Loading ...

Category: Disaster Preparedness

Zero Trust – Software Patching

This is the seventh in a series about the concept of Zero Trust, which means in the IT sense that you trust nothing and always verify everything surrounding and connected to your network. Today’s discussion will be on software patching. 

Software Patching

Software patching is a neccesity because no person who writes code is perfect and hackers are actively looking for these mistakes. The hackers find the mistakes and then develop ways of using these to exploit the software, computer, or whatever else they can gain access to. The only way to combat both the mistakes and the exploits is to discover them before the hackers do and patch the hole in the software. This patch can however lead to unforseen consequences to the software, so a plan for testing and deployment of patches is needed to avoid unexpected downtime to businesses.Here are some questions to ask:

  • Do you know all of the hardware and software on your network?
  • Do you check for hardware, operating system, and other software regularly?
  • How do you check for updates, patches, or upgrades to software?
  • How do you install these patches? Is it automated?
  • Are these patches tested before installation?
  • What happens if a patch causes problems?
  • Do you have a log of all installed updates?
  • Are any systems or software on your network no longer supported for updates?

If your company is going to use full disk encryption or has compliance requirements that you need consulting for, then contact us for assistance.

Surviving a Flood

Had a client walk into their office to find it flooded with an inch and a half of water on the ground and it got me thinking about what could be done to mitigate the risks associated with this sort of “Act of God” at the office.

Can’t Stop the Flood

It goes without saying that there is no way to realistically prevent a flood besides the usual preventative building maintenance that most businesses are not in control of anyways. It makes sense then to choose an office space where the owner is into proactive repairs on the building, even if it costs a little extra per month. It would also be good to talk to your business insurance provider to make sure that such Acts of God are covered. Clean-up and recovery though usually covered by the building owner can get expensive if your contract doesn’t cover it. 

Prepare for the Worst

Practically speaking it may not be possible to keep computers out of the water in a flood. At this particular client we did have the computers up on blocks just in case of this very thing. All network equipment should also be in a safe place, ideally in a locked cabinet high off the ground.

Recovery can happen

If the worst does happen, the first thing to do is shut off the electricity to the building. After that take careful inventory of all that is plugged in and remove it from electrical outlets. If equipment is wet, keep it unplugged for a couple days in a dry environment to make sure it is free from moisture. Once sure it is dry, plug in the equipment and test whether it will come back online. If anything was submerged in water, it is best to plan on replacing it as most water has minerals in it that will stick to components in the computer and could cause and electrical short.

If your company is not ready for the worst, then contact us for assistance.

Zero Trust – Trusted Vendors

This is the second in a series about the concept of Zero Trust, which means in the IT sense that you trust nothing and always verify everything surrounding and connected to your network. Today’s discussion will be on the vendors you purchase network equipment from. 

Trusted Vendors

Trusted vendors are those who supply workstations, servers, routers, switches, power protection, software, and anything else connected to your network. Here are some questions that you should be asking yourself:

  • Do you know who makes your network equipment, servers, computers, and software?
  • Do you know the way to contact their support and have current account access information?
  • Do you have current warranties / support contracts on hardware and software?
  • Is the hardware able to perform at the level needed?
  • Are you purchasing software from those who meets industry standards?
  • If a subscription, how much are you paying and are you on the correct plan for your needs?
  • When is the last time you upgraded your software and hardware?
  • Have you budgeted for the next upgrade?

Take time to think about these questions and decide where changes can be made to better protect your IT investments, or contact us to do the thinking for you.

Zero Trust – Physical Security

This is the first in a series about the concept of Zero Trust, which means in the IT sense that you trust nothing and always verify everything surrounding and connected to your network. Today’s discussion will be on the physical security surrounding your network. 
 

Physical Security

Physical security can include the locks on the doors, where things are placed, and how they are protected from the unpredictability of the environment. Here are some questions that you should be asking yourself:

  • Do you know where your network equipment is located?
  • Is the server / network in a separate area from where work is done?
  • Is this separate area behind a locked door?
  • Is the equipment in a locked rack or cabinet?
  • Is there a separate air conditioning zone for this area (servers like it cold)?
  • Is there a separate alarm zone for this equipment?
  • Who has the codes?
  • Is there a security camera watching this area (we don’t install these)?
  • How long is the recording for?
  • Who has access to the recordings?
  • Are computers located in areas where customers can physically touch them?
  • Are unused USB ports on the computer turned off or locked?
  • Are all systems protected by battery backup devices?
  • Are all systems off the floor in case of a flood?

