“Antivirus programs use techniques to stop viruses that are very “virus-like” in and of themselves, and in most cases if you try to run two antivirus programs, or full endpoint security suites, each believes the other is malicious and they then engage in a battle to the death (of system usability, anyway).”
“…running 2 AV’s will most likely cause conflicts and slowness as they will scan each other’s malware signature database. So it’s not recommended.”
The above quotes come from top answers on a popular computer help site and community forum in response to a question about “Running Two AVs” simultaneously.
Seattle Times tech columnist Patrick Marshall has similarly warned his readers about the dangers of antivirus products conflicting on his own computers.
Historically, these comments were spot-on, 100% correct in describing how competing Endpoint Security solutions interacted on endpoints. Here’s why.
The (Traditional) Issues with Running Side-by-Side AV Programs
In pursuit of battling it out on your machine for security supremacy, AV solutions have traditionally had a tendency to cause serious performance issues.
This is because:
Each is convinced the other is an imposter. Antivirus programs tend to look a lot like viruses to other antivirus programs. The behaviors they engage in, like scanning files or scripts and exporting information about those data objects, can look a little shady to a program that’s sole purpose is to be on the lookout for suspicious activity.
Each wants to be the anti-malware star. Ideally both AV programs installed on a machine would be up to the task of spotting a virus on a computer. And both would want to let the user know when they’d found something. So while one AV number one may isolate a threat, you can bet AV number two will still want to alert the user to its presence. This can lead to an endlessly annoying cycle of warnings, all-clears, and further warnings.
Both are hungry for your computer’s limited resources. Traditional antivirus products store static lists of known threats on each user’s machine so they can be checked against new data. This, plus the memory used for storing the endpoint agent, CPU for scheduled scans, on-demand scans, and even resource use during idling can add up to big demand. Multiply it by two and devices quickly become sluggish.
Putting the Problem Into Context
Those of you reading this may be thinking, But is all of this really a problem? Who wants to run duplicate endpoint security products anyway?
Consider a scenario, one in which you’re unhappy with your current AV solution. Maybe the management overhead is unreasonable and it’s keeping you from core business responsibilities. Then what?
“Rip and replace”—a phrase guaranteed to make many an MSP shudder—comes to mind. It suggests long evenings of after-hours work removing endpoint protection from device after device, exposing each of the machines under your care to a precarious period of no protection. For MSPs managing hundreds or thousands of endpoints, even significant performance issues can seem not worth the trouble.
Hence we’ve arrived at the problem with conflicting AV software. They lock MSPs into a no-win quagmire of poor performance on the one hand, and a potentially dangerous rip-and-replace operation on the other.
But by designing a no-conflict agent, these growing pains can be eased almost completely. MSPs unhappy with the performance of their current AV can install its replacement during working hours without breaking a sweat. A cloud-based malware prevention architecture and “next-gen” approach to mitigating attacks allows everyone to benefit from the ability to change and upgrade their endpoint security with minimal effort.
Simply wait for your new endpoint agent to be installed, uninstall its predecessor, and still be home in time for dinner.
Stop Wishing and Expect No-Conflict Endpoint Protection
Any modern endpoint protection worth its salt or designed with the user in mind has two key qualities that address this problem:
It won’t conflict with other AV programs and
It installs fast and painlessly.
After all, this is 2019 (and over 30 years since antivirus was invented) so you should expect as much. Considering the plethora of (often so-called) next-gen endpoint solutions out there, there’s just no reason to get locked into a bad relationship you can’t easily replace if something better comes along.
So when evaluating a new cybersecurity tool, ask whether it’s no conflict and how quickly it installs. You’ll be glad you did.
This article was provided by our service partner : webroot.com
High Availability of data and applications has been an important topic in IT for decades. One of the critical services in many companies is the file servers, which serve file shares where users or applications store their data. If the file server is offline, then people cannot work. Downtime means additional costs, which organizations try to avoid. Windows Server 2019 (and earlier versions) allow you to create highly available file services.
Before we can start with the file server cluster configuration, the file server role must be installed and permissions must be set in Active Directory for the failover cluster computer object.
There are two ways to install the file server role on the two cluster nodes:
Via the Add Roles and Features Wizard of the server manager
In Server manager, click Add roles and features and follow the wizard. Select the File Server role and install it. A reboot is not required.
