Understanding what NetFlow can do for your network

Traffic on the network can provide valuable insight into many areas of business and technology that would generally go un-noticed unless reported on or analyzed. NetFlow is one very simple technology that can be used to see what is really on your network.

NetFlow can be used to analyze many things such as:

  • Email trend and spam analysis
  • Employee Internet usage
  • Suspicious network activity
  • Legal claims
  • Virus, worm, and spyware detection

…but that is not all. Essentially everything you can create a query for using the parameters NetFlow tracks can be analyzed.

At NetCal, we primarily use this for things like tracking who is over-using an Internet connection, where someone was going on the Internet at a particular time, or looking up what we think might be suspicious network activity.

4 Patch Management Practices to Keep Your Network Secure

Patching is vital to securing systems from known vulnerabilities, but it’s also a risk that can bring down those systems if you deploy a bad patch. In order to maintain the proper risk balance you should focus on patches that close vulnerabilities.

Even once you establish your risk balance, you are continually under the threat of a CNN story about the latest vulnerability and the unexpected patch that must be deployed to close it. Building repeatable processes that solve this security/availability balance keeps your systems secure and keeps you ahead of emerging threats.

Here are four keys to expert patch management:

1) Solve for Third Party Applications

Hacking has evolved into an organized business looking for the fastest way to exploit as many systems as possible. Secunia’s 2014 Vulnerability Review calls out that 76% of vulnerabilities are related to third party applications, outnumbering Microsoft applications such as Office (16%) and Windows (8%).

2) Manage the 5%

The 95/5 rule is the theory that the majority of patches approved for deployment will apply to most of the systems you manage. The trick is identifying and managing the 5% of exceptions. Although it is tempting to handle patch approval on individual computers, building groups or policies to handle exceptions is the more scalable solution.

Your next step is to identify systems with unique patching requirements and apply exceptions to those systems. If you know a line of business application will fail if an MS-SQL service pack is installed, being able to identify a new system with the same line of business application and automatically deny that service pack avoids a potential service outage.

3) Save Time and Remove Clutter

Most organizations have default approval policies for common patch categories such as critical updates, security updates, language packs and drivers. Being able to automatically approve or deny patches based on category will reduce the number of patches you need to review each Patch Tuesday. With third party applications this becomes more critical as the release cycles for third party applications can reoccur randomly throughout the month.

4) Stage Patch Deployment

Blindly pushing patches to all systems without validation can be a recipe for mass disaster. Microsoft has had several patches in the past year that have had an adverse impact, forcing those that did not test to remove them or deal with the impact.

Patch staging is a process where you apply patch approval to a series of separate groups of systems. Patches are deployed to each group prior to moving on to the next group to validate their quality before releasing them to the majority of your systems. For example:

  • Stage 1: A smaller number of trusted internal systems or lab systems
  • Stage 2: A sample of production systems testing compatibility with line of business applications, while still limiting exposure
  • Stage 3: Release to the rest of your managed systems

Once you are ready to install, avoid patching critical systems all at the same time. You can minimize outages by patching higher risk systems prior to internal systems, patching based on server role to solve for dependencies between servers, or by staggering deployment to different locations within the company. While staggering the deployment of patches to avoid outages, you must also balance the risk of systems that remain unpatched and vulnerable.

These patching best practices are meant for you to adopt and mold to fit your business. The policies you implement should solve for the requirements of your business and the systems you manage. Once you have defined your patching policies, implementing them on regular basis each month is the key to success.

 

 

This article was provided by our partner Labtech who provide third party patch management tools to service providers.

Recovering Disabled Apple Devices

The Evolution of Mobile Security
Information Security is a major priority in today’s mobile driven world. While devices like your phone are meant to be as accessible as possible, the contents are meant to remain private. Apple, a mobile industry leader, is always developing better solutions to keep your information safe. However, for every step Apple takes to keep up with new threats, their consumers are responsible for taking equal measures. The stakes have never been higher as the cost of securing your device also means potentially losing all device functionality!

It was only a few years ago our devices were only locked away behind a simple 4-digit passcode. If the passcode were ever lost, one would simply need to wipe the device and set it up as new. While this was effective in protecting our data, it was not effective in protecting our devices themselves. Apple wanted to take security a step forward and dissuade mobile theft entirely. Apple began implementing an online activation lock. Now even if an iPad, iPhone, or Mac were wiped, they would continue to remain locked until the original owner signed in to their Apple account and unlocked the device.

