Who Should Be An Administrator On Your Network?

Luke Gruden is a help desk technician for Tech Experts.

In the world of computers, administrators have access to everything in Windows. Having administrator rights allows you to download anything, change any policy, and even change registry entries in Windows. An administrator has enough control over Windows to radically change how it works, even break Windows permanently.

So, who should be an administrator? The answer is different depending on the environment and work being done. In general, the administrator account should only be used by a person who is very experienced and knowledgeable in computers, like a professional IT tech. An inexperienced person with an administrator account could permanently damage the operating system or even destroy the computer itself on accident.

A user that has admin (administrator) rights, even without being in the core files, could still cause unintentional harm to the computer. This can happen because malicious files can be accidentally downloaded and ran and, when you run a program as an admin, you give that program the rights to change your computer inside and out. Malicious programs run by an admin can ruin entire networks of computers. This, sadly, has happened to many businesses.

Domain Networks

On a domain network where many computers are connected to a server, there should be a very small amount of administrators. Ideally, just one. The more people with admin rights, the more likely the wrong program ran by the wrong person can ruin an entire building of computers or an entire business. This is usually how cryptoware spreads.

For domain networks, only professional IT techs should be administrators. The risk is too great to have someone accidentally change a policy or spread an infection that can do irreversible damage to all the computers on the network.

Business Computers

A computer used for business should be treated with more security and care as to make sure no avoidable threats harm or compromise the device. Confidential data and work can be stolen if the wrong websites are visited or by downloading the wrong software on a business computer.

For a business computer user, you might want to consider using a normal account and only use the admin account in extreme situations where recovery needs to be done. If your IT tech has access to the admin account, they can make sure that only best practices and the proper programs are implemented on that profile.

Home Computers

Computers that are used for everyday activities that do not have confidential work data should still be choosy on who has admin access. Having children or teens freely exploring the Internet and downloading odd programs or messing with the internal settings of Windows could potentially cause serious issues.

Home computers should have an admin user with a solid knowledge of computers who will be wary of suspicious websites and programs. More inexperienced users should not run admin accounts.

Generally, the best rule of thumb for admin accounts is that they should be granted to people who can handle the responsibility. Those with less experience or less important needs should have accounts with limited access.

However, if a business or network is bigger, it’s even more important than the only people granted admin privileges are their professional IT team or those who have experience. The title of administrator should be looked as one with responsibility in doing what is best for a computer, a server, and a business network.

Network Security And The “People Problem”

Michael Menor is Vice President of Support Services for Tech Experts.

Security teams that focus on what is already happening and the layers of defense being breached are constantly in reactive mode.

Reviewing reams of data produced by technology – firewalls, network devices or servers – is not making organizations more secure. With this approach, the team fails to prevent breaches or respond in a sufficiently timely way.

Instead, the addition of more data and more complexity perversely prevents achieving the end result: protecting sensitive information.

The significant breaches of today are executed by people infiltrating the organization and attackers are doing this by assuming identities or abusing insider privileges.

There is a gap between the initial line of defense (the firewall) and the company’s last line of defense (the alerts received by the security team and their following analysis.)

Tracking user activity, especially connections between suspicious behaviors and privileged users, would allow organizations to close this gap.

True understanding of identity has the ability to cut through the overwhelming explosion of data that can render security organizations blind and unable to respond to real threats or even detect if they are under attack.
It is time to incorporate identity into the organization’s breach prevention strategy and overall security. We have to stop accepting a gap approach to security, which is usually focused on data and devices rather than people. In light of the budding perimeterless world, identity will increasingly be the primary factor that matters to the security team.

Identity data is pervasive, yet typically absent from the security world view. For security organizations, our corporate identity (the personal identity elements we bring to our corporate environment) and our behavior are aggregate details essential in building a picture of what is happening within – and beyond – the corporate perimeter.

business people iconsTogether, they offer deep context to inform the security team of the appropriate response to potential threats and real attacks.

