Shadow IT - what does it cost a company

What is Shadow IT?

Shadow IT is the notion of users of an organisation going out finding technology on their own without the backing of IT because they do not have the technology inhouse to solve a problem

Some example of this are

·        Users not being able to share files between themselves or publically with thirdparties easily so they install and move company documents to services such as Dropbox Free Edition

·        Users purchasing a new Mobile Phone with software that doesn’t support Mobile device management and wanting company email setup.

·        Users unable to chat to each other so they install Skype for calls and chat inside the office also sharing files using this

·        Users uploading and converting documents to ZamZar because they needed to quickly convert a customers document to another format such as pdf.

 

How does this effect my company?

Data Loss
Most of the above examples involve company data being uploaded to third party services were the company loses control of the data and possibly releases confidential customer data to the public.  

Implementing the wrong solution
Most of the time the solution implmented will be the first solution a user finds on a quick search on google. Not only does this pose a risk of a user downloading and installing malware trying to find a program to fix their problem ( something like Dropbox or Chrome does not need Local Administrator to install) but it actually could be the wrong solution in the first place. By the time other users in the organisation have jumped onboard and uploaded more data , the company could then need this application for day to day running of the business and it could then need migrating to a correct application at more cost.

Performance impacts
If everyone in the organisation installs dropbox , this not only now needs space on all computers to sync the library, but substantial bandwidth requirments on all the computers. If someone uploads a large file externally which has been shared with multiple users in the company than this can saturate the office internet connection.

Breach of License Use
An example of this is a user isn’t enabled from remote access to their computer. They install TeamViewer themselves so they can work on a document from home without having to go through the setup process of two factor authentication. All this is possible if the company has not blocked teamviewer using the firewall, but Teamviewer Free is actually not valid for commerial use , so in an license Audit the company could be found for breach of the License Agreement.

 

Ways to resolve

The main reason of users going out and finding technology themselves ( which is usually free as this needs no manager approval ) is they are finding a solution to a problem their existing enviroment cannot solve.  Instead of denying technology to users which causes this problem in the first place , IT should work with the company to cost out a solution that will be supported and maintained interally from the start.

When planning a service to resolve a problem, maybe due to budget requirments, a free service might need to be piloted or used. IT can make sure they use a business email account to sign up to this service so the business still retains control of the login on the users departure.

Policies can be setup for a hardware standard that is fully support and tested with the companies applications and services. Once this policy is approved by management, policies can be enabled on Firewalls to stop access to unauthorised sites and blocking of applications. A policy for BYOD ( Bring Your Own Device ) Should be formalised for so recommations can be passed down in regards to supported operating systems and hardware.

IT should always be kept up to date with new technology whether it be software/services or hardware to be able to recommend technology to the business that will ease their day to day work.

 



Free PDF Tools for your Small Business

Reading PDF's can be done in most browsers for free. However, editing them can require expensive software such as Adobe Acrobat

Here are some free alternatives for you to use : 

OCRing

How to get a text from photos or flat PDF's. Easily convert a PDF to Doc File

https://www.onlineocr.net/

Use Optical Character Recognition software online. Service supports 46 languages including Chinese, Japanese and Korean . OnlineOCR.net is a free OCR service in a "Guest mode" (without registration) that allows you to convert 15 files per hour (and 15 pages into multipage files). Registration will give you ability to convert multipage PDF documents and other features.

Edit PDF's in Browser or Program

PDF Escape allows you to edit PDF's in browser or you can download their program

https://www.pdfescape.com/windows/



Azure SQL Advanced Threat Protection (ATP) can save you being hacked and plastered on haveibeenpwned.com

People who code their own login forms and database-backed apps available publically should be careful of the SQL famouse Injection : 

'OR 1=1

For poorly coded forms this changes an SQL Query searching for a Username/Password to list all the logins

SELECT userid
FROM users
WHERE username = ''OR 1=1/*'
    AND password = ''
    AND domain = ''

You only need to look at Troy Hunts site and method to hack databases  to see how easy and how many people have been effected.

