Get Started Today!  732-747-9373   

Fotolia 68929807 M new

DeckerWright Corporation Blog

DeckerWright Corporation has been serving the Red Bank area since 1984, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Should There Be Independent Cloud Backups?

cloudbackup

As the move to the cloud continues, one nagging question remains. Should there be an independent backup of cloud resources?  The answer is YES for a number of reasons.

Although it doesn’t happen often, there is a chance that the cloud service provider being used goes out of business. This shouldn’t be a concern if the cloud company is Microsoft or Amazon, but it should be a concern if it is a local Internet Service Provider, web hosting company or a vertical application hosting company. Several times a year we get panic filled calls from clients who just received notice that their service provider is closing their doors. On several occasions the client found out when they could no longer access their web site or data. Microsoft is famous for ending services or technology and leaving the clients hanging. There is a risk associated with the cloud service provider ending business operations or suspending services being used. Having backups reduces this risk.

Another reason for having independent backups of cloud resources is to provide recovery points farther back in time. While Microsoft doesn’t document the Office 365 retention policy, it is generally accepted that they will retain two weeks of data. Although Microsoft keeps the data, the recovery is restricted to the recovery options built into the applications, like the recovery of deleted files in Outlook. Microsoft does have various backup methodologies built into the Azure cloud, so it is possible to backup Microsoft hosted cloud services to other Microsoft cloud infrastructure. At Amazon you are not so lucky. Amazon does not backup ANYTHING. If a company has a server hosted at Amazon and the server crashes, unless it is backed up to some other resource, everything is lost.  Lack of any backup is part of Amazon’s marketing plan that encourages clients to buy more Amazon resources for redundancy and backups – a brilliant marketing plan! There is a risk associate with the backup policies of the cloud service provider. Before moving to a cloud resource, a company needs to fully understand this risk.

Other data retention issues may be important to regulated entities and government agencies. Most regulated entities and government agencies have data retention requirements that range between 7 to 10 years. These long data retention periods are seldom met by cloud hosting companies. In these cases, an independent third-party backup would be a requirement.

The method for restoring data should also be clearly understood before a restore is necessary. Here are some questions that should be addressed by the cloud service provider:

  • Can individual files, folders, or mail boxes be recovered?
  • In database restoration, does the whole database need to be recovered or can individual records be recovered?
  • Can a full volume be recovered?
  • Does the recovery require booting up a full working image of the resource to recover the desired data?

There has been an explosion of new services becoming available to backup cloud resources.  Industry best practices dictate that backups should be made to independent third-party backup locations that use different software, storage and infrastructure so that a catastrophic failure at the primary hosting location will not affect the backups and the ability to recover.  The independent backup location should be coupled with an ability to either directly or indirectly support a recovery if there's a catastrophic failure with the primary cloud host.  DeckerWright can assist in building a cost effective backup of a company’s cloud resources.

Click HERE for more information on Office 365 data retention - see section 6.

0 Comments
Continue reading

Protecting the Internet of Things

IoT

The largest growth of devices connected to the Internet are not computers, but devices designed to perform a specific function. These devices include cameras, smart phones, light bulbs, Amazon Echos, garage door openers, TVs, automobiles, sound systems, programmable logic controllers (PLCs), HVAC systems, elevators, security systems, ovens, refrigerators, thermostats, water heaters, heart monitoring systems and more. These devices are part of the Internet of Things (IoT) that is flooding the Internet with new devices. This explosion of new devices is creating massive new security concerns.

All of the IoT devices share a common foundation - modified versions of the Linux operating system. The popularity of Linux is because most versions of Linux are free with access to the source code. The operating systems are then highly modified to adapt to nearly any device. While this flexibility has caused an explosion of devices that we can not monitor and manage over the Internet, it also possesses security problems since at their core, every IoT device is a Linux computer with usernames, passwords and vulnerabilities.