The critical piece in this approach is the security organization’s ability and capacity to understand the full scope of identity: who the person really is behind any given device and whether they are behaving abnormally.

This is particularly helpful when identifying attackers that have managed to acquire privileged user credentials.

Identifying Normal Behavior
One way to reduce the scope is to focus on the highest risk identities first. If you accept that the greatest risk comes from people inside your organization that can access sensitive information – known as “privileged users”, which can also include non-human accounts that may have access – then the correct steps are as follows:

1) Reduce the number of privileged users/identities and accounts.

2) Limit the privileges any one user has to systems and applications necessary to do their job.

3) Integrate the identities of privileged users into security and risk monitoring to spot behavior that may indicate a breach.

Closing the Gap
As more and more of the computing environment breaks outside of the control of central IT organizations, spearheaded by the move towards BYOD (or Bring Your Own Device), the ability to recognize who a user actually is and what is normal for them becomes a foundational part of effective security monitoring.

Without such identity-powered security, security teams will continue to struggle to differentiate whether the events they are monitoring are worth a reaction and that hesitation allows attackers to execute more and more damaging data breaches.

Furthermore, security teams will continue to operate in reactive mode and fail to prevent breaches or respond in a sufficiently timely way.

If identity is a central component to security management, then security teams will be in a better position to understand the behavior of users and will spend far less time trying to identify the meaning behind the events they are seeing.

People will continue to be our biggest point of exposure and with a keen focus on user behavior and activity, we will be in a much better position to limit the impact of breaches.

(Image Source: iCLIPART)

Seven Smart Tips To Secure Your Business Network

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Hackers are constantly on the lookout for digital data they can use to make a profit, either by stealing money electronically or by selling the information to third parties.

Therefore, it is important to protect your precious data; here are seven tips to get you started:

Policies
Your staff is the front line of defense against hackers. Human error is one of the leading causes of data security breaches, so you need to have policies in place to ensure your employees are promoting the security of your network while working.

Strong passwords
People generally opt for simple easy-to-remember passwords that hackers can easily crack.

A simple “dictionary attack” (using an automated tool that uses a combination of dictionary words and numbers to crack passwords), is sufficient to uncover many passwords.

On the other hand, coming up with a complicated password and saving it to your computer as opposed to writing it down is a simple but very effective way to prevent hacks.

Multi-factor authentication
It is highly advisable to establish multiple layers of technology dedicated to security that you would apply to all your devices, including desktops, mobile devices, file servers, mail servers and network end points.

Multiple security blocks hacking attacks and alerts you to any problems beforehand so you can take the appropriate measures.

Data encryption
Encryption is yet another great security tool that you can use to protect your data. For instance, if your hard disk is stolen or your USB drive is lost, anyone trying to access your data would be unable to read it if it is encrypted.

Backupicon with gold lock
Security makes up half of your data protection, while a proper backup strategy makes up for the other half.
Even with great security, you need to be able to recover your data if you have a failure. Back up often, and remember to test the backup regularly.

Audit
You need to identify the vulnerable areas of your network or which data needs to be protected.

Your entire IT infrastructure, including your computers, mobile devices and network should be audited by a professional IT specialist to determine the appropriate steps to prevent hackers from accessing your data.

Managed services
Managed services are an alternative and highly-effective approach for achieving the best possible security, including backup and recovery.

Many small businesses are unable to adequately meet the daunting and expensive task of securing their data.

With a managed-service provider specialized in data security, you get the benefit of professional services and skills without having to hire an in-house security expert, thus cutting on costs. In addition, you get access to the latest security technology and support professionals.

(Image Source: iCLIPART)

How You Can Benefit From An Annual Security Assessment

by Jeremy Miller, Technician
Most companies have an IT service provider or an IT department to take care of all of the IT needs of the company.

