Network devices like firewalls, routers and switches contain firmware, that includes an operating system and configurations that need to be maintained for predictable operation. Like any program, this code was designed when the hardware device was developed. Vulnerabilities discovered are patched by manufacturers with periodic firmware updates. Unfortunately, these devices are often overlooked when it comes to regular maintenance.

This week, Microsoft announced that firmware attacks are increasing and users are not patching firmware near enough.

Older legacy devices may require a user to SSH in to the device and log in to a text based firmware interface to apply updates. A web based search of the manufacturer and model # may be required to find and download patches. Unpatched devices may require earlier patches to be installed prior to the latest patch. This tends to be beyond the ability of non-IT employees, as firmware patch updates that fail or partially complete can render the device unusable.

End-user computers, physical servers, and server chassis also need firmware updates. Windows Update doesn’t provide updates for firmware. These patches are provided by the manufacturer. Patches to both computers and network devices usually require manual steps. Some computer manufacturers provide a “System Update” app that checks for then installs the updates.

LeeShanok’s managed and hosted clients receive periodic device update tickets that are included with their plan. For our clients on Time & Materials billing, the ticket will be billed but doesn’t take much time, especially when compared with the risk of network breach, stolen data and user credentials, and the required time and expense of recovery. Our team can usually perform a firmware check and install patches remotely.

Network device configurations should be included in your company’s backup strategy, which will greatly reduce expense if a device fails or is compromised.

If you are unsure how to update firmware in your network devices and computers, contact your account manager at LeeShanok for assistance.

Your technology Partner,

The LeeShanok Team

Phoenix: 602-277-5757 | Tucson 520-888-9122 | itsupport@leeshanok.com

Yesterday, Microsoft reported on a Chinese group launching attacks against on-premise Exchange Servers in the United States. These attacks gain access to an Exchange Server using stolen passwords or newly discovered vulnerabilities. Then, using a web shell to control the server remotely, it steals data from the network. Targeted industries include infectious disease research, law firms, higher education, federal contractors, policy think tanks, and non-profit organizations. Microsoft’s announcement is found here: https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/

These vulnerabilities and attacks do not affect companies using Microsoft 365 to host their email Exchange Online, nor do they affect companies using other email services like Gmail. But if you have a local on-premise Exchange Server 2013, 2016, or 2019, then read on.

Microsoft announced the release of Security Updates that patch the vulnerabilities being used in these attacks: https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/

• CVE-2021-26855
• CVE-2021-26857
• CVE-2021-26858
• CVE-2021-27065

LeeShanok recommends immediately applying these updates to both externally facing and internal Exchange Servers to protect your company data assets. Even if you are not in one of the targeted industries, your local Exchange Servers are still vulnerable.

Contact your LeeShanok Account Manager to discuss your situation and schedule a ticket to apply these updates. The ticket for our Hosted clients will be covered if your Exchange runs on your hosted server. And it will also be covered for our Managed IT clients if your Exchange runs in your local on-premise network.

Your technology Partner,

The LeeShanok Team

Phoenix:  602-277-5757         Tucson:   520-888-9122       info@leeshanok.com

Periodically, vulnerabilities are discovered that affect many makes/models of home based internet devices. In home internet installations, this is typically a combination device that provides modem, firewall, and wireless routing, and has a port for an RJ11 phone connection or COAX cable connection, and RJ45 ports for CAT6 Ethernet cables. Some vulnerabilities affect only one brand of devices. But recently, a set of “Dnsmasq” vulnerabilities emerged that could be used to mount DNS cache poisoning attacks and compromise the device. Dnsmasq is used by the following modem/router devices

• Google/Android
• Comcast
• Cisco
• Netgear
• Ubiquity
• Others…

If you have an older router, it’s a good time to consider upgrading to a modern and supported device. You can call your ISP and discuss their recommended upgrade path, or shop at Amazon or a local technology retailer for price competition on desired models. LeeShanok is a reseller of Cisco’s excellent lineup of commercial grade firewalls.

