Processor Vulnerability – Meltdown and Spectre

As you may be aware there have been two processor vulnerabilities published. These vulnerabilities affect various vendor CPUs including Intel processors. These latest vulnerabilities are named Meltdown and Spectre.

Meltdown

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system. Luckily this currently has patches available.

Spectre

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre

Actions

BCN Group is working to secure our environments from these vulnerabilities as the providers are rolling out patches, these vendors include VMware, Microsoft, Red Hat, CentOS, FreeBSD and others. For more information on what is available from our primary vendors please visit the links below.

VMware
Microsoft

Hosted Customers

BCN Group will be arranging maintenance windows where applicable to reboot the servers to enable the patching of Microsoft and Linux operating systems. The underlying infrastructure is currently being patched and will not affect any customers.

Managed Service Customers

BCN Group will be patching your servers and will contact you to arrange a maintenance window if required.

Desktop Users

Windows computers will be patched via windows updates if it is enabled.

Additional Information

Unfortunately, this patching may have an adverse effect on the CPU usage depending on applications. This increase in usage has been reported between 5% and 30%, but this is not predictable at the moment. For desktop users, this is likely not noticeable, but for server users we recommend monitoring your workloads.

If you have any worries or questions and would like assistance please contact you account manager on 0345 095 7000.

7 takeaways from Cisco Meraki’s latest cloud wi-fi solution

 

 

Mobile connectivity has grown exponentially over the past few years, so much so that today, 71% of all mobile communications now flow over wireless (source: Wi-Fi Alliance). Whether you are working at home, or using a device at the office, mobility has become a necessary part of modern businesses.

Not surprisingly, managing such a widespread multi-site, multi-mobile entity can be daunting for even the hardiest of administrators. Enter cloud networking. Cisco Meraki have developed a cloud networking, switching, security and wireless management solution that seeks to accommodate and enhance this step change. Here we take a look at key aspects of their platform and how it can help you, your users and your organisation.

So what is it?

In short, Cisco Meraki is a powerful multi-site wireless management tool which removes the need for complex traditional onsite wireless controllers, using just a single cloud-based control interface using real-time communication protocols that enable network administrators to manage their networks from the cloud, without sacrificing control and responsiveness. Whilst this explanation may not sound very compelling, the benefits can be significant.

Always at the ready

Cisco Meraki comes with a robust management dashboard which is accessible at any time, from anywhere. Requiring only an internet connection on your preferred device, accessibility is what the Cloud Meraki Dashboard does best – even in the event of a power outage or poor weather. Using a combination of traffic rerouting and geographical data priority, the dashboard will always remain readily available to anyone who needs to use it, no matter the circumstances.

Safe and sound

Where there’s mention of wireless or the cloud, there quickly follows security concerns. And rightly so. Almost daily we hear or read about major network intrusions, compromises and computer misuse. To combat this, Cisco Meraki puts its security stance front and centre, using an out of band location and an encrypted layer to communicate to and from the management interface. Unlike most traditional wireless and switch arrangements, management traffic is also segregated from the normal network, making unsolicited and malicious intrusion all but impossible.

On a more general footing, it incorporates a variety of advanced features within its firewall solution to stop unauthorised access to your user network. Of these, the firewall allows for:

  • content filtering
  • geographical firewall rules
  • anti-virus and anti-phishing
  • intrusion prevention and intrusion detection services.

Centre stage

The Meraki Cloud Dashboard can be accessed from a wide range of popular web browsers and is also accessible on Apple and Android devices. Through this dashboard, users can identify bandwidth usage from devices or specific applications, as well as the ability to troubleshoot networking issues and test features within the system. The dashboard is simple and easy to navigate – and no other application or program is needed.

Self-sufficient

Any device accessible through the Meraki Cloud Dashboard can be automatically updated to ensure optimal performance and security from the network. Additionally, updates can be scheduled for any time to avoid disruption during periods of heavy internet usage. Should there be a failed update, any incompatible hardware is automatically rolled back to keep your network running without hassle.

