IT Support Blog for Small Business Owners

Think like a Hacker: How would you break into your company’s IT?

Posted by David S. Mulvey on Fri, Dec 30, 2016

Do You Have Weak Domain Passwords?

A company’s own users are usually the most vulnerable point of attack; and unfortunately, the most common point of entPassword-Hacking.jpgry for a hacker. Weak domain user passwords can easily be guessed and discovered. But you can avoid this with strict user authentication standards. Businesses have to teach their employees about proper password best practices. For instance, secure passwords should be at least 8 digits long, include a capital letter and a number and a symbol. You should also require that user passwords are updated every 90 days.  By implementing these two simple practices you can make a hacker’s job almost impossible to break your domain passwords and gain access to your network.

Local Administrator Password Attacks

Once a hacker has access to your administrative passwords, they essentially have control over your whole network. Local IT administrators can become lax in their password security, especially if they work in a small office that has not had a recent cyber security scare. All non-IT employees in a company should not have administrator access rights. Only provide domain administrator rights or the keys to the kingdom to a manager and your IT employee or IT service provider. By securing most of your employee’s access rights you really increase your chances of not being hacked.

Written Passwords Are Easy Prey for a Hacker

Passwords that have been written down are always considered to be a risk factor. Who has access to your office and can copy down all of your written passwords? Your night time cleaning company, a plumber, a visiting client or vendor? It’s extremely important to let your employees know that it is a company security policy to not write down any user ID’s or passwords.  Discuss your policy with everyone, insure that writing down passwords is akin to giving your company checking account out to non-employees.

Insufficient Password Segmentation

Another issue that often arises within smaller businesses is that a single password may create a domino effect, giving a hacker access to your entire network. With insufficient network segmentation, a hacker only need to be able to hack a single password, and with that single password, gain access to every server, every application and all of your company data. Implementing password segmentation, a hacker will only be able to access a very limited amount of data, designed for a single user. You can also ask your IT department or IT service provider to isolate critical databases from other servers on your network. Using physical isolation is just as effective as using limited password segmentation.

You can see here, that by implementing some passwords best practices, which are not that difficult to add, you can drastically improve your chances of not being hacked. Dont ignore recent cyber security attacks!  Remember to think like a hacker, and secure the easy stuff before you work on the harder and more expensive stuff. Chances are, by taking a few simple actions you can make a hacker move on to an easier target to attack.

Security Management

Topics: IT security, IT Cyber Security Issues, IT Password Security, Hacker

The new Internet Neutrality Rule: Has the FCC Overstepped?

Posted by David Mulvey on Tue, Mar 17, 2015

FCC Internet NeutralityThis February 26, 2015 the FCC in a 3 to 2 vote (along party lines) has approved new Internet Service Provider rules.  The FCC has tried unsuccessfully to regulate the Internet two earlier times.  In their last foray Verizon brought the FCC to court and the 2010 Open Internet law was struck down.  So what has the FCC done this time? Well they have included wireless cellular broadband access into the new law.

Here is a high level summary of the new FCC Open Internet Order:

1)    Bright Line Rules:

  • No Blocking: broadband providers may not block access to legal content, applications, services, or non-harmful devices.
  • No Throttling: broadband providers may not impair or degrade lawful Internet traffic on the basis of content, applications, services, or non-harmful devices.
  • No Paid Prioritization: broadband providers may not favor some lawful Internet traffic over other lawful traffic in exchange for consideration of any kind—in other words, no “fast lanes.”  This rule also bans ISPs from prioritizing content and services of their affiliates.

The FCC announced that this proposed Rulemaking had the highest number of citizen comments the FCC has ever received, mostly in favor of the rule.  Who in America would not be in favor of a Neutral Internet?  Could it be that the rulemaking name was a clever smokescreen to encourage the public to be wildly in favor?  Every large ISP in the country is against this rulemaking, and they have stepped up their lobbying to insure that every member of Congress understands they are against the legislation. 

I have spent my professional IT career designing and deploying Wide Area Networks (WAN) and Local Area Networks (LAN) for some very large clients.  In order to insure each network user gets the data presented to them in the time required; a network design architect must have the ability to block, throttle and prioritize traffic within the network.  If the network is a LAN or a Broadband network or a cellular wireless network, each user is essentially on a shared multi-drop line.  If I have a neighbor operating a successful Basketball bracketing website down the street from me, his unrestricted website will adversely affect my homes ability to get the Internet quality I purchased, because his sites data packets are monopolizing my shared Broadband connection to the Internet.

The primary reason ISP’s have been so vocally against the new “Bright Line Rules,” is that the new rules are exactly the tools an ISP needs and uses to insure that there is Internet Neutrality! Why has the FCC seen fit to remove a carrier’s ability to manage and engineer their own networks to insure every User has the same access to the circuit and bandwidth? I suspect there were good intentions, but the public and the FCC have done irreparable damage to the quality of Broadband in the USA.