The New Jersey Cyber Security and Communications Integration Cell (NJCCIC) provides security focused companies like DeckerWright Corporation weekly and emergency updates on the state of cyber threats. The reporting of cyber threats on IoT devices has grown exponentially over the last year. Why is that? First, there has been an explosion of new IoT devices, the more attack surfaces. Second, IoT manufacturers are not typically well versed in cyber security . As a result, IoT devices are often released with little regard for security after the basic device functions are proven to work. Third, most IoT devices are never upgraded with new "firmware". As a manufacturers have become more tuned into the security risks associated with their products, they have been issuing "firmware" updates to patch security holes. When was the last time anyone upgraded the firmware in their network camera? Fourth, as cyber criminals begin to notice the vulnerability of IoT devices, they are developing methods for identifying IoT devices and are publishing successful exploits on the dark web. We are only seeing the first generation of exploits targeting IoT devices. Expect the next generation to be much more targeted and ferocious.

Unfortunately, anti-virus (AV) software companies don't have any solutions for protecting IoT devices. Even with a common Linux operating system base, the Linux systems are so highly customized that AV software companies have no way to write software to protect them.

Here are some ways to protect your IoT devices from being compromised by cyber criminals.

  • Always place your IoT device behind a firewall that can be used to monitor and restrict access to the IoT device.
  • At least every six months, check your IoT devices firmware to make sure you are running the most current version.
  • If possible, only setup IoT devices behind firewalls with NO internet access.
  • ALWAYS change the default password on the device to a complex password or a pass phrase.

Our industry is scrambling to come up with ways to monitor and protect IoT devices on networks. The best defense we have today are Security Information and Event Management (SIEM) systems which can quickly identify suspicious network activity and alert cyber security experts. Since the devices will never be smart enough to defend themselves, we must rely on perimeter technology, advanced monitoring and proper device setup to protect the ever growing population of IoT devices.

Click HERE for more information.

0 Comments
Continue reading

Windows 7 End of Life

Windows-7-RIP

When was Windows 7 launched by Microsoft? If you don’t know the answer then read on.

Windows 7 has been a staple of corporate computing for many years. Surviving two successive operating system launches from Microsoft, Windows 8 and Windows 8.1, Windows 7 has provided a stable and flexible platform for corporate computing. If Windows 7 is so good, why is Microsoft ending support for it?

One could be skeptical and say it is to force upgrades and therefore make more money. To some extent, this is a true statement. Another more important reason is that Windows 7’s software architecture limited Microsoft’s ability to support both mobile and cloud computing.  Enter Windows 10 operating system that spans the desktop and mobile computing market with features built-in for the cloud. In order to achieve Microsoft’s cloud vision, the Windows 7 operating system needs to be replaced.

Microsoft is ending support for Windows 7 on January 14, 2020. What does this mean? It means that Microsoft will no longer be distributing “patches” to fix program and security issues identified in Windows 7. Every day after January 14, 2020, the risk to owners of Windows 7 computers goes up. A simple way to calculate the risk is start at zero on January 14, 2020 and add 2 every week. By the end of 2020, the risk factor on Windows 7 would equal 100, meaning security holes would have been identified, documented and exploited by criminals that have no fixes. Ransomware or other malicious software that finds its way to a Windows 7 computer could quickly compromise it. The main factor in successful attacks against computers by criminals is lack of patching on the computer. For regulated industries like healthcare or companies covered by Payment Card Industry requirements, the switch to Windows 10 is mandatory to remain in compliance. 

The launch of Windows 8 introduced the world to Microsoft’s vision of touch computing. Broadly rejected by the market, Windows 8 quickly became Windows 8.1 followed by Windows 10. Windows 10 brought back the Windows 7 desktop user experience that Windows 8 took away. By combining the new features, Microsoft needed to support mobile computing and the cloud, with the user’s ability to maintain the beloved Windows 7 desktop - Microsoft hit on a winning combination.  For anyone hesitant to move to Windows 10 because they only have seen the tile user interface, be assured that Windows 10 can be configured to enter a Windows 7 desktop mode.

Ready for the answer on Windows 7’s birth date?  Windows 7 was launched by Microsoft on October 22, 2009.

Click HERE for more information on Windows 7 retirement.

0 Comments
Continue reading

Windows 10 Upgrade Options

WindowsUpgrade

With the end of Windows 7 less than a year away, we have been getting many calls on how to move from Windows 7 to Windows 10.   There are three options we are presenting to our clients.  They include: 1. Use Windows 10 upgrade rights that may have come with your computer; 2. Upgrade the computer to Windows 10 operating system by purchasing Windows 10; or 3. Replace the Windows 7 computer with a new computer with Windows 10.

