Security

5 Cybersecurity Tips for Better 2020 Protection

You couldn’t go a day in 2019 without hearing about another cybercriminal hitting a business or city, and 2020 will be more of the same. You’ve probably even had your fair share of conversations with your customers about what you’re doing to keep them and their data secure. It’s better to have the tough talks now and get a plan in place than try to make excuses for your lack of protection if your customers get hit. So, let’s get ready for 2020 together with these cybersecurity tips. Learn how incident response services can benefit and improve your business strategy.

1. Pay Attention to the Security Around APIs

Cybercriminals and their tactics are evolving and will continue to evolve. With new advancements in technology, attacks will go beyond the normal threat vectors. You can see Nettitude online for cybersecurity assistance

“There are still plenty of attack surfaces today in your traditional Windows® domain environments,” says Jon Murchison, CEO of Blackpoint Cyber. “As the shift starts to the cloud and as we open more APIs for automation, I think you’re going to see API-based attacks increase massively. Vendors need to pay attention as they open more of these things up, they’ll be turned against them.”

While the cloud and automation have made life easier for managed service providers (MSPs) and their customers, they also present an opportunity for cybercriminals to use that convenience against unsuspecting victims. When you’re looking at your security for 2020, you need to be aware of all the entry points into your network and your customers’ environments, which leads us to our next tip: enabling multi-factor authentication (MFA).

2. Enable MFA on Everything

Although it may seem like a minor inconvenience for end users, MFA is a small security measure that can have a significant impact on making sure the right people have access to networks and applications. MFA, or two-factor authentication (2FA), is an added layer of security that requires a user to present a second form of authentication, typically a code sent to an email or text after the user enters their account login information. Once the user enters the code, they’ll gain access to the account.

Like all things, MFA is only successful if you use it correctly. Having it enabled on just a few accounts defeats the purpose of implementing it to begin with.

“We’re seeing a breakdown of proper configuration and management of MFA,” says Drew Sanford, Director of Sales Engineering at Continuum. “If you’re managing remote systems or administering user access, you should be using MFA, but you need to be using it for all accounts, especially the MFA systems themselves.” That’s right. Secure the security measures.

“Nothing is worse than protecting your systems with MFA just to find the hacker was able to log in and reset your Google, LastPass, or other accounts,” Drew says

3. Have the Right Resources

There has been a talent gap across the industry for the past few years, and cybersecurity is no different. It’s a job-seeker’s market, with unemployment for cybersecurity professionals close to zero percent. That makes finding talent hard and keeping it even harder. Skilled professionals will demand top dollar for their expertise.

The hiring crunch trickles down to the quality of services. According to research from Continuum, 37% of MSPs say they aren’t able to obtain the right level of in-house cybersecurity skills. Without the right skill sets, your security team might not be able to meet the demands of your customers and leave them vulnerable to a security incident.

When it comes time to start providing security services, if you haven’t started already, you’ll need to decide whether to build your security offerings on your own, buy an established security company, or partner with a security vendor. There are pros and cons to each option, and there is no ‘one-size-fits-all’ approach. Your security requirements are unique to your business, so it’s crucial to pick the strategy that works for you—and getting it right can help you stand out from the competition.

According to Continuum’s white paper, Underserved and Unprepared: The State of SMB Cybersecurity in 2019, cybersecurity is becoming a determining factor for SMBs deciding to use or continue using an MSP. How much so? 84% of SMBs surveyed who do not currently use an MSP would consider using one if they offered the right security services.

4. Protect Your House

This has become one of our more popular cybersecurity calls to action, but it’s not just a saying, it’s an integral part of running your business. When you protect your house, you’re ensuring you have the proper security controls and procedures in place across your organization. Yes, you’ll be more secure, but you’ll also be showing current and potential customers that you’re committed to security.

You build trust with an SMB when you show them you not only take proper security precautions, but the solutions you use internally are the ones you’re selling them. Your security offerings are tried and tested. This could be the thing that separates you from the competition.

5. Take Advantage of the TSP-ISAO

According to the Department of Homeland Security, threat actors are exploiting the trusted relationship between technology solution providers (TSPs) and their customers to creep unnoticed into customers’ networks. In October 2019, ConnectWise announced the creation of the Technology Solution Provider Information Sharing and Analysis Organization (TSP-ISAO).

The TSP-ISAO is an independent organization formed to provide a secure infrastructure within the TSP industry to set the standard for TSPs in the services and products they provide to their clients, as well as the people, processes, and tools they employ.

“We believe that the TSP-ISAO has an important role to play in educating MSPs and SMBs to the existential nature of the threats they face. Both MSP and SMB industries have never faced a threat like this and are collectively unprepared to understand the true nature of the threat. Working with our public and private partners, we will develop programming to ensure the threat is understood and countered,” said TSP-ISAO Executive Director, MJ Shoer.


