Affordable Unified Threat Management and Defenses In Depth

A Story about the need for Unified Threat Management in Small Businesses

Unified Threat Management UTM Threat LandscapeLet me guess, you're probably on your computer about two or three hours a day. Then again, if you work on a computer at home or in a small business, you may spend the majority of your day on a PC or workstation. Now, all that time you spend typing, surfing, downloading, reading, and sending, I hope you're taking some basic security precautions. After all, the last thing you need is a Trojan horse or irreversible virus destroying your system or worse stealing your data.

"This can be a headache and a half. Not only can it ruin your work, but it can cost you your entire hard drive, and quite deviously an empty bank account" says Johannes Banck, CIO and continues "There's no doubt you need some decent e-mail security, web filters, and anti virus protection. Collectively known as Unified Threat Management (UTM)."

Why bank accounts? I do not know about you, but I receive many official looking e-mails from the Postal Office, PayPal, Verizon, BoA, the IRS and many others. DO NOT open them or click on a link in them. If you were, a malicious piece of software would be installed on your computer, unknowingly to you and perhaps untraceable, that most likely contain a keyboard logger to record your banking credentials. On the Cyber-criminal market these credentials would fetch between $10 and $20 and criminal vendors even provide money-back guarantees. End-result, your banking account is empty.

Here is an example of links that are embedded in these official looking fake e-mails. DO NOT click on them, although I have taken precaution that these links are not good:

#malicioussites#com/BadLinkHYfgma9c/index.html
#maliciousmatcherup#com/BadLinkBZBmikS1/index.html

Even to the untrained eye these URL's look bad especially in a PayPal e-mail. But this is also an example of a poorly designed malicious link. More sophisticated means exist to camouflage the malicious URLs.

By-the-way, what about the unlucky businesses that own these two websites? Their web servers have been hi-jacked and are now being used by cyber criminals to steal other peoples money. Not good for their reputation.

In this separate article I discuss how to Keep Spam and Internet Threats Off Your Network - Simple and Affordable Threat Protection for Small Business

Last month the son of a client, let's call him Kyle, got hit hard. Not by some drunken shmoe in a smoky bar either. I'm talking about in his own home. That place where you feel safe and comfortable. Unfortunately security had been lacking when it comes to the wild web. Or at least it seems this way at times. Kyle was doing his usual web browsing or was he on BitTorrent a peer to peer file sharing service notorious for bad files? Then suddenly it happened. Just as he downloaded some computer screen wallpaper, his screen went fuzzy. What was the deal? Kyle was certain he had excellent anti virus protection. How could he get smacked out of nowhere by some random computer virus? Well, sadly his laptop was not the same. He shut it down and tried to restart, but it would not comply. It was time to consult a Computer Systems Technical Support professional.

In the end it was determined that the virus had embedded itself so deeply into the computer system that it would be most cost effective to "wipe out" the operating system and re-install everything. Fortunately Kyle had backed up his most important school papers and music. Had he not, we would have been probably able to do "magic" with some of our software recovery tools. But that is only worthwhile if the files to be recovered have a high value to justify the time spent.

After re installing the operating system one of the first things Kyle did was to immediately go online and download the best anti virus protection he could find. He continues to be very vigilant when opening e-mails and has not joined any Bit Torrent network. I addition Kyle has signed up for a cloud based automatic backup. Our Tech Support technicians recommend Mozy at this time for small backup volumes.

Summary...

What is a small Fairfield County, Connecticut Business to do? First put in place a comprehensive Unified Threat Management (UTM) system in place that holistically protects your network, checks incoming e-mail, and protects employees from bad websites. The most important defense though, is employee and end user education. Without education most security measures can be circumvented - unfortunately.

I dislike that this is a never-ending story. Just as anti virus protection advances, the nasty viruses advance as well. It is a never-ending arms race between good and bad elements in our society.

Your File-Sharing Downloads Revealed Publicly?

Your Torrent File Downloads and Information Revealed Publicly!

Torrent IT Security Web Filter Copyright Alert System (CAS)If you, your family, or employees recently downloaded movies, music or software from online file-sharing networks (torrents), chances are pretty high that the website youhavedownloaded.com has heard about you. In fact, you may find that the titles you downloaded are now listed and publicly searchable at the site. Visiting the site will give you some insight into where you stand in relation to the new Copyright Alert System (CAS) that's being implemented by AT&T, Cablevision, Comcast, Time Warner Cable, and Verizon.