Reach for the sky

There’s nothing worse than finding a quiet spot to work from your laptop or tablet, only to discover that internet access is unavailable or appallingly slow. Cisco Meraki solves this by providing enterprise-class 802.11ac access points which deliver the strongest signal strength possible, letting you work happily wherever you want. Furthermore, outdoors access points can also be added throughout the workplace, extending Wi-Fi coverage of your site/campus.

Setting an impression

We expect access to the internet – it’s a staple for much of our everyday lives – and it’s clear we’re getting more fastidious about its absence. According to Hotel Chatter, 38% of people will no longer book a hotel solely on the basis that it does not offer Wi-Fi.

With so much data moving across wireless infrastructure, businesses have few options but to utilise it. How you control, secure and manage it is the new challenge.

Benefits street

Network managers can gain some big advantages from cloud networking over the traditional solutions. Of these are:

  • Faster implementation and easier management
  • Unified view of the entire network regardless of the location of end devices
  • Rapid detection of troubled devices and easy replacement
  • Reduced costs on IT staff and training
  • Reduced costs of upgrades to network operating systems and devices
  • Anytime, anywhere network access
  • Stronger security posture and network control

To summarise, no Wi-Fi is becoming a business showstopper. It’s little surprise that 75% of people recently said that they would be grumpier without internet for a week than without coffee.

At BCN Group, we work closely with customers to ensure that their networks are managed efficiently and safely. Cisco Meraki is just one solution we apply to ensure your business can grow further and exceed expectations. If something has caught your eye, get in touch with us at info@bcn.co.uk, or visit us at www.bcn.co.uk.

Millennials are Top IT Security Risk for Businesses

 

Millennials are a generation defined by technology. After all, this is the first generation to grow up surrounded by technology. Despite this, it’s the older generations who are savvier when it comes to internet security. According to research by FirstData, millennials are less concerned with cybersecurity than older generations. The biggest problems faced are with reusing the same password and with over sharing sensitive information on social media and over email.

 

Older generations might be more concerned with their individual computers and devices being infected, which is why they are cautious about internet usage and sharing information. However, younger generations don’t share these concerns. Although device-level security might be sufficient, there is always the worry that third-party sites could be compromised. If a user has the same password for every platform, then this could present a serious problem.

 

According to the research, 82% of millennials reuse the same password across websites and apps and 42% will only change their password if they are forced to. The main reason cited for this reluctance to change passwords is that they are simply too difficult to remember. For company owners, this presents a unique challenge when it comes to policing their company password policy.

 

When it comes to oversharing on social networks, millennials are less concerned about the risks associated with this. Only 43% of millennials are concerned about transmitting private information over social media sites, compared to 63% of boomers. Even something as small as sharing your date of birth on social media can allow fraudsters to piece together your identity and open credit cards in your name.

 

For companies, this presents a unique challenge, as millennial workers might use the same password for their work email as they would for their social media accounts. Although there is a lot of attention to cybersecurity threats such as ransomware, millennials aren’t as concerned about the risks associated with identity theft. While social networks might be secure, many people allow third-party apps to access their information without a second thought, and this is where more education is needed. Although millennials may be very savvy when it comes to technology, there are clearly gaps in awareness where security is concerned.

5 Reasons Tech Startups Should Invest in IT Support

The image of the modern tech entrepreneur is someone who can miraculously manage everything at once. Although startups might feel that they have to pull themselves up by their bootstraps and manage everything in-house, there are a lot of benefits to be enjoyed when it comes to outsourcing critical tasks. IT support is one area where tech startups, in particular, can benefit from outsourcing their needs. Here are 5 reasons tech startups should consider outsourcing their IT support…

Reduce Costs

Running a successful startup is all about making sound financial decisions. While many startups may subscribe to the agile mindset, they are often guilty of making bulky and costly mistakes. Hiring an in-house IT department is one such costly mistake. Managing your IT in-house means hiring an entire team, not to mention the added costs of servers, software and hardware. By outsourcing this to a third party company, the startup is able to take an agile approach to growth as the IT support they need can grow with them.

