Loading ...

Category: Wireless

Website Filtering for Business: Strengthening Your Cybersecurity Defenses

Businesses are faced with an ever-growing number of cybersecurity threats. One effective method to protect your organization’s sensitive data and network is implementing website filtering. Website filtering solutions offer businesses an essential tool to manage and safeguard their networks, ensuring employees are protected from accessing malicious or inappropriate websites. We will explore the importance of website filtering for business cybersecurity and provide practical insights for implementation.

Understanding Website Filtering:

Website filtering is an advanced security measure that enables organizations to control the websites that can be accessed by their employees. This essential cybersecurity practice helps mitigate risks associated with malware, phishing attacks, and overall data breaches. Through the implementation of website filtering, businesses can proactively manage internet usage, reduce network congestion, and improve productivity.

Benefits of Website Filtering:

  1. Enhanced Network Security:
    By filtering out potentially harmful websites, businesses can significantly reduce the risk of malware infiltration, phishing attempts, and other cyber threats. Website filtering acts as a vital line of defense, preventing employees from inadvertently accessing websites hosting malicious content and safeguarding sensitive corporate data.
  2. Regulatory Compliance:
    As the healthcare industry is subject to strict compliance regulations, implementing website filtering can help organizations maintain adherence to industry-specific regulations such as HIPAA. By blocking access to unauthorized websites or content, businesses ensure they are aligning with compliance requirements, reducing the potential for fines or legal repercussions.
  3. Increased Employee Productivity:
    Unrestricted internet access often leads to time-wasting activities, reducing overall productivity within the organization. With website filtering, businesses can minimize distractions by blocking access to social media platforms, gaming websites, or other non-work-related sites, fostering a more focused work environment.
  4. Bandwidth Optimization:
    Streaming services and large media files can significantly impact network bandwidth, leading to slower connections and decreased productivity. Website filtering helps alleviate this strain by allowing organizations to control access to bandwidth-intensive websites or file-sharing platforms, optimizing network performance.

Choosing the Right Website Filtering Solution:

When selecting a website filtering solution, organizations should consider the following:

  1. Granular Control:
    Look for a solution that offers granular control, allowing you to tailor website filtering policies to specific departments or individual users. This flexibility ensures that employees only have access to relevant websites and content necessary for their job roles.
  2. Real-Time Updates:
    The cybersecurity landscape evolves rapidly, with new threats emerging constantly. Ensure your chosen website filtering solution offers AI powered real-time updates and threat intelligence to protect against the latest risks effectively.
  3. User-Friendly Interface:
    Implementing a user-friendly website filtering solution simplifies management. Look for a solution with an intuitive interface that enables easy configuration and monitoring of website filtering policies.

Potential Challenges and Mitigation Strategies:

While website filtering can provide numerous benefits, there are potential challenges to consider:

  1. False Positives:
    Overzealous website filtering policies can sometimes lead to legitimate websites being inaccurately blocked, causing frustration for employees. Regularly review and fine-tune filtering policies to minimize the risk of false positives, striking a balance between security and productivity.
  2. BYOD (Bring Your Own Device) Environments:
    There is an increasing reliance on personal devices to access corporate networks. Ensure that your website filtering solution extends to cover such devices and effectively enforces security policies, mitigating the risk of potential threats from unsecured devices.
  3. Ongoing Maintenance and Monitoring:
    Website filtering requires ongoing maintenance and monitoring to ensure optimal performance and adaptability to emerging threats. Assign dedicated IT staff or consider a managed service provider (MSP) like Farmhouse Networking to oversee the implementation, management, and updates of your website filtering solution.

Website filtering is a critical component of any business’s cybersecurity strategy, providing robust protection against web-based threats and enhancing network security. Farmhouse Networking provides website filtering service to all our monthly managed clients at no additional cost. Sign-up today to become cyber secure. 

The Dangers of Relying on an IT Guy

The role of Information Technology (IT) in business success cannot be overstated. IT systems and infrastructure form the backbone of modern businesses, facilitating communication, data management, and efficient workflow. From managing customer databases to ensuring network security, IT plays a crucial role in driving productivity and competitiveness. However, many businesses make the mistake of relying on a single IT guy to handle all their technological needs. In this article, I will discuss the risks associated with this approach and the importance of adopting a team-based approach to IT support.