Azure SQL Advanced Threat Protection can detect these kinds of attacks for you stop or notify you as soon as they happen as well as let you know the hack 

specific_alert[1].png

Other Features is can help you with 

Vulnerability to SQL Injection:

This alert is triggered when an application generates a faulty SQL statement in the database. This may indicate a possible vulnerability to SQL injection attacks. There are two possible reasons for the generation of a faulty statement:

A defect in application code that constructs the faulty SQL statement

Application code or stored procedures don't sanitize user input when constructing the faulty SQL statement, which may be exploited for SQL Injection

Potential SQL injection

This alert is triggered when an active exploit happens against an identified application vulnerability to SQL injection. This means the attacker is trying to inject malicious SQL statements using the vulnerable application code or stored procedures.

Access from unusual location:

This alert is triggered when there is a change in the access pattern to SQL server, where someone has logged on to the SQL server from an unusual geographical location. In some cases, the alert detects a legitimate action (a new application or developer maintenance). In other cases, the alert detects a malicious action (former employee, external attacker).

Access from unusual Azure data center

 This alert is triggered when there is a change in the access pattern to SQL server, where someone has logged on to the SQL server from an unusual Azure data center that was seen on this server during the recent period. In some cases, the alert detects a legitimate action (your new application in Azure, Power BI, Azure SQL Query Editor). In other cases, the alert detects a malicious action from an Azure resource/service (former employee, external attacker).

Access from unfamiliar principal

This alert is triggered when there is a change in the access pattern to SQL server, where someone has logged on to the SQL server using an unusual principal (SQL user). In some cases, the alert detects a legitimate action (new application, developer maintenance). In other cases, the alert detects a malicious action (former employee, external attacker).

Access from a potentially harmful application

This alert is triggered when a potentially harmful application is used to access the database. In some cases, the alert detects penetration testing in action. In other cases, the alert detects an attack using common attack tools.

Brute force SQL credentials

This alert is triggered when there is an abnormal high number of failed logins with different credentials. In some cases, the alert detects penetration testing in action. In other cases, the alert detects brute force attack.

Cost

The cost of around  £11.18/node/month with a 60 day free trial, You will be needing to use a Managed SQL instance ( PaaS ) fo this feature

 



Office 365 - Advanced Security Management

What is it?

Briefly Office 365 Advanced Security Management enables organisations to create Policies based on user activity or predefined, AI detections . Not only can you alert on these , you can also action such detections by suspending the user accounts and alerting 365 administrators. It is also another level to Office 365 Audit Log for storing audit data and getting useful insight on the Office 365 usage in your company.

What tools do I get?

ASMEXample[1].png
  • Threat detection— Uses AI to algorithms to detect suspicious activities such as below, e.g an Administrator forwarding emails to another party using an unknown IP Address.

advanced_security_management_-_p2[1].png
  • Enhanced control—You can create policies for specific user group and actions which automatically suspends user accounts due to threats, so in realtime, you can stop intrusions.

security-management-office365[1].png

Discovery and insights— Deeper insights into user actions that you do not see in the Audit log off office 365 without the need to install software on user machine.

How much is it?

For Business Essentials or Business Premium, Microsoft 365 Business Office 365, Enterprise E3 Microsoft or 365 Enterprise E3 its £1.50 / Month / User

For Office 365 Enterprise E5 or Microsoft 365 Enterprise E5 it is included in your subscriptions

 



Costs of Azure VS AWS for Virtual Tape Library and Veeam

VTL_Architecture_diagram[1].png

For organisations wanting to ultilse a VTL setup for Veeam instead of Veeam Cloud connect , they should be aware that VTL won't be able to roll up incremental backups into synthetic fulls, meaning every full back you are going to do will copy then entire full backup set to AWS.

AWS

Each virtual tape is limited to 30MB/s of upload throughput. To get up to the gateway maximum of 120MB/s, you need to have 4 virtual tapes running simultaneously

Guide

Amazon vtl is 20-30 megabytes per second

Gateway : Maximum of 95 GBP / Month

Archive Glacer Storage : 0.0034 GBP per GB / Month

Azure

You will need a Starwind VTL Virtual Machine running ( is free software ) 

You will need to pay for this VM in Azure : 133 GBP / Month

Azure Cool Storage : £0.0079 per GB ( first 50TB ) 



Office 365 Threat Intelligence

What is it?

