Tucson: 520.888.9122 | Phoenix: 602.277.5757 | Client Portal

Author: leeshanok

IT News: COVID-19, Work Remote Securely

COVID-19, Work Remote Securely

LeeShanok Network Solutions supports the CDC’s recommendations of transitioning workers to home offices and our company has followed suit. This strategy can help your business stay afloat and your customers happy as opposed to a “shutting the doors” strategy. IT security remains a top priority to keep workers connected and company data safe.

Connecting remote workers:  Your people working remotely need access to programs and data that reside at the office. They may also need to run software that is installed with licenses on computers in your office. Then they may need access to office printers, scanners or fax devices. Their data will change daily and needs to be backed up.

There are two connection models to consider, the first connects a remote device to the company domain, allowing folder and file access to personal and shared drives, various domain services, access to office printers, scanners and fax devices, and access to license servers to run licensed apps. The next model connects a remote device to an office-based computer or remote access server where a remote worker can run programs on the company computer, but the display is “beamed” out to the remote device as if the remote worker is sitting at the company computer.

VPN: Securely connecting to the office network is best done using a VPN connection (red line in diagram below), which is a secure private connection between your remote computer and your office domain. This requires your firewall to be configured with an SSL Certificate. However VPN security is limited by IPSEC, which is pretty old technology.

SSL VPN: To increase VPN security, consider adding an SSL layer with connection software like Cisco AnyConnect. This uses public-private key cryptography with long encryption keys that are very difficult to break.

Multi-Factor Authentication: In case a remote computer falls into the wrong hands, prevent non-employees from using pre-configured connection scripts on a remote computer and gaining access to company assets by adding multi-factor authentication using an app like DUO, and enabling it in any important cloud accounts.

Remote Desktop: This is useful when you have data on your office computer that you need at home, or if there’s software installed on your desktop computer that isn’t installed on your home computer. It’s best to involve your IT department or LeeShanok to set this up in your company domain and firewall. Your user account needs to be added to a VPN security group if configured. Port forwarding needs to be set up with connection to your desktop PC. Remote Desktop needs to be enabled on your office computer. Finally your remote computer needs you to enter the correct URL and port to connect to your office computer.

Tips for Remote Workers

Free Wifi: It is better to work from your home than in a location with “free wifi”, which often has little or no security, and where others connected can launch attacks against your device.

Phishing: Watch for suspicious emails sent from someone you don’t know, or with a subject you weren’t expecting, and do not open attachments or click any links in the message. Especially common are urgencies (only 24 hours left), promises (a $10k watch for $100), and threats (sign in or your account will deactivate). While working remotely, you won’t have such easy access to colleagues who can help evaluate an email.

Backups:  While at the office, it’s likely your user profile has been re-directed onto a server where centralized backups are performed automatically. But while working at home, it’s important to back up your data regularly, or better yet to copy any saved files onto the server so it can be backup up as usual. Cloud drives can be configured to automatically sync with your local file system so they are always up to date. Also make sure Volume Shadow Copy Service is enabled to provide you “previous versions” of all folders and files on your computer.

Single number reach:  Where possible, add the remote worker’s mobile phone to their extension in your phone system, and configure it to ring concurrently when someone calls their office extension. With concurrent ringing of both devices, fewer calls will be missed than when the cell phone rings after 3 desktop phone rings.

Printing:  Consider purchasing a cheap printer for home use during this time. Otherwise you can print to the office printers when you connect via VPN or SSLVPN.

Home Internet      

  1. Never use WEP or WPA security. Always use WPA2 which is far more secure encryption.
  2. Change the default password for the Admin account, don’t lose the new password.
  3. Consider not broadcasting your Wifi SSID so those not connected won’t see your Wifi. This will require you to enter Wifi information on each device you connect to your Wifi.

Further reading: Here is a short but interesting Cisco article The Basics of Working from Anywhere.

