Categories
Industry Insights IT Solutions Managed IT Services

Government of Canada and Homeland Security Issue Upgrade Warning

The deadline for Microsoft Server 2003 is such a threat, that even the Government of Canada and Homeland Security have issued warnings.

Both public warnings bring attention to the end of life for Microsoft Windows Server 2003 which will be effective on July 14, 2015. After this date, Microsoft will no longer provide automatic fixes, security updates, or online technical assistance for this product.

The Government of Canada took a simplified approach with their Public Safety Canada website. On the website, they state that businesses should plan to migrate away from Server 2003 as soon as possible. For complete details, you can view the entire release here, Windows Server 2003 End of Life.

As for the United States Government, they took a more detailed approached using Homeland Security to issue their warning.  As per the Canadian statement, they have also included some key points on the impact this security threat brings to the table including the fact that unsupported software is exposed to cybersecurity dangers, such as malicious attacks or electronic data loss. Users may also encounter problems with software and hardware compatibility issues and organizations that are governed by regulatory obligations may find they are no longer able to satisfy compliance requirements while running Windows Server 2003. For complete details, you can view the entire release here, Microsoft Ending Support for Windows Server 2003 Operating System – Alert (TA14-310A).

Plan and upgrade Windows Server 2003

Since the launch of Server 2008, there have been many new features and security measures added to Microsoft products.  Now companies can have on premises server with Microsoft Server 2012 or go to the cloud with Azure cloud computing.  You can even do a hybrid cloud approach and put both in play.

Companies should perform a network assessment of their current environment and future business goals.  By performing an assessment, many companies are surprised to find out how many instances of server they are running including the workloads and applications.

By upgrading, there is an endless list of advantages including:

  • Updated supported operating system from Microsoft.
  • Access to cloud computing and disaster recovery.
  • Ability to virtualize an IT environment and reduce power usage and physical footprint.
  • More scalable solutions for changing business environments.

The deadline is fast approaching and you need to plan and execute your server upgrade plan.

365 iT SOLUTIONS is a leading IT consulting firm in Toronto providing industry leading Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

We offer our Complimentary Network and Security Assessment by or access our industry leading program called Lenovo Preferred Pricing and access savings of up to 20%* on the ThinkServer line.

Categories
Industry Insights IT Solutions Managed IT Services

Government of Canada and Homeland Security Issue Upgrade Warning

The deadline for Microsoft Server 2003 is such a threat, that even the Government of Canada and Homeland Security have issued warnings.

Both public warnings bring attention to the end of life for Microsoft Windows Server 2003 which will be effective on July 14, 2015. After this date, Microsoft will no longer provide automatic fixes, security updates, or online technical assistance for this product.

The Government of Canada took a simplified approach with their Public Safety Canada website. On the website, they state that businesses should plan to migrate away from Server 2003 as soon as possible. For complete details, you can view the entire release here, Windows Server 2003 End of Life.

As for the United States Government, they took a more detailed approached using Homeland Security to issue their warning.  As per the Canadian statement, they have also included some key points on the impact this security threat brings to the table including the fact that unsupported software is exposed to cybersecurity dangers, such as malicious attacks or electronic data loss. Users may also encounter problems with software and hardware compatibility issues and organizations that are governed by regulatory obligations may find they are no longer able to satisfy compliance requirements while running Windows Server 2003. For complete details, you can view the entire release here, Microsoft Ending Support for Windows Server 2003 Operating System – Alert (TA14-310A).

Plan and upgrade Windows Server 2003

Since the launch of Server 2008, there have been many new features and security measures added to Microsoft products.  Now companies can have on premises server with Microsoft Server 2012 or go to the cloud with Azure cloud computing.  You can even do a hybrid cloud approach and put both in play.

Companies should perform a network assessment of their current environment and future business goals.  By performing an assessment, many companies are surprised to find out how many instances of server they are running including the workloads and applications.

By upgrading, there is an endless list of advantages including:

  • Updated supported operating system from Microsoft.
  • Access to cloud computing and disaster recovery.
  • Ability to virtualize an IT environment and reduce power usage and physical footprint.
  • More scalable solutions for changing business environments.

