. The following diagram displays the setting:

1   Enable Access Teams on the Entity resized 600 
There are some limitations to using Access Teams. For CRM Online and On-Premise, the default number of entities that you can enable for auto-created access teams is five. For On-Premise environments, this can be increased via PowerShell.

The next process to complete is to create an Access Team Template. This is used to define the permissions members of the Access Team will have to the record where they are added. With CRM Online and On-Premise there is a limit of two Access Team templates per entity. This also can be increased via PowerShell for On-Premise deployments. Therefore, you could create one template for read access and another template for write access to the record. The following diagram is an example of an Access Team Template:

2   Team Template resized 600

After creating the templates you will need to add a sub-grid to the form of the entity. This is where you will add the members to the Access Team. The diagram below is an example of how to configure the sub-grid:

3   Access Team Subgrid resized 600

Once you have saved and published the changes, you can now open a record for the entity and add users to the Access Team. Adding a user to an Access Team is essentially the same as sharing the record with them. Therefore, the person adding members to this team must have the Share privilege for this record. Here are some other advantages to using Access Teams:

  • The user who adds a new member to the Access Team needs to have the same privileges as the rights you designated in the template. The user cannot grant more privileges than he/she currently has.

  • The users that are added to the team must also have at least User level access to the same privileges that the Access Team template has.

For example, a template may grant a user assign privileges in addition to other privileges. User A needs to have assign privileges to the entity. Therefore, User A cannot add User B to the Access Team in hopes User B will then assign the record to User A. If User A does not have assign privileges, they will not be able to add users to the Access Team using that template.

These rules prevent a user from adding himself/herself to an Access Team to give them more permissions to a record than he/she already has. The following diagram shows the Access Team sub-grid on the Account form.

4   Access Team Subgrid on Account resized 600

Access Teams is a great way to quickly give users access to records that fall outside of the normal scope of records accessible based on his/her security role. While there is a little more configuration involved, it is a secure option that provides your administrators piece of mind when configuring security. Our CRM experts can help you will planning and implementing your Security in CRM. Contact us today.

Contact NetWork Center, Inc. 

Topics: Microsoft Dynamics CRM, Security

OpenSSL Heartbleed Vulnerability

Posted by Eric Kupfer on Apr 11, 2014 11:26:00 AM

Heartbleed virusThere has been a lot of news recently about a major vulnerability discovered in OpenSSL, a popular software library used to secure communications across a wide variety of network devices and applications. Some estimates suggest that up to 2/3  of the devices may be affected by what is known as the Heartbleed vulnerability. 

NetWork Center, Inc. would like our customers to know that we take this information seriously and are working hard to insure we can inform and protect our clients. Technicians are working with our vendor partners and will provide updates to client systems as product patches are released.  

It's understandable that this information is making many people uneasy but if there is good news in any of this, it is that for the most part Windows operating systems (Windows 2003 - Windows 2012 R2, are unaffected. Also, one of the most popular models of firewall devices that we sell, the Cisco ASA devices are listed as unaffected however Cisco continues to vet the their product portfolio.  

While a range of products are potentially affected by this vulnerability, making sure that  Internet facing devices are patched and securing sensitive data behind a firewall (that has been patched, if applicable) can limit exposure. To add an additional measure of security, now might also be a good time to have users update website passwords only if it has been verified that the website is not affected by this vulnerability. There are various tools that check for the Heartbleed vulnerability on the internet and we have included some in the list of links below.

In addition to patching affected systems and updating user credentials we need to remember to remain vigilant against malware contained in email spam. It is likely that email messages will reach our inboxes with dire warnings regarding the Heartbleed vulnerability and directions with ever so “helpful” links to change our passwords. Now is also a good time to remind everyone to never click on links in emails from any source they do not fully trust.

At the bottom of this page, we have included some links that you may find helpful. There is  general information if you would like to read up on the details of the vulnerability as well as web sites that will help test sites to ensure that they are not able to be exploited. 

For up to the minute product and patch updates directly from the vendors, please refer to sites listed below. 

General info:
http://heartbleed.com/
https://isc.sans.edu/forums/diary/Brace+Yourselves+and+your+Users+Clients+for+Heartbleed+SPAM/17939
http://krebsonsecurity.com/2014/04/heartbleed-bug-what-can-you-do/#more-25638
http://blog.digicert.com/2014/04/heartbleed-openssl-fix/
http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/

Site testers:
https://lastpass.com/heartbleed/
https://www.ssllabs.com/ssltest/
http://filippo.io/Heartbleed/
http://heartbleed.criticalwatch.com/

Product specific:
VMware: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2076225
Cisco: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
Check Point: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100173
Microsoft IIS: http://blogs.iis.net/erez/archive/2014/04/09/information-about-heartbleed-and-iis.aspx
IBM: https://www-304.ibm.com/connections/blogs/PSIRT/entry/openssl_heartbleed_cve_2014_0160?lang=en_gb
DigiCert Testing tool: https://www.digicert.com/heartbleed-bug-vulnerability.htm
Trend Micro: http://esupport.trendmicro.com/solution/en-US/1103084.aspx
Zix Corp: https://support.zixcorp.com/link/portal/16033/16036/Article/838/Are-any-of-ZixCorp-s-Products-affected-by-the-recent-OpenSSL-vulnerability-HeartBleed
Veeam: http://www.veeam.com/blog/do-i-need-to-be-worried-about-the-ssl-heartbleed-vulnerability.html

Subscribe to our NetConnect Blog to receive emails as more information is posted. 