Take time to think about these questions and decide where changes can be made to better protect your IT investments, or contact us to do the thinking for you.

US Takes Action Against Russian Cyber Threats

We caught wind of two separate actions the US has taken against Cyber Threats from Russia over the weekend:

Kaspersky

The first is news that the US Federal Communications Commission has added Russian cybersecurity company Kaspersky Lab to its list of entities that pose an “unacceptable risk to US national security,” according to a report from Bloomberg. This company has been banned from use by government agencies since 2017 when a bill was signed due to the companies ties to the Kremlin. 

Russian Hackers

The second article was a press release from the FBI stating that:

“The Department of Justice unsealed two indictments today charging four defendants, all Russian nationals who worked for the Russian government, with attempting, supporting and conducting computer intrusions that together, in two separate conspiracies, targeted the global energy sector between 2012 and 2018. In total, these hacking campaigns targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries.”

This hacking activity should be another wake-up call to American businesses to harden their defenses and remain vigilant against cyber security threats. These people are nationally sponsored criminals and we must protect ourselves. 

If your company is currently using Kaspersky or any other Russian based vendors, then it is time to carefully consider whether to continue being connected with them and contact us for assistance migrating to a trusted source.

Hackers Penetrate 93% of Company Networks

Hacked - Grants Pass, OR

Security researchers performed penetration testing on the networks of 45 various mid-sized companies and found that in real life scenarios 93% of those networks were able to be compromised to the point of business disruption. Here are the details:

The Target

The 45 companies were polled to determine what would be an unacceptable business interruption. They decided that the following met that criteria:

  • Disruption of production processes
  • Disruption of service delivery processes
  • Compromise of the digital identity of top management
  • Theft of funds
  • Theft of sensitive information
  • Fraud against users

These became the target for the penetration testers. 


The Process

In order for the penetration tester to achieve their target, they followed the following process:

  • Breach the network perimeter – This was done by the use of compromised passwords found on the Dark Web and know vulnerabilities on devices that were directly connected to the internet
  • Obtain maximum privileges – In 100% of the networks, once an attacker was inside the network
  •  Gaining access to key systems – With maximum privileges, the testers are able to gain access to other areas of the network including databases, executives computers, and production servers
  • Develop attacks on target systems – Once key systems are compromised the testers then figured out how to create the unacceptable business interruption. Although they could have created these interruptions, they only gathered proof that they could to present the data to the companies. 


How to Defend 

There are a couple main ways to defend against these kinds of attacks:

  • Security Controls / Segmentation – Creating least privileged access to key systems and segmenting the network will keep hackers from traversing the network once inside
  • Enhanced Network Monitoring – Modern cyber security tools watch activity and traffic on the network to find indicators of compromise. They pool this information into an attack history that can be used to remediate and further protect. 


Your company is not as safe as you think, so contact us for free initial cybersecurity evaluation and risk report.  .

Did I see your Indicators of Compromise?

Nobody wants to be hacked, breached, compromised, or whatever else they are calling it now. Here is a quick list of things to think about to keep your company safe:

Compromise Prevention

  • Keep track of your inventory, both software and hardware.
  • Make sure to properly dispose of these things (recycle or responsible destruction)
  • Scan your network for vulnerabilities
  • Patch or remediate everything you find
  • Manage your antivirus & keep it up-to-date
  • Keep your passwords complex & safely stored
  • Remove all users / accounts when no longer in use
  • Look at best practices to harden your computers / network to attacks
  • Monitor your network for strange activity (indicators of compromise)

If your company is concerned about security, then contact us to take care of it for you.

Tier 3 / Co-Managed IT- Macrium Reflect Restore to Synology VM

This was a strange one, but I have done it now more than once for a Tier 3 / Co-Managed IT client. They use the Macrium Reflect software to do image backups of client servers. They are looking to virtualize these servers going forward and wanted to know if it was possible to restore from Macrium Reflect to a Synology VM. Here is the process that we found to make it work:

Assumptions

  1. We assume that you already have a Synology device setup and functioning properly.
  2. We assume that you already installed the Virtual Machine Manager app on the Synology
  3. We assume you already went through the initial setup wizard of the Virtual Machine Manager app
  4. We assume that you have been backing up the server and have a valid image backup file
  5. We assume you know the network path to these backup files
  6. We assume you already know (and possess on the Synology) the required amount of CPU, Memory, and HDD space.

