Categories
Industry Insights IT Solutions Managed IT Services

What is the weakest link in your cloud?

As more companies go to the cloud, many of them are concerned with security of their network.  This is a valid concern because companies spend a lot of money hiring IT consultants to implement their cloud services however there is one factor they cannot control, their employees.

A recent study covering over 400 IT professionals from over 20 different industries has shown some interesting thoughts when it comes to cloud services.  Over 77% of IT professionals feel that the weakest link in their entire IT infrastructure is their corporate users exposing their network to security concerns. Another 50% have security concerns with employees using cloud-based services that make their IT infrastructure less secure and over 75 percent of them believe that staff is unwittingly exposing company data.

So how do your protect your company from the weakest link in your cloud?

  1. Check out your cloud security.

First step is simple, encryption.  You should have proper encryption on the local system your employee is working on as well as your cloud services.  There are a variety of encryption standards to choose from including AES-256, RSA 2048 for signatures and shared folders, and SHA-256 for security checks. You can also use Secure Sockets Layer (SSL) and Streaming SIMD Extensions (SSE).  But there are some thing to consider such as your industry.  Some industries such as healthcare must satisfy certain security requirements for data storage.

  1. Back-up your data from the cloud.

Backups are to be considered an insurance policy.  Should your data ever be compromised, you will require a backup to help determine what and who has been subject to a security breach.  Many cloud services offer automatic data backups however in many cases it is limited to the most recent copy which may not be adequate, especially in the case of a major security breach.

  1. Keep systems updated.

With so many factors that can affect your infrastructure, the one most vital item is your internal IT infrastructure.  System, application and software providers continually issue patches to improve the security of their systems.  You can set applications to update automatically and eliminate the human element.  As basic as this might sound, you should install corporate class virus protection on all devices and set the virus protection to update automatically.

  1. Set a strict employee usage policy.

Here is the weakest link, the corporate user.  Your entire infrastructure is as secure as the users who can access it.  Most users do not realize that they are providing hackers opportunity to the network. Your managed IT services provider or IT department should restrict the use of social media and non-work related websites on company devices.  Also, you should only permit authorized administrators to install new software. Many companies now take it to a new level including to disable the use of USB drives to copy company data for all but authorized users. Last but not least, all users require strong password protection and require a unique passwords frequently as part of your IT security policies.

365 iT SOLUTIONS is a leading IT consulting firm in Toronto providing industry leading Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Take advantage of our Complimentary Network and Security Assessment by 365itSolutions.com

Categories
Industry Insights IT Solutions Managed IT Services

Millions of Routers Vulnerable to Hackers

IT security experts have found that over 12 million routers running “RomPager” are vulnerable to hackers.  The flaw is called “Misfortune Cookie”.

Many users have never heard of RomPager however it is actually among the most widely used Web server software in the world.  Routers using this have been manufactured D-Link, Huawei, TP-Link, ZTE, Zyxel and several others manufacturers.  Many manufacturers have responded and they are offering new firmware and patches to address the latest security threat.

So how does Misfortune Cookie work?

The Misfortune Cookie uses a vulnerability in RomPager to allow a hacker to send a single packet containing a malicious HTTP cookie to exploit the flaw.  This exploit would corrupt memory on the device and allow an attacker to remotely gain administrative access to the device.

With the latest vulnerability Misfortune Cookie, home routers are at risk to remote attacks including your entire network including printers, NAS and many other devices.  This is a huge security concern due to privacy violation but it also allows for future attacks such as installing malware on devices and making permanent configuration changes.

This WAN-to-LAN free-crossing is also bypassing any firewall or isolation functionality previously provided by your gateway and breaks common threat models.  Hackers can try to access your webcam or extract data from your NAS drive.

How do you protect yourself from Misfortune Cookie?

Obviously the first step is to verify if there is an update for your router direct from the manufacturer.  You can also ensure your router’s web server is not open to the public on ports 80, 8080, 443 and 7547.

365 iT SOLUTIONS is a leading IT consulting firm in Toronto providing industry leading Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Take advantage of our Complimentary Network and Security Assessment by 365itSolutions.com

Categories
Industry Insights IT Solutions Managed IT Services

Gmail Adds Content Security Policy Support

As hackers step up their attacks, many tech companies are stepping up their security features.  Google has added content security policy for users of Gmail on the desktop.

