Network Security: What Does Your Firewall Do For You?

Jason Cooley is Support Services Manager for Tech Experts.

“Security.” It’s a word that we are all familiar with, but it can have many different meanings depending on context. Security to people nearing retirement age may mean financial security for their future.

At a large event like a concert, it could mean both security guards and the overall security of the event.

However, as time goes by, the word security has become increasingly related to the digital world.

Using the Internet to pay bills, access banking information, or even applying for loans is commonplace. We must be prepared to protect our identity and personal information.

Now, whether you are talking about your home or your business, network security starts with a firewall.

So what is a firewall?

A firewall, in terms of network security, can be a physical device that your incoming and outgoing data is routed through. It could also be a program on your device that can strengthen and supplement your devices’ security.

Both of these have different capabilities and purposes and can be used individually or together.

While there are different types, their essential function is the same. A firewall is put in place to allow or deny traffic, based on a set of security rules.

In a business setting where many staff members use a computer daily, a firewall can be put in place to block unwanted traffic.

A simple security rule to check for secure certificates can stop unwanted traffic easily.

Websites have security certificates, so when you access a page, your firewall can check the certificate. If the certificate is digitally signed and known as trusted, the firewall will allow traffic to proceed.

Search results can often display links of potentially harmful websites.

A firewall adds a layer of security making sure your employees don’t accidently find themselves on a website that could compromise your network.

This same principle works for home networks and can allow you to set some security rules. These rules can be put in place to help keep Internet usage safe, especially with children around the house. A firewall can also block certain content.

In an office setting, you could turn off access to social media to stop staff from accessing sites that aren’t needed to complete work.

It can block certain search engines and even limit the use of unsecure versions of websites.

At home, you can block content from websites you don’t want your family to have access to.

There is also the option of having active network times. You can have your Wi-Fi network only active during business hours, keep your kids off their devices at bedtime, or limit access to certain days.

There are many other things that your firewall can do to help keep your network safe.

Keeping your network secure has the potential to save you thousands of dollars, depending on the number of devices and your dependency on those devices.

Safety and security always has a high value to you. It can also help you rest easier knowing that either your business, or your family, is a little bit safer.

Do I Really Need A Firewall For My Business?

Ron Cochran is a senior help desk technician for Tech Experts.

Before we answer that, let’s look at what a firewall actually is. No, no actual flames of any kind are involved whatsoever.

A firewall is a barrier or “shield” intended to protect your PC, tablet, or phone from the data-based malware dangers that exist on the Internet. Data is exchanged between your computer and servers and routers in cyberspace, and firewalls monitor this data (sent in packets) to check whether they’re safe or not.

This is done by establishing whether the packets meet the rules that have been set up. Based on these rules, packets of data are accepted or rejected.

While most operating systems (desktop and mobile) feature a basic built-in firewall, the best results can usually be gained from using a dedicated firewall application, unless you know how to set up the built-in firewall properly and have the time to do so.

Firewall applications in security suites feature a host of automated tools that use whitelisting to check which of your applications should accept and reject data from the Internet — something that most users might find far too time consuming to do manually.

So it makes sense, now that it’s clear what a firewall is for, to have one installed and active. But just in case you’re still doubtful of the benefits…

Everyone who accesses the Internet needs a firewall of some kind. Without one, your computer will allow access to anyone who requests it and will open up your data to hackers more easily. The good news is that both Windows and Apple computers now come with built-in software firewalls (although the Mac’s firewall is turned off by default).

But businesses, especially those with multiple users or those that keep sensitive data, typically need firewalls that are more robust, more customizable, and offer better reporting than these consumer-grade alternatives.

Even a relatively small business engages in exponentially more interactions than an individual, with multiple users and workstations, and customers and suppliers. These days, most of those interactions are online and pose risks.

Not only are businesses exposed to riskier online interactions, the potential damage from each interaction is also greater. Businesses frequently keep everything from competitive bids and marketing plans to sensitive banking and customer data on their computers. When unprotected, the exposure is enormous.