Manufacturers like Cisco Systems have voiced they are against the Open Internet Order CLICK HERE.  In Philadelphia I have watched Comcast work hard to insure that low-cost Internet is made available to low income families; if you have a child who is enrolled in National School Lunch Program. CLICK HERE.  It would be hard to argue that Broadband Internet is only exclusively available to the well healed. I hope you take the opportunity to follow this Rulemaking as it is surely challenged in the Federal Courts.  Please don’t hesitate to learn more about the rulemaking and get involved in the public commenting!

Topics: Internet Service Provider, Broadband, WAN, LAN, Internet Neutrality

It’s Not Okay to Ignore these Recent IT Cyber Security Issues

Posted by David Mulvey on Wed, Mar 04, 2015

IT Cyber SecurityFebruary showers bring May flowers. Well that’s exactly how things are not going in Philadelphia nor is that what is happening with IT cyber security! February 2015 brought three important IT security issues to every IT department to contend with. If you had outsourced your IT security to ANP these would not be your concern, ANP would have handled them for you. However, if you are doing your own IT here are three big issues you should be proactively addressing:
  1. If you user use Firefox, update it now. Open Firefox, click on the little square icon near the top-right of your screen that is composed of three horizontal bars. Then click the question mark for “help”. Third, select “About Firefox.” Firefox will automatically download the latest version. The latest version, just released, includes important security patches that you need. Want to learn more, Click HERE.

  2. If you company uses Lenovo laptops, uninstall Superfish now. Starting in as early as 2010, Lenovo has pre-installed Superfish on some of their laptops. This junk-ware software is vulnerable to man-in-the-middle attacks. This means websites, such as banking and email, can be spoofed without a warning from the browser. Remove the application immediately. Want to learn more, Click HERE.

  3. Install Microsoft's Critical Security Update Now. Microsoft has released a critical security update to address multiple vulnerabilities in Internet Explorer. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system if the user views a specially crafted webpage. This security update is rated critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. Want to learn more, Click HERE.

As an IT Professional you simply cannot become lackadaisical regarding the patching of your IT environment. As an IT manager I often find that my IT professionals are so busy with their day-to-day responsibilities that it’s almost impossible to expect them to remain up to date with the latest IT Cyber security issues. I often visit the United States Computer Emergency Readiness Team website which is run by the Department of Homeland Security. The website is an excellent resource for all things cyber-security! Check out the US-CERT website by Click HERE.

 

Request A Free Network Assessment

Topics: IT security, IT Cyber Security, IT Cyber Security Issues

Windows Server 2003 End of Support -- Trouble in Your Server Room

Posted by David Mulvey on Thu, Feb 05, 2015

Windows Server 2003 End of SupportHere at ANP we have been beating the drum for upgrading your old Microsoft Server 2003 Operating Systems since Microsoft announced that Windows XP and Office 2003 were being retired. Microsoft officially ends support for Windows Server 2003 on July 14, 2015. This deadline is much like the Windows XP deadline. Microsoft has stated they will no longer patch Windows Server 2003 for new security vulnerabilities. New vulnerabilities keep cropping up for the aging OS, and Microsoft will not be writing patches for the new vulnerabilities. To put that statement into context, during 2014 Microsoft released 37 critical updates for Windows Server 2003.

You more than likely have a Windows Server 2003 deployed in your server room. Microsoft estimates 39% of all today’s production servers are using the operating system! ANP’s customers were slow to react to removing Windows XP PCs from their networks. Dell, Toshiba, and Apple all saw surges in new OEM machine sales as the deadline came near. I know our IT managers are aware of the situation, and I know they understand the deadline is approaching. But do you have a good sense of how many Windows Server 2003 servers you need to address so you can plan for what you are up against? Do you know if the migration will be complicated or easy? ANP only has a handful of clients that have actually planed for and have begun working on migrating to Windows Server 2012 R2.

If I look back over the Microsoft XP race to remove, the biggest surprise was that most organizations did not fully budget the time and money that would be required for additional IT support. Windows XP PCs (the machine itself) is one thing; we could segment it off the network or simply disconnect its LAN cable. But that strategy is not going to work very well with you Windows Server 2003 machines. So if you are not immediately planning to upgrade your servers, have you considered the extra expense for a new LAN switch to segment off the older servers, or an Intrusion Protection System (IPS), or an advanced Firewall? When I consider the cost and effort to implement these systems, wouldn’t it be less expensive and frankly less work to just bite the bullet and migrate away from Windows Server 2003?