The risks of relying on a single IT guy

Lack of expertise and knowledge

When you rely on a single IT guy, you are limited to their individual skills and expertise. While they may be knowledgeable in certain areas, they may not possess the breadth of knowledge required to handle all aspects of your business’s IT infrastructure. IT is a vast field that encompasses various domains such as network administration, cybersecurity, software development, and hardware maintenance. By relying on a single guy, you risk missing out on specialized expertise that could greatly benefit your business.

Limited availability and support

Another significant risk of relying on a single IT guy is limited availability and support. IT issues can arise at any time, and if your IT guy is unavailable or overwhelmed with other responsibilities, it can lead to significant downtime and disruptions in your business operations. With a single point of contact, you may have to wait for extended periods before your IT issues are resolved, resulting in decreased productivity and potential financial losses.

Single point of failure

Relying on a single IT guy also means that your business is vulnerable to a single point of failure. If your IT guy falls ill, takes a vacation, or leaves the company, you may be left without any IT support. Singular IT techs often don’t have the time or resources to properly document procedures and critical passwords, so when they go this information is lost. This can be particularly problematic during critical times when you need immediate assistance. Having a backup plan or a team of IT professionals ensures that your business operations can continue uninterrupted, even if one person is unavailable.

The impact of downtime on business operations

Downtime can have severe consequences on your business operations. Every minute your systems are down translates to lost revenue, missed opportunities, and frustrated customers. According to a study conducted by Gartner, the average cost of IT downtime is $5,600 per minute. Imagine the financial implications if your IT guy is unavailable for an extended period. With a team-based approach to IT support, you can minimize downtime and ensure swift resolution of any issues, thereby safeguarding your business’s success.

The importance of a team approach to IT support

Adopting a team approach to IT support offers numerous benefits for your business. Firstly, it provides a diverse set of skills and expertise that can be leveraged to address various IT challenges effectively. Each team member brings their unique knowledge and experience, allowing for comprehensive and well-rounded support. Additionally, with a team, you have the advantage of increased availability and faster response times. By distributing responsibilities among team members, you can ensure that someone is always available to address your IT needs promptly.

The benefits of outsourcing IT support

Outsourcing IT support is a viable solution for businesses looking to avoid the risks associated with relying on a single IT guy. Outsourcing allows you to tap into a pool of talented professionals with specialized expertise in different IT domains. Moreover, outsourcing IT support can often be more cost-effective than hiring a full-time IT staff, especially for small and medium-sized businesses. By partnering with an external IT support provider, like Farmhouse Networking, you can access a wide range of services, including network monitoring, cybersecurity, data backup, and software maintenance, all while enjoying the benefits of a dedicated team.

Finding the right IT support provider

Finding the right IT support provider is crucial to ensuring a successful and secure IT infrastructure. When evaluating potential providers, consider their experience, track record, and the range of services they offer. Look for certifications and qualifications that demonstrate their expertise and commitment to quality. It is also essential to assess their responsiveness and availability to ensure that they can meet your business’s IT needs promptly. Ask them about their record keeping habits, make sure they document everything and keep your information secure with industry standard protocols. By conducting thorough research and seeking recommendations, you can find an IT support provider that aligns with your business goals and requirements.

By adopting a team-based approach to IT support or outsourcing your IT needs, you can mitigate these risks and ensure a successful and secure IT infrastructure. Don’t get stuck when your IT guy no longer responds; contact us to experience the comfort of having a team look after your business IT. With the right IT support provider, you can focus on growing your business while leaving your technological needs in capable hands.

Setup of Synology RADIUS server for EAP Authentication

This is the eighth and final of a series that documents the Tier 3 / Co-Managed IT work we did to setup a wireless test bed for a Linux based scientific device. The testing environment included two different wireless network hardware types (Ubiquiti and Cisco). There was also a Synology device used for various purposes including hosting the Ubiquiti controller inside a Kubernetes container, providing certificate services, providing LDAP authentication, and providing RADIUS authentication. Each article has detailed a separate piece of the project. This article shows the setup of Synology RADIUS server for EAP authentication via EAP-PEAP, EAP-TLS, and EAP-TTLS.