The technology behind the site recreates in a publicly searchable database what the entertainment industry has been doing for years: It tracks and records information that users share when they download and upload files on public peer-to-peer file-sharing networks. The free service makes people think twice about downloading pirated movies, software,  games and music, because it shows how easily this information can be discovered and archived.

So far, the site has recorded more than 55 million unique Internet addresses belonging to file-sharing users and 2.1 million file names. The site is searchable by file name and by Internet address (IP address). When you visit, it automatically checks and lets you know if your Internet address is in the database.

 

Update: The Copyright Alert System (CAS): What you need to know about the "six-strikes" policy

Right now, AT&T, Cablevision, Comcast, Time Warner Cable, and Verizon have all agreed to participate in the Copyright Alert System (CAS). Combined, these ISPs account for about three quarters of all residential Internet service in the United States.

The first time a user's account is accused of piracy and violation of the Copyright Alert System (CAS) rules, the ISP will send an alert that their account has been accused of distributing copyrighted material, perhaps as the result of misuse. The notices will point out that piracy violates the ISP's terms of service and potentially subjects users to malware and other security risks. The notice will also point out legal ways for users to get the digital content they want.

If the alleged behavior doesn't stop, the notices will escalate, but how remains up to the ISP. From there, ISPs can move on to "mitigation" measures, like throttling a user's Internet service, redirecting Web browsers to a landing page telling users they've been accused of piracy, or forcing them to watch educational videos before letting them resume full Internet access.

See this article on PCMag.com for details on ISP Plans for 'Six Strikes' Copyright Alerts and impementation of the Copyright Alert System (CAS).

 

Why is IT Security important?

Well, as a computer user, business owner (and parent) you are responsible for what is happening in your computer network. The new Copyright Alert System (CAS) is not concerned about individual users but only monitor IP addresses. Assume for a moment an employee is downloading music or software illegally from a torrent. The RIAA or the software industry compliance organizations then pick up your IP address which then can be correlated through a Geo-location service such as maxmind dot com  to your specific physical address. Voila! The auditors knock on your door and you are in for a very unpleasant time. Coceivably a rogue employee could take down your company if internet access is cut off or worse cause a lawsuit.

The most apparent of all reasons is that failing to meet the necessary licensing standards can result in legal prosecutions. It is essential to achieve software license compliance for deployed applications to ensure their legal usage. Also, avoiding over purchase of software licenses is possible by following proper licensing processes. Furthermore, businesses are able to remove support costs and save expenditure by centralizing the software procurement process. Hence, meeting license compliance helps in containing your IT budget.

Read more about Employee Internet Use for Private Purposes.

Computer Systems Support & Design provides software licenses auditing and inventory services, web-filtering to prevent employee browsing to inappropriate websites, blocking of specific undesired services such as torrents for example, and general "Defense in Depth IT Security" services to Small Business in Fairfield County Connecticut.

By Johannes Banck, CIO Computer Systems Support & Design. He can be reached at (877) 717-6075

Understanding & Preventing Denial-of-Service DoS Attacks

Denial of service attacks (DoS Attacks) have become a growing concern, especially when considering the associated costs of such an attack. DoS attacks can decrease the performance of networked devices, disconnect the devices from the network, and cause system crashes. When network services are unavailable, businesses and service providers suffer the loss of productivity and sales.

Sometimes there's nothing like adversity to give you a new look at your surroundings. And the events of a network attack can uncover some very important mistakes and provide you with more than a few lessons. Turning these lessons into best practices is where the rewards of such adversity are realized. You can arrive at these best practices by asking yourself: "How are we vulnerable?"

Before we dive deeper into DoS attacks please contact us at (877) 717-6075 if you think you are under a DoS attack and need IT Tech Support.

What is a Denial of Service  (DoS) Attack ?

In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts (banking, etc.), or other services that rely on the affected computer.

The most common and obvious type of DoS attack occurs when an attacker "floods" a network with information. When you type a URL for a particular website into your browser, you are sending a request to that site's computer server to view the page. The server can only process a certain number of requests at once, so if an attacker overloads the server with requests, it can't process your request. This is a "denial of service" because you can't access that site.