Firewalls also allow computers outside of your network to securely connect to the servers that are inside your network. This is critical for employees who work remotely. It gives you the control to let the “good” connections in and keep the “bad” connections out.

Hardware firewalls must be compatible with your system and must be able to handle the throughput your business requires. They must be configured properly or they won’t work and can even stop your network from functioning entirely. You can use multiple hardware firewalls to take advantage of differing strengths and weaknesses.

Some industries (like medical and financial services) have specific regulatory requirements, so it’s important to consult your IT professional before choosing a firewall to make sure you’re not exposing your business to unnecessary liability.

It’s also important for you, or your IT service company, to constantly monitor the firewall to ensure it is up and working, as well as to ensure that it is regularly updated with security patches and virus definitions.

If you currently are not protected by a firewall or would like to inquire about an upgrade to your network infrastructure, please feel free to email (info@mytechexperts.com) or call (734-457-5000).

Who Should Be An Administrator On Your Network?

Luke Gruden is a help desk technician for Tech Experts.

In the world of computers, administrators have access to everything in Windows. Having administrator rights allows you to download anything, change any policy, and even change registry entries in Windows. An administrator has enough control over Windows to radically change how it works, even break Windows permanently.

So, who should be an administrator? The answer is different depending on the environment and work being done. In general, the administrator account should only be used by a person who is very experienced and knowledgeable in computers, like a professional IT tech. An inexperienced person with an administrator account could permanently damage the operating system or even destroy the computer itself on accident.

A user that has admin (administrator) rights, even without being in the core files, could still cause unintentional harm to the computer. This can happen because malicious files can be accidentally downloaded and ran and, when you run a program as an admin, you give that program the rights to change your computer inside and out. Malicious programs run by an admin can ruin entire networks of computers. This, sadly, has happened to many businesses.

Domain Networks

On a domain network where many computers are connected to a server, there should be a very small amount of administrators. Ideally, just one. The more people with admin rights, the more likely the wrong program ran by the wrong person can ruin an entire building of computers or an entire business. This is usually how cryptoware spreads.

For domain networks, only professional IT techs should be administrators. The risk is too great to have someone accidentally change a policy or spread an infection that can do irreversible damage to all the computers on the network.

Business Computers

A computer used for business should be treated with more security and care as to make sure no avoidable threats harm or compromise the device. Confidential data and work can be stolen if the wrong websites are visited or by downloading the wrong software on a business computer.

For a business computer user, you might want to consider using a normal account and only use the admin account in extreme situations where recovery needs to be done. If your IT tech has access to the admin account, they can make sure that only best practices and the proper programs are implemented on that profile.

Home Computers

Computers that are used for everyday activities that do not have confidential work data should still be choosy on who has admin access. Having children or teens freely exploring the Internet and downloading odd programs or messing with the internal settings of Windows could potentially cause serious issues.

Home computers should have an admin user with a solid knowledge of computers who will be wary of suspicious websites and programs. More inexperienced users should not run admin accounts.

Generally, the best rule of thumb for admin accounts is that they should be granted to people who can handle the responsibility. Those with less experience or less important needs should have accounts with limited access.

However, if a business or network is bigger, it’s even more important than the only people granted admin privileges are their professional IT team or those who have experience. The title of administrator should be looked as one with responsibility in doing what is best for a computer, a server, and a business network.

Mistakes To Avoid When Setting Up Your Small Business Network

Anthony Glover is Tech Expert’s network engineer.

Setting up your ideal network environment can be tricky. Here are a few things to avoid when setting up your network at your small business.

Lack of security on your network
Avoid this at all costs. A secure network is a happy network and, not to mention, a reliable one. This is especially needed if your business depends on confidentiality.

Lack of security leaves you vulnerable to hackers or curious individuals that could obtain information that could be vital to your business.

Ideally, a firewall is an essential choice when security is a factor in your networking environment.

Insecure wireless networking
A wireless connection is a convenient way for wireless devices such as printers, phones, laptops, or any other device that has wireless capability to connect to your network.

However, the convenience factor can turn problematic if left insecure.