Here's the logic we're using to determine the best method for getting a company’s computers on Windows 10 operating system.  The first question - how old is the computer?  If the computer was built in 2017 or 2018 (less than two years old), upgrading the operating system to Windows 10 is an option.  This option gets better if the computer shipped with Windows 10 upgrade rights.  If the computer has Windows 10 upgrade rights, it will be clearly displayed on a sticker on the computer.  If the computer doesn’t have a sticker documenting Windows 10 upgrade rights, the computer doesn’t have upgrade rights.  A client using this option will need to provide DeckerWright Corporation with the manufacturer provided media and Windows 10 license key. 

Why are computers older than two years old bad candidates for being upgraded?  Computer manufacturers change the internal devices of their computers all the time.  A computer purchased three years ago may have devices like video, network and sound that are not supported with manufacturer drivers for Windows 10.  Taking the time to research driver issues to determine if drivers are available is wasted time.  As a result, we have established an upgrade policy that if the computer’s purchase date is older than January 1, 2017, it is not a candidate for being upgraded by DeckerWright Corporation.

If your computer qualifies for an upgrade but you don’t have an upgrade license for Windows 10, how do you get it?  DeckerWright Corporation sells Original Equipment Manufacturer (OEM) versions of Windows 10 installed on a new solid state drive.  The other option for getting Windows 10, is to upgrade an Office 365 license to Microsoft 365.  The Microsoft 365 license includes Exchange Online, Desktop Office 2019 and Windows 10 operating system.  The Microsoft 365 subscription is $20 per month.  If for some reason you drop the Microsoft 365 subscription, the Windows 10 operating system will be put in a zombie state after the subscription ends. 

The last option is replacing the computer with a new computer.  We provide our clients with this full range of options and include additional services to migrate user desktops, favorites, email, documents and other data.  Keep in mind that either the upgrade to Windows 10 or new Windows 10 computers will need to have software re-installed necessitating access to the media and software licensing for any application installed on the Windows 7 computers.  DeckerWright Corporation can take away the pain of upgrading to Windows 10.

Click HERE for more details.

0 Comments
Continue reading

Verifying Messages

CyberCriminal

Cyber attacks have grown much more sinister and cunning over the past year. Cyber criminals are using multiple methods of messaging to get an unsuspecting user to respond and thereby allowing the cyber criminal the means to deploy their malware on your computer system. Here are some examples of recent threats:

  • Email Messages - Cyber criminals compromise or spoof an employee's or trusted senders email account and send out a plausible email sending the recipient to a website, a file link or download. If the recipient follows the directions, they allow the cyber criminal to install malware on their computer.
  • Phone Calls - Cyber criminals have become adept at "spoofing" phone numbers to make a call appear to be from a trusted source. If you receive a call from one of your vendors (eg, credit card company or bank) and they begin to ask for account of user credential information - HANG UP.
  • Text Messages - Cyber criminals are sending carefully crafted text messages with links that can compromise mobile devices. Following the link can install software on the device that allows cyber criminals access.
  • Social Media Messages - Messages from social media platforms can obtain links to websites controlled by cyber criminals. These may be a completely fictitious website, or a website that has been compromised by the cyber criminal to distribute malware to unsuspecting victims. Malware is often disguised as a document to be downloaded on an interesting topic.

How can you protect yourself from becoming a victim?  The first rule of cyber security is trust no one.  If you aren’t expecting to receive a message containing a link or file download, suspect the message is from a cyber criminal.  

The second rule is to verify the authenticity of the message using a different messaging method to a trusted address.  For example, if you receive an email with a link to a file from a trusted sender, but were not expecting the link, reach out to the sender to confirm the authenticity of the request.  DO NOT simply reply to the email asking if the email is okay.  If the cyber criminal has compromised the sender’s email account, they may be the ones responding to you that the email is okay.  Use an alternative messaging method like a phone call or text message to the sender to confirm the message’s authenticity.  Never respond to a sender by replying to the email, calling the number or filling out a form from a link in a suspicious message.  Always go to your contact list and reach out to the sender with a known safe message method.  If you get an email from your credit card company, never call the number in the email, always call the number on the back of your credit card.  This trusted verification process is similar to multi-part authentication used during logins.  Verify to a second, trust source before proceeding.

