So you have been cruising along at your business for years and all has been great, but now, out of the blue, people on your network are having trouble viewing websites.
You found that if you reboot that firewall (pull the plug on the thing since there is no power supply) that YOU get back online right away, but then later that day, someone else on the network is now having trouble accessing websites so you reboot the firewall and all is well, for a while.
What could it be? It MUST be the firewall going bad since that fixes it.
Before jumping to that conclusion and just replacing the device, think back. Has your company grown? Maybe you have added a few new employees, or, maybe you have added tablets or other connected devices.
What could be happening here is that you have added one too many devices to your network and exceeded the number of seats that your firewall appliance supports. When you originally purchased that device, a technician counted the number of computers, servers and connected devices and said “You need a 25 user firewall and it will cost $xxx.xx”, to which you agreed and promptly forgot about.
Now, flash forward to today and your 12 users and a server have grown to 15 users, two servers and many people have iPads or Android tablets or phones, taking you past the 25 user limit. The last person to connect once you go over the limit will generally be denied access to websites by the firewall, as a warning that you have exceeded the license terms, and it probably won’t “reset” just by turning that computer off, you will have to reboot the firewall to free unused seats up.
So what are you going to do about it? I guess you could tell the employees to stop connecting their personal phones to your network, or you could replace the firewall with a cheap router that has no limitations.
Both will work, but are bad ideas.
The real solution is to correct the licensing issue. Determine how many connected devices you have within your network, and estimate how many you will need for the next year, then talk to a vendor who can provide the proper licenses and apply those for you. Don’t forget to include VoIP and security systems, even copiers and connected printers, as they may require a seat too.
If you are experiencing rapid growth, consider upgrading to an unlimited license.
Just a note – If you have an old device, say 4-5 years old, now may be the time to consider upgrading the entire device to the latest technology at the same time you correct the user limitation!
Should you require help with this, Homeland Secure IT offers sales and support of most major brands of firewalls. We partner with Cisco, WatchGuard, SonicWALL, TrendNet, D-Link, NetGear and more! Call us for more information in the Greenville / Upstate SC area – 864.990.4748 or email info@homelandsecureit.com
What is your objection to cloud based data backup? Here are some points to consider… #Symantec #Cloud #DisasterReadiness
Offsite, online, cloud backup for your business
Homeland Secure IT encourages the use of backup solutions to complete your disaster readiness plan. One of our recommendations is to implement remote, cloud based backup. Even if you have existing onsite backup, it gives you an extra layer of protection.
We partner with some of the biggest and most trusted names in offsite, cloud based backup providers such as (locally owned) Servosity, Mozy Pro and of course, Symantec.
Below, Symantec.cloud counters some of the most common objections to backing up your data offsite:
“My data won’t be secure”
- With Symantec Backup Exec.cloud, your data is secured during transit using 128 bit SSL encryption and stored using 256 bit AES encryption when at rest in Symantec’s highly secure, enterprise-class facilities.
“Online Backup will drain my bandwidth”
- After your initial backup, Symantec Backup Exec.cloud uses block level, incremental backup and performs backup of file changes only.
- Symantec Backup Exec.cloud uses bandwidth throttling to minimize impacts to your business productivity.
“It will be too difficult to manage”
- Automate backups to run on a schedule, or to backup when file modifications occur.
- Let us manage your backups for you!
- It’s easy to administer yourself – hassle free set up in just three steps.
“Backup is too expensive”
- BE.cloud offers usage-based pricing with no per-user licensing fees
- Subscription fee includes support, maintenance, and enhancements.
- With this solution there is no need to pay for resources to manage and maintain the backup system or for off-site tape storage.
“We don’t really need backup, we use removable drives and discs”
- What happens if the drive/disc is damaged, fails, is lost or stolen?
- How often are you performing backup? – Using removable drives and discs is a manual process that requires time – your time – to manage them. What could you be doing if this process was automated? Would your backup happen more regularly than it does now?
- Are there PCs or laptops that aren’t protected by using this method?
- What would happen to your productivity if one of these machines suffered a disaster/hardware failure? Would your workers lose data they need to do their jobs effectively? Would you lose any customer records, business or financial information?
“We want to manage our backup onsite”
- On-premise backup solutions can be expensive and require someone (perhaps you) to maintain them.
- On-premise backup solutions place the burden of security, storage and tape/disc vaulting on you. They also expose you to the risk of losing equipment and data in the event of a local natural disaster. - Use online backup with your existing on-premise solution to address off-site protection!
