Tucson: 520-888-9122 | Phoenix: 602-277-5757 | Client Portal

LeeShanok IT News: Netgear Routers Vulnerable

LeeShanok IT News: Netgear Routers Vulnerable

Netgear has long owned the home Wifi Router market, and it’s likely many of our readers have a Netgear device in their home and we are aware of a few of our client firms with older (legacy) Netgear devices in their office serving Wifi.  In mid-June 2020, several authors published articles listing 79 Netgear routers where a serious vulnerability was found to exist. The vulnerability could allow a remote person to take full control of your Wifi Router. Be aware the following 2 articles list ALL affected Netgear routers, some of which have patches that have since been made available:

We held off on notifying our clients since Netgear planned to release firmware patches for some (but not all) of the legacy models.  Now they have released the list of older models that will not be patched and will remain vulnerable:

Here’s what should you do now:

  1. Inspect any network devices near your internet modem.  Some modems are combination devices that also serve Wifi and typically are NOT Netgear devices.
  2. If you find ANY Netgear devices at home or work, look for the Model #, P/N, Part Number, on the sticker (side, underneath) or printed on the front.
  3. Compare the model # with the list in Tom’s Guide article above, looking for your Netgear model.
  4. If your model is on the list that will NOT be patched, it is important to replace it.
  5. LeeShanok’s team can help verify your model is vulnerable, and provide recommendations or a quote to replace it.

Now for the owners of “patched” models (not on Tom’s Guide list), the patches don’t self-install. You or our team need to log in to the device’s Management Console to download and install the available patch. Please contact our team for assistance.

Our “Best Practice” is to replace any legacy Netgear router, regardless if it’s been patched or not.  For a confidential discussion of your IT security situation, feel free to contact us.

LeeShanok Network Solutions

3877 N 7th Street | Suite 320 | Phoenix | Arizona | 85014
BRatia@leeshanok.com

LeeShanok IT News: Email from Fake Senders

LeeShanok IT News: Email from Fake Senders


Want to learn more about Email from Fake Senders?

First, watch this short video on the Anatomy of an Attack – https://youtu.be/g3lKwgLKL3E.

Let’s say you receive an email message from one of your vendors. When you open it, something doesn’t feel right. The logo below their signature block is fuzzy, and there is an attached file that has “Invoice” in the filename. The sender field shows it was sent from your contact at the vendor. Be careful though, as the sender may be an imposter who has created an email address that looks like your vendor’s email address. The attachment may contain malware to infect your computer and spread through your company’s network.

Let’s review how phishing works and some tips to keep you safe.

In step 3 above, a fake but recognizable email address is created that looks like a legitimate domain. For example, say bill@qualicart.com is the legitimate email address of your vendor contact. The imposter creates a fake email domain that looks like the original, say he creates “quallcart.com”.  Note the 2nd “L” looks like an “I” when glancing quickly. This is similar enough to fool lots of people into opening, clicking, and infecting their computer and network.

qualicart.com –> quallcart.com (look alike domain)

When reading email on a smart phone, it’s challenging to identify spoofed look-alike domains with such small text. To check the actual address on smart phones, tap on the sender’s name and a window will popup showing the actual address or the saved contact.

Below is an example where the sender changed the Reply To: (rcpt to:) address, so your reply will be sent to a user at a different email domain. For those who reply rapidly, it makes sense to slow down and inspect where your reply is going to.

Now that you’ve checked the email domain and the address appears legitimate. If the sender is requesting payment, maybe a large payment, it’s time to call the phone number you have on record for the vendor (not the number supplied in the email). Use “human verification” to make sure the payment request is legitimate.

If you would like assistance evaluating an email message, copy the entire message from your Inbox view into Windows Clipboard, then paste the Clipboard contents into a new email message addressed to itrequest@leeshanok.com. We will create a support ticket with the attached suspect email, evaluate if it’s legitimate or spoofed, and contact you with advice.

For a confidential discussion of your IT security situation, feel free to contact us.

Your technology Partner,
The LeeShanok Team

Tucson:   520.888.9122
Phoenix:  602.277.5757

LeeShanok IT News: We’re in Innovate! Phoenix

A Higher Level of Information Technology

LeeShanok IT News: We’re in Innovate! Phoenix

LeeShanok appreciates the privilege of being recognized as an Innovation Enabler in Managed Technology in the Innovate! Phoenix publication that is soon to be released. We were nominated by the Arizona Technology Council.
Here’s the link to the online article that is fresh off the press:
We accomplished this as a team providing World Class Service!

Innovate Phoenix

For a confidential discussion of your cyber security strategy, feel free to contact us.

Your Technology Partner,

The LeeShanok Team

Tucson: 520.888.9122
Phoenix: 602.277.5757

IT News: Monsoon Season 2020

IT News: Monsoon Season 2020

Many of us have been working from home during the recent pandemic. We recommend that following major Monsoon storms, you have a staff member head to your office to make sure the server room remains dry. The sooner you discover a leak or other issue, the better.