I see Windows Server 2003 deployed in my small clients and also heavily deployed in my larger clients. ANP has a client with over 100 virtual instances of Windows Server 2003 still in production! Yikes, that’s a lot of OS to buy and migrate! The kinds of things that are delaying larger IT shops is the application software running on top of the server OS. Many Independent Software Vendors (ISV) have gone out of business that had provided Line-of-Business specific software to business units. It has been inexpensive to run that old software and now it’s becoming problematic. If it needs to be replaced (and it does) then the IT department needs to involve the business unit running the software to begin a search to replace it, not to mention, the time to migrate off of the old app and onto a new LOB application. You can see how the Windows Server 2003 End-of-Support can set off sequentially falling dominos of unplanned IT support costs and delays.

I have shared with you before the first step is to deploy MAP and assess what your Windows Server 2003 workloads look like and then determine in order of priority what needs to upgraded. So you will discover, analyze and finally migrate. In larger businesses the majority is moving from virtual 2003 instances to virtual 2012 instances or they are doing a conventional physical-to-virtual upgrade. Once your workloads are virtualized, and then you can start to think about movement off-site to a CoLo or Service Provider like ANP. Many workloads are better suited to run over Windows Server 2008 to maintain support for the older 32-bit applications that were once running on Windows Server 2003. By moving the old LOB application off of Server 2003 you can buy yourself some time migrating it to Server 2008.

Ideally though, you will be moving all 64-bit application workloads up to Server 2012 R2. By making that jump over Server 2008, you can take the whole server stack and virtualize it. Instead of one physical server for one 2003 OS, you can move to four or eight applications on a single 2012 OS. So you are getting a better bang for your buck! You are really skinning two cats at once: you are virtualizing physical servers, saving electricity, cooling and space and you are also migrating away from Server 2003 to a much more robust and modern Server 2012 operating system and you are doing both of these in tandem!

ANP has been doing Server 2003 assessments for half a year, and we are getting busier. If you need help, ANP will do your MAP assessment for free and provide you with a written report with recommendations. Or you can download MAP HERE and run the assessment yourself. So if you haven’t started, you are not too far behind. Almost everyone is on the assessment and analyze stages. We have some proactive clients that are actually in the midst of their physical to virtual migrations. You have 5 more months to get this work done. Please call ANP (800) 572-3282 if you think you need some help! Or sign up for the free ANP MAP assessment HERE 

 

Windows Server 2003 Survival Assessment

Topics: Windows Server 2003, Windows Server 2003 End Of Life, Windows Server 2003 End Of Support

How to Make the Microsoft Windows Server 2003 End-of-Support Easy.

Posted by David S. Mulvey on Tue, Jan 13, 2015


Windows Server 2003 EOSMicrosoft has announced the official end of extended support for Windows Server 2003.  Microsoft believes there are over nine million instances of Windows Server 2003 in production today in North America!  The deadline for End-Of-Support (EOS) is July 14, 2015 and I suspect Microsoft will not move that date because they didn’t extend the Microsoft XP EOS date.  Essentially on July 14, 2015 Microsoft will stop patching the Windows Server 2003 operating system and they will no longer issue security updates. What should an IT Manager do? Hackers all over the world will be focusing on attacking an unprotected operating system. Needless to say, IT managers must get all of your Windows Server 2003 instances discovered, documented and migrated.

In addition to upgrading the server operating system, many companies also have their Windows Domain running under Windows Server 2003, so a Domain migration is thrown into the mix.  Plus many companies have taken the plunge into Virtualization and are using Hyper V or VMware with Server 2003.  So many older Windows Server 2003 instances need to be upgraded and virtualized.  Almost everyone is migrating to the current Server Operating System Windows Server 2012 R2.  So what’s the best way to go about assessing your IT server environment?

Microsoft to the rescue: Microsoft has written a free downloadable piece of code to assist an IT manager with all aspects of a Windows Server 2003 migration.  The Microsoft assessment tool is called the Microsoft Assessment and Planning Toolkit or (MAP). You can download a free MAP COPY HERE. The MAP toolkit makes it easy to assess your IT infrastructure in order to migrate away from Windows Server 2003.  You will receive an inventory of hardware, software and a migration plan.

The Microsoft Assessment and Planning Toolkit is an agentless, automated, multi-product planning and assessment tool for server migrations.  MAP provides detailed readiness assessment reports and executive proposals with extensive hardware and software information, and actionable recommendations to help in the IT infrastructure planning process. MAP also provides server utilization data for Hyper-V server virtualization planning identifying server placements, and performing virtualization candidate assessments.

If you subscribe to Microsoft TechNet (and you should be) you can also find great MAP RESOURCES HERE.  Microsoft has documented a 4-step migration process:

  1. Discover: The first step is to discover and catalog all of the software and workloads running on Windows Server 2003/R2. There are several self-service tools that can help with this process, such as the Microsoft Assessment and Planning (MAP)
  2. Assess: Once you have a catalog, you will need to assess what’s in it. This means categorizing and analyzing your cataloged applications and workloads based on type, criticality, complexity, and risk.
  3. Target: Choose a migration destination for each application and workload. Available options include Windows Server 2012 R2, Windows Azure, Cloud OS Network, and Office 365.
  4. Migrate: Choosing the right migration plan may require some additional analysis and assistance. Several vendors offer do-it-yourself tools to assist in the decision-making process and in the migration itself, including Cisco and Dell.

