World-wide shortage of hard drives coming! Lack of availability will drive costs skyward! #EverybodyPanic

Western Digital

It’s all over the news, Thailand has been affected by flooding in a treacherous monsoon season.  Yeah yeah yeah, what does that mean?

Unfortunately, it appears that just shy of half of all hard drive parts are manufactured in Thailand, and the flooding has forced closures at those manufacturing facilities.

In one article, it states that Toshiba has halted hard drive production entirely, and Western Digital has closed their plants as well.  Seagate remains open, but their suppliers are in question.

I’ve already been told by one of our suppliers to expect this shortage to raise prices considerably and referenced a 10 dollar hike in the cost of 250GB drives, probably driven by speculation alone. The same supplier told us that quotes for server, desktop and notebook computers would be valid for only 7 days, effective immediately.

Those in the know are estimating it could take as long as a year to recover from this situation and every manufacturer of computers is likely to be affected by this, causing the cost of your next computer to be considerably higher. A computer repair that requires a hard drive replacement will obviously be higher as well.

Hopefully it will not be like the Cisco ASA shortage of last year, where we had to WAIT for the units to become available.

Today could be the perfect time to get that 3TB hard drive you have been wanting, or to renew some desktops at your business!  Call us today and lock it in if you are in the Greenville / Upstate, SC area.  864.990.4748 or info@homelandsecureit.com

I stole the picture at the right from this article.

What does it mean when your ISP changes DNS servers?

I received a phone call from Charter Business earlier today reminding me that they have deployed new DNS servers and that I should adjust my equipment to use them.

Fortunately, none of our equipment even looks at name servers other than our own in-house server.  But does yours?

First, let’s look at what DNS is….

The simple explanation is: DNS stands for “Domain Name System”, and its function translates common names you enter into your web browser, like “www.google.com, or www.HomelandSecureIT.com” into their IP addresses, kind of like calling 411 and asking for a phone number from a name.

It also functions in the other direction, performing reverse DNS lookups, from an IP address to a hostname.

If you are using a home router or an inexpensive business router which handles DHCP (oh that’s another acronym we will talk about at a later date), giving out IP addresses dynamically to computers and devices that connect, then that device will also give out the DNS server/s these devices should use to do name resolution.

Some servers are handling DHCP and they too may give out DNS servers other than themselves, and even if they ARE a DNS server, they may simply be forwarding lookups to your ISP.

And some devices may be set static, with DNS servers entered manually.

In most of these cases, you may have been given a set of DNS servers to enter when you initially configured your router/server/device.  If your ISP updates the servers and gives you new IPs, you need to reprogram these devices.

The consequences if you do not update these settings? SLOW resolution of names to IPs… Where you enter www.somesitehere.com and hit return and your browser just hangs there doing nothing for a loooooong time, or you get warnings that the site was not found.

When your ISP gives you new servers, it is best to go ahead and update your devices at that moment in time, or else you will forget about it and one day not be able to get to your favorite website causing a “face-palm” and a wasted 15 minutes on the phone because you forgot to write down those IP addresses, or can’t get to your cloud based email.

If you need help in Greenville or Upstate SC let us know….  Call 864.990.4748 or email info@homelandsecureit.com

Secure IT Alert: iPad 2 w/ IOS 5 security flaw could expose sensitive information

It was brought to my attention a bit ago by a client that the iPad 2 with IOS 5 has a flaw that allows the last screen accessed before the Smart Cover lock was engaged.

This is obviously not good for those using the iPad for financial, medical or legal purposes.

The work around until this is fixed correctly is to lock the iPad while on the home screen or a screen which does not display anything of importance (Like “Please Stay Calm” or maybe “Angry Birds”).

A quick search turned up people talking about this on forums and a number of news articles such as this one from cnet.com.

There is mention of a security flaw with Siri that allows people to send text messages, emails and even make phone calls from a password-protected iPhone 4s lock screen.

 

WatchGuard offers the “Red Instead” campaign for upgrading your unified threat management

Do you have a unified threat management or spam protection device that is not from WatchGuard?

If so, and you would like to upgrade to the WatchGuard XTM or XCS series UTMs, then through December 2011 you can take advantage of their offer to allow trade-ins of competitor’s appliances for a three-year XTM Security Bundle on selected models or a three-year XCS Email Security Bundle and pay ONLY for the services.

You get the box for free!

Some of the brands that are acceptable trade-ins are:

  • Aastaro
  • Barracuda
  • Cisco
  • Clearswift
  • Fortigate
  • IronPort
  • Juniper
  • M86 MailMarshal
  • McAfee Email Gateway
  • ProofPoint
  • SonicWall
  • St. Bernard
  • Symantec
  • Trend Micro

For more information, please contact your WatchGuard reseller, or if you’re in the Greenville / Upstate SC area, please call Homeland Secure IT at 864.990.4748 or email info@homelandsecureit.com

Cisco UC320W Unified Communications System Firmware Update 2.1.2 Released to Correct Configuration Utility Login Issue

Cisco UC320W unified communications systemIf you are attempting to log into the administration and Configuration Utility on your Cisco UC320W and find you get a beautiful blue screen, but it goes no further, then chances are that you have Adobe Flash Player 11 installed and a the UC320W has a firmware revision of 2.1.1 (7) or lower loaded on it.

