Cloud Based vs Self Hosted Remote Support

Cloud-Based vs. Self-Hosted Remote Support: 3 Things to Consider

Researching remote support products can lead you down many paths, but it’s important to keep your footing and consider how the needs of your business–and your clients’ needs–factor into the functionality of the tool(s) you’re considering.

One fork in the road you might encounter is the choice between a self-hosted or cloud-based remote support solution. You should carefully consider your options here as there are pros and cons to both self-hosted and cloud based remote support software.

Your crossroad will only look slightly different if you already have a self-hosted remote support system in place. In that case, you should consider whether your current solution is still worth the time and money to maintain.

So, where does this lead? Let’s examine the pros and cons of both self hosted and cloud based.

1. Setup & Implementation

On-prem support tools frequently require more time and money up front to implement. You might have to purchase hardware to build your own server structure or buy a domain name. In that case, you’ll need to ensure that the ISP allows for configuration of your own self hosted remote support software as some don’t.

The cloud-based remote support counterparts typically come preconfigured for easier setup, ready for action right out of the box. Typically, they also include an easy to remember URL or subdomain, so you won’t have to worry about ISP server allowances, purchasing a static IP address, or experiencing NAT loopback issues.

2. Security*

Self-hosted remote support software will require you to manually secure ports, set up firewalls, establish SSL certificates, and maintain security yourself.

Conversely, with a cloud-based tool, securing your data (and maintaining its security) is done in partnership with the vendor who’s there to help with these efforts. The vendor will usually have wildcard SSL certificates in place that will secure your instance for you, so there’s no need to maintain firewalls and traffic for a server in the cloud.

Pro-Tip: look for remote support software that offers AES encryption as well as SSL certificates.

*If the industry you support requires stringent security compliance, then on-prem is the option for you. But for most businesses, cloud-based tools are a viable option. And while there’s still plenty of debate about the security of cloud environments, the question you should ask yourself is whether or not you want to shoulder the responsibility of a security breach if something goes wrong with your self-hosted system.

3. Upkeep & Upgrades

When considering self-hosted options, hardware gets old and sometimes breaks; manual upkeep ties up your resources; access to support and upgrading fees add up; downtime can poke holes in your revenue stream.

But with cloud-based options, updates and bug fixes are done automatically, and typically don’t have hidden fees. You’ll always be using the most up-to-date version of the product.

Other factors are at play here, too. Customization, resource training, overall reliability–these are all things you should weigh before you make a purchase. Once you see what tilts the scales, the decision will be much easier.

Dragonblood

WPA3 flaws may let attackers steal Wi-Fi passwords

The new wireless security protocol contains multiple design flaws that hackers could exploit for attacks on Wi-Fi passwords

WPA3, a new Wi-Fi security protocol launched in June 2018, suffers from vulnerabilities that make it possible for an adversary to recover the password of a wireless network via “efficient and low cost” attacks, according to a new academic paper and a website dedicated to the flaws.

As a reminder, the third iteration of the Wi-Fi Protected Access (WPA) protocol is designed to enhance wireless security, including by making it well-nigh impossible to breach a WiFi network using password-guessing attacks. This safeguard – which is courtesy of WPA3’s ‘Simultaneous Authentication of Equals’ (SAE) handshake, popularly known as Dragonfly – could even ‘save people from themselves’, i.e. in the far-too-common scenario when they choose easy-to-break passwords.

Not so fast, according to Mathy Vanhoef of New York University Abu Dhabi and Eyal Ronen of Tel Aviv University & KU Leuven. Their research found that the passwords may not be beyond reach for hackers after all, as the protocol contains two main types of design flaws that can be exploited for attacks.

“Unfortunately, we found that even with WPA3, an attacker within range of a victim can still recover the password of the Wi-Fi network,” they write, noting that, in the absence of further precautions, this could in some cases pave the way for thefts of sensitive information such as credit card details. The vulnerabilities – which were identified only in WPA3’s Personal, not Enterprise, implementation – are collectively dubbed ‘Dragonblood’.


‘Dragonblood’ logo

One type of attack, called the ‘downgrade attack’, targets WPA3’s transition mode, where a network can simultaneously support WPA2 and WPA3 for backward compatibility.