Microsoft Windows Server 2003 has been an extremely stable and reliable server operating system; ANP has been using the product for over ten years. Its always sad to say good bye to a great friend, but I can share, that if you haven’t worked with the new Windows Server 2012 R2, you will be amazed with some of the slick new features!

Feel free to download and play around with the new Microsoft MAP toolkit.  If you are too busy and would like the help of an expert, ANP is offering a free Windows Server 2003 Survival Assessment.  Please CHECK HERE TO REGISTER

Windows Server 2003 Survival Assessment

Topics: Windows Server 2003, Windows Server 2003 End Of Life, Windows Server 2003 End Of Support, Windows Server 2003 EOS, ANP Survival Assessment kit

You’re Running Out of Time! Windows Server 2003 End of Support

Posted by David Mulvey on Fri, Jan 09, 2015

Time Is Running OutOn July 14, 2015, Microsoft is officially retiring Windows Server 2003. As Windows Server 2003 comes to the end of its life, businesses all around the world will feel the effects. Microsoft recently estimated there are 24 million instances of Windows Server 2003 running on 12 million physical servers! There are an estimated 9.4 million Windows Servers 2003 instances running in North America. Worldwide Windows Server 2003 accounts for 39 percent of all Windows Servers. As you can see, the installed base is massive, making migrations an important security issue for the entire IT industry.

With Windows Server 2003's retirement party seven months away, and Microsoft’s estimation that a typical Windows Server planned migration can take as much as 200 days, its time to plan your next steps! I am writing this blog to make certain my readers are well aware that you need to be proactive when it comes to removing Windows Server 2003 from your company servers. Microsoft isn't the only company ditching Windows Server 2003. Not only will Microsoft wash its hands of Windows Server 2003 support, so will all the custom software and Line-of-Business application companies that once supported Windows Server 2003.

Assuming those software companies stopped actively developing for the 2003 Operating System years ago; they are likely still supporting the applications that run on it. After Windows Server 2003 end of life on July 14, 2015, they'll have no reason to continue to support that version of their software. The implications of this reality run far and wide. Your Line-of-business software is surely affected, as are any other random software applications you are using.

Honestly, when was the last time you called any support company regarding Windows Server 2003? It’s not that you will no longer be able to call and get technical support from Microsoft that really matters. What really is cause for concern is that Microsoft and security software vendors will likely stop patching, updating and supporting their software. And conversely all the hackers in the world can’t wait to attack the soon-to-be vulnerable server operating system!

Let me be clear -- I love Windows Server 2003; we have been running the reliable server operating system here at ANP for 10 years. Still, it's now past the time to put Windows Server 2003 out to pasture. The bottom line is that running Windows Server 2003 in your organization is an outright liability, bordering on irresponsible; you must insure that any virus cannot attack your servers and that means you need to stop running Windows Server 2003 operating system by July 14th.

With any business risk comes opportunity and the same holds true for Windows Server 2003. This is a great opportunity for you, as a business owner, to assess if you need to keep running physical servers at your office, should you move to the Cloud, or should you virtualize your applications into a redundant server cluster? ANP has created a limited time free Windows 2003 Survival Assessment Kit to help you inventory the risk, and assess what is the best path for your company and your applications to take.  The bottom line is that you're running out of both time and options when it comes to removing Windows Server 2003 from your company. But, whatever you do, make sure that Windows Server 2003 is off your network by July 14, 2015.

Get Started Right Now: If you would like to learn more about what your next steps as a business owner should be sign up for my 30-minute educational webinar below where I will describe the risk in detail and lay out the most common upgrade/migration paths for a small business owner. Or sign up for our Windows Server 2003 Survival Kit and begin to actively assess your server exposure.

Windows Server 2003 Survival Assessment

Topics: Windows Server 2003, Windows Server 2003 End Of Life, Windows Server 2003 End Of Support

What Your Employees Are Doing Online? You need Content Filtering!

Posted by David S. Mulvey on Wed, Nov 12, 2014

Content FilteringDo you ever wonder what your employees are doing on the Internet at your office?  If you really haven’t thought about it, you should be, you are at risk! I will be talking about recreational use of your business Internet connection, what I mean by that is any type of network traffic that is not directly related to your business activities.  Have you ever found yourself walking around the office and you notice that an employee quickly erases their browser as you walk by?  Unfortunately today’s employees are inundating company LAN’s with their recreational Internet traffic, of which some types can grind your network to a crawl. 