Gmail now supports content security policy and Google designed it to help eliminate cross-site scripting and other common Web-based attacks.

Content Security Policy (CSP) is a W3C standard which is supported by multiple browsers.  Mozilla has been supporting CSP since Firefox 4.  The technology is effective at defending against XSS attacks however the issues has been that not many websites support it plus many IT consultants state that it is difficult to implement properly.

What are the benefits to Content Security Policy (CSP) for Gmail?

The benefits are simple and clear for Google.  As many large technology companies, Google carries a very large target on its back.  Gmail is subject to a large list of threats from hackers.  Gmail also has a very large user base which includes people from all over the world.  Google has beefed up the security of Gmail several times in the last 24 months period including the ability to select HTTPS as the default connection option and adding a two-step verification option.  Now, Google went even further by adding Content Security Policy (CSP).

Gmail users beware!  Gmail offers many great extensions however some extensions are not great and behave badly including code that interferes with Gmail session, or malware that compromises Gmail’s security. Gmail’s Content Security Policy (CSP) protects users by stopping these extensions from loading unsafe code.

The most common web-based attack are XSS attacks.  The unfortunate part is that can take advantage of these vulnerabilities to load malicious code from a remote site and compromise visitors to a legitimate site. Content Security Policy (CSP) is designed to mitigate these attacks by letting site owners determine which domains can safely load scripts in the browser.

We are a leading IT consulting firm in Toronto providing industry leading Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Take advantage of our Complimentary Network and Security Assessment by 365itSolutions.com

Categories
Industry Insights IT Solutions Managed IT Services

Google Blacklists Websites with SoakSoak Malware

Google has blacklisted over 10,000 websites due to SoakSoak malware however IT consultants believe that the figure will continue to grow.

There are over 100,000 sites hosted on WordPress platform that may be vulnerable to SoakSoak.  IT security have noticed that hackers are targeting WordPress users running Internet Explorer on Windows.

The SoakSoak campaign was pulling malware from a Russian domain which is currently offline however it seems that that the malware may have caught quickly by IT security experts.

 

How does SoakSoak Malware Work?

In WordPress websites, the SoakSoak malware is modifying “wp-includes/template-loader.php” file that makes it a JavaScript file “wp-includes/js/swobject.js” which can be loaded onto every page in the website. After the file has been decoded, SoakSoak malware is loaded from the compromised Russian domain.

IT consultants have acknowledged that older versions of WordPress websites that use older versions of a popular slideshow plugin, “Slider Revolution or RevSlider version 4.1.4 and older” are vulnerable to SoakSoak malware.

 

How do your protect yourself from SoakSoak Malware?

Recently, there was a vulnerability in version 4.1.4 of a slider plugin from ThemePunch.  The vulnerability allowed hackers to download any file including database credentials from the affected website’s server. ThemePunch fixed the issue in 4.2 however users who had the slider installed as a bundled theme never received the update.  RevSlider’s does have an automatic update mechanism however it is usually disabled and left to the webmaster or IT support services to update.

 

What make SoakSoak Malware dangerous?

There are more than 70 million websites that run on WordPress and RevSlider.  RevSlider is one of the most popular plugins so it’s difficult to know exactly how many and what kind of sites may have been hit by the SoakSoak Malware.

 

365 iT SOLUTIONS is a leading IT consulting firm in Toronto providing industry leading Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Take advantage of our Complimentary Network and Security Assessment by 365itSolutions.com

Categories
Industry Insights IT Solutions Managed IT Services

What is Microsoft Microsoft 365?

 

Many people ask, what is Microsoft 365?  Well, Microsoft 365 is a cloud service from Microsoft designed to people access to business IT infrastructure  from anywhere there is an internet connection and IT consultants highly recommend it.

Over the years, Microsoft 365 has grown to include several types of software including the latest Microsoft Office tools like Word, PowerPoint, Outlook, Publisher, OneNote and Excel.  Microsoft 365 allows you to access the cloud and work on your documents, presentations, or spreadsheets even if you don’t have Office software installed on your computer.  Microsoft 365 even allows access to them on smart phones and tablets with Office Web Apps which is another component of Microsoft 365.