 Subscribe to NetConnect Blog

 

Topics: NetWork Center Inc., Security

Security in Microsoft Dynamics CRM 2013 – How to Handle Exceptions, Part 2

Posted by Sarah Jelinek on Apr 4, 2014 4:45:00 PM

In part one of our series on handling Security Exceptions in CRM, we discussed using Sharing to grant users access to records that do not fall under the scope of access granted by their security roles. In part two, we will look at how to create a team in CRM, assign it to a security role, and finally assign a record to a team.

Teams

First, we will need to create the team. To create a team in CRM, do the following:

  1. Navigate to Settings – Administration – Teams

  2. The default view is Local Business Teams. This will display all the teams that exist in your business unit. To view all the teams in your organization, click on the view name and choose All Teams

  3. Click New to create a new team

    1   New Team resized 600

  4. Provide appropriate values for the fields

    • Team Name (required) – use this field to identify the purpose and/or membership of the team. For example, “Department Managers”, “High Priority Support Team” or “Enterprise Sales”

    • Business Unit (required) – select the business unit for which this team will be a member. If you are assigning a security role to the team, select the Business Unit that has the security role you wish to assign. The members of the team do not need to belong to this business unit

    • Administrator – this is the person that is primarily responsible for the team

    • Team Type – you have two options, Owner or Access Team. We will discuss Access Team in another post. For this example, select Owner

    • Description – enter a summary describing the intended purpose of this team

  5. Click Save to create the team record in CRM

  6. Once the record has been saved, you can add team members using the sub-grid on the form.

    2   Add Team Members resized 600

You can add users from other business units to this team. If your security structure is designed where users can only view records for their business unit, you can add them to a team from the business unit that contains the records you need to access.

For example, User A is a member of the West Region business unit. This user needs to have access to some accounts in the East Region business unit. User A’s current security role only allows business unit access to accounts. This means that User A can only access accounts that are part of the West Region. By adding User A to a team from the East Region, they will have access to accounts that the team does.

Teams can own records in CRM. This was a feature that was introduced in CRM 2011. In order for a team to own a record, it does need to have a Security Role assigned. To assign a Security Role to a team:

  1. With the team record open, click More Commands

  2. Click Manage Roles from the list that appears

    3   Manage Roles resized 600

  3. On the Manage Team Roles dialog, select one or more security roles that you wish to be assigned to the team.

    4   Manage Team Roles resized 600

  4. Click OK

Now that you have a team with a security role assigned and members added to the team, you can now assign records to that team. To assign a record to the team, do the following:

  1. Open the record that you want to assign to the new team

  2. Click Assign on the command bar

    5   Assign the Record resized 600

  3. On the Assign dialog, select Assign to another user or team radio button

    6   Assign Dialog resized 600

  4. Click on the Lookup and search for and select the appropriate team

  5. Click OK

Once the record has been assigned to a team, all the members of that team essentially own the record and will have access to it. They will now be able to see it in lists of records. The actions or privileges they have to the record will depend upon the security role assigned to their team.

Our CRM experts can help you will planning and implementing your Security in CRM. Look for our next article where we feature using Access Teams in CRM as another option for handling Security Exceptions in Microsoft Dynamics CRM.

Contact NetWork Center, Inc. 

Topics: Microsoft Dynamics CRM, Security

Convenience & Security: You Can't Have it All

Posted by Tyler Voegele on Mar 21, 2014 3:30:00 PM

In today's world almost everything is done through the Internet, which means that our security is more at risk than ever. Identity theft, corporate espionage, and financial loss are just the tip of the iceberg when it comes to thinking about security. Many people and companies try to balance the need for online security and convenience to access what they need. In a perfect world, we would be able to have both, but usually when you have the most convenient approach, security is at risk and vice versa. If businesses take the safest approach they take the stance of "locking it down." This is when users have access to little to nothing without administrative privileges. It makes it easy for management purposes and is by far the safest, but at some cost of user productivity.

Security lockImplementing security practices in the business environment requires a lot of careful consideration for how the business functions and accesses information currently. If you take the "locking it down" approach, then you may stifle the productivity of end users, but not properly practicing security measures could leave you wide open to attacks.

To have a proper, secure system in place there needs to be a number of technologies used to provide a certain amount of system hardening to successfully secure information. Most companies already have the hardware and software to accomplish the most needed security measures, but they need to configure them properly to use them. Passwords, user accounts, e-mails, network access, file shares, and wireless access are a few things that should be taken into account when incorporating security measures. 

When talking about convenience vs. security, usually a hot topic is passwords and how they should be handled. We can relate this to a house. It would be convenient if there was no door and you could walk in, but you also want privacy and to prevent strangers from entering, so you have a door. Of course, other people can also open the door, so you have to go further and put a lock on it. Now you have a secure home, but you have to unlock and then open the door to enter your home. This seems like an acceptable balance between convenience and security, but how do we reflect this balance in our digital life? Strong passwords can cause problems among users, but simple passwords provide easy access for unwanted people.