Common forms of DoS attacks include "SYN flood attacks," "land attacks," "smurf attacks," viruses, and worms. Some of these attacks can be hard to defend against because DoS packets may look exactly like normal packets. However, while these DoS attacks all exploit various system and network vulnerabilities, they are similar in the way they spread and impact the network infrastructure. Most DoS attacks rely on spoofing and flooding techniques. Intrinsic network impacts include the resource exhaustion of the media's bandwidth capacity, switch forwarding capacity, or switch CPU capacity. Understanding common attack vectors and network impact are key elements to deploying effective DoS mitigation techniques..

An attacker can use spam email messages to launch a similar attack on your email account. Whether you have an email account supplied by your employer or one available through a free service such as Yahoo or Hotmail, you are assigned a specific quota, which limits the amount of data you can have in your account at any given time. By sending many, or large, email messages to the account, an attacker can consume your quota, preventing you from receiving legitimate messages.

What is a distributed denial-of-service (DDoS) attack?

DoS-Distributed Denial of Service attackIn a distributed denial-of-service (DDoS) attack, an attacker may use your computer to attack another computer. By taking advantage of security vulnerabilities or weaknesses, an attacker could take control of your computer. He or she could then force your computer to send huge amounts of data to a website or send spam to particular email addresses. The attack is "distributed" because the attacker is using multiple computers, including yours, to launch the denial-of-service attack.

How do you avoid being part of the problem?

Unfortunately, there are no effective ways to prevent being the victim of a DoS or DDoS attack, but there are steps you can take to reduce the likelihood that an attacker will use your computer to attack other computers:

  • Install and maintain anti-virus software (see Understanding Anti-Virus Software for more information).
  • Install a firewall, and configure it to restrict traffic coming into and leaving your computer
  • Follow good security practices for distributing your email address. Applying email filters may help you manage unwanted traffic.

How do you know if an attack is happening?

Not all disruptions to service are the result of a denial-of-service attack. There may be technical problems with a particular network, or system administrators may be performing maintenance. However, the following symptoms could indicate a DoS or DDoS attack:

  • unusually slow network performance (opening files or accessing websites)
  • unavailability of a particular website
  • inability to access any website
  • dramatic increase in the amount of spam you receive in your account

What do you do if you think you are experiencing an attack?

Even if you do correctly identify a DoS or DDoS attack, it is unlikely that you will be able to determine the actual target or source of the attack. Contact the appropriate technical professionals for assistance.

  • If you notice that you cannot access your own files or reach any external websites from your work computer, contact your network administrators. This may indicate that your computer or your organization's network is being attacked.
  • If you are having a similar experience on your home computer, consider contacting your internet service provider (ISP). If there is a problem, the ISP might be able to advise you of an appropriate course of action.

Basic Network DDoS prevention techniques

There are a number of steps that can be taken within your organization to eliminate a high proportion of attacks and these are summarized as follows -

1) Ensure that IP directed broadcasts (RFC 2644) are disabled on routing devices (as of Cisco IOS v12 directed broadcasts are disabled by default).

2) Implement Ingress filtering (inbound packets to your site), this will ensure that only packets destined for your private network addressing space will be forwarded. On the ubiquitous Cisco router this can be accomplished by the use of Acces s Control Lists (ACL's) that may be applied on an individual interface basis.

3) Implement Egress filtering (outbound packets from your site), this will ensure that only packets destined for the Internet from your private network addressing range will be allowed and will prevent your site becoming involved in any potential DDoS attack.

4) Implement protocol and port filtering on all border routers and ensure that protocol and connection rate limiting is implemented where possible.

5) Implement route drop ping filters to remove any networks defined in the reserved RFC 1918 range, no traffic should ever be allowed to/ from these net blocks through a router (as detailed below) -

10.0.0.0 - 10.255.255.255 10/8

127.0.0.0 - 127.255.255.255 127/8 (loopback)

172.16.0.0 - 172.31.255.255 172.16/12

192.168.0.0 - 192.168.255.255 192.168/16

6) Use dedicated Intrusion Detection Systems or Routers / Firewalls where possible that support IDS alerting techniques. IDS's should also be configured to be pro -active and transmit TCP SYN resets (kills) to connections that have been positively identified as malicious.

 

Easy Password Security Tips and Tricks for Computer Security

Easy Password Security Tips and Tricks to Significantly Improve Computer Security in Your NetworkSignificantly Improve Computer Security in Your Network With Our Easy Password Security Tips and Tricks

In today's technology driven business marketplace one often overlooked point of vulnerability to your business and personal IT security is the strength or weakness of the passwords when logging into: your computer network, email provider, online banking, accounting or payroll applications. To underestimate the importance of strong passwords is to leave the door wide open to identity theft and corporate piracy.