When it comes to wireless networking as a security factor, always set a password on your SSID (such as WPSK or WPSK2). Your password should – at the very least – include a capital letter, numbers, and special characters such as “!”.

Poor network management
Poor network management is a much overlooked problem and can quickly become the worst thing that could happen to any small business network.

Good management of your networking equipment will keep your network secure. Poor management can lead to vulnerabilities in the network due to a lack of updates and a lack of securing ports, leading to possible intrusion from hackers.

Remember, all aspects of management are very important. This can include detailed and organized cabling, updating firewall firmware, updating servers and workstations, and securing ports on your server or end-user computers.

Network management – when done right – is ideal for your small business network and should be done by an IT professional such as Tech Experts.

Bad placement of Wi-Fi access points
Bad placement of a WAP can be a huge problem for wireless network signal performance. Poor signal strength can cause slow connections to both the Internet and your local area network and causes sluggish performance of your overall network.

It isn’t enough to simply choose the strongest WAP; it also needs to be placed where it can work properly.

To make sure you get the best performance out of it, it should be located in the center of the area you need to cover.

You should also keep in mind that the weakest signal points are directly below and above your WAP.

Cutting corners on speed
Buying a 10 mbps switch just because it’s on sale is a bad idea. Speed is your friend, especially when setting up your small business network.

A faster network will increase activity and save you time and money in the long run. 1 gbps equipment should be the ideal solution to not only transfer traffic faster, but access everything on your network faster.

We know networks aren’t easy as pie, which is why we always recommend having a professional IT team set up your office.

Cheaper isn’t better, especially when a poorly done set-up can cause large problems once you’re operating.

If you’re looking to set up a new building or relocate (or even redo your current office), give us a call at (734) 457-5000, or email at info@mytechexperts.com, to see what we can do for you.

Should Your Small Business Use A Domain Network?

Luke Gruden is a help desk technician for Tech Experts.

If you have 5 or more computers that are sharing files and are constantly being worked with, a domain network would be in your best interest.

A domain network using a server has many benefits to a work area, a work building, or even multiple buildings using VPN. The flexibility, security, and convenience of a domain is, in most companies, invaluable. Sign into your account from any computer that is a part of the domain and you no longer need to use only your personal computer to access files.

If something were to happen to your computer, you could just use another computer to sign into your account and continue working without much downtime. This is also a far more secure way for users to access other computers as they have to use their credentials and only have the permissions that their credentials provide, not those of the computer itself. As long as users are not sharing passwords, you can have every user accounted for, policies implemented, and control what they can and cannot access when it comes to Internet, files, and programs.

Secure file-sharing is an easy and basic function of a domain server with Active Directory, which all the computers connected to the domain have access to. If you wanted only certain users to have access to certain files, you can have folders set up that prevent unauthorized editing, but still could be read — or even not be seen at all.

Having 5+ workers able to access the same set of files to edit as needed is an amazing way to save time and improve project efficiency. Everyone can see the file as it is saved or changed and they can continue to edit records as necessary without ever having to go on the Internet or transfer the file. Just get on any computer on the domain and you have instant access to the files that you need without a second thought.

Active Directory is your IT department’s best friend when it comes to handling large or small groups of computers as IT can access the domain server to make adjustments to other computers without ever stopping the work flow.

Forgot your password? Your IT can very easily use the server and reset your password for you without having to go to your computer. Setting up a new computer that needs certain printers and drivers installed? IT can set up the server to push those standard programs and drivers without having to install each individual program. Need to set up a new user account? It’s created on the server and the user can be accessed on all computers. There are so many possibilities that open up when you have a server domain available for your workstations.

We have only scratched the surface of what’s possible with a domain server and the amount of time and effort it can save for everyone in the company. I believe every business that is looking to grow should have a domain server early on as it will be easier to set up and can evolve to your needs as your company grows.

If your company needs help setting up a domain network, you can count on Tech Experts to take care of it.

Maintaining Workstation Data Protection

Making sure your workstation’s data is backed up and ready for deployment in the case of workstation failure is vital to any business. Once the workstation has been replaced or repaired, it’s key your employees are able to pick up right where they left off. This means restoring their data as soon as possible.