If you do implement security practices and measures you have to make sure users find practicality with it. If something is inconvenient, it is human nature to find a way around it or stop doing what is required altogether. How can you achieve a balance of security and functionality with ease of access? The first step is to understand your users' needs, internal policies, and how the business runs as a whole. Throwing hardware and software into an environment will not make it more secure unless there is an understanding of how the business accesses day to day information. Protective measures require you to always be changing, but if you take a comprehensive look at how the network runs, you can reduce the work you will have to do.

security comic
The next step for implementing a more secure and convenient network is implementing changes slowly. Introduce new security changes and policies slowly to users so they can continue to work as efficiently as possible. Explaining the benefits rather than inconveniences and administering them slowly makes more sense for everyone when implementing. Looking at what really matters and putting effort into securing parts rather than the whole network will ease the process.

In conclusion, you should look at securing the data where it is rather than securing the data in transit. Also think about requiring strong passwords that can be easily remembered and have to be changed every few months. Educating users can be one of the best investments for a company as well. If users know what to do and what to look for, risks can be mitigated. If you work toward better practices and take a full overview of your network, you'll find a successful marriage between the most secure environment and most convenient for everyone's benefit.

If you have questions or concerns about your security practices you can contact our experienced staff at Network Center, Inc. today!

Contact NetWork Center, Inc. 

 

 

Topics: Technology Solutions, Security, Security Technologies

The End of Windows XP

Posted by Tyler Voegele on Jan 27, 2014 4:25:00 PM

Windows XP has had a long run—12 years in fact—but it's time to move on. April 8th, 2014 is the final day that Microsoft will stop all support for Windows XP. Considering how long XP has been around and the number of years before technology usually is surpassed, it has run its course. If you haven’t already, you should seriously consider updating or replacing all machines running the Windows XP operating system.

What does this all mean for XP, and Why Is Microsoft Discontinuing Support?

The first Tuesday of every month is dubbed Patch Tuesday, which is when Microsoft releases all patches, hot-fixes, and service packs. After the first Tuesday in April this year, Microsoft will stop continuing the release of those patches for XP along with all the technical support for it. This means that XP will grow increasing less secure as time goes on.This includes versions of Internet Explorer and Outlook Express that run on XP.

With no security patches being released for XP, it will become a giant target for cybercriminals who can exploit the security holes that will emerge. Since the new operating systems from Microsoft were built off of the Windows XP codebase, many of the vulnerabilities that could be exploited in the recent versions could in fact be exploited in XP.

Windows XP pie chartThere are still XP machines everywhere that sometimes get overlooked such as POS systems and even some ATMs from banks in the U.S. that run an embedded form of XP. As you can see from the chart, XP still holds a large portion of Operating Systems being used. This should be a big concern for users, and also businesses that run XP. 

If you are wondering why Microsoft is finally letting XP go, just think about how old the technology is. Windows XP is a very old operating system that had its code built well over 12 years ago. Rather than have Microsoft patch the system that is already old and flawed, they released newer operating systems with better written code and kernel structures. It is far more secure and harder to exploit a newer Operating System that is built with security fixes and other optimizations in mind.

Should you upgrade and what will happen if you don't?

The short answer: yes. You should upgrade or plan to do so as soon as possible. If the discontinuing of Microsoft security patches didn’t scare you, ask anyone who deals with security and they will tell you that upgrading should be the only option. However, we also all know there will be some who continue to use XP.

Microsoft Windows XP crossed out logoIf you are stuck with XP for some reason and you really do need some solutions to support you, there are some anti-virus programs that will continue to support XP even after its support from Microsoft discontinues. Bitdefender, ESET, and a few other anti-virus suites have announced that they will provide updates for XP until the year 2016. It was also released that Microsoft Security Essentials for XP, will keep updating and supporting it until July 14, 2015. 

Also if you have to stay on XP you should plan on using third-party software that continues support. For instance, instead of using Internet Explorer you will have to use an alternative such as Firefox or Chrome who will continue support for a limited time.

You may also consider application whitelisting as an option if you must use Windows XP. This should not be a reason to stray from upgrading because XP will still be vulnerable. Even though Microsoft and other anti-virus vendors may offer a limited shield of defense for XP, it would be much more cost effective to upgrade. For businesses, it may look like a large task that costs a lot of money, but if you don't upgrade you may suffer a larger loss.

In conclusion, if you haven't thought about the effect that Windows XP could have on you or your business you should start planning now. You may have to take some risk assessment of the machines that still run XP. What would happen if those machines were not available anymore? What if those machines spread malicious software throughout your entire network? These are questions that you may have to ask if you stay with XP.

This not only reminds us of how we should be practicing better security measures, but how we need to plan and implement our technical infrastructure to optimize how we work. If you have any questions about planning, implementing, or maintaining your technical infrastructure, contact our experienced staff.

For more information on the anti-virus products that have given some dates on planning to provide support for XP, please take a look at the below list and visit www.av-test.org for updated results.