As an alternative, you can use the following PowerShell command to install the file server feature:
Install-WindowsFeature -Name FS-FileServer
To avoid errors at later steps, first configure Active Directory permissions for the failover cluster computer object. The computer object of the cluster (in my case, WFC2019) must have the Create Computer Objects permissions in the Active Directory Organizational Unit (OU).
If you forget about this, the role will fail to start later. Errors and event IDs 1069, 1205 and 1254 will show up in the Windows event log and failover cluster manager.
Open the Active Directory Users and Computers console and switch to Advanced Features in the View menu.
Go the OU where your cluster object is located (in my case the OU is Blog). Go to the Security tab (in properties) and click Advanced.
In the new window click Add and select your cluster computer object as principal (in my case WFC2019).
In the Permissions list select Create Computer objects
Click OK in all windows to confirm everything
Configure the file server cluster role
Because all pre-requisites are now met, we can configure the file server cluster role. Open the Failover Cluster manager and add the role to your cluster (right-click on Roles of your cluster -> configure role -> and select the File Server role).
We will create a file server for general use as we plan to host file shares for end users.
In the next step we define how clients can access the file server cluster. Select a name for your file server and assign an additional IP address.
Use the storage configured earlier.
After you finish the wizard, you can see the File Server role up and running in the Failover Cluster Manager. If you see errors here, check the create computer objects permissions described earlier.
A new Active Directory object also appears in Active Directory Users and Computers, including a new DNS entry
Now it’s time to create file shares for users. You can right-click on the file server role or use the actions panel on the right hand side.
I select the SMB Share – Quick as I plan a general purpose file server for end users.
I also keep the default permissions because this is just an example. After you have finished the wizard, the new file share is ready to use.
In the following video I show the advances of a continuous available file share. The upload of the file will continue even during a cluster failover. The client is a Windows 10 1809. I upload an iso to the file share I created earlier. My upload speed it about 10-20Mbit/s WAN connection. During failover to a different cluster node, the upload stops for some seconds. After successful failover it continues uploading the ISO file.
Next steps and backup
As soon as the file server contains data, it is also time to think about backing up the file server. Veeam Agent for Microsoft Windows can back up Windows failover clusters with shared disks. We also recommend doing backups of the entire system of the cluster. This also backs up the operating systems of the cluster members and helps to speed up restore of a failed cluster node because you don’t need to search for drivers, etc. in case of a restore.
This article was provided by our service partner : Veeam
https://www.netcal.com/wp-content/uploads/2015/11/netcal_logo2.gif00Conal Mullanhttps://www.netcal.com/wp-content/uploads/2015/11/netcal_logo2.gifConal Mullan2019-10-04 04:22:302019-10-04 04:22:30How to create a file server cluster with Windows 2019
Do you remember the last time you’ve interacted with a brand, political cause, or fundraising campaign via text message? Have you noticed these communications occurring more frequently as of late?
It’s no accident. Whereas marketers and communications professionals can’t count on email opens or users accepting push notifications from apps, they’re well aware that around 98% of SMS messages are read within seconds of being received
As with any development in how we communicate, the rise in brand-related text messaging has attracted scammers looking to profit. Hence we arrive at a funny new word in the cybersecurity lexicon, “smishing.” Mathematical minds might understand it better represented by the following equation:
SMS + Phishing = Smishing
For the rest of us, smishing is the act of using text messages to trick individuals into divulging sensitive information, visiting a risky site, or downloading a malicious app onto a smartphone. These often benign seeming messages might ask you to confirm banking details, verify account information, or subscribe to an email newsletter via a link delivered by SMS.
As with phishing emails, the end goal is to trick a user into an action that plays into the hands of cybercriminals. Shockingly, smishing campaigns often closely follow natural disasters as scammers try to prey on the charitable to divert funds into their own pockets.
Smishing vs Vishing vs Phishing
If you’re at all concerned with the latest techniques cybercriminals are using to defraud their victims, your vocabulary may be running over with terms for the newest tactics. Here’s a brief refresher to help keep them straight.
Smishing, as described above, uses text messages to extract the sought after information. Different smishing techniques are discussed below.
