Be careful what you download

I was reading this online news article titled:

“One in 14 Downloads Is Malicious”

“The next time a website says to download new software to view a movie or fix a problem, think twice. There’s a pretty good chance that the program is malicious.”

I am sure most have seen pop-up windows while browsing the internet when suddenly, a WARNING flashes at you saying “you’re infected with hundreds of virus”. If you are lucky, you can click close and all is well. But sadly the majority get infected with what I call “scareware” in which you are attacked with an endless barrage of fake virus alerts and request to buy “the hackers” anti-virus program to remove the viruses which they used to infect you in the first place.

Working in the response center here at Endsight, I do my best to quickly resolve virus issues and limit production down time by trying to do a Windows system restore as soon as the virus hits. It doesn’t work all the time unfortunately since newer virus are starting to disable system restore. What we then have to do is hunt down the virus manually by booting into safe mode and running malware removal programs and inspecting the registry to clear the infection.

The main question I get from clients is, why do people do this. I find that people do this for different reasons, most for monetary reasons such as redirecting websites in attempts that you buy whatever is advertised there.  Also for the personal gratification that they were able to pull off such an attack on so many systems. Evil you say, I would agree.

Unfortunately, even the most secure computers with the latest antivirus software updates and protection can get bypassed when hackers exploit new holes in the system. Fortunately, Endsight is able to limit these attacks and the spread of chaos to other systems on the network through regular updates and patches. But in the end, it’s really up to the user to decide whether to browse unsafe websites or click on that suspicious link and download the video which a “friend” has sent of the funny cat playing the piano.

About Luan Trinh, Endsight Response Center Engineer:

Luan is a native San Franciscan with a B. A. degree in Graphic Design from San Francisco State University. He has an A+, Network+, MCDST, Windows 7 MCITP, and CCENT certification.  Luan has 5+ years’ experience doing remote tech support in a corporate environment for 2500+ users. He enjoys spending time with his wife and two children looking for the coolest museum and parks to explore and have fun. Some of his hobbies include photography, looking for online deals for electronics, tennis and watching sitcoms from the 80’s.

7 Simple Ways To Keep Your iPad Secure

This is a great list posted by our friends in Florida, Connections for Business.  I liked it so much, that I’ve decided to repost it.  You can find the original post by clicking here.

Don’t leave it lying around Although this is common sense, you’ve probably violated this rule more than once. iPads are easy targets for thieves, so don’t let it out of your sight when in a public place – and don’t leave it in plain view in your car or you might end up with a broken window in addition to a stolen iPad.

Use a passcode Although it’s not 100% hacker-proof, it will block unauthorized users from accessing your information. Consider enabling automatic data erasing You can configure your iPad to erase your data after 10 failed passcode attempts. Clearly this is not a good solution for anyone who constantly forgets a password or those who have kids who might try to endlessly log in to use your iPad.

Sign up for MobileMe This software will allow you to locate a lost iPad and, if it’s not recoverable, you can remotely wipe the device of your private information.

Limit its capabilities You can set your iPad to restrict certain functions such as access to Safari, YouTube, installing applications and explicit media content using a passcode. In the corporate world, an IT administrator could set these restrictions for company owned devices. At home, you can use this to restrict what your children can do with your iPad.

Install software updates As with all software, make sure you have the latest security updates and patches installed to protect against hackers and viruses.

Only connect to trusted WiFi networks Public WiFis are open territory for hackers and identity thieves. Whenever you connect, make sure it’s a legitimate, secure connection.

Internet Bandwidth Options

Reliable, high-bandwidth Internet connectivity used to be a “nice to have”, but this is quickly changing. Traditionally, office based computer users accessed shared computing resources via a local area network (LAN). Internet outages and slowdowns would disrupt web browsing and e-mail but work could continue because a LAN centric computer network didn’t require an Internet connection to provide users access to resources such as file sharing, print sharing and database access. The only people that were completely shut down by a disruption were remote workers.

Over time, businesses have come to rely more and more on their connection to the Internet. That reliance is accelerating with the advent of cloud computing. Broadly, cloud computing is using the Internet to deliver computing services such as e-mail and CRM. I’ve written about cloud computing before, you can read more about the benefits of cloud computing by clicking here.