Manufacturer

 

Support Information

Agnitum

No end of support announced; support available for at least 2 more years (1)

AVG

No end of support announced; support available for at least 2 more years (1)

Avast

No end of support announced; support available for at least 2 more years (1)

Avira

Support will end on 8th April 2015 - further details...

Bitdefender

Support for home-user products available until January 2016; support for corporate products available until January 2017 (2)

Bullguard

No end of support announced; support available for at least 2 more years (1)

Check Point / ZoneAlarm

No end of support announced; support available for at least 2 more years (1) - further details...

Comodo

No end of support announced; support available for at least 2 more years (1)

Emsisoft

Support available until at least April 2016 (2)

ESET 

Support available until at least April 2017 (2)

Fortinet

No end of support announced; support available for at least 2 more years (1)

F-Secure

No end of support announced; support available for at least 2 more years (1)

G Data

Support available until at least April 2016 (2)

Ikarus

No end of support announced; support available for at least 2 more years (1)

K7 Computing

No end of support announced; support available for at least 2 more years (1)

Kaspersky Lab

support will continue at least until 2018 for consumer and at least until 2nd part of 2016 for business products (2)

Kingsoft

No end of support announced; support available for at least 2 more years (1)

McAfee

No end of support announced; support available for at least 2 more years (1)

Microsoft (Security Essentials)

Support will end on 14th July 2015 - further details...

Microworld

No end of support announced; support available for at least 2 more years (1)

Norman

Support available until at least January 2016 (2)

Panda Security

No end of support announced; support available for at least 2 more years (1)

Qihoo 360

Support available until at least January 2018 (2)

Quickheal

No end of support announced; support available for at least 2 more years (1)

Sophos

Support will continue at least until 30th September 2015 (2) - further details...

Symantec / Norton

Products support Windows XP, no end-of-life decision has been made yet

Tencent

No end of support announced; support available for at least 2 more years (1)

ThreatTrack / Vipre

Support available until at least April 2015 (2)

Trend Micro

Support will end on 30th January 2017 - further details...

Webroot

Support available until at least April 2019 (2)

(1) These manufacturers have not yet announced the cancellation of their support for these products on Windows XP systems but have instead stated that they will continue to provide support for this platform for at least two more years.

(2) It is possible that these manufacturers will further extend the duration of their support if the market demand remains high enough.

Topics: Technology Solutions, NetWork Center Inc., Security

Transparent IT - File Sharing in the Mobile Age

Posted by Sean Todd on Jan 17, 2014 4:40:00 PM

enterprise mobile devices 2011As we become a more mobile workforce conducting business outside of the traditional office, intellectual property becomes harder and harder to protect. We no longer only need to worry about encrypting a laptop hard drive or making sure someone has secure access to a server via a VPN so they can access their shared drive, but now we are faced with more avenues outside our physical walls on which our information travels, secured or unsecured.

As business professionals, we can choose to turn a blind eye and assume that our information is secure because we haven’t officially authorized anyone to use something other than their company issued workstation thus eliminating concern. In reality, should we choose to do nothing, we are leaving a gaping hole in our document security as more and more employees are turning to their own consumer technology to conduct everyday business. More than half of a survey of 4000 office workers admitted to working on business content on personal devices. Truly alarming if you think of the implications of losing data on a device on which you have no control. This means statistically speaking, more than 50% of your employees have company information on their personal devices and you can’t do much about it without proper controls in place.

box LogoSo how can we protect this information? The bigger answer includes a multi-tiered approach, but if we are focusing on documents and document sharing alone, then we’ll look at an enterprise grade file sharing service. Insert Box. This enterprise grade file sharing application is easy to setup, deploy, and manage allowing us to effectively and efficiently control access to our beloved documents.

Box has applications for iPhone/iPads, Android, Windows Phone, Blackberry, Mac, and Windows meaning whatever the platform you’ll be sure to get seamless integration translating to less of a learning curve for end users who are already used to this type of technology. Users can sync their documents directly to Box, and immediately have it available on all devices they have registered. From the office to the field and from the field back to the office the data is easily accessible. Even better, you have the ability to control the types of devices, how many per person, and whether or not documents can be downloaded to these devices. If documents are downloadable to mobile devices, you are able to force passcodes on the Box app restricting access to anyone without authorization.

mobile file sharingThere are several ways to share files with third parties. Among them include: sending a hyperlink via email and allow it to be publicly accessible; sending a hyperlink and allow it to be opened via a pre-set passcode you would share; or simply allowing others with Box logins access to the folder or file directly. Of course this is just scratching the surface of the collaboration features available.

Unlike similar competing products, data security considerations are second to none. Your data is encrypted during transit with high-grade SSL and at rest with 256-bit AES. Box data centers are SSAE16 Type II and Safe Harbor certified as well as HIPAA compliant.

In the end, your data is only as safe as the habits of your end users. By providing an easy to use file-sharing solution you encourage your employees to use company adopted applications upon which you have a great deal of control while at the same time preventing IT from becoming a road block to productivity. If you have any questions about mobility solutions or secure file sharing, contact NetWork Center, Inc.