“[I]f a client and AP [access point] both support WPA2 and WPA3, an adversary can set up a rogue AP that only supports WPA2. This causes the client (i.e. victim) to connect using WPA2’s 4-way handshake. Although the client detects the downgrade-to-WPA2 during the 4-way handshake, this is too late,” according to the researchers.

This is because the 4-way handshake messages that were exchanged before the downgrade was detected provide enough information to launch an offline dictionary attack against the Wi-Fi password. The attacker ‘only’ needs to know the network’s name, aka Service Set Identifier (SSID), and be close enough to broadcast the rogue AP.

Meanwhile, the ‘side-channel attack’ targets Dragonfly’s password-encoding method, called the ‘hunting and pecking’ algorithm. This attack comes in two flavors: cache- and timing-based.

“The cache-based attack exploits Dragonflys’s hash-to-curve algorithm, and our timing-based attack exploits the hash-to-group algorithm. The information that is leaked in these attacks can be used to perform a password partitioning attack, which is similar to a dictionary attack,” said Vanhoef and Ronen, who also shared scripts intended to test some of the vulnerabilities they found.

“The resulting attacks are efficient and low cost. For example, to brute-force all 8-character lowercase passwords, we require less than 40 handshakes and 125$ worth of Amazon EC2 instances,” they wrote.

Additionally, the two researchers also found that WPA3’s built-in protections against denial-of-service (DoS) attacks can be trivially bypassed and an attacker can overload an AP by initiating a large number of handshakes.

All’s not lost

Vanhoef and Ronen said that they collaborated with the Wi-Fi Alliance and the US CERT Coordination Center (CERT/CC) to notify all affected vendors in a coordinated manner.

The Wi-Fi Alliance acknowledged the vulnerabilities and said that it is providing implementation guidance to affected vendors. “The small number of device manufacturers that are affected have already started deploying patches to resolve the issue”, according to the certification body for Wi-Fi compatible devices.

Meanwhile, Vanhoef and Ronen noted that “our attacks could have been avoided if the Wi-Fi Alliance created the WPA3 certification in a more open manner”. For all its flaws, however, WPA3 is an improvement over WPA2, they concluded.

Notably, Vanhoef was one of the researchers who in 2017 disclosed a security loophole in WPA2 known as ‘Key Reinstallation AttaCK’ (KRACK).


This article was supplied by our service partner : Eset.com

vmware expert

VMware vCenter Server 6.7 Update 2

VMware just released a new vCenter Server version: 6.7 Update 2, 6.7.0.30000, build 13010631. In this article I will cover some of the new features and resolved issues. I will also demonstrate how easy is to update from a previous version of vCenter Server 6.7 to VMware vCenter Server 6.7 Update 2.

In case you are looking for a plain installation of vCenter Server 6.7, you can check my other article: How to Install VCSA 6.7 (VMware vCenter Server Appliance).

VMware vCenter Server 6.7 Update 2 New Features

vCenter Server 6.7 Update 2 introduces Virtual Hardware Version 15 which adds support for creating virtual machines with up to 256 virtual CPUs.

There are few changes in vCenter backups: you can use NFS v3 (Network File System) and SMB2 (Server Message Block) protocols for file-based backup and restore operations. Also it adds version details to the “Enter backup details” page that help you to pick the correct build to restore the backup file. You can create alarm definitions to monitor the backup status of your system (using email, SNMP traps or scripts as actions).

vCenter Server 6.7 Update 2 introduces the Developer Center with two new features: API Explorer and Code Capture. This update brings API Explorer (formerly accessible via https://<vCSA-FQDN>/apiexplorer) into the vSphere Client, thus removing the extra steps to authenticate prior to interacting with the REST APIs. If you ever played with the old Onyx flings, you will enjoy Code Capture. Just enable recording, do something in vSphere Client, then end recording and see the equivalent PowerCLI code generated.