Streaming media like YouTube, Pandora Radio, FTP sites, and WeatherBug are all peer-to-peer (P2P) applications that stream data packets over the Internet to your employees PC, not to mention the conventional Internet sites like, Facebook, LinkedIn and Twitter.  Approximately 40% of Inbound Internet traffic is recreational and P2P.  Beyond the cost of lower productivity by employees not performing their work, recreational Internet applications drive enormous volumes of data traffic over organizations' Internet links.  And this high volume of data traffic increases Internet and LAN operating costs by forcing organizations to upgrade their Internet bandwidth and invest in high capacity LAN switches.  Recreational Internet traffic also increases congestion and competes with business-critical applications for available Internet and LAN bandwidth, creating delays, frustration and lost productivity when employees need to access their key applications on the LAN.

Perhaps your LAN, already strained to the limit supporting your business-critical web-based applications, is increasingly vulnerable to the adverse effects of recreational Internet traffic.  A single bandwidth-hogging employee illegally downloading a movie using a P2P application like Bit-Torrent may result in the entire company workforce suffering from slow access to their business applications.  Recreational traffic is not merely an IT issue. When we talk about application performance, we're really talking about employee efficiency and overall business performance.

Aside from application performance and cost issues, organizations may also face moral and legal imperatives to control recreational Internet traffic due its questionable content.  Here at ANP we have an Internet Usage Policy which defines how an employee may use the company’s Internet connection. It is part of the employee’s employment agreement.  You want an agreement in place so that should an employee do something illegal or another employee is offended by his colleague’s behavior on the Internet you have some legal ground to stand on.  The company LAN is an important asset that should not be used for delivering illegal or inappropriate content such as pornography or content that violates copyright laws.

An effective strategy to automatically control how employees can use your Internet connection is to deploy “Content Filtering.” Deploying Content Filtering is easy and fairly inexpensive.  If you believe you are losing employee productivity to recreational Internet usage deploying Content Filtering will pay for itself in less than a week.  There are two types of Content Filters: standalone appliances which only perform Content Filtering, and most Firewalls also have a less sophisticated form of Content Filtering.  Lets take a look at both approaches: A dedicated Content Filter will be installed in between your Firewall and your LAN. The appliance will essentially look at every Internet outgoing packet and evaluate if it’s allowed to pass onto the Internet or should be stopped or filtered.  The Content Filter will also log all usage by each employee so you can begin to profile what your employees are doing with the Internet connection and who is taking advantage or doing things that you or your employees would be offended with.  I often find that once a Content Filter is deployed and its been announced that each employee’s Internet usage is being monitored, employees will self-modify their recreational Internet behavior. Employers may see fit to open up the Internet connection at lunchtime and allow their employees to use Facebook, and LinkedIn during their lunch break.

More expensive Content Filters also come with a monthly subscription fee, which pays for a monthly update to the Content Filters threat list of bad Internet sites. This is the most comprehensive way to stop porn, sports, and bit torrent sites because as they appear on the Internet and the sites are catalogued, the new sites are sent to your Content Filter. Less expensive Content Filters, which do not offer a monthly subscription service, can still be effective at blocking porn, sports and social sites, although they do it in a different fashion.  The less expensive filter will scan for the words that you have determined to be recreational usage; for example, if you wanted to filter out “sports” usage words like football, NFL, NCAA, and baseball would the types of words that you could program your Content Filter, effectively stopping most sports sites from passing through the filter. 

No matter which Content Filtering approach you take, active updates or static word scanning, your HR department will get a snapshot of each employees Internet usage both approved and filtered.  You can also program a Content Filter to not monitor the usage of select employees and managers.  As our society becomes more litigious, and as business owners we are responsible for delivering a safe and non-offensive workplace to our employees, Content Filtering can help an owner demonstrate they were diligent in trying to secure the workplace.  A Content Filter can also help a business owner insure that work is really getting done on the LAN and that employee productivity remains as high as possible. A Content Filter is a great business tool to invest in!

Get Started Right Now: ANP can sit down and discuss your content filtering goals.  We can also perform a quick free assessment and take a look at what your employees are doing on the company Internet connection.  Please let me know if you have questions.

Request A Free Network Assessment

 

 

 

 

 

 

Topics: Content Filter, Internet Content Filtering, Internet security policy

Time for a Wireless LAN Assessment? Do you have Ghosts & Goblins?

Posted by David S. Mulvey on Thu, Oct 30, 2014

October in Philadelphia is extraordinary; between the crisp dry days, vibrant fall colors, and eerie decorations covering houses with orange spooky carved pumpkins all over town, it's easy to get caught up in the Halloween spirit.

So, as I wondered what to say in my blog this week, I couldn't help but see monsters, goblins and ghosts everywhere! There are monsters quietly hiding inside every company; foul creatures in our very private wireless LAN’s. Ghouls so deadly, so insidious, they can attack your company data and steal it or corrupt it without your knowledge or consent! These demons, if you continue to let them run wild long enough, can destroy your IT systems and possibly your company. So in this ghostly Halloween time of year let’s focus in on an unseen and relatively misunderstood component of your IT infrastructure, your WiFi wireless LAN.