This article was provided by our service partner : connectwise.com

RMM

Best Practices for Optimizing Patch Management with RMM Software

Patching—the act of updating, fixing, or improving a computer program—is an important part of maintaining your clients’ systems against viruses and hacks. The majority of MSPs do this through remote monitoring and management (RMM) tools. But no matter how well your RMM software can fix a bug or close a vulnerability, if you don’t follow the right patching policies and procedures, you may end up putting those same clients at a higher risk of security breaches.

According to the Ponemon Institute, 57% of data breaches can be directly attributed to attackers exploiting a known vulnerability that hadn’t been patched. That’s a real problem. And patching doesn’t just improve system security—it facilitates overall smooth processing, ensuring that there are no bugs slowing down your (or your clients’) day-to-day operations.

Clearly, regular patching is important—but how can you make it a seamless part of your workflow? To help you out, here are some best practices to follow as you use RMM tools to perfect your patching processes—and reasons why they’ll help you, your technicians, and your clients.

Make Patching a Priority—and Ensure Your RMM Tools Facilitate That

In 2018 alone, there were upwards of 15,500 published common vulnerabilities and exposures (CVEs). And as technology increases in complexity and sophistication, these numbers will only continue to multiply. Keeping up is a challenge for businesses and their IT service providers—especially those that may continue to rely on manual patching processes rather than their RMM software.

In addition to managing the sheer volume of vulnerabilities cropping up each day, the actual patching process can drain time, resources, and disrupt the end-user experience. That’s why any RMM software comparison should take into account the ability to use these tools to streamline and simplify patch management. With the right RMM tools, it’s much easier to work regular patching into your workflow and to ensure your whole team is equipped to make it a priority.

Follow a Simple Framework Built Around Your RMM Software

When it comes to patching, there’s no need to reinvent the wheel. Aligning on well-established procedures or protocols for patch management works fine—applying them consistently is the key. For a strong start, select a simple and repeatable process to use as a guide. The entirety of this basic workflow framework can be performed with RMM tools:

  1. Deploy regular rediscovery of all systems
  2. Schedule vulnerability scanning—especially for systems at higher risk
  3. Install patches and patch definition databases
  4. Monitor, test, and deploy patches to vulnerable systems
  5. Perform regular data collection and reporting, and review processes for future improvements

This framework should provide a good jumping-off point. Build on it to customize the process to your specific team, organization, and RMM software.

Always Watch the Clock

A central challenge facing managed services providers (MSPs) is that once a vulnerability is officially announced, all information about it is disclosed along with it—giving hackers all of the information they need and a wide-open window to target and further exploit the vulnerability across your clients’ systems. The chances of exploitation and infection increase the longer an organization waits to apply the patch. At the same time, hackers and other cyberattackers are becoming increasingly quick to attack, giving organizations less and less time to patch.

Being cognizant of every disclosure and using your RMM tools to stay on top of each alert is critical. Even a few hours can make all the difference.

Integrate Patching Tools with Your RMM Software

With multiple vulnerabilities to remedy in little time, you want to implement as many tools as possible, as quickly as possible. Rather than having your technicians spend most of their time approving and applying patches to disparate machines, you can implement an integrated RMM tool like ConnectWise Automate, to alert you and handle much of the heavy lifting.

With the right RMM tools and increased automation capabilities, your technicians spend less time on tedious manual patching tasks and you reduce the likelihood of human error or important updates slipping under the radar.

Consider Third-Party Patching

Cloud-based, automated patch management software allows you to schedule regular update scans and ensures patches are applied under specific conditions. As you take on new clients, the software gains even greater value, enabling you to remain on top of patching while your business continues to grow.

Third-party patching is a native component of ConnectWise Automate, simplifying and securing the entire patch management workflow. The platform enables application updates, along with a host of other automatic capabilities—including automated billing through the professional services automation (PSA) software you already have with ConnectWise Manage

As you audit, patch, document, and bill for third-party application updates, all third-party patch definitions are deployed following our best practices. Automatic daily updates and downloads ensure that you’re always patching with up-to-the-minute technology. And as you streamline patch management for you and your clients, you gain recurring monthly revenue streams.

Generate Regular Reports

It’s important to make patching and staying on top of every client relationship a priority. With streamlined automated regular reporting you have a simple and effective solution right in your hands.


This article was provided by our service partner : connectwise.com 

DNS over HTTPS – What You Need to Know about Content Filtering

In September, Mozilla announced its plans to implement the DNS-over-HTTPS (DoH) protocol by default in the Firefox browser. Subsequently, Google announced its intention to do the same for the Chrome browser. Firefox has already started to gradually shift to DOH. Chrome is expected to start shifting some traffic by the end of the year.

What is DoH?

DNS stands for Domain Name System; it’s the system for matching the domain names to IP addresses, this obviously makes it easier for us to browse the internet by name rather than having to remember IP addresses. Until now, all of that has happened via an unencrypted DNS connection. As the name DNS over HTTPs implies, DoH takes DNS and shifts it to a secure, encrypted HTTPs connection.