Leverage Expertise

It can be tempting to try to operate as a jack of all trades, but there comes a time when it pays to refer to the experts. Although there is a lot of satisfaction to be gained from managing everything in-house, leveraging the expertise of an IT support company can help to keep the focus on the task at hand: building your startup.

Improve Customer Retention

In the early days of managing a customer-facing startup, public perception is everything. If you’re out of action for half a day because you decided to manage your IT in-house and can’t access your CRM database for a few hours, this will likely leave your customers with a bad impression. By outsourcing your IT, you can rest assured that someone else will be keeping an eye on things, so you can move your attention to more important matters.

Increased Security

Small businesses and startups are particularly vulnerable to hacks and ransomware. By outsourcing your IT services, you can rest assured that someone in the know is monitoring your IT systems for anything out of the ordinary. This could range from unusual attachments in emails to brute force attacks on your network.

Scalability

The best IT support companies will provide scalable services that grow with your business. If you have to tighten your belt one month, you should be able to reduce costs, whereas if you are going through a period of rapid expansion, your IT provider should be able to keep up. Leveraging the scalability of outsourcing your IT is one of the best reasons to consider hosted cloud services for your tech startup.

United States Considers Making Revenge Hacking Legal

For the companies in the midst of high-profile data security breaches, revenge hacking is likely low on their list of priorities. As an activity, hacking isn’t inherently illegal, but there are limits on what is and what isn’t permissible. If you forget the password to your own laptop and exploit security vulnerabilities to gain access to it, this is fine. However, if you do the same to your boss’s laptop and steal information from it, this is illegal. While large companies might hire white hat hackers to test their network vulnerabilities and monitor for unusual activity, these hackers have been largely limited in what they can get away with. Until now.

Under the proposed legislation, the victims of hacking would be legally allowed to take revenge against those who breached their security systems. Revenge could involve anything from hacking their systems back, finding out who they are and even destroying any stolen data and information. The rules would also allow victim companies to deploy beaconing technology that would allow them to find the geographical location of the hacker. This would aid law enforcement in bringing these individuals to justice.

There are some limitations to the bill, and companies that choose to carry out revenge hacks wouldn’t be without liability. Most importantly, revenge hacks would only be allowed to be carried out on US computers, which already limits the reach. Many cybercriminals will route their attacks through systems around the world, which would protect them from revenge hacks. Companies would also have to fill out paperwork and submit this to the FBI’s National Cyber Investigative Joint Task Force. This will help to ensure national boundaries are respected and that any activity wouldn’t infringe on a known investigation. The legislation has also been proposed with a time limit attached. The bill would expire after two years and the United States Department of Justice would have to report to Congress to keep them up to date how the legislation has been utilised.

Liability is also a key issue. If damage was done to a third party system as the result of a revenge hack, the company behind it would be liable, provided there is a trail pointing to the company behind the hack. It is not yet clear how transparent the hacking departments will need to be about their activities.

In the UK, there are currently no plans to work revenge hacking into law, but with ransomware and security breaches on the rise, MPs are under pressure to find a satisfactory solution that will protect businesses, infrastructure and public services from cybercriminals.

9 steps to protect against Ransomware

Security Best Practices

Ransomware attacks start in two main ways. A booby-trapped email with a malicious attachment or via a compromised website; which then work their way down to your endpoints and servers. To stop these attacks, it’s critical that you have advanced protection technology in place at each stage of the attack and combine this protection with good user security practices.

Nine best security practices to apply now

Good IT security practices including regular training for employees are essential components of every single security setup. Make sure you’re following these nine best practices:

Patch early, patch often

The sooner you patch the fewer holes there are for ransomware to exploit.

Backup regularly and keep a recent backup copy off-line and off-site

Offline and off-site means ransomware can’t get to it. With recent back-ups, data loss can be minimised.

Enable file extensions

Enabling extensions makes it much easier to spot file types that wouldn’t commonly be sent to you and your users, such as JavaScript.

Open JavaScript (.JS) files in Notepad

Opening a JavaScript file in Notepad blocks it from running any malicious scripts and allows you to examine the file contents.

Don’t enable macros in document attachments received via email

A lot of infections rely on persuading you to turn macros on, so don’t do it!