What better way to focus in on your WiFi wireless LAN than through shining a bright light on it through a Wireless Assessment. A thorough audit of the WiFi 802.11 infrastructure equipment and an analysis of coverage and interference present within your office or campus. The Wireless LAN Assessment includes discovery of your access points, the access points near your office and detection of signal bleed outside the facility. A complete audit includes a wireless assessment checklist that will review all of the wireless infrastructure diagrams and wireless connection policies, security protocols that would be enforced, how many users are allowed to be associated with a specific access point and penetration testing to attempt unauthorized access to the wireless network. A Wireless Assessment will also analyze interference sources, including common problems like microwave machines, blue-tooth accessories such as wireless keyboards, wireless headsets and wireless pointing devices.

The assessment can be focused on a WiFi environment that is already in service or the wireless audit can be performed in a new WiFi environment where the client is looking for a wireless site survey, coverage recommendations and a final design of how many access points would be required and where they should be located. In the case where you are designing a new wireless environment, the assessment report would be written as a Bill-of-Materials and a technical description of the future security protocols and user density so that the WiFi network could be put out to bid to various WiFi manufacturers.

Why do you need a Wireless Assessment?

WiFi networks are becoming pervasive; in fact, many companies have deployed a WiFi network with little to no regard for securing their company LAN through the WiFi network. Many companies have such poor performing WiFi networks that employees take it upon themselves to go and buy $100 access points and bring them to work and hook their rogue access point up to your company LAN, without permission and without any security protocols enabled! The scary end result is that your company data is then available for any WiFi hacker to connect to the rogue access point and then get unfettered access to everything on your company LAN. So a Wireless Assessment can first and foremost, ferret out any rogue devices and then document the WiFi coverage and WiFi security posture of the wireless LAN.

Another motivating reason to perform a Wireless Assessment is because of the popularity of smart cell phones that have WiFi capabilities. Your employees have likely added your WiFi network access onto their phone without your approval or knowledge. The result is that your employees smart phones have uncontrolled and unsupervised access to your company LAN. The Assessment can document who is using your WiFi network and can provide some insight to what risks might be occurring at this moment.

Does Your Company have a WiFi Access Policy?

Your written IT security policies will define your organization's information security goals. At ANP we include a written security policy in every employee's employment agreement. In a changing IT environment, where new devices can gain access to your company LAN that are not controlled or owned by your company, businesses have rapidly changing information security needs. It's incumbent upon management to keep up with modern threats of WiFi information security and consider establishing a written WiFi policy as a guideline; regular policy review with WiFi experts will allow you to keep ahead of changes in the information landscape and address areas of concern before they become significant problems or worse yet you become a casualty of a WiFi data breach.

Wireless Infrastructure Threats:

The growing demand for wireless access has forced WiFi vendors to make an access point easy to setup. It is common for a wireless network to be added to existing infrastructure by following a setup wizard without much thought. This may be fine for a home network, but businesses have more at risk and need to ensure a secure and consistent implementation. One of the most common issues for wireless implementations are using weak encryption protocols like WEP or using weak Pre-Shared Keys for WPA2. As I mentioned earlier another common concern is someone installing an access point or wireless router on the network without company approval. This could be a misguided employee or an intentional malicious act. A third common issue is the improper configuration or no network access policy; for example a Guest wireless network that unintentionally allows access to internal LAN resources. You wouldn’t hang a live LAN cable out of your window, so make sure your wireless network is securely locked-up.

Wireless Site Survey Expertise:

The saying goes “you can judge a tradesmen by his tools,” goes a long way with WiFi consultants. The wireless assessment methodology that your IT Service Provider uses will tell you a lot about their expertise. Ask if your IT consultant has a Spectrum Analyzer that can detect out-of-band and in-band WiFi interference. An interference report is the most common problem with poorly performing WiFi infrastructure networks.

wireless spectrum interference 

Insure that the consultant has a test set that uses your office floor plan.  The consultant will load your floor plan in his test set and literally walk through your hallways, conference rooms and break rooms, he will also walk the outside of your building.  The technician should also have an access point and multiple WiFi antennas and a tripod to hang-up and access point to simulate WiFi coverage in your office using various antennas to manipulate the signal coverage.  The IT consultant should be able to produce WiFi reports that clearly documents the WiFi coverage of every access point in your office, look for a drawing that looks like this:

wifi coverage map resized 600

You are also going to need a list of detected access points, their security protocols and SSID names. The inventory report should look like something like this:

wifi inventory list resized 600

ANP’s TCP-IP security engineering team maintains a deep technical knowledge base of modern security threats. A Wireless LAN Assessment is more than wandering around with laptop looking for rogue access points or making sure your WiFi security keys are strong. The ANP engineering team understands wireless technology and can provide a comprehensive wireless audit by reviewing your security policies, your coverage densities, and then implement a complete wireless network not just some helter-skelter access points.

