Author Archives: Joshua Liberman

NSA recommends ditching Windows XP

March 7, 2012 in Security News by Joshua Liberman  |  No Comments

A post on WinMatrix.com refers us to a document released by the NSA titled “Best Practices for Keeping Your Home Network Secure” from April 2011. Among other things, they touch upon why Windows XP should be left behind in favor of more modern operating systems:

Both Windows 7 and Vista provide substantial security enhancements over earlier Windows workstation operating systems such as XP. Many of these security features are enabled by default and help prevent many common attack vectors. In addition, implementing the 64-bit mode of the OS on a 64-bit hardware platform substantially increases the effort of an adversary to attain a system or root compromise. For any Windows-based OS, verify that Windows Update is configured to provide updates automatically.

The post on WinMatrix.com can be found here.
The NSA document can be found here (PDF).

Three Ways You Must Backup Your Network

November 21, 2011 in Blog, Building a Better Network, Network Security by Joshua Liberman  |  No Comments

To be truly effective, you must cover all three “vectors” of backup. These three areas are
first, Classic Data Backup (documents, email, databases, etc.), second, Imaging or
Snapshots of physical or virtual machines, and finally, an Off-Site component in order to
get you started on the road to business continuity and disaster recovery.

Classic Data Backup
This is the “classic” backup that many of you actually are performing today. Whether you
have automated backups to tape through software like Backup Exec, a Windows Backup job
to USB drive, something running to an off-site location or perhaps even a combination of the
above, you are probably backing up at least some of your data.

Are your backups “granular” enough to restore just one email message? Can you roll back
to earlier versions of your files? Do you have ability to backup data from one server to the
tape or hard drive(s) connected to your primary server? Do you have the time (backup
windows) to get it all done? Even the simple stuff can be complex.

Imaging or Snapshots
So now let’s talk about getting backups of the actual installation and configuration of your
network. That means your Windows Servers and Active Directory, Exchange, SQL, and
other servers. This includes the configuration of your network (users, groups, shares,
permissions), and other site specific details that make your network yours.

There are many further details to consider as well. Do you have frequent enough image
backups? Where are these backups located; if they are only on the drive of the server
backed up, what happens if it is gone? And will they restore to “dissimilar” hardware, so
that they will work on the new server you will need to buy after that fire?

Off-Site
Let’s assume you have a complete data backup and configuration or imaging solution in
place and that you can count on it when you need. So what happens when the entire server
and its connected USB backup drive has been stolen? Or if the building has been soaked by
the sprinkler system that put out the server room fire?

It all comes down to off-site data, be it on tapes, drives or that Internet based remote backup
you do. Tapes are easy in this sense, as they can simply be transported on a regular
schedule off-site. Disc and other strategies generally require you to replicate data off-site to
another site or to an Internet based service.

Device Questions
Of course, you have to have some sort of device as a backup “target” to start. Tape is still a
good option for small business, despite what you may have heard. Tape is faster than most
disc-based options (up to 250G/hour) and cheaper ($50/Terabyte) than most other options.
Being removable and tough, tapes are easier to transport off-site as well.

Backing up to disc does offer some nice advantages. Hard drives are cheaper than tape
drives, though NAS (network attached storage) can be pricey. Disc backup is easier and
faster to use once you actually have to perform that critical restore. And finally, disc backup
provides some features (data deduplication, for example) that tape does not.

Three Needs, One Strategy
There is no one answer to all of these questions, but with a little help, you can stitch together
a full solution. Symantec’s Backup Exec SBS Suite includes the ability to execute data
backup to disc or tape, including Exchange, SQL, and Sharepoint. Also included in the
package is the imaging capability to capture the configuration of your network and servers
with imaging and recovery to different server hardware.

Complemented with an off-site strategy, this gives you the basic tools you need. But tools
alone are not a plan. If you are far enough along to be considering such things as
communicating with employees in the case of disaster, or locating a secondary business site,
you need a plan for that. Business Continuity and Disaster recovery planning comprises
much more than just a backup strategy.

Details and More
Is your data encrypted or password protected on the media you backup to in case of loss or
theft? How often do you do your imaging and can you use it to bring up different servers if
you lose your existing ones? How about restores; are you testing them? How do you
manage your backup media, secure it and make sure it is available when you need it? And
how do you monitor all of these backups to make sure they get done?

Over the past few years, newer options such as continuous data protection (CDP) and
business disaster recovery (BDR) devices have arrived as well. CDP provides continuous
backups of your data right as it changes; no more scheduled backups. BDR devices can
virtualize your existing server(s) and keep you going in the event of a loss of one or more of
your servers. These BDR devices can reside at your site or be hosted off-site as well.