For a confidential discussion of your company’s situation and goals, give us a call.
Your technology Partner,
The LeeShanok Team

Tucson: 520.888.9122
Phoenix: 602.277.5757

LeeShanok IT News: Manage Privacy Settings

Manage Privacy Settings


Most device and software app manufacturers provide default privacy settings that are wide open, allowing any app to turn on your camera and microphone without even asking for permission or notifying you of the change. This can be easily resolved by managing your privacy settings in computers, laptops, tablets and phones. In addition, many legitimate apps from the Apple Store, Google Play Store, and the Microsoft Store require various permissions that make no sense. After granting all those permissions which enable app installation, you can then manage the permissions they are granted as you see fit.

Windows:

In the Privacy menu, look for “App permissions” on the left, and click [Location].

Under “Allow access to location on this device”, turn it OFF if you want to block Windows and all Apps from accessing your device’s location as shown below.

Or leave it ON if you want to allow some Apps and block other Apps from accessing your device’s location.

To select which Apps can access your device’s location, leave the previous setting ON and slide down the window as shown below.

In the example above, the only App allowed to access the device’s location is Maps, which makes sense. You can select App by App what you allow access.

Next click [Camera] under “App permissions” and repeat the same exercise.

Repeat for [Microphone] and work your way down the list.

By doing this, you take back management of which Apps can access various subsystems and private information.

Contact us for help understanding your exposure, available upgrade paths, and pricing.

Your technology Partner,
The LeeShanok Team

Tucson:   520.888.9122
Phoenix:  602.277.5757

New Internet Explorer Zero Day Remains Unpatched

New Internet Explorer Zero Day Remains Unpatched

Description

The zero-day, which is tracked as CVE-2020-0674, is a memory corruption issue in the browser’s scripting engine. Its exploitation could enable remote attackers to run code of their choice on the compromised system. Microsoft has released a security advisory alerting users to an as-yet unpatched vulnerability in its Internet Explorer (IE) web browser that is being exploited in limited targeted attacks.

What You Can Do

This can be mitigated by restricting access to the JavaScript component JScript.dll. Also, Microsoft noted that the risk of exploitation is lower on Windows Server, where Internet Explorer is, by default, locked down to protect against browser-based attacks. This restricted mode, called Enhanced Security Configuration, “can reduce the likelihood of a user or administrator downloading and running specially crafted web content on a server”, said Microsoft.

Other than that, we guide you to ensure strong firewalls, password policies and data encryption are in place. Educate your employees about browser-based attacks and urge them to be cautious. Upgrade to SSL if you haven’t already done so. Consult with a trusted MSP to learn more about how you can keep your data safe.

Article Source

LeeShanok Network Solutions

3877 N 7th Street | Suite 320 | Phoenix | Arizona | 85014
BRatia@leeshanok.com

LeeShanok IT News: End of Support – Next Week

This is the last week before Microsoft transitions Windows 7, Windows Server 2008, and Exchange Server 2010 to un-supported status. If you are still running any of these, it’s a good idea to get an upgrade project into your short term budget, as these software products will grow unpredictable and vulnerable as time passes.

Next Tuesday (January 14, 2020) is Microsoft’s “Patch Tuesday”, when the final patches will be released by the manufacturer.  January 15, 2020 marks the first day of non-support.

The chart below lists products and their approaching End of Support (EOS) dates.

 

Legend:

Orange – Already un-supported, some are quite vulnerable by now

Yellow – Approaching end of support

 

Business Applications

  • MS Office 2003 – April 8, 2014
  • MS Office 2007 – October 10, 2017
  • MS Office 2010 – October 13, 2020

Desktop Operating Systems

  • Windows 7 – January 14, 2020
  • Windows 8 – January 12, 2016
  • Windows 8.1 will reach end of support January 10, 2023

Servers

  • MS Exchange Server 2007 – April 11, 2017
  • MS Exchange Server 2010 – January 14, 2020
  • Windows Server 2003 – July 1, 2015
  • Windows Server 2008 R2 – Jan 14, 2020
  • Microsoft SQL Server 2008 – July 9, 2010
  • Microsoft SQL Server 2008 SP4 – July 9, 2019
  • Microsoft SQL Server 2008 R2(SP3) – July 9, 2019</span

Virtualization

  • VMware ESXi 5.5 – September 19, 2018
  • VMware ESXi 6.0 – March 12, 2020

Contact us for help understanding your exposure, available upgrade paths, and pricing.