What is http/https?

http is a system used where a browser make a GET request to a server, then server then sends a response, typically a file containing HTML. Of course, the browser usually does not have a direct connection to the server so this request with have to pass through multiple hands before it gets to the server, the response is dealt with in the same way.

The problem with this is that anyone along the path can open the request or response and read it. There is no way of knowing what path this traffic will take so it could end up in the hands of people who do harmful things such as sharing the data or even changing it.

HTTPS fix this poor state of affairs, with https – each request/response has a lock on it. Only thye browser and the server know the combination of that lock meaning only the browser and the server can read the contents of this data.

This solves a lot of security issues, but there are still some communications happening between the browser and server that were not encrypted, this means people could pry on what you are doing. One of the places were this type of communication was exposed is in DNS. In steps DoH which works on the same idea described above to prevent tampering and eaves-dropping.

By using HTTPS to exchange the DNS packets, we ensure that no one can spy on the DNS requests that our users are making.

Mozilla and Google are making these changes to bring the security and privacy benefits of HTTPS to DNS traffic. All those warnings about the security risks of public WiFi? With DoH, you’re protected against other WiFi users seeing what websites you visit because your activity would be encrypted. DoH can also add protection against spoofing and pharming attacks and can prevent your network service providers from seeing your web activity.

Privacy vs. content filtering: a conundrum

So far, so good – we have underlined the possible privacy benefits of DoH but could there be a problem on the horizon for schools and organisations that use DNS based content filtering?

DNS-based content filtering is so prevalent that almost every parental control device (whether its installed on your network or via some type of web service) uses it. If DNS queries are now encrypted before passing through these products, they could see cease to work.

This could see broader DoH adoption by web browser disrupting existing content filtering implementations.

DNS-based filtering still possible

Since the DNS queries are only encrypted when they go beyond the router, DNS-based threat intelligence and parental control functionality can still work. For example, if someone accidentally stumbles on an adult website, the router will intercept his DNS queries and show him your custom message instead. It’ll also encrypt the rest of his innocuous queries so that people outside of your network won’t be able to exploit his browsing history.

Next steps?

You need to confirm that your existing content filtering will work when browsers start support DoH by default.

 

Security Awareness

Should You Be Offering Security Awareness Training?

Nearly half of all office workers have had their data compromised at some point. And as if that wasn’t scary enough, the numbers only get more concerning from there. Following an incident, a whopping 35% of office workers don’t change their passwords—a measure that can go a long way to preventing future information theft. And while at work, 49% of respondents admit to clicking links that were sent to them by unknown senders – so should your service provider be offering security awareness training?

In this age of heightened awareness around cybersecurity, most employees have some appreciation for the risks this kind of behavior opens their companies up to. But data thieves and scammers can be incredibly cunning and deceptive—preying on workers’ information deficits and busy schedules to sneak in under the radar.

Employees and businesses need to master the basics of good cyber hygiene to keep sensitive data safe. Educating employees in the difference between a safe link and link that’s part of a phishing scam can spare companies the time, money, and PR headache of being compromised.

Since every employee has a different level of knowledge and awareness when it comes to cybersecurity best practices, training can be an essential tool to bring everyone up to an acceptable baseline. And this isn’t just true for large organizations anymore. Nearly half of all cyberattacks today are targeted at small- and medium-sized businesses (SMBs)—and 60% of those targeted go out of business within six months of the attack. As a result, SMBs are increasingly looking for security awareness training programs to keep their employees, and their information, as safe as possible.

This presents an opportunity for MSPs to deliver even more value to their clients—and become trusted advisors in the process. And to help you make the most of this opportunity, our recent webinar, Why Security Training, Why Now, and What’s in It for Me?, covers the what, why, and how of offering cybersecurity awareness training—and doing it effectively.

Here are some of the key takeaways from the webinar to help you decide whether to offer this training to your customers.

Who Benefits From Security Awareness Training?

A properly managed security training program can be beneficial to everyone involved.

Increasingly, companies’ compliance obligations mandate that they participate in these programs—and allocate budget specifically to them. With an existing budget and a real need among customers, security awareness training represents a huge opportunity for MSPs—one that can yield significant returns.

The training can also be invaluable for the customers, saving them money and headaches in the long run. Even a tiny data breach can have wide-reaching implications, so every dollar spent on training can pay off in spades. Emphasizing the long-term benefits of security training will be an essential part in upselling existing customers and showcasing the value to prospects.

To get buy-in from individual employees, it’s also useful to point out that this training can benefit them in their personal lives—helping them keep hackers out of their bank accounts and far away from their families’ private information.

What Makes a Good Security Awareness Training Program?

The value of security awareness training programs is evident, but how can you get companies to choose your program?