Would you like to learn more? Follow this link to our WiFi Assessment page to discuss your needs. During this Halloween holiday let’s give the boot to the Ghouls, Ghosts and Goblins; and kick them out of your Wireless LAN!

 

Request A Free Network Assessment

Topics: wireless audit, wireless site survey, wireless LAN assessment

6 Things The IT Support Tech Does that the Boss Needs to Know About!

Posted by David S. Mulvey on Thu, Oct 23, 2014

Your IT Employee QuitsWith Halloween around the corner the following seems like an appropriate question to ask a small business owner: Here's a scary question most businesses don't think about: what would happen if your IT support guy suddenly quits? Most business owners think it would only be a temporary inconvenience when, in fact, the opposite is usually the case. I get more concerned business owner phones calls once their IT guy leaves than any other motivating reason. Want to know how much you are at risk? Ask yourself the following 6 frightening IT questions:

  1. Do you have written network documentation about your computer network? What software licenses do you own, where are the software license keys stored? What are the critical administrator passwords to your systems and devices and who knows them? How is your computer network structured?  Is there a current drawing? What hardware do you own and when do your equipment warranties expire? Are there cloud vendors for email, online data backup storage, hosted line of business applications, etc. that you don't currently have, who has access? Who is listed as the technical contact for your company domain name? You should NEVER allow a single IT person or IT company hold this information under their full control over you and your company. If they suddenly left for any reason, this could lead to huge negative consequences for your company.
  2. Do you know where your backup files are stored and if they are being stored properly? If you are like most business owners, you're too busy dealing with the "crisis of the day" to think about system backups and probably leave tasks to your IT support expert. If your database gets fried and your tech is nowhere to be found, you might be in a lot of trouble. If there was a data disaster do you know how long it would take to restore your key company applications? Are your employees trained to continue to work without access to the core company applications?
  3. Do you have a written plan for restoring your network fast in the case of a disaster? If you don't have a fully tested disaster recovery plan for your office, you could be at serious risk without knowing it until something happens. You should have a written game plan to account for a power failure, a water leak and flood, and a fire? Creating a business continuity plan can save you in the time of crisis.
  4. Do you know where all of your software is stored? Bad things can and do happen to computers and servers, and the situation can be made worse if you are not prepared. Taking a minute to organize and store your software in a secure place can save you a considerable chunk of money in the event that you need to restore a program on your systems. If you don't have access to the software or don't know where it is located, you might be forced to buy the software again. You should download your important software and burn it onto DVD disks so you don’t even need the Internet to get an application back up and running.
  5. Do you know what routine maintenance is being done on your network? I know that the very idea of learning about and keeping track of all the servers, workstations, and peripherals on your network is about as welcome as a black cat crossing your path, but it is important information to maintain. If your in-house IT expert leaves, who will take over? What are the daily, weekly and monthly processes they are performing on the IT infrastructure? This work should be documented by your IT employee through writing an “IT run book”, then reviewed and discussed with you or their manager.
  6. Do you know how to protect yourself from an ugly security breach if your in-house computer expert leaves? What happens if your company’s in-house IT expert splits with no warning and has access to your company's network? As soon as humanly possible, you should disable his or her access, including remote access to your network and all cloud based application. Do you know how to do this or does someone else in your company know how to disable their VPN access and remove their Active Directory credentials?

So how did you do? If you answered "No," to even one of these questions, you need to get help now before it's too late. During this month I will help you go from answering “No,” to getting a “Yes,” for every question. I will teach you how to do any of these items for free! ANP is offering a free IT Network Assessment this month to companies with greater than 30 PCs. Follow this link and register for your free IT Network Assessment. Please don't let your IT employees' two week notice scare you to death!

Topics: IT Assessment, IT Support employee gives notice, IT support tech quits

What's the Value of an IT Network Assessment?

Posted by David S. Mulvey on Fri, Oct 17, 2014

For a small business owner or IT manager an IT Network Assessment gives you a clear picture of your network infrastructure and the security posture of how the IT environment is set up and being maintained.  If your company is considering expanding your network, an IT Network Assessment is a great means to taking inventory and establishing a baseline of current performance levels.  An IT Network Assessment will identify equipment that is poorly performing or near its End-of-Life and will also reveal the skill level of the IT staff that is configuring and maintaining the IT environment. 

An IT system isn’t just technology for technology’s sake.  Technology should help meet specific business goals and provide value.  An IT Assessment can make sure that the technology is meeting these goals, or provide a blueprint for improving the technology and a specific and measurable template for achieving business objectives.  It can also ensure that IT technology and security is in compliance with government guidelines and best practices.

