Loading ...

Category: Troubleshooting

Compliance Requires Penetration Testing

Compliance is and always has been a complicated matter. Here are the quotes from the three types of compliance – CMMC, HIPAA, and PCI:

CMMC – Risk Assessment L2-3.11.2 – VULNERABILITY SCAN: Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified.”

HIPAA – § 164.308 Administrative safeguards. (a)(1)(ii)(A) – Risk analysis (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate.”

PCI – 11.3: External and internal vulnerabilities are regularly identified, prioritized, and addressed”

To summarize what this all mean – compliance requires penetration testing and vulnerability scanning. Networks have to be tested regularly to make sure that there has been nothing missed which would allow a hacker to breach the network and steal the treasure of information. Our recommendation is to scan at least quarterly, if not monthly, to find these vulnerabilities and address them before the hackers find them.

If your company has compliance requirements that you need consulting for, then contact us for assistance.

Recover a Stuck Windows Service

Recently had an issue with a backup software that would get stuck in START_PENDING status at every startup. This caused it to be unable to be uninstalled, repaired, or forcefully removed and re-installed. Here is how we fixed it:

1. Find out the Service Name of the service by looking for it in the Services control panel:

2. Open command prompt as administrator

3. To get the PID type in – sc queryex [Service Name]

4. To kill the errant process type in – taskkill /f /pid [PID]

5. To remove the process type in – sc delete [Service Name]

One I had removed the process I restarted the server just to make sure then re-installed the software.

If your company needs help troubleshooting software issues, then contact us for assistance.

RMM Automation: Synology Resource Monitoring

As our business continues to focus on providing white labeled Tier 3 IT support services, RMM as a service, and co-managed IT services this blog will be highlighting tips for Synology resource monitoring. We have developed best practices for alerting on a Synology device for resources like CPU, Memory, and Disk Usage. When these Synology resource monitoring alerts are consistently triggered it show that the device is over utilized or if they remain triggered for long periods of time then it shows there is an issue on the device itself. We also setup weekly Storage Reports to get an accurate view of the changes and growth going on with client storage.

Setup Notifications

Make sure that Notifications are setup on the Synology first

  1. Open Control Panel
  2. Click on Notifications
    • Check enable email notifications
    • Choose Service Provider
    • Login to Gmail or use Custom SMTP server for Office 365 as the sender
    • Change Subject to indicate name of device
    • Add recipient email (Best to use one that ties into a PSA or RMM)
    • Click Apply
    • Send a Test Email

Setup Synology Resource Monitoring

  1. Open Resource Monitor app
    1. Click on Performance Alarm to the left
    2. Click on Rules tab
    3. Click Create
    4. Create the following Rules one by one
      1. Volume Critical
        1.  Select which volume [create multiple rules if more than one volume]
        2. Select Disk I/O utilization
        3. Greater than 90%
        4. Level Critical
      2. Volume Warning
        1.  Select which volume [create multiple rules if more than one volume]
        2. Select Disk I/O utilization
        3. Greater than 75%
        4. Level Warning
      3. System Memory Critical
        1. Memory Usage
        2. Greater than 90%
        3. Level Critical
      4. System Memory Warning
        1. Memory Usage
        2. Greater than 75%
        3. Level Warning
      5. System CPU Critical
        1. CPU Usage
        2. Greater than 90%
        3. Level Critical
      6. System CPU Warning
        1. CPU Usage
        2. Greater than 75%
        3. Level Warning
    5. Click Settings and check box to Enable usage history then click Save

Setup Storage Reports

  1. Open Storage Analyzer
    1. Select new location
    2. Create new shared folder named Log Files – hide from network
    3. Go back to Storage Analyzer and select new folder
    4. Set volume usage data to be collected Daily at 2am 
    5. Create report task
      1. Send to email (Best to use one that ties into a PSA)
      2. Generate reports at Monday 4am
      3. Keep 60 reports then click Next
      4. Select report items
        1. Volume Usage
        2. Shared Folders
        3. Potential Duplicate Files
        4. Large Files
        5. Least Recently Modified Files then click Next
      5. Analyze all folders then click Next
      6. Leave duplicate file defaults then click Next
      7. Click Done
    6. Close App

Once this is setup you will start getting email alerts sent to you or better yet your PSA / RMM for ticket creation and review.

