NIST is the National Institute of Standards and Technology. It acts as the defacto baseline that all other security and compliance organizations use to construct their standards. Reading their publications is like reading any other government document – extremely long and not interesting. Farmhouse Networking recently became aware of one such document called NISTIR 7621 aka Small Business Information Security: The Fundamentals. We took the time to distill out the main points here:
The Fundamentals aka Best Practices
Identify: Who has access to the network, who has access to the data, and what do they have access to. This includes background checking employees during the hiring process, taking an inventory of data to see who needs access to what, requiring that each user have their own login, and company policy creation.
Protect: Protection starts with separating data into shares then giving access only to those who really need it. It also includes protecting hardware with uninterruptible power supplies (UPS) and protecting software with regular updates. Protecting the network includes setting up a proper firewall, separate wireless for guest access, and VPN only access for remote users. Web filtering, SPAM filtering, file encryption, proper disposal of old equipment, and employee training are also mentioned.
Detect: Having a centrally managed antivirus software on each workstation is a must. This includes the ability to look back in time via log files or monitoring system to find the root of the security breach.
Respond: Have a disaster recovery plan and security incident response plan in place.
Recover: Need full backups of all important business data, invest in cyber insurance, and regularly access your technology to find timely improvements.
If your company does not meet these fundamentals, then contact us for assistance.
Give your business freedom from hardware constraints with the agility and functionality of cloud computing.
Cloud requires no upfront costs, which makes it an operating expense rather than a capital expense. Your business will benefit from predictable monthly payments that cover software licenses, updates, support and daily backups. Cloud technologies provide greater flexibility as your business only pays for what it uses and can easily scale up and down to meet demand.
Moving to the cloud enables your business to no longer pay to power on-premises servers or to maintain the environment. This significantly reduces energy bills.
Finally, for those concerned with security, cloud data centers employ security measures far beyond what most SMBs can afford. Your company data is much safer in the cloud than on a server in their office.
Move your business to the cloud ahead of Office 2010 and Windows 7 End of Support!
If your company is looking to make the move to cloud, then contact us for assistance.
According to the following Microsoft Support Post published in October 2018, the HomeGroup feature has now been removed from Windows 10. Most people won’t need to worry about this, but recently ran across a business that had relied on this feature to run their network. With HomeGroup removed from Windows 10 they were left without the ability to share properly with a new computer on the network. So here is how to fix the issue:
How to fix Windows Networking after HomeGroup Removal
Turn off all sharing:
Open Network & Sharing Center
Click on Advanced Sharing Settings
Turn off network discovery (Private & Public)
Turn off file and print sharing (Private & Public)
Turn off Public folder sharing (All Networks)
Turn off Password Protected Sharing (All Networks)
Remove old password:
Open Credentials Manager
Change to Windows Credentials
Remove all $HomeGroup users credentials from networked computers on all computers formerly in HomeGroup
Find Function Discovery Provider Host and set to Automatic Startup then Start service
Find Function Discovery Resource Publication and set to Automatic Startup then Start service
Find SSDP Discovery and set to Automatic Startup then Start service
Find UPnP Device Host and set to Automatic Startup then Start service
Get username and password for all computers on network
On each computer on the network, open command prompt
For each username, use the command – net user [username] [password] /add
Turn on all sharing:
Open Network & Sharing Center
Click on Advanced Sharing Settings
Turn on network discovery (Private)
Turn on file and print sharing (Private)
Turn on Public folder sharing (All Networks)
Use 128-bit encryption (All Networks)
Turn on Password Protected Sharing (All Networks)
Recreate Shares (if needed)
Right-click on folder and choose Properties
Click on Sharing tab
Click on Advanced Sharing
Check Share This Folder
Name the share
Click on Add
Select username and add Full Control then click OK
Repeat for each username
Click OK to return to Properties window
Click on Security Tab
Click on Advanced
Click on Add
Select username and add Full Permissions (or appropriate level) then click OK
Repeat for each username
Check Replace Child Permisssions and click OK
Click OK on all previous windows
Hope this post helps some other techs save the time in fixing Windows 10 networking when HomeGroup is removed.
If your company is still using HomeGroup or needs any help with advanced networking, then contact us for assistance.
It seems lately that the power company in the area has not been able to offer consistent service power to the city. This has left many businesses down without the technology they need to operate properly. These power outages cause data loss and damage computer components.
My own unexpected outage
Once upon a time, about two weeks ago, the unexpected happened at our offices. A semi-truck carrying a large backhoe on a trailer drove between two buildings in the area. The landlord had wired power between buildings and the truck driver did not lower the arm of the backhoe low enough. Sure enough the wire was snagged by the backhoe’s arm and pulled from the building. Needless to say the power was out to that part of the building until the landlord took care of the matter.
What can be done?
Farmhouse Networking recommends that all business workstations, servers, and networking equipment be protected by an uninterruptible power source aka UPS or battery backup. When the power goes out the right size battery backup will keeps things running for about 15-30 minutes to allow the last touches to be added to whatever was being worked on and things to be shutdown gracefully.
Strange to think that the current wireless security protocol has been in use for over a decade, but with the release of WPA3 certification today the Wi-Fi Alliance has made some serious strides towards a more secure wireless security standard.
Offline Password Guessing – Attackers will now only get one guess per offline packet instead of unlimited. This will force them to interact with the wireless device directly which will make their attacks easier to detect and easier to shut them out.
Forward Secrecy – Even if the attacker is able to record a data stream and crack the current password, they will not be able to read the recorded data – only new data flowing over the network.