Planning and executing a truly effective and comprehensive backup strategy is just one of
the many services that Net Sciences provides our customers. We can help you make sure
that you have all the bases covered and work with you to design and refine your disaster
recovery planning. Meet with us and discuss your backup, business continuity and disaster
recovery strategy. At Net Sciences, we watch over your data so that you don’t have to.

Four Basic Tenets of Network Security

November 21, 2011 in Blog, Building a Better Network, Network Security by Joshua Liberman  |  No Comments

Introduction
I speak with business owners all the time that say things like, “but my data isn’t valuable to
anyone.” This usually leads me to ask them whether they think that vandals that “key” cars
do it because they need the paint. The bottom line is that your network is always under
attack, whether it be targeted or more commonly, simple Internet vandalism. The answer is
to implement a “layered” defense scheme at the perimeter, server(s) and desktop.

Secure the Front Door (Firewalling)
Every Internet connected network needs good perimeter defenses. In other words, you
need to cover the front door. Firewalls serve as the first layer of your defense system and
stand between you and the outside world of the Internet. For many years, firewalls simply
performed SPI, or stateful packet inspection. This means that each data packet’s header is
examined to verify its validity. Unfortunately, this is roughly akin to asking people at the
front door if they are carrying a weapon of any sort before allowing them in the door,
without verifying the response in any way. Your network needs better protection than that.

That is where DPI, or deep packet inspection, comes into play. Unlike SPI, where just the
packet header is examined, DPI scans the entire packet (each of the billions of them that
comprise a day’s work) for “signatures” of known attacks of every kind. Since virtually all
attacks are identifiable in this manner, DPI firewalls are capable of searching packets for
viruses, spyware, trojans, and many other network attacks. Their traffic scanning abilities
are vastly superior to that of old school SPI firewalls. The downside to this is performance.
As anyone who has spent time in airline security lines knows, thorough examinations take
longer. Fortunately, fast DPI firewalls are now affordable for every business. Ask Net
Sciences for more information about the Sonicwall line of DPI firewall/UTM devices.

Secure the Back Door (Antivirus)
The next layer of your defense functions at the server. It probably goes without saying that
every network requires comprehensive antivirus protection nowadays. This means running
antivirus at the server and at the desktop. Any truly effective network antivirus software
will include spyware and other “malware” protection as well. Network managed antivirus
software can also alert you to problems and produce status reports on demand as well. This
is what you want protecting your network.

Networked antivirus stands as a second line of defense against front attacks, but also covers
intrusions from within. Networked antivirus can stop attacks that do not originate from
outside the firewall. Desktop AV clients, managed and updated regularly by the server
(any AV solution is only as good as its updates) can also guard against viruses introduced
by users (on USB keys, checking their personal email, etc.). Just remember, a locked front
door really cannot protect your business from attacks that come in through a missing back
door. Ask Net Sciences for more information on networked antivirus for your network.

Secure the Windows (Patching)
The third layer of your complete network defense is at the operating system and application
level. It is probably not a surprise any more that Windows itself (and nearly all other
software) requires patching to keep it secure. They are vital to your network’s security
though. Even with the other layers in place, many of today’s most effective attacks happen
at this level and without successful patch deployment and management, you will end up
with bank vault doors front and rear, but screen doors everywhere else!

There are many tools on the market to handle patch management, but one of the simplest
and most effective is a freebie known as WSUS (Windows Software Update Services).
WSUS provides a good, basic level of patch management and distribution for all Microsoft
products, including Windows Servers, Exchange and SQL Servers, Windows XP, Vista and
Windows 7, Office applications and many others. WSUS is just one of many such options,
of course. Ask Net Sciences for more information on Patch Management for your network.

The Keys to the Kingdom (People)
This is the final key to securing your network. We are talking here of the most difficult to
manage and potentially threatening component of any network; the people that actually use
the systems. Educating your end users is the single most important measure you can take
and is probably the most overlooked of all security measures. Remember, security is a
process that hinges upon user education, so schedule an hour of basic security training at
least once a year for your employees, and more often if you can.

Learning how to avoid becoming victims of “social engineering” is paramount. One day,
standing at the front desk of a small law firm here in town waiting to come in to work on
their firewall, I heard a receptionist say to a caller on the phone that she would be right back
with the network password. I asked to whom she was talking and she replied that it was
“the guy that does our network,” which she suddenly realized, was actually me. She was a
moment away from handing out the keys to the kingdom, all because someone politely
asked. And again, there is no security without periodic user training.

