The Internet Of Things Can Poke Holes In Your Network

Mark Funchion is a network technician at Tech Experts.

Some business owners spend a lot of time protecting their network. After putting a firewall in place, configuring security settings, and setting up users with complex passwords (and possibly even 2FA), it’s easy to think that’s secure enough.

Now, having that solid foundation and framework is great. If you’ve done that, you’re definitely on the right track. But you still might leave yourself open to exploitation without even knowing it.

How does that happen? IoT – the Internet of Things.

You’ve secured your business network, but what about the smart watches, fitness trackers, connected speakers, thermostats, and every other device with a battery and a tiny signal? Every single one of those devices is a potential inroad to your network.

For example, a user’s watch connects to their cell phone, which is connected to your business’s Wi-Fi network. With no firewall on the watch, that creates a potential path into your network.

All of these devices require an IP address. In the past, forty people only needed fifty IP addresses to allow everyone to connect their one device to the network, including wiggle room for guests.

Now, every person has a laptop, cell phone, and some sort of accessory – each with its own IP address.

Each of these devices are transmitting a tiny amount of data, but that data and usage grows exponentially.

Plus, if you don’t have that wiggle room for extra connections, you’re more susceptible to a denial of service (DoS) attack, which is when cybercriminals overwhelm your network with traffic and bring it to a halt.

Your network needs to be able to handle an increase in traffic while also securing all that extra information that you do not have control over.

It is scary and overwhelming, but you can take steps to secure yourself without going too far.

The easy way is withholding access to anything that is not corporate-owned and approved. However, limiting all these devices can have a negative impact on your business and its operation.

Instead, take a measured approach. Make sure your firewall is up-to-date, and monitor who is trying to access your network. Limit that access to the smallest “allow” list you can without making it impossible to work.

For all the smart things like watches and thermostats, keep these IoT devices on a separate virtual network. Encourage and educate users to keep their devices up-to-date – and to use them responsibly while on the network.

Cyberattacks are always increasing and changing, and a strong defense makes a considerable impact when it comes to preventing huge losses in productivity, data, business reputation and funds.

Developers know this too, and that’s why it’s important that your devices – all of them, from servers and PCs to security cameras and thermostats – are all kept up-to-date. These updates help patch up holes in the firmware and software that can otherwise be exploited.

We’re big proponents of the “an ounce of prevention is worth a pound of cure” philosophy. If you need help closing up any gaps in your network security, Tech Experts can assist.

We can conduct a network survey, set policies and passwords, segment and restrict access to/from your network, and ensure the right people have the right access.

As cyberattacks against small businesses mount, the time to fortify your first line of defense is now, before it’s too late.

What’s The Difference Between Internet, Intranet, & Extranet?

The terms intranet, Internet, and extranet are often used interchangeably; however, there are some important differences between them. To better understand these differences, it is useful to look at the prefixes.

The prefix intra means within, inter means between, and extra means beyond. So how does this translate to online-based networks?

Basically, the Internet is an open entity that anyone in the world can access. It is open to everyone who has a working computer or device and appropriate Internet access.

An intranet is a private network that is typically limited to authorized users.

For example, most major organizations operate some form of intranet that only employees of the business can access and use. Intranets are usually employed to support a corporate culture and objectives and provide a platform on which employees can share information, communicate, collaborate, and network.

They are generally faster than the Internet because the information is stored on local network servers as opposed to being accessed from data centers throughout the world.

An extranet combines some elements of both the Internet and intranet. It is open to people both within and outside an organization; however, only people who have pre-arranged authorization can access it. An extranet is a restricted network that some, but not all, members of the public can access. A company may develop an extranet to create a mechanism by which it can connect with suppliers, customers, and other external agencies without making the content visible to the general public.

Network Security: What Does Your Firewall Do For You?

Jason Cooley is Support Services Manager for Tech Experts.

“Security.” It’s a word that we are all familiar with, but it can have many different meanings depending on context. Security to people nearing retirement age may mean financial security for their future.

At a large event like a concert, it could mean both security guards and the overall security of the event.

However, as time goes by, the word security has become increasingly related to the digital world.

Using the Internet to pay bills, access banking information, or even applying for loans is commonplace. We must be prepared to protect our identity and personal information.