The most important thing any MSP can do is make sure their program is effective. A robust program will cover everything from phishing awareness to social engineering to mobile device security. That being said, it’s important to start with the basics and build up to more complex security lessons. While some employees will come in with a thorough understanding of general best practices, others may be entirely new to the subject. Never assume that something is obvious. Besides, a little refresher course never hurt anybody.

Behavioral change takes time, so it’s also important for your program to follow a pace that refreshes participants’ memory over time without overwhelming them. Consider outlining clear participation guidelines from the start to help everyone involved understand what’s expected of them. For example, you might plan two phishing simulations per month and offer three cyber awareness courses per quarter. Knowing what’s coming, the training won’t feel like a burden to employees—it will just be another part of their week.

To help ensure the training sticks, tailor it to your audience, making it department-specific when appropriate. You can also be proactive and integrate security training into existing onboarding processes so that security is prioritized from the get-go. These steps, while seemingly small, can make security training more digestible to your audience—and make their data safer as a result. If you think you need a software to help you manage and secure your data, then consider Couchbase.

So, Should You Offer Security Awareness Training?

There has never been a greater need for security training. With cyber threats growing increasingly deceptive and dangerous, the market for efficient, high-quality training is one that’s worth tapping into. While MSPs don’t specialize in education, this situation offers the potential for you to step in and be the hero—helping your clients protect themselves from malicious threats.


This article was provided by our service partner : connectwise

Windows Server 2019

How to backup a Windows 2019 file server cluster

A cluster ensures high availability but does not protect against accidental data loss. For example, if a user (or malware) deletes a file from a Microsoft Windows file server cluster, you want to be able to restore that data. So, backup for data on clusters is still necessary. But also, it can save much time for the Windows operating system to have a full backup. Imagine that one of the cluster member servers has a hardware issue and needs to be replaced. You could manually install Windows, install all updates, install all the drivers, join the cluster again and then remove the old cluster member, or you could simply do a bare metal restore with Veeam Agent for Microsoft Windows.

Backup and restore of physical Windows clusters is supported by Veeam Backup & Replication with Veeam Agent for Microsoft Windows. It can backup Windows clusters with shared disks (e.g., a classic file-server cluster) or shared nothing clusters like Microsoft Exchange DAG or SQL Always-On clusters. In this article I will show how to backup a file server cluster with a shared disk. Earlier blog post ( How to create a file server cluster with Windows 2019) show the setup of the system.

The backup of a cluster requires three steps:

  1. Creating a protection group
  2. Creating a backup job
  3. Starting the backup job

Create a protection group

A Veeam Backup & Replication protection group is a logical unit to group multiple machines to one logical unit. But it’s not only used for grouping, it manages the agent deployment to the computers. Go to the inventory and select “physical and cloud infrastructure” to create a new protection group. After defining a name, you need to choose the type “Microsoft Active Directory objects”.

In the next step, select the cluster object. In my case, it’s “WFC2019”

Only add the Active Directory cluster here. You don’t need to add the nodes here. You can also find the cluster object in Active Directory Users and Computers

As I run my cluster as a virtual machine (VM), I do not want to exclude VMs from processing.

In the next step, you must specify a user that has local administrator privileges. In my lab I simplified everything by using the domain administrator

It is always a good idea to test the credentials. This ensures that no problems (e.g., firewall issues) occur during agent deployment.

The options page is more interesting. Veeam regularly scans for changes and then deploys or updates the agent automatically.

The distribution server is the machine that deploys the agents. In most cases, the backup server is also fine as distribution server. Reasons for dedicated distribution servers would be if you have branch office deployments or when you plan to deploy a hundred or more agents.

On large servers we recommend installing the change block tracking driver for better incremental backup performance. Keep in mind that the driver requires a reboot during installation and updates.

In the advanced settings, you can find a setting that is particularly relevant from a performance perspective: Backup I/O control. It throttles the agent if the server has too high of a load.

You can reboot directly from the Veeam Backup & Replication console.

After the installation has succeeded and no reboots are pending anymore, the rescan shows that everything’s okay.

Create a backup job

The second step is to create a backup job. Just go to the jobs section in “home” and select to create a new backup job for a Windows computer. At the first step, select the type “failover cluster”.

Give a name to the backup job and add the protection group created earlier.

I want to back up everything (e.g., the entire computer)

Then, select how long you want to store the backups and where you want to store them. The next section, “guest processing,” is more interesting. Veeam Agent for Microsoft Windows always does backups based on VSS snapshots. That means that the backup is always consistent from a file-level perspective. For application servers (e.g., SQL, Microsoft Exchange) you might want to configure log shipping settings. For this simple file-server example no additional configuration is needed.

Finally, you can configure a backup schedule.

