Category Archives: Networking & Security

Fighting Modern Threats with Next Gen Firewalls

Listen to GreenPages’ network expert, Bobby Mazzotti, discuss how next gen firewalls go beyond basic threat management to deliver advanced intrusion protection capabilities and provide companies with superior visibility and control of their network. By inspecting traffic packets coming in from the host, next gen firewalls provide the extra layer of security necessary to protect businesses from modern threats such as ransomware and backdoor trojans. Check out the video below to learn more:

As a vendor agnostic solutions provider, GreenPages is in a perfect position to help you evaluate and deploy the best tech depending on your unique business goals. Please reach out to us or your account manager to get started.

By Jake Cryan, Digital Marketing Specialist

VMware NSX vs. Cisco ACI: Where Are We Now?

Just over a year and a half ago, GreenPages posted a video  and of Nick Phelps (below) and held a webinar discussing how it’s not VMware NSX vs. Cisco ACI, but the synergistic benefits of running both VMware NSX and Cisco ACI simultaneously which was, at the time, a bit “science-fiction-y.” Fast forward to present day and the tech world has had plenty of time to test how these two products work together. Check out Nick’s update on why using both technologies together can create “a beautiful orchestra of automation!”  

As a vendor agnostic solutions provider, GreenPages is in a perfect position to help you evaluate and deploy the best tech depending on your unique business goals. Please reach out to us or your account manager to get started.

By Jake Cryan, Digital Marketing Specialist

 

Grim ‘Reaper’ Botnet Could Come for Your Candy

'Reaper' Botnet

 

By Tony Ramsey, Practice Manager, Networking & Security

IoT devices and gadgets which are the primary target of the ‘Reaper’ botnet present a new attack vector and easy-to-exploit vulnerabilities. These vulnerabilities. coupled with the number of IoT devices, have certainly helped the ‘Reaper’ botnet reach the critical mass needed to deliver a massive DDoS attack or a crippling payload to its victims. But don’t fret, it hasn’t done so yet. When compared to the Mirai botnet attack last year, the good news is that security experts are more prepared for it. 

The major concern is the sheer number of infected devices and their combined computing power harnessed by botnet controllers through injection of malicious code that has the potential to cause massive problems.  

The numbers provided by 360 Netlab are impressive:

Infected bots connected to one controller: About 28,000 infected devices

Number of devices vulnerable to ‘Reaper’ botnet: As far as two million

It’s important to note, however, that this botnet has already lost the element of surprise. The ‘Reaper’ botnet controllers and some of its code are now known to the internet security community. Its method of infection: exploiting known vulnerabilities and its propagation between devices are also being analyzed.

Therefore, it is no longer a question of detection but prevention.  

This is certainly the time for device vendors to provide security patches for hardware and software platforms to address the specific exploitable vulnerabilities.

There’s much anxiety in the internet security community since we’ve not yet seen any attacks or malicious activity and the Reaper botnet still seems to be in the expansion phase; its intention for a concerted malicious attack is yet unknown, but we know that its potential magnitude of damage is quite large. 

Some of the infected networked devices are mainly for home and SOHO use, so education and awareness is needed by consumers who aren’t necessarily accustomed to applying security patches and in-depth configurations for threat mitigation.

‘Reaper’ Botnet Update:

The original claim in the security world that this is one of the largest botnet infections ever has been significantly reduced. As of today, the prediction is that the ‘Reaper’ botnet isn’t as far reaching as expected, but it could change at any moment. The question is, will the ‘Reaper’ botnet cause more widespread damage than the infamous Mirai?

 

Eight Crucial Strategies for Strengthening Network Security

strengthening network security Strengthening Network Security

Strengthening network security is vital to your organization. Check out the tips below to ensure you are well protected.

Leave no host forgotten, know your hosts (all of them)

Any and every device capable of wired or wireless access with an IP address should be known in your environment. This goes beyond desktops, laptops, servers, printers, IP phones, and mobile devices. The “Internet of Things” presents a larger potential footprint of hosts including environmental monitoring and control devices, security cameras, and even things like vending machines. IoT devices all run operating systems that have the potential to be compromised by hackers and used as a platform for performing reconnaissance of your network for more valuable assets. Ensure inventory lists are valid by performing routing network scans to identify unknown devices.