- Online backup replaces large upfront investments with predictable subscription based pricing. Managed virtually onsite using a web browser, you can not only manage and monitor the backup of machines at your location, but also at remote offices and on the machines of your mobile workers.
If you would like to know more about backing up to the cloud, or would like to discuss your backup / disaster recovery plan, please call 864.990.4748 or email info@homelandsecureit.com today. We provide complete service and sales of physical, onsite backup systems, from tape to disk in addition to cloud solutions.
I came across a very handy document from www.securingthehuman.org that explains which security standards and awareness compliance requirements might apply to your organization.
It is by no means a complete listing, but gives the one minute run-down of the majority of the biggies….
—
Last Updated: 19 July, 2011
1. Executive Summary
The purpose of this document is to identify different standards and legislations that require organizations to have security awareness programs. This information can then be used to help justify your security awareness program. Any questions or suggestions for this document should be sent to info@securingthehuman.org.
2. ISO/IEC 27001 & 27002
§ISO 27002 8.2.2 – All employees of the organization and, where relevant, contractors and third party users should receive appropriate awareness training and regular updates in organizational policies and procedures, as relevant for their job function. Learn more at: http://en.wikipedia.org/wiki/ISO_27001
3. PCI DSS
§12.6 – Make all employees aware of the importance of cardholder information security.
• Educate employees (for example, through posters, letters, memos, meetings and promotions).
• Require employees to acknowledge in writing that they have read and understood the company’s security policy and procedures.
Download the standard at:
https://www.pcisecuritystandards.org/security_standards/documents.php
4. Sarbanes-Oxley (SOX)
§404(a).(a).(1) – The Commission shall prescribe rules requiring each annual report required by section 13(a) or 15(d) of the Securities Exchange Act of 1934 (15 U.S.C 78m or 78o(d)) to contain an internal control report which shall – state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting;
Learn more at: http://en.wikipedia.org/wiki/Sarbanes-Oxley
5. Gramm-Leach Bliley Act
§6801.(b).(1)-(3) – In furtherance of the policy in subsection (a) of this section, each agency or authority described in section 6805(a) of this title shall establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical and physical safeguards –
• To insure the security and confidentiality of customer records and information;
• To protect against any anticipated threats or hazards to the security or integrity of such records;
• To protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.
Learn more at: http://en.wikipedia.org/wiki/Gramm-Leach-Bliley_Act
6. CobiT
§PO7.4 Personnel Training – Provide IT employees with appropriate orientation when hired and ongoing training to maintain their knowledge, skills, abilities, internal controls and security awareness at the level required to achieve organizational goals.
§DS7 – Management of the process of Educate and train users that satisfies the business requirement for IT of effectively and efficiently using applications and technology solutions and ensuring user compliance with policies and procedures is: […] 3 Defined when A training and education program is instituted and communicated, and employees and managers identify and document training needs. Training and education processes are standardized and documented. Budgets, resources, facilities and trainers are being established to support the training and education program. Formal classes are given to employees on ethical conduct and system security awareness and practices. Most training and education processes are monitored, but not all deviations are likely to be detected by management. Analysis of training and education problems is only occasionally applied.
Learn more at: http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx
7. Federal Information Security Management Act (FISMA)
§3544.(b).(4).(A),(B) – Securing awareness training to inform personnel, including contractors and other users of information systems that support the operations and assets of the agency, of information security risks associated with their activities; and their responsibilities in complying with agency policies and procedures designed to reduce these risks.
Learn more at: http://en.wikipedia.org/wiki/FISMA
8. Health Insurance Portability & Accountability Act (HIPAA)
§164.308.(a).(5).(i) – Implement a security awareness and training program for all members of its workforce (including management).
Learn more at: http://en.wikipedia.org/wiki/Hipaa
9. NERC CIP
The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection Standard.
§CIP-004-3(B)(R1) – The Responsible Entity shall establish, document, implement, and maintain a security awareness program to ensure personnel having authorized cyber or authorized unescorted physical access to Critical Cyber Assets receive on-going reinforcement in sound security practices. The program shall include security awareness reinforcement on at least a quarterly basis using mechanisms such as:
• Direct communications (e.g., emails, memos, computer based training, etc.);
• Indirect communications (e.g., posters, intranet, brochures, etc.);
• Management support and reinforcement (e.g., presentations, meetings, etc.).
Download the standard at: http://www.NERC.com/files/ CIP-004-3.pdf
10. US State Privacy Laws
Many states in the United States have their own individual privacy laws. You can find a listing of most of those state privacy laws at the Morrison & Foerster’s Privacy Library. Many of these privacy laws require some type of awareness training, or at a minimum that the privacy requirements are communicated to employees in that state.
