Category: Network Security

Are You in Need of Technical Help?

broken internet - Grants Pass, OR

We have a bench of Tier 3 engineers ready that have been trained in industry best practices, compliance and are comfortable supporting your network and computers.

Put an End to Stressful Computer Support

By utilizing one of our industry trained Helpdesk Specialists, you can free your employees from wasting time on computer support tasks.

Our Helpdesk Specialists are capable – but not limited to – the following tasks:

  • Desktop operating system maintenance, troubleshooting, and diagnosis
  • Desktop connectivity troubleshooting
  • Network systems maintenance, troubleshooting, and diagnosis
  • Network connectivity troubleshooting
  • Server operating system maintenance, troubleshooting, and diagnosis
  • Server connectivity troubleshooting
  • Application installation and support
  • Client VPN installation and support
  • Microsoft Office Suite & Google G-Suite support
  • Security & access management
  • Anti-malware administration and resolution

Learn more about the benefits of our Dedicated Remote Support Solutions here.

Wireless Security Upgrade

WPA3 Wireless Security - Grants Pass, OR

Strange to think that the current wireless security protocol has been in use for over a decade, but with the release of WPA3 certification today the Wi-Fi Alliance has made some serious strides towards a more secure wireless security standard.

Security Improvements

Offline Password Guessing – Attackers will now only get one guess per offline packet instead of unlimited. This will force them to interact with the wireless device directly which will make their attacks easier to detect and easier to shut them out.

Forward Secrecy – Even if the attacker is able to record a data stream and crack the current password, they will not be able to read the recorded data – only new data flowing over the network.

192-bit Encryption: – Enterprise users and tech savvy small businesses will be able to take advantage of deeper encryption for more secure connections

Wi-Fi Easy Connect – Simple to use, secure way for home users to connect their devices by scanning a QR code instead of entering a complex password.

This new security protocol mixed with the latest 802.11ax (that could bring 10 Gigabit speeds to wireless) will make 2019 a banner year for wireless technology.
If your company is interested better wireless security or faster wireless speeds, then contact us for assistance.

 

Xerox Versalink Scan to Folder Windows 10 Home

Xerox Versalink C7000 - Grants Pass, OR

Ran into an issue with Scan to Folder on Windows 10 Home from a Xerox Versalink C7025 via SMB. Contacted support and they stated that Xerox does not support this setup. Further digging found that Windows 10 Home folder shares need passwords in a [Computername]\[Username] format that the Xerox Versalink could not provide correctly. I found another option that works well in this situation:

Scan to Folder via FTP

  1. Create a Scan folder in the Users directory
  2. Download and install Filezilla FTP Server with the defaults (I prefer to set “start user interface: to manually)
  3. Click on the Edit > Users menu item.
  4. Click on the Add button and create a username (case sensitive)
  5. Check the password box and create a password
  6. Click on the Shared Folders tab on the left then click on the Add under Shared Folders
  7. Browse to the Scan folder and click OK
  8. Check all File & Directory permissions then click OK at bottom left

With this setup on the Windows 10 Home computer an Address Book entry can be created for Scan to Folder via FTP on the Xerox Versalink. The only thing that could be a problem after that is a software firewall link Windows Firewall or McAfee LiveSafe.

 

If your company wants to utilize more functionality from your multi-function device, then contact us for assistance.

Is the internet down again?

broken internet - Grants Pass, OR

If it seems like this is a typical question in your office then there is hope. The concept of internet failover has been around for years. With the advent of 4G LTE cellular networks internet failover is now within reach of the small business. If the main internet connection goes down then the 4G LTE cellular network will kick in automatically to keep your business flowing. When the main internet connection comes back online it will automatically switch back to restore full speed access.

How We Fix the Internet

Business Class Router: The Datto Networking Appliance has all the specs of true business class router including all the usual services (DHCP, DNS, VLAN, DMZ, Access Rules, etc). It also has all the features that you need to secure and expand your business with seven layer deep packet inspection, intrusion detection, traffic shaping (VoIP), client VPN, site-to-site VPN, and cloud management.

