How to

Managing DNS Securely 1024 634 Vaughan

Managing DNS Securely

What is DNS?

The Domain Name System (DNS) is a central part of the Internet, providing a way to match names (for instance a web site that you’re seeking) to numbers (the IP address of the web site). Anything connected to the Internet – laptops, tablets, mobile phones, websites – has an Internet Protocol (IP) address made up of numbers.

Our web site has an IP address of 146.66.91.189, but this is obviously not easy to remember. However, our web site’s domain name (or address) https://zen.net.au is something that people can recognise and remember.

You can think of DNS as a ‘phone book’ for the Internet. DNS resolves (or translates) domain names to IP addresses, enabling humans to use memorable domain names while computers on the Internet use IP addresses to communicate.

What is DNS used for?

  • Resolving names of web sites
  • Routing messages to e-mail servers and webmail services
  • Connecting app servers, databases and middleware within a web application
  • Virtual Private Networks (VPN)
  • Peer-to-peer sharing programs
  • Multi-player games
  • Instant messaging and online meeting services
  • Communication between IoT devices, gateways and servers

Most consumers and many organisations just use the DNS servers provided by their Internet Service Provider (ISP). The issues with this approach are:

Your ISP will provide almost no content filtering via their DNS servers:

  1. Sites that are known to contain malware will not be blocked
  2. Sites that contain non-business use content will not be blocked
  3. There is no reporting of sites that your staff have visited


Managed DNS – security and reporting

The benefits of using a Managed DNS Service are:

  1. Improved security
    1. Sites that are known to contain malware and adware are blocked automatically
    2. Using Managed DNS adds an additional layer of protection to your network

  2. Improved productivity
    1. You can implement a “business use” policy that blocks access to inappropriate content (e.g. porn, violence, peer-to-peer file sharing etc.)

  3. Reporting of the sites that have been accessed by staff
    1. You can’t manage what you don’t understand, the reporting provides an insight into the activity occurring on your network.

Pricing

Managed DNS is available from $30ex per month (up to 50 users).

If you have questions or would like to implement Managed DNS, please contact us for further details.

Business Security requires a Password Manager 1024 634 Vaughan

Business Security requires a Password Manager

Weak and compromised passwords are one of the top ways that users, systems, and data are compromised. Think of your online accounts and how much damage a criminal could do to you with access to them. Think about the damage an attacker could do with an administrator account on your network before you become the latest victim of ransomware.

In the meantime, users and businesses are compromised every day because of weak and breached passwords. You hear about password breaches all the time. You can find out if your credentials have been affected by a password breach by checking: https://haveibeenpwned.com/

‘Have I been pwned’ is a site that collects the data from such breaches to allow users to find out if they are affected. At the end of 2019, the total number of compromised accounts in the HIBP database was more than 9 billion, 5,081,613,319 of them in the 10 largest breaches.

Attackers will take the credentials stolen from one service and then use them to attempt to log into other services. This is called credential stuffing, and the consequences can be severe. Do you reuse the same username (probably your email address) and password on more than one site?

Better security measures than passwords are becoming available, like two-factor authentication (2FA), but these approaches have their own problems and they currently don’t work with every site that users may need to log into. So, as a practical matter, most organizations, will be stuck with passwords for some time.

The question then, is what is the most secure—or least insecure, if you prefer—way to use passwords? The answer is to follow best practices, and the only practical way to follow best practices is to use a password manager.

Password best practice

  • Choose passwords that would be difficult for others to guess and then don’t update them regularly. A strong password should contain a mix of upper- and lower-case letters, numbers and symbols.
  • If users choose strong passwords, then so long as they’re not compromised there is no need to change them. This approach works best when used with a password manager.
  • Making password management a chore is a guaranteed way to encourage staff to take shortcuts with passwords and potentially use the same password over and over or write them down. Don’t make password management any more of a hassle than it needs to be.
  • Use a password manager like LastPass or RoboForm to simplify the management and administration of passwords. Both LastPass and Roboform have a free product offering which is quite capable.
  • Passwords should not relate to a family member or some other personal fact even if you think no one would know it.
  • Secure passwords don’t have to be something like “aldskfj83n*^)##”. This password isn’t as secure to brute-force attack as the much easier to remember “roof14skyred*car”.
    • Check the strength of passwords at https://howsecureismypassword.net/ A secure password that can be remembered is particularly important if it’s a “key” password, such as the master password for LastPass, or your windows logon.
  • Use a different password for every account/profile – that way if a password is compromised only one account / profile / service is affected – not all.
  • Don’t share your passwords with anyone