Setup Synology Radius for EAP-PEAP

  1. Login to Synology IP via SSH
  2. Use admin login credentials
  3. Go to the Radius certificate directory
    cd /var/packages/RadiusServer/target/etc/raddb/certs/
  4. Radius must be configured on our certificates:
    sudo vi ../mods-enabled/eap
  5. Type i to start insert then paste the following:
    eap {
        default_eap_type = peap
        timer_expire     = 60
        ignore_unknown_eap_types = no
        cisco_accounting_username_bug = no
        max_sessions = ${max_requests}

        #md5 {
        #}

        #leap {
        #}

        #gtc {
        #   auth_type = PAP
        #}

        tls-config tls-common {
            #private_key_password = whatever
            private_key_file = ${certdir}/server.key
            certificate_file = ${certdir}/server.crt
            #$INCLUDE /usr/local/synoradius/rad_ca_cert
            dh_file = ${certdir}/dh
            random_file = ${certdir}/random
            ca_file = ${certdir}/ca.crt
            ca_path = ${certdir}
            #INCLUDE /var/packages/RadiusServer/target/etc/cipher_list
            verify {
            }
        }

        #tls {
        #   tls = tls-common
        #}

        #ttls {
        #   tls = tls-common
        #   default_eap_type = mschapv2
        #   copy_request_to_tunnel = no
        #   use_tunneled_reply = no
        #   virtual_server = "inner-tunnel"
        #}

        peap {
           tls = tls-common
           default_eap_type = mschapv2
           copy_request_to_tunnel = yes
           use_tunneled_reply = yes
           virtual_server = "inner-tunnel"
        }

        #mschapv2 {
        #}
    }
  1. Hit ESC to end insert then type :wq to exit
  2. The radius service must be restarted in the Synology Package Center (Stop / Run)

Setup Synology Radius for EAP-TLS

  1. Login to Synology IP via SSH
  2. Use admin login credentials
  3. Go to the Radius certificate directory
    cd /var/packages/RadiusServer/target/etc/raddb/certs/
  4. Radius must be configured on our certificates:
    sudo vi ../mods-enabled/eap
  5. Type i to start insert then paste the following:
       eap {
        default_eap_type = tls
        timer_expire     = 60
        ignore_unknown_eap_types = no
        cisco_accounting_username_bug = no
        max_sessions = ${max_requests}

        #md5 {
        #}

        #leap {
        #}

        #gtc {
        #   auth_type = PAP
        #}

        tls-config tls-common {
            #private_key_password = whatever
            private_key_file = ${certdir}/server.key.pem
            certificate_file = ${certdir}/server.crt.pem
            #$INCLUDE /usr/local/synoradius/rad_ca_cert
            dh_file = ${certdir}/dh
            random_file = ${certdir}/random
            ca_file = ${certdir}/ca.crt.pem
            ca_path = ${certdir}
            #INCLUDE /var/packages/RadiusServer/target/etc/cipher_list
            verify {
            }
        }

        tls {
            tls = tls-common
        }

        #ttls {
        #   tls = tls-common
        #   default_eap_type = mschapv2
        #   copy_request_to_tunnel = no
        #   use_tunneled_reply = no
        #   virtual_server = "inner-tunnel"
        #}

        #peap {
        #   tls = tls-common
        #   default_eap_type = mschapv2
        #   copy_request_to_tunnel = no
        #   use_tunneled_reply = no
        #   virtual_server = "inner-tunnel"
        #}

        #mschapv2 {
        #}
    }
  1. Hit ESC to end insert then type :wq to exit
  2. The radius service must be restarted in the Synology Package Center (Stop / Run)