Microsoft 365 demand stems from this businesses looking to access the cloud and increase productivity and IT infrastructure uptime.  Example. Many companies were limited to software housed on your workstations or servers housed at work however once they get home or outside the office, people were not able to open and edit the document they were working on at the office.

You can still do things the traditional way and have someone sends us a Word document as an email attachment where you can open it, edit it, and send it to someone else however it makes it hard to work on projects as a team plus not many people have Office productivity suite such as Word installed on tablets or mobile phones therefore limiting the devices available to be used.  With Microsoft 365, you are given many tools for sharing and collaborating documents in real time.

Is Microsoft 365 considered SaaS?

Yes, Microsoft 365 is considered to be Software as a Service (Saas).  SaaS allows programs to be installed on your servers or workstations that you have purchased a subscription to through Microsoft.  This allows you to have access to software over the internet and from multiple devices.

What is the ROI on Microsoft 365?

  • If you only use Word on a single desktop at home, then it would be cheaper to buy the latest version and have it installed on your hard-drive rather than to pay a monthly bill to Microsoft for a subscription.
  • If you need other Microsoft Office software tools or if you need it to be available to multiple users in multiple locations on multiple devices, then signing up for a subscription of Microsoft 365 would be a better option.
  • Many companies use Microsoft 365 in a hybrid model including some users using email only and other using a full suite of Microsoft 365 including email and Office productivity suite.
  • Another big advantage of Microsoft 365 is that you will always receive the latest Office productivity suite including software updates automatically without any additional costs. , so you’ll always be using the latest version without having to purchase any downloads.

Microsoft 365 is not an easy decision however if your company is considering at upgrading and investing into the cloud and wondering if Microsoft 365 is a good choice, you will have to take multiple things into consideration including what is your current management of data in your network and do your employees require access to documents outside the physical network?

365 iT SOLUTIONS is Toronto’s leading IT consulting firm offering industry leading Managed IT Services, IT Support Services, IT Outsourcing Services, Tech Support Services and Cloud Services.

Welcome to Worry-Free IT!

Categories
Industry Insights IT Solutions Managed IT Services

Microsoft Patch Recalled for Exchange

 

Microsoft patch recalled for Exchange that was released on Tuesday.  The Microsoft recall is for a security patch for Exchange Server that was originally slated for release in the November.

For a second month in a row, Microsoft has recalled a security bulletin after releasing a patch.  Microsoft has recently reorganized their Trustworthy Computing Group and since then two of three patch have been subject to recall.

The recent recalled patch for Exchange was originally to be released in November however it was pushed back to the December.  This recall is one part of a broader Exchange bulletin that Microsoft is recalling the following:

  • Exchange Server 2010 SP3 Update Rollup 8 which was rated important and fixed a privilege escalation problem. This is similar fixes for Microsoft Exchange Server 2007 service pack 3, 2013 service pack 1 and 2013 cumulative update 6 remain accessible.

 

Microsoft has recalled the update and it is no longer available on the download center until the new RU8 release however if you have already deployment the patch, Microsoft suggests that you rollback the update.

Microsoft stated that the issue in the update affects Outlook’s ability to connect to Exchange.  Microsoft has not released an update or fix however once it is released, Microsoft will post announcements on its Exchange Blog.

365 iT SOLUTIONS is a leading IT consulting firm in Toronto. We provide industry leading Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Take advantage of our Complimentary Network and Security Assessment by 365itSolutions.com

Categories
Industry Insights IT Solutions Managed IT Services

What is Virtualization?

 

As technology shrinks and becomes more mobile, virtualization is in the backend handling how hardware stores and processes all the data.  It is no surprise that large companies have large onsite servers in endless lines of racks however with all the data and processing demands, even small- to medium-sized businesses (SMBs) have huge amounts of data and processing demands.

 

So why is virtualization popular?

Servers require tons of power, generate heat plus take up valuable real estate.  Server processing power can be greatly depleted as it gets diverted across diverse applications and many IT support services departments devote a server to each application however it creates an issue as to how to operate and maintain the growing number of physical servers.