Learn more at: http://www.mofo.com/privacy–data-security-services/
11. EU Data Protection Directive
The European Union has directed all European member countries to develop and define laws regarding the protecting of personal privacy of the citizens of their respective country. While each country’s implementation of this directive is different and unique, many of them require security awareness training to educate people on how to protect individual privacy.
Learn more at: http://en.wikipedia.org/wiki/Data_Protection_Directive
12. Australian Government InfoSec Manual
§0252 – Information security awareness and training: Revision: 2; Updated: Nov-10;
Applicability: U, IC, R/P, C, S/HP, TS; Compliance: must
Agencies must provide ongoing information security awareness and training for personnel on information security policies including topics such as responsibilities, consequences of non-compliance, and potential security risks and counter-measures.
Download the manual at:
http://www.dsd.gov.au/publications/Information_Security_Manual_2010.pdf
You can find the original latest version of this document here.
—
Should you need assistance with security and compliance at your Upstate or Greenville SC area business, Homeland Secure IT can assist. Call us at 864.990.4748 or email info@homelandsecureit.com for more information!
My first reaction to the news that read “Hackers break SSL encryption used by millions of sites – Beware of BEAST decrypting secret PayPal cookies” was, “What took ‘em so long?”
The article above gives all the details you can stand, and a quick search of Google for news articles will tell you everything else you want to know.
The skinny is this: All versions of Transport Layer Security (TLS) 1.0 and earlier are susceptible to listening in on their magic. IE: When you are using websites protected with TLS 1.0 and are hit with a browser exploit, everything is in the clear.
How do you protect against this one? Since this is likely a man-in-the-middle type exploit, using public wi-fi may make it easier for an attacker to make it happen. It also requires that the “BEAST” browser exploit be somehow loaded on your computer. How that payload will be delivered has yet to be determined.
Consider keeping virus definition up to date, using quality anti-virus like Trend Micro Worry Free for your business, or Titanium for your personal computer or smaller business. Keep the OS up to date, the browser and all support applications such as JAVA and Adobe Flash Player should also have the latest updates.
Be careful about which pages you visit, sites with questionable content (think porn, “warez”, etc) are excellent places to avoid.
Using a VPN when on public wi-fi is always a great idea.
While the proof of concept has not been released, expect copycat “BEAST” exploits to be out within weeks, or even days…
Be careful out there! (And don’t think this will be limited to Microsoft Windows and Internet Explorer… Expect Mac, Android, iPad, iPhone, Mozilla & Chrome to get in on the action too)
A couple weeks ago I was watching a conversation about the popularity of certain devices for browsing and thought I would pull out some recent information about our own website, http://www.HomelandSecureIT.com…
Here’s a look at our site for July 1st until August 1st broken down by browser and platform:
Homeland Secure IT Browser Stats
Other than the super-high bounce rate, we see some important information…
Internet Explorer running Microsoft Windows is just darn popular! Followed by Firefox and then Chrome, also on Windows… In fact, they account for about 80 percent of all traffic…
Up next is Safari & Firefox on the Mac… And then down a bit is Chrome on the Mac. Mac is the apparent source of 9.38% of traffic to our site (And less than 5% of our business).
The iPad viewers and the Android viewers accounted for 2% and 1.2% respectively… So a number of people were sitting on the toilet while surfing our site.
Here’s a further break down of mobile user specs:
Homeland Secure IT mobile browser info
iPad, iPhone & iPod dominates this category for sure, with Android 2nd, and Blackberry 3rd… Windows made a horrible showing… And what’s up with Palm? Someone is using that? hehe
I compared these stats to July 2010 and found Android usage has come up considerably, but iPad maintained a steady lead even then.
Looking at the percentage of Windows versus other platforms, Windows has lost only a two percentage points in a year, and those were taken up by mobile devices.
It will be interesting to see what this looks like in another year. I’m guessing mobile device usage will continue to grow, maybe even at an accelerated rate due to the large numbers of new tablets being introduced, and smartphones replacing older cell phones…
What are your experiences with your own website/s?
Toshiba Thrive Android Tablet
If you are one of the many looking for an alternative to the iPad and can’t bring yourself to like Windows based tablets, Toshiba may have the device for you.
The Toshiba Thrive 16GB tablet is a brand new product featuring:
- Android 3.1 Honeycomb (Yes, it has Flash!)