Over the next few years it’s expected that businesses will migrate their LAN centric computer networks to a cloud-based computing environment. In a cloud-based computing environment every worker is a remote worker that’s completely dependent upon the organization’s Internet connection for access to corporate computing resources. This dependence really elevates the importance of the quality of the Internet connection. In addition to being reliable and fast, the connection really should have some redundancy built into the design.

At Endsight, we’ve been working with our clients to help them plan for this transition as part of our “all-inclusive” outsourced IT support program. Typically, we employ a design that includes hardware from SonicWALL and two Internet connections from competing Internet service providers (ISP)’s.

The hardware design and integration is fairly straightforward but selecting the right mix of ISPs isn’t as easy as it sounds. There are a lot of options each with its own cost / performance tradeoffs. I thought I’d try to summarize the available options. I’ve also linked to Wikipedia descriptions of each option if you’d like more detail.

Telecom options include DSL, T-1, & MPLS connections. Basically, these options leverage the phone company’s (mostly AT&T) telephone infrastructure. These solutions are tried and true and include service level assurances. You can purchase these options from a variety of providers and resellers. If this option makes sense, it’s important to work with a provider that will offer more support than simply providing a 1-800 number.

WiMax or fixed wireless broadband internet is becoming more and more popular. Instead of providing a connection using wires, this option uses fixed wireless antennas that are installed on the roof of a building. These antennas point to other antennas that terminate a connection into the public internet. This option offers high speeds at an economical cost. Its key limitation is that to work the antenna must have a line of site to the terminating point. This can sometimes be a real challenge.

Fiber-optic communication uses pulses of light transmitted through optical fiber. It is extremely fast and when compared to many other options, its cost / throughput is really economical. The main drawback is that the optical fiber required to transmit a signal is kind of scarce. If your business is in a metro area such as San Francisco or Oakland then your building may be “lit” meaning a fiber connection may already be available in your location. If not, then to take advantage of this technology the Telecom Company or ISP will have to deploy optical fiber and that could be prohibitively expensive. To find out if your building is “lit” send me an email and I’ll be glad to put you in contact with a partner that can help you.

Cable internet access uses the same infrastructure that is used to deliver cable television. It also offers high speed / high throughput internet access for an economical cost. As with fiber-optic communication, cable is dependent upon availability. In addition, cable is less reliable then some of the other options out there. This is less of an issue if there is a redundant connection from a Telecom or one of the other providers.

As I said, this is only a summary of some of the options. There is a lot more to this. If you feel like a deeper dive into your options might be helpful, please feel free to connect with us at Endsight. We included IT Strategy and part of our fixed fee outsourced IT service

Cloud Computing

There is a lot of noise about cloud computing. It’s fairly new and new is exciting. So what exactly is cloud computing? More importantly, why should a small business owner care?

The cloud is a metaphor used to describe the Internet. Cloud computing is building on that metaphor to describe using the Internet to deliver computing resources as a service. Broadly, cloud computing is the convergence of three technologies: server virtualization, utility computing and software as a service.

1. Virtualization allows software to be separated from physical hardware.This in-turn, allows a single physical server to become 10, 50 or even 100 virtual servers.
2. Utility / grid computing allows server capacity to be accessed across a grid of systems.This in-turn allows computing capacity to increase or decrease depending on user or resource demands.
3. Software as a service allows on-demand software applications via the Internet to be purchased on a predictable monthly subscription basis.

This convergence allows a provider to aggregate many computing resources and profitably deliver those resources as a service for a fixed monthly fee.

The resulting delivery model is highly efficient, but it’s not the key reason for a small business to consider cloud computing. The key reason is best illustrated by looking back a century ago to the emergence of the national electricity grid.

Originally, if a business needed electricity it would have to build and fund the generating capacity on its own. Boilers, turbines and transformers were expensive and so only the largest firms could afford the new technology. The emergence of the grid allowed everyone access to electricity on a subscription basis. All one had to do was plug in. No more expensive capital projects.