Setup Synology Radius for EAP-TTLS

  1. Login to Synology IP via SSH
  2. Use admin login credentials
  3. Go to the Radius certificate directory
    cd /var/packages/RadiusServer/target/etc/raddb/certs/
  4. Radius must be configured on our certificates:
    sudo vi ../mods-enabled/eap
  5. Type i to start insert then paste the following:
     eap {
        default_eap_type = ttls
        timer_expire     = 60
        ignore_unknown_eap_types = no
        cisco_accounting_username_bug = no
        max_sessions = ${max_requests}

        #md5 {
        #}

        #leap {
        #}

        #gtc {
        #   auth_type = PAP
        #}

        tls-config tls-common {
            #private_key_password = whatever
            private_key_file = ${certdir}/server.key
            certificate_file = ${certdir}/server.crt
            #$INCLUDE /usr/local/synoradius/rad_ca_cert
            dh_file = ${certdir}/dh
            random_file = ${certdir}/random
            ca_file = ${certdir}/ca.crt
            ca_path = ${certdir}
            #INCLUDE /var/packages/RadiusServer/target/etc/cipher_list
            verify {
            }
        }

        #tls {
        #    tls = tls-common
        #}

        ttls {
           tls = tls-common
           default_eap_type = mschapv2
           copy_request_to_tunnel = no
           use_tunneled_reply = no
           virtual_server = "inner-tunnel"
        }

        #peap {
        #   tls = tls-common
        #   default_eap_type = mschapv2
        #   copy_request_to_tunnel = yes
        #   use_tunneled_reply = yes
        #   virtual_server = "inner-tunnel"
        #}

        #mschapv2 {
        #}
    }
  1. Hit ESC to end insert then type :wq to exit
  2. The radius service must be restarted in the Synology Package Center (Stop / Run)

If your company has highly customized setup requirements that you need consulting for, then contact us for assistance.

Setup Ubiquiti Wireless Network with PSK & RADIUS

This is the seventh in a series that document the Tier 3 / Co-Managed IT work we did to setup a wireless test bed for a Linux based scientific device. The testing environment included two different wireless network hardware types (Ubiquiti and Cisco). There was also a Synology device used for various purposes including hosting the Ubiquiti controller inside a Kubernetes container, providing certificate services, providing LDAP authentication, and providing RADIUS authentication. Each article will detail a separate piece of the project. This article shows the basic setup of Ubiquiti Controller for PSK and RADIUS authentication from wireless devices.

Setup Ubiquiti Wireless Network with PSK

  1. Login to Ubiquiti controller previously created – Here
  2. Click on Setting gear icon at bottom left
  3. Make sure you are on Wifi tab and click Create New link
    • Set network BSSID
    • Create Password
    • Click Add Wifi Network button

Setup Ubiquiti Wireless Network with RADIUS

  1. Login to Ubiquiti controller previously created – Here
  2. Click on Setting gear icon at bottom left
    • Click on Profiles
    • Click on Radius Tab
    • Click on Create New link
    • Give the Profile a name
    • Enter RADIUS server IP address as Authentication Server
    • Enter RADIUS shared secret
    • Click Add
    • Click Apply Changes
  3. Click on Wifi Tab
  4. Click on Create New link
  5. Set network BSSID
  6. Change Advanced to Manual
  7. Set Security Protocol – WPA2 Enterprise
  8. Select new RADIUS Profile
  9. Click Add Wifi Network

If your company has highly customized setup requirements that you need consulting for, then contact us for assistance.

Setup Cisco Wireless Network with PSK & RADIUS

Cisco Wireless Controller

This is the sixth in a series that document the Tier 3 / Co-Managed IT work we did to setup a wireless test bed for a Linux based scientific device. The testing environment included two different wireless network hardware types (Ubiquiti and Cisco). There was also a Synology device used for various purposes including hosting the Ubiquiti controller inside a Kubernetes container, providing certificate services, providing LDAP authentication, and providing RADIUS authentication. Each article will detail a separate piece of the project. This article shows the basic setup of Cisco Wireless Controller for PSK and RADIUS authentication from wireless devices.