For this reason, many IT consultants and Managed IT Services providers (MSP) are switching from physical to virtual servers.  To virtualize a server, your IT department will use virtualization software such as VMware vSphere or Microsoft Hyper-V to divide each physical machine into several virtual machines (VMs). Virtualization allows IT professionals to devote however much processing power a server requires to run a particular application without having to worry about it affecting other servers and other applications.

 

What are the benefits to virtualization?

Efficiency – Many applications require relatively small amounts of processing power so by using virtualization in your network, you can now create a server per application plus host several of them on a single server.  This allows you the benefit of having a server devoted to each application while minimizing the total number of physical servers in your environment.  Another great point is that by using a single large physical server, you can host several applications while reducing overall energy consumption.

Resilience – Everyone like redundancy!  With virtualization, you can have the same application running on identical virtual servers on two different physical servers therefore this allows your company to keep the application up-and-running even if the primary physical server crashes.

Testing – Developers love working with virtual machines (VM) as they often worry that the new applications they create will somehow affect the operation of other applications on the same machine.  With virtualization, developers can do test runs of new software on separate physical servers.  Virtual machines (VMs) servers, on the other hand, work like independent machines, so you can test new software on them without having to worry about how it will impact other applications.

Migration and Running Upgrades – Since virtual servers can operate on many different physical servers, it is possible to transfer applications and the virtual machines (VMs) to other hardware.  You can also free servers from hosting hardware so you can perform maintenance or upgrades.  Another great point is that you can move virtual machines (VMs) from one server to another so you can work on them without having to deal with any downtime.

Hosting – You can host virtual machines (VMs) onsite or in a datacenters maintained by your cloud service provider such as Microsoft Azure.

If you have any questions about virtualization or want to learn more about hosting options for your business, the team at 365 iT SOLUTIONS can help you asses your current IT infrastructure environment.

365 iT SOLUTIONS is a leading IT consulting firm in Toronto. We provide industry leading Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Take advantage of our Complimentary Network and Security Assessment by 365itSolutions.com

Categories
Industry Insights IT Solutions Managed IT Services

IT departments losing control of IT spending

 

Gartner released a report showing that IT departments are losing control of IT spending.  Industry experts are expecting an increase of 4.1 percent however chief information officers (CIOs) are expecting their budgets to be flat or declining.

 

So how is IT spending getting out of control? 

 

Simple, studies have shown that over 38 percent of global IT spending is done outside of IT departments.  This includes other departments such as your marketing department, HR department, logistics department and sales department. Many of these purchases are with no knowledge of the IT department.

 

The recent Gartner report estimates that 50 percent of all technology sales professionals are actively selling direct to business units and not IT departments.  The impact of all this IT spending is having a massive impact on the global IT industry.

 

Here are some interesting statistics on how global IT industry is changing:

 

  • Since 2013, over 650 million new physical objects have come online.
  • 3D printers has become a billion dollar industry and growing at a tremendous rate.
  • Over 10 percent of automobiles are connected and growing at an incredible rate due to advancements.
  • The number of chief data officers (CDO) and chief digital officer (CIO) positions has doubled.

 

How do you control IT spending? 

 

Proper vendor management enables organizations to control costs, drive service excellence and mitigate risks to gain increased value from their vendors throughout the deal life cycle.  Many IT consultants suggest that vendor management is the key taking control of your IT spending.   CIOs need to create a proper IT spending model which still allow IT departments to remain relevant.  IT departments need to be involved in all cycles of purchasing IT spending.

 

Vendor management enables organizations to develop, manage and control vendor contracts.  By managing vendor relationships, you are able to review the efficiency of products and services delivered.  This will help obtain business objectives and minimize business disruption.

 

365 iT SOLUTIONS is a leading IT consulting firm in Toronto. We provide industry leading Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Take advantage of our Complimentary Network and Security Assessment by 365itSolutions.com

Categories
Industry Insights IT Solutions Managed IT Services

What is Microsoft BizTalk?

What is Microsoft BizTalk and how does it help today’s business be competitive and increase profitability?  With more than 12,000 customers worldwide, find out what makes it successful.