Password Manager – Multi-user licensing

Password managers began as and still are largely a one-user purchase. But if you are responsible for the security of multiple users within an organisation, you should consider an option that offers some management capability and a volume discount. Many password manager providers have versions for teams and enterprises.

The main team feature these products provide is the ability to share login information with other users. They probably also allow an administrator to manage users. The administrator may be able to onboard new users, centrally manage shared items and who gets access to them, authorize and deauthorize devices, control access to features in the password manager, and more.

Failed Login Attempt Monitoring

Many Windows applications are susceptible to brute-force password hacking attempts (i.e. trying to identify the user’s password by repeatedly attempting to authenticate with different passwords).

However applications that use a Web portal for authentication frequently do not lock out a user account after a certain number of failed login attempts.

For your on-premise servers, implement failed login attempt monitoring to address this security risk.

How to prevent a Ransomware attack 1024 634 Vaughan

How to prevent a Ransomware attack

The cost of remediating a ransomware attack will always be significant, therefore it is worth spending time to ensure that you have the defences in place to prevent an attack or to mitigate data loss in the event that your defences are breached.

What is Ransomware?

Ransomware is a piece of malicious software that once executed, blocks access to the contents of files (typically documents and data files) by encrypting the files. In order to regain access to your documents, a sum of money must be paid to the attacker – a “ransom”. If you pay the ransom, then you receive a key and software that you can use to unencrypt your data.

Some of the ransoms that have been demanded have been over 100K. That kind of outlay can put an SME out of business and that is exactly what has happened to some SME’s that have suffered a ransomware attack.

The ransomware attack is done either through automated bot software written specifically to inject ransomware into a system or by an attacker gaining remote access to a computer and then executing ransomware directly on that system. The latter “remote control” type of attack has become more prevalent in recent times and is particularly dangerous because where the attacker has remote access to the target computer they are able to perform a “custom” attack based on the attributes of the particular network that they’re attacking (e.g. they can attempt to identify backups (both local and off-site) and seek to delete or encrypt these backups rendering them useless).

Prevent the attack

From a purely technical standpoint, ransomware is just another kind of malware, a malicious program that has been allowed to run on your systems with sufficient privileges to cause damage. That damage, the encryption of your files, is what differentiates ransomware from other malware.

There are a small number of ways that ransomware attackers can get a foothold in your network: phishing for credentials, running other malware to gain remote access to a computer on your network, allowing remote access to your network through unsecured ports.

Steps that you can take to prevent an attack:

  • User education.
    • Nobody wants to be the person responsible for allowing their computer to be the source of a ransomware attack.
    • Ensure that your staff are alert to the fact that attackers frequently send e-mails with malicious attachments or links to malicious software. If your staff don’t recognise the threat, then you’re relying on your anti-virus software to identify and quarantine the threat.
    • We have written a separate article about e-mail threats:
  • Apply security updates to software promptly.
    • Security updates are addressing known vulnerabilities, so don’t give attackers a “free kick” at your network by not addressing these vulnerabilities. This is particularly pertinent for servers that host services that are publicly accessible on the Internet.
  • Implement a multi-layered anti-virus approach.
    • No single anti-virus product should be considered infallible all the time.
    • Therefore, it is prudent to implement a layered approach.
    • Each product should have a small “footprint” (i.e. use minimal resources so as not to affect computer performance).
    • Look for strong Ransomware protection in at least one of the products deployed.
  • E-mail screening
    • Many malware attacks are attempted via e-mail, therefore consider implementing an e-mail gateway that can screen all e-mail and filter / quarantine malicious or potentially suspicious e-mail.
    • Effective e-mail screening can identify many hostile e-mails before they reach the Inbox of your staff – thus reducing the risk that you need to rely on the vigilance of staff to recognise a threat.
    • We can provide e-mail screening for $4ex per mailbox, per month. No installation or other charges
      • The e-mail screening incorporates a combination of automatic rules plus messages that are assessed to be ‘suspicious’, but not definitely malicious, are flagged for manual review by a competent person. So, while not guaranteed to be infallible, in practice this approach has proven to be effective.
  • Use role-based authentication and apply least-privilege rules to these roles
    • What this means is that you only provide users with the privileges that they need (and no more) to perform a task
    • For example, users on a desktop or laptop, should normally only be logged on with an account that has ‘user-level’ privileges so that they can run applications. This means that by default they cannot install software (and they also cannot inadvertently install malware). When a user needs to install a new application, then they will be prompted to authenticate with a different set of credentials which has the higher privileges needed to allow them to install or update applications.
  • Enforce strong authentication rules, including using two-factor authentication (2FA).
  • Password management:
    • Choose passwords that would be difficult for others to guess and then don’t update them regularly. A strong password should contain a mix of upper- and lower-case letters, numbers and symbols.
    • If users choose strong passwords, then so long as they’re not compromised there is no need to change them. This approach works best when used with a password manager.
    • Use a password manager like LastPass or RoboForm to simplify the management and administration of passwords. Both LastPass and Roboform have a free product offering which is quite capable.
    • Use a different password for every account/profile – that way if a password is compromised only one account / profile / service is affected – not all.
    • Don’t share your passwords with anyone
  • Use an SIEM (security information and event management) solution to keep up with developments on your network.
  • Lock down externally accessible services (such as RDP) where they are not necessary and enforce secure access restrictions for services that are accessible externally where they are necessary.

Backups – your last line of defence

Backups are an essential last line of defence to address a multitude of issues. At the end of the day computer hardware can be replaced, but your critical data will be unique to your business and will be either irreplaceable – or at the very least difficult to recreate.

Backing up your data is a key part of the defence against ransomware and other malware. However, if your backups are wiped out by ransomware, then this defence is rendered useless.

We have written a separate article about protecting your backups from Ransomware.

https://www.zen.net.au/protecting-backups-from-ransomware-is-as-easy-as-3-2-1/

If you have further questions or would like a no-obligation review of your existing security arrangements, please don’t hesitate to contact us.

Using encryption to secure documents and collaborate securely 1024 634 Vaughan

Using encryption to secure documents and collaborate securely

Document security has always been important, but in our increasingly “connected” world the risk of un-authorised people accessing your documents is on the rise.

So how could an un-authorised person (an attacker) access your private documents?

If the documents are not encrypted, by circumventing “access controls”.

So, what do I mean by “access controls”?

Let’s consider some examples:

    1. When you logon to your computer, you need to provide a password to logon. That is an “access control”. Without the password you can’t logon to your computer and you can’t access the documents on your computer.

So how could an attacker who doesn’t know your password potentially gain access to your documents?

There are in fact several ways that access controls can be bypassed:

      • If your computer is part of a Windows domain, the attacker could logon with another domain account, and if the documents are stored locally that would likely provide them with immediate access, if the other domain account that they were using had local administrative rights.
      • If the attacker has physical access to your computer there are a number of specialised “tools” (many freely available on the Internet) that can be used to boot your computer and access the computer’s file system directly. Using such a tool, the attacker could make a copy of your documents, and there would be no record of this activity.
      • If you have a backup of your computer, and that backup is stored locally or in the Cloud (e.g. Dropbox, OneDrive etc.) and the backup is not encrypted. Then the contents of the backup are likely to be accessible to the attacker.
      • If your documents are stored on a network drive, then depending on the security permissions assigned it is possible that your documents can be accessible to other users. For instance, in a Windows environment, it is difficult to prevent Administrators from being able to access folders or individual documents. Without going into extensive detail, while permissions can be set to block Administrators access there are workarounds. For instance, if an admin user takes ownership of a folder then they can change the permissions so that they have access. While there will be an audit trail of the change of ownership; that won’t prevent the documents from being accessible once the permissions have been changed.
      • Administrators may also have access to backups, when restoring backups often there is an option to obtain full access to all files. This is another way that access controls could be bypassed un-detected.
  1. Another potential avenue of attack is Cloud services (e.g. Dropbox, OneDrive, Google Drive etc.). You really can’t be certain who might have access to your files on these external services or where the files are being stored.