The deadline is fast approaching and you need to plan and execute your server upgrade plan.

365 iT SOLUTIONS is a leading IT consulting firm in Toronto providing industry leading Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

We offer our Complimentary Network and Security Assessment by or access our industry leading program called Lenovo Preferred Pricing and access savings of up to 20%* on the ThinkServer line.

Categories
Industry Insights IT Solutions Managed IT Services

Technology in simple English

Every wonder what all the technical words or services are that are mentioned daily?  Well, we put together a simple explanation on multiple services and technical terms. Basically, technology in simple English.

What is an application program interface (API)?

An application program interface (API) is code that allows two software programs to communicate with each other and are generally released for third-party development as part of a software development kit (SDK).

What is Amazon Web Services (AWS)?

Amazon Web Services (AWS) is Amazon.com’s cloud computing platform which are sometimes called cloud services or remote computing services.

What is bring your own apps (BYOA)?

Bring your own apps (BYOA) is a term used when employees use of third-party applications and cloud services in the workplace. BYOA follows the BYOD trend allowing user-owned devices in the workplace.

What is bring your own cloud (BYOC)?

Bring your own cloud (BYOC) is when employees and departments use their cloud computing service of choice in the workplace therefore allowing employees to use a public cloud storage service to share very large files as it may be cost-effective rather than rolling out a shared storage system.

What is bring your own network (BYON)?

Bring your own network (BYON) refers to end users that create or access alternative networks when the available options.  To network administrators, Bring your own network (BYON) refers is the ability of allowing employees to create personal area networks (PANs) as an alternative to the corporate network however a vendor describe the service as it allows remote employees to subscribe to a global wireless broadband network instead of connecting to insecure public hot spots.

What is bring your own identity (BYOI)?

Bring your own identity (BYOI) is a simple approach to digital authentication in which an end user’s username and password is managed by a third party. Some examples include Facebook, Twitter, LinkedIn, Google+ or Amazon.

What is bring your own encryption (BYOE)?

Bring your own encryption (BYOE) is a cloud computing security procedure that allows cloud service customers to control and use their own encryption software to manage their own encryption keys.

What is Internet of Things (IoT)?

The Internet of Things (IoT) is when objects such as people are provided with unique identifiers and the ability to transfer data over a network without human or computer interaction.

What is a virtual machine (VM)?

A virtual machine (VM) shares physical hardware resources with other systems but isolates one another to avoid changing the end-user experience.

What is a MX record (Mail Exchange record)?

An MX record is short form for Mail Exchange record which is a domain name system (DNS) server record that contains information about which mail server the domain uses to receive mail.

What is managed security services (MSS)?

Managed security services (MSS) is a systematic approach to managing an organization’s security needs which can be handled in house or outsourced to a service provider.

What is managed service provider (MSP)?

A managed service provider (MSP) or Managed IT Services provider delivers and manages network-based services, applications, and equipment for businesses or other service providers.

What is a Microsoft Certified Solution Developer (MCSD)?

A Microsoft Certified Solution Developer (MCSD) is an IT professional who has studied and passed a series of industry exams.  They design and develop custom business applications using Microsoft development tools, technologies, and platform.

What is a Microsoft Certified Systems Engineer (MCSE)?

A Microsoft Certified Systems Engineer (MCSE) is an IT professional who has studied and passed a series of industry exams related desktop systems, networking, and Microsoft’s BackOffice server products.

What is a Microsoft Certified Solutions Associate (MCSA)?

A Microsoft Certified Solutions Associate (MCSA) is an industry certification program intended for IT professionals who seek an entry-level job in an IT environment and it also is a prerequisite for more advanced Microsoft certifications.

What is Malware?

Malware or malicious software is any program or file that is harmful to a computer user including computer viruses, worms, Trojan horses and spyware that gathers information without permission.

What is a MAC address?

A MAC (Media Access Control) address is a computer’s unique hardware number. When a system connects to the Internet from a computer, a correspondence table relates your IP address to your computer’s physical (MAC) address.

What is a virtual desktop infrastructure (VDI)?

A Virtual desktop infrastructure or VDI is the practice of hosting a desktop operating system within a virtual machine (VM) running on a centralized server. Virtual desktop infrastructure (VDI) is a variation of server-based computing.