Run the backup job

Running a Veeam Agent for Microsoft Windows backup job is the same as a classic VM backup job. The only thing you might notice is that a cluster backup does not use per-host-backup-chains if you configured your repository to “per-VM backup files”.  All the data from the cluster members of one job is stored in one backup chain.

Another thing to note is that the failover of a cluster does not result in a new full backup. There is not even a change-block-tracking reset (e.g., CBT-reset) in most failover situations. A failover cluster backup always does block-level backup (e.g., image-level backup). Of course, you can do single-item or file-level restore from block level backups.

During the backup, Veeam will also collect the recovery media data. This data is required for a bare-metal or full-cluster restore.

Next steps and restore

After a successful backup, you can do restores. The user interface offers all the options that are available for Veeam Agent for Microsoft Windows restores. In most cases, the restores will be file-level or application restores. For Windows failover clusters, the restore of Microsoft Exchange and SQL is possible (and is not shown in the screenshot because it’s a file server). For non-clustered systems, there are additional options for Microsoft Active Directory, SharePoint and Oracle databases.

Download Veeam Agent for Microsoft Windows below and give this flow a try.


This article was provided by our service partner : veeam.com

veeam office 365

How to manage Office 365 backup data with Veeam

As companies grow, data grows and so does the backup data. Managing data is always an important aspect of the business. A common question we get around Veeam Backup for Microsoft Office 365 is how to manage the backup data in case something changes. Data management can be needed for several reasons:

  • Migration to new backup storage
  • Modification of backup jobs
  • Removal of data related to a former employee

Within Veeam Backup for Microsoft Office 365, we can easily perform these tasks via PowerShell. Let’s take a closer look at how this works exactly.

Moving data between repositories

Whether you need to move data because you bought new storage or because of a change in company policy, from time to time it will occur. We can move backup data by leveraging Move-VBOEntityData. This will move the organization entity data from one repository to another and can move the following types of data:

  • User data
  • Group data
  • Organization site data

The first two are related to Exchange and OneDrive for Business data, where the last option is related to SharePoint online data. Each of these types also supports four additional data types such as Mailbox, ArchiveMailbox, OneDrive and Sites.

If we want to move data, we need three parameters, by default, to perform the move:

  • Source repository
  • Target repository
  • Type of data

The example below will move all the data related to a specific user account:

$source = Get-VBORepository -Name “sourceRepo”
$target = Get-VBORepository -Name “targetRepo”
$user = Get-VBOEntityData -Type User -Repository $source -Name “Niels Engelen”

Move-VBOEntityData -From $source -To $target -User $user -Confirm:$false

The result of the move can be seen within the history tab in the console. As seen on the screenshot, all the data is being moved to the target repository. However, it is possible to adjust this and only move, for example, mailbox and archive mailbox data.

Move-VBOEntityData -From $source -To $target -User $user -Mailbox -ArchiveMailbox-Confirm:$false

As seen on the screenshot, this will only move the two specific data types and leave the OneDrive for Business and personal SharePoint site on the source repository.

Deleting data from repositories

We went over moving data between repositories, but what if somebody leaves the company and the data related to their account has to be removed? Again, we can leverage PowerShell to easily perform this task by using Remove-VBOEntityData.

The same algorithm applies here. We can remove three types of data, with the option to drill down to a specific data type (Mailbox, ArchiveMailbox, OneDrive, Sites):

  • User data
  • Group data
  • Organization site data

If we want to remove data from a specific user, we can use the following snippet:

$repository = Get-VBORepository -Name “repository”
$user = Get-VBOEntityData -Type User -Repository $ repository -Name “Niels Engelen”

Remove-VBOEntityData -Repository $repository -User $user -Confirm:$false 

The same applies here. You can choose not to add an extra parameter and it will remove everything related to the account. However, it is also possible to provide extra options. If you only want to remove OneDrive for Business data, you can do this by using the following:

Remove-VBOEntityData -Repository $repository -User $user -OneDrive-Confirm:$false


This article was provided by our service partner : veeam

 

 

 

 

Endpoint Security

Why MSPs Should Expect No-Conflict Endpoint Security

“Antivirus programs use techniques to stop viruses that are very “virus-like” in and of themselves, and in most cases if you try to run two antivirus programs, or full endpoint security suites, each believes the other is malicious and they then engage in a battle to the death (of system usability, anyway).”

“…running 2 AV’s will most likely cause conflicts and slowness as they will scan each other’s malware signature database. So it’s not recommended.”

The above quotes come from top answers on a popular computer help site and community forum in response to a question about “Running Two AVs” simultaneously.

Seattle Times tech columnist Patrick Marshall has similarly warned his readers about the dangers of antivirus products conflicting on his own computers.

Historically, these comments were spot-on, 100% correct in describing how competing Endpoint Security solutions interacted on endpoints. Here’s why.

The (Traditional) Issues with Running Side-by-Side AV Programs

In pursuit of battling it out on your machine for security supremacy, AV solutions have traditionally had a tendency to cause serious performance issues.