The third rule is to NEVER download and install either a plug-in or software from any website that is not fully trusted.  DO NOT trust web sites from trade associations and third party experts in your industry.  Website development for small business often use web developers who are not well versed in how to harden websites from being hacked leaving holes cyber criminals can exploit.  Be suspicious of any link that takes you to a location you have never been to before.  Verify the file download by contacting the entity to confirm its safety and authenticity before downloading anything. 

Cyber criminals continue to evolve their techniques for attacking businesses.  As always, knowledge is our best and last line of defense against their success.

Click HERE for more details.

0 Comments
Continue reading

Why Cyber Crime?

CyberCrime

Cyber-crime like other criminal enterprises is a business.  Whether the criminal enterprise is selling drugs, gambling, or prostitution there is an underlying business model where sales minus expenses yields profits for the criminal enterprise.  As state and local governments encroach on the criminal enterprise businesses including gambling (casinos and sports betting) and drugs (marijuana sales), criminal enterprises are looking for new growth opportunities.

What makes cyber-crime so attractive to criminal enterprises?  There are a variety of reasons cyber-crime continues to grow at double digit rates.  These include low barriers to enter, low capital costs to enter the business, and very low risk of prosecution.  If a criminal enterprise’s lines of business are being legislated out of existence, a logical reallocation of capital would be into cyber-crime.  The Dark Web is rich with web sites that for a fee, provide the software, control console and e-mail lists to put you in the crypto-locker business.  Add in a network operations center in a friendly government jurisdiction to avoid prosecution, and you have a formula for making large sums of money.  The establishment of a cyber-crime business unit is significantly less expensive, and easier then setting up a distribution network for drugs in a new region.  Make a few key hires of technical talent and the criminal enterprise is on its way.  Cyber-crime offers the perfect opportunity to expand quickly with fewer people and less risk.

The market in Cyber Crime is relatively small and fragmented today.  As older established criminal enterprises reallocate capital and enter the market expect the growth rate to slow.  With that slowing growth there will be signs of consolidations in the industry.  Unlike corporate America where consolidations are marked by mergers and acquisitions, criminals use more forceful methods to dislodge competitors.  So far, there have been few reports of cyber-criminals having turf wars.  One sign of the cyber-crime market maturing will be reports of cyber-criminals using cyber weapons to attack each other all around the world, and for executives of “tech” companies around the world to go missing. 

Expect the criminal threats to continue to grow into the foreseeable future with law enforcement and technology companies always playing catch-up.

Click HERE for more details.

0 Comments
Continue reading

Introducing Third Wall for DWC Clients

ThirdWall

Every year I go to about a half a dozen industry events looking for technology that will benefit our clients.  Most technology I see doesn’t provide a compelling benefit for our clients.  Every show I usually come back with at least one technology we try out in our lab, and if it works in the lab, we deploy it to our production network.  If we see the value in the production network, we push the technology out to our clients.  This vetting process results in one or two new technologies getting released to our clients per year.  Most of these changes are transparent to our clients, but sometimes the technology presents itself to the client. 

Third Wall is one of the new technologies we deployed in the last year that makes itself visible to our clients.  Third Wall works in conjunction with our remote management and monitoring (RMM) tool.  By leveraging the scripting engine in the RMM, Third Wall adds security features that we have been in search of.  After a brief lab test, and use on our network, we quickly determined the value of Third Wall to our clients and pushed it to our larger clients immediately.  By the end of December, the tool had been deployed to all of our clients.

What security tools does Third Wall give us that are important to secure our clients?  Here's a short list of what it can do for our clients:

  • The ability to pull data on used logins and logouts.
  • The ability to isolate computers from the network.
  • The ability to “annihilate” a lost or stolen computer/laptop.
  • An alternative method to control access to social media and web mail.
  • The ability to get an early warning on possible crypto-locker attacks.
  • The ability to get an early warning on possible brute force attacks.