VMware vCenter Server 6.7 Update 2 - Code Capture

You can now publish your VM templates managed by Content Library from a published library to multiple subscribers. You can trigger this action from the published library, which gives greater control over the distribution of VM templates.

vCenter Server 6.7 Update 2 Resolved Issues

VMware vCenter Server 6.7 Update 2 resolves plenty of issues with vMotion, backup, auto deploy, VMware tools, storage, management of VMs, and networking.

  • vSphere vMotion operations for encrypted virtual machines might fail after a restart of the vCenter Sever system
  • Power-on or vSphere vMotion operations with virtual machines might fail with an infinite loop error
  • Migrating a virtual machine might fail due to inability to access the parent disk
  • Migrating a virtual machine might fail due to inability to access the parent disk
  • VMware vSphere Auto Deploy Discovered Hosts tab might display an error after creating or editing a deployment rule
  • Customization of virtual machines by using Microsoft Sysprep on vSphere 6.7 might fail and virtual machines stay in customization state
  • The c:\sysprep directory might not be deleted after Windows guest customization
  • You might not see the configured CPU shares when exporting a virtual machine to OVF
  • vCenter Server might stop responding when adding a fault message in the vSphere Storage DRS
  • The vpxd service might fail when the vSphere Storage DRS provides an initial placement operation
  • ESXi hosts with visibility to RDM LUNs might take a long time to start or experience delays during LUN rescans
  • Expanding the disk of a virtual machine by using VMware vRealize Automation might fail with an error for insufficient disk space on a datastore
  • Provisioning of virtual machines might fail if the same replication group is used for some or all virtual machine files and disks
  • You cannot add permissions for a user or group beyond the first 200 security principals in an Active Directory domain by using the vSphere Client
  • User login and logout events might not contain the IP address of the user
  • The vCenter Server daemon service vpxd might fail to start with an error for invalid descriptor index
  • Cloning a virtual machine from a snapshot of a template might fail with a “missing vmsn file” error
  • An internal error might occur in alarm definitions of the vSphere Web Client
  • Attempts to log in to a vCenter Server system after an upgrade to vCenter Server 6.7 might fail with a credentials validation error
  • Migration of vCenter Server for Windows to vCenter Server Appliance might stop at 75% if system time is not synchronized with an NTP server
  • Upgrading vCenter Server for Windows to 6.7 Update 2 from earlier versions of the 6.7 line might fail
  • vCenter Server upgrades might fail due to compatibility issue between VMware Tools version 10.2 and later, and ESXi version 6.0 and earlier
  • You might see a message that an upgrade of VMware vSphere Distributed Switch is running even after the upgrade is complete
  • You cannnot migrate virtual machines by using vSphere vMotion between ESXi hosts with NSX managed virtual distributed switches (N-VDS) and vSphere Standard Switches

VMware vCenter Server 6.7 Update 2 also updates some of the internal packages used.

  • VMware Postgres is updated to version 9.6.11
  • Oracle (Sun) JRE is updated to version 1.8.202.
  • Apache httpd is updated to version 2.4.37
  • The OpenSSL package is updated to version openssl-1.0.2q.
  • The ESXi userworld libxml2 library is updated to version 2.9.8.
  • The OpenSSH is updated to version 7.4p1-7.

For full list of resolved issues you can check the Release Notes.

How to Update to vCenter Server 6.7 Update 2

I will demonstrate an online update from vCenter Appliance Management console. I logged in to https://<vCSA-FQDN>:5480/ using the root appliance password, then I navigated to Update menu. After a short check, I can see my current version is 6.7.0.20000 and I have an available update to 6.7.0.30000 (which is vCenter Server 6.7 Update 2). I will click on “Stage and install” link.

VMware vCenter Server 6.7 Update 2 - Check Update Availability

Next step is to accept the end user license agreement (EULA). Check the “I accept…” checkbox and click on “Next”.

VMware vCenter Server 6.7 Update 2 - End User License Agreement

The installer will run pre-update checks now. For example, if your root password has expired, you will receive a notice and you will not be able to proceed further before fixing the problem. If everything is allright, the wizard will jump to the next screen. You can see a downtime estimation (which proved to be waaay overestimated in my case). Confirm you have a backup of vCenter Server and click on “Finish”.

VMware vCenter Server 6.7 Update 2 - Backup Server

We can sit down and relax now while the vCenter Server is upgraded.