In this article in our IT Security Tips and Tricks section we will help you create the frame-work for creating passwords that will be a robust combination of all the characters that are available, that are unique for different applications and will not be a word commonly found in any dictionaries, in any language. Share this article freely with your fellow colleagues to make your network a safer place.

Learn To Secure Your Infrastructure & Defend Your Networks with Strong Passwords

As Connecticut's leading IT Tech Support Provider we've frequently encounter end users who have been conditioned to use weak passwords. For many people the first password we ever needed was for our ATM cards. If this is the case we were limited to the numerals on the keypad 0-9. That simply will not cut it anymore. Malicious brute force password cracking programs can run through all of the possible combinations in a matter of seconds, literally. The same types of programs can run through all of the words in the dictionary, plus most common names, in multiple languages even spelled backwards, in a matter of minutes. You should not have the same password for all of your accounts; if that one password was to get compromised then all of your sensitive private data would be at risk - not a good thing!

How do you create strong passwords that improve computer security you can actually remember, without writing them down?

During our daily IT Tech support work we often suggest to end users to come up with a phrase that is meaningful and unique to them, and therefore likely to be remembered. For example: “My company produces widgets and everybody should have them” or "Wow cars are my favorites”. That in itself would of course violate the rule of not using words that are found in dictionaries - but hold on, there is a solution to that.

Use the first or last letter of each word to create a string or characters, from the example above:“My company produces widgets and everybody should have them” I could come up with: “Mcpwaesht” or “yyssdydem”


Replace one or more of the characters with its alternate character on your keyboard, a special character in the middle or beginning as in: @Mcpwaesht^

Add a suffix or prefix to make it unique to each application that you will use it for.

  • For my Yahoo email I could use: Y@Mcpwaesht^
  • For my Chase bank account I could use: C@Mcpwaesht^

Make sure that your each unique string of characters is at least eight characters long.

Password Best Practices to Significantly Improve Computer Security in Your Computer Network

Now that you have strong passwords, the last thing you need to worry about is using them wisely.

  • Do not write passwords down on a sticky note and put them under your keyboard or behind your monitor. Do not store them in the file system of your computer.
  • Do not use your passwords on computers that have open access to the general public, such as those found in Internet cafes, airports or mall kiosks.
  • Do not enter personal information such as your user names and passwords on unsecured websites; those not using https
  • Do make sure that the computer terminals that you use your passwords on have up to date anti-spyware and anti-virus applications.

By following our Easy Password Security Tips and Tricks to Significantly Improve Computer Security in Your Network you'll make an important step towards protecting your company and personal data from Cyber Criminals and malicious attackers. Call Johannes Banck today (877) 717-6075 to help you implement a strong password policy with your employees.

6 Tips to Toughen Password Security - Protect Against Identity Theft

Tips for Making Password Security User Friendly
Yet preventing Identity Theft and other Malicious Acts


password security to protect your identityAh, those pesky passwords. If you work in the corporate world or in an office, you have one for your PC/Network and, unless there is a password synchronization application such as the Microsoft Small Business Server that combines them, you probably have more than one for other applications. Add those to the ones that you have for your home, Internet, your banking and other websites that require passwords, and before you know it you have a nightmare on your hands in trying to manage them.

Password security and identity theft protection are part of a larger all encompassing area called IT Security. Call today if you are concerned about IT security overall. We provide IT Security services to businesses.

Insecure Passwords Abounds!

In my tech support work I've long known that often people use insecure passwords — such as simple, non-complex words, re-using passwords across many sites, or using an easy-to-guess keystroke sequence. However, I didn't realize just how insecure many passwords are until I read this article: PIN Analysis. Various databases containing 3.4 million exposed four-digit passwords were analyzed in total. The following are some of the (horrifying) findings:

  1. The most widely used password is 1234 ... Nearly 11% of the 3.4 million passwords are 1234 !!!
  2. The next most popular 4-digit PIN in use is 1111 represented with over 6%
  3. The 0000 PIN is used in 2% of the 3.4 million PINs

A staggering 26.83% of all passwords are in the table of the top 20 passwords listed in the article. Wow!

