Loading ...

Category: Disaster Preparedness

Zero Trust – Trusted Vendors

This is the second in a series about the concept of Zero Trust, which means in the IT sense that you trust nothing and always verify everything surrounding and connected to your network. Today’s discussion will be on the vendors you purchase network equipment from. 

Trusted Vendors

Trusted vendors are those who supply workstations, servers, routers, switches, power protection, software, and anything else connected to your network. Here are some questions that you should be asking yourself:

  • Do you know who makes your network equipment, servers, computers, and software?
  • Do you know the way to contact their support and have current account access information?
  • Do you have current warranties / support contracts on hardware and software?
  • Is the hardware able to perform at the level needed?
  • Are you purchasing software from those who meets industry standards?
  • If a subscription, how much are you paying and are you on the correct plan for your needs?
  • When is the last time you upgraded your software and hardware?
  • Have you budgeted for the next upgrade?

Take time to think about these questions and decide where changes can be made to better protect your IT investments, or contact us to do the thinking for you.

Zero Trust – Physical Security

This is the first in a series about the concept of Zero Trust, which means in the IT sense that you trust nothing and always verify everything surrounding and connected to your network. Today’s discussion will be on the physical security surrounding your network. 
 

Physical Security

Physical security can include the locks on the doors, where things are placed, and how they are protected from the unpredictability of the environment. Here are some questions that you should be asking yourself:

  • Do you know where your network equipment is located?
  • Is the server / network in a separate area from where work is done?
  • Is this separate area behind a locked door?
  • Is the equipment in a locked rack or cabinet?
  • Is there a separate air conditioning zone for this area (servers like it cold)?
  • Is there a separate alarm zone for this equipment?
  • Who has the codes?
  • Is there a security camera watching this area (we don’t install these)?
  • How long is the recording for?
  • Who has access to the recordings?
  • Are computers located in areas where customers can physically touch them?
  • Are unused USB ports on the computer turned off or locked?
  • Are all systems protected by battery backup devices?
  • Are all systems off the floor in case of a flood?

Take time to think about these questions and decide where changes can be made to better protect your IT investments, or contact us to do the thinking for you.

US Takes Action Against Russian Cyber Threats

We caught wind of two separate actions the US has taken against Cyber Threats from Russia over the weekend:

Kaspersky

The first is news that the US Federal Communications Commission has added Russian cybersecurity company Kaspersky Lab to its list of entities that pose an “unacceptable risk to US national security,” according to a report from Bloomberg. This company has been banned from use by government agencies since 2017 when a bill was signed due to the companies ties to the Kremlin. 

Russian Hackers

The second article was a press release from the FBI stating that:

“The Department of Justice unsealed two indictments today charging four defendants, all Russian nationals who worked for the Russian government, with attempting, supporting and conducting computer intrusions that together, in two separate conspiracies, targeted the global energy sector between 2012 and 2018. In total, these hacking campaigns targeted thousands of computers, at hundreds of companies and organizations, in approximately 135 countries.”

This hacking activity should be another wake-up call to American businesses to harden their defenses and remain vigilant against cyber security threats. These people are nationally sponsored criminals and we must protect ourselves. 

If your company is currently using Kaspersky or any other Russian based vendors, then it is time to carefully consider whether to continue being connected with them and contact us for assistance migrating to a trusted source.

Hackers Penetrate 93% of Company Networks

Hacked - Grants Pass, OR

Security researchers performed penetration testing on the networks of 45 various mid-sized companies and found that in real life scenarios 93% of those networks were able to be compromised to the point of business disruption. Here are the details:

The Target

The 45 companies were polled to determine what would be an unacceptable business interruption. They decided that the following met that criteria:

  • Disruption of production processes
  • Disruption of service delivery processes
  • Compromise of the digital identity of top management
  • Theft of funds
  • Theft of sensitive information
  • Fraud against users

These became the target for the penetration testers. 


The Process

In order for the penetration tester to achieve their target, they followed the following process:

  • Breach the network perimeter – This was done by the use of compromised passwords found on the Dark Web and know vulnerabilities on devices that were directly connected to the internet
  • Obtain maximum privileges – In 100% of the networks, once an attacker was inside the network
  •  Gaining access to key systems – With maximum privileges, the testers are able to gain access to other areas of the network including databases, executives computers, and production servers
  • Develop attacks on target systems – Once key systems are compromised the testers then figured out how to create the unacceptable business interruption. Although they could have created these interruptions, they only gathered proof that they could to present the data to the companies. 


