Friday, August 15, 2014

Why Employing Strong Firewall Policies is Critical

So, you think your network is safe? I think a large store chain felt the same way until their network was compromised along with thousands of their customer’s credit card information. The truth is you can never be too safe when it comes to protecting one of the most valuable assets your company owns – its data!

Has your server or PC ever been compromised? If you answered no, how do you know? Has your home PC ever had a virus? Yea….how long do you think that virus was on there before you actually realized it?  Maybe someone snuck in, decided there was nothing important in there and then snuck out without you even knowing. Or perhaps they managed to get their hands on your Quicken file and you don’t even know it yet – but you will at some point.

There are many other examples of network and data compromise but you get the point. It’s critical to do all you can to keep the bad stuff away from your network. We had a situation once that our server was painfully slow and we simply did not see any bread crumbs to nail down the problem. We would reboot it and it would stabilize for a day or so then go right back to super slow mode. We finally found the culprit. Someone overseas (from what we could tell) compromised our server and loaded it up with foreign movie trailers and they were streaming them from our server.

Protection with Border Control

We use the term Border Control to characterize the role of a firewall. It’s important to follow best practices with configuration and even down to the type of appliance that you purchase. Sorry, but a $65 Netgear will not do the trick. You need a robust device that offers more than NAT routing and port forwarding. Protecting your network is a multilevel approach and Border Control is just part of it, so keep that in mind. But today we are focusing on the border…your firewall.



Below are some best practices to consider for controlling your border.

A quality device from a reputable manufacturer is the best place to start. A business class router from Cisco, Meraki or SonicWall is what we recommend. They offer various models that will fit just about any small business budget as well as large corporations with huge budgets. Throughput, speed, number of users etc. all come into play and need to be considered when determining the proper firewall for your network. A quality sales rep from a reputable company should be your trusted advisor and can help you make that determination.

Options such as security services are very important features of quality firewalls. These security services include Antivirus, Content filtering, intrusion detection / prevention and more.  Remember my note about border control being part of a multilevel solution? Antivirus at the firewall is the first line of defense for viruses entering the work place. This does not replace AV on the desktop! AV at the border will help to mitigate virus and malware issues.

Content filtering is a very important component to protect your network from improper web habits of your employees. It also adds that peace of mind that you’re going to a safe site even though it looks like a legitimate business class website. This at times can be an unpopular policy among employees but unfortunately it is something that needs strong consideration.

We recommend putting a statement in your handbook that outlines company policies and expectations of use for company technology. Ask your employees if they would mind paying the hourly rate of the tech that has to clean their PC or the network from viruses at $100 plus per hour. That may open their eyes.

Finally, intrusion detection and prevention is something that should be considered. The preferred method is to use a service that does 24 hour monitoring for the absolute best protection. However that can be pricey. If that is not an option, the ID/PS on the firewall is an important component. It blocks and filters opportunistic bots and hackers and keeps them from entering your network. It’s important to monitor this and the reports to know who’s trying to get in.

So there you have it. This should give you some things to consider when protecting your network. Nothing can guarantee that you will not be compromised but we certainly don’t want to make it easy. The easy ones are the ones that the bad people are looking for!

Monday, March 31, 2014

"Should I or Shouldn't I?"...Microsoft Windows and Network Upgrading.

Network Upgrades: Priority or Unnecessary?

Here we are again.  We are at that point where technology leaders such as Microsoft has made updates and changes that will affect networks everywhere. It began with the arrival of the Windows 8 OS and continued with Office 2013 and Exchange Server 2013.  And of course, let’s not forget the sad departure of our dear friend, Windows XP, just around the corner.  He was both popular and reliable, but his time has come to leave us.  So that leaves us with the question that everyone is asking…”Do I really need to upgrade my equipment?”

Is Your Company Fighting the Network Blues?

There are multiple issues to look at when determining your upgrade priorities.  Let’s look at a few of them individually.

1. Operating System (OS)- What OS is running on the majority of your workstations?  If you’re using Windows XP, final support will end in April of 2014.  For end-users, this means no more updates, security patches or general support from Microsoft.

2. Applications – What applications does your business run?  Are they dependent upon a specific OS?  A lot of applications are joining the crowd and moving to the cloud.  Your key applications need to be evaluated and their requirements checked with what you are currently running and what you are considering.