Today, Cisco released 2.1.2 to the cloud for update which addresses that specific issue!

But wait, if you can’t log into the thing, how do you update your firmware so you can log into it?

First, you will need to downgrade your Flash Player to version 10.

To determine which version you are currently using visit here: http://www.adobe.com/software/flash/about/

To download earlier versions of Adobe Flash visit here: http://kb2.adobe.com/cps/142/tn_14266.html#main_Archived_versions

Once you have downgraded your browser to Adobe Flash Player 10 you will be able to log into UC320W Configuration Utility to perform the upgrade, and once complete can reinstall Adobe Flash Player v11.

The 2.1.2 firmware does not correct any other issues or add any features. If you are not experiencing login issues, you may want to hold off until 2.1.3 is released which does add some new functionality, or so we have heard!

Should you require assistance in updating or configuring your Cisco UC devices in the Greenville or Upstate, SC area, please give us a call at 864.990.4748 or email info@homelandsecureit.com – We are a Cisco SMB partner!

Microsoft Releases Security Intelligence Report for your reading pleasure… SIRv11

Microsoft has released Volume 11 of their “Microsoft Security Intelligence Report” or SIRv11, which provides “An in-depth perspective on software vulnerabilities and exploits, malicious code threats, and potentially unwanted software in the first half of 2011”.

One tidbit of interesting information contained in the report is that in the first half of 2011, less than one percent of exploits were against zero-day vulnerabilities and 99 percent of all attacks during the same period distributed malware through familiar techniques like social engineering and unpatched vulnerabilities.

I encourage you to read it in its electronic format as it is 168 pages of eye-glazing information, and we wouldn’t want to kill a tree for it.

You can find the full report and further information at: http://www.microsoft.com/sir

 

Which security standards and awareness compliance requirements apply to your organization?

I came across a very handy document from www.securingthehuman.org that explains which security standards and awareness compliance requirements might apply to your organization.
It is by no means a complete listing, but gives the one minute run-down of the majority of the biggies….

Last Updated: 19 July, 2011

1. Executive Summary
The purpose of this document is to identify different standards and legislations that require organizations to have security awareness programs. This information can then be used to help justify your security awareness program. Any questions or suggestions for this document should be sent to info@securingthehuman.org.

2. ISO/IEC 27001 & 27002
§ISO 27002 8.2.2 – All employees of the organization and, where relevant, contractors and third party users should receive appropriate awareness training and regular updates in organizational policies and procedures, as relevant for their job function. Learn more at: http://en.wikipedia.org/wiki/ISO_27001

3. PCI DSS
§12.6 – Make all employees aware of the importance of cardholder information security.
• Educate employees (for example, through posters, letters, memos, meetings and promotions).
• Require employees to acknowledge in writing that they have read and understood the company’s security policy and procedures.
Download the standard at:
https://www.pcisecuritystandards.org/security_standards/documents.php

4. Sarbanes-Oxley (SOX)
§404(a).(a).(1) – The Commission shall prescribe rules requiring each annual report required by section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C 78m or 78o(d)) to contain an internal control report which shall – state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting;
Learn more at: http://en.wikipedia.org/wiki/Sarbanes-Oxley

5. Gramm-Leach Bliley Act
§6801.(b).(1)-(3) – In furtherance of the policy in subsection (a) of this section, each agency or authority described in section 6805(a) of this title shall establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical and physical safeguards –
• To insure the security and confidentiality of customer records and information;
• To protect against any anticipated threats or hazards to the security or integrity of such records;
• To protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.
Learn more at: http://en.wikipedia.org/wiki/Gramm-Leach-Bliley_Act

6. CobiT
§PO7.4 Personnel Training – Provide IT employees with appropriate orientation when hired and ongoing training to maintain their knowledge, skills, abilities, internal controls and security awareness at the level required to achieve organizational goals.
§DS7 – Management of the process of Educate and train users that satisfies the business requirement for IT of effectively and efficiently using applications and technology solutions and ensuring user compliance with policies and procedures is: […] 3 Defined when A training and education program is instituted and communicated, and employees and managers identify and document training needs. Training and education processes are standardized and documented. Budgets, resources, facilities and trainers are being established to support the training and education program. Formal classes are given to employees on ethical conduct and system security awareness and practices. Most training and education processes are monitored, but not all deviations are likely to be detected by management. Analysis of training and education problems is only occasionally applied.
Learn more at: http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx

7. Federal Information Security Management Act (FISMA)
§3544.(b).(4).(A),(B) – Securing awareness training to inform personnel, including contractors and other users of information systems that support the operations and assets of the agency, of information security risks associated with their activities; and their responsibilities in complying with agency policies and procedures designed to reduce these risks.
Learn more at: http://en.wikipedia.org/wiki/FISMA