The new tools allows us to respond faster to possible malware attacks by learning about them faster.  By responding faster, we are able to stop an attack before it can do a lot of damage.  Many clients reported seeing the Third Wall “canary” files appearing in their documents folder.  The Third Wall “canary” files are monitored, and if they are modified, Third Wall issues an alert that there is a possible crypto locker attack underway.  We check it out, and if an attack is underway we are able to use the Third Wall “isolate” tool to remove the computer from the network. The faster we are able to begin the battle against a crypto-locker attack, the less damage is done, and the time is spent is remediation.  These tools allowed us to stop an in progress crypto-locker attack at a client last fall reducing the amount of damage caused by the attack.

Many of our clients have transitioned to mobile devices, laptops and tablets, for their primary business computer.  With the risk of loss or of being stolen, these devices present a special security challenge.  One of our clients recently reported that one of their laptops had been stolen out of a car.  With Third Wall we were able to issue an “annihilate” command which will wipe out the data, programs and operating system on the laptop upon its next reboot.  The command got issued, and the laptop is now a paperweight. 

The other tool that has allowed us to better protect our clients is a tool that monitors failed logins over a period of time.  Criminals using brute force attacks have modified their software to cycle through lists of possible usernames and passwords before triggering the built in Microsoft account blocking feature.  With the criminal’s smart software, the alerts we expected from these attacks never got generated.  With Third Wall we are able to set a threshold based on the total number of logon failures in a period of time, so the new types of attacks are quickly revealed.  Since activating Third Wall in December, we have stopped two in-progress brute force attacks on clients before they were able to compromise the client’s systems. 

With the rapidly changing security environment, DeckerWright will constantly be looking for and deploying the latest technology to safeguard our client’s systems and data.

Click HERE for more details.

0 Comments
Continue reading

Filling the Security "Donut Hole"

DonutHole

At a recent industry security event, one of the vendors was giving away fresh donuts.  Their clever marketing was bringing light to a “donut hole” of security nearly every security service provider recognizes, but hasn’t had a cost effective solution to present to their clients.  What is the security “donut hole”? 

Marriott Hotels is a good example of a “donut hole” gone bad.  Marriott recently announced that 500 million client records had been taken by cyber-criminals over a four year period.  The cyber-criminals had been actively traversing Marriott’s network for four years gathering data undetected because of a security donut hole Marriott elected not to fill.  Internal traffic wasn’t being monitored allowing the cyber-criminals free range on the network to discover data sources and steal client data.  The loss to Marriott will run into hundreds of millions of dollars and untold losses from lost client revenue as clients choice to book with other hotel chains.

Cost effective technology tools have widely been available to provide the core network security functions. For end point protection - anti-virus, anti-malware and end point firewalls provide an effective defense.  On the perimeter - firewalls with advanced threat software including intrusion detection, geo-blocking, network address translation, and gateway anti-virus functions provide an effective perimeter defense. 

The area that has been lacking has been the ability to monitor on, and alert on potential bad behavior behind the firewall between the end points.  If a cyber-criminal successfully penetrates the perimeter and end point defenses, they can begin to probe the internal network looking for other places to attack.  Internet of Things (IoT) devices, printers, servers and other devices either don’t have security features, or have them turned off to facilitate end users.  Local network traffic is rarely encrypted allowing the cyber-criminals the ability to watch for juicy network information.  The latest generation of Security Information and Event Management (SIEM) systems provides for monitoring and logging of the internal traffic.  If an end point is suddenly probing the network and passing suspicious files, the SIEM software will generate an alert for the end point to be checked out.  SIEM systems have been enhanced recently to provide packet level monitoring for internal traffic effectively turning the “donut hole” into a jelly donut.  The middle of the security picture is no longer missing, but is filled with tasty data in these new SIEM systems allowing Security Operations Centers (SOCs) to quickly identify and stop cyber-criminals.

At our recent trade shows we were introduced to two new vendors in this market, Perch and SOCSoter.  We are evaluating their technologies and value and expect to be deploying a solution to our clients before the summer.

Click HERE for more information.