In the modern era, mostly because of its size, a small business is inherently forced to either pay for more computer resources than it needs or to suffer with systems that won’t quite do the job. It’s an unwinnable contest that does not balance out.

Cloud computing gives a small business the ability to finally balance that equation by allowing them to pay for only the specific IT resources, service and support they need. Small businesses no longer have to lay out huge amounts of capital for servers, software and staff to build and maintain IT resources such as corporate email, shared files and accounting applications. Instead, they can plug into a computing cloud and access only the resources they need on a fixed fee subscription basis.

As with any new technology, there are a lot of options and providers to consider working with. If cloud computing is an option for your business, moving an on-premise computer network to the cloud needs to be thoroughly planned. For more information about cloud computing click here.

In addition to operating a private computing cloud, Endsight manages more than 100 on-premise computer networks. If you’d like to discuss your current situation and determine the cloud’s applicability to you’re business click here to schedule an in-person meeting.

Is moving an office in your future plans?

When I was in college, I had to move every year.  I lived in a fraternity house and that really simplified the logistic. But even though I never had to move more than a few doors down the hallway, I still didn’t like it.  The idea of a uprooting all of my things, transporting them, and then having to find new places for everything, was a daunting task that stressed me out every time.

As Endsight’s outsourced IT business has grown, we’ve been heavily involved in a staggering number of office moves. Every time, it’s easy to remember the stress I felt as an undergraduate with my mini fridge and futon.  Obviously, the client has much more to consider which makes the stress level even greater.

No two office moves are ever the same.  But having been through enough of these, I thought it would be helpful to list some of the key advisers and partner/vendor rolls to consider as part of your planning process.

Many of our clients begin the process by seeking council from key strategic advisers.

Contemplating a Move:

Commercial Realtor (Help you selected a new location)

Banker (Help decide the best way to finance the move)

Accountant (Help you decide if you can afford the move)

Lawyer (Help you avoid costly legal issues associated with the move)

Once a location has been selected, there are a number of other partner/vendors to involve in the process.

The New Office:

General Contractor (Tenant improvements)

Architect (Make it look fabulous)

Cable Installer (Network cabling)

HVAC (Server room)

Signage (Sign out front, names on the office Doors)

The Move:

Mover (To get from point A to point B)

Phone System Support (Take down and set up phones)

Computer System Support (Take down and set up computer systems)

Internet and Phone System Connectivity (Connect to the outside world)

Office Furniture (Acquire new and /or liquidate old)

Printers, Faxes & Copiers (Often times these are under contract)

Communication:

Marketing (Promote new location, update Website, send a news letter, and create a promotional item)

Printed Materials (Letterhead, business cards, marketing collateral)

Most businesses enjoy existing relationships to leverage as part of the planning process.  If your company needs help filling in the roster, Endsight can help by facilitating introductions to our network of colleagues.  If your small business is planning a move click here.   We would be happy to meet in person with you to discuss your plan.

Beware of Facebook frauds and Google goons | Adventures in IT - InfoWorld

Social media and search engine scams are on the rise. Cyberthieves are finding new ways to slip onto your computer and into your pocket. Are you really sure you’re safe?

If any of my Facebook friends get a message from me that reads like this, “I’m in a Turkish prison and need you to wire me $1,000 dollars.”  Please try to call my wife first.  She’ll know what to do. 

Scams and shams are increasing on Google and other popular sites.  The cyber world is a dangerous place where the bad guys can look like good guys.  I encourage you to give this article a good read.  (Read the article by clicking here)

To avoid internet viruses and other traps intended to download malicious software on your machine it’s important to:

1. Implement a centrally managed antivirus solution

4. Consider restricting network / user permissions with regard to software downloads

We’ve baked these countermeasures into our outsourced IT service approach.    If you’re concerned about your exposure to the cyber slime, contact us, and let’s discuss your options.

Make sure you have a handle on your IT resources

2009 has been a tumultuous year for the small-business Owner. Cutbacks and spending freezes from our customers have forced many of us to make some very difficult decisions with regards to employee retention.