Three of the more common methods of maintaining data protection on a workstation can be deployed on business networks, as well as home user environments.

Roaming profiles are the method most commonly used in larger businesses. A roaming profile stores user data on a file server or storage device located on the network. This allows the user full access to their data no matter which workstation they log into, as long as it‘s connected to the business’ network.

The roaming profile allows the user to have a consistent desktop experience, such as appearance and preferences.

The downsides to using roaming profiles are that they can be difficult to set up and if the user has a large amount of data contained within their user account, there can be a delay when logging in. User profile folder migration is a method in which the local user data folders are moved to a file server or a secondary hard drive. To migrate your user profile folders, you first need to create new folders located on the storage device, keeping the names similar for ease of use (such as My Documents, My Pictures, etc).

Once the new folders are created, you can change the location of your user profile folders to save to the new folders. After that, all of your data files will be copied to the new location and the original folder will be removed from your local profile.

If the workstation ever needs replaced, you would repeat the process on the new workstation and all of the existing data will be available. However, if you migrate folders to a network attached device and lose network connectivity, you also lose connectivity to your folders and their data.

Simple file storage is the simplest and most common form of data protection on a workstation. This method is accomplished through either hardware or software means, such as connecting an external storage device to the workstation or using a web based file backup such as our Experts Total Backup service.

Simple file storage method is the least costly, which is why it’s often utilized by small businesses and home users. Attaching an external storage device such as a large USB flash drive or hard drive to the workstation allows the user to save the data to the device.

This method is also a way of increasing storage capacity of the workstation without having to install internal hard drives. The drives can be left connected to the workstation or removed for safe storage. Using a web based file backup is another commonly used way of backing up your data files.

Once the backup software is installed and configured, the backup process becomes fully automated. The downside to web based backup is that it’s web-based – so data restore time is based on your Internet connection speed. It can take anywhere from a couple of hours to a couple of days to restore your data depending on the amount of data that was backed up.

If you have any questions on workstation data protection or would like to implement a backup method, call us at (734) 457-5000.

Top Seven Network Attack Types So Far In 2015

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

There’s no doubt that small businesses are under attack from hackers and cyber-criminals. Typically, small companies have less secure networks and looser security standards, making them easy targets.

The latest Threat Report from McAfee Labs details the types of attacks against small businesses. The chart shows the most common network attacks detected in Q1 2015.

Denial of service attacks – 37%
A denial of service (DOS) attack attempts to make a resource, such as a web server, unavailable to users. These attacks are very common, accounting for more than one-third of all network attacks reviewed in the report.

A common approach is to overload the resource with illegitimate requests for service. The resource cannot process the flood of requests and either slows or crashes. [Read more…]

Remote Employees And Network Connections

Scott Blake is a Senior Network Engineer with Tech Experts.

As businesses begin to downsize their ecological footprint, the need for remote or satellite employees grows. Business leaders and owners are now faced with the daunting question on how to allow remote employees access to their existing network without compromising network security.

One of the best ways to accomplish this is through the use of VPN.

VPNs allow secure access to business resources by creating encrypted pass-throughs via the Internet. The Internet, combined with present-day VPN technology, allows businesses a low cost and secure means to extend their networks to their remote employees.

The two most common methods in which to set up remote access are IPsec (IP Security) or SSL (Secure Sockets Layer). Both methods work well and both have their advantages depending on the needs and size of your business.

VPNs created using SSL technology provide remote-access connection from almost any Internet-enabled location or device using a web browser interface.

No special client software needs to be preinstalled on either device. This makes SSL VPNs a true “anytime, anywhere” connection to company-managed desktops.

There are two different SSL VPN connections to choose from: clientless and full network access.

Clientless requires no special software. All traffic is transmitted and delivered through a web browser.

There is no need to install or download any unique software to establish the connection. With clientless access, only web-enabled programs and apps are able to be accessed, such as email, network file servers and local intranet sites.