Setup Cisco Wireless Network with PSK

  1. Login to Cisco Wireless Controller
  2. Click on WLANs tab at top
  3. Click on GO next to Create New drop down
  4. Create Profile Name & SSID
  5. Click Apply
  6. Click Enabled next to Status
  7. Click Apply
  8. Click on Security tab
  9. Uncheck 802.1x
  10. Check PSK
  11. Enter Pre-Shared Key next to PSK format
  12. Click Apply
  13. Click Save Configuration at the top

Setup Cisco Wireless Network with RADIUS

  1. Log into Cisco Wireless Controller
  2. Click on Security tab at top
  3. Click on Authentication under RADIUS on left hand side
  4. Change both Acct Call Station ID Type to IP Address
  5. Click Apply
  6. Click on New
  7. Add RADIUS server IP address
  8. Add Shared Secret
  9. Uncheck management
  10. Click Apply
  11. Click on WLANs tab at top
  12. Edit WLAN 1
  13. Click on Security tab
  14. Click on AAA Servers tab
  15. Change Server 1 to the one entered on RADIUS Authentication page
  16. Click Apply
  17. Click on Layer 2 tab
  18. Change Authentication type to 802.11x
  19. Click Apply
  20. Click Save Configuration at the top

If your company has highly customized setup requirements that you need consulting for, then contact us for assistance.

Basic Setup of Ubiquiti Wireless Controller on Synology NAS

This is the third in a series that documents the Tier 3 / Co-Managed IT work we did to setup a wireless test bed for a Linux based scientific device. The testing environment included two different wireless network hardware types (Ubiquiti and Cisco). There was also a Synology device used for various purposes including hosting the Ubiquiti controller inside a Kubernetes container, providing certificate services, providing LDAP authentication, and providing RADIUS authentication. Each article will detail a separate piece of the project. This article shows the basic setup of Ubiquiti Wireless Controller as a Docker instance on the Synology.

Setup Synology for Docker Container

  1. Login to Synology via HTTP
  2. Open Package Manager
  3. Search for Docker & InstallSynology Docker Package
  4. Open Docker
  5. Click on Container tab
    • Click Create
    • Select the image just downloaded and click Next
    • Select Use the same network as Docker Host and click Next
    • Give the container a name
    • Enable resource limitations (increase memory for larger installations)
    • Enable auto-restart then click nextSynology Docker General Settings
    • Click on Advanced Settings
    • Add environment variables
      • BIND_PRIV = false
      • RUNAS_UID0 = falseSynology Docker Advanced Settings
  6. Click Add Folder
    • Highlight the Docker folder and click Create folder then create a Unifi folder and then highlight it and click Select Synology Docker Add Volume
    • Change Mount path to /unifi then Next
    • Click Done

Configure Ubiquiti Controller

  1. Login to new controller – https://[IPAddressofSynology]:8443/manage
  2. Name the Ubiquiti Controller and Check the agree to terms box then click Next
  3. Change to Advanced settings
  4. Turn off remote and Ubiquiti account
  5. Create administrator user
  6. Create password
  7. Create admin email then click Next
  8. Enable Auto Backup and click Next
  9. Skip device setup by clicking Next
  10. Skip Wifi setup by clicking Skip
  11. Change time zone if needed and Click Finish

Setup Wireless Access Point

  1. Connect access point to same network
  2. Adopt in controller
    • Find IP address of access point
    • SSH into access point
    • Login with defaults ubnt / ubnt
    • Type: set-inform https://[IPAddressofSynology]:8080/inform
  3. Login to Controller – https://[IPAddressofSynology]:8443/manage
    • Click on Devices on the left
    • Click on access point and choose Adopt

If your company has highly customized setup requirements that you need consulting for, then contact us for assistance.

Basic Setup of Cisco Wireless Controller

This is the first in a series that document the Tier 3 / Co-Managed IT work we did to setup a wireless test bed for a Linux based scientific device. The testing environment included two different wireless network hardware types (Ubiquiti and Cisco). There was also a Synology device used for various purposes including hosting the Ubiquiti controller inside a Kubernetes container, providing certificate services, providing LDAP authentication, and providing RADIUS authentication. Each article will detail a separate piece of the project. This article shows the basic setup of Cisco Wireless Controller.