VMware vCenter Server 6.7 Update 2 - Installation in Progress
VMware vCenter Server 6.7 Update 2 - Stopping Services
VMware vCenter Server 6.7 Update 2 - Installing Packages

After some time we will be logged out from the appliance. Wait few minutes and then you can log back in.

VMware vCenter Server 6.7 Update 2 - Appliance Management Login

Installation is now completed!

VMware vCenter Server 6.7 Update 2 - Installation Completed

Going on the Summary page of the Appliance Management console, you can see the new version: 6.7.0.30000, build 13010631.

VMware vCenter Server 6.7 Update 2 - Status

This article was provided by our service partner : vmware.com

Digital Identity

Lock Down Your Digital Identity

The last decade has been one of digital revolution, leading to the rapid adoption of new technology standards, often without the consideration of privacy ramifications. This has left many of us with a less-than-secure trail of digital breadcrumbs—something cybercriminals are more than aware of. Identity theft is by no means a new problem, but the technology revolution has created what some are calling a “global epidemic.”

What is a Digital Identity?

The first step in locking down your digital identity is understanding what it is. A digital identity is the combination of any and all identifying information that can connect a digital persona to an actual person. Digital identities are largely comprised of information freely shared by the user, with social media accounts generally providing the largest amount of data. Other online services like Etsy and eBay, as well as your email and online banking accounts, also contribute to your digital identity. Realistically, any information that can be linked back to you, no matter how seemingly inconsequential, is part of your digital identity.

Digital Identity Theft

Digital identity theft occurs in several ways. A common tactic is social media fraud, where a hacker will impersonate a user by compromising an existing social media account, often messaging friends and family of the user requesting money or additional account information. If unable to gain full control of a genuine social media account, identity thieves will often set up a dummy social media account and impersonate the user using it.

A less widely-known form of digital identity fraud is internet-of-things (IoT) identity theft, where an attacker gains access to an IoT device with weak security protocols and exploits it to gain access to a higher priority device connected to the same network. Another growing threat is “SIM swapping”— an attack that involves tricking a mobile provider into swapping a legitimate phone number over to an illegitimate SIM card, granting the attacker access to SMS-enabled two-factor authentication (2FA) efforts.

Even those who don’t consider themselves targets should be aware of these tactics and take steps to lock down their digital identities.

Locking it Down

Reviewing your social media accounts’ privacy settings is one of the easiest things you can do to cut opportunistic identity thieves off from the start. Set your share settings to friends only, and scrub any identifying information that could be used for security clearance — things like your high school, hometown, or pets’ names. Only add people you personally know and if someone sends you a suspicious link, don’t click it! Phishing, through email or social media messages, remains one of the most prevalent causes of digital identity theft in the world. But your digital identity can be compromised in the physical world as well — old computers that haven’t been properly wiped provide an easy opportunity hackers won’t pass up. Always take your outdated devices to a local computer hardware store to have them wiped before recycling or donating them.

The Right Tools for the Job

This is just the start of a proper digital identity lock-down. Given the sensitive nature of these hacks, we asked Webroot Security Analyst Tyler Moffitt his thoughts on how consumers can protect their digital identities.

“Two-factor authentication in combination with a trusted virtual private network, or VPN, is the crown jewel of privacy lock-down,” Tyler said. “Especially if you use an authenticator app for codes instead of SMS authentication. A VPN is definitely a must… but you can still fall for phishing attempts using a VPN. Using two-factor authentication on all your accounts while using VPN is about as secure as you can get.”

2FA provides an additional level of security to your accounts, proactively verifying that you are actually the one attempting to access the account. 2FA often uses predetermined, secure codes and geolocation data to determine a user’s identity.

Because 2FA acts as a trusted gatekeeper, do your research before you commit to a solution. You’ll find some offerings that bundle 2FA with a secure password manager, making the commitment to cybersecurity a little bit easier. When making your choice, remember that using SMS-enabled 2FA could leave you vulnerable to SIM swapping, so though it is more secure than not using 2FA at all, it is among the least secure of 2FA strategies.