This is because:

  • Each is convinced the other is an imposter. Antivirus programs tend to look a lot like viruses to other antivirus programs. The behaviors they engage in, like scanning files or scripts and exporting information about those data objects, can look a little shady to a program that’s sole purpose is to be on the lookout for suspicious activity.
  • Each wants to be the anti-malware star. Ideally both AV programs installed on a machine would be up to the task of spotting a virus on a computer. And both would want to let the user know when they’d found something. So while one AV number one may isolate a threat, you can bet AV number two will still want to alert the user to its presence. This can lead to an endlessly annoying cycle of warnings, all-clears, and further warnings.
  • Both are hungry for your computer’s limited resources. Traditional antivirus products store static lists of known threats on each user’s machine so they can be checked against new data. This, plus the memory used for storing the endpoint agent, CPU for scheduled scans, on-demand scans, and even resource use during idling can add up to big demand. Multiply it by two and devices quickly become sluggish.

Putting the Problem Into Context

Those of you reading this may be thinking, But is all of this really a problem? Who wants to run duplicate endpoint security products anyway?

Consider a scenario, one in which you’re unhappy with your current AV solution. Maybe the management overhead is unreasonable and it’s keeping you from core business responsibilities. Then what?

“Rip and replace”—a phrase guaranteed to make many an MSP shudder—comes to mind. It suggests long evenings of after-hours work removing endpoint protection from device after device, exposing each of the machines under your care to a precarious period of no protection. For MSPs managing hundreds or thousands of endpoints, even significant performance issues can seem not worth the trouble.

Hence we’ve arrived at the problem with conflicting AV software. They lock MSPs into a no-win quagmire of poor performance on the one hand, and a potentially dangerous rip-and-replace operation on the other.

But by designing a no-conflict agent, these growing pains can be eased almost completely. MSPs unhappy with the performance of their current AV can install its replacement during working hours without breaking a sweat. A cloud-based malware prevention architecture and “next-gen” approach to mitigating attacks allows everyone to benefit from the ability to change and upgrade their endpoint security with minimal effort.

Simply wait for your new endpoint agent to be installed, uninstall its predecessor, and still be home in time for dinner.

Stop Wishing and Expect No-Conflict Endpoint Protection

Any modern endpoint protection worth its salt or designed with the user in mind has two key qualities that address this problem:

  1. It won’t conflict with other AV programs and
  2. It installs fast and painlessly.

After all, this is 2019 (and over 30 years since antivirus was invented) so you should expect as much. Considering the plethora of (often so-called) next-gen endpoint solutions out there, there’s just no reason to get locked into a bad relationship you can’t easily replace if something better comes along.

So when evaluating a new cybersecurity tool, ask whether it’s no conflict and how quickly it installs. You’ll be glad you did.


This article was provided by our service partner : webroot.com

How to create a file server cluster with Windows 2019

High Availability of data and applications has been an important topic in IT for decades. One of the critical services in many companies is the file servers, which serve file shares where users or applications store their data. If the file server is offline, then people cannot work. Downtime means additional costs, which organizations try to avoid. Windows Server 2019 (and earlier versions) allow you to create highly available file services.

Prerequisites

Before we can start with the file server cluster configuration, the file server role must be installed and permissions must be set in Active Directory for the failover cluster computer object.

There are two ways to install the file server role on the two cluster nodes:

  • Via the Add Roles and Features Wizard of the server manager
  • Via PowerShell

In Server manager, click Add roles and features and follow the wizard. Select the File Server role and install it. A reboot is not required.

server 2019 cluster 1

As an alternative, you can use the following PowerShell command to install the file server feature:

Install-WindowsFeature -Name FS-FileServer

server 2019 cluster 2

To avoid errors at later steps, first configure Active Directory permissions for the failover cluster computer object. The computer object of the cluster (in my case, WFC2019) must have the Create Computer Objects permissions in the Active Directory Organizational Unit (OU).

If you forget about this, the role will fail to start later. Errors and event IDs 1069, 1205 and 1254 will show up in the Windows event log and failover cluster manager.

Open the Active Directory Users and Computers console and switch to Advanced Features in the View menu.

server 2019 cluster 3

Go the OU where your cluster object is located (in my case the OU is Blog). Go to the Security tab (in properties) and click Advanced.

server 2019 cluster 4

In the new window click Add and select your cluster computer object as principal (in my case WFC2019).

server 2019 cluster 5

In the Permissions list select Create Computer objects

server 2019 cluster 6

Click OK in all windows to confirm everything

Configure the file server cluster role

Because all pre-requisites are now met, we can configure the file server cluster role. Open the Failover Cluster manager and add the role to your cluster (right-click on Roles of your cluster -> configure role -> and select the File Server role).

server 2019 cluster 7

We will create a file server for general use as we plan to host file shares for end users.

