IT Support

Managing DNS Securely 1024 634 Vaughan

Managing DNS Securely

What is DNS?

The Domain Name System (DNS) is a central part of the Internet, providing a way to match names (for instance a web site that you’re seeking) to numbers (the IP address of the web site). Anything connected to the Internet – laptops, tablets, mobile phones, websites – has an Internet Protocol (IP) address made up of numbers.

Our web site has an IP address of 146.66.91.189, but this is obviously not easy to remember. However, our web site’s domain name (or address) https://zen.net.au is something that people can recognise and remember.

You can think of DNS as a ‘phone book’ for the Internet. DNS resolves (or translates) domain names to IP addresses, enabling humans to use memorable domain names while computers on the Internet use IP addresses to communicate.

What is DNS used for?

  • Resolving names of web sites
  • Routing messages to e-mail servers and webmail services
  • Connecting app servers, databases and middleware within a web application
  • Virtual Private Networks (VPN)
  • Peer-to-peer sharing programs
  • Multi-player games
  • Instant messaging and online meeting services
  • Communication between IoT devices, gateways and servers

Most consumers and many organisations just use the DNS servers provided by their Internet Service Provider (ISP). The issues with this approach are:

Your ISP will provide almost no content filtering via their DNS servers:

  1. Sites that are known to contain malware will not be blocked
  2. Sites that contain non-business use content will not be blocked
  3. There is no reporting of sites that your staff have visited


Managed DNS – security and reporting

The benefits of using a Managed DNS Service are:

  1. Improved security
    1. Sites that are known to contain malware and adware are blocked automatically
    2. Using Managed DNS adds an additional layer of protection to your network

  2. Improved productivity
    1. You can implement a “business use” policy that blocks access to inappropriate content (e.g. porn, violence, peer-to-peer file sharing etc.)

  3. Reporting of the sites that have been accessed by staff
    1. You can’t manage what you don’t understand, the reporting provides an insight into the activity occurring on your network.

Pricing

Managed DNS is available from $30ex per month (up to 50 users).

If you have questions or would like to implement Managed DNS, please contact us for further details.

Business Security requires a Password Manager 1024 634 Vaughan

Business Security requires a Password Manager

Weak and compromised passwords are one of the top ways that users, systems, and data are compromised. Think of your online accounts and how much damage a criminal could do to you with access to them. Think about the damage an attacker could do with an administrator account on your network before you become the latest victim of ransomware.

In the meantime, users and businesses are compromised every day because of weak and breached passwords. You hear about password breaches all the time. You can find out if your credentials have been affected by a password breach by checking: https://haveibeenpwned.com/

‘Have I been pwned’ is a site that collects the data from such breaches to allow users to find out if they are affected. At the end of 2019, the total number of compromised accounts in the HIBP database was more than 9 billion, 5,081,613,319 of them in the 10 largest breaches.

Attackers will take the credentials stolen from one service and then use them to attempt to log into other services. This is called credential stuffing, and the consequences can be severe. Do you reuse the same username (probably your email address) and password on more than one site?

Better security measures than passwords are becoming available, like two-factor authentication (2FA), but these approaches have their own problems and they currently don’t work with every site that users may need to log into. So, as a practical matter, most organizations, will be stuck with passwords for some time.

The question then, is what is the most secure—or least insecure, if you prefer—way to use passwords? The answer is to follow best practices, and the only practical way to follow best practices is to use a password manager.

Password best practice

  • Choose passwords that would be difficult for others to guess and then don’t update them regularly. A strong password should contain a mix of upper- and lower-case letters, numbers and symbols.
  • If users choose strong passwords, then so long as they’re not compromised there is no need to change them. This approach works best when used with a password manager.
  • Making password management a chore is a guaranteed way to encourage staff to take shortcuts with passwords and potentially use the same password over and over or write them down. Don’t make password management any more of a hassle than it needs to be.
  • Use a password manager like LastPass or RoboForm to simplify the management and administration of passwords. Both LastPass and Roboform have a free product offering which is quite capable.
  • Passwords should not relate to a family member or some other personal fact even if you think no one would know it.
  • Secure passwords don’t have to be something like “aldskfj83n*^)##”. This password isn’t as secure to brute-force attack as the much easier to remember “roof14skyred*car”.
    • Check the strength of passwords at https://howsecureismypassword.net/ A secure password that can be remembered is particularly important if it’s a “key” password, such as the master password for LastPass, or your windows logon.
  • Use a different password for every account/profile – that way if a password is compromised only one account / profile / service is affected – not all.
  • Don’t share your passwords with anyone

Password Manager – Multi-user licensing

Password managers began as and still are largely a one-user purchase. But if you are responsible for the security of multiple users within an organisation, you should consider an option that offers some management capability and a volume discount. Many password manager providers have versions for teams and enterprises.

