veeam

Veeam Availability Suite 9.5 Update 3

Just before Christmas (2017) Veeam released Update 3 for Veeam Availability Suite 9.5 in addition to  updates for Veeam Agent for Windows and Veeam Agent for Linux. The links to the KB release notes are at the bottom of the post but below is a quick summary of some of the features announced.

Built-In Agent Management

The first big feature to mention with update 3 is the ability to manage and deploy Veeam Agents for both Windows and Linux directly through the Backup and Replication management console. Whilst previous versions of the agent have been able to protect the last few remaining physical servers that have not been virtualised it has always been a standalone process to manage these. Now with this integration everything can be managed from one console. Don’t forget the agent can also be used to protect cloud workloads as well.

It is also now possible to protect Microsoft Windows Server Failover Clusters with the latest release of the agent. This includes SQL Server failover clusters and SQL AlwaysOn Availability Groups.

Cloud Connect Insider Protection

This new functionality will allow backup data held by a service provider to be retained for a set number of days after it’s been deleted. Today there are many risks to our backup data from malicious activity such as ransomware to accidental deletion by employees. This new feature acts like a recycle bin so if all other backup data is lost then the Cloud Connect service provider can effectively save the data.

Data Location Logging

This will allow you tag locations of Veeam repositories and other associated objects to ensure that data sovereignty compliance requirements are met. If backups, restore or replication jobs are performed to the wrong location a warning can be issued with full auditing capability if the action is confirmed.

Storage Array Integration

If you have an IBM Spectrum Virtualise or Lenovo V Series then you can now backup from Storage Snapshots and also use the Veeam Explorer for Storage Snapshots. Remember that backup from storage snapshots is an Enterprise Plus feature.

Support for VMware Cloud on AWS

With update 3 this you can not only protect virtual machines running in the cloud but also migrate or replicate from on-premises vSphere deployments to VMware Cloud on AWS and vice versa. It’s great see to Veeam supporting this already.

I hope to get this update installed to our demo environment shortly and evaluate some of these new features. I’m particularly interested to understand the support of failover clusters as I know a few of our customers will be interested in this.

Links

This article was provided by our service partner Veeam.

certificates

Why you should get a handle on Certificates

Many companies (especially smaller ones) feel they do not have the work force or time to deal with properly implementing signed TLS certificates across their organization.  This can lead to potentially serious problem because of the user’s perception while browsing the company intranet sites. If something potentially is hacked and everyone is accustomed to clicking through certificate warnings, then company accounts and data can easily be compromised.

Organizations that deploy Microsoft Certificate Services or even their own Certificate Authority (CA) using the OpenSSL toolkit are in a much better position to handle attacks and organize their application infrastructure.

Think twice about clicking through Pop-ups. What is the cost of a breech? Get a recognized root CA deployed to your clients and install the associated server certificates on all of your user facing systems.

Managed Security Services

Ransomware Variants an MSP Should Watch Out For

We can all agree that ransomware is one of the biggest and most destructive threats managed service providers and their clients have faced in recent years. Currently, there are well over 120 separate ransomware families, and there’s been a 3,500% increase in cyber criminal internet infrastructure for launching attacks since the beginning of 2016. And nearly 90% of MSP report their clients have been hit by ransomware in the last year. But, in spite of these numbers, nearly 70% of MSP still aren’t completely confident their clients’ endpoints are secure against these insidious attacks.

Know Your Enemy

In addition to maintaining up-to-date endpoint security that uses real-time analysis to detect zero-day attacks, it’s important to know your enemy. Cybersecurity provider Webroot recently put together a list of the top 10 nastiest ransomware variants of 2017. You’ve probably heard of the big, newsworthy names that made the list, like WannaCry, NotPetya, and Locky, but here’s a few more MSPs should watch out for.