How to Defend 

There are a couple main ways to defend against these kinds of attacks:

  • Security Controls / Segmentation – Creating least privileged access to key systems and segmenting the network will keep hackers from traversing the network once inside
  • Enhanced Network Monitoring – Modern cyber security tools watch activity and traffic on the network to find indicators of compromise. They pool this information into an attack history that can be used to remediate and further protect. 


Your company is not as safe as you think, so contact us for free initial cybersecurity evaluation and risk report.  .

Did I see your Indicators of Compromise?

Nobody wants to be hacked, breached, compromised, or whatever else they are calling it now. Here is a quick list of things to think about to keep your company safe:

Compromise Prevention

  • Keep track of your inventory, both software and hardware.
  • Make sure to properly dispose of these things (recycle or responsible destruction)
  • Scan your network for vulnerabilities
  • Patch or remediate everything you find
  • Manage your antivirus & keep it up-to-date
  • Keep your passwords complex & safely stored
  • Remove all users / accounts when no longer in use
  • Look at best practices to harden your computers / network to attacks
  • Monitor your network for strange activity (indicators of compromise)

If your company is concerned about security, then contact us to take care of it for you.

Tier 3 / Co-Managed IT- Macrium Reflect Restore to Synology VM

This was a strange one, but I have done it now more than once for a Tier 3 / Co-Managed IT client. They use the Macrium Reflect software to do image backups of client servers. They are looking to virtualize these servers going forward and wanted to know if it was possible to restore from Macrium Reflect to a Synology VM. Here is the process that we found to make it work:

Assumptions

  1. We assume that you already have a Synology device setup and functioning properly.
  2. We assume that you already installed the Virtual Machine Manager app on the Synology
  3. We assume you already went through the initial setup wizard of the Virtual Machine Manager app
  4. We assume that you have been backing up the server and have a valid image backup file
  5. We assume you know the network path to these backup files
  6. We assume you already know (and possess on the Synology) the required amount of CPU, Memory, and HDD space.

Process

  1. Create Macrium Reflect bootable Rescue media
    1. Open Macrium Reflect
    2. Click on the Restore tab
    3. Open Other Tasks on the left hand side
    4. Choose Create bootable Rescue media
    5. Browse to where the current backups are stored and save it there (this makes finding everything easier later)
    6. Click Build (You may need to install some pre-requisites to make this possible, but Macrium Reflect with prompt you for it)
  2. Create Virtual Machine
    1. Open the Synology Virtual Machine Manager app
    2. Click on Image
    3. Click on the Add button
    4. Find the Macrium Reflect Rescue media and add it to local storage
    5. Click on Virtual Machine on the left
    6. Click the Create button
    7. Choose the Microsoft Windows option (if appropriate)
    8. Select the proper storage amount
    9. Give it a name, CPU, Memory (as needed)
    10. Give it the needed storage amount(s)
    11. Leave it connected to the default network
    12. Download the Synology Guest Tools if needed.
    13. Select Macrium Reflect Rescue media for the ISO file for bootup
    14. Do not start the automatically
    15. Edit the VM and change it to start from the CD ROM
    16. Power it on
  3. Restore from backup
    1. Connect to the VM
    2. Wait for Macrium Reflect Rescue media to boot (this can take awhile)
    3. Click on the blue computer icon at the bottom
    4. Click on the Map Network Drive icon
    5. Type in need information and click OK
    6. Go back to the Macrium Reflect window
    7. Click on Browse for an image or backup file to restore
    8. Find the appropriate file in the newly mapped network drive
    9. Click on Restore Image
    10. Select the target drive(s)
    11. Click Next, Finished
    12. Wait for restore to complete (this will take a long time)
  4. Prepare restored image
    1. Once completed, click on the ReDeploy restored image to new hardware
    2. Add drivers if needed
    3. Accept any drivers it finds
    4. Accept the default options
    5. Finish the wizard by closing
    6. Power off the VM
    7. Edit the VM Storage to make the disk a SATA controller instead
    8. Edit the VM Others to make the BIOS UEFI
    9. Edit the VM Network to Not Connected
    10. Power on the VM
    11. Login and install the Synology Guest Tools from the attached CD-ROM drive
    12. Power off the VM
    13. Edit the VM Network to use the default connection
  5. Power on the VM if you are ready to deploy

If your company is looking to virtualize your servers or take them to the cloud, then contact us to setup migration evaluation.