IT Network Assessment Report

Any business in today’s environment is running on a network of connected computers, servers, printers, and other hardware.  The network is the backbone of the entire company and can become a major bottleneck in business applications.  An IT Network Assessment will provide a network performance review and make recommendations based on traffic, errors, packet loss, and conflicts that can bring a business network to a halt.  Investing in new Servers and PCs is a waste of money if it is attached to a sub-optimal network.

There are any number of reasons that would motivate a business Owner to perform an IT Network Assessment. For example, if an IT employee recently gave his notice, it would be a good idea to have an independent third party assess the IT infrastructure and provide an unbiased report of how the employee is leaving the IT environment; are there any open issues that need to be addressed?  Another common motivator is that the business owner feels the business has outgrown the capabilities of the current IT Service Provider.  No matter what the motivation is; having an IT Network Assessment preformed can help you establish the current health of your IT environment and you receive the added bonus of evaluating the professional service and engineering work of the assessing IT Service Provider.  

Here is a great IT Network Assessment Checklist. A typical IT Network Assessment consists of 5 key evaluation areas:

  1. Server & Desktop Infrastructure: Document the hardware and software on each device, is there missing software license keys or worse yet are duplicate software keys in use?  Is any of the equipment out of warranty or End-of-Life support?
  2. Operating Systems & Active Directory Configuration: An inventory of Operating Systems and an evaluation of how the O/S is set up.  Is Active Directory in place, and is it correctly deployed?
  3. Patching & Anti-Virus/Malware Status: Are the Servers and PCs properly and timely patched? Is there a common Anti-Virus in place?  Is it updating, scanning and quarantining as expected?
  4. Data Backups & Business Continuity: Are your backups running? Can you restore a file, application or server quickly? Do you test your backups to insure they are viable?
  5. LAN/WAN Performance &Security: Are your WAN routers, LAN switches, and your Firewall all manufacturers supported, flashed to recent software levels, and configured to insure good performance and high security?

Let me share with ANP’s IT Network Assessment Process so you gain a sense of what to expect:

  1. ANP will send out on site our account manager to sit down with the Owner or manager in front of their PC.
  2. Our account manager starts a WebEx conference call between the business PC and ANP’s IT Network Assessment engineer.
  3. Once a WebEx session is in place, the ANP engineer will take charge of the business PC and drive through the assessment topics with the business owner watching over our engineer’s shoulder.

A few things are accomplished by taking this approach:

  • The Owner types in all of the passwords into his own PC; ANP never asks for and never sees the business password which insures the business data remains secure.
  • The Owner can actually watch and learn as the engineer evaluates everything in the assessment checklist.  They can see all of the issues with their own eyes.
  • The Owner has an opportunity to gage the technical prowess of the engineer performing the assessment.
  • Once all of the items are assessed, the WebEx session is shut down.  The technical data is collected and the information is reviewed for trends, problems and issues that are negatively affecting your network performance and security posture.  ANP begins the process of writing up our findings to review with the business owner.

Written IT Network Assessment Recommendations

Perhaps the most important deliverable in an IT Network Assessment is the Statement-of-Findings and the Recommended Remediation.  The assessment data is reviewed and compared with best practices, business requirements and common design requirements.  The results from the assessment are then utilized to develop specific recommendations that focus on design, equipment configuration, and security improvements.  ANP will write a Statement-of-Findings and provide you with some specific prioritized recommendations to remediate for the most significant issues. 

Typical assessment issues that are found are software that is out of license compliance or copied illegally which can cause huge fines and penalties to your business.  An IT Network Assessment will evaluate the existing software for compliance and create an audit process for future software.  A software audit now as part of an IT Network Assessment is much more cost effective than an audit later by a software company.

Security of your company data is a top priority.  Proper security measures not only protect the data from outside hackers and disgruntled employees, but the ability to demonstrate good security is essential for new sales and customer retention.  An IT Network Assessment will evaluate and make recommendations to close holes in security and help create a bulletproof computing environment for critical data.

Another typical result of the IT Network Assessment is that your backups are broken or not running at all.  ANP often determines that the wrong data is being backed up, or backup failures are going undetected and therefore not corrected.   Unfortunately most often the backups are not being tested at all and so you really don’t know if the backup copy is viable and can actually restore data when called upon to do so.

Start Today Idea: Once a quarter ANP offers a free IT Network Assessment to the first 5 companies that sign up.  ANP only requests that the company signing up has at least 30 PCs.  If you feel an IT Network Assessment might help you follow this link to see if we are offering a free assessment this quarter.   

 

Request A Free Network Assessment

Topics: IT Assessment, network assessment, IT Network Assessment, IT Network Assessment Checklist, IT Network Assessment Questions

Subscribe By Entering Your Email

Follow ANP



Latest ANP Blogs

Browse by Category