Some of us have been forced to lay off some really good people as we attempt to reduce our cost structures, collect on outstanding receivables and most importantly find new revenue.

I came across a recent article by Roger Grimes entitled “Do you have a handle on your managed resources?” The article is really geared towards a larger IT department but I think it sheds some light on a new challenge that the small-business owner needs to consider.

From a computer infrastructure perspective each employee must exist as a user on the network. In addition to being assigned a physical workstation, that user needs the workstation to be assigned as a resource on the network. Each user and resource are then granted permissions and assigned to groups based on their job roles.

For example, you hire a new controller, and want to give him or her a workstation with access to email, shared files and your accounting data.

To accomplish that on the network your controller is created as a network users in your network directory. He or she is then assigned a workstation as a resource. The controller is granted permission to access email, shared files and your small businesses accounting system as a member of the finance group.

Proper maintenance of this directory is essential to maintaining a secure, reliable computing environment. As new employees start and others move on, this directory must be updated to avoid risks to security. (stale accounts give malicious hackers great opportunities to exploit your network)

This is a difficult process to maintain under normal circumstances, but for the last nine months our business environment has been chaotic. It’s a good bet that network directory maintenance has taken a backseat to far more pressing issues. But it should be addressed and the sooner the better.

Roger’s article is a pretty easy read and it should help provide some direction for those of you that feel like you can take care of this issue by yourself. But as Roger related his story, it’s really easy to delete items from the directory and cause a catastrophe. (Follow this link to read the specific example) So if you’re going to attempt to do this yourself you need to know that you might delete something that could take your entire network down.

At Endsight, we’ve developed add move and change policies that we’ve baked into our internal systems and procedures. Our team does this all the time and we can guarantee our work. If you need help with this issue or with any other aspects of managing your computer network please feel free to contact us.

Firms Not Cutting IT Security

This is an article I found in business weekly which addresses Endsight’s main IT Security direction. Although the economy is down, companies cannot afford to skimp on security and IT maintenance. Endsight now offers virus and spam protection at the desktop and server levels. Many of our clients are realizing the value in protecting their most important asset- their knowledge. Back up is becoming more practicle, affordable and important these days. It’s a safe guard that many companies only realize the importance of once its too late.

Please enjoy this article written by Stewart Baines of silicon.com

Despite tight budgets, CIOs, faced with rising threats from malware and disgruntled employees, have decided it pays to be wary, surveys show

With IT budgets flat or declining, you might have expected security spending to be similarly under pressure. But it seems CIOs faced with rising threats—including those from malware and disgruntled employees—have decided that it pays to be wary.

Indeed, several surveys have reported that enterprises are increasing their security budgets in 2009 despite cuts in overall IT budgets, with tech chiefs expecting security issues to grow this year as a result of the economic uncertainty.

Speaking to IT directors, the story is the same: downturn or not, cutting security spending is not worth the risk.

Jane Kimberlin, the IT director of Domino’s Pizza, which is bucking the trend of depressing financial results thanks to diners downsizing to a takeaway, said: “We are in fortunate position of finding the downturn not affecting sales. Consequently I am not experiencing any budget constraints at all.

“Having said that, I don’t think we would ever reduce our security budgets. I often talk to other CIOs in the FTSE 250 and it’s not something anyone has said they would do.”

Similarly David Supple, IT director for Ecotec, a management consultancy working in the public sector, said despite the tricky economic climate: “Overall our IT security budgets are not down a lot.”

Crisis, what crisis?
So with IT security budgets largely intact, are companies well prepared for the challenges ahead? Over the past year there have been a string of high profile data breaches, and embarrassing cases of lost laptops, USB drives and CDs in the public and private sector.

But the fear is that such mistakes could be replaced with the deliberate theft of data, with disgruntled former employers made redundant in the downturn fuelling the insider threat to IT security.

Alan Rodger, senior research analyst, Butler Group said: “The insider threat is the most significant. With people’s jobs coming under threat, some will make the most of the opportunity before they leave. For others, simply being told their pay is being cut might inspire them to breach security.