  1. Making it easy to identify, monitor and understand attacks

  2. Helping to quickly address threats in Exchange Online and SharePoint Online

  3. Providing insights and knowledge to help prevent attacks against their organization

What tools do I get?

threatintelligence.png
  • Display Name Spear Phishing Attack: Microsoft has now their own tool for internal testing users against phishing attacks so you can test then and train where needed

  • Password Spray Attack: Let microsoft try commonly use passwords across your entire organisation to find out weak entries a hacker could use
     
  • Brute Force Password Attack: Let microsoft try and bruteforce specific accounts internally and externally to make sure you have adequate lockouts assigned to your user accounts

How do I get it?

Threat Intelligence is included with Office 365 Enterprise E5 and Microsoft 365 Enterprise E5 for free

Business Essentials or Business Premium Microsoft 365 Business or Office 365 Enterprise E3 or Microsoft 365 Enterprise E3 its a £5 monthly add on / user / month



Critical Microsoft Exchange Patch - CVE-2018-8154 patch

Microsoft has released a update to address a critical vulnerability for all Exchange versions

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8154

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. An attacker could then install programs; view, change, or delete data; or create new accounts.

Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Exchange server.

The security update addresses the vulnerability by correcting how Microsoft Exchange handles objects in memory.

Exchange 2007 will not be patched by Microsoft so if you are using this version its highly recommended you update or migrate to Office 365



Why to use Office 365 Microsoft Teams

What is Teams?

Microsoft Teams is a free platform ( if you are an office 365 customer ) for communication and collaboration for teams inside your organisation to enable staff to interact better. Most organisations will have the following departments:

  • Finance
  • HR
  • IT
  • Sales
  • Marketing

Each of these departments and subteams will be communicating with each other currently using some form platform such as CCing Group Email , skype for business chat or phone calls.

Microsoft Teams enables you to use all the above methods and colloborate with documents at the same time.

Hows does it work

When you create a Microsoft Team for a department, it creates :

  • Sarepoint Site for Document Storage and live collaboration
  • A Team Mailbox for live Chat Communications
  • OneNote file for note collaboration.
1.jpg

 

You can then break down a Team into different Channels for example Different Projects inside a Department.

Best Features

Fully Synced Between your devices

Microsoft Teams can be accessed via

  • An installed Application on your Computer or Mac
  • The Web
  • An App on your phone with Push Notifications

Everything is synced between these so nothing is missed when using another device or on the move

2.jpg

 

Saving files

Each Channel in teams gets a specific email address, if your group is working from a shared mailbox , rather than forward that email to a group who then have to download it , you can forward it to your department channel and ask the question there.

Bots

You can intergrate helpful bots inside your chat windows for example

  • User : “Bot pull up sales figures for Customer Contoso “
  • Bot : “Beep Beep - Sum of sales from salesforce for Contoso X$”
  •  
  • User : “Bot does Customer Contoso have any outstanding amount due”
  • Bot : “Beep Beep - Xero shows Contoso has an outstanding amount of X$ overdue 5 days”

List of current bots available here : https://bots.botframework.com/ as well a a development library to program your own

3.png

 



New Business Features Windows 10 ( 1803 ) Download Link

Microsoft’s new version of Windows, Windows 10 is forever improving through feature updates released every quarter for its customers.

The update can be downloaded here and but released out via Windows Updates ( WSUS ) from the 8th May

Focus Assist

In today's distractive work environment Microsoft has come up with technology to snooze all alerts so you can concentrate on your work per below : 

Timeline

Have you ever worked on something and totally forget the name of the document or what webpages or other documents you were using at the same time? Windows 10 Timeline now lets you navigate through your previous 30 days of computer history, just like going back in time, to bring up your previous documents, webhistory and applications. It’s the perfect way to pick up where you left off between one computer and another.

This even links your Windows Phone history or online 365 useage



Social Engineering of Two Factor Text Messages

Now you have Two Factor Authentication Enabled on your system a hacker will try and Social Engineer other methods to get your codes if he has your password as well.

One of this  is Sim Card Hacking Per Our Article here

The next method seems to be messaging you pretending to be the Two Factor Service

Clever_Gmail_Scam[1].jpg

Of course above is the hacker sending your a Text Message when he submit login trying to get you to reply with your Code. Its clever but pretty obvious. 