Your technology Partner,

The LeeShanok Team

Tucson:   520.888.9122
Phoenix:  602.277.5757

IT Budgeting Tips

LeeShanok IT News

IT Budgeting Tips

Budgeting for Information Technology continues to be important, and may be more important than ever as penalties increase for violations of compliancy and network breaches that result in loss of personally identifiable information. It can be argued that budgeting for cyber security and subsequently funding that protection shows evidence of “due diligence”.  With IT being a known enabler of business operations, it’s hard to find a more effective way to risk operations than by neglecting your IT budget or failing to fund budgetary line items when they come due. So how do you increase IT budgeting effectiveness without breaking the bank?

First, don’t delay your IT budgeting exercise, nor delay funding your budgeted line items. Imagine delaying your vehicle’s oil changes until the end of year.  Sure you’ll only need to fund one service, until the mechanic announces you need a new engine.

We recommend you meet with your service provider annually and request advice on software and operating systems approaching End of Support (EOS), as well as core infrastructure upgrade schedule.

When budgeting, start with known monthly income and expenses, and consider last year’s expenses as this year’s starting points. It’s good to periodically review these expenses and their providers to make sure you’re getting the lowest price available for what you need.

Each infrastructure device should periodically be evaluated for available firmware updates and patches, and your IT budget should include these updates. Backups and BDR solutions should be regularly evaluated to ensure that files and file systems restore successfully and there’s available space for future backup sets.

Next, host a budgetary planning meeting that includes your IT service provider and a representative from each department.  Ask your staff what they hope to accomplish with technology over the next few years, and capture this information so it can be mapped on a budget timeline.  This can be looked at as a “brainstorming” session, where criticism of ideas is kept at a minimum to encourage thinking outside the box. Another useful question is “what’s working and what’s not?”.

Following this meeting, research is required to identify and quantify requirements for the brainstormed ideas. You’ll want to involve your IT department or provider who can generate quotes with pricing.

Look over the quotes, then ask your provider to justify any line items you don’t understand, to explain labor entries and scopes of work, and to compare each solution against less expensive alternatives. Don’t forget to evaluate expected benefits and fulfilled compliancy requirements in addition to costs.

Dependencies need identifying, where one change requires another to occur in advance. Multi-stage dependency requirements can expand a project’s budget significantly.

Now how do you pay for these budgeted items?  With positive cash flow, available short-term assets, and by tapping equity and borrowing sources. Increase your positive cash flow by collecting payments quickly after you deliver your products or services, setting up your customers to pre-order from you, negotiating with vendors for longer payment terms, reducing your inventory to just in time, and continually re-visiting your budget to confirm spending and verify expected results. Many IT Manufacturers and Distributors offer attractive financing, sometimes annuitizing without interest and offering $1 equipment buyout at final payment.

Budgeting can increase stress.  By creating a budget in advance, involving all departments, and by making sure technology upgrade projects are planned for and don’t blind-side you, you can ensure the “going concern” nature of your organization and reduce everyone’s stress. This isn’t an illusion, but a very real result of your budgeting timeliness coupled with a reduction in frequency of invoicing surprises. You’ll look and feel like a hero.

Useful Resources

For a confidential discussion of your situation or concerns, give your Technology Partner a call.

The LeeShanok Team

(602) 277-5757  Phoenix,   (520) 888-9122  Tucson