server 2019 cluster 8

In the next step we define how clients can access the file server cluster. Select a name for your file server and assign an additional IP address.

server 2019 cluster 9

Use the storage configured earlier.

server 2019 cluster 10

After you finish the wizard, you can see the File Server role up and running in the Failover Cluster Manager. If you see errors here, check the create computer objects permissions described earlier.

server 2019 cluster 10

A new Active Directory object also appears in Active Directory Users and Computers, including a new DNS entry

server 2019 cluster 11

Now it’s time to create file shares for users. You can right-click on the file server role or use the actions panel on the right hand side.

server 2019 cluster 12

I select the SMB Share  Quick as I plan a general purpose file server for end users.

server 2019 cluster 13

I also keep the default permissions because this is just an example. After you have finished the wizard, the new file share is ready to use.

In the following video I show the advances of a continuous available file share. The upload of the file will continue even during a cluster failover. The client is a Windows 10 1809. I upload an iso to the file share I created earlier. My upload speed it about 10-20Mbit/s WAN connection. During failover to a different cluster node, the upload stops for some seconds. After successful failover it continues uploading the ISO file.

Next steps and backup

As soon as the file server contains data, it is also time to think about backing up the file server. Veeam Agent for Microsoft Windows can back up Windows failover clusters with shared disks. We also recommend doing backups of the entire system of the cluster. This also backs up the operating systems of the cluster members and helps to speed up restore of a failed cluster node because you don’t need to search for drivers, etc. in case of a restore.

 


This article was provided by our service partner : Veeam

smishing

Smishing Explained: What It Is and How You Can Prevent It

Do you remember the last time you’ve interacted with a brand, political cause, or fundraising campaign via text message? Have you noticed these communications occurring more frequently as of late?

It’s no accident. Whereas marketers and communications professionals can’t count on email opens or users accepting push notifications from apps, they’re well aware that around 98% of SMS messages are read within seconds of being received

As with any development in how we communicate, the rise in brand-related text messaging has attracted scammers looking to profit. Hence we arrive at a funny new word in the cybersecurity lexicon, “smishing.” Mathematical minds might understand it better represented by the following equation:

SMS + Phishing = Smishing

For the rest of us, smishing is the act of using text messages to trick individuals into divulging sensitive information, visiting a risky site, or downloading a malicious app onto a smartphone. These often benign seeming messages might ask you to confirm banking details, verify account information, or subscribe to an email newsletter via a link delivered by SMS.

As with phishing emails, the end goal is to trick a user into an action that plays into the hands of cybercriminals. Shockingly, smishing campaigns often closely follow natural disasters as scammers try to prey on the charitable to divert funds into their own pockets.

Smishing vs Vishing vs Phishing

If you’re at all concerned with the latest techniques cybercriminals are using to defraud their victims, your vocabulary may be running over with terms for the newest tactics. Here’s a brief refresher to help keep them straight.

  • Smishing, as described above, uses text messages to extract the sought after information. Different smishing techniques are discussed below.
  • Vishing is when a fraudulent actor calls a victim pretending to be from a reputable organization and tries to extract personal information, such as banking or credit card information.
  • Phishing is any type of social engineering attack aimed at getting a victim to voluntarily turn over valuable information by pretending to be a legitimate source. Both smishing and vishing are variations of this tactic.

Examples of Smishing Techniques

Enterprising scammers have devised a number of methods for smishing smartphone users. Here are a few popular techniques to be aware of:

  • Sending a link that triggers the downloading of a malicious app. Clicks can trigger automatic downloads on smartphones the same way they can on desktop internet browsers. In smishing campaigns, these apps are often designed to track your keystrokes, steal your identity, cede control of your phone to hackers, or encrypt the files on your phone and hold them for ransom.
  • Linking to information-capturing forms. In the same way many email phishing campaigns aim to direct their victims to online forms where their information can be stolen, this technique uses text messages to do the same. Once a user has clicked on the link and been redirected, any information entered into the form can be read and misused by scammers.
  • Targeting users with personal information. In a variation of spear phishing, committed smishers may research a user’s social media activity in order to entice their target with highly personalized bait text messages. The end goal is the same as any phishing attack, but it’s important to know that these scammers do sometimes come armed with your personal information to give their ruse a real feel.
  • Referrals to tech support. Again, this technique is a variation on the classic tech support scam, or it could be thought of as the “vish via smish.” An SMS message will instruct the recipient to contact a customer support line via a number that’s provided. Once on the line, the scammer will try to pry information from the caller by pretending to be a legitimate customer service representative. 

How to Prevent Smishing

For all the conveniences technology has bestowed upon us, it’s also opened us up to more ways to be ripped off. But if a text message from an unknown number promising to rid you of mortgage debt (but only if you act fast) raises your suspicion, then you’re already on the right track to avoiding falling for smishing.