Connectivity: This router has all the connectivity you could ever need. It has 4 Gigabit LAN ports to help physically segment the network. It has the latest and most redundant wireless connectivity available. It has a fully integrated multi-band 4G LTE wireless cellular modem to keep you connected when wired internet fails.

Peace of Mind: Leave the connectivity worries to us. Our expert team will be monitoring and maintaining the Datto Networking Appliance at all times via the cloud management console and integrated alerting. We will know the internet is down before you do and will take the steps needed to get your ISP to fix things.

If your company’s internet is constantly going down, then contact us for assistance.

ESET Antivirus Troubles

Eset Antivirus - Grants Pass, OR

Working with a webhost to tighten their security settings to get PCI compliant. In doing so we ended up breaking many of their clients email access by turning off SSLv3 and TLSv1.0. I was given the task of helping all the clients fix this issue (see seperate blog post for the fix). One in particular ended up not having issues beyond the normal problems with TLS and it turned out being ESET Antivirus. Here is the story:

Unable to Access Website:

The client first mentioned that they could not access a particular website that they needed to submit government paperwork. The error was related to the certificate being out of date. I checked the site on my own computer and it came up just fine, so looked at their certificate and it was current with plenty of time left before expiring. Cleared the cache and all the normal troubleshooting steps to no avail, so had to dig deeper. Remembered that some antivirus programs scan HTTPS traffic by putting their own certificate in place of the actual certificate from the site. Looked inside ESET Antivirus and found the culprit. Under Internet Protection > Web Access Protection I turned off the HTTPS Scanner. Restarted the browser and was able to surf to the site without issues.

Hidden Messages Stuck in Outlook Outbox:

The client then mentioned that some messages weren’t sending, so looked into it and found a couple messages that were 2MB+ which I told them were too large to send. We got rid of those but then messages were still stuck but were now hidden from view. I used the typical fix for read receipts that are hidden using the MFCMAPI tool but found nothing there. Tried removing the account and re-adding it to Outlook. After the clients 8,000+ emails downloaded via IMAP the same problem began occurring again. Remembering the issues with ESET Antivirus web filtering, I decided to take a look at that again. Under Internet Protection > Email client protection I turned off all the Email Clients, Email Protocols, and Antispam Protection. Restarted Outlook and the problem persisted. Had to remove the account and re-add it to Outlook. After the clients 8,000+ emails downloaded via IMAP the problem was fixed.

All that being said, these kinds of problems are another reason that I recommend Webroot to my clients for their antivirus protection. I prefer to have the Website filtering happen at the DNS level via a company like DNSFilter.com and the SPAM / Email filtering to happen via the email provider or an email protection service like Mailprotector.com.

If your company is interested in using a real layered approach to security not just putting a software band-aid on it, then contact us for assistance.

SMB Guide to Ransomware

SMB-Guide-to-Ransomware

Ransomware has become a serious epidemic affecting businesses of all sizes, and protecting your company is more essential than ever before as the number of ransomware attacks continues to rise. A recent U.S. Government inter-agency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 — a 300-percent increase over the 1,000 daily ransomware attacks reported in 2015.

As ransomware spreads, it continues to evolve and get more sophisticated — and more lucrative. In fact, according to Internet Crime Complaint Center, ransomware victims paid more than $24 million to regain access to their data in 2015 alone.

What does all this mean for small to medium-sized businesses?

Download the full article here:
http://www.farmhousenetworking.com/downloads/SMB-Guide-to-Ransomware.pdf

If your company is worried about ransomware and would like to see if your business is prepared for the inevitable, then contact us for assistance.