If your company is a MSP or wants to become one and automation just seems out of reach, then contact us to run your RMM for you.

Zero Trust – Application Whitelisting

This is the eighth in a series about the concept of Zero Trust, which means in the IT sense that you trust nothing and always verify everything surrounding and connected to your network. Today’s discussion will be on Application Whitelisting. 

Application Whitelisting

Application Whitelisting is a process of determining which software programs the company absolutely needs to do business, marking them as safe, and blocking any other program that tries to run on company computers. This methodology has the distinct advantage of blocking almost all forms of malware on computers. Pairing this with a good next-gen antivirus creates an impenetrable wall against malware threats. It also prevents users from accidentally or intentionally running something that should not be on company computers. Here are some questions to ask:

  • Do you know all software on your computers?
  • Do your users spend time on company computers listening to music?
  • Have any of your users ever downloaded software without asking?
  • Do you have a computer use policy? How is that enforced?

If your company is wanting to lock down what is running on company computers, then contact us for assistance.

Hackers Penetrate 93% of Company Networks

Hacked - Grants Pass, OR

Security researchers performed penetration testing on the networks of 45 various mid-sized companies and found that in real life scenarios 93% of those networks were able to be compromised to the point of business disruption. Here are the details:

The Target

The 45 companies were polled to determine what would be an unacceptable business interruption. They decided that the following met that criteria:

  • Disruption of production processes
  • Disruption of service delivery processes
  • Compromise of the digital identity of top management
  • Theft of funds
  • Theft of sensitive information
  • Fraud against users

These became the target for the penetration testers. 


The Process

In order for the penetration tester to achieve their target, they followed the following process:

  • Breach the network perimeter – This was done by the use of compromised passwords found on the Dark Web and know vulnerabilities on devices that were directly connected to the internet
  • Obtain maximum privileges – In 100% of the networks, once an attacker was inside the network
  •  Gaining access to key systems – With maximum privileges, the testers are able to gain access to other areas of the network including databases, executives computers, and production servers
  • Develop attacks on target systems – Once key systems are compromised the testers then figured out how to create the unacceptable business interruption. Although they could have created these interruptions, they only gathered proof that they could to present the data to the companies. 


How to Defend 

There are a couple main ways to defend against these kinds of attacks:

  • Security Controls / Segmentation – Creating least privileged access to key systems and segmenting the network will keep hackers from traversing the network once inside
  • Enhanced Network Monitoring – Modern cyber security tools watch activity and traffic on the network to find indicators of compromise. They pool this information into an attack history that can be used to remediate and further protect. 


Your company is not as safe as you think, so contact us for free initial cybersecurity evaluation and risk report.  .

Never Negotiate with Terrorists

Hacked - Grants Pass, OR

There has been a recent trend for companies to “negotiate” with the criminal terrorists behind wave of ransomware attacks across the world by paying the ransom. In a recent study some alarming statistics have been released:

Current Ransomware Stats

If Ransom is Paid: The global findings also show that only 8% of organizations manage to get back all of their data after paying a ransom, with 29% getting back no more than half of their data.

Cost of Ransom: The average ransom paid was $170,404. While $3.2 million was the highest payment out of those surveyed, the most common payment was $10,000. Ten organizations paid ransoms of $1 million or more.

Who is Paying the Ransom: The number of organizations that paid the ransom increased from 26% in 2020 to 32% in 2021.

The Brighter Side: While the number of organizations that experienced a ransomware attack fell from 51% of respondents surveyed in 2020 to 37% in 2021, and fewer organizations suffered data encryption as the result of a significant attack (54% in 2021 compared to 73% in 2020).