Even with such limited access to network resources, this style of connection is well-suited for most businesses.c868266_m

Additionally, because there is no need for special software to be supported by the IT department, businesses can cut down on managed overhead.

A full network access VPN allows access to almost any program, application, network server, and resource connected to your business network. Unlike clientless access, full network access connection is made through the use of VPN client software. Because the client access software is dynamically downloaded and updated, it requires little or no desktop support.

As with clientless access, you have the ability to customize each connection based on employee access privileges. If your remote employees require the full functionality of installed programs and applications as if they were sitting inside the office building, utilizing a full network VPN connection is the obvious choice.

IPsec based VPNs are the staple of remote-access connection technology. IPsec VPN connections are created by using installed VPN client software on the user’s workstation and connecting device.

Client software allows for greater customizability by modifying the VPN client software. Businesses are able to configure and maintain the appearance and function of the VPN client, which allows for easier implementation for connections with other desktops, kiosks, and other special need cases.

Many businesses find that IPsec connections meet their requirements for the users, but the advantages of self-updating desktop software, accessibility from non-company managed devices, and customizable user access make SSL VPNs a front runner for remote-access connections to your office.

If you have any questions or would like more information about how a VPN can help your company, you can reach Tech Experts at (734) 457-5000.

(Image Source: iCLIPART)

Network Security And The “People Problem”

Michael Menor is Vice President of Support Services for Tech Experts.

Security teams that focus on what is already happening and the layers of defense being breached are constantly in reactive mode.

Reviewing reams of data produced by technology – firewalls, network devices or servers – is not making organizations more secure. With this approach, the team fails to prevent breaches or respond in a sufficiently timely way.

Instead, the addition of more data and more complexity perversely prevents achieving the end result: protecting sensitive information.

The significant breaches of today are executed by people infiltrating the organization and attackers are doing this by assuming identities or abusing insider privileges.

There is a gap between the initial line of defense (the firewall) and the company’s last line of defense (the alerts received by the security team and their following analysis.)

Tracking user activity, especially connections between suspicious behaviors and privileged users, would allow organizations to close this gap.

True understanding of identity has the ability to cut through the overwhelming explosion of data that can render security organizations blind and unable to respond to real threats or even detect if they are under attack.
It is time to incorporate identity into the organization’s breach prevention strategy and overall security. We have to stop accepting a gap approach to security, which is usually focused on data and devices rather than people. In light of the budding perimeterless world, identity will increasingly be the primary factor that matters to the security team.

Identity data is pervasive, yet typically absent from the security world view. For security organizations, our corporate identity (the personal identity elements we bring to our corporate environment) and our behavior are aggregate details essential in building a picture of what is happening within – and beyond – the corporate perimeter.

business people iconsTogether, they offer deep context to inform the security team of the appropriate response to potential threats and real attacks.

The critical piece in this approach is the security organization’s ability and capacity to understand the full scope of identity: who the person really is behind any given device and whether they are behaving abnormally.

This is particularly helpful when identifying attackers that have managed to acquire privileged user credentials.

Identifying Normal Behavior
One way to reduce the scope is to focus on the highest risk identities first. If you accept that the greatest risk comes from people inside your organization that can access sensitive information – known as “privileged users”, which can also include non-human accounts that may have access – then the correct steps are as follows:

1) Reduce the number of privileged users/identities and accounts.

2) Limit the privileges any one user has to systems and applications necessary to do their job.

3) Integrate the identities of privileged users into security and risk monitoring to spot behavior that may indicate a breach.

Closing the Gap
As more and more of the computing environment breaks outside of the control of central IT organizations, spearheaded by the move towards BYOD (or Bring Your Own Device), the ability to recognize who a user actually is and what is normal for them becomes a foundational part of effective security monitoring.

Without such identity-powered security, security teams will continue to struggle to differentiate whether the events they are monitoring are worth a reaction and that hesitation allows attackers to execute more and more damaging data breaches.

Furthermore, security teams will continue to operate in reactive mode and fail to prevent breaches or respond in a sufficiently timely way.

If identity is a central component to security management, then security teams will be in a better position to understand the behavior of users and will spend far less time trying to identify the meaning behind the events they are seeing.