8. Health Insurance Portability & Accountability Act (HIPAA)
§164.308.(a).(5).(i) – Implement a security awareness and training program for all members of its workforce (including management).
Learn more at: http://en.wikipedia.org/wiki/Hipaa

9. NERC CIP
The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection Standard.
§CIP-004-3(B)(R1) – The Responsible Entity shall establish, document, implement, and maintain a security awareness program to ensure personnel having authorized cyber or authorized unescorted physical access to Critical Cyber Assets receive on-going reinforcement in sound security practices. The program shall include security awareness reinforcement on at least a quarterly basis using mechanisms such as:
• Direct communications (e.g., emails, memos, computer based training, etc.);
• Indirect communications (e.g., posters, intranet, brochures, etc.);
• Management support and reinforcement (e.g., presentations, meetings, etc.).
Download the standard at: http://www.NERC.com/files/ CIP-004-3.pdf

10. US State Privacy Laws
Many states in the United States have their own individual privacy laws. You can find a listing of most of those state privacy laws at the Morrison & Foerster’s Privacy Library. Many of these privacy laws require some type of awareness training, or at a minimum that the privacy requirements are communicated to employees in that state.
Learn more at: http://www.mofo.com/privacy–data-security-services/

11. EU Data Protection Directive
The European Union has directed all European member countries to develop and define laws regarding the protecting of personal privacy of the citizens of their respective country. While each country’s implementation of this directive is different and unique, many of them require security awareness training to educate people on how to protect individual privacy.
Learn more at: http://en.wikipedia.org/wiki/Data_Protection_Directive

12. Australian Government InfoSec Manual
§0252 – Information security awareness and training: Revision: 2; Updated: Nov-10;
Applicability: U, IC, R/P, C, S/HP, TS; Compliance: must
Agencies must provide ongoing information security awareness and training for personnel on information security policies including topics such as responsibilities, consequences of non-compliance, and potential security risks and counter-measures.
Download the manual at:
http://www.dsd.gov.au/publications/Information_Security_Manual_2010.pdf

You can find the original latest version of this document here.

Should you need assistance with security and compliance at your Upstate or Greenville SC area business, Homeland Secure IT can assist. Call us at 864.990.4748 or email info@homelandsecureit.com for more information!

October updates for Apple products… Patch ’em up!

Apple released a slew of updates to address major security vulnerabilities this week…

Be sure get your devices up to date…

A few of these provide you with additional features, such as the iOS 5 updates, as well as provide the latest in security.
Be warned that if you are using multitouch gestures on your iPad, you will miss them once you install iOS 5, and I have noticed at least a 10% increase in battery drain on my 64GB 3G (Verizon) iPad 2…   Probably due to the “multitasking”, but not confirmed yet.
If you require assistance with these updates, please do not hesitate to call us in the Upstate or Greenville area – 864.990.4748 or email info@homelandsecureit.com

5th Anniversary Celebration in Charleston, SC

Oh how we live for a vacation!  Every year John and I plan a pilgrimage back to Charleston to celebrate our anniversary.  We’ve even managed to incorporate a convention into our trip but we go at least two nights early to have some celebration time for ourselves.  This past Saturday we rushed down to get checked into our hotel and dress for our dinner reservations at Grill 225.  We arrived early enough to watch the sunset on the rooftop of the Market Pavilion and enjoy a drink.  The wind was a bit much and with the sunset the temperature dropped so we found our way to the bar downstairs and ordered a drink.  The Nitrotini is the signature drink of the Market Pavilion and Grill 225.  They arrive at the table complete with celebratory smoke drifting off the drink!  I had the cucumber nitrotini and it was delicious!  John started with a dessert martini swirled with chocolate.  One of the thrills of being an adult… starting with dessert!

We were seated right at 7pm and met our waiter, Jess, who took very good care of us.  As every year, John and I enjoy a filet cooked to perfection with a crispy seasoned outside along with a three pound lobster prepared classic tableside.  We also enjoyed a new side dish of Cauliflower fritters that were very tasty and much more than the two of us could finish.  The dinner was finished off with the baklava purse created by the pastry chef complete with “Happy 5th Anniversary” scrolled in chocolate =)  What great attention to detail!  We both left the restaurant smiling and stuffed … until next year when we anticipate another great night of reflection over the prior year and make future plans and goals to enjoy together!

Pamela Hoyt – Homeland Secure IT

@PamelaHoyt   –   http://www.facebook.com/PamelaMHoyt

Microsoft BPOS users notified to plan for Microsoft Online Services transition to Microsoft Office 365

Microsoft BPOS users are being notified to plan now for a transition to Microsoft Online Services in the next 30 days.

If you are currently using BPOS, you should have received an email by now, if not, you should visit the Microsoft Online Services transition center web site for more information.

As a Microsoft partner, Homeland Secure IT can help you establish cloud solutions through Microsoft’s Office 356. Please let us know if we can offer any information or support by calling 864.990.4748 or email info@homelandsecureit.com