Contact NetWork Center, Inc.

Topics: Technology Solutions, Mobile Device Management, Mobility, Security

How To Shop Securely Online

Posted by Tyler Voegele on Dec 13, 2013 5:00:00 PM

online shopping resized 600It's that time of year again. Snow, holiday music, family, and of course holiday shopping. If you're like me, maybe you do most of your shopping online because, let's face it, sometimes it's easier to buy online than wade through a crowd for an unknown amount of hours. One thing you may not give much thought about when shopping online is internet security. As we all start shopping and purchasing online we use a lot of our personal information to complete these transactions. Do you know if the site is secure? If your data is secure? Your identity? More people purchase online during the holidays than any other time of the year. This brings out all of the people who could exploit you or steal your data. It’s always important to use the best security practices when buying online.

I’ve outlined the top 10 ways to keep yourself secure for holiday shopping online.

1. Update Your PC, Laptop, or Device

Keeping your browser and anti-virus up to date, and making sure your Operating System has the latest patches should be first on your list. They keep you safe from possible malware and viruses that could infect your system.

2. Shop online with familiar retailers 

If you think that it might be suspicious then chances are it probably isn’t legitimate. A lot of companies like Target, Amazon, and many other retailers are recognizable and have online sites. If you aren’t sure about the validity of a site, use www.urlvoid.com or others like it to check. Also, here is a good article on identifying fake shopping sites.

3. Site Security

When you are shopping online make sure the site has HTTPS or a padlock when finalizing your transactions. If you don’t see those items in your browser's URL it probably is not safe to enter your information.

shopping security1 
4. Site privacy

Not only should you worry about what reputable companies do with your data, but you should also make sure they handle your data properly. You can look for a privacy policy and learn about whether the company will use your information in ways you don’t want shared. If a site shares your email address to other companies it could open your email up to get spam linked with malicious items.

5. Install a Phishing Filter and other helpful extensions to your choice browser

Using phishing filters and extensions can be useful tools to keep yourself safe online. If you save your passwords in your internet browser, you could download an application like LastPass. There are many extensions for each type of browser that assist with URL checking, credit card safety, password security, ad blocking, and others that can check your browser for exploits.

6. Password Complexity

We talk about this one all the time, but it should always be addressed. Make sure the passwords you use for your shopping sites are secure. If you have simple passwords then it’s much easier to obtain your information. While using passwords it’s also safest if you don’t automatically save them into your browser. Also, let’s all agree that writing your passwords on sticky notes is just a bad idea.

7. Mobile Shopping

Be extra careful when shopping from a mobile device. Sometimes using dedicated applications from businesses is more secure than using a mobile browser. If using an application make sure it’s legitimate because there are many created with malicious intent. One rule to always follow when using a mobile device to buy online is to never do it while connected to a public Wi-Fi. This allows the possibility of everyone seeing what you are doing.

8. Use your own devices

I think we all know this is pretty self-explanatory. Don’t use machines or other devices that you don’t own. Your information can be saved or even be tracked if using a public PC. Take the safe route and always do your shopping on your devices.

9. Watch out for scams

If it sounds too good to be true, it probably is. No business is going to randomly give free gifts online or have a 80% off sale. Be aware that email scams and deals will be all over, especially this time of year. They try to get you to enter personal information to obtain what they need. Even if you believe an email or site to be legitimate, always proceed with caution.

online shopping2 resized 60010. Be careful of what you use for payment.

Using debit cards and credit cards are one of the two biggest options when paying online, but which is better? Most of the time credit cards are the safest bet. Credit companies have policies for fraudulent charges if you happen to have your card stolen online.  

Make sure that you use these tools to have a safe and happy holiday season. The most important tool you will always have is a good dose of common sense. Shopping online is easy and convenient, and hopefully you can use what you’ve read to be confident that you are secure. The final step to any holiday season is to enjoy it!

Happy Holidays from all of us at Network Center, Inc.!

Topics: Technology Solutions, Network Security, Security

Getting Granular with Security Policies and Procedures

Posted by Jeff Bolstad on Nov 1, 2013 5:28:00 PM

Secure NetworkIn our previous post, Tyler gave a great overview of different aspects of IT Security, and mentioned a top-down approach. Let’s look at IT Security as starting at the broadest point, security implementations that have a single point but affect the entire network. Then moving to devices and practices that affect the entire organization but have multiple points of implementation. And finally narrowing it down further to items that affect specific items, whether it is a unique group within the company, or specialized hardware and software.

A great place to start when reducing a network’s vulnerability is securing it against outside threats. There are a multitude of options that add a layer of protection. These options include hardware appliances such as firewalls, intrusion prevention systems, mail filters, and web filters. Some options can also be offered as part of a cloud-based solution. This is especially true of the last two items listed, but this also entails relinquishing a certain amount of control over these systems.

Moving down the list of possible security measures, there are a number of options that can be implemented and managed from a single point, but have multiple points of failure. Included in this group are more familiar methods like anti-virus and anti-malware products, user training, and application and operating system patches. I say multiple points of failure because protection can fail based on the individuals or machines. Anti-virus is one of the most common options mentioned when it comes to protecting a network, but it cannot protect a network alone. Proper configuration can go a long way in mitigating damage.