Process

  1. Create Macrium Reflect bootable Rescue media
    1. Open Macrium Reflect
    2. Click on the Restore tab
    3. Open Other Tasks on the left hand side
    4. Choose Create bootable Rescue media
    5. Browse to where the current backups are stored and save it there (this makes finding everything easier later)
    6. Click Build (You may need to install some pre-requisites to make this possible, but Macrium Reflect with prompt you for it)
  2. Create Virtual Machine
    1. Open the Synology Virtual Machine Manager app
    2. Click on Image
    3. Click on the Add button
    4. Find the Macrium Reflect Rescue media and add it to local storage
    5. Click on Virtual Machine on the left
    6. Click the Create button
    7. Choose the Microsoft Windows option (if appropriate)
    8. Select the proper storage amount
    9. Give it a name, CPU, Memory (as needed)
    10. Give it the needed storage amount(s)
    11. Leave it connected to the default network
    12. Download the Synology Guest Tools if needed.
    13. Select Macrium Reflect Rescue media for the ISO file for bootup
    14. Do not start the automatically
    15. Edit the VM and change it to start from the CD ROM
    16. Power it on
  3. Restore from backup
    1. Connect to the VM
    2. Wait for Macrium Reflect Rescue media to boot (this can take awhile)
    3. Click on the blue computer icon at the bottom
    4. Click on the Map Network Drive icon
    5. Type in need information and click OK
    6. Go back to the Macrium Reflect window
    7. Click on Browse for an image or backup file to restore
    8. Find the appropriate file in the newly mapped network drive
    9. Click on Restore Image
    10. Select the target drive(s)
    11. Click Next, Finished
    12. Wait for restore to complete (this will take a long time)
  4. Prepare restored image
    1. Once completed, click on the ReDeploy restored image to new hardware
    2. Add drivers if needed
    3. Accept any drivers it finds
    4. Accept the default options
    5. Finish the wizard by closing
    6. Power off the VM
    7. Edit the VM Storage to make the disk a SATA controller instead
    8. Edit the VM Others to make the BIOS UEFI
    9. Edit the VM Network to Not Connected
    10. Power on the VM
    11. Login and install the Synology Guest Tools from the attached CD-ROM drive
    12. Power off the VM
    13. Edit the VM Network to use the default connection
  5. Power on the VM if you are ready to deploy

If your company is looking to virtualize your servers or take them to the cloud, then contact us to setup migration evaluation.

Windows Server Backup 2012 Restore – ProTips

Here are some lessons learned from a recent recovery of a server with the following error:

Lesson #1 – Blinking Hard Drives

So when I got to the customer site the Dell server had blinking hard drive lights on two of the drives. Based on the support article about it the lights meant -“Identifying drive or preparing for removal.” and digging into the RAID controller I found the worst possible scenario for a RAID-5 array – two dead hard drives. I removed the two dead drives, cleared the configuration on the RAID controller, built a new RAID-5 array out of the remaining drives (4 out of 6), and did a fast initialize.

Lesson #2 – Drive letters on Windows Server Backup

Not sure if anyone else has noticed, but when Windows Server Backup is setup to use an external drive it likes to hide the drive by not assigning it a drive letter. This caused a few issues with the restore done from Windows Server 2012 R2 USB boot media as it couldn’t find the drive. I had to connect the external drive to my laptop then give it a drive letter. Plugged it back into the server and rebooted.

Lesson #3 – Patience is a virtue in Scanning for System Image Disks

Following the basic instructions for doing a Windows Server Backup 2012 Restore via Windows Server 2012 R2 USB boot media it came to the point where it does the scanning for System Image Disks. Turns out this can take hours depending on the speed of the drive plus the size and quantity of restores you have on the external drive. Just wait for the process to complete.

Lesson #4 – UEFI or Legacy BIOS matters

So you waited all that time for the Scanning for System Image Disks to complete and now that precious moment arrives when you realize that the Windows Server 2012 R2 USB boot media that you created was UEFI instead of legacy BIOS and the restore fails telling you so. Make sure that when you create the Windows Server 2012 R2 USB boot media that you change the settings to match the system that you are trying to restore.

Hope that these lessons help a few other Windows Server admins, who are trying to do a Windows Server Backup 2012 Restore, save some time and frustration. If you are looking for a better way to do backup and restore then contact us for details.

Archives

Categories

Plant a Seed 541-761-9549
233 Rogue River Hwy #873 Grants Pass, OR 97527
Mon-Fri: 9:00am-5:00pm
support@farmhousenetworking.com
© 2016-2022- Farmhouse Networking. All rights reserved
Terms and Conditions Privacy Policy

Evaluation Signup

    Something went wrong, try refreshing and submitting the form again.