So, what is the answer?

Encryption!

If you encrypt your documents securely, then the contents of your documents remain private even if the attacker manages to obtain a copy of your documents.

In all the scenarios where I outlined how access controls can be circumvented; if your documents are encrypted, then it doesn’t matter. Because although the attacker may have a copy of your documents, while ever your documents remain encrypted, they remain private.

If you do a search for encryption products on the Internet, you will find that there are quite a few. The encryption product that we use and recommend is AxCrypt https://www.axcrypt.net/

Why choose AxCrypt?

  • AxCrypt uses strong encryption
    • up to 256bit AES encryption

  • Cloud storage awareness
    • AxCrypt can be configured to automatically secure your files in Dropbox, OneDrive etc.

  • Collaboration
    • AxCrypt allows secured files to be securely shared with other users. The other AxCrypt user/s can then use their own password to work with the files.

  • Ease-of-use
    • Most encryption products are by their very nature “complicated”. AxCrypt provides a comparatively easy-to-use interface to manage your documents securely.

  • Affordable
    • For organisations, annual subscriptions start at $132ex per user

If you would like to deploy AxCrypt or if you have further questions, please don’t hesitate to contact us.

Protecting backups from ransomware is as easy as 3-2-1 1024 411 Vaughan

Protecting backups from ransomware is as easy as 3-2-1

Ransomware attacks will not only encrypt your data and documents, but the attackers will also attempt to locate your backups and encrypt them. If you can prevent this, you can recover from an attack without giving in to blackmail.

Ransomware has been a red-hot problem for some time now. Backing up your data is a key part of the defence against ransomware and other malware. However, if your backups are wiped out by ransomware, this defence is rendered useless.

Ransomware attackers often try to find and delete or encrypt backups, many of which are accessible through compromised accounts. The loss of backups, even just recent backups, makes an attack a much more costly event and limits your ability to resist the attacker. What are practical ways to ensure that this does not happen?

As with most security precautions, there is no 100% guaranteed way to protect your backups. But by following best practices, you can significantly increase your chances of being able to use backups for recovery from the attack with minimal losses of time and business.

Follow the 3-2-1 rule of backup

The 3-2-1 rule of backups:

  • Three copies of the data being backed up are made
  • Two different storage media are used for the backup
  • One copy (at least) of the data is kept off site.

The goal of the 3-2-1 rule is to increase the chances that a backup will be available. Keeping a copy remote protects you even in case of a fire or natural disaster. Plus, a remote copy, properly done can also be significantly harder for the attackers to access – and thus more likely to be preserved in the event of an attack.

One of the most effective ways to implement offline backups is to use removable media and physically “rotate” the backup media regularly. If this simple practice is done regularly and consistently then there will always be a relatively up-to-date copy of the backup media which is not connected to the network at any point in time. And if the backup media is not connected to the network then it is safe in the event of an attack.

However rotating backup media regularly has its own challenges. As it requires discipline to swap the media regularly day-after-day, week-after-week, month-after-month. The media needs to be rotated all year-round to be effective – no exceptions. As a result, many organisations will instead look to rely on an automated process – where the computer does the work – using cloud backups.

One of the critical characteristics of the off-site backup in the 3-2-1 rule above is that it should be offline. This makes it inaccessible to the attacker. But the benefits of being offline mean that “standard” cloud storage isn’t necessarily appropriate for the off-site copy. If the attacker, through stolen credentials, can obtain enough privileges to delete cloud storage, the whole point of off-site storage is lost.