Now Featuring: third-party software updates

third-party software update

In a continuing effort to offer the best remote monitoring & maintenance available and to enhance the security of our clients even more, we are now offering updates to several of the most popular third-party software packages. This is in addition to the Windows patching, system health checks, system maintenance, managed antivirus (included for free), and website blacklist monitoring that now come standard with our remote monitoring & maintenance service. Here is a summation:

Third-Party Software Updates

Google Chrome: web browser made by Google.

Firefox: web browser made by the Mozilla Foundation.

CCleaner: system cleaning utility (now owned by AVG).

Adobe Acrobat Reader: PDF viewer made by Adobe.

Adobe Flash Player: website animation plugin made by Adobe.

Java Runtime: website programming plugin made by Oracle.

There is a long list of other software that we can update for you automatically, but have chosen these in particular to update as they are the most likely to be exploited and least likely to be updated regularly.

If your company has software that needs to be automatically updated or would like to sign-up for remote monitoring and maintenance, then contact us for assistance.

Quick Look at PCI Compliance Regulations

PCI Compliance Regulations

Just got done cleaning up after a security breach (aka hacking) of one of my client’s accounting workstation. They had an older method of remote access called Microsoft Remote Desktop that has known vulnerabilities without additional security measures in place. The hacker did not touch their Quickbooks data (super surprising), but installed software to send SPAM, mine bitcoin crypto-currency, and running fraudulent credit card transactions. Since there was no compromises of Primary Account Numbers (PAN) or customer data there was no need for notifying customers, but the FBI Cyber Crime division was still notified to help share with them the intelligence from the breach. This then lead to me reading through the PCI DSS regulations again and making the requisite recommendations to mitigate the current issues with the client’s network and protect against future attempts. Here is a list of applicable PCI Compliance Regulations:

Requirement 1.1.2 – Current network diagram that identifies all connections between the cardholder data environment and other networks, including any wireless networks.
Requirement 1.2 – Build firewall and router configurations that restrict connections between untrusted networks and any system components in the cardholder data environment.
Requirement 1.3 – Prohibit direct public access between the Internet and any system component in the cardholder data environment.
Requirement 4.1 – Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks, including the following:
•    Only trusted keys and certificates are accepted
•    The protocol in use only supports secure versions or configurations
•    The encryption strength is appropriate for the encryption methodology in use
Requirement 5.1 – Deploy anti-virus software on all systems commonly affected by malicious software (particularly personal computers and servers).
Requirement 5.2 – Ensure that all anti-virus mechanisms are maintained as follows:
•    Are kept current,
•    Perform periodic scans
•    Generate audit logs
Requirement 5.3 – Ensure that anti-virus mechanisms are actively running and cannot be disabled or altered by users, unless specifically authorized by management on a case-by-case basis for a limited time period
Requirement 6.2 – Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within one month of release.
Requirement 8.2.3 – Passwords/passphrases must meet the following:
•    Require a minimum length of at least seven characters.
•    Contain both numeric and alphabetic characters.
Requirement 8.2.4 – Change user password/passphrases at least once every 90 days.

If your company has PCI Compliance Regulations that you need consulting for, then contact us for assistance.

CyberSecurity Month – Mobile Device

CyberSecurity Mobile DeviceMobile devices enable Americans to get online wherever they are. Although mobile devices — from smart watches to phones and tables — can be extremely useful and convenient, there are also potential threats users may face with such technology. It’s important to understand how to protect yourself when connecting on the go.

DID YOU KNOW?

• 56 percent of American adults own a smartphone.
• More than half of mobile application (app) users  have uninstalled or decided not to install an app due to concerns about their personal information.

SIMPLE TIPS

1. Use strong passwords.

Change any default passwords on your mobile device to ones that would be difficult for someone to guess. Use different passwords for different programs and devices. Do not choose options that allow your device to remember your passwords. (We recommend LastPass Mobile App to keep track of password, encryption of the phone and fingerprint scanning for unlocking your device.)