Network SecurityAn increasingly prevalent area of security concern is managing mobile devices. This becomes especially true as more users are allowed to bring personal devices into the workplace. This introduces concerns of lost or stolen devices, company data being exposed over an unsecured network, ownership of information, whose responsibility it is to support those devices, and separation of home/work functions on these devices. End user device policies help address a number of these issues, and services such as MAAS 360 allows for greater control and security over both corporate devices and those provided by the end user. Another option for mobile devices, predominantly laptops and tablets, are VPN connections back to the corporate network. These machines can also benefit from measures such as whole disk encryption and TPM.  These are all great possibilities for improving security, but are ineffective if employees don’t take the proper precautions as well.

Employees can make or break security as easily as anything. Proper training will mitigate a vast amount of problems you can encounter, provided employees adhere to the new policies. This includes proper procedures for securing unattended devices, procedures for reporting lost/stolen devices, and acceptable use of company resources. Having to spend five minutes talking to a user about an email attachment they’re unsure of beats two hours of cleaning up an infected machine, or worse an infected server.

Luckily, through the use of administrator defined policies, choices can be taken out of the hands of end users, preventing files in certain locations or with certain extensions from being executed, limiting access to potentially damaging websites, and limiting access to company data, among other options.

Network SecurityRemaining security measures should fall solely to IT ideally. These include user account security, server and application hardening and patching, and keeping third party applications properly patched. This can be achieved on a machine by machine basis or through the use of products such as WSUS and Shavlik.  Additionally, once these policies are in place, regular monitoring and review of polices should take place.

You can of course drill down into more and more specific security measures, but this must be balanced against the resources needed to implement them. Not all of these options are feasible for all organizations, but through identifying those with the greatest benefits, security can be vastly improved for a corporate environment. A regular review of your security measures will allow your security to evolve as the threats faced do.

If you have any questions about network security, please contact NetWork Center, Inc.

Contact NetWork Center, Inc. 

Topics: Technology Solutions, Firewall, Security, Protection, Security Technologies

Getting Serious About IT Security

Posted by Tyler Voegele on Oct 25, 2013 5:15:00 PM

We can all agree that the Internet, PCs, mobile devices, servers, and other equipment are essential to everyday business, and without them we would not be able to complete our work. Also, everyone knows by now the impact and multitude of viruses, malware infections, and even hackers that can affect our businesses. It's no secret to how much money can be spent on these problems to try to properly resolve them, so why don't we give it as much attention as any other area? We need to be more proactive in our view towards security. More often than not, the only time we think about security is when it is already too late.

Let’s take a look at some statistics to make more sense of how breaches are effected today:

IT SecurityIT SecurityIT Securityhttp://www.verizonenterprise.com/DBIR/2013/

What are your biggest concerns with IT security? Preventing data loss? Preventing outages? Keeping security up-to-date? To better understand you have to determine where your valued assets lie or maybe you want to focus more on certain parts of your business structure. I like to think of security in three seperate layers. It may be an oversimplification, but it's easier to understand where you should focus time and energy when starting to get serious about security. One of the first road blocks many people come to find when beginning to secure the entirety of their network is where extactly to start.

1. External Network/Edge Devices
2. Core Network/Server Structure
3. Endpoint Devices/BYOD 

As I mentioned, this is a very broad view into your network, and at some point we have to look at cost of dealing with security breaches and spending money to be more secure. Let’s say you want to go with the top-down approach. It is a more comprehensive strategy towards IT security and is definetly not the only way it can be done. I’ve outlined some key steps that I think are very important and the components that are involved in each step.

1.       Create Security Policies and Procedures

This is by far one of the most important and hardest steps you will do. You should create an overall security policy document, BYOD security policy, and determine an action plan for an overall security audit, and also establish a risk management framework and determine the level of risk the business is willing to tolerate. After developing these policies you have to train the staff to adhere to them. Training staff is equally as important as sticking to a training schedule.These documents should always be continuously updated to make sure you can adapt to future security needs. After completeing documenation and an action plan you’ll be better equiped at knowing where to spend time, focus resources, and tackle the big projects. Preparation and adaptiveness are the keys to security success.

2.       Inventory Equipment and Data

Finding old, outdated, or decommissioned equipment and replacing or removing it is important to keeping vulnerability out of the business. Eleminating unnecessary or old data, starting to keep track of what you have, and whether or not it is secure is important to keeping data loss to a minimum. Creating an inventory of what equipment is in the network and asset tagging equipment helps logging and maintentence which is the last step.

3.       Fix Secuirty Holes and Update Equipement

Run tests to see where the security flaws in your network are. Having external auditors run tests both internally and externally is a good idea. Updating software, firmware, operating systems, and antivirus are usually a top priority. Applying security patches when needed and creating secure configurations throughout the network is also important. Create a maintenance window for all equipment and devices you've done, getting up to date. Protect your network against external and internal attacks. Manage the network perimeter of devices at all locations. Create filters for unwanted access both internally and externally.