Setup of Cisco Wireless Controller

  1. Plug -in ethernet of Computer to port 2 on controller
  2. Boot controller and wait for SYS light to go solid
  3. Open web browser to http://192.168.1.1
  4. Create admin username
  5. Create password
  6. Fill in the needed information:
    1. System nameManagement IP Subnet MaskDefault Gateway
    1. Click Next
  7. Fill in temporary information for wireless
    1. Network BSSIDCreate PassphraseEnter local DHCP server address
    1. Click Next
  8. Click Apply and wait for reboot
  9. Click on Commands tab
  10. Click on Set Time on the left-hand menu
  11. Change needed values
  12. Click Set Date and Time
  13. Click Save Configuration at the top

If your company has highly customized setup requirements that you need consulting for, then contact us for assistance.

What every business has in common?

Every modern business has one thing in common – the internet.

Businesses are using computers, smart phones, tablets, etc. to connect to the internet for research, shopping, advertising, or any number of things. With a connection to the internet comes the need for routers, switches, wireless, and other network hardware to distribute internet connectivity across the company. There are malicious people on the internet that are setting traps and trying to break into companies which necessitate the use of tools like antivirus, internet filtering, spam filtering, and other protective measures. There are also people who work from their homes and need to have a way of tunneling safely into the network to use the resources there. 

All of this has to be managed by someone in the company or you can contract with a managed IT service provider. 

If your company needs help managing all the things connected to your internet, then contact us for assistance.

Benefits of Wi-Fi 6e 

VoIP Telephone System - Grants Pass, OR

Wi-Fi technology is ingrained into our everyday lives WE COLLECTIVELY STREAM more movies and TV shows, play more online games, and make more video calls than ever before, and all this activity puts a serious strain on our Wi-Fi networks. Wi-Fi 6e has various features to improve the efficiency and data of your wireless network and reduce latency. the latest Wi-Fi 6e standards offers a range of benefits, including faster and more reliable access. So, what is Wi-Fi 6e and what are some of the benefits?

Wi-Fi 6e explained 

Existing technologies operate on two frequencies 2.4 GHz and 5GHz which have become more congested over time; Wi-Fi 6e adds access to a third frequency, 6GHz. now wireless devices can also use the 6GHz band. And the 6GHz band opens up the opportunity for higher transfer speeds. On top of that, currently there are about four 160 MHz-wide channels with normal Wi-Fi this 6GHz band brings with it seven 160 MHz-wide channels, More available channels mean more available spectrum for Wi-Fi service “and less overlap between networks in crowded areas like apartment complexes or offices,”. with less overlap and congestion you are able to connect more devices with the same efficiency expectation. Additionally there have been security improvements with Wi-Fi 6E that puts the burden on the router, rather than you, to secure connections between your devices. WPA3 is mandatory for all Wi-Fi 6 certified devices, which provides the latest security and authentication protocols. 

Summary of Benefits 

  • Faster, more reliable connection
  • Transmits data faster with less interference. 
  • You don’t have to compete with traffic from other devices or networks.
  • Security improvements making it more secure and harder to hack 
  • Accommodates more connected devices

If your company is looking to upgrade the wireless coverage in your office, whole building, or entire business complex, then contact us to evaluate your WiFi needs.

Archives

Categories

Plant a Seed @ 541-761-9549
233 Rogue River Hwy #873 Grants Pass, OR 97527
Mon-Fri: 9:00am-5:00pm
support@farmhousenetworking.com
© 2016-2024- Farmhouse Networking. All rights reserved
Terms and Conditions Privacy Policy

Evaluation Signup

[contact-form-7 id="452" title="Free Network Evaluation"]
And God will generously provide all you need. Then you will always have everything you need and plenty left over to share with others. As the Scriptures say,
“They share freely and give generously to the poor. Their good deeds will be remembered forever.”
For God is the one who provides seed for the farmer and then bread to eat. In the same way, he will provide and increase your resources and then produce a great harvest of generosity in you. - 2 Corinthians 9:8-10