These technicians can easily address any issues that arise. Most issues are not addressed until they become known and are reported to the IT service provider either from the person having the issue or monitoring software they have installed.

It is best to have your IT service provider run an assessment once or even better twice a year.

This can make you and your IT provider aware of any security issues that are not easily monitored or would cost too much to monitor.

A security audit can be implemented for a number of reasons.

Some organizations are required to have them if the information they are using needs to be secure based on a compliance standard such as HIPPA or PCI.

Every day new vulnerabilities are discovered and it is too time consuming to test every device on every network for each security risk that is discovered as they are discovered.

This is where the security audit shines; it can be used to check for any known vulnerability on every device on your network.
Even with all of the security software commonly installed on all business computers such as anti-virus, service checks, and patch management there can still be security risks running behind the scenes that can be detrimental to your company.

A security assessment can let you know if any software is using an insecure port to an employee’s malicious actions.

It can show you if an application is using more bandwidth than it should, which may be causing other issues on your network.

Security assessments are the best tools to test for data leakage. Data loss is every businesses problem. Significant data loss causes a business to fail almost 70% of the time.

There are other times beside annually that it is good to get a security assessment. It would be best to get them before and after changing IT providers.

It is good to get one after any large installation or migration. This can be a business application, hardware such as new computers or a new server or even a physical migration such as moving to a new location or building an addition.

Security assessments are increased in effectiveness when you run a baseline security assessment. A baseline security assessment is when you run an assessment before you do any changes to your current IT setup.

This will let you know where you are before any changes are made. You can then have a comparison to verify that your security is improving.

A baseline security assessment will also let you know what vulnerabilities you need to address. Some of these vulnerability issues can be quite costly to repair and are great to plan for.

The sooner you get an assessment the sooner you will be able to make informed decisions based on your actual network risks security requirements.

Everyone’s security needs are different; we can assist you with any questions or concerns that you may have about security assessments.

Free Antivirus Software: No Bargain

Free antivirus software may seem like a bargain, but it’s not. In this tough economy, getting something for free is always a good thing, right? Short answer: It depends on your tolerance for risk.

Here are some issues to consider before you delay an investment in network protection and use “freeware” instead. First, free antivirus software doesn’t provide the comprehensive protection you need against today’s biggest online threats. So when you trust your computer, applications, files and identity to free AV software, it can end up costing you more in time, aggravation, and money than you ever imagined.

Most free antivirus software is really just bait that some software companies use to lure you in. It’s usually a “light” version of one of their paid products that offers only limited protection against today’s online threats.

After you install most free antivirus software, you can expect to be hit with a barrage of annoying, time-wasting pop-up alerts telling you that it only provides basic” protection. Then you’ll receive recommendations to switch to one of the software maker’s paid security products for “complete” protection.

Another point to keep in mind: Experts agree that today’s biggest online threats come in forms that free antivirus software doesn’t stop. Threats such as rootkits, bots, keyloggers, hackers, phishing scams, and infected websites breeze right past most free antivirus software.

These threats can pose an even bigger danger than viruses, not only to your computer and files, but to your bank account as well. They can lead to a hard drive crash, system failure, or worse, identity theft. Also, free antivirus software is generally reactive. That means it only deals with threats after they’ve attacked and had an opportunity to do damage to your computer and files.

When you build your own security suite using standalone free security software, compatibility issues can cause conflicting alerts and even hard drive crashes. That’s even more time wasted – and a whole load of aggravation you don’t need.

So what’s the bottom line? Free antivirus software simply doesn’t provide the comprehensive protection you need in today’s online world. When you add up the various costs listed above, free antivirus software isn’t free at all.

Industry Standard Security Best Practices

Network security is a must in any network, but when it comes to a business network, there are a number of security standards and best practices that ensure you have control over your network.

Businesses in certain industries secure. Many different companies require different security standards; one organization for instance is the PCI (Payment Card Industry). The payment card industry has very a strict network security standard.