2. Keep software up to date.

Install updates for apps and your device’s operating system as soon as they are available. Keeping the software on your mobile device up to date will prevent attackers from being able to take advantage of known vulnerabilities. (Unfortunately the carrier that you choose is in charge of the OS updates on the phones, but allow auto updates on all other apps.)

3. Disable remote connectivity.

Some mobile devices are equipped with wireless technologies, such as Bluetooth, that can connect to other devices. Disable these features when they are not in use. (Look out for NFC also as this will allow access based on how close someone gets to your phone – think crowded elevator.)

4. Be careful what you post and when.

Wait to post pictures from trips and events so that people do not know where to find you. Posting where you are also reminds others that your house is empty.

5. Guard your mobile device.

In order to prevent theft and unauthorized access, never leave your mobile device unattended in a public place and lock your device when it is not in use.

6. Know your apps.

Be sure to review and understand the details of an app before downloading and installing it. Be aware that apps may request access to your location and personal information. Delete any apps that you do not use regularly to increase your security. (Also do not root your phone or install apps from any place platforms app store.)

7. Know the available resources.

Use the Federal Communications Commission’s Smartphone Security Checker at www.fcc.gov/smartphone-security.

If your company is concerned about cybersecurity and wants to take the needed steps to protect yourselves, then contact us for assistance.

CyberSecurity Month – Small Business Tips

CyberSecurityBroadband and information technology are powerful tools for small businesses to reach new markets and increase sales and productivity. However, cybersecurity threats are real and businesses must implement the best tools and tactics to protect themselves, their customers, and their data. Visit www.fcc.gov/cyberplanner to create a free customized Cyber Security Planning guide for your small business and visit www.dhs.gov/stopthinkconnect to download resources on cyber security awareness for your business. Here are ten key cybersecurity tips to protect your small business:

1. Train employees in security principles.

Establish basic security practices and policies for employees, such as requiring strong passwords and establish appropriate Internet use guidelines, that detail penalties for violating company cybersecurity policies. Establish rules of behavior describing how to handle and protect customer information and other vital data.

2. Protect information, computers, and networks from cyber attacks.

Keep clean machines by having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available. (Our managed monthly service contract customers already have this taken care of.)

3. Provide firewall security for your Internet connection.

A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Make sure the operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home system(s) are protected by a firewall. (We don’t recommend the free stuff as you always get what you pay for.)

4. Create a mobile device action plan.

Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.

5. Make backup copies of important business data and information.

Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly and store the copies either offsite or in the cloud. (We recommend backup copies in both)

6. Control physical access to your computers and create user accounts for each employee.

Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel. (Definitely agree with the separate users and least

7. Secure your Wi-Fi networks.

If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi- Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router. (Also make sure to segregate public guest traffic from private traffic.)

8. Employ best practices on payment cards.

Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations pursuant to agreements with your bank or processor. Isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet.

9. Limit employee access to data and information, and limit authority to install software.

Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission.

10. Passwords and authentication.

Require employees to use unique passwords and change passwords every three months. Consider implementing multifactor authentication that requires additional information beyond a password to gain
entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account. (Multifactor should be implemented on all web based applications from third party vendors.)

If your company is concerned about cybersecurity and wants to take the needed steps to protect yourselves, then contact us for assistance.

Archives

Categories

Plant a Seed @ 541-761-9549
233 Rogue River Hwy #873 Grants Pass, OR 97527
Mon-Fri: 9:00am-5:00pm
support@farmhousenetworking.com
© 2016-2025 - Farmhouse Networking. All rights reserved
Terms and Conditions Privacy Policy

Evaluation Signup

Error: Contact form not found.

And God will generously provide all you need. Then you will always have everything you need and plenty left over to share with others. As the Scriptures say,
“They share freely and give generously to the poor. Their good deeds will be remembered forever.”
For God is the one who provides seed for the farmer and then bread to eat. In the same way, he will provide and increase your resources and then produce a great harvest of generosity in you. - 2 Corinthians 9:8-10