Now, whether you are talking about your home or your business, network security starts with a firewall.

So what is a firewall?

A firewall, in terms of network security, can be a physical device that your incoming and outgoing data is routed through. It could also be a program on your device that can strengthen and supplement your devices’ security.

Both of these have different capabilities and purposes and can be used individually or together.

While there are different types, their essential function is the same. A firewall is put in place to allow or deny traffic, based on a set of security rules.

In a business setting where many staff members use a computer daily, a firewall can be put in place to block unwanted traffic.

A simple security rule to check for secure certificates can stop unwanted traffic easily.

Websites have security certificates, so when you access a page, your firewall can check the certificate. If the certificate is digitally signed and known as trusted, the firewall will allow traffic to proceed.

Search results can often display links of potentially harmful websites.

A firewall adds a layer of security making sure your employees don’t accidently find themselves on a website that could compromise your network.

This same principle works for home networks and can allow you to set some security rules. These rules can be put in place to help keep Internet usage safe, especially with children around the house. A firewall can also block certain content.

In an office setting, you could turn off access to social media to stop staff from accessing sites that aren’t needed to complete work.

It can block certain search engines and even limit the use of unsecure versions of websites.

At home, you can block content from websites you don’t want your family to have access to.

There is also the option of having active network times. You can have your Wi-Fi network only active during business hours, keep your kids off their devices at bedtime, or limit access to certain days.

There are many other things that your firewall can do to help keep your network safe.

Keeping your network secure has the potential to save you thousands of dollars, depending on the number of devices and your dependency on those devices.

Safety and security always has a high value to you. It can also help you rest easier knowing that either your business, or your family, is a little bit safer.

Do I Really Need A Firewall For My Business?

Ron Cochran is a senior help desk technician for Tech Experts.

Before we answer that, let’s look at what a firewall actually is. No, no actual flames of any kind are involved whatsoever.

A firewall is a barrier or “shield” intended to protect your PC, tablet, or phone from the data-based malware dangers that exist on the Internet. Data is exchanged between your computer and servers and routers in cyberspace, and firewalls monitor this data (sent in packets) to check whether they’re safe or not.

This is done by establishing whether the packets meet the rules that have been set up. Based on these rules, packets of data are accepted or rejected.

While most operating systems (desktop and mobile) feature a basic built-in firewall, the best results can usually be gained from using a dedicated firewall application, unless you know how to set up the built-in firewall properly and have the time to do so.

Firewall applications in security suites feature a host of automated tools that use whitelisting to check which of your applications should accept and reject data from the Internet — something that most users might find far too time consuming to do manually.

So it makes sense, now that it’s clear what a firewall is for, to have one installed and active. But just in case you’re still doubtful of the benefits…

Everyone who accesses the Internet needs a firewall of some kind. Without one, your computer will allow access to anyone who requests it and will open up your data to hackers more easily. The good news is that both Windows and Apple computers now come with built-in software firewalls (although the Mac’s firewall is turned off by default).

But businesses, especially those with multiple users or those that keep sensitive data, typically need firewalls that are more robust, more customizable, and offer better reporting than these consumer-grade alternatives.

Even a relatively small business engages in exponentially more interactions than an individual, with multiple users and workstations, and customers and suppliers. These days, most of those interactions are online and pose risks.

Not only are businesses exposed to riskier online interactions, the potential damage from each interaction is also greater. Businesses frequently keep everything from competitive bids and marketing plans to sensitive banking and customer data on their computers. When unprotected, the exposure is enormous.

Firewalls also allow computers outside of your network to securely connect to the servers that are inside your network. This is critical for employees who work remotely. It gives you the control to let the “good” connections in and keep the “bad” connections out.

Hardware firewalls must be compatible with your system and must be able to handle the throughput your business requires. They must be configured properly or they won’t work and can even stop your network from functioning entirely. You can use multiple hardware firewalls to take advantage of differing strengths and weaknesses.

Some industries (like medical and financial services) have specific regulatory requirements, so it’s important to consult your IT professional before choosing a firewall to make sure you’re not exposing your business to unnecessary liability.

It’s also important for you, or your IT service company, to constantly monitor the firewall to ensure it is up and working, as well as to ensure that it is regularly updated with security patches and virus definitions.