Windows Server Backup 2012 Restore – ProTips

Here are some lessons learned from a recent recovery of a server with the following error:

Lesson #1 – Blinking Hard Drives

So when I got to the customer site the Dell server had blinking hard drive lights on two of the drives. Based on the support article about it the lights meant -“Identifying drive or preparing for removal.” and digging into the RAID controller I found the worst possible scenario for a RAID-5 array – two dead hard drives. I removed the two dead drives, cleared the configuration on the RAID controller, built a new RAID-5 array out of the remaining drives (4 out of 6), and did a fast initialize.

Lesson #2 – Drive letters on Windows Server Backup

Not sure if anyone else has noticed, but when Windows Server Backup is setup to use an external drive it likes to hide the drive by not assigning it a drive letter. This caused a few issues with the restore done from Windows Server 2012 R2 USB boot media as it couldn’t find the drive. I had to connect the external drive to my laptop then give it a drive letter. Plugged it back into the server and rebooted.

Lesson #3 – Patience is a virtue in Scanning for System Image Disks

Following the basic instructions for doing a Windows Server Backup 2012 Restore via Windows Server 2012 R2 USB boot media it came to the point where it does the scanning for System Image Disks. Turns out this can take hours depending on the speed of the drive plus the size and quantity of restores you have on the external drive. Just wait for the process to complete.

Lesson #4 – UEFI or Legacy BIOS matters

So you waited all that time for the Scanning for System Image Disks to complete and now that precious moment arrives when you realize that the Windows Server 2012 R2 USB boot media that you created was UEFI instead of legacy BIOS and the restore fails telling you so. Make sure that when you create the Windows Server 2012 R2 USB boot media that you change the settings to match the system that you are trying to restore.

Hope that these lessons help a few other Windows Server admins, who are trying to do a Windows Server Backup 2012 Restore, save some time and frustration. If you are looking for a better way to do backup and restore then contact us for details.

A newly discovered serious vulnerability – dubbed “BootHole”

There has been information released by a security research firm called Eclypsium that there is a vulnerability dubbed Boothole in Unified Extensible Firmware Interface (UEFI) Secure Boot that would allow an attacker to completely take over a workstation, laptop, or server and be nearly undetectable. All hardware vendors will have to send out updates in the near future to patch the UEFI code to secure it against this “BootHole” vulnerability. Due to the difficulty in designing and testing these types of updates it will be some time before they are released. We will keep you posted as to the release of these updates as they become available. 

If your company is concerned about security, then contact us for assistance.

Does Microsoft backup your Office 365 information?

Exchange to Office 365 Migration - Grants Pass, OR

This question came to light while talking to a vendor about backups. It turns out that Microsoft does not backup any of your Office 365 data, but does have aggressive redundancy in place. This is both good and bad, here is why:

Email

Microsoft has several levels of redundancy / resiliency / protection to keep email data from being corrupted, keep multiple copies of all email data, and scan emails for security threats. If there is ever any data issues then their systems automatically detect the problem and work to fix them or when threats are detected they are automatically remediated. There is also a recycle bin for emails and users that lasts from 30 to 90 days. Once that time is over there is no recourse for getting the data back. 

Sharepoint & OneDrive

Microsoft here again has deep redundancy to protect your data from corruption, but they do nothing to check for malware or cryptoware. There is something called versioning that can help with some cryptoware, but not all. There is also a recycle bin for these services that could possibly help. 

There are several apparent gaps in coverage that Microsoft does not deal with, but there are third-party services that have stepped in to do just that. If your company is looking to keep their Office 365 data safe from internal and external threats, then contact us for assistance.

Categories

Plant a Seed 541-761-9549
233 Rogue River Hwy #873 Grants Pass, OR 97527
Mon-Fri: 9:00am-5:00pm
support@farmhousenetworking.com
© 2016-2022- Farmhouse Networking. All rights reserved
Terms and Conditions Privacy Policy

Evaluation Signup

    Something went wrong, try refreshing and submitting the form again.