Understand your users’ behavior

Knowing the culture and habits of users, like when and where they work, is important for establishing baseline behavior patterns. Also, the types of work they do online such as researching, downloading software, and uploading files will vary greatly by industry. For example, users at a law firm are not going to have the same internet usage behavior as users at a software development company. Even within an organization, there will be differences between administrative and technical engineering user behavior. Knowing the behavior of your users will make it easier to identify what is normal versus abnormal network traffic.

Understand what talks to what and why

The network traffic patterns in your organization should represent the usage of critical business applications that users need to do their job. Understanding these traffic flows is critical to building effective security policies for ACLs, stateful firewall policies, and deep packet inspection rules on network security devices. This applies to traffic within your internal private networks, what is allowed in from the outside, and especially the type of traffic allowed to leave your organization.

Control what is running on your hosts

The more applications and services running on a host, the more potential for exposure to software vulnerabilities.  Software updates are important for bug fixes and new features but security related fixes to applications are critical. Limit the types of applications users may install to reputable software vendors that take security updates seriously. Staying current with operating system security updates is even more important. Situations when legacy applications require older EOL operating systems to run on your network should be monitored very closely and if possible should be segmented to dedicated VLANs.

Know your data & control your data

Understand the data that is critical to your business and classify that data into different levels of sensitivity. You must ensure that encryption is used when transmitting highly sensitive data across the network as well as limit access to sensitive data to only those who require it. It is important to implement effective logging on all devices that store and transmit sensitive data and perform routine checks of your backup solutions to ensure the integrity of critical data backups.

Monitor and control your perimeter (egress too!!)

The network perimeter of your organization includes Internet and WAN connections but also wireless access points. All three of these perimeter pathways need to be protected with the highest levels of access restrictions.  Next-generation security appliances should be deployed on all perimeter segments to provide deep packet inspection, content filtering, and malicious URL inspection. Centralized logging of network and security devices using a security information event management (SIEM) solution is vital for analysis and correlation of logging data.

Train your users: they are your weakest link and your best defense

Deliver routine end-user security awareness training to keep users up to date on ways to recognize suspicious email content and websites. Perform routine experimental phishing campaigns to determine how well users are able to identify suspicious emails. Review policies with users on how to manage sensitive data. Make sure users are aware of non-technical methods used by hackers such as social engineering tactics to extract information about your organization.

Implement strong authentication controls

Use multifactor authentication for wireless and VPN remote access whenever possible. Restrict the usage of local user accounts and require complex passwords that must be changed regularly. Implement 802.1x security on wireless LANs as well as wired network connections that are accessible to common areas in your facility.

Utilizing the tips above can go a long way in strengthening network security, reach out to your account manager or contact us to find out more about strategies to strengthen your network.

By Kevin Dresser, Solutions Architect

KRACK & Adobe Flash Vulnerabilities: How to Protect Now & Prevent Later

Security VulnerabiilityAs you may know, there were multiple major security vulnerabilities announced yesterday. One specifically related to the WPA2 WiFi Security Protocol dubbed “KRACK” and another related to Adobe Flash. What happened and how can you protect your environment from the KRACK & Adobe Flash vulnerabilities? Below is what we shared with our current Managed Services customers, but even if you work with another provider or handle all of your IT system monitoring and management yourself, this may be helpful toward further understanding your risks and how to protect your environment.

WPA2 “KRACK” Vulnerability


What is it?: A critical vulnerability in the WiFi Protected Access II (WPA2) protocol which could allow someone within range of your wireless network to gain unauthorized access to traffic over that connection. 

This vulnerability applies to any device that utilizes the WPA2 protocol to establish secure connections, including Wireless Access Points, Endpoints (laptops, desktops), and Mobile Devices.

Microsoft has already released a patch and it is included in the October Security Rollup. For customers currently enrolled in our desktop patching program, this roll-up has been approved for immediate install. For customers enrolled in our Server patching program, we will apply the October Security Rollup per the normal patching schedule as servers typically will not have WiFi enabled. 

Further – some recommendations for your end users:

  • Avoid public WiFi (such as coffee shops, hotels, etc.)
  • When connected to WiFi, try to limit browsing to HTTPS sites
  • Consider using a VPN which will encrypt traffic end-to-end

While patching your endpoints will substantially mitigate the vulnerability, GreenPages will be watching for upcoming available patches and updates for the network devices in your environment in the coming days and weeks and will work with you to apply those expeditiously.