Vishing is when a fraudulent actor calls a victim pretending to be from a reputable organization and tries to extract personal information, such as banking or credit card information.
Phishing is any type of social engineering attack aimed at getting a victim to voluntarily turn over valuable information by pretending to be a legitimate source. Both smishing and vishing are variations of this tactic.
Examples of Smishing Techniques
Enterprising scammers have devised a number of methods for smishing smartphone users. Here are a few popular techniques to be aware of:
Sending a link that triggers the downloading of a malicious app. Clicks can trigger automatic downloads on smartphones the same way they can on desktop internet browsers. In smishing campaigns, these apps are often designed to track your keystrokes, steal your identity, cede control of your phone to hackers, or encrypt the files on your phone and hold them for ransom.
Linking to information-capturing forms. In the same way many email phishing campaigns aim to direct their victims to online forms where their information can be stolen, this technique uses text messages to do the same. Once a user has clicked on the link and been redirected, any information entered into the form can be read and misused by scammers.
Targeting users with personal information. In a variation of spear phishing, committed smishers may research a user’s social media activity in order to entice their target with highly personalized bait text messages. The end goal is the same as any phishing attack, but it’s important to know that these scammers do sometimes come armed with your personal information to give their ruse a real feel.
Referrals to tech support. Again, this technique is a variation on the classic tech support scam, or it could be thought of as the “vish via smish.” An SMS message will instruct the recipient to contact a customer support line via a number that’s provided. Once on the line, the scammer will try to pry information from the caller by pretending to be a legitimate customer service representative.
How to Prevent Smishing
For all the conveniences technology has bestowed upon us, it’s also opened us up to more ways to be ripped off. But if a text message from an unknown number promising to rid you of mortgage debt (but only if you act fast) raises your suspicion, then you’re already on the right track to avoiding falling for smishing.
Here are a few other best practices for frustrating these attacks:
Look for all the same signs you would if you were concerned an email was a phishing attempt: 1) Check for spelling errors and grammar mistakes, 2) Visit the sender’s website itself rather than providing information in the message, and 3) Verify the sender’s telephone address to make sure it matches that of the company it purports to belong to.
Never provide financial or payment information on anything other than the trusted website itself.
Don’t click on links from unknown senders or those you do not trust
Be wary of “act fast,” “sign up now,” or other pushy and too-good-to-be-true offers.
Always type web addresses in a browser rather than clicking on the link.
Install a mobile-compatible antivirus on your smart devices.
This article was provided by our service partner : webroot.com
https://www.netcal.com/wp-content/uploads/2019/09/smishing-blog-800x400.png400800Conal Mullanhttps://www.netcal.com/wp-content/uploads/2015/11/netcal_logo2.gifConal Mullan2019-09-25 07:24:582019-09-25 07:27:29Smishing Explained: What It Is and How You Can Prevent It
With VMworld 2019 right around the corner, we wanted to share a recap on some of the powerful things that VMware has in their armoury and also discuss how Veeam can leverage this to enhance your Availability.
This week VMware announced vSAN 6.7 Update 3. This release seems to have a heavy focus on simplifying data center management while improving overall performance. A few things that stood out to me with this release included:
Cleaner, simpler UI for capacity management: 6.7 Update 3 has color-coding, consumption breakdown, and usable capacity analysis for better capacity planning allowing administrators to more easily understand the consumption breakdown.
Storage Policy changes now occur in batches. This ensures that all policy changes complete successfully, and free capacity is not exhausted.
iSCSI LUNs presented from vSAN can now be resized without the need to take the volume offline, preventing application disruption.
SCSI-3 persistent reservations (SCSI-3 PR) allow for native support for Windows Server Failover Clusters (WSFC) requiring a shared disk.
Veeam is listed in the vSAN HCL for vSAN Partner Solutions and can protect and restore VMs. The certification for the new Update 3 release is also well on its way to being complete.
Another interesting point to mention is the Windows Server Failover Clusters (WSFC). While these are seen as VMDKs, they are not applicable to the data protection APIs used for data protection tasks. This is where the Veeam Agent for Microsoft Windows comes in with the ability to protect those failover clusters in the best possible way.
What is SPBM?