What is a service-level agreement (SLA)?

A service-level agreement (SLA) is a contract between a service provider and its clients that describes the service in measurable terms.  Service-level agreement (SLA) may include a plans for addressing downtime and a policy for dealing with breaches on the part of the service provider.

What is Software as a Service (SaaS)?

Software as a Service (SaaS) is simple. It is a software distribution model in which applications are hosted by a vendor or service provider and made available to customers over the Internet.

What is an Active Directory domain?

An Active Directory (AD) domain is a collection of objects including users, groups or hardware within a Microsoft Active Directory (AD) network. Each domain holds a database containing object identity information.

What is B2B?

Business-to-business, also known as B2B, is the exchange of products, services or information between businesses, rather than between businesses and consumers (B2C).

What is B2G?

Business-to-government, also known as B2G, is the exchange of products, services or information between business to government, rather than between business-to-business (B2B) or businesses-to-consumers (B2C).

What is ITIL?

Information Technology Infrastructure Library, also known as ITIL, is a framework for IT service management that strives for predictable, maintainable services that align with the needs of the corporation or organization and the goal is to improve efficiency and achieve predictable service levels.

What is an IT director?

An IT director, also known as an information technology director, is in charge of technology within an organization and can be known as a CIO.  In large enterprises, they are two separate positions where as the CIO focuses more on strategy while the IT director works directly with the technology.

What is IP spoofing?

IP spoofing or IP address forgery is the hijacking technique in which a hacker or cybercriminal masquerades as a trusted host to conceal his identity. The hijacker obtains the IP address of a legitimate host and alters packet headers so that the legitimate host appears to be the source.

What is an IP address?

An IP address or Internet Protocol is the protocol used to from one computer to another on the network or Internet. Each computer is known as a host on the Internet and has at least one IP address that identifies it from all other computers on the internet.

365 iT SOLUTIONS is a leading managed services provider (MSP) in Toronto offering a wide variety of industry leading IT consulting services including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Making I.T. Simple!

Categories
Industry Insights IT Solutions Managed IT Services

What is an IT Security Compliance Audit?

With all the security threats these days in the news from hackers and cyber criminals, it is no wonder why so many companies have to participate in IT security compliance audits.

A compliance audit may vary depending on the company performing it or your industry however it is a comprehensive review of an organization’s adherence to guidelines. Many times, it is performed by a third party Independent accounting, security or IT consulting firm that will evaluate your network compliance. Auditors will review your IT infrastructure in multiple areas including your security policies, user access controls, risk management procedures and disaster recovery.

As stated what is examined in a security compliance audit will vary depending upon multiple factors including whether an organization is a public or private company, what kind of data it handles and if it transmits or stores sensitive financial data.

For example, healthcare providers that store or transmit e-health records, like personal health information, are subject to many regulatory requirements as well as carrier requirements.  Insurance carriers carry out extremely robust IT security compliance audits on its third party providers in order to ensure all data is safe. During the compliance audit, the organization must be able to demonstrate compliance throughout their organization. Failure to pass an IT security compliance audit can result in immediate suspension as a third party service provider.

Compliance auditors will generally ask multiple levels of your team for information including the CIOs, CTOs, IT administrators or their managed IT services provider (MSP) for a series of pointed questions designed to test the overall system.  Some of the compliance audit questions may include what users were added and when, who has left the company and whether their user IDs were revoked and which who has access to critical systems within the organization.

Preparation for an IT security compliance audit takes time to prepare for as there is a lot of documentation to prepare and evaluate.  Many large organizations are turning to GRC (governance, risk management and compliance) software which enables CIOs to show auditors if their organization is in compliance or smaller organizations are turning to managed IT services providers to handle their audit to avoid costly fines or suspension of services.

365 iT SOLUTIONS is a leading managed services provider (MSP) in Toronto offering a wide variety of industry leading IT consulting services including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Take advantage of our Complimentary Network and Security Assessment by 365 iT SOLUTIONS.

Making I.T. Simple!

Categories
Industry Insights IT Solutions Managed IT Services

What is an IT Security Compliance Audit?