  1. CrySis
    CrySis attacks by compromising Remote Desktop Protocol (RDP). RDP is a common method for deploying ransomware because criminals can get into admin accounts that have access to an entire organization. First detected in February 2016, CrySis took some time to spread, and really came into its own in 2017.
  2. Nemucod
    This ransomware variant arrives via phishing emails disguised as a shipping invoice. Nemucod downloads malware and encryption components stored from hacked websites, and would have most likely been the worst of the phishing email attacks for the year, had Locky not resurfaced in August.
  3. Jaff
    Like Nemucod and Locky, Jaff uses phishing emails to spread. It also uses similar techniques to other successful ransomware attacks, including Dridex.
  4. Spora
    This ransomware is distributed by legitimate websites that have been compromised with malicious JavaScript code. The sites display a pop-up prompt to visitors, instructing them to update their Chrome browsers to continue viewing the page. But when the unsuspecting user downloads the “Chrome Font Pack”, they get the infection instead.
  5. Cerber
    Cerber also uses phishing and RDP, but unlike some of its colleagues, it distributes ransomware-as-a-service (RaaS). This “service” allows aspiring cybercriminals to use pre-packaged ransomware tools as they choose, while the Cerber author gets a 30% cut of any profits made.
Keeping Your Clients Safe

There are a number of steps an MSP can take to keep clients safe.

  • First, educate your clients. Be sure to teach them how to spot suspicious emails and how to check legitimacy any time an email seems a little off. We also recommend implementing an end user cybersecurity training program.
  • Second, keep applications and plugins up to date, and make sure your clients are using reliable cloud-based antimalware, web filtering, and firewalls.
  • Third, use your operating system to your advantage. Set up Windows® OS policy restrictions, disable auto-run, disable VBS, and filter executables from emails.
  • Fourth, ensure your clients run regular backups, set up offline air gap backups with multiple copies of each file, and maintain up-to-date business continuity measures.

This article was provided by our service partners Webroot & Connectwise.

Internet Security : New Cryptojacking Tactic may be Stealing Your CPU Power

What if cybercriminals could generate money from victims without ever delivering malware to their systems? That’s exactly what a new phenomenon called “cryptojacking” entails, and it’s been gaining momentum since CoinHive first debuted the mining JavaScript a few months ago. The environmental and social impact of this online was significant, the statistic speak for themselves, almost everyone was affected in some way or another.

The intended purpose: whenever a user visits a site that is running this script, the user’s CPU will mine the cryptocurrency Monero for the site owner. Find out the DC Forecasts for the next couple weeks. This isn’t money out of thin air, though. Users are still on the hook for CPU usage, the cost of which shows up in their electric bill. While it might not be a noticeable amount on your bill (consumer CPU mining is very inefficient), the cryptocurrency adds up fast for site owners who have a lot of visitors. CoinHive’s website claims this is an ad-free way for website owners to generate enough income to pay for the servers. All altruistic excuses aside, it’s clear threat actors are abusing the tactic at the victims’ expense.

cryptojacking

In the image above, we can see that visiting this Portuguese clothing website causes my CPU to spike up to 100%, and the browser process will use as much CPU power as it can. If you’re on a brand new computer and not doing anything beyond browsing the web, a spike like this might not even be noticeable. But if you’re using a slower computer, just navigating the site will become very sluggish.

If you see the news, youll know that cybercriminals using vulnerable websites to host malware isn’t new, but injecting sites with JavaScript to mine Monero is. In case you’re wondering why this script uses Monero instead of Bitcoin, it’s because Monero has the best hash rate on consumer CPUs and has a private blockchain ledger that prevents you from tracking transactions. It’s completely anonymous. Criminals will likely trade their Monero for Bitcoin regularly to make the most of this scam.