And Beyond
In addition to the above, there are other security products out there (such as antispam
software and hardware, critical file protection products, and more). The issue is what level
of commitment you can afford to make (in terms of both money and time). Security can be
thought of as a continuum. Imagine Fort Knox at one end; very secure, but you probably
can’t get a pizza delivered. At the other extreme you find typical small business networks,
maybe yours; easy for anyone to access anything, which is not really ideal. Ask Net Sciences
to help you figure out how much security is right for your business and how to get there.

Net Sciences, Inc.
Since 1995, Net Sciences has been building reliable, secure networks for our New
Mexico customers. On networks of three to 300 computers, supporting law firms,
architects, engineers, scientists, accountants and nearly every other profession, Net
Sciences is the complete solution to your business network equation. Net Sciences
designs, builds and supports networks, keeping them running smoothly, and
protecting your data so that you can focus on taking care of business!

Safe On the Internet

April 18, 2011 in Blog, Feature, Home Security by Joshua Liberman  |  No Comments

Now that you have your new computer and you’re ready to go flying the Internet, what
should you do first? In order to safely surf the unfriendly Internet, you’ll need to prepare in
three ways. You’ll need antivirus/antispyware software that updates itself automatically.
You will need a good software firewall. And you will need to be sure that you keep up with
the latest Microsoft Updates. And if you are running Windows but not using the latest
version (XP SP3, Vista SP2 or Windows 7 SP1), it is time to get that done!

Antivirus
It should go without saying nowadays; don’t even think of using your computer without
antivirus software installed. Antivirus software relies primarily on “pattern files” that are
basically fingerprints of all viruses out there. As there are literally thousands of new viruses
every month, these pattern files are constantly being updated. Unfortunately, viruses are
not released on a schedule and on any given day, the next big one could be lurking. Take
the time to find the setting for updating your AV software and set it to do so automatically.
While you are in there, set the software to scan outgoing as well as incoming email too.

Symantec’s Norton Antivirus is a perennial favorite here, and it works quite well nowadays,
and has an easy user interface. The newest version, NAV 2012 is really excellent. If you are
looking for freeware alternatives, by far the leading option is Microsoft’s own Security
Essentials product. MSE really stands head and shoulders above other freeware offerings
and performs nearly as well as most paid software, but it does not include a software
firewall, as do many of the security suites. As a standalone antivirus/antispyware product,
MSE protects as well as most, though it is a bit slower to perform scans than most.

Antispyware
Spyware (aka malware) installs itself without notice on your system. Spyware can capture
information and keystrokes, open your machine to others, and even turn your system into a
spam relaying robot (spambot). Spyware is the number one threat today. If you already
run Norton Antivirus 2011 or newer, you really don’t need a separate antispyware utility. If
you are looking for free alternatives, Microsoft’s Security Essentials is a good choice, and is
available to protect XP, Vista and Windows 7, in both 32-bit and 64-bit versions and is a real
step up from other freeware offerings such as AVG, Avira and ClamWin. It should go
without saying, but be sure NEVER to fall for bogus antispyware offered in spam or as a
popup on your PC. Remember, if you didn’t ask for it, do not install it!

Software Firewalls
A software firewall keeps the multitudes of the Internet out of your system, unless you very
specifically invite them in. Windows XP SP3 incorporates many security updates, and
perhaps the best known was the “Windows Firewall” that comes installed and active by
default now (also in Vista and Windows 7, in much improved versions). The integrated
firewall in both Windows Vista and Windows 7 does a pretty good job of protecting you,
but either one can be improved upon with third party products, such as Symantec’s.

Security Suites
It is always tempting to go with a single solution, rather than to shop around (or download
free utilities) for each of these issues. Currently, Norton Internet Security (NIS) 2011 is the
best suite going, and though there are no completely free suites out there, once again,
Microsoft Security Essentials comes pretty close to filling that bill. The problem of going
with a suite usually comes down to the weakness of a single component of the suite.
Selecting the right suite can save you time and the issues of dealing with multiple products.

Software Updates
It comes as a surprise to many people that there are constant updates to Windows, Internet
Explorer, Office, and others, but it is a fact of computing life. These updates should be
delivered automatically through Microsoft Update. Simply go into the properties of My
Computer, select the Automatic Update tab and set it to auto download and install them.
Of course, other software that does not come from Microsoft also needs frequent updating.
Fortunately, there is a simple, free option from Secunia that can handle that for you. Just
search for “Personal Software Inspector” or PSI and you’ll be able to install one product to
keep track of all your necessary updates and even install some of them for you!