0 Comments
Continue reading

Archive Mail Box in Office 365

O365Mail

Microsoft Office 365 has a powerful tool to help search emails to meet eDiscovery requests, or to search emails for traces of illicit activity by employees.  The basic tool looks at the contents of select mail boxes using search criteria that you input.  The criteria can be simply email addresses from/to, or move to more complex searches including multiple search terms. 

The results of the search can be displayed and/or exported to a PST file. 

In order to maintain records after an employee leaves, email boxes need to be saved so that in the event an issue comes up, the contents of the email box may be searched.  We setup clients with an archive mail box where mail boxes of former employees are moved when they leave.  This gives the company the ability to search the mail boxes in the future if they need to.  Without the archive mail box, user mail boxes are deleted in three weeks of the user’s account being deactivated.  Once Microsoft deletes the mail box, it's gone for good.

Microsoft also offers an email archiving feature that copies all the email that goes through Exchange Online.  Unless a business has an Office 365 E3 account or greater and the archive facility is not available in Office 365. Without the archiving feature enabled, if a user deletes an email, the deleted emails will be lost to the eDiscovery process.  Technically an eDiscovery without archiving provides results of requested emails that are currently housed in the Microsoft Exchange Server online at that point in time.

Government agencies, regulated entities and commercial firms (like healthcare practices) that may be the defendant in a lawsuit need to have a good eDiscovery system in place to meet documentation requests.   For clients that want email archiving for all emails we normally use the archive feature in ProofPoint.  With the archive feature in ProofPoint, every email that goes into and out of a person’s email box gets copied to an archive email server in the cloud.  The emails are retained for 10 years in the ProofPoint system, and cannot be changed or deleted.  Administrators in ProofPoint can quickly search millions of emails by email address, date range and content to generate a list of emails to investigate.

Click HERE for more details.

0 Comments
Continue reading

The Creepy Reality of a CryptoLocker Attack

Ever have the feeling that someone is looking over your shoulder?  For those who have experienced a CyrptoLocker attack, it's likely the cyber-criminals were “looking over your shoulder” while you were working. 

At a recent industry event, there was a live hacking demonstration.  The victim in the demonstration went to what looked like a real business website, and was instructed to install a plug-in to access part of the website.  Once the plug-in was installed, the criminals command console had a pop-up letting him know that they had a new victim.  The criminal initiated some additional software installs, and within five minutes had full control of the victim’s computer.  The criminal used a screen sharing tool like LogMeIn or TeamViewer to watch what the victim was doing.  Other tools inventoried the system and logged key strokes.  During this phase of an attack, the criminals are actively engaged on the victim’s computer and network trying to figure out the most profitable way to exploit the victim.  

Just for fun, the criminal noted that the victim had a camera attached to his computer.  A few clicks and command entries had the victim’s camera streaming to the criminals monitor. 

Not only was the criminal watching and recording activity on the victim’s desktop, but they were also watching the victim through the camera.  The criminal wasn’t just “looking over the shoulder”, they were staring at the victim’s face. 

In a typical attack, the cyber-criminal will survey the network looking for resources to encrypt with the authorization level of the user account they now control.  If they were fortunate enough to take over an account with administrator rights, the cyber-criminals would encrypt everything, including all of the computers on the network.  The end result would be a zombie network doing little more than flashing signs to contact the cyber-criminal via email or other means to find out the ransom.  If the user account was a typical user account with few rights, the cyber-criminal would have to settle for encrypting available network shares as well as the computer they took over.  

If you are going to encrypt a network, when is the best time to do it?  The encryption process can run many hours, and even days for networks with lots of data.  Cyber-criminals time their attacks to happen over a weekend to maximize the damage.  They pick a time when no one is in the office watching so their evil software can do the most damage.  A good Monday morning for us at DeckerWright is no CryptoLocker virus over the weekend!

The battle with cyber-criminals is ongoing.  We continue to improve our defenses and early warning systems, and the criminals keep coming up with new attack technology and processes.   The feeling you may have that someone is watching may be more true than you imagine!

Click HERE to see a live hacking demonstration.

0 Comments
Continue reading

Latest Blog

As the move to the cloud continues, one nagging question remains. Should there be an independent backup of cloud resources?  The answer is YES for a number of reasons.Although it doesn’t happen often, there is a chance that the cloud service provider being used goes out...

Account Login