More specific details on this WiFi vulnerability can be found here.

Adobe Flash Vulnerability:

Adobe released a security update for a vulnerability that was recently discovered that could lead to remote code execution. 

  • If you are currently enrolled in a 3rd party patching program that includes Adobe Flash, we have already approved this patch for deployment to your environment.
  • If you are not enrolled, due to the risk potential for this vulnerability, it is highly recommended that you apply this patch to all devices in your environment. 

The Adobe Flash Security Bulletin can be found here.  

We’ll be writing a follow-up post next week about the KRACK & Adobe Flash vulnerabilities once the dust has settled to see how the industry has reacted and responded to these vulnerabilities so please check back then.

To learn more about GreenPages Server, Desktop, 3rd Party Patching, and Managed Services Programs, please call 800-989-2989 and we can set up a call to discuss.

By:

Jay Keating, VP Cloud & Managed Services
Aaron Boissonnault, Director, Hybrid Cloud Operations
Steve Stein, Director, Client Services

How SD-WAN Enables Digital Transformation

Wide Area Networks are a critical component of today’s enterprise computing infrastructure. But WANs suffer from many problems, including latency, congestion, jitter, packet loss, and outages. Erratic performance frustrates users, especially for real time applications like VoIP calling, video conferencing, video streaming, and virtualized applications and desktops. And complex WANs are difficult to manage and troubleshoot. SD-WAN products address these problems.

Citrix does a fantastic job at explaining how Software-Defined WAN enables digital transformation and can securely deliver a consistent user experience.

To download the full white paper, What to Look For When Considering an SD-WAN Solution, click here!

SD-WAN

To download the full white paper, What to Look For When Considering an SD-WAN Solution, click here!

Emerging Security Trends with Tom Corn, SVP, VMware + VMworld Tease!

 

I recently sat down with Tom Corn, Senior VP of Security Products at VMware, after his keynote presentation at GreenPages’ Cloudscape Summit 2017. While most of his keynote announcements are under wraps until VMworld kicks off next week, he was able to discuss what security trends are emerging in the security industry as well as VMware’s role, including the importance of micro segmentation and how that technology is poised to continue to grow. Check out the video, including a little tease about the upcoming exciting news that will be unveiled at VMworld!

GreenPages’ Enterprise Consultant, Chris Williams, will be presenting at VMworld this year! His session will focus on how an architect designs for availability and recoverability in the cloud. It is on Tuesday, August 29th from 3:00pm t0 3:15pm at VMworld. Click here for more info.

By Jake Cryan, Digital Marketing Specialist

EndPoint Protection: Stopping Attacks Like WannaCry

Endpoint ComplianceIn the past few days, the WannaCry ransomware has attacked organizations all over the globe, in over 100 countries. It is believed to be the biggest attack of its kind ever. The malware enables the attacker to target endpoints without the users’ knowledge, which is exactly why endpoint protection is so crucial. This is causing massive issues in businesses all around the world. As of Sunday,

“More than 130,000 systems have already been compromised.” (Kessem, 2017)

Using a network monitoring tool is an ideal way to classify every PC, tablet, and smartphone on your network to determine if they are safe or not. An agentless monitoring tool gives your company the ability to see and control managed, unmanaged, and IoT devices.  In addition, 99% of computers are vulnerable to exploit kits, making unmanaged computers a serious threat to your network. The number of data breaches is growing exponentially, with more advanced malware and technology making it easier for hackers to get inside.

[Download Our Webinar on 20 Critical Security Controls Every Modern Company Should Have]

The Importance of Endpoint Protection

This is why a powerful endpoint compliance strategy is so crucial. There are no endpoint agents required for network access control authentication, which enables seamless visibility of every device and type connecting to your network. Network Access Controls can also help you detect and take action against suspicious endpoints the instant they access the network. It can also protect you against hacked Internet of Things devices, such as the Nest Thermostat, Phillips Hub, smart microwaves, smart ovens, security cameras, and much more. With hundreds of different, unsecured IoT devices connecting to your networks, it is vital for your company to know what they are. Using an agentless technology can help you discover, separate and assess devices on your network. Check out this great in-depth article on Network World.

Interested in learning more about how to protect your company?