Be cautious about unsolicited attachments

If you aren’t sure – don’t open it. Check with the sender if possible.

Don’t have more login power than you need

Admin rights could mean a local infection becomes a network disaster. Stay up-to-date with new security features in your business

Stay up-to-date with new security features in your business applications

For example, Office 2016 now includes a control called “Block macros from running in Office files from the internet”.

Patch early, patch often!

Staying on top of patching is so important that we’ve called it out twice. Don’t let ransomware exploit a patched vulnerability.

 

If you’d like to learn more about how to protect your business against ransomware or any other malware, phishing or cyber-threat, get in touch with us today.

Connected Printers Could Pose Internet Security Risk

Almost every office environment will have a connected printer. While this might bring increased productivity and efficiency to the workplace, it also presents a serious security risk. Hackers are increasingly exploiting the vulnerabilities of the humble office printer in order to launch attacks on businesses. Printers handle so much sensitive data on a daily basis. Think about the things that your company will print day-to-day. From sensitive customer information to financial statements – most of us will hit print without a second thought.

For the past year, security experts have been warning about the dangers posed by the Internet of Things. Letting our devices quietly chatter away to each other in the background might seem like a great idea if you want to automate things like heating and lighting, but left unchecked, these devices can provide a backdoor into your sensitive information. This is something that hackers and security experts are all too aware of.

While many businesses take steps to ensure their network is secure, according to one survey, only 25% of businesses surveyed confirmed that printer network security was a priority. Fortunately, printer manufacturers are stepping in to help raise awareness and stop the problem at the root. HP’s latest generation of enterprise printers, for example, is embedded with plenty of smart security options to help improve security. These printers can detect and self-heal issues meaning that the printers can continue to run in the background without the need for downtime to deal with hacks and attacks.

The threats facing business are continually evolving, which is why it’s important to stay one step ahead of those who would seek to damage your business. Regular and comprehensive security assessments should be a key priority in any business. Small businesses are often guilty of assuming they are too small to become a target, but it’s often weaker security systems that pose a target, rather than the size of an organisation. In the UK, the average cost of a security breach is £3,000, which can be crippling for a small company.

If your company is in need of some IT security advice, why not get in touch with the team here at BCN. We can talk you through our services in plain English and help you make a decision that is right for you and your business.

password policy

Best Practice for Creating and Enforcing a Password Policy

No matter how complex and thorough your company IT security is, human users will always find a way to work around protections. If you don’t have a password policy in place, it’s difficult to ensure that your employees are making smart choices. One of the biggest problems is in password strength, with the majority of employees choosing easy to guess passwords and using the same password for everything. Equifax recently hit the headlines when it was revealed a database could be accessed using the username and password ‘admin’. Although it’s easy to joke about these instances, this is no different to a company employee using their first name followed by the year and assuming this is sufficient for security. If you want to keep your company secure, creating a password policy and enforcing it is essential.

Creating and Enforcing Password Policy

Decide what is secure

Although the conventional wisdom seems to be that passwords need to above 8 characters, and include a mixture of lowercase, uppercase, numbers and special characters, this often leads users into the trap of thinking ‘Pa$$word123’ is a strong password. Before creating a company-wide password policy, it’s a good idea to make sure you know what a secure password looks like. You can try this quiz to test your knowledge of password strength.

Update passwords frequently

In addition to guidelines on password length, you should also set a time limit on how long employees can keep the same password as part of your password policy. Changing passwords too frequently can be just as problematic as never changing them, as employees might be tempted to switch back-and-forth between two passwords just to satisfy your password policy.

Decide if password managers are allowed

Some companies swear by password managers as the best way to enforce password policy. While there are many benefits, there’s also the risk that systems could be compromised if one employee’s password manager is breached. If you do decide to use a password manager, it’s important that employees update their access passwords frequently to prevent unauthorised access.

Don’t write passwords down

If your password policy is leading employees to write down long and complicated passwords, it’s time to re-think. Employees need to understand that writing down their passwords is in breach of password policy. Passwords should be long, but they should also be memorable. For example, using a sentence like ‘y3sterd4yicl!mb3dATr33’ is a very secure password, but will be a lot more memorable than a random selection of letters, numbers and punctuation.