What is Being Done

There are now organizations trying to create a common framework to address this threat. The Institute for Security and Technology has created a Ransomware Task Force. This task force has been working to develop this framework and has published some guidance. Even though this is just the foundation work, it is good to see that efforts are being made. 

If your company is worried about the threat of ransomware, then contact us for assistance setting up a multiple layer approach to security.

How is Malware Delivered?

Malware

Read a recent study on the origins of malicious software aka malware. Here are the highlights:

Current Malware Statistics

29% – Malware is previously unknown to security vendors due to the continued efforts of malware creators to hide the software or make it undetectable.

88% – Malware is delivered to people’s inboxes and some of it bypassing normal SPAM filters.

8.8 Days – Time before regular antivirus vendors have discovered the malware and added it to their lists for detection.

$50 – The cost of a pre-fabricated malware kit that can be bought currently on the dark web.

“The most common type of malicious attachments were: documents (Word – 31%), archive files (ZIP & RAR – 28%), spreadsheets (Excel – 19%) and executable files (EXE – 17%).”

What can be done?

A multi-tiered approach to security remains the best solution:

  • Moving from traditional antivirus to Enhanced Detection & Response (EDR) software to go beyond lists of know infections to behavior tracking of software
  • Moving from traditional SPAM filters to Email Advanced Threat Protection which scans each email and opens each attachment to see if there is any malicious activity cause by them
  • Moving from traditional router to a business class firewall with Intrusion Prevention System to monitor traffic for suspicious activity
  • Employee training is also key to keep your staff aware of immerging trends and threats 


If your company is looking to enhance your network security posture, then contact us for assistance.

Number of Credentials Exposed Increased by 429%

Hacked - Grants Pass, OR

A company named Arctic Wolf, a leader in enterprise security operation centers, published a report that states that the number of corporate credentials with plaintext passwords on the dark web has increased by 429% since March.

There are also startling statistics on the increase in email phishing attempts and the use of unsecure public wireless connections. These numbers are like due to the Work From Home employees using their own insecure computers and cyber criminals trying to take advantage of the trend. It appears that security measures that are used in the office need to be extended to the Work From Home network as well. 

If your company is currently or is going to have Work From Home users, then contact us for assistance.

A newly discovered serious vulnerability – dubbed “BootHole”

There has been information released by a security research firm called Eclypsium that there is a vulnerability dubbed Boothole in Unified Extensible Firmware Interface (UEFI) Secure Boot that would allow an attacker to completely take over a workstation, laptop, or server and be nearly undetectable. All hardware vendors will have to send out updates in the near future to patch the UEFI code to secure it against this “BootHole” vulnerability. Due to the difficulty in designing and testing these types of updates it will be some time before they are released. We will keep you posted as to the release of these updates as they become available. 

If your company is concerned about security, then contact us for assistance.

Quick Tip: Outlook Crashing?

Many of our customers have been experiencing some of their users having Outlook crashing immediately after opening. We even had other tech companies call to find out how we were fixing it, so we investigated and found the following known issue from Microsoft:

Users experiencing Outlook connection issues and crashes
EX218604, Exchange Online, Last updated: July 15, 2020 10:12 AM
Start time: July 15, 2020 9:18 AM
User impact:
Users may experience crashes or may be unable to access Exchange Online via Outlook.
Current status:
Our initial review of the available data indicates that recently deployed updates are the likely source of the problem. We’re performing an analysis of all recent service updates to isolate the underlying cause of the problem and to determine the most expedient means to restore service.

We will be keeping our monthly clients up to date on this issue. 

Archives

Categories

Plant a Seed @ 541-761-9549
233 Rogue River Hwy #873 Grants Pass, OR 97527
Mon-Fri: 9:00am-5:00pm
support@farmhousenetworking.com
© 2016-2023- Farmhouse Networking. All rights reserved
Terms and Conditions Privacy Policy

Evaluation Signup

[contact-form-7 id="452" title="Free Network Evaluation"]