Vista and Windows 7
Microsoft Windows Vista offered many security enhancements for home users and
businesses alike. Some are very subtle and “under the covers” and others are highly
intrusive and questionably useful (user access control, anyone)? Windows 7 builds on those
strengths and offers even better native security as well as a degree of control over the rather
annoying user access control (UAC) in Windows Vista. Overall, both are a big step forward
in terms of security and reliability. However, even Windows 7 requires antivirus, software
firewall and software updates to remain secure.

The Nut that Holds the Wheel
You are the single most important part of your computer security plan. No software can
protect your computer against your own actions. So remember the three simple rules of
Internet security. Everyone is anonymous, so you can never tell where a mail message
actually came from. The Internet has not turned humanity into altruists, and therefore,
nothing is really free. Finally, if it seems too good to be true, it is too good to be true!

The Final Word on Passwords
Many people resist the idea of using passwords at all. Unfortunately, even for those of you
that live in wonderful areas where you can leave your front door unlocked, you cannot do
the same with your computer on the Internet. At worst, a few people might have occasion
to try your front door to see if it is locked on any given day. On the Internet, literally
millions will check to see if you have locked your system “doors” each and every single day.
Assuming you’ve done your homework and implemented the above set of precautions,
good passwords are your next line of defense. Good passwords are not names, contain
numbers and/or punctuation marks and are not the same for every site you visit!

Net Sciences, Inc.
To learn more about security, visit netsciences.com or call NSI at (505) 266-7887. Net
Sciences builds secure computers, secures those that are not, and helps you learn to stay
secure in your computing. NSI is your home computing security expert.

Wireless Security Basics

April 18, 2011 in Blog, Feature, Wireless Home Security by Joshua Liberman  |  No Comments

Securing your home wireless network is easier than ever before. Improving the
security of your home or office wireless network is a relatively painless three-step
process. You will learn to change the SSID of your wireless device (alter), use MAC
address lock down (filter) and enable WPA2 encryption to (protect) your connection.
This entire process can be accomplished in 15 minutes.

SSID (Alter)
All wireless access points come with a default device name (or SSID). Nearly all
manufacturers use simple, obvious SSIDs for their devices. For example, every
Linksys is shipped with “Linksys” as the default SSID making it simple to find your
device in its default configuration. Change it now! Use something obscure and be
creative. At the very least, you’ll keep people from guessing the name of your
access point. The SSID is usually found in the admin area of your device.

MAC Address (Filter)
Every networked device (wired or wireless) has its MAC address assigned during
manufacturing; this is essentially a unique serial number. It is very useful, as you
can setup MAC filtering in your wireless network. That way, only your devices can
access your wireless network. The downside is that you must update this when
you get new gear, but that is even easier. MAC filtering is generally found
under the security portion of your wireless access point or router.

WPA2 (Protect)
Wireless Protected Access (WPA) and WPA2 are the newest security standards for
protecting your wireless connection. They use a passphrase to encrypt (scramble)
your data and are not easy to crack. Using this sort of protection for your wireless
connection is very important. Without it, anyone can do whatever they want with
your connection, legal or not. These options are usually found in the wireless
security area of your device. When possible, use “AES” and “WPA2” options.

The Weakest Link
The weakest link is always the “nut that holds the wheel” and that is you. So use
common security sense, and don’t hand out your passphrase or put it on your
router for all to see. Consider using more complex passphrases. And change that
admin password! It is good to know that many of the latest wireless devices
include wizards that will step you through the above steps, making secure setup
even easier. Just do your part and you can have a secure wireless network.

Net Sciences, Inc.
If you are protecting either critical personal or business assets, or a remote
connection to your office, or just want a higher level of security, call on Net
Sciences at (505) 266-7887. With ten years of secure wireless experience, offering
a full line of wireless solutions, Net Sciences can provide you all the functionality
and security you need for your wireless network.

Eight Steps You Must Take To Secure Your Network

April 18, 2011 in Blog, Feature, Network Security by Joshua Liberman  |  No Comments

Introduction
Have you just gotten a network survey done and found that your Fort Knox is more
of an Open House? Did you already know that you are playing fast and loose but
had no idea how fast and how loose? Well, you can make your network reliable and
secure, starting at the perimeter (firewall) and working your way inwards. And you
can resolve your worst networking problems, the same way they built the pyramids,
one brick at a time. And remember, if it is not automated, it simply will not happen.