3. The Network Server – Just as your workstations, you need to consider what OS is on your server versus what applications you use.  For example, did you know that if your server runs Exchange Server 2003 and you purchase Office 2013 for a new workstation, your copy of Outlook 2013 will not run your Exchange email?  It’s a compatibility issue.  It’s just one thing of many that needs to be considered when looking at network upgrades.

4. The Cloud – Everyone is talking about moving to the cloud lately.  Having access to software and files regardless of your location and less maintenance and upkeep are just two of the benefits customers are looking at.  Of course, the more you rely on the cloud, the more it will change your networking goals.

The final point is, every business wants to save money.  Spending money unnecessarily on technology can set you back.  But at the same time, not doing upgrades that are necessary can cost you time, money, production, and worst of all, maybe even your data.  All network upgrades need to be thoroughly planned. If you’re not sure, find someone that will do a free, no-obligation network analysis such as CMS IP Technologies.  An analysis will look at both your hardware and your software and give you a list of your options.  If you’re interested in reading more about the Windows XP end of support, you can find a good article at ZDNet.

Wednesday, March 26, 2014

Social Media: Beauty or Beast?

Everywhere you turn online, you see them...the small icons telling you to "share" or "like us" or "tweet me".  Why have we felt the need to share everything we read or see online?  Maybe it's the connection between us and other humans we would otherwise never see.  Maybe, we have found a way to add legitimacy to what we do.

Social Sharing...

So you are looking at doing business with Company A.  They've been in business for for a couple of years and they have really funny commercials, but what do you really know about them?

You go online and checkout Facebook.  Past the pictures of Susie's new baby, you see that your friend Joe likes a Facebook page for Company A and that's who just remodeled Joe's kitchen.  Well...if Joe liked the work they did, they must be pretty good.  Now Company A seems a little more legitimate.

Everyone likes Tips & Tools!

Company B specializes in technology.  But you have to wonder if they really know their product.  While online on Twitter one day, you see a tweet about a new computer virus and how to get rid of it.  You realize the tweet is from Company B and the tweet links to their blog.  You go to the article and find that the article is very informative, even going as far to give you a list of symptoms to look for.  Now Company B just became a useful resource.  Not only do you follow them for technology tips and news, but when you need service, they are going to be the first people you think of.

So What are the Draw-backs?

Well, just as someone can post about all your glorious moments, they can also share any events deemed "not so glorious".  It can also take time to keep your business' social media up & going, posting and monitoring comments.  Companies like CMS IP Technologies offer website services that includes SEO & Social Marketing assistance as part of website management.  It can be a large workload, but the benefits can outweigh the work if done properly.


Friday, March 21, 2014

The New IT Challenge: "Medical Industry vs. Technology"

As technology has grown by leaps and bounds, so has the threat of compromised data. Imagine your medical records at your doctor’s office…they contain all your personal information including your date of birth, your social security number and address, not to mention every medical condition that you may have had. Patient records are the “all you can eat buffet” of cybercriminals.

So Why Not Work With Technology


Using technology in a smart way can be your greatest ally. Properly controlled firewalls and anti-virus software can help prevent a majority of unwanted programs from installing on workstations. Firewalls with security policies in place can limit your staff from visiting website unrelated to the work environment, which is one of the leading causes of malware & viruses. A professional IT staff can work with you to create policies that provide both access and security.

Managing your network security must include your server. Your server is the hub of your network, but where is it located? Is it accessible to just anyone walking by? The same can be asked about your computers. When your staff walks away from their station, is the screen locked, requiring a password?

And that leads to the Ultimate Question, “How secure is your password?”

According to SplashData, a California-based security-app producer, the most common password for 2013 was ‘123456’. This entry moved up a spot, replacing the previous number one password, which is simply ‘password’. Others in the top 25 included ‘12345678’, ‘qwerty’, ‘abc123’, ‘123456789’, ‘111111’ and well… you get the idea.

A simple rule, the easier the password, the less work that needs to be done to gain access.

So what’s the Solution?

Using a managed services provider such as CMS IP Technologies can take a big load off your worries. You want an IT provider that is a HIPAA compliant business associate. They will know what is expected of your network security, how to manage the details, and can assist in educating your users in best practices.