In today’s complex and competitive economy, businesses need to be more than warehouses of products and storefronts for merchandise.  Example, a healthcare company needs to integrate information from manufacturers, retailers, pharmaceutical companies, insurance companies, and regulatory agencies.  Since no business is an island, the challenge for every business is to find the best way to record and manage the information through their channels so that it can be used to improve decision-making, efficiently and profitability.

Microsoft BizTalk Server or BizTalk Services is an application integration platform.  Here is an example of how it works in a real business environment:

  • Divide your screen into three parts
  • Middle part is a grid whose fields contain bits of information about a patient in a hospital.
  • Left side is the items on a government form are listed in order along a vertical column.
  • Right side is items on a form for an insurance company.

Now with BizTalk, you can draw a line connecting the item in its location on each column to the corresponding data point on the grid in the middle.  BizTalk can take either one of the forms and, without anyone having to re-enter any of the data, use it to fill out the other form. In other words, BizTalk adapts the information from one source to the format required for another location.

BizTalk has over 8,000 industry-standard forms.  Any business that has to coordinate the activity of various departments based on information from different types of input can benefit from this tool.

BizTalk can be used in multiple ways in multiple businesses.  If you are trying to figure out how much time do you or your employees spend filling out forms, or transferring information from one location to another? BizTalk may be the answer to help you.

365 iT SOLUTIONS is a leading IT consulting firm in Toronto. We provide industry leading Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Take advantage of our Complimentary Network and Security Assessment by 365itSolutions.com

Categories
Industry Insights IT Solutions Managed IT Services

What Is Microsoft Azure?

I am sure you have heard of Microsoft Azure before.  It is mentioned in the media and by IT consultants worldwide plus it is the future of cloud services.  But what is Microsoft Azure?  How does Azure help your business?

Many Managed IT Services providers are preparing their client networks for a complete cloud solution.  Microsoft is committed to the cloud and so should your business.  Microsoft is already creating hybrid cloud services models and allowing certain products to work with the cloud.  This extends the amount of support and proactive IT Support Services most companies require however it does streamline your business IT Tech Support Services requirements.

Cloud Services is allowing companies to distance themselves from the traditional model of deploying onsite hardware to shrinking your IT infrastructure footprint and use the cloud.  The cloud is available in many flavours and it can be a private cloud or a datacenter.  Many cloud services providers offer Software as a Service (SaaS) such as Microsoft 365 however if you want to build or host applications in the cloud, you will want a service like Azure in your IT infrastructure.

What different versions of Microsoft Azure are available?

Platform as a Service (PaaS)

Companies can use Azure as a platform for building and deploying custom applications.  Microsoft Azure provides a wide range of tools that can be used to develop these custom applications.  Then developers can use virtual machines to execute the rules of the application on a Windows Server.  The development and hosting tools are purchased through a subscription.

Infrastructure as a Service (IaaS)

Azure gives companies the ability to create Virtual Machines (VMs) by specifying the size and the Virtual Hard Disk (VHD) you require.  The VHD is the virtual version of a hard drive on a conventional computer; it’s the storage unit on which all the files and applications are saved.  Good news is that Microsoft Azure provides access to Windows and Linux VHDs and as with the rest of Azure, you only pay for the time the VM is running.

A big advantage of VMs is that developers can build and test applications quickly and at a low cost.  Businesses also use VMs to augment onsite datacenters to boost the power of applications like SharePoint.  To create virtual servers on physical servers, IT consultants use software to set up divisions between each virtual machine (VM) and allow them to operate independently.

IT support services professional know that this adds a layer of protection between your information and the physical infrastructure.  This will give your tech support service more flexibility in how they manage and protect your IT infrastructure.

Mobile Back-end as a Service (mBaaS)

Microsoft Azure Mobile Services gives companies the tools to create and deploy applications quickly especially apps for mobile devices.  The information gets accessed by the app on your device stored in what’s called a back-end database.  Microsoft Azure allows you to build apps for Android, iOS, HTML/ JavaScript and Windows Phone.

 

Microsoft Azure offers many options for businesses to take advantage of cloud services however there are many factors to evaluate.  Cloud services is a big step for companies however if planned properly, your company will experience reduced downtime, increased security and more productivity. Take advantage of our Complimentary Network and Security Assessment by 365itSolutions.com and we will develop a custom assessment of your current network and future direction.