 4.       Harden Network Security

You’ve probably already documented the policies for most of this step. They may include locking down the operating system and software you run. Creating Group Policies for workstations, servers, and users might also be part of  your policies and is also important. Locking down firewalls and other network equipment is probably one of the most important steps to hardening your security. Why? At least 92% of attacks originate from the external facing part of your network. Put in place policies to disable features that allow users to either remove, disable, or inhibit the functions of a firewall and virus protection suite. Managing user privileges, management processes, and limiting the number of privileged accounts is important. Preventing data loss by creating secure backups is a must to save you in case of critical failures.

 5.       Protecting Mobile Users and Endpoint Devices

Securing users that authenticate from the external world is a must. PCs and other media used to access internal resources need to be as secure as the servers themselves. Manage risks related to the use, processing, storage, and transmission of information or data. Data needs to be kept safe and made sure it is not lost or stolen. Apply a security baseline to all devices. Protect the data in transit as well as outside the network. Those who log into the business through mobile means must have guidelines and restrictions in place to prevent any possible data loss.

 6.       Stabilize and Monitor

Establishing a monitoring strategy is important to maintain support of the policies you’ve created and preventing further exploits that could arise. Continuously monitor the network and analyze logs for unusual activity that could indicate an attack. This is were having an IDS or IPS helps immensly. Without de-emphasizing prevention, focus on better and faster detection through a mix of people, processes, and technology. Tentatively monitoring users can be the difference between pinpointing malicious intent whether intentional or unintentional. Further educate the users of the business to keep policies in check and to make sure they are understood.

IT Security
There is no way to absolutely prevent everything from happening. We can only strengthen our ability to try and detect, prevent, and fix threats that can slip through our defenses. Attackers don’t rely on a single tactic to breach your defenses and neither should you. Remember, there is no “one-size fits all” strategy and many of the things I am suggesting are a great start to a security plan you can implement.

Keep an eye out for the next security blog posts defining more detailed approaches to the top-down approach I explained in this post.

Questions? Comments? We’d love to hear from you! Leave a comment or email us with your questions and we will gladly respond!

 Contact NetWork Center, Inc.

Topics: Technology Solutions, NetWork Center Inc., Email Security, Network Security, Data Backup, Firewall, Security, Security Technologies

Wireless Data Security: How to Keep Your Wireless Devices Safe

Posted by Tyler Voegele on Oct 4, 2013 4:00:00 PM

wireless securitySince most of our work is done through wireless technologies like laptops, desktops, tablets, or other mobile devices, they need to be secured just as we take precautions with wired networks. Basic security includes the use of Service Set Identifiers (SSIDs), open or shared-key authentication and optional MAC address authentication. Each of these features has some level of access control and privacy, but they can be compromised by attackers as well.

Basic Security

SSID is a common network name for the Wireless Local Area Network (WLAN). By default, most access points broadcast the configured SSID in its beacon. Even if the broadcasting of the SSID is turned off, an attacker can detect the SSID through monitoring on a network. The first step you should always take, whether it is a home or business wireless setup, is to configure the SSID and hide it from broadcasting. When wireless technologies were first developed the need for security created the Wired Equivalent Privacy (WEP) protocol. This was the original encryption protocol developed for wireless networks. WEP encryption can use a pre-shared key to connect to your network. Due to security flaws in this encryption and how easily it can be cracked, it is recommended to use a different encryption. Some WLAN access points support authentication based on the physical address, or MAC address, of the client’s network interface card (NIC). MAC authentication can also be compromised as addresses can be mimicked, or spoofed, to gain access to the network. When configured, an access point will only allow client access if the MAC address matches its MAC address configured in the authentication table.

Advanced Security

The more secured forms of security include WPAv1 or WPA2. The WPAv1 (Wi-Fi Protected Access) security method, sometimes called WPA-personal, uses MIC (message integrity check) to ensure the integrity of messages, and TKIP (Temporal Key Integrity Protocol) to enhance data encryption. TKIP uses the RC4 cipher with 128-bit keys for encryption and 64-bit keys for authentication. By encrypting data with a key that can be used only by the users, TKIP helps to ensure that only they can connect to the WLAN more securely. TKIP encryption can generate up to 280 trillion possible keys for a given data packet.

The WPA2 security method uses the more secure Advanced Encryption Standard (AES) cipher instead of the RC4 cipher used by WPA and WEP. Unlike WEP, which uses a key stream acting across a plaintext data input stream for encryption, AES encrypts bits in blocks of plaintext that are independently calculated. The AES standard specifies an AES block size of 128 bits with three possible key lengths 128, 192 and 256 bits. If you use older technologies it makes it that much easier for attackers to gain access to the network and data inside. Security algorithms such as WEP and WPAv1 can be cracked with readily available tools on the web.

Steps toward Better WLAN Security

So how do you best secure your wireless networks? The following suggestions can be the starting steps to helping you form a layer of security for your WLAN:

wireless securityUnique SSIDs and SSID Broadcast

Changing the SSID name may not seem important, but it helps prevent attackers from scanning for standard SSID names that vendors have for basic setup. A simple measure can also be taken to attempt to secure a wireless network by hiding the SSID from broadcasting to devices with wireless capabilities. This provides little protection against attackers but can avert casual intrusion methods.