The key with the off-site backup, is that even if the attacker completely compromises your local network; that your cloud backups should remain protected.

One possible barrier you could place in the way of attackers attempting to reach your cloud-based backup is to use unique credentials, not from your company network, along with a separate second authentication factor to access and manage the backups. Even if the attacker completely compromises your network, the cloud backups should remain protected. Another approach is to use a “private” cloud storage solution where custom arrangements can be made to maintain an additional copy of the off-site backup which is not directly accessible via remote access.

What to do next?

When evaluating a backup system, ask the vendor how their backup system protects your backups from encryption in the event that an attacker obtains admin access to your network. “Off-the-shelf” backup solutions are unlikely to apply the 3-2-1 rule of backups.

If implementing a backup solution that meets the above criteria sounds too difficult; rest assured that ZEN can provide a backup system that complies with the 3-2-1 rule automatically. Contact us for further details.

Backup Internet Connection – “Site Health” Checklist 1024 411 Vaughan

Backup Internet Connection – “Site Health” Checklist

These days there would be very few organisations that are not dependent on Internet access for the smooth running of their business. However, despite this dependence on the Internet, many organisations rely on a single Internet connection – typically a wired service.

If you’re an NBN customer using a standard NBN service, Telstra include a free 4G backup service with their SmartModem; which automatically kicks in – in the event of an NBN outage (speed of up to 6Mbps).

However if you have an a Enterprise fibre service, we can provide a 4G backup service that works in the same way – and without the 6Mbps speed restriction or a data limit.

Servers – “Site Health” Checklist 1024 411 Vaughan

Servers – “Site Health” Checklist

Hardware monitoring

  • If your servers are from a Tier 1 vendor (e.g. HP, Dell) then they most likely will have ‘Out of Bounds’ management capabilities installed (Dell = DRAC, HP = ILO).
  • These ‘Out of Bounds’ systems have the ability to monitor the internal hardware components of your servers and can provide alerts when faults are detected – and sometimes even before faults occur! (i.e. they can predict hardware failures).
  • Of course, to take advantage of this feature, the alerts need to be configured. However because the configuration of the alerts is not entirely straight-forward, in our experience frequently these alerts are not configured.
  • Where you have Servers with redundant components (e.g. power supplies, storage devices), provided that you’re aware of the faults, the components can often be replaced by the vendor without any downtime.

Disk space monitoring

  • Any Windows system that runs low on (or out of) disk space on any volume will typically experience degraded performance at the very least – or worse applications will either stop working altogether or will start behaving “unusually”. All of these outcomes will be disruptive to users.
  • Configure disk space monitoring on servers by setting thresholds / alerts for each logical volume; so that in the case of low disk space, intervention can be taken before any disruptions to services occur.

Security patches

  • Particularly on servers that are accessible from the Internet (i.e. servers that provide services to external users) and thus are far more susceptible to ‘attack’ from malicious third parties; ensure that Microsoft and 3rd party application security patches are regularly reviewed and applied to protect against known vulnerabilities.
“Site Health” Checklist 1024 411 Vaughan

“Site Health” Checklist

In this article we provide a Checklist for key tasks and processes that should be in place to ensure the smooth running of your computer network.

This checklist covers the following areas:

  1. Backups and Disaster Recovery
  2. Anti-virus
  3. Passwords
  4. E-mail scams
  5. Servers
  6. Backup Internet connection
Backups and Disaster Recovery – “Site Health” Checklist 1024 411 Vaughan

Backups and Disaster Recovery – “Site Health” Checklist

Good backups are an essential first line of defence to address a multitude of issues. At the end of the day computer hardware can be replaced, but your critical data will be unique to your business and will be either irreplaceable – or at the very least difficult to recreate.

What makes a “good backup”?

A “good backup”, is a recent backup that has all the data (which can include applications as well as information) in a form that can be easily accessed and restored if needed.

What this means then, is that backups need to be performed regularly (typically at least daily). The value of backups is significantly diminished if they’re not current – or near current to the point-in-time that you need.