With all the security threats these days in the news from hackers and cyber criminals, it is no wonder why so many companies have to participate in IT security compliance audits.

A compliance audit may vary depending on the company performing it or your industry however it is a comprehensive review of an organization’s adherence to guidelines. Many times, it is performed by a third party Independent accounting, security or IT consulting firm that will evaluate your network compliance. Auditors will review your IT infrastructure in multiple areas including your security policies, user access controls, risk management procedures and disaster recovery.

As stated what is examined in a security compliance audit will vary depending upon multiple factors including whether an organization is a public or private company, what kind of data it handles and if it transmits or stores sensitive financial data.

For example, healthcare providers that store or transmit e-health records, like personal health information, are subject to many regulatory requirements as well as carrier requirements.  Insurance carriers carry out extremely robust IT security compliance audits on its third party providers in order to ensure all data is safe. During the compliance audit, the organization must be able to demonstrate compliance throughout their organization. Failure to pass an IT security compliance audit can result in immediate suspension as a third party service provider.

Compliance auditors will generally ask multiple levels of your team for information including the CIOs, CTOs, IT administrators or their managed IT services provider (MSP) for a series of pointed questions designed to test the overall system.  Some of the compliance audit questions may include what users were added and when, who has left the company and whether their user IDs were revoked and which who has access to critical systems within the organization.

Preparation for an IT security compliance audit takes time to prepare for as there is a lot of documentation to prepare and evaluate.  Many large organizations are turning to GRC (governance, risk management and compliance) software which enables CIOs to show auditors if their organization is in compliance or smaller organizations are turning to managed IT services providers to handle their audit to avoid costly fines or suspension of services.

365 iT SOLUTIONS is a leading managed services provider (MSP) in Toronto offering a wide variety of industry leading IT consulting services including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Take advantage of our Complimentary Network and Security Assessment by 365 iT SOLUTIONS.

Making I.T. Simple!

Categories
Industry Insights IT Solutions Managed IT Services

Android users beware, there is a new Dropbox vulnerability

If you have an android device and use Dropbox, you should be aware of a new vulnerability that allows cyber criminals to harvest data from your device.

Dropbox has stated that this vulnerability only impacts new files being saved into the users Dropbox via a vulnerable app that has not updated or been patched by the end user.

Microsoft has also their apps in the Google Play store to address this vulnerability.

The new vulnerability has been found by an IBM research team and called “DroppedIn”.  This threat allows cyber criminals to connect to a smart android device to a Dropbox account controlled by the cybercriminal and extract data.

The IBM research team has rated the vulnerability as “severe” as the app uses the SDK in Microsoft Office Mobile which hosts over 35 billion files on Dropbox. The vulnerability can be exploited using a malicious app installed on the user’s device or remotely using drive-by techniques.

Good news is that Dropbox has updated its Android SDK and urging users to update their software.

365 iT SOLUTIONS is a leading managed services provider (MSP) in Toronto offering a wide variety of industry leading IT consulting services including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Take advantage of our Complimentary Network and Security Assessment by 365 iT SOLUTIONS

Making I.T. Simple!

Categories
Industry Insights IT Solutions Managed IT Services

Android users beware, there is a new Dropbox vulnerability

If you have an android device and use Dropbox, you should be aware of a new vulnerability that allows cyber criminals to harvest data from your device.

Dropbox has stated that this vulnerability only impacts new files being saved into the users Dropbox via a vulnerable app that has not updated or been patched by the end user.

Microsoft has also their apps in the Google Play store to address this vulnerability.

The new vulnerability has been found by an IBM research team and called “DroppedIn”.  This threat allows cyber criminals to connect to a smart android device to a Dropbox account controlled by the cybercriminal and extract data.

The IBM research team has rated the vulnerability as “severe” as the app uses the SDK in Microsoft Office Mobile which hosts over 35 billion files on Dropbox. The vulnerability can be exploited using a malicious app installed on the user’s device or remotely using drive-by techniques.

Good news is that Dropbox has updated its Android SDK and urging users to update their software.