Storage Policy Based Management (SPBM) is the vSphere administrator’s answer to control within their environments. This framework allows them to overcome upfront storage provisioning challenges, such as capacity planning, differentiated service levels and managing capacity resources in a much better and efficient way. All of this is achieved by defining a set of policies within vSphere for the storage layer. These storage policies optimise the provisioning process of VMs by provisioning specific datastores at scale, which in turn will remove the headaches between vSphere admins and storage admins.
However, this is not a closed group between the storage and virtualisation admins. It also allows Veeam to hook into certain areas to provide better Availability for your virtualised workloads.
SPBM spans all storage offerings from VMware, traditional VMFS/NFS datastore as well as vSAN and Virtual Volumes, allowing policies to overarch any type of environment leveraging whatever type of storage that is required or in place.
What can Veeam do?
Veeam can leverage these policies to better protect virtual workloads, by utilising vSphere tags on old and newly created virtual machines and having specific jobs setup in Veeam Backup & Replication with specific schedules and settings that are required to meet the SLA of those workloads.
Veeam will also back up any virtual machine that has an SPBM policy assigned to it, as well as protect the data. It will also protect the policy, so if you had to restore the whole virtual machine, the policy would be available as part of the restore process.
Gone are the days of the backup admin adding and removing virtual machines from a backup job, so let’s spend time on the interesting and exciting things that provide much more benefit to your IT systems investment.
With vSphere tags, you can create logical groupings within your VMware environment based on any characteristic that is required. Once this is done, you are able to migrate those tags into Veeam Backup & Replication and create backup jobs based on vSphere tags. You can also create your own set of vSphere tags to assign to your virtual machine workloads based on how often you need to back up or replicate your data, providing a granular approach to the Availability of your infrastructure.
VMware Snapshots – The vSAN way
In vSAN 6.0, VMware introduced vSAN Sparse Snapshots. The snapshot implementation for vSAN provides significantly better I/O performance. The good news for Veeam customers is if you are using the traditional VMFS or the newer vSAN sparse snapshots the display and output are the same — a backup containing your data. The benefits are incredible from a performance and methodology point of view when it comes to the sparse snapshot way and can play a huge role in achieving your backup windows.
The difference between the “traditional” and the new snapshot methodology that both vSAN as well as Virtual Volumes leverage is that a traditional VMFS snapshot is using Redo logs which, when working with high I/O workloads, could cause performance hits when committing those changes back to the VM disk. The vSAN way is much more similar to a shared storage system and a Copy On Write snapshot. This means that there is no commitment after a backup job has released a snapshot, meaning that I/O can continue to run as the business needs.
There are lots of other integrations between Veeam and VMware but I feel that this is still the number one touch point where a vSphere and Backup Admin can really make their life easier by using policy-based backups using Veeam.
This article was provided by our service partner : veeam.com
https://www.netcal.com/wp-content/uploads/2019/09/Picture2-1.png345600Conal Mullanhttps://www.netcal.com/wp-content/uploads/2015/11/netcal_logo2.gifConal Mullan2019-09-12 09:18:302019-09-12 09:19:27How policy based backups will benefit you
There are some things in life that would be unfathomable to share. Your toothbrush, for example. We need to adopt the same clear distinction with cybersecurity risk ownership as we do with our toothbrush.
You value sharing as a good characteristic. However, even if you live with other people, everyone in your household still has their own toothbrush. It’s very clear which toothbrush is yours and which toothbrush is your partner’s/spouse’s or your children’s.
At some point in our lives, we were taught that toothbrushes should not be shared, and we pass that knowledge down to our children and dependents and make sure they also know. The same type of education about not sharing cybersecurity risks needs to happen. By not defining risk ownership, you’re sharing it with your customers.
Why Risk Should Never Be Shared
There should be no such thing as shared risk. It is very binary. Either the customer owns it, or you own it. Setting the correct expectation of an MSP’s cybersecurity and risk responsibility is critical to keeping a long-term business relationship.
When a breach occurs is not the time to be wondering which side is at fault. Notice I said ‘when’ not ‘if.’ Nearly 70% of SMBs have already experienced a cyberattack, with 58% of SMBs experiencing a cybersecurity attack within the past year—costing these companies an average of $400,000. The last thing you need is to be on the hook for a potentially business-crippling event. You need to limit your liability.