CoinHive’s JavaScript can be seen in this website’s HTML:

Cryptojacking Javascript

CoinHive maintains that there is no need block their scripts because of “mandatory” opt-ins:

“This miner will only ever run after an explicit opt-in from the user. The miner never starts without this opt-in. We implemented a secure token to enforce this opt-in on our servers. It is not circumventable by any means and we pledge that it will stay this way. The opt-in token is only valid for the current browser session (at max 24 hours) and the current domain. The user will need to opt-in again in the next session or on a different domain. The opt-in notice is hosted on our servers and cannot be changed by website owners. There is no sneaky way to force users into accepting this opt-in.”

For reference, here’s what an opt-in looks like (assuming you ever do see one):

Cryptojacking-Opt-In-Example

 

Why Webroot blocks cryptojacking sites

Unfortunately, criminals seem to have found methods to suppress or circumvent the opt-in—the compromised sites we’ve evaluated have never prompted us to accept these terms. Since CoinHive receives a 30% cut of all mining profits, they may not be too concerned with how their scripts are being used (or abused). This is very similar to the pay-per-install wrappers we saw a few years ago that were allegedly intended for legitimate use with user consent, but were easily abused by cybercriminals. Meanwhile, the authors who originated the wrapper code made money according to the number of installs, so the nature of usage—benign or malicious—wasn’t too important to them.

To protect our users from being exploited without their consent, we at Webroot have chosen to block websites that run these scripts. Webroot will also block pages that use scripts from any CoinHive copycats, such as the nearly identical Crypto-Loot service.

According to https://www.foam.space/, there are a few other ways to block these sites. You can use browser extensions like Adblock Plus and add your own filters (see the complete walkthrough here.) If you’re looking for more advanced control, extensions like uMatrix will allow you to pick and choose which scripts, iframes, and ads you want to block.

This article was provided by our service partner Webroot.com 

 

vpn

Security : Why You Should Use a VPN on Public WiFi

Working remotely? It only takes a moment on a free WiFi connection for a hacker to access your personal accounts. While complimentary WiFi is convenient, protecting your connection with a VPN is the best way stay safe on public networks, keeping your data and browsing history secure.  

What is a VPN?

VPN stands for “virtual private network” and is a technology that can be used to add privacy and security while online. It’s specifically recommended when using public WiFi which is often less secure and is often no password protected.  

VPN’s act as a bulletproof vest for your internet connection. In addition to encrypting the data exchanged through that connection, they help safeguard your data and can enable private and anonymous web browsing. However, even if you’re using a VPN, you must still be careful about clicking on suspicious links and downloading files that may infect your computer with a virus. Protecting yourself with antivirus software is still necessary.

When and why should you use a VPN?

When checking into your hotel, connecting to the WiFi is often one of the first things you do once settling in. While it may sound like a tempting offer, logging in to an unsecured connection without a VPN is a very bad idea. In July, ZDNet reported the return of hacker group DarkHotel which aims to target hotel guest’s computers after they have logged on to the building’s WiFi. Once compromising a guest’s WiFi, the hacker group can then leverage a series of phishing and social engineering techniques to infect targeted computers. 

Traveling and lodging is just one example of when you can use a VPN to help stay secure and avoid potential attacks, however anyone can benefit from using a VPN.  

From checking Facebook on an airport hotspot, accessing your company files while working remotely or using an open network at your local coffee shop, regardless of the scenario, using a public WiFi can potentially put the data you’re sending over the internet at risk.

This article was provided by our service partner Webroot

Internet Security

Internet Security – Two-Factor Authentication: Why & How You Should Use it

Conventional wisdom about passwords is shifting, as they are increasingly seen as a less-than-ideal internet security measure for securing digital accounts. Even the recommended rules for creating strong passwords were recently thrown out the window. Average users are just too unreliable to regularly create secure passwords that are different across all accounts, so using technology to augment this traditional internet security is imperative.

From online banking to email to cloud-based file storage, much of our high-value information is in danger if a hacker gains access to our most frequently visited sites and accounts. That’s where two-factor authentication comes in.