Monday, March 17, 2014

Computer Viruses In The Workplace

Those Pesky Bugs....

Just about every office or workplace environment has experienced virus issues at some point. Sometimes it's a mild one and then sometimes it causes complete desktop or network devastation resulting in hours, days or weeks of downtime and limited productivity.

So What's the Answer?

I've been in the technology business for almost 20 years and some things never change.  There are several things that the industry has been battling for what seems like forever and it doesn't seem to get any better.  Viruses is one of them.  Others are printer repair and network backup solutions - but that's another blog post.  The truth is that there is no definitive answer for completely eliminating viruses.

As a technology company, CMS IP Technologies deals with viruses every day and we spend far too much time on removing them off infected PC's and network servers.  We sometimes have to change or create policies to protect and educate our customers as well as limit our exposure to time consuming tasks that we don't always get to bill for.  For instance, it may literally take 10 man hours (yes!  and sometimes more) to clean an infected PC.  Well, at a conservative average of $100 per hour, that's $1000 to clean a virus from a PC.  There aren't many customers that are just going to pay that without complaining and asking for relief of some sort.  Then, there are the viruses that we clean, or we think we clean, and they pop back up the next day or so and we get to start over again and then the customer feels like they shouldn't have to pay because we should have "fixed it right the first time".  It's really a no win situation.  So at CMS IP Technologies, the approach we take is to educate our customers.  It's a multi-level approach using technology best practices along with policy and usage control of company owned technology.  CMS has a proactive service offering that we call NetWatch, and compliancy is a big part of what we teach and insist upon.

Firewalls:

There has to be a sufficient level of network protection from the outside world such as a firewall from reputable manufacturers such as Cisco and SonicWall.  This is your border and it should not be taken lightly.  Your firewall should be properly configured by a trusted reputable experienced engineer that understands firewall and security best practices.  Buying a Netgear router from Best Buy and just plugging it into your network is not a solid solution and you're simply asking for trouble.

There are many things that need to be considered here.  If your a bank or credit union, you may be required to have an Intrusion Detection and Prevention solution in place.  If your a medical facility there are HIPAA laws that are in place that will need to be taken into consideration.  These are things that an experience network engineer should be familiar with.

Antivirus:

Once you have your firewall in place and your border secured, a stable antivirus solution should be implemented.  CMS in Beaumont Texas uses and recommends Viper.  We have found this to be an effective light weight solution that has minimal impact on the workstations OS environment yet offers quality protection.  Your antivirus solution should be configured to download and direct automatic updates on a daily basis and run a virus scan on all network devices at least once a week.  This should be done after work hours and a policy should be in place that all PC's should stay on during the scheduled time.

Some proactive service providers such as CMS offers this as part of the network monitoring.  In our case the cost to the customer is the same or less than it would be if they just purchased Viper or any other solution such as Symantec out right.  The biggest differences are that we can actively monitor virus activity and are better prepared if we see that a network device may become or has the potential to become compromised.  The other good thing about this is that our customers don't have to worry about their annual subscription running out.  All of that is taken care of by the service provider.

Policies & Procedures:

Last on the list is policy and procedure control.  This is probably the most important part that a company can take to minimize it's exposure to lost productivity to viruses.  Every user in the company should have a copy of the company's policy for use of company technology.  And in that document it should be very clear about usage polices.  Things such as accepted internet usage, personal software usage,  and personal email usage should be addressed.  This is critical!  Some users simply don't realize the impact that going to certain non business websites can have on the network that everyone uses.  Some users assume that they can't get a virus because the company has protection.  That's obviously not true, so you have to educate them and also put policies in place to protect them and the company.

CMS NetWatch clients get a printed Accepted Usage Policy to add to their company employee handbook that educates and outlines the accepted usage policies for the company's technology.  We require that all employee's for that company sign it and we keep a copy on file, otherwise we will not cover viruses as part of the proactive services agreement.

So, protection from viruses takes serious consideration and in summary there are three basics that should be covered.  Firewall border control, Antivirus, and company policies outlining proper use of company owned technology.  There are several other things that can tighten the screws even more, but that's another blog post.  If you questions on the information that I discussed in this blog, visit the CMS website at www.cmsiptech.com.