If you currently are not protected by a firewall or would like to inquire about an upgrade to your network infrastructure, please feel free to email (info@mytechexperts.com) or call (734-457-5000).

Who Should Be An Administrator On Your Network?

Luke Gruden is a help desk technician for Tech Experts.

In the world of computers, administrators have access to everything in Windows. Having administrator rights allows you to download anything, change any policy, and even change registry entries in Windows. An administrator has enough control over Windows to radically change how it works, even break Windows permanently.

So, who should be an administrator? The answer is different depending on the environment and work being done. In general, the administrator account should only be used by a person who is very experienced and knowledgeable in computers, like a professional IT tech. An inexperienced person with an administrator account could permanently damage the operating system or even destroy the computer itself on accident.

A user that has admin (administrator) rights, even without being in the core files, could still cause unintentional harm to the computer. This can happen because malicious files can be accidentally downloaded and ran and, when you run a program as an admin, you give that program the rights to change your computer inside and out. Malicious programs run by an admin can ruin entire networks of computers. This, sadly, has happened to many businesses.

Domain Networks

On a domain network where many computers are connected to a server, there should be a very small amount of administrators. Ideally, just one. The more people with admin rights, the more likely the wrong program ran by the wrong person can ruin an entire building of computers or an entire business. This is usually how cryptoware spreads.

For domain networks, only professional IT techs should be administrators. The risk is too great to have someone accidentally change a policy or spread an infection that can do irreversible damage to all the computers on the network.

Business Computers

A computer used for business should be treated with more security and care as to make sure no avoidable threats harm or compromise the device. Confidential data and work can be stolen if the wrong websites are visited or by downloading the wrong software on a business computer.

For a business computer user, you might want to consider using a normal account and only use the admin account in extreme situations where recovery needs to be done. If your IT tech has access to the admin account, they can make sure that only best practices and the proper programs are implemented on that profile.

Home Computers

Computers that are used for everyday activities that do not have confidential work data should still be choosy on who has admin access. Having children or teens freely exploring the Internet and downloading odd programs or messing with the internal settings of Windows could potentially cause serious issues.

Home computers should have an admin user with a solid knowledge of computers who will be wary of suspicious websites and programs. More inexperienced users should not run admin accounts.

Generally, the best rule of thumb for admin accounts is that they should be granted to people who can handle the responsibility. Those with less experience or less important needs should have accounts with limited access.

However, if a business or network is bigger, it’s even more important than the only people granted admin privileges are their professional IT team or those who have experience. The title of administrator should be looked as one with responsibility in doing what is best for a computer, a server, and a business network.

Mistakes To Avoid When Setting Up Your Small Business Network

Anthony Glover is Tech Expert’s network engineer.

Setting up your ideal network environment can be tricky. Here are a few things to avoid when setting up your network at your small business.

Lack of security on your network
Avoid this at all costs. A secure network is a happy network and, not to mention, a reliable one. This is especially needed if your business depends on confidentiality.

Lack of security leaves you vulnerable to hackers or curious individuals that could obtain information that could be vital to your business.

Ideally, a firewall is an essential choice when security is a factor in your networking environment.

Insecure wireless networking
A wireless connection is a convenient way for wireless devices such as printers, phones, laptops, or any other device that has wireless capability to connect to your network.

However, the convenience factor can turn problematic if left insecure.

When it comes to wireless networking as a security factor, always set a password on your SSID (such as WPSK or WPSK2). Your password should – at the very least – include a capital letter, numbers, and special characters such as “!”.

Poor network management
Poor network management is a much overlooked problem and can quickly become the worst thing that could happen to any small business network.

Good management of your networking equipment will keep your network secure. Poor management can lead to vulnerabilities in the network due to a lack of updates and a lack of securing ports, leading to possible intrusion from hackers.

Remember, all aspects of management are very important. This can include detailed and organized cabling, updating firewall firmware, updating servers and workstations, and securing ports on your server or end-user computers.

Network management – when done right – is ideal for your small business network and should be done by an IT professional such as Tech Experts.

Bad placement of Wi-Fi access points
Bad placement of a WAP can be a huge problem for wireless network signal performance. Poor signal strength can cause slow connections to both the Internet and your local area network and causes sluggish performance of your overall network.