The main team feature these products provide is the ability to share login information with other users. They probably also allow an administrator to manage users. The administrator may be able to onboard new users, centrally manage shared items and who gets access to them, authorize and deauthorize devices, control access to features in the password manager, and more.

Failed Login Attempt Monitoring

Many Windows applications are susceptible to brute-force password hacking attempts (i.e. trying to identify the user’s password by repeatedly attempting to authenticate with different passwords).

However applications that use a Web portal for authentication frequently do not lock out a user account after a certain number of failed login attempts.

For your on-premise servers, implement failed login attempt monitoring to address this security risk.

How to prevent a Ransomware attack 1024 634 Vaughan

How to prevent a Ransomware attack

The cost of remediating a ransomware attack will always be significant, therefore it is worth spending time to ensure that you have the defences in place to prevent an attack or to mitigate data loss in the event that your defences are breached.

What is Ransomware?

Ransomware is a piece of malicious software that once executed, blocks access to the contents of files (typically documents and data files) by encrypting the files. In order to regain access to your documents, a sum of money must be paid to the attacker – a “ransom”. If you pay the ransom, then you receive a key and software that you can use to unencrypt your data.

Some of the ransoms that have been demanded have been over 100K. That kind of outlay can put an SME out of business and that is exactly what has happened to some SME’s that have suffered a ransomware attack.

The ransomware attack is done either through automated bot software written specifically to inject ransomware into a system or by an attacker gaining remote access to a computer and then executing ransomware directly on that system. The latter “remote control” type of attack has become more prevalent in recent times and is particularly dangerous because where the attacker has remote access to the target computer they are able to perform a “custom” attack based on the attributes of the particular network that they’re attacking (e.g. they can attempt to identify backups (both local and off-site) and seek to delete or encrypt these backups rendering them useless).

Prevent the attack

From a purely technical standpoint, ransomware is just another kind of malware, a malicious program that has been allowed to run on your systems with sufficient privileges to cause damage. That damage, the encryption of your files, is what differentiates ransomware from other malware.

There are a small number of ways that ransomware attackers can get a foothold in your network: phishing for credentials, running other malware to gain remote access to a computer on your network, allowing remote access to your network through unsecured ports.

Steps that you can take to prevent an attack:

  • User education.
    • Nobody wants to be the person responsible for allowing their computer to be the source of a ransomware attack.
    • Ensure that your staff are alert to the fact that attackers frequently send e-mails with malicious attachments or links to malicious software. If your staff don’t recognise the threat, then you’re relying on your anti-virus software to identify and quarantine the threat.
    • We have written a separate article about e-mail threats:
  • Apply security updates to software promptly.
    • Security updates are addressing known vulnerabilities, so don’t give attackers a “free kick” at your network by not addressing these vulnerabilities. This is particularly pertinent for servers that host services that are publicly accessible on the Internet.
  • Implement a multi-layered anti-virus approach.
    • No single anti-virus product should be considered infallible all the time.
    • Therefore, it is prudent to implement a layered approach.
    • Each product should have a small “footprint” (i.e. use minimal resources so as not to affect computer performance).
    • Look for strong Ransomware protection in at least one of the products deployed.
  • E-mail screening
    • Many malware attacks are attempted via e-mail, therefore consider implementing an e-mail gateway that can screen all e-mail and filter / quarantine malicious or potentially suspicious e-mail.
    • Effective e-mail screening can identify many hostile e-mails before they reach the Inbox of your staff – thus reducing the risk that you need to rely on the vigilance of staff to recognise a threat.
    • We can provide e-mail screening for $4ex per mailbox, per month. No installation or other charges
      • The e-mail screening incorporates a combination of automatic rules plus messages that are assessed to be ‘suspicious’, but not definitely malicious, are flagged for manual review by a competent person. So, while not guaranteed to be infallible, in practice this approach has proven to be effective.
  • Use role-based authentication and apply least-privilege rules to these roles
    • What this means is that you only provide users with the privileges that they need (and no more) to perform a task
    • For example, users on a desktop or laptop, should normally only be logged on with an account that has ‘user-level’ privileges so that they can run applications. This means that by default they cannot install software (and they also cannot inadvertently install malware). When a user needs to install a new application, then they will be prompted to authenticate with a different set of credentials which has the higher privileges needed to allow them to install or update applications.
  • Enforce strong authentication rules, including using two-factor authentication (2FA).
  • Password management:
    • Choose passwords that would be difficult for others to guess and then don’t update them regularly. A strong password should contain a mix of upper- and lower-case letters, numbers and symbols.
    • If users choose strong passwords, then so long as they’re not compromised there is no need to change them. This approach works best when used with a password manager.
    • Use a password manager like LastPass or RoboForm to simplify the management and administration of passwords. Both LastPass and Roboform have a free product offering which is quite capable.
    • Use a different password for every account/profile – that way if a password is compromised only one account / profile / service is affected – not all.
    • Don’t share your passwords with anyone
  • Use an SIEM (security information and event management) solution to keep up with developments on your network.
  • Lock down externally accessible services (such as RDP) where they are not necessary and enforce secure access restrictions for services that are accessible externally where they are necessary.

Backups – your last line of defence

Backups are an essential last line of defence to address a multitude of issues. At the end of the day computer hardware can be replaced, but your critical data will be unique to your business and will be either irreplaceable – or at the very least difficult to recreate.

Backing up your data is a key part of the defence against ransomware and other malware. However, if your backups are wiped out by ransomware, then this defence is rendered useless.

We have written a separate article about protecting your backups from Ransomware.

https://www.zen.net.au/protecting-backups-from-ransomware-is-as-easy-as-3-2-1/

If you have further questions or would like a no-obligation review of your existing security arrangements, please don’t hesitate to contact us.

Using encryption to secure documents and collaborate securely 1024 634 Vaughan

Using encryption to secure documents and collaborate securely

Document security has always been important, but in our increasingly “connected” world the risk of un-authorised people accessing your documents is on the rise.

So how could an un-authorised person (an attacker) access your private documents?

If the documents are not encrypted, by circumventing “access controls”.

So, what do I mean by “access controls”?

Let’s consider some examples:

    1. When you logon to your computer, you need to provide a password to logon. That is an “access control”. Without the password you can’t logon to your computer and you can’t access the documents on your computer.

So how could an attacker who doesn’t know your password potentially gain access to your documents?

There are in fact several ways that access controls can be bypassed:

      • If your computer is part of a Windows domain, the attacker could logon with another domain account, and if the documents are stored locally that would likely provide them with immediate access, if the other domain account that they were using had local administrative rights.
      • If the attacker has physical access to your computer there are a number of specialised “tools” (many freely available on the Internet) that can be used to boot your computer and access the computer’s file system directly. Using such a tool, the attacker could make a copy of your documents, and there would be no record of this activity.
      • If you have a backup of your computer, and that backup is stored locally or in the Cloud (e.g. Dropbox, OneDrive etc.) and the backup is not encrypted. Then the contents of the backup are likely to be accessible to the attacker.
      • If your documents are stored on a network drive, then depending on the security permissions assigned it is possible that your documents can be accessible to other users. For instance, in a Windows environment, it is difficult to prevent Administrators from being able to access folders or individual documents. Without going into extensive detail, while permissions can be set to block Administrators access there are workarounds. For instance, if an admin user takes ownership of a folder then they can change the permissions so that they have access. While there will be an audit trail of the change of ownership; that won’t prevent the documents from being accessible once the permissions have been changed.
      • Administrators may also have access to backups, when restoring backups often there is an option to obtain full access to all files. This is another way that access controls could be bypassed un-detected.
  1. Another potential avenue of attack is Cloud services (e.g. Dropbox, OneDrive, Google Drive etc.). You really can’t be certain who might have access to your files on these external services or where the files are being stored.

So, what is the answer?