The key items in relations to backups are:

  • the backup application itself – its capabilities and features (if you would like recommendations for your environment … please contact us)
  • automated monitoring of backup jobs
    • you need to know that all systems are being backed up at least daily
    • that the backup jobs are being started
    • and that if there are any failures – you’re notified so that they can be investigated and resolved
    • so what you’re interested in is the “exceptions” (i.e. jobs that are not started for some reason, and the jobs that complete with an error)
    • if you don’t have automated monitoring of your backup jobs – we can help!

Servers

  • When most people think about backups, they probably think ‘Servers’ and that is entirely appropriate. Servers typically store data for users and thus Servers need regular and reliable backups in the event of some issue (hardware, user error or virus etc.)

Workstations

  • However backups are also appropriate for workstations. These days USB drives are inexpensive and are ideal both in terms of their physical size (portable) and their capacity.
  • Users don’t always save documents to designated folders or network drives. If important documents are lost or corrupted, local workstation backups are ideal in this scenario.
  • Another situation where local workstation backups can save time and money is in the case where a user has noticed some ‘strange’ behaviour (e.g. some application not performing as expected).
    • If the behaviour cannot be resolved in 15 – 30 mins, and the user can advise that the behaviour started a few days ago.
    • If you have regular backups you can restore back prior to when the issue commenced and resolve the issue in around an hour.
  • Local backups are also particularly useful when users are based at a branch office.
    • Rather than having to return a system to Head office for a rebuild (which will typically take a few days), if you have a recent backup from a point-in-time where the system was working; you can restore the system at the Branch office and have the system working again in around an hour.

Off-site

  • In the case of a disaster at your premises, you need to have a copy of server backups off-site.
  • As with backup monitoring, the process for getting your backups off-site should be automated. Automated processes are not reliant on any individual (i.e. automated processes keep working regardless of who is on vacation)
  • Each off-site backup should be verified – at least weekly – to verify the integrity of the images (if the image is intact – then it can be restored).

Disaster Recovery strategy

  • Off-site backups need to be tested periodically, even if the off-site images are being verified.
  • Frequently the off-site recovery environment is different to the on-premise equipment. It is only by performing an off-site restore that you can identify any potential issues in the restore process. Far better to resolve any restore issues at your leisure than under the pressure of a ‘live’ disaster recovery scenario.
  • If you have a backup system like the one we covered in this article https://www.zen.net.au/affordable-business-continuity-for-smes/ then you can perform a test restore in around 15 minutes at your convenience.
    • This is the ideal scenario; particularly for medium-sized organisations where the cost of downtime both in terms of lost productivity and loss of reputation due to disruption of service to customers would be significant.
  • However smaller organisations who may not have the budget for a dedicated Data Centre solution, still need the ability to restore their servers in the event of a disaster.
    • We can provide an alternative solution that will provide for the recovery of servers typically in 6 – 24 hours
    • In this scenario, we recommend off-site restores be performed every 6 months.
Anti-virus (AV) – “Site Health” Checklist 1024 411 Vaughan

Anti-virus (AV) – “Site Health” Checklist

No single anti-virus product should be considered infallible all of the time. We recommend a layered or multi AV approach. Each anti-virus application should have a small “footprint”) (i.e. not be a resource hog).

Ransomware

  • Because Ransomware can be difficult to detect and because the consequences of a Ransomware infection can be so dire; look for strong Ransomware protection in at least one of the AV products deployed. Also look for backup products that protect their image repositories from Ransomware (if your backups are encrypted by a Ransomware virus – then your backups become useless).

E-mail screening

  • E-mail is a constant source of threats:
    • Malicious attachments
    • Embedded images
    • Malicious URL’s
  • Implement an e-mail gateway that can screen all e-mail and filter / quarantine malicious or potentially suspicious e-mail. Effective e-mail screening can block scam e-mails before they reach the Inbox of your staff – thus reducing the risk that you need to rely on the vigilance of your staff to recognise a threat.

We can provide e-mail screening for $4ex per mailbox, per month. No installation or other charges.

Join our Newsletter

We'll send you newsletters with news, tips & tricks. No spams here.

Input this code:captcha