Getting Caught in the Net
While Apple’s activation lock proved very successful in combating black-market resale of mobile devices, it also caused headaches for registered owners. Many users found that misplacing a password meant that their devices were held hostage by Apple. Businesses would need to maintain even tighter control over their inventory in order to prevent accidental lock-outs. This could mean overhauling their entire internal process, something that wouldn’t simply happen over-night. While Apple’s security policies did far more good than harm, some mistakes were bound to happen. Luckily there are a few things we can do to get our devices back under control!

Regaining Control of your Mobile Device
If your device is asking you to enter an Apple ID and Password for an account that you don’t recognize, you will need to contact Apple in order to verify ownership.

  • Contact Apple and provide a purchase receipt
  • Contact Apple and provide the device serial # and answer purchase related questions

Contact Apple by phone, chat, or through an Apple Store: http://www.apple.com/contact/

Preventing the Problem with Mac OSX Server
Don’t fret! There is light at the end of the tunnel. Apple provides businesses with a few tools to manage and maintain their own devices, including the ability to control Activation Lock! By leveraging Apple’s Business Device Enrollment Program and Mac OSX Server software your business can have full control over its mobile devices. No need to call Apple to unlock your own phone again.

  • Apple’s Business Device Enrollment Program (DEP) was designed to shift control of Apple’s mobile security to the business owners. This allows IT to maintain large environments with a single administrator, rather than having users responsible for their own devices. Once a device is enrolled, your business maintains complete control over the configurations, profiles, and security; no middle man. The best feature is allowing users to add personal accounts to the devices without interfering with the business configuration. Users can be given usage rights to a device, rather than becoming temporary owners.
  • Mac OSX Server has mobile device management (MDM) tools built in that allow an administrator to make changes and tweak all devices owned by the business. Rather than making adjustments like adding WiFi hotspots or configuring email one device at a time, profiles can be implemented for individuals, divisions, or the entire company.
veeam

Veeam Disaster Recovery Services

Veeam have put together an excellent guide ‘The Essential Guide to the Biggest Challenges with Cloud Backup & Cloud Disaster Recovery‘.  As one of our chosen backup partners, I urge any data and data security conscious I.T Admin to review this document, it gives a great overview on Veeam’s newest technology such as ‘Disaster Recovery as a Service’ and its benefits over more traditional modes of disaster recovery.

I include a small snippet below:

The cloud offers a variety of advantages over traditional approaches to off-site disaster recovery: it reduces the need to physically move backup media from one location to another, is increasingly cheap, has functionally limitless storage capacity and is flexible

Since the public cloud providers strengthened their ability to replicate complex on-premises environments, and as software vendors developed more powerful DRaaS-enablement technology, DRaaS has become a more powerful option for organizations compared to traditional disaster recovery sites.

In this essential guide you’ll learn about some of the challenges around cloud backup and disaster recovery including:

-The traditional way of doing off-site backup and recovery

-Cloud security worries

-Concerns about pricing blowouts

-Managing and monitoring cloud backup and disaster recovery

-Taking advantage of DRaaS

 

This guide is available in its entirety from Veeams’  website -> here

 

 

OS X Server Caching

We’ve all been there: Apple releases a new iOS update and everyone is going ham. Pretty soon you have a few dozen employees leveraging the internet to get their latest fix. These updates aren’t small, and the impact they will have for all the other users isn’t small either. How do we allow users to update their devices without dragging the corporate network down?
By using a caching service. Store all of your updates and apps, IOS or Mac, on a local server and serve it up internally.
All Apple devices are built to search for a local server with the ‘Caching Service’ enabled before stepping outside the network. A device will only need to download from apple once before the caching service makes it available, locally, to all other requesters. No need to sweat the next iOS update.

PBX as an automation tool

Have you ever thought about digging into the underbelly of your phone system to see what it can really do? Chat room integration? CRM/ERP integration? How about extending it to your employees’ cell phones? That’s not even the end of the possibilities. If you can imagine it, it’s probably possible.

Over the years we have implemented many of these integrations and have found that over time they have been valuable to provide rapid information and workflow automation.

Finally, make sure to work with educating your users to champion better tools in the workplace!

Enjoy the tech!