The below practices are fairly strict and will offer you a great deal of control and protection against data theft and network intrusion.

Modem
We will start from the outside edge of your connection of your network and work our way in from your modem on into client workstations.

The modem is probably the simplest device on the network – you can’t really secure it (beyond performing regular updates), but some ISP’s feature a built in firewall in the modem. This can be turned on or off to work in conjunction with your company’s firewall.

Firewall
The next item to take a look at is your router/firewall. Generally you would have a router that offers several ports you can connect to via a direct Ethernet connection as well as WiFi access.

This firewall will add another layer of protection for when your network connects to the Internet. When configured properly, you would block all unauthorized network connections. As far as protecting the WiFi goes you are best to enable MAC filtering.

Each piece of network hardware has a unique identifying numerical code, called a MAC address. Filtering by MAC lets you set up WiFi so that only devices you explicitly define are allowed to connect to your network.

Once you have MAC filtering in place, you can also encrypt network traffic and use a long secure password. Since the clients on the network will not need to type this password in all the time, it is best to make a complex password containing both capital and lower case letters, numbers, and symbols.

Another option to further increase security when it comes to WiFi connections is to set the access point to not broadcast it’s SSID. This will make it look to the normal person as if there is no wireless connection available.

Server
There are a lot of features that can be enabled at the server to further improve network security. The first item to review is the group policy. Group policy is part of the server operating systems that allows you to centrally manage what your client workstations have access to and how.

Group policies can be created to allow or deny access to various locations on your users’ desktops. You can get as granular as defining a group policy that sets standards on user passwords.

By default, Windows Server 2008’s password policy requires users to have passwords with a minimum of 6 characters and meet certain complexity requirements.

While these settings are the defaults, generally 8-10 characters is recommended as well as mixing upper and lower case letters, numbers, and special symbols. An example of a complex password might be @fF1n!ty (Affinity). This password would meet all complexity requirements and is fairly easy to remember. Passwords should also be forced to reset every so many days. A good time period is roughly 30 days.

One other possible option is to have firewall software installed on the server itself to regulate traffic in and out of the server.

The nice thing about having a firewall on the server itself is that you have the ability to log failed connections to the server itself as well as what that connections is and where it was coming from.

This feature alone gives you a lot more control over the network. For example if you noticed in the firewall logs on the server that a connection you didn’t want getting through was making it to the server you can go back and edit policies on the router/firewall to attempt to further lock down your network from that point as well as blocking it at the server.

One final quick thought on server security is physical security.

Generally it is a good practice to have the server physically locked in a room that only specific people have access to. If you really wanted more control as well you can have the server locked using a system that logs who comes in and out of a room via a digital keypad and their own passwords.

When it comes to your workstations, employees should only be logging into the workstation via their domain login and not using the local admin login.

This will allow you to centrally control via group policy what they can access like stated above. You can also configure roaming profiles so that if someone was to steal a physical workstation they would not have access to any company information as it would all be stored on the server and not that workstation – which is another great reason to have your server locked up.

Employee logins to workstations should also have account lockout policies in place so that if a user attempts to login too many times with an incorrect password, the server would lock them out on that workstation for a time period set by the administrator. One other item you could have in place for various employees is specific time periods their credentials will allow them to log into the systems.

One final step in network security is having good antivirus software installed on your workstations and your server. A compromised machine can be giving your passwords and information away to hackers making it possible for them to waltz right into your network undetected.

You are best protected by having as many of the above security steps configured and working properly on your network.

Determine what your network needs, evaluate the practice after it has been in place for a month and make the proper adjustments to ensure your network is safe. You should also preform regular security audits.

If you would like to see how secure or unsecure your network is give us a call and we can perform a network security audit for you and let you know where you stand!

Featured Article Written By:
Tech Experts

Almost Every Small Business Can Expect To Get Hacked

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Juniper Networks recently commissioned a study on small and medium company network security.