365 iT SOLUTIONS is a leading managed services provider (MSP) in Toronto offering a wide variety of industry leading IT consulting services including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Take advantage of our Complimentary Network and Security Assessment by 365 iT SOLUTIONS

Making I.T. Simple!

Categories
Industry Insights IT Solutions Managed IT Services

Yahoo now has password-free logins

No one likes passwords as they many are weak and insecure. To address this insecurity, Yahoo has introduced “on demand” passwords or password-free logins.

Many IT departments and managed IT services providers (MSP) have embraced two-factor authentication as it is a secure option however not all organizations use it plus it takes the time to set it up and manage.

Yahoo’s new “on demand” passwords work like two-step authentication. Users will be sent a unique time-sensitive code through either an app or a text message.  With “on demand” passwords, users will not have a permanent password tied to the account that’s required every time they log in.  When a user tries to sign in, they will see a “send my password” button instead of a password text box.  The new “on demand” passwords would have to be enabled in order to take advantage of this system.

Yahoo has referred to this as a first step to eliminating passwords however it is less secure of employing two-step authentication.  Yahoo “on demand” does have a security weakness.  If your phone falls into the wrong hands, your accounts will be easily compromised.

Yahoo is taking security seriously and they have also announced a new version of its new end-to-end encryption system that is designed to make it easier to encrypt emails.

365 iT SOLUTIONS is a leading managed services provider (MSP) in Toronto offering a wide variety of industry leading IT consulting services including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Take advantage of our Complimentary Network and Security Assessment by 365 iT SOLUTIONS

Categories
Industry Insights IT Solutions Managed IT Services

Yahoo now has password-free logins

Yahoo now has password-free logins

No one likes passwords as they many are weak and insecure. To address this insecurity, Yahoo has introduced “on demand” passwords or password-free logins.

Many IT departments and managed IT services providers (MSP) have embraced two-factor authentication as it is a secure option however not all organizations use it plus it takes the time to set it up and manage.

Yahoo’s new “on demand” passwords work like two-step authentication. Users will be sent a unique time-sensitive code through either an app or a text message.  With “on demand” passwords, users will not have a permanent password tied to the account that’s required every time they log in.  When a user tries to sign in, they will see a “send my password” button instead of a password text box.  The new “on demand” passwords would have to be enabled in order to take advantage of this system.

Yahoo has referred to this as a first step to eliminating passwords however it is less secure of employing two-step authentication.  Yahoo “on demand” does have a security weakness.  If your phone falls into the wrong hands, your accounts will be easily compromised.

Yahoo is taking security seriously and they have also announced a new version of its new end-to-end encryption system that is designed to make it easier to encrypt emails.

365 iT SOLUTIONS is a leading managed services provider (MSP) in Toronto offering a wide variety of industry leading IT consulting services including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Take advantage of our Complimentary Network and Security Assessment by 365 iT SOLUTIONS

Categories
Industry Insights IT Solutions Managed IT Services

FREAK’ encryption flaw compromises Windows

All active versions of Microsoft Windows are vulnerable to FREAK encryption flaw that leaves systems vulnerable to having their electronic communications intercepted.

IT security experts originally thought that Safari and Android were the only ones vulnerable to this flaw however Microsoft warned that the encryption including Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are also vulnerable. Microsoft has investigated and verified that the vulnerability could allow an attacker to exploit this vulnerability.

Industry researchers have stated that there was no evidence hackers had exploited.  A new security advisory released by Microsoft stated that all supported versions of Windows including its Server products are vulnerable to FREAK attacks.

FREAK attacks by downgrading the cipher suites used in Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connections.

The FREAK vulnerability is linked to the US government’s ban on exports of software featuring strong encryption in the early 1990s, where only 512-bit RSA keys were allowed for export. Of more than 14 million websites scanned for the FREAK, over 36 percent of them were found to be vulnerable.

How do you protect yourself from “Freak” encryption flaw?

Simple. Windows users can obtain March’s Patch Tuesday slate, including the FREAK fix, via the Windows Update service, as well as through the enterprise-oriented WSUS (Windows Server Update Services).

365 iT SOLUTIONS is a leading managed services provider (MSP) in Toronto delivering a wide variety of industry leading IT consulting services including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Take advantage of our Complimentary Network and Security Assessment