Encryption!

If you encrypt your documents securely, then the contents of your documents remain private even if the attacker manages to obtain a copy of your documents.

In all the scenarios where I outlined how access controls can be circumvented; if your documents are encrypted, then it doesn’t matter. Because although the attacker may have a copy of your documents, while ever your documents remain encrypted, they remain private.

If you do a search for encryption products on the Internet, you will find that there are quite a few. The encryption product that we use and recommend is AxCrypt https://www.axcrypt.net/

Why choose AxCrypt?

  • AxCrypt uses strong encryption
    • up to 256bit AES encryption

  • Cloud storage awareness
    • AxCrypt can be configured to automatically secure your files in Dropbox, OneDrive etc.

  • Collaboration
    • AxCrypt allows secured files to be securely shared with other users. The other AxCrypt user/s can then use their own password to work with the files.

  • Ease-of-use
    • Most encryption products are by their very nature “complicated”. AxCrypt provides a comparatively easy-to-use interface to manage your documents securely.

  • Affordable
    • For organisations, annual subscriptions start at $132ex per user

If you would like to deploy AxCrypt or if you have further questions, please don’t hesitate to contact us.

Protecting backups from ransomware is as easy as 3-2-1 1024 411 Vaughan

Protecting backups from ransomware is as easy as 3-2-1

Ransomware attacks will not only encrypt your data and documents, but the attackers will also attempt to locate your backups and encrypt them. If you can prevent this, you can recover from an attack without giving in to blackmail.

Ransomware has been a red-hot problem for some time now. Backing up your data is a key part of the defence against ransomware and other malware. However, if your backups are wiped out by ransomware, this defence is rendered useless.

Ransomware attackers often try to find and delete or encrypt backups, many of which are accessible through compromised accounts. The loss of backups, even just recent backups, makes an attack a much more costly event and limits your ability to resist the attacker. What are practical ways to ensure that this does not happen?

As with most security precautions, there is no 100% guaranteed way to protect your backups. But by following best practices, you can significantly increase your chances of being able to use backups for recovery from the attack with minimal losses of time and business.

Follow the 3-2-1 rule of backup

The 3-2-1 rule of backups:

  • Three copies of the data being backed up are made
  • Two different storage media are used for the backup
  • One copy (at least) of the data is kept off site.

The goal of the 3-2-1 rule is to increase the chances that a backup will be available. Keeping a copy remote protects you even in case of a fire or natural disaster. Plus, a remote copy, properly done can also be significantly harder for the attackers to access – and thus more likely to be preserved in the event of an attack.

One of the most effective ways to implement offline backups is to use removable media and physically “rotate” the backup media regularly. If this simple practice is done regularly and consistently then there will always be a relatively up-to-date copy of the backup media which is not connected to the network at any point in time. And if the backup media is not connected to the network then it is safe in the event of an attack.

However rotating backup media regularly has its own challenges. As it requires discipline to swap the media regularly day-after-day, week-after-week, month-after-month. The media needs to be rotated all year-round to be effective – no exceptions. As a result, many organisations will instead look to rely on an automated process – where the computer does the work – using cloud backups.

One of the critical characteristics of the off-site backup in the 3-2-1 rule above is that it should be offline. This makes it inaccessible to the attacker. But the benefits of being offline mean that “standard” cloud storage isn’t necessarily appropriate for the off-site copy. If the attacker, through stolen credentials, can obtain enough privileges to delete cloud storage, the whole point of off-site storage is lost.

The key with the off-site backup, is that even if the attacker completely compromises your local network; that your cloud backups should remain protected.

One possible barrier you could place in the way of attackers attempting to reach your cloud-based backup is to use unique credentials, not from your company network, along with a separate second authentication factor to access and manage the backups. Even if the attacker completely compromises your network, the cloud backups should remain protected. Another approach is to use a “private” cloud storage solution where custom arrangements can be made to maintain an additional copy of the off-site backup which is not directly accessible via remote access.

What to do next?

When evaluating a backup system, ask the vendor how their backup system protects your backups from encryption in the event that an attacker obtains admin access to your network. “Off-the-shelf” backup solutions are unlikely to apply the 3-2-1 rule of backups.