Download our webinar recording on 20 critical security controls and learn what you can implement to gain understanding into the security of your environment and protect your company

By Jake Cryan, Digital Marketing Specialist

Guest Post: How to Minimize the Damage Done by Ransomware

Below is a guest post from Geoff Fancher, Vice President, Americas Channels at SimpliVity Corporation

Have you ever woken up in the middle of the night, sweating profusely, scared half to death, and terrified that your data center was infected with ransomware? If so, you’ve had an IT nightmare. Just be thankful it was all just a dream and your data isn’t lost.

Though IT nightmares come in all forms, one thing all IT pros fear nowadays is ransomware. That’s because ransomware is becoming increasingly commonplace and is evolving to become even more vicious and hard to stop once it has entered an IT environment. The cost to business productivity can be crippling, and the data loss that can occur can set a company back for days.

According to Ponemon Institute, the average cost of IT downtime is $7900 per minute. Per minute! The reason recovering from ransomware attacks can be so costly is that backing up from restores can take a long time, typically measured in hours or days depending on where and how backups were stored. Also, depending on when the most recent backup took place, a lot of data could be lost once the backup is recovered.

With the cost of downtime due to ransomware being so high because quick restores aren’t an option, many organizations are choosing to pay the ransom to get their data back. The most notable example comes from Hollywood Presbyterian Medical Center. The hackers infected the hospital’s computer systems, shutting down all communication between the systems, and demanded $17,000 to unlock them. The hospital, being in an a high-pressure situation without the correct resources to be able to quickly shut down its systems and restore from a recent backup, was forced to pay the ransom to receive the decryption key and get back online.

The fundamental piece, then, to avoiding paying the ransom demanded by cyber criminals is to have a disaster recovery plan in place. You should know what to do if a ransomware attack happens. As the old adage goes, “Hope for the best. Prepare for the worst.” That’s the attitude to take and the way to do it is to have a plan.

One company that instituted a solid disaster recovery plan just in the nick of time was an enterprise manufacturing company based in the Netherlands. The company was infected with ransomware while its IT partner was in the process of migrating VMs to a new hyperconverged infrastructure environment that had built-in data protection. Most of the infected folders were already on the new solution, which was lucky because they were able to use the solution’s backup to restore within fifteen minutes, when just a day before, on the previous infrastructure, it would have taken about three hours to restore to the most recent backup. The partner was also performing hourly backups on the new solution, so they lost less than an hour’s worth of data during the restore. Before deploying hyperconverged infrastructure, the partner was backing up to tape every 12 hours, so they saved the company about 11 hours of data loss on the new hyperconverged solution. What a difference a day makes.

For a disaster recovery plan to be successful, the IT team needs to define recovery time objectives (RTOs) – how long it takes to restore the backup – and recovery point objectives (RPOs) – the nearest backup they can restore from. Basically, businesses have to ask themselves two questions: How long can the business shut down while waiting for the restore to take place? And, how many hours of business-critical data can the company afford to lose? There are data protection plans for every size of company and for every budget. The first step to a data protection plan is defining the organization’s requirements.

Hyperconverged infrastructure, for example, can dramatically cut down the hours it takes for businesses to recover from IT downtime. By making data efficient from the start of its lifecycle, businesses are able to quickly recover from a previous backup.

With SimpliVity hyperconverged infrastructure, companies are able to backup quickly and efficiently with minimal data loss because SimpliVity’s solution is designed to meet even the most stringent RTOs and RPOs to ensure businesses functions aren’t interrupted for long in case of a disaster or ransomware attack. If you’re heading to GreenPages’ Summit Event next week, definitely swing by the SimpliVity booth to chat!

 

 

 

VMware NSX vs. Cisco ACI: Which SDN solution is right for me?

I posted this video a while back on VMware NSX vs. Cisco ACI and it’s proven to be a pretty popular topic. I will be holding a webinar on 10/6 to talk about this topic in more detail so I figured I would repost the video for people to view again. If you enjoy this video, I would highly recommend registering for the webinar. I’ll be able to go in more detail and answer any questions throughout the presentation.

 

Register for Nick’s Webinar, “VMware NSX vs. Cisco ACI: When to Use Each, When to Use Both.” In the webinar, Nick will cover:

  • The current state of the SDN market
  • VMware NSX & Cisco ACI overview
  • When it makes sense to use each, or event both
  • Next steps to get your environment prepared for SDN initiatives

 

 

By Nick Phelps, Principal Architect