Two-factor authentication (2FA) adds an extra layer of security to your basic login procedure. When logging into an account, the password is a single factor of authentication, and requiring a second factor to prove you are who you say you are is an added layer of security. Each layer of security that you add, exponentially increases protection from unauthorized access.

Three categories of two-factor authentication:
  1. Something you know, such as a password.
  2. Something you have, such as an ID card, or a mobile phone.
  3. Something you are, a biometric factor such as a fingerprint.

The two factors required should come from two different categories. Often, the second factor after entering a password is a requirement to enter an auto-generated PIN code that has been texted to your mobile phone. This combines two different types of knowledge: something you know (your password) and something you have (your mobile phone to receive a code in SMS text or code from a 2FA app).

Protect accounts with an extra layer of security

Popular social media sites, including Twitter, Facebook, Instagram and Pinterest, have added 2FA to help protect users. In addition, you may have noticed that services from companies such as Apple, Google and Amazon will notify you via email each time you log in from a different device or location.

While 2FA from an SMS text message is popular and much more secure than a password alone, it is one of the weaker types of 2FA. This is because it’s relatively easy for an attacker to gain access to your SMS texts. When you log in to your account and it prompts for a SMS code, the website then sends the code to a service provider and then that goes to your phone.

This is not as secure as everyone thinks, because the phone number is the weakest link in the process. If a criminal wanted to steal your phone number and transfer it to a different SIM card, they would only need to provide an address, the last four digits of your social security number, and maybe a credit card number.

This is exactly the type of data that is leaked in large database breaches, a tactic to which most Americans have fallen victim at some point or another. Once the attacker has changed your phone number to their SIM card, they essentially have your number and receive all your texts, thus compromising the SMS 2FA.

Many people are guilty of using weak passwords or the same login information across several accounts, and if this sounds like you, we recommend that you use authenticator apps such as Google Authenticator and Authy. These apps are widely supported and easy to setup.

Simply go to the “account settings” section on the site you want to enable. There should be an option for 2FA if it is supported. Use the app on your phone to scan the QR code and, just like that, it’s configured to give you easy six-digit encrypted passwords that expire every 30 seconds.

What happens when you’re not using sites that have 2FA enabled? Quite simply, security is not as tight and there’s a higher risk of a hacker gaining access to your accounts. Depending on what is stored, your credit card information, home address, or other sensitive data could be stolen and used to commit fraud or sold on the DarkWeb.

And until passwords are put to death completely, be sure to heed a few safety tips from Gary Hayslip, Webroot CISO, in addition to using two-factor authentication:

“Change passwords periodically, do not recycle passwords, don’t use the same password for your social media account and your bank account, and finally store your passwords in a safe place. Consider using some type of password vault program, avoid keeping passwords on a Post-it note under your keyboard, on your monitor or in a drawer near your computer.” – Webroot CISO Gary Hayslip

—————————————————————————
This article was provided by our service partner : webroot.com
Internet Security

Internet Security : 10 Fundamentals to Fight Breach Fatigue

You don’t have to spend a lot of years in internet security to experience a phenomenon that’s been dubbed breach fatigue: the tendency to get tired of hearing about data security breaches. Breach fatigue can affect people differently based on their professional roles. For IT managers at smaller companies, breach fatigue can lead to a “why bother?” attitude. After all, if a major bank that spends hundreds of millions of dollars a year on internet security can still get hacked, is there any hope for small to midsize businesses?

Unfortunately for MSPs, attitudes like that can undermine your efforts to sell security products and services, so it is important to be ready with a response to this rebuttal. For example, I would say: “Your chances of surviving a cyberattack are actually quite high IF you’ve taken care of the fundamentals.” Before I describe those fundamentals, let me explain why I am confident in that statement.

First, I should note that each time a new data breach makes headlines, it adds to the workload for security researchers. Why? Because we want to find out how that breach happened so we can tell people how to avoid succumbing to the same type of attack. Unfortunately, it can take days or weeks, sometimes even years before we get the full story (which often differs from the first reports of the event).