Monsoon Storms can cause…

  • Shorts and Damage from WATER
  • POWER Surges and Outages
  • Failure from Excessive HEAT

WATER – In your server/comm room, look for gaps between floor, walls, and ceiling, and around conduit entry paths and terminations. Water will follow cables into rack-mounted and free-standing devices, then pool in low points on the floor. Being a good conductor with little resistance, water lets big current flow where it shouldn’t, zapping components in it’s path. Many solders, solder paste, flux, and copper trace material tends to corrode when water is introduced. Below is shredded fibrous material that fell from soaked ceiling tiles onto a rack mounted server, thankfully this is not one of our customers.

Water Prevention Tips for Server Room

  • Avoid server room locations in basements or near exterior walls or “wet walls” with attached pipes.
  • Mount equipment in rack, raised off floor.
  • Install fire-suppression system (FM200).
  • Keep a roll of sheet plastic, duct tape, and silicone sealer handy.
  • Silicone-seal gaps/holes in walls, floor, ceiling, hard-ceiling above drop ceiling.
  • Consider a water detection system in server room that sends alerts.
  • Send maintenance up to patch holes and seams in roof above server room.
  • Get rid of water and foam fire extinguishers and replace with Class C rated models using HaloCarbon, FE-36, Halon 1211 or C02, none of which leave liquid or residue.
  • Cap off water-based sprinkler heads, but check with your local fire department for regulations.

POWER – Spikes, shorts, brown-outs and outages cause unplanned shutdowns at best, but can damage electronics, destroy data and cause extended downtime for a business. Often caused by lightning strikes or downed power lines, these can also be caused by electricity shorting through water paths, and when networking devices fail they can send power surges through connected cables, frying connected components along the way as shown below.

Tips to Avoid Power Issues

  • Label all cables and cable-bundles in server rooms, and label all circuits in breaker box.
  • Don’t waste money on cheap Uninterruptible Power Supplies (UPS battery backups). Rather budget and select a model based on it’s quality and available power in VA. Available power should exceed the sum of power required by all devices to be plugged in.
  • Inspect the health of batteries inside UPS devices using their front display or dashboard, and replace batteries nearing end of life, especially this time of year. Most UPS batteries can be hot-swapped, avoiding shutdown of attached devices.
  • Make sure all server racks have a ground wire attached to building and earth ground.

HEAT – Monsoon storms are accompanied by excessive heat. As the surrounding temperature rises, so does the temperature near external walls and inside server rooms, where dust accumulates inside enclosures and airflow around components slows down.

Most electronic components have temperature sensors that notify when limits are exceeded, and can even initiate shutdowns to avoid damage. The best prevention is adequate airflow around the devices in a relatively dust-free environment, with all internal fans working well.

Here is a good thermal design with “cold aisles” supplying conditioned air through hot rack space and “hot aisles” exhausting the resulting heated air. Even a small fan directed at a hot device can provide adequate cooling, but should be used as a temporary measure until a better solution can be implemented. For more information on server closet/room cooling strategies, see APC/Schneider Electric’s – Cooling Strategies for IT Wiring Closets and Small Rooms.

Monsoon storms can be dramatic and so can the damage they leave behind.
With a little attention before they start, you can protect your infrastructure, data and operations.

Your Technology Partner,

The LeeShanok Team

Tucson:   520.888.9122
Phoenix:  602.277.5757

WordPress Website Credentials

LeeShanok IT News: WordPress Website Credentials


WordPress is used by many website developers to create and maintain company websites. In late May, WordPress was attacked by hackers trying to steal account credentials from roughly 1/3 of their customers (1 million websites). Such credentials provide access to those hosted websites and related development environments and tools.

A related article states “Due to the sheer volume and variety of attacks and sites…it is possible that your site may be exposed to these attacks…”

If your company website is hosted on WordPress, here are several recommendations to ensure your site’s safety. If these steps are improperly done, your website could temporarily stop. Therefore it is best to contact your website host or developer and request they perform these tasks:

  • Look for log entries with “wp-config.php” that returned “200” response code
  • Look for the the following IP addresses where attacks originated from:
    • 200.25.60.53
    • 51.255.79.47
    • 194.60.254.42
    • 31.131.251.113
    • 194.58.123.231
    • 107.170.19.251
    • 188.165.195.184
    • 151.80.22.75
    • 192.254.68.134
    • 93.190.140.8
  • Change your database password, unique authentication keys, and salts
  • Update the file “wp-config.php” with the password change
  • Review the need for remote database access, and disable if not necessary

For a confidential discussion of your situation, feel free to contact us.

LeeShanok Network Solutions

3877 N 7th Street | Suite 320 | Phoenix | Arizona | 85014
BRatia@leeshanok.com