CNET has published a nice article to help you understand the new technology available:  https://www.cnet.com/how-to/how-to-tell-when-its-time-to-upgrade-your-router/

And here’s a review of modem/router combo devices for 2021:  https://www.highspeedinternet.com/resources/best-modem-router-combos

Steps to Upgrade Firmware:

1. Your device should have a sticker with important default details. Look for the IP Address, usually 192.168.0.1, and look for the Admin username (usually “admin”) and password.
2. Open a web browser on any computer connected to the internet through the device in question (wired or wireless), and in the address field type the IP Address of the device (e.g. 192.168.0.1).
3. You should see a page where you can enter the username “admin” and the password, and then you’ll be in the Admin Console of the device.
4. You may need to navigate through each pull-down menu, looking for “Upgrade Firmware” (see example below for a CenturyLink DSL Modem/Router).
5. If there is an update available, choose to “Download” it and select a location for the file on your local drive.
6. Click the “Browse” button, and select the file just downloaded.
7. Click “Upgrade Firmware” to perform the upgrade.
8. When it’s finished, the device will reboot.
9. You’re home router is now updated and safe.

If you are unsure how to perform this on your device, contact your account manager at LeeShanok for assistance. Our team can usually perform a firmware update remotely in under an hour.

LeeShanok Network Solutions

3877 N 7th Street | Suite 320 | Phoenix | Arizona | 85014
BRatia@leeshanok.com

We’ve all had our web browsers (Chrome, Firefox) ask if we want to save our password for a website account.

By logging in to your Google or Firefox web browser, you can access these saved passwords from any device running the same web browser, so long as you are logged in to the Google or Firefox account on the device you are using. In addition, the web browser will auto-fill your username and password when you go to that website.

Although this is very convenient, it is not a safe way to manage your passwords when compared with the equal convenience and superior security of a Password Manager. Both Google and Firefox store your saved passwords both in a local web browser cookie and in your Google or Firefox online account.

The local saved passwords can be extracted and unencrypted from any of your devices. Tools to extract and un-encrypt  your saved passwords are readily available, and by using one of these on your device, these tools will show each web site where you’ve saved your password, providing both username and password. This process can be accomplished whether physically using the device or remotely connected to the device.

Best Practice – Use a Password Manager

LeeShanok recommends you extract all browser saved passwords, then install a Password Manager and re-enter your sites, usernames and passwords there. Following this, you’ll want to disable auto-saving of passwords in your web browser account. Firefox published an article Five Myths About Password Managers (https://blog.mozilla.org/firefox/myths-about-password-managers/).

Most Password Managers install a plug-in or add-on to your web browser, and when you log in to the Password Manager, you’ll have all the convenience with much better security. Adding 2-Factor Authentication to your Password Manager account will increase the security of your credentials.

For a list of available Password Managers, see the following reviews:

• PC Magazine – https://www.pcmag.com/picks/the-best-password-managers
• CNET – https://www.cnet.com/how-to/best-password-manager

Disable Password Saving in Web Browsers

• Chrome – https://support.google.com/chrome/answer/95606?co=GENIE.Platform%3DDesktop&hl=en
• Firefox – https://www.howtogeek.com/111555/view-and-delete-stored-passwords-in-firefox/

Please contact your LeeShanok Account Manager right away to discuss your situation and the assistance we can provide your team.

Your technology Partner,

The LeeShanok Team

Phishing and spam emails can use 2 methods to infect your computer, infected attachments, and URL links to malicious websites. Attachments can be saved to your local Downloads folder and scanned for threats prior to opening the file. However, it’s been more challenging to evaluate URL links for threats on the remote website.

Web-based URL scanning services have become commonplace to test links in an email you’ve received. Better to test the URL before you use a web browser to go to a malicious website, which can download malicious content that can infect your computer. There are good URL scanners, and at least one to stay away from.

Risky URL Scanner:  ScanUI  (https://urlscan.io)    DO NOT USE!

First, notice the “Recent Screenshots” section? These are available publicly and will often contain various screenshots from sessions running on the website or server, some of which may contain snips of spreadsheets and other work being done in connected sessions. Confidential information can be scraped from these screenshots by anyone, as they are made available publicly.

Second, notice the “Recent Scans” section? All scans of a website or server are made publicly available, and each recent scan may contain screen shots of connected sessions during the time of that scan.

This site should be avoided, and under no circumstances should you ever enter your own company website or server into urlscan.io. A better alternative would be to use the following “good” URL scan site.

Good URL Scanner:  VirusTotal  (https://www.virustotal.com/gui/home/url)

Your technology Partner,

The LeeShanok Team

Phoenix: 602-277-5757 | Tucson 520-888-9122 | itsupport@leeshanok.com