If implementing a backup solution that meets the above criteria sounds too difficult; rest assured that ZEN can provide a backup system that complies with the 3-2-1 rule automatically. Contact us for further details.

Affordable Business Continuity for Linux 1024 411 Vaughan

Affordable Business Continuity for Linux

Example Scenario

  • Business has 2,500GB / (2.5TB) of data on their Linux Server.
  • Organisation’s premises are broken into and the server is stolen.
  • It takes 2 weeks to organise a replacement server from a Tier 1 hardware vendor.
  • In the interim, the organisation’s server is hosted in the Cloud and accessed via VPN.
  • Recovery Time Objective (RTO): 30 minutes – 4 hours
ZEN Solution
On-Site Backup
  • 2 x 4TB drives (“mirrored” for redundancy)
  • Custom monitoring and verification of backup

Implementation $316.50ex per month for 12 months
(or discount of $3,165ex available if paid up-front).

Off-Site Backup and Disaster Recovery
  • 4TB volume hosted in the Cloud (backups are encrypted)
  • Recovery time: 30 minutes – 4 hours

Per Month: $258 ex-GST

Off-site Restore
  • Linux VM running for 2 weeks
  • Restore of backup to VM
  • Configuration of VPN for remote access
  • Recovery Time: 30 minutes – 4 hours

Activation Fee: $1,500 ex-GST

NBN Enterprise Ethernet 1024 577 Vaughan

NBN Enterprise Ethernet

Unlock your potential with superfast fibre connectivity direct to your door.

NBN Enterprise Ethernet brings dedicated end-to-end fibre to any site in Australia located with the NBN fixed line footprint – without the price tag of traditional private fibre connections from the large telcos.

Delivery Zones and Service Speed

NBN Enterprise Ethernet pricing is determined by which of the three NBN Enterprise Ethernet delivery zones your premises are located within, as well as the service speed that you select for your connection

How much does it cost?

You’ll be surprised!

Contact us to learn how cost-effective future proofing your connectivity with dedicated fibre to your premises can be.

Affordable Business Continuity for SME’s 580 218 Vaughan

Affordable Business Continuity for SME’s

Example Scenario

  • Business has 3,000GB / (3TB) of data on their Windows Server.
  • Organisation’s premises are broken into and the server is stolen.
  • It takes 2 weeks to organise a replacement server from a Tier 1 hardware vendor.
  • In the interim, the organisation’s server is hosted in the Cloud and accessed via VPN.
  • Recovery Time Objective (RTO): 30 minutes – 4 hours
ZEN Solution
On-Site Backup
  • 2 x 4TB drives (“mirrored” for redundancy)
  • Custom monitoring and verification of backup

Implementation $188ex per month for 12 months
(or discount of $1,880ex available if paid up-front).

Off-Site Backup and Disaster Recovery
  • 4TB volume hosted in the Cloud (backups are encrypted)
  • Recovery time: 30 minutes – 4 hours

Per Month: $172 ex-GST

Off-site Restore
  • Windows VM with 3TB of capacity, running for 2 weeks
  • Restore of backup to VM
  • Configuration of VPN for remote access
  • Recovery Time: 30 minutes – 4 hours

Activation Fee: $1,000 ex-GST

Backup Internet Connection – “Site Health” Checklist 1024 411 Vaughan

Backup Internet Connection – “Site Health” Checklist

These days there would be very few organisations that are not dependent on Internet access for the smooth running of their business. However, despite this dependence on the Internet, many organisations rely on a single Internet connection – typically a wired service.

If you’re an NBN customer using a standard NBN service, Telstra include a free 4G backup service with their SmartModem; which automatically kicks in – in the event of an NBN outage (speed of up to 6Mbps).

However if you have an a Enterprise fibre service, we can provide a 4G backup service that works in the same way – and without the 6Mbps speed restriction or a data limit.

“Site Health” Checklist 1024 411 Vaughan

“Site Health” Checklist

In this article we provide a Checklist for key tasks and processes that should be in place to ensure the smooth running of your computer network.

This checklist covers the following areas:

  1. Backups and Disaster Recovery
  2. Anti-virus
  3. Passwords
  4. E-mail scams
  5. Servers
  6. Backup Internet connection

Join our Newsletter

We'll send you newsletters with news, tips & tricks. No spams here.

Input this code:captcha