Complex Passwords

Attackers can use cloud computing resources to test millions of passwords in minutes, so wireless password should be a considerable length and include special characters to make it harder for attackers to gain access. The more complex the password becomes, the harder it is for attackers to crack the password to gain access.

Authentications Strategy

You want to use the most secure and up-to-date authentication methods available such as WPA2. To prevent something like MAC address spoofing, you can set up MAC filtering to only allow authorized computers with the addresses you provide. If you are using WPA2-PSK you are using one of the most secure authentication methods available, but if you share the Pre-Shared Key with everyone, they may share it with others causing a security risk. Remember that any user, once authenticated, can see any of your network traffic. If an employee leaves the company, they may retain your network key—allowing them to later decrypt your traffic or access the network. For larger organizations it may be feasible to consider using a certificate-based authentication mechanism or server based authentication so that each user has their own managed credentials.

Manage Visitors and Restrict Traffic

If you are a business that needs to provide guest access, consider offering a separate network with restrictions on what guests can access. A hotspot registration portal can be an easy way to restrict access without a lot of administrative effort. Wireless solutions should enable you to easily deploy such networks, allowing visitors only access to the Internet and keeping them away from corporate services. There are also ways to separate their network traffic from your corporate network creating a VLAN (virtual LAN) when they are authenticated.

It should never be assumed that wireless networks are 100% secure. Those in regulated industries should consider additional monitoring techniques through IDS/IPS, NAC (Network Access Control) and log reviewing to ensure added layers of security and intrusion detection.

If you would like to know more about wireless and wireless security, contact your network security specialists at Network Center, Inc. today!

Contact NetWork Center, Inc. 

Topics: Technology Solutions, NetWork Center Inc., Mobility, Security, Security Technologies

Better Endpoint Protection: Hardware Firewall Security

Posted by Tyler Voegele on Aug 26, 2013 11:15:00 AM

Every business needs a firewall or some form of protection from external threats. Firewalls can protect from external, malicious users, network infections, and packet flooding attacks from reaching the internal resources of your network. They can also prevent your users from connecting to things that may harm the network.

With all kinds of hardware security technology out there, it can be a little challenging to choose which device is right for you. When thinking about upgrading or strengthening your security at the Internet facing part of your network, there are several things to take into consideration.

Firewall TypesSecurity Technologies

There are three types of firewalls: stateless packet filtering, stateful packet filtering, and application-layer firewalls. Each of these provides filtering at different levels within a network. Packet filtering firewalls allow only packets to pass, which are allowed as per your firewall policy. Every packet has information contained inside, such as its source, destination, port ranges, etc. Each packet passing through is inspected and the firewall then decides to pass it or not. The packet filtering can be divided into two parts: stateless and stateful.

Stateless:

If the information about the passing packets is not remembered by the firewall, then this type of filtering is called stateless packet filtering. Every packet that passes through this type of firewall is handled on an individual basis by the set of rules that were set up manually. Previously forwarded packets belonging to a connection have no bearing on the filter’s decision to forward or drop the packet.

Stateful:

If the firewall remembers the information about the previously passed packets, then that type of filtering is stateful packet filtering. The packet filtering firewalls inspect these TCP or UDP packet streams to allow or deny them. Stateful packet filtering firewalls also monitor the state of a connection and gather the information about it. With this intelligence, the firewall can not only make decisions based on the defined rules but also make decisions from prior packets that have passed through it.


Application-Layer

Application-layer firewalls, or proxy-firewalls, do not just look at the packet data; they also look at the actual data that is being transported between the application-layer. They know how certain protocols work, such as HTTP and FTP.  Since they are application-aware and inspect the contents of the traffic, you are able to block specific content such as websites, viruses, or software. They can then look to see if the data that is in the packet is valid for specific protocols, and if it is not, it can be dropped.


Other ConsiderationsSecurity Technologies

The first thing to ask yourself when you are deciding on a firewall is what are you are trying to accomplish. Whether you want a firewall that handles stateful-packet inspection, or a firewall with extra features such as IDS and IPS built in, there are options for them all. You will want to clearly identify what is important to you and figure out where the bulk of your security needs lie. With so many different options for firewall technologies, there are also a lot of features to think about. Below are just a few features that are worth considering:

  • Monitoring and Reporting

  • Spam Filtering

  • High Availability

  • URL Screening

  • Anti-Virus

  • Bandwidth Sizing

  • Layered Security

  • Remote Connections

  • Physical Interfaces

  • Intrusion Detection

  • Intrusion Prevention

  • Web Caching

When you compare the costs of different firewalls, you also need to take into account any of the extra costs associated with the features that you will want to implement. If you choose a firewall with specific features and capabilities, there can sometimes be an extra fee in licensing.

If you're in the market for a new firewall, take some time to identify the needs you are looking for. Firewalls are still one of the best ways to protect yourself from any threats to your network, and with so many options you can do almost anything. If you have any questions or want to know more about firewall security, please contact NetWork Center, Inc. 

Contact NetWork Center, Inc.

Topics: NetWork Center Inc., Network Security, Firewall, Security, Protection, Filtering, Security Technologies

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all