“Investment over the years has focused on security threats outside of the organisation but I believe companies now need to spend a lot more time looking at the threats from within.”

Rodger’s stance is underlined by a recent Ponemon Institute survey of 950 people who had lost or left their jobs during the last 12 months. The research found nearly 60 per cent of them took company information, such as customer contacts, when they left.

The threat of flexibility
As the downturn rumbles on, there is pressure from business managers to be more flexible and cut costs: get closer to customers, work from home more often, and reduce the overhead on centralised offices. The counterpoint is that data leaves the once fortified confines of a company’s premises.

“My internal customers need to be more mobile and so we have seen an explosion of devices on market like netbooks which help them do this. I have to get the balance between making services accessible and security, and security has to win every time,” Domino’s Kimberlin said.

“But we have to recognise that there is a blurring between our work and personal lives so if our employees want to use social networking for instance, we let them do it as long as it doesn’t compromise our security,” she continued.

Ecotec’s Supple added: “Employees are working at weekends and in the evenings from home, maybe when they were not doing it before and using equipment that is not ours,” adds Supple. “Our perimeter has grown.”

So what can an IT director do when faced with conflicting pressures to make working practices more flexible, yet make access to sensitive corporate data more secure, particularly when there is little money around for investment in anything other than business-as-usual security? The trick is to focus investment on where it makes a difference.
Burton analyst Rodger said: “Over the years, most IT security projects have not had to be qualified by a business case but that is changing. Many businesses are recognising that they need to assess the risk, and find a balance between financial cost and the probability of a breach happening.

“When you understand the risk—and how the economic crisis could increase risks—you stop making short-term cost savings in the IT security budgets in ways that leaves you open to the worst risks.”

http://www.businessweek.com/globalbiz/content/mar2009/gb2009039_621530.htm?chan=top+news_top+news+index+-+temp_global+business

Don’t Be Afraid, Be Prepared

Over the course of a year, we meet with hundreds of small business owners and executives and the issue of network security is one of the most confusing and daunting for nearly all.

While many businesses have a healthy fear of network breaches, far more concerning are those who believe they are “below the radar.” We often hear statements such as “Nobody would want to steal my data” or “We’ve never been attacked before.” Unfortunately, it’s not just high profile businesses that are attacked.

What most executives don’t realize is that most of the time, no one is interested in actual data. There are many other reasons why networks get exploited. By understanding these reasons, it becomes inherently clear that any company relying on its computer network needs a basic level of security.

As mentioned previously, theft is a primary motivator for security breaches. But, it’s not the data being stolen. If your systems are not properly protected a hacker can install a program called a Key Stroke Logger (KSL). This software tracks every key stroke typed on an infected machine. The hacker can determine usernames and passwords, not only to your network but also to any website you visit - including your bank. (As it turns out, it is a lot easier to hack your computer than your bank!) Using KSL software, a hacker can access your accounts and steal your identity. Small business owners are left worrying not only about their personal and corporate accounts, but also about lawsuits from employees affected by negligent security.

Other network attacks are the result of ill will harvested in the process of running your business. It’s not
uncommon to see a scorned employee, irritated vendor, or angry customer retaliate in the form of a ‘hack.’ Indeed, the software used to attack networks is freely available on the internet and anyone with reasonable computer skills and time can take advantage of an improperly managed network.

Finally, boredom is a prime motivator of hackers. Many are computer savvy kids who feel a great sense of power by taking control of a stranger’s network. The hacker specifically targets an improperly secured network, runs a basic attack and takes control. With the keys to the kingdom, the hacker may engage in anything from an elaborate prank to the illegal hosting of pirated movies, pictures and music. For the unfortunate business owner, it all adds up to downtime, data loss and potential embarrassment.

If you think your company may not be taking appropriate precautionkey stroke logger,kls,s with network security, chances are you’re right. Consider outsourcing your IT management to a company that can administer the network using industry best practices; however, if your philosophy is to handle these issues internally there are resources that can help. ICSA is a third party organization that evaluates and certifies all internet security products. It is an excellent resource for deciding which solution is most appropriate for your network.

After all, education is the key to preventing network security breaches.