The startling result: Over 90% of US companies reported at least one security breach in the last year, with more than half indicating they experienced two or more significant security problems with their networks.

There’s a misconception among a lot of small business owners that they’re safe from cyber attacks, because small companies offer a smaller payback for hacking efforts.

Small business network security is usually lax

The reality is, security policies and procedures at small companies usually make them an easy and simple target for hackers.

While the payout isn’t as large as hacking TJ Maxx, invading a small business’ network usually takes a lot less effort, and the business lacks a sophisticated response system.

Why is hacking so easy?

A new technique, called spear phishing, let’s hackers target a small group of previously identified people. Sometimes, the attack goes after just a handful of people who work at the same company.

Spear phishing does away with the need for hackers to gain access to your passwords. As more companies start to use social media sites such as FaceBook and Twitter, hackers using spear phishing are finding it easier to “trick” unsuspecting employees into installing crimeware on their company computers. This crimeware let’s the criminals access the computer system directly. Once they have access to one machine on your network, it’s easy to connect to the others.

Recent attacks have highlighted the growing need for companies to implement network security controls to catch the bulk of socially engineered spear phishing attacks.

They also need to take measures to quickly detect and contain security breaches.

The first thing you’ll want to do to protect your business is implement a strong firewall (see Frank’s article on page two) that lets you assign security restrictions for users based on the content of websites, and even keywords that might be potentially dangerous.

The next thing to look at is your company’s acceptable use policy. This can be as simple as a few pages added to your employee handbook that outlines what is and isn’t acceptable behavior on your network.

The final thing to examine is your backup and disaster recovery plan. The hacker’s aren’t giving up, which means it’s time to plan for what comes after a security breach.

Firewalls: What Do They Do And Why Should You Have One?

Firewalls are network security devices that protect your internal network (your servers and PCs) from your external network (the Internet).

We’ve put together a basic guide to firewalls – what they are, when you should have one, and why.

What is a firewall?
A firewall is simply a border between the device and the firewall software is installed and running on (and devices on the LAN side of the firewall) and any other devices on the outside of it.

For example, there are many different kinds of firewalls. Windows firewall gives you very basic features, and is built into Windows.

This firewall is designed to block unwanted access to the computer itself and is not designed to protect the rest of the devices on a network.

Another form a firewall can take is a separate device all together.

Having a device that specifically functions as a firewall gives more control over what the firewall can be used to protect.

For example it is possible to buy a firewall appliance that can be attached to the perimeter of your network and block specific connections to your LAN.

When is it a good time to look into using a firewall?
On most Windows based computers Windows firewall is generally on by default so most people already run a firewall on their computers without even knowing it.

That being said, Windows firewall does not give you anywhere near the control or protection of a dedicated firewall product.

If your business requires very strict security and data compliance, or you intend to store highly confidential information (an example would be client credit card numbers), it may be in your best interest to have a third party firewall.

Third party firewalls offer much greater protection and allow the ability to configure specific rules in much greater detail than Windows firewall.

Having the ability to configure rules with more detail makes it possible for you to lock down your network and its possible security holes more tightly.

The reason this is a good idea if you are storing confidential information on a network is that having a firewall gives you control over exactly what comes in and out of your network.

Without this added security it may be possible for your valuable information to be compromised or copied to a remote location without you even knowing it is happening.

Why have a firewall or invest in a better one?
Three words: Vastly improved security. A third party firewall solutions affords you the best protection for your data and network.

If you have important data to secure, a firewall is an excellent step in protecting your network from unwanted access to your network.

If you have questions about your firewall (or lack of firewall) and would like us to evaluate your network security, please give us a call.

Whether it is security holes left open due to a weak firewall or other possible security issues we can help you secure your data!