- 16GB storage, 1GB DDR2 memory
- 10.1″ Display with 1080p resolution (1280×800)
- NVidia ULP GeForce graphics for fast graphics
- Stereo speakers w/Toshiba sound enhancements SRS Premium Voice Suite
- Dual cameras – 5megapixel on the back (720p capture) and 2megapixel front facing with microphone
- Expansion ports! HDMI to allow connection to your big screen or a projector for presentations, full size SD card slot, USB 2.0 (Both full sized and mini!), docking connector and a stereo headphone jack
- 802.11b/g/n Wi-Fi and Bluetooth 3.0 + HS
It also has a rubberized finish that helps you keep your grip and a replaceable battery!
There are a growing number of Android based tablets, but this one could very well be the best of the bunch (so far)…
To purchase this tablet, call us at 864.990.4748 or email info@homelandsecureit.com – We are a Toshiba partner here in Greenville / Upstate, SC.
If you would like to discuss how this product or any other tablet may work within your business, please call us…
As a Microsoft Partner, we keep abreast of all the offerings that MS has that may be of interest to our clients. One area of interest has been The Cloud as momentum in Cloud Computing / Cloud Services has been building slowly but steadily as businesses search for ways to save money and reduce personnel & IT costs.
Google Apps and Microsoft BPOS (Business Productivity Online Services) have really taken off as a way to possibly avoid having a mail server onsite and to save money on the purchase of office suite software, since the mail client is web based (or you can combine it with your out client, such as Outlook).
Earlier this week, Microsoft unveiled their Office 365 product, which is designed to attract those who hate the idea of purchasing a product, and would prefer to license a service or product.
In theory it is good… You are renting the software and it is cloud based. In practice, it may not be realistic for your business if you have lousy internet connectivity.
A ZD Net article the other day also claims that lack of bandwidth will be the downfall to these types of services. Find it here:
If you have a business in the Greenville / Upstate, SC area and would like to know whether a cloud solution such as Office 365 can work for you, please call us and let’s talk! 864.990.4748 or email info@homelandsecureit.com – We are Microsoft Specialists!
The WHO (World Health Organization) proclamation that cell phones could, maybe, possibly, some way somehow, cause cancer has a bunch of people up in arms.. There are now groups of people swearing off cell phone usage, and now places declaring they are a “cell phone free zone” all in a matter of hours after the WHO announcement.
Sure, they may have a valid concern, but what about the more immediate concern about your smart phone security?
Not much is being said about this one, but I hope that will change. It seems that users of smartphones will believe anything! If an app asks for credentials to a social media site, people give them without questioning it at all. A group of researchers published their findings about 100 apps designed for both the iPhone and Android phones in which they came up with more than a dozen ways in which scammers could utilize malicious code to allow the collection of user names and passwords on popular social media sites!
Here’s their findings…. http://w2spconf.com/2011/papers/felt-mobilephishing.pdf
Obviously, the phishing is good in smartphone land!
Expect more to be said about this from security experts and news outlets as time goes on.
BTW: The next time you are prompted for your credentials, you might want to just think about WHY you would need to give them….
The WHO (no, not the band, but the World Health Organization) has stated that your cell phone emits electromagnetic fields that are “possibly carcinogenic to humans.”
The chair for the workgroup of the WHO, Jonathan Samet, MD, from the University of Southern California stated, “evidence, while still accumulating, is strong enough to support a conclusion and the 2B classification.” and that “The conclusion means that there could be some risk, and therefore we need to keep a close watch for a link between cellphones and cancer risk.”.
I guess that means that our overly-connected society is at risk, in general!
How long until heath insurance companies raise the rates of those who own cell phones?
Does your business need something other than the Apple iPad and Android based tablets? The Motion CL900 is now available for order!
Motion CL90 Windows 7 Tablet
Effective today, the Motion CL900, the latest addition to Motion’s suite of enterprise-built tablet PCs, is now available for shipping with the standard 4 week lead time from Authorized Motion Reseller Partners.
The CL900 is a rugged, lightweight and powerfully equipped tablet PC purposefully designed, developed and built for business. At a starting price of only $899, the latest Tablet PC from Motion packs performance, power and integrated features into an ultra-mobile and lightweight design.
The Motion CL900 comes standard with:
- Bluetooth
- WLAN
- Integrated Front and Rear-Facing Cameras
- Corning Gorilla Glass Display Protection
Additional options include:
- Up to 2GB of RAM
- Up to 62GB Solid State Drive (SSD)
- Gobi Connectivity (WWAN)
There are also some supporting accessories available, including a unique desktop docking station and protective display film, as well as extended warranties.
Homeland Secure is happy to be able to offer these tablets to our Greenville / Upstate business clients! For more information, please contact us at 864.990.4748 or email info@homelandsecureit.com