It isn’t enough to simply choose the strongest WAP; it also needs to be placed where it can work properly.

To make sure you get the best performance out of it, it should be located in the center of the area you need to cover.

You should also keep in mind that the weakest signal points are directly below and above your WAP.

Cutting corners on speed
Buying a 10 mbps switch just because it’s on sale is a bad idea. Speed is your friend, especially when setting up your small business network.

A faster network will increase activity and save you time and money in the long run. 1 gbps equipment should be the ideal solution to not only transfer traffic faster, but access everything on your network faster.

We know networks aren’t easy as pie, which is why we always recommend having a professional IT team set up your office.

Cheaper isn’t better, especially when a poorly done set-up can cause large problems once you’re operating.

If you’re looking to set up a new building or relocate (or even redo your current office), give us a call at (734) 457-5000, or email at info@mytechexperts.com, to see what we can do for you.

Should Your Small Business Use A Domain Network?

Luke Gruden is a help desk technician for Tech Experts.

If you have 5 or more computers that are sharing files and are constantly being worked with, a domain network would be in your best interest.

A domain network using a server has many benefits to a work area, a work building, or even multiple buildings using VPN. The flexibility, security, and convenience of a domain is, in most companies, invaluable. Sign into your account from any computer that is a part of the domain and you no longer need to use only your personal computer to access files.

If something were to happen to your computer, you could just use another computer to sign into your account and continue working without much downtime. This is also a far more secure way for users to access other computers as they have to use their credentials and only have the permissions that their credentials provide, not those of the computer itself. As long as users are not sharing passwords, you can have every user accounted for, policies implemented, and control what they can and cannot access when it comes to Internet, files, and programs.

Secure file-sharing is an easy and basic function of a domain server with Active Directory, which all the computers connected to the domain have access to. If you wanted only certain users to have access to certain files, you can have folders set up that prevent unauthorized editing, but still could be read — or even not be seen at all.

Having 5+ workers able to access the same set of files to edit as needed is an amazing way to save time and improve project efficiency. Everyone can see the file as it is saved or changed and they can continue to edit records as necessary without ever having to go on the Internet or transfer the file. Just get on any computer on the domain and you have instant access to the files that you need without a second thought.

Active Directory is your IT department’s best friend when it comes to handling large or small groups of computers as IT can access the domain server to make adjustments to other computers without ever stopping the work flow.

Forgot your password? Your IT can very easily use the server and reset your password for you without having to go to your computer. Setting up a new computer that needs certain printers and drivers installed? IT can set up the server to push those standard programs and drivers without having to install each individual program. Need to set up a new user account? It’s created on the server and the user can be accessed on all computers. There are so many possibilities that open up when you have a server domain available for your workstations.

We have only scratched the surface of what’s possible with a domain server and the amount of time and effort it can save for everyone in the company. I believe every business that is looking to grow should have a domain server early on as it will be easier to set up and can evolve to your needs as your company grows.

If your company needs help setting up a domain network, you can count on Tech Experts to take care of it.

Maintaining Workstation Data Protection

Making sure your workstation’s data is backed up and ready for deployment in the case of workstation failure is vital to any business. Once the workstation has been replaced or repaired, it’s key your employees are able to pick up right where they left off. This means restoring their data as soon as possible.

Three of the more common methods of maintaining data protection on a workstation can be deployed on business networks, as well as home user environments.

Roaming profiles are the method most commonly used in larger businesses. A roaming profile stores user data on a file server or storage device located on the network. This allows the user full access to their data no matter which workstation they log into, as long as it‘s connected to the business’ network.

The roaming profile allows the user to have a consistent desktop experience, such as appearance and preferences.

The downsides to using roaming profiles are that they can be difficult to set up and if the user has a large amount of data contained within their user account, there can be a delay when logging in. User profile folder migration is a method in which the local user data folders are moved to a file server or a secondary hard drive. To migrate your user profile folders, you first need to create new folders located on the storage device, keeping the names similar for ease of use (such as My Documents, My Pictures, etc).

Once the new folders are created, you can change the location of your user profile folders to save to the new folders. After that, all of your data files will be copied to the new location and the original folder will be removed from your local profile.