192-bit Encryption: – Enterprise users and tech savvy small businesses will be able to take advantage of deeper encryption for more secure connections
Wi-Fi Easy Connect – Simple to use, secure way for home users to connect their devices by scanning a QR code instead of entering a complex password.
This new security protocol mixed with the latest 802.11ax (that could bring 10 Gigabit speeds to wireless) will make 2019 a banner year for wireless technology.
If your company is interested better wireless security or faster wireless speeds, then contact us for assistance.
Ran into an issue with Scan to Folder on Windows 10 Home from a Xerox Versalink C7025 via SMB. Contacted support and they stated that Xerox does not support this setup. Further digging found that Windows 10 Home folder shares need passwords in a [Computername]\[Username] format that the Xerox Versalink could not provide correctly. I found another option that works well in this situation:
Scan to Folder via FTP
Create a Scan folder in the Users directory
Download and install Filezilla FTP Server with the defaults (I prefer to set “start user interface: to manually)
Click on the Edit > Users menu item.
Click on the Add button and create a username (case sensitive)
Check the password box and create a password
Click on the Shared Folders tab on the left then click on the Add under Shared Folders
Browse to the Scan folder and click OK
Check all File & Directory permissions then click OK at bottom left
With this setup on the Windows 10 Home computer an Address Book entry can be created for Scan to Folder via FTP on the Xerox Versalink. The only thing that could be a problem after that is a software firewall link Windows Firewall or McAfee LiveSafe.
If your company wants to utilize more functionality from your multi-function device, then contact us for assistance.
If it seems like this is a typical question in your office then there is hope. The concept of internet failover has been around for years. With the advent of 4G LTE cellular networks internet failover is now within reach of the small business. If the main internet connection goes down then the 4G LTE cellular network will kick in automatically to keep your business flowing. When the main internet connection comes back online it will automatically switch back to restore full speed access.
How We Fix the Internet
Business Class Router: The Datto Networking Appliance has all the specs of true business class router including all the usual services (DHCP, DNS, VLAN, DMZ, Access Rules, etc). It also has all the features that you need to secure and expand your business with seven layer deep packet inspection, intrusion detection, traffic shaping (VoIP), client VPN, site-to-site VPN, and cloud management.
Connectivity: This router has all the connectivity you could ever need. It has 4 Gigabit LAN ports to help physically segment the network. It has the latest and most redundant wireless connectivity available. It has a fully integrated multi-band 4G LTE wireless cellular modem to keep you connected when wired internet fails.
Peace of Mind: Leave the connectivity worries to us. Our expert team will be monitoring and maintaining the Datto Networking Appliance at all times via the cloud management console and integrated alerting. We will know the internet is down before you do and will take the steps needed to get your ISP to fix things.
If your company’s internet is constantly going down, then contact us for assistance.
Ran into a brick wall with a client wanting to have a Workcenter C7225 by Xexox scan to folder. What worked on one did not work on another but I eventually figured out the pattern and wanted to share it. Basically all MacOS X versions before the High Sierra build were not compatible with Xerox’s SMB protocol. (They fixed the SMB protocol in High Sierra so that Xerox Scan to SMB works perfectly.) Here is the workaround:
Xerox Scan to Folder MacOS X pre-Sierra:
The easiest way that I found to allow scanning to these systems is to enable the dormant FTP server.
Type in – sudo -s launchctl load -w /System/Library/LaunchDaemons/ftp.plist
Enter your administrator password
Create Scans folder in Home directory
Go to Preferences > Sharing > File Sharing
Choose + under Shared Folders
Navigate to the Scans folder and click Add
Check all available sharing methods.
Go to the printers IP address in the browser of your choice
Click on Scan
Create a template
Enter IP address
use /Scans as file path
enter full username and password (MacOS takes out spaces by default)
Test scanning successfully
If your company wants to utilize more functionality from your multi-function device, then contact us for assistance. And yes, we support MacOS in the business environment.
Had a client that repeatedly had troubles with network drives disconnect happening randomly. I did explain that this would happen normally if they kept their workstations logged into the server, but they did not want to change their habits. I performed the usual registry fixes on the workstations and the server, but these did not seem to work. Finally I got to look at the error and figured out the Group Policy Object that was causing the problem.
Usual Registry Fix:
The default method for this is to edit the registry as follows on both and run a command on the server to lengthen the disconnect time on the workstations and disable disconnect on the server.
Click Start, click Run, type regedit, and then click OK.
Locate and then click the following key in the registry:
In the right pane, click the autodisconnect value, and then on the Edit menu, click Modify. If the autodisconnect value does not exist, follow these steps:
On the Edit menu, point to New, and then click REG_DWORD.
Type autodisconnect, and then press ENTER.
On the Edit menu, click Modify.
In the Value data box, type 0, and then click OK.
Finally the following command should also be run:
net config server /autodisconnect:-1
Group Policy Object Fix:
Even though I changed the systems as above, it still disconnected regularly. The clients were getting this message when disconnected -“The system has detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.” Some research found that Windows Small Business Server created a Group Policy Object that by default times out authentication to the server after 10 hours. Here is how I changed it:
Open Group Policy Management
Look for Default Domain Policy
Click on the Settings tab and then Show All
Under Account Policies/Kerberos Policy look for Maximum lifetime for user ticket which by default was 10 hours.
Right click on the policy and choose Edit
Dig down to Computer Configuration > Windows Settings > Security Settings > Account Policies > Kerberos Policy
Change the Maximum lifetime for user ticket to 100 hours (>4 days)
Change the Maximum lifetime for user ticket renewal to 4 days
This combination will keep the ticket lifetime timeout longer than the time for renewal which will cause the renewal to happen before the timeout. Problem solved.
If your company is having issues with Network Drive Disconnect, then contact us for assistance.