What Are Your Cybersecurity Risk Management Options?
1. Accept the Risk
When an organization accepts the risk, they have identified and logged the risk, but don’t take any action to remediate it. This is an appropriate action when the risk aligns with the organization’s risk tolerance, meaning they are willing to leave the risk unaddressed as a part of their normal business operations.
There is no set severity to the risk that an organization is willing to accept. Depending on the situation, organizations can accept risk that is low, moderate, or high.
When an organization decides to accept the risk, they have identified and logged the risk, but don’t take any action to remediate it. This is an appropriate action when the risk fits into the organization’s risk tolerance, and there is no set severity to the risk. Meaning, depending on the situation, an organization could be willing to accept low, moderate, or even high risk.
Here are two examples:
An organization has data centers located in the northeastern part of the United States and accept the risk of earthquakes. They know that an earthquake is possible but decide not to put the money into addressing the risk due to the infrequency of earthquakes in that area.
On the other end of the risk spectrum, a federal agency might share classified information with first responders who don’t typically have access to that information to stop an impending attack.
Many factors go into an organization accepting risk, including the organization’s overall mission, business needs, and potential impact on individuals, other organizations, and the Nation.1
2. Transfer the Risk
Transferring risk means just that; an organization passing the identified risk onto another entity. This action is appropriate when the organization has both the desire and the means to transfer the risk. As an MSP, you make a recommendation to a customer and they want you to do something, they’ve transferred the risk to you in exchange for payment for your products and service.
Transferring risk does not reduce the likelihood of an attack or incident occurring or the consequences associated with the risk.2
3. Mitigate the Risk
When mitigating risk, measures are put in place to address the risk. It’s appropriate when the risk cannot be accepted, avoided, or transferred. Mitigating risk depends on the risk management tier, the scope of the response, and the organization’s risk management strategy.
Organizations can approach risk mitigation in a variety of ways across three tiers:
Tier 1 can include common security controls
Tier 2 can introduce process re-engineering
Tier 3 can be a combination of new or enhanced management, operational, or technical safeguards
An organization could put this into practice by, for example, prohibiting the use or transport of mobile devices to certain parts of the world.3
4. Avoid the Risk (Not Recommended)
Risk avoidance is the opposite of risk acceptance because it’s an all-or-nothing kind of stance. For example, cutting down a tree limb hanging over your driveway, rather than waiting for it to fall, would be risk avoidance. You would be avoiding the risk of the tree limb falling on your car, your house, or on a passerby. Most insurance companies, in this example, would accept the risk and wait for the limb to fall, knowing that they can likely avoid incurring that cost. However, the point is that risk avoidance means taking steps so that the risk is completely addressed and cannot occur.
In business continuity and disaster recovery plans, risk avoidance is the action that avoids any exposure to the risk whatsoever. If you want to avoid data loss, you have a fully redundant data center in another geographical location that is completely capable of running your entire organization from that location. That would be complete avoidance of any local disaster such as an earthquake or hurricane.
While risk avoidance reduces the cost of downtime and recovery and may seem like a safer bet, it is usually the most expensive of all risk mitigation strategies. Not to mention it’s simply no longer feasible to rely on risk avoidance in today’s society with increasingly sophisticated cyberattacks.4
By using a risk assessment report to identify risk, you can establish a new baseline of the services you are and are not covering. This will put the responsibility onto your customers to either accept or refuse your recommendations to address the risk.
There are many different options when it comes to dealing with risks to your business. The important thing is to know what risks you have, how you are going to manage those risks, and who owns those risks. Candid discussions with your customers, once you know and understand the risks, is the only true way for each of you to know who owns the risks and what risk management option is going to be put in place for those risks. Don’t be afraid to have these conversations. In the long run, it will lead to outcomes which will be best for both you and your customers.
This article was provided by our service partner : Connectwise
https://www.netcal.com/wp-content/uploads/2019/08/Padlock-with-Hole-in-it-877x432.jpg432877Conal Mullanhttps://www.netcal.com/wp-content/uploads/2015/11/netcal_logo2.gifConal Mullan2019-09-11 02:08:042019-09-11 02:08:04Why You Shouldn’t Share Security Risk