VPNs wrap your data in a cocoon of encryption, keeping it out of sight of prying eyes. This is particularly important when using public WiFi networks, since that’s when your data is at its most vulnerable. Many VPNs are available online, including some free options, but this is yet another instance of getting what you pay for. Many free VPNs are not truly private, with some selling your data to the highest bidder. Keeping your family secure behind a VPN means finding a solution that provides you with the type of comfort that only comes with trust.


This article was provided by our service partner : webroot.com

cloud security

How Threats Have Evolved & Why You Need to Do Something About It

Whether you realize it or not, the
cybersecurity threat landscape has changed dramatically in the last few years—and recent security issues prove it.

Everywhere you turn, conversations about cyber issues today are happening. The media coverage on massive breaches continues to grow by the day. But since most of the high profile cases people read about are large companies (Equifax, Apple, Target, etc.), many small business owners you work with have it in their mind that large companies are the targets and they’re immune or safe from new threats.

That couldn’t be further from the truth.

Attacks on SMBs, as well as MSPs, are on the rise, and you both must be vigilant as a result. According to the Ponemon Institute: 2017 State of Cybersecurity in Small & Medium-Sized Businesses (SMB) study, the average cost due to damage or theft of IT assets and infrastructure increased from $879,582 to $1,027,053. The average cost due to disruption of normal operations increased from $955,429 to $1,207,965.

Attacks and breaches 1
So, What’s Changed?

Security was a modest part of the services you’ve provided—until now. It’s made its way to the forefront of business IT needs so you can protect against the top cybersecurity threats out there. Endpoint protection, firewall protection, and email protection were staples of the managed services business, but they’re simply not enough anymore. Failure to address these increases the chance of a serious security event, and reduces the chance to avoid downtime, a work stoppage, or worse.

For years, MSPs have provided a successful security strategy that has provided their customers excellent uptime and productivity. Cybercriminals are getting more sophisticated and targeting small to medium businesses. Ransomware, data breaches, and phishing attacks are examples of tactics that eclipse the solutions that we’ve relied on thus far. You’ll want to make sure they’re safeguarded against these more sophisticated attacks, and mitigate as much risk as possible. Cyber issues today don’t just impact your customers, but their customers, suppliers, etc. If someone were to breach your customer, it could give them access to all of their critical systems and data. If an incident happens in a regulated industry, the cause goes beyond their loss of business. It would compromise your patient’s protected data and be in breach of HIPAA requirements. Aside from financial implications due to a work stoppage, breaches in industries that are regulated (financial, healthcare, industrial, government, etc.) are also subject to investigations, digital forensics teams, and litigation.

As an MSP, more times than not you’ll be questioned and have to participate in those investigations. If the customer has cyber insurance, the insurance company will do their investigation before paying out. In a breach today where data is compromised, the financial impact is a whopping $148 per record. It’s not just downtime that can render a business in trouble after a breach, because the lingering effects are crippling to most companies.

What Can You Do About It?

Several things. First, realize that this is not a problem you can throw a bunch of tools at to fix. People and process is a key component of a strong security posture. As you can see in the chart “What’s Behind the Trends: Root Cause”, 54% of data breaches were a result of negligent employees or contractors. That correlates to nearly half of all attacks being executed through phishing or social engineering. Implementing security awareness training through Customer Security Programs is a good way to expand your service offering and reduce your customers risk that doesn’t involve adding another tool to your stack.

Attacks and breaches : root cause

Second, leverage a proven framework as a benchmark to measure your customers’ businesses (and your own). We believe the NIST Cybersecurity Framework (CSF) is the most comprehensive and easiest framework for MSPs to adopt. We’ve built a risk assessment based on that framework that includes strengths and weaknesses for your customer, plus an actionable report and an attestation letter that protects you against recommendations your customer doesn’t wish to add. With this, you can walk into a customer’s office and say, “In order to make sure you’re as protected as you can be, I went ahead and did a risk assessment of your business to help determine your security posture. The assessment is based on the Cybersecurity Framework created by the National Institute of Standards and Technology, and it’s the benchmark we use to grade all companies—regardless of size or industry. It’s also the same assessment I perform regularly on my own company.”


This article was provided by our service partner : connectwise.com