Remember when JPMorgan Chase suffered what prosecutors later described as “the largest theft of customer data from a US financial institution in history”? When the news of that breach first got out, there was talk of a sophisticated nation state attack, even Russian involvement. We later learned that, although the bank had very sensibly installed two-factor authentication on its servers, it had missed one. That one server was how the hackers, con artists not a nation state, got in.

More recently we learned that an even more shocking breach – Equifax – was due to a failure to patch a well-publicized vulnerability (the congressional testimony of the Equifax CEO, who stepped down in the wake of the breach, suggested that the responsibility for patching rested with one person, who apparently slipped up). Back when Target was breached, internet security alarm bells were ignored and people failed to notice plaintext files full of credit card data being shipped to unapproved FTP servers in Russia.

The overarching theme here is that taking proper care of the fundamentals I’m about to discuss would have stopped many big-name breaches from happening. The good news for smaller companies is that they are likely to have fewer servers to watch over, fewer rogue projects flying under the radar, and simpler data flows to monitor.

So here is my pick of 10 fundamentals which, when properly managed, will go a long way in thwarting the bad guys:

  • 1. Timely patching of vulnerabilities
  • 2. Endpoint protection on all endpoints, including servers, at all times
  • 3. Encryption of data at rest
  • 4. Multi-factor authentication on all remote access, RDP, etc.
  • 5. Network segmentation
  • 6. Network monitoring / data loss prevention
  • 7. Removable media controls
  • 8. Backup and recovery plan
  • 9. Incident response plan
  • 10. Employee security awareness

To do all this, you must have a secure and dedicated internet provider for your business like EATEL Business Managed Wi-Fi. Yes, that’s a lot of work, but if you get it done, your odds of both avoiding and surviving breaches will improve greatly.

This article was provided by our service partner: ESET.

Microsoft

Four Pillars of the Modern Partner Creating Thriving Cloud Business

 

Guest Author: Matt Morris – Matt Morris is a Partner Technical Strategist & Cloud Business guru in the One Commercial Partner group, where he leads technical sales readiness, and strategy for one of Microsoft’s largest distribution partners. Prior to his current role, Matt worked in enterprise technology sales, software development, and solution architecture roles at Microsoft and other technology firms. He has experience with mid-market and large enterprise organizations across a variety of industries as well as the public sector. He helps customers understand and implement high innovation and transformational technology solutions in the areas of analytics, cloud computing, and developer tools and platforms.

According to IDC, by 2020 IT cloud services revenue will exceed $500 billion. As a part of Microsoft’s One Commercial Partner organization, I know firsthand both the tremendous opportunity cloud computing presents our partners and the complexity that opportunity can pose. So, as you prepare to join us at IT Nation, I want to share a series of cross-industry partner resources that will help you evaluate the benefits and risks of cloud computing, and provide best practices to help you successfully transform your business to capture the largest possible share of those dollars.

 

Is the cloud right for my business?

Nearly 80% of customers are deploying or fully embracing cloud technology today, according to IDC. It’s clear many clients are hungry for the cost-savings and flexibility the cloud can provide, but finding the right pace and model for cloud adoption is challenging for many partners. In The Booming Cloud Opportunity, IDC analyzes the scope of the opportunity and how you can take advantage.

How do I grow my business with the cloud?

No one knows your clients like you do. Your hard-earned expertise solving clients’ challenges is the perfect foundation for a cloud-based practice. You know the solutions your clients want, without compromising their security or increasing long-term costs. More importantly, your clients chose you for a reason. Whether you’ve mastered a particular technology, specific vertical, or business process – your unique expertise can be scaled with cloud solutions to make you more profitable. Whether you’re looking to start gently with an SaaS solutions like Office 365™, or to dive into IaaS or PaaS with Azure™, evaluate your revenue potential with your Office 365 Revenue Modeling Tool or check out the eBook, Differentiate to Stand Out.