If the workstation ever needs replaced, you would repeat the process on the new workstation and all of the existing data will be available. However, if you migrate folders to a network attached device and lose network connectivity, you also lose connectivity to your folders and their data.

Simple file storage is the simplest and most common form of data protection on a workstation. This method is accomplished through either hardware or software means, such as connecting an external storage device to the workstation or using a web based file backup such as our Experts Total Backup service.

Simple file storage method is the least costly, which is why it’s often utilized by small businesses and home users. Attaching an external storage device such as a large USB flash drive or hard drive to the workstation allows the user to save the data to the device.

This method is also a way of increasing storage capacity of the workstation without having to install internal hard drives. The drives can be left connected to the workstation or removed for safe storage. Using a web based file backup is another commonly used way of backing up your data files.

Once the backup software is installed and configured, the backup process becomes fully automated. The downside to web based backup is that it’s web-based – so data restore time is based on your Internet connection speed. It can take anywhere from a couple of hours to a couple of days to restore your data depending on the amount of data that was backed up.

If you have any questions on workstation data protection or would like to implement a backup method, call us at (734) 457-5000.

Top Seven Network Attack Types So Far In 2015

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

There’s no doubt that small businesses are under attack from hackers and cyber-criminals. Typically, small companies have less secure networks and looser security standards, making them easy targets.

The latest Threat Report from McAfee Labs details the types of attacks against small businesses. The chart shows the most common network attacks detected in Q1 2015.

Denial of service attacks – 37%
A denial of service (DOS) attack attempts to make a resource, such as a web server, unavailable to users. These attacks are very common, accounting for more than one-third of all network attacks reviewed in the report.

A common approach is to overload the resource with illegitimate requests for service. The resource cannot process the flood of requests and either slows or crashes. [Read more…]

Remote Employees And Network Connections

Scott Blake is a Senior Network Engineer with Tech Experts.

As businesses begin to downsize their ecological footprint, the need for remote or satellite employees grows. Business leaders and owners are now faced with the daunting question on how to allow remote employees access to their existing network without compromising network security.

One of the best ways to accomplish this is through the use of VPN.

VPNs allow secure access to business resources by creating encrypted pass-throughs via the Internet. The Internet, combined with present-day VPN technology, allows businesses a low cost and secure means to extend their networks to their remote employees.

The two most common methods in which to set up remote access are IPsec (IP Security) or SSL (Secure Sockets Layer). Both methods work well and both have their advantages depending on the needs and size of your business.

VPNs created using SSL technology provide remote-access connection from almost any Internet-enabled location or device using a web browser interface.

No special client software needs to be preinstalled on either device. This makes SSL VPNs a true “anytime, anywhere” connection to company-managed desktops.

There are two different SSL VPN connections to choose from: clientless and full network access.

Clientless requires no special software. All traffic is transmitted and delivered through a web browser.

There is no need to install or download any unique software to establish the connection. With clientless access, only web-enabled programs and apps are able to be accessed, such as email, network file servers and local intranet sites.

Even with such limited access to network resources, this style of connection is well-suited for most businesses.c868266_m

Additionally, because there is no need for special software to be supported by the IT department, businesses can cut down on managed overhead.

A full network access VPN allows access to almost any program, application, network server, and resource connected to your business network. Unlike clientless access, full network access connection is made through the use of VPN client software. Because the client access software is dynamically downloaded and updated, it requires little or no desktop support.

As with clientless access, you have the ability to customize each connection based on employee access privileges. If your remote employees require the full functionality of installed programs and applications as if they were sitting inside the office building, utilizing a full network VPN connection is the obvious choice.

IPsec based VPNs are the staple of remote-access connection technology. IPsec VPN connections are created by using installed VPN client software on the user’s workstation and connecting device.

Client software allows for greater customizability by modifying the VPN client software. Businesses are able to configure and maintain the appearance and function of the VPN client, which allows for easier implementation for connections with other desktops, kiosks, and other special need cases.

Many businesses find that IPsec connections meet their requirements for the users, but the advantages of self-updating desktop software, accessibility from non-company managed devices, and customizable user access make SSL VPNs a front runner for remote-access connections to your office.

If you have any questions or would like more information about how a VPN can help your company, you can reach Tech Experts at (734) 457-5000.

(Image Source: iCLIPART)