People will continue to be our biggest point of exposure and with a keen focus on user behavior and activity, we will be in a much better position to limit the impact of breaches.

(Image Source: iCLIPART)

Tips To Protect Your Business PC From Malware

Michael Menor is Vice President of Support Services for Tech Experts.

In today’s online world, technology users are essentially in a state of near-constant attack. Almost every day, there’s a new data breach in the news involving a well-known company and, quite often, fresh rules for protecting personal information are circulated.

Because of malware in email, phishing messages, and malicious websites with URLs that are one letter different from popular sites, employees need to maintain a high level of awareness and diligence to protect themselves and their organizations.

Phishing activities are especially pervasive, including attempts to steal users’ credentials or get them to install malicious software on their system. The astonishing success rate of phishing attacks makes them a favorite.

Why? More than 70% of people will follow the link to a phony website and, of those that followed the link, 30%-50% will routinely give up their usernames and passwords.

Many like to think of the network perimeter with all its firewalls and other fancy technologies as the front line in the cyber war, but the truth is there’s a whole other front.

Every single member of a company’s staff who uses email or the Internet is also on the front line and these people are generally considered a softer target than hardware or software. It’s simple: if the bad guys can get an employee to give up his or her user credentials or download some malware, they can likely waltz right past the technological controls, basically appearing as if they belong there.

When using a computer for personal functions, a user generally has to have the ability to install software and modify the system configurations. Typically, such administrative functions are not available to all users in a corporate environment.

c471994_mAs a result, even if an organization has made an effort to improve a system’s security, a user doing work on a personal computer has the ability to disable and circumvent protections and has the privileges to allow for the installation of malware.

As companies migrate toward a world of bring-your-own-device policies, some companies are developing strategies to help address these risks. But, as a rule, using a work computer for personal reasons or doing work on a personal computer (or tablet or smartphone) can significantly increase the threat level that an employer has to protect itself against.

To help their organization protect systems and data, employees need to implement some smart web browsing habits. Smart web browsing means engaging in the following activities:

Beware of downloads
Malware can be hidden, not just in applications or installation programs, but in what appear to be image and video files also. To limit the likelihood of downloading content that contains malware, only download from reputable sites. With sites that are not a household name, take the time to do a little research and see if other people have had issues.

Additionally, be sure that antivirus software is set up to automatically scan downloads. Or scan downloads manually, even when receiving them from name-brand sites, as it is not unheard of for infected files to make their way onto otherwise legitimate web sites.

This is especially true for file-sharing sites where the site owner cannot control every piece of content a user may place there.

Be wary of deceitful sites
Those running sites already breaking the law by illegally distributing copyrighted materials — like pirated music, movies or software — probably have no qualms about including malicious content in their downloads or stealing information.

Many popular web browsers today have built-in functionality that provides an alert when visiting a website that is known to be dangerous.

And if the browser doesn’t give a notice, the antivirus software may provide that function. Heed the alerts!

Employees need to protect their devices from online and in-person threats. Start by keeping the company’s system patched. Configure it to automatically apply updates or issue notifications when there are updates and then apply them as soon as possible. This doesn’t just apply to the operating system.

Keep all installed applications updated; sometimes this takes a little extra work.

Remember, the challenge of security is that the bad guy needs to find only one hole in a security system to get past it, so fix them all. Think of it as putting dead bolts on doors, but leaving the basement window wide open.

To that end, security professionals like to debate the usefulness of today’s antivirus software. And it’s true that malware continues to become more sophisticated and harder to detect. But it always amazes me how old some of the malware running around is. As a result, use antivirus software and keep it up-to-date.

Also, use a software firewall, either the Windows firewall or one provided in an antivirus package. This is especially true for laptops connected to public wireless access points at hotels or coffee shops, but it also applies to home systems. It just provides that extra layer of defense.

And finally, please, don’t ever give passwords to anyone. Be vigilant and question anything new, especially emails and forms in the web browser that request work credentials, no matter how nicely the request is made.

(Image Source: iCLIPART)