Here are a few other best practices for frustrating these attacks:

  • Look for all the same signs you would if you were concerned an email was a phishing attempt: 1) Check for spelling errors and grammar mistakes, 2) Visit the sender’s website itself rather than providing information in the message, and 3) Verify the sender’s telephone address to make sure it matches that of the company it purports to belong to.
  • Never provide financial or payment information on anything other than the trusted website itself.
  • Don’t click on links from unknown senders or those you do not trust
  • Be wary of “act fast,” “sign up now,” or other pushy and too-good-to-be-true offers.
  • Always type web addresses in a browser rather than clicking on the link.
  • Install a mobile-compatible antivirus on your smart devices.

This article was provided by our service partner : webroot.com

vSan

How policy based backups will benefit you

With VMworld 2019 right around the corner, we wanted to share a recap on some of the powerful things that VMware has in their armoury and also discuss how Veeam can leverage this to enhance your Availability.

This week VMware announced vSAN 6.7 Update 3. This release seems to have a heavy focus on simplifying data center management while improving overall performance. A few things that stood out to me with this release included:

  • Cleaner, simpler UI for capacity management: 6.7 Update 3 has color-coding, consumption breakdown, and usable capacity analysis for better capacity planning allowing administrators to more easily understand the consumption breakdown.
  • Storage Policy changes now occur in batches. This ensures that all policy changes complete successfully, and free capacity is not exhausted.
  • iSCSI LUNs presented from vSAN can now be resized without the need to take the volume offline, preventing application disruption.
  • SCSI-3 persistent reservations (SCSI-3 PR) allow for native support for Windows Server Failover Clusters (WSFC) requiring a shared disk.

Veeam is listed in the vSAN HCL for vSAN Partner Solutions and can protect and restore VMs. The certification for the new Update 3 release is also well on its way to being complete.

Another interesting point to mention is the Windows Server Failover Clusters (WSFC). While these are seen as VMDKs, they are not applicable to the data protection APIs used for data protection tasks. This is where the Veeam Agent for Microsoft Windows comes in with the ability to protect those failover clusters in the best possible way.

What is SPBM?

Storage Policy Based Management (SPBM) is the vSphere administrator’s answer to control within their environments. This framework allows them to overcome upfront storage provisioning challenges, such as capacity planning, differentiated service levels and managing capacity resources in a much better and efficient way. All of this is achieved by defining a set of policies within vSphere for the storage layer. These storage policies optimise the provisioning process of VMs by provisioning specific datastores at scale, which in turn will remove the headaches between vSphere admins and storage admins.

However, this is not a closed group between the storage and virtualisation admins. It also allows Veeam to hook into certain areas to provide better Availability for your virtualised workloads.

SPBM spans all storage offerings from VMware, traditional VMFS/NFS datastore as well as vSAN and Virtual Volumes, allowing policies to overarch any type of environment leveraging whatever type of storage that is required or in place.

What can Veeam do?

Veeam can leverage these policies to better protect virtual workloads, by utilising vSphere tags on old and newly created virtual machines and having specific jobs setup in Veeam Backup & Replication with specific schedules and settings that are required to meet the SLA of those workloads.

Veeam will also back up any virtual machine that has an SPBM policy assigned to it, as well as protect the data. It will also protect the policy, so if you had to restore the whole virtual machine, the policy would be available as part of the restore process.

Automate IT

Gone are the days of the backup admin adding and removing virtual machines from a backup job, so let’s spend time on the interesting and exciting things that provide much more benefit to your IT systems investment.

With vSphere tags, you can create logical groupings within your VMware environment based on any characteristic that is required. Once this is done, you are able to migrate those tags into Veeam Backup & Replication and create backup jobs based on vSphere tags. You can also create your own set of vSphere tags to assign to your virtual machine workloads based on how often you need to back up or replicate your data, providing a granular approach to the Availability of your infrastructure.

VMware Snapshots – The vSAN way

In vSAN 6.0, VMware introduced vSAN Sparse Snapshots. The snapshot implementation for vSAN provides significantly better I/O performance. The good news for Veeam customers is if you are using the traditional VMFS or the newer vSAN sparse snapshots the display and output are the same — a backup containing your data. The benefits are incredible from a performance and methodology point of view when it comes to the sparse snapshot way and can play a huge role in achieving your backup windows.

The difference between the “traditional” and the new snapshot methodology that both vSAN as well as Virtual Volumes leverage is that a traditional VMFS snapshot is using Redo logs which, when working with high I/O workloads, could cause performance hits when committing those changes back to the VM disk. The vSAN way is much more similar to a shared storage system and a Copy On Write snapshot. This means that there is no commitment after a backup job has released a snapshot, meaning that I/O can continue to run as the business needs.

There are lots of other integrations between Veeam and VMware but I feel that this is still the number one touch point where a vSphere and Backup Admin can really make their life easier by using policy-based backups using Veeam.


This article was provided by our service partner : veeam.com