Will I need to change my sales & marketing for cloud solutions?

The next challenge is communicating the unique value you offer, particularly when 65% of B2B purchase decisions are made before ever engaging sales. The Modernizing Sales and Marketing Guide distills the best practices other successful partners have implemented. From developing a listening culture and understanding the customer journey, to building the right marketing assets to communicate how you solve customers’ real business challenges, this guide will help you grow your practice.

Am I ready to expand my practice into the cloud?

Changing your business model seems risky, even when you know that it’s critical to long-term success. So, before deciding to wait a little longer, see what it would take to get started. Some cloud services, like Office 365, can be implemented quickly and painlessly. If you have cautious clients, expanding into a hybrid blend of on-premise and cloud solutions might fit. The key is to create a strategy that allows you to leverage easily deployed cloud components to drive services revenue today, while developing your own specialized solutions to turn your unique expertise into a repeatable product over time. Get started with Optimizing your Operations.

However you choose to implement cloud services, my goal is to help you strengthen both your bottom line and your relationship with your customers. Long-term profitability is the result of helping your customers achieve their goals, growing revenue while reducing churn. Our last resource, Delivering Customer Lifetime Value closes the loop.

This article was provided by our service partner Microsoft.

veeam 10

Veeam 10 highlights

At the recent VeeamON Forum in London – some teasers were released of What’s new in Veeam V10. It doesn’t seem that long ago since Veeam version 9.5 was released but Veeam version 10 doesn’t disappoint with some much sought after new features.

Agents – became available in Veeam 9.5 and allow the backup of physical machines and VM’s in the cloud. This was a welcome feature, the only disadvantage was that you had to manage your agents from a separate interface. Version 10 allows you to manage all your agents from the standard Veeam Backup and Replication Console. Management of agents will be standard in version 10 from the B & R Console but if you’re on 9.5 you can also get this functionality early by applying update 3 which should be available shortly.

NAS backup – this was a real chink in Veeam’s armour previously as there was no way to backup NAS devices. The presenter mentioned this was one of the most popular feature requests, no surprise there. Version 10 will allow backups of NAS devices, and this will not be NDMP based. The feature is actually enabled with the addition of a new proxy role, the File Backup Proxy. This backup method allows the backup process to be vendor agnostic and also allows out of place restores to be performed to any target.

Continuous data protection – (CDP) allows for a near zero RPO. Those familiar with traditional continual data protection will remember physical appliances which acted as write splitters. Veeam’s implementation is of course software based and works by harnessing the VMware VAIO API which splits the write and creates a secondary copy of it. The picture below demonstrates a write being written across two different VMware clusters via the CDP proxy.

Continuous data protection is configured in the following screen which allows you to specify an RPO in seconds as well as how long it is stored for.

Veeam CDP setting screen

Storage integration API – storage integration is nothing new for Veeam, they have offered  integration with vendors such as HPE and NetApp for a number of years. In version 10 of Veeam there is now a universal storage integration API available, so storage vendors can develop integrations and they will all be based on a standard model. Previous storage integrations have been unique to each vendor. Storage based snapshots will of course bring the benefits of offloading the grunt work from the hypervisor and minimise the risk of VM stun

RMAN backups – Oracle DBA’s can continue to use the RMAN native backup tool they are familiar with but target a Veeam repository

Archive tier – will be available as a tier within a Scale-Out Repository. This allows backup data to automatically tier down to cheaper storage and is policy driven.

Role based access – is based on vSphere roles and allows users to perform their own simple operations such as restores

TAAS – possibly my favourite new feature, bringing new to old. Tape As A Service. This basically means that Veeam will tape out for you. Giving you the benefit of tape such as low cost per GB storage and offline media without the hassle of tape management

The Veeam backup and replication version 10 release data has not been announced yet, the official V10 page just lists it as coming soon. Veeam 9.5 update 3 is expected imminently.