1. Secure the perimeter
Securing the perimeter with a good, deep packet inspection firewall is the easiest
and most broadly effective step you can take. Just a few years ago, firewalls were
very simple devices that simply scanned the headers of data packets (well under one
percent by “volume” of data). They simply verified that a request for a certain page
was valid and that the response to that request came from the intended target. No
attention was paid to the 99 percent of each packet that was the actual data stream.

With everything from viruses to attacks against browser flaws in that data stream,
you need more from your firewall these days. You need a device that does deep
packet inspection, a device that has the ability to recognize and control specific
traffic (i.e., instant messaging or streaming video). You need a “unified threat
management” or UTM device, one that can also provide secure remote access and
wireless capabilities. Ask NSI about easy and affordable UTM Firewall products.

2. Setup Network Antivirus
The need for reliable network antivirus software is not news. But antivirus threats
have grown tremendously in sophistication over the past few years. We still very
commonly see sites running a mix of three or four different, unmanaged products on
their desktops (or worse, nothing at all). That which you cannot automate does not
get done. And that which you cannot get reports on, you will not even know is not
getting done. Ask NSI about managed network antivirus for your business.

3. Setup Software Patching/Updating
How many patches did Microsoft release for Windows XP? Thousands. How about
Windows Server 2003? Hundreds. What things need patching? Servers, desktops,
operating systems, browsers, MS Office, Dot Net Framework, Flash, Java, Adobe
Reader, and more. Why do you care? Because every major attack you have heard of
for years takes advantage of vulnerabilities that have already been patched (or should
have been). Ask NSI about how to automate your network patch management.

4. Setup Reliable Data Backups
Nearly everyone has heard of (or experienced) the hardships of getting tape backups
to work properly. So why do so many still use tape backup? Because it’s fast (LTO
is faster than USB hard drives or NAS), reliable (with the right equipment), and
cheap (a $50 tape holds 1000G of data). Finally, tapes can easily be stored locally in
a fire safe and go home with you for off-site storage as well. But tape is not the only
answer you need. Ask NSI about a data backup solution tailored to your needs.

5. Setup Local Disaster Recovery
Think that your data backup is all you need to recover from a loss or theft? What if
you had a theft that left you with no servers? Your data is safe on tape somewhere,
but what does it take to get back to work: New hardware first, then the installation
of your server, email/and or database servers, your backup software and then the
recovery from tape of your data. That’s two to five days without a network, after
you get hardware. What if you could do it one afternoon? How much could that
save you? Ask NSI about imaging and virtualized solutions for disaster recovery.

6. True Disaster Recovery (DR) Planning
Want to fall asleep every night knowing your data backup and disaster recovery
solutions are truly bulletproof? What if you had actually had a plan for a stolen
server, a damaged building or other disaster? Perhaps you had never considered
this all before. If so, let’s get you sleeping well again. Most of this planning is
strategic not technical, and not costly. Ask NSI about true DR planning and devices
for your business.

7. Setup Reliable Power Protection
Maybe you know that your UPS can support your servers for no more than about
half an hour during a power outage. Maybe you have wondered . . . what happens
then? And are all the really important pieces of your network protected from power
fluctuation, contamination and loss? Did you know that you can connect all of your
networking gear to one monitored device that can handle all your power needs?
Ask NSI about power backup and monitoring solutions for your business.

8. Educate and Train
No matter how diligently you protect the perimeter, maintain network antivirus and
software patching, plan and execute backups and DR planning, all it takes is one
piece of seriously bad judgment to bring it all down. Ask NSI about training your
staff in the basics of reliable and secure computing.

Net Sciences, Inc.
Since 1996, Net Sciences has been building reliable, secure networks for our New
Mexico customers. On networks of three to 300 computers, supporting law firms,
architects, engineers, scientists, accountants and nearly every other profession, Net
Sciences is the complete solution to your business network equation. Net Sciences
designs, builds and supports networks, keeping them running smoothly, and
protecting your data so that you can focus on taking care of business!

Page 1 of 212

  • About Joshua

    Joshua LibermanJoshua Liberman is the President and founder of Net Sciences, Inc. Joshua began working in the computer field in 1982, setting up one of the first IBM PCs in Bakersfield, California. Moving into the the networking field in 1988, Joshua started PC Services ...more..

  • Calendar

    May 2012
    M T W T F S S
    « Mar    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  

  • Blog Categories