"Sorry but your password must contain an uppercase letter, a number, a haiku, a gang sign, a hieroglyph, and the word for password in Sanscript" -- Unknown

Joke aside, in this article I'll focus on the passwords themselves. I do recommend considering password managers. The main benefit of password managers is that you'll end up using more complex passwords because you don't have to remember them.

Part of the frustration has to do with the different requirements for password formatting. Some systems only require four characters (highly dangerous), some require eight or more. Some need a combination of alpha and numeric characters and others do the same with the addition of a few capital letters thrown in for extra security. It can be positively maddening. Password recovery can get complex.

Password No No's ...

The worst thing you can do is have the same password for all your accounts. Password crackers are freely available that crack simple passwords in seconds. In fact, so-called rainbow lists now contain password hashes for passwords of up to 12 characters. If a hacker manages to crack one of your passwords, she will immediately try that password on your bank account, Facebook, LinkedIn, Google+ and so on.

The second worst thing you can do with your passwords is to place them in a text document which can be accessed on the hard drive of your computer. Your files are vulnerable - even if you think they are not. If someone is intent on finding them, they can. Even if you place them into a password protected document, those can be cracked, too.

Writing them down has its own vulnerabilities, too, and there are varying opinions on this practice. If you do write them down on a piece of paper, put the document in a locked location whether it is in your home or at work.

Here are 6 tips on how to improve password security to prevent identity theft:

Password Security Best Practices Sample1. Make passwords complex. People who use easy to remember or short passwords are inviting disaster. Use a little imagination and pick a password that is very difficult to attach to your life. Stay away from birth dates, phone numbers, house numbers, or any other number that is associated with your life.

2. Keep passwords unique. When you change your passwords, make them unique from each other. Do not use the same password on all of your sites. If you do, then you are open to having every site that you have a password to being vulnerable to hackers to log on and steal your identity, money or destroy your reputation.

3. Be obscure. Use a combination of letters, numbers, capital letters and special characters if possible. The more you do this, the more secure your passwords will become. Create an alphanumeric version of a term you can remember. Using this technique the word "Spaceship" becomes "Sp@ce5h!p".

4. Change regularly. This is the singular tip that can save you if you do not heed any of the other tips. How often should you change your password? How secure do you want to be? The frequency with which you change your password will determine how secure you are from becoming a victim. The more often you change it, the better you are. The longer you leave it the same, the more vulnerable you become. Three months is a good cycle for a password, but certainly if you fear for the security of your identity, then a monthly change is not out of the question.

5. Password-protect your PC. Be sure to give your PC a password on power-up. This will help protect your files unrestricted access to your PC.

6. Password-protect your wireless business and home network. If you have a wireless home network, be sure to password protect it as well. Use the same principles above in order to secure your wireless network. This will prevent others from accessing your connection and using it maliciously to hack the personal or business PCs and laptops you and your family use at home.

7. Finally, there are password manager programs as mentioned above that can help with this important task, but the best advice is to start with the tips above right away. Password software can be useful as an organizational tool, but it is no match for using sound methods to manage and make your passwords difficult to crack.

Computer Systems Support & Design a Connecticut IT Tech Support services provider strongly encourages companies and individuals to exercise careful password security to prevent identity theft and other unpleasant security breaches. Security is within reach of every business through Microsoft Small Business Server or other servers that incorporate Microsoft Active Directory Services. Please call Johannes Banck at (877) 717-6075 Ext. 211 about password security to prevent identity theft and cyber criminals undermining your network security.

About us

We serve businesses in Fairfield County, Connecticut with IT Tech Support, network planning (network consulting), network projects, and ongoing network/computer maintenance and Tech Support. We pride ourselves on not only delivering the results you expect, but also being knowledgeable, systematic, accountable, trustworthy and easy to work with. Read more...

Fairfield County Connecticut

Fairfield, CT 06824
Westport, CT 06880
Bridgeport, CT 06804
Wilton, CT 06897
Easton, CT 06612
Norwalk, CT 06850
Southport, CT 06890
Stamford, CT 06901
Trumbull, CT 06611
Stratford, CT 06614
Ridgefield, CT 06810
Danbury, CT 06810

Contact Us

Address: Georgetown Road
Weston, CT 06883

Tel:         (203) 541-5448 Ext. 211
Toll-free: (877) 717-6075
IM:          (203) 216-9902 

Email: jb at cssdllc.com