If you need help with your IT security, get in touch with our team today on 0345 095 7000 to discuss your needs.

Amazon Web Services will Soon Bill Customers by the Second

When Amazon Web Services launched in 2006, it sparked the cloud computing revolution. Fast forward a few years, and we now have the likes of Dropbox and Airbnb following the introduction of Amazon’s server by the hour model. Developers would no longer have to build and maintain their own servers at considerable cost. Instead, they could pay by the hour for access to supercomputers, as and when they need it. The latest changes are small, but could once again disrupt the way that software is made. Instead of billing users by the hour, they will now be billed by the second.

This isn’t the first time Amazon Web Services has trialled charging users by the second. In 2014, Amazon developed a tool called Lambda to help developers with short-term server needs. This brought to light the trend of serverless computing, as developers could use Amazon’s servers for exactly as long as they needed.

For example, if creating a translation app, the server used to process a request might not exist until required, and then would disappear once the request has been fulfilled. This allows developers to focus on the task of building great software rather than worrying about the deployment and footing the bill for unused server space. By charging users for exactly as much as they need, and operating a generous free tier policy, this opens the floor for developers to get creative. However, while Lambda might have billed by the second, the rest of Amazon Web Services was still billed by the hour, so the process wasn’t entirely seamless.

The latest development, named Amazon EC2 will allow developers to take a more flexible approach to capacity. As outlined on the Amazon Web Services website, developers will be able to increase or decrease their capacity within minutes, rather than hours or days. EC2 will also introduce the option of auto-scaling, which will allow members to maximise the performance of their applications by scaling up or down as required.

Not only will this present money-saving options for developers, but some have also noted that it might encourage developers to push the boundaries of their current offering. According to Amazon’s Jeff Barr: “many of our customers are dreaming up applications for EC2 that can make good use of a large number of instances for shorter amounts of time, sometimes just a few minutes.”

The new billing option will be available from 2nd October on Linux instances launched in On-demand, reserved and spot form.

Spotlight on our partners: Veeam Software

For a new series on our blog, we’ll be taking a closer look at our software partners. If you’ve ever wondered about how we deliver our services, it wouldn’t be possible without the help of our software partners. These companies are the disruptive forces that move the whole IT industry forward and force us to challenge the way we’ve always done things. Often, they are the background processes that make the user experience seamless and enjoyable. Starting with Veeam Software, we’re going to take a look at what they do, where they came from and where they’re headed…

What is Veeam Software?

Veeam Software is a technology company that specialises in backup, disaster recovery and virtualisation management. This software ensures that downtime for virtualized environments is minimal and also ensures systems can stick to their service-level agreements. An example of this was seen recently when they streamlined the backup process for Bupa Dental UK, saving them over £350,000 per year. Each of the 400 UK-based practices was moved to a single backup system through virtualization with 250 virtual machines. The result? Rather than each individual practice taking responsibility for their own backups, the process was virtualized and centralised, which saved them money.

How did Veeam Software get started?

Veeam Software was founded in 2006 in Switzerland. The company’s headquarters are still based in Baar, Switzerland, although they have regional offices around the world. The company was founded by Ratmir Timashev and Andrei Baronov after selling their previous software company, Aelita Software Corporation, to Quest Software. The company grew from just 10 employees in 2008 to 2,000 employees by the end of 2015. In 2014, Veeam Software hosted VeeamON, its first conference on data protection. The event is now hosted annually in Las Vegas, USA.

What do they have in store in future?

In October this year, while attending the GITEX conference, Veeam Software will reveal their new Availability Suite v10 which aims to bridge the “availability gap” between the customer and their demand for uninterrupted access to IT services. This availability gap is said to be holding companies back and having a huge impact on their profitability. By cutting the downtime, companies will be more competitive and be able to provide a seamless experience. We wrote about the release of the Availability Suite 9.5 in May 2016.

If you’re interested in Veeam Software, virtualisation and cloud backup options, get in touch with our team today.