Feature article by Tech Experts,
Service Manager for Tech Experts

Protect Your Network From Dangerous Spring Thunderstorms

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

What’s the best way to keep your computer safe during a thunderstorm? Crawl under your desk and unplug it.

While not a particularly practical suggestion, unplugging your PC from AC power, a telephone line if you use a modem, and your network will protect it from surges and power problems.

A more practical solution would be to use a power protection device, such as a true surge protector, or a business-grade battery backup system.

Computer damage from severe weather conditions is surprisingly a very common problem, despite warnings to install power protection.

When power problems strike, they can cause permanent damage, to your computer, your data, or both. To minimize the possibility of damage, install a true surge protector – not just a power strip. A true power strip will cost you in the neighborhood of $20 to $40, and most offer specific guarantees if your equipment is damaged after you properly install the power protection device.

Get a surge protector that also protects your network, phone lines, or DSL connection. Some even offer a connection to provide surge protection on the cable line that services your cable modem. Remember, the more protection, the better.

Check your protection devices regularly. If you use battery backup systems, use the testing feature at least quarterly to make sure your unit still functions properly. Batteries in backup systems will typically last two or three years, unless your power environment is particularly troublesome.

Remember, too, that not all power problems result from electrical storms. The every day variances in power quality – from smaller surges, sags, drops and brownouts – will also, over time, cause damage to your electronic equipment.

When you invest in a high-quality surge protector, many of them will also compensate for these minor electrical fluctuations, protecting your equipment at its own expense. These are called line conditioning surge protectors.

Higher end line conditioning surge protectors will wear out and lose effectiveness after a few years, and should be replaced. We always recommend using APC Power Protection equipment because it comes with an equipment insurance policy.

Throughout the month of April, Tech Experts is offering a free power protection audit. To reserve your audit, call the office at 734-457-5000, or sign up at: www.computerbatterybackups.com.

Network Security: Keep Your Network Environment Secure

As more and more people rely on the Internet to get things done in their daily life, network security is more important than ever. Typically, small businesses and home network users haven’t had to worry much about security.

Poor network security exposes you to viruses, spyware, and most dangerous, cyber criminals a.k.a. hackers.

These guidelines and best practices can help eliminate, or at least mitigate, the majority of network breaches and security vulnerabilities.

Security Policy
An active security policy is always the most important item for protection of your network, whether it is in your home or in a business environment.

This is simply a statement, or guideline of the rules and how security is setup in the organization.

This role will govern the level of security users are allowed access to on the network. The roles and responsibilities of each person on the network, as they are part of the system, should be clearly defined.

Passwords
Although the most obvious, it is definitely one of the most important,and often, most neglected ttems.

Be sure to enforce strong passwords across your network – a weak password could lead to a user account being compromised.

Email
Certain email attachments can become a major problem if the wrong one is opened, and a lot of the time it is by accident.

Some of the most common file types to block would be: .bas, .bat, .vbs, and .exe.

Patches/Updates
Be sure your operating system is up to date with most recent patches, security updates, and service packs. This will close many of the vulnerabilities that can be exploited by hackers.

Inventory
Keep a good inventory of your network devices by developing and maintaining a list of all hardware and software components that are implemented on the network.

Try to understand which software applications should be installed, and which provide a weak security configuration so you can monitor those applications.

Adopt The Least Privilege Concept
The least privilege concept influences the network and/or systems administrator to create custom policies for having permissions and access to network resources.

Try to allow only what access is absolutely necessary to users, not giving them more rights to the system than they should have.

Remote Access
Certain ports can be blocked to keep unwanted users from remotely accessing your network and any of its resources.

If you’re one of the many small business owners who also works from home on occasion, there should be a security policy in place for VPN (virtual private network) access and your IT support company should assist with getting connected properly.

Keeping these simple guidelines in mind when thinking security on your network, and you’ll prevent several possible problems from happening, as well as maintaining a safe and effective performing work environment for work and for pleasure, in home or in business.