If goes with out saying you should never SMS back your Two Factor Code to anyone of enter it anywhere apart from the legitimate website requesting it 



UK National Lottery Hack - Customers information breached

The Uk National Lottery operator Camelot is urging all its online customers to change their passwords as it suffered an online hack the telegraph reports that Millions have been hacked

https://www.telegraph.co.uk/news/2018/03/16/national-lottery-hacked-millions-customers-warned-change-passwords/

However more newsworthy reporting such as The BBC New reports this was only 150 Customers

http://www.bbc.com/news/business-43437097

“We have directly contacted those players whose accounts have been affected. We are advising players to change their password as a precaution, particularly if they use the same password across multiple websites.”

No money or credit card information has been stolen

Camelot said it had reported the security breach to the police and the Information Commissioner’s Office and was liaising with the National Cyber Security Centre.



Service Status

Here's a service status page for our cloud suppliers

BT Service Status:
https://btbusiness.custhelp.com/app/service_status/

Easynet Status:
https://support.uk.easynet.net/support_status.aspx

Zen Broadband
https://status.zen.co.uk/

Office 365 Service Status
https://status.office365.com

Dropbox Service Status
https://status.dropbox.com/

Sales Force Service Status
https://status.salesforce.com/

Google Apps Service Status
https://www.google.com.au/appsstatus

Cloudflare Service Status
https://www.cloudflarestatus.com/

123reg service status
https://twitter.com/123reghelp?lang=en

Here is a service you can check to see if a website is down for just you or everyone

https://downforeveryoneorjustme.com/

 



Office 365 will drop TLS 1.0 and 1.1 Support starting 31st October 2018

Microsoft has announced that as of October 31st ( Moved from the 1st March ) it will be dropping TLS 1.1 Support and only allowing TLS 1.2

https://blogs.technet.microsoft.com/exchange/2018/02/09/an-update-on-office-365-requiring-tls-1-2/

12-22-2017-SSL_Table1-1024x243[1].jpg

What you need to do 

https://support.microsoft.com/en-us/help/4057306/preparing-for-tls-1-2-in-office-365

1 ) Check for 2008 R2 and Windows 7 Devices and make sure this KB is installed : https://support.microsoft.com/en-au/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

Make sure this Reg key is set

https://blogs.technet.microsoft.com/schrimsher/2016/07/08/enabling-tls-1-1-and-1-2-in-outlook-on-windows-7/

2) Make sure you are not using any of these devices which do not support TLS 1.2

  • Android 4.3 and earlier versions
  • Firefox version 5.0 and earlier versions
  • Internet Explorer 8-10 on Windows 7 and earlier versions
  • Internet Explorer 10 on Win Phone 8.0
  • Safari 6.0.4/OS X10.8.4 and earlier versions

3) Check your devices e.g. MFD and Phone Systems support TLS 1.2



Network Access Control Systems and Solutions

Network access control systems are tools used for controlling and managing network access based on compliance with a network and its policies. These policies are devised based on various parameters like user identity, device location, device health, among others.

The same philosophy is someone requiring a username and password to connect to your Network remotely via VPN, or use a Wifi Password or Domain Credentials present some sort of  Network Access Control. But what happens when you look at the Physical layer , what happens when someone brings their home computer and plugs it into the network or even worse an attacker plugs in?

NAC systems present an authentication layer on the physical port so only devices with a working AntiVirus and Windows patches and correct credentials will be presented on the company network. You can even present a two factor authentication to this incase the user details get compromised. If any of these tests fail they will be redirected to the Guest Networks

Systems that help managed this are HP's Aruba ClearPass or Cisco's ISE

Contact us today if you need a quote for a NAC system or the supporting of an existing one



General availability of Vmware in AWS Cloud in London

Vmware has now announced its General availability of AWS hosted Vmware in its cloud in London UK. The costs are below and factors in colocation, electric, bandwidth, security and licensing.

Yearly Costs

Region : EU London

Per Host Configurations

EC2 I3 server (2 x Intel® Xeon® E5-26xx v4 series CPUs, 36 cores, 512 GiB Memory, 8 x 1900 GB NVMe SSD)

Total Number of Hosts : 1

Yearly Price : £44,790



Spectre and Meltdown

Offical Websites : https://meltdownattack.com/

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

On the 9th of Jan Microsoft will release a new patch to fix the issue. The same patch can be downloaded manually, more info here:

https://thehackernews.com/2018/01/meltdown-spectre-vulnerability.html

https://www.bleepingcomputer.com/news/microsoft/how-to-check-and-update-windows-systems-for-the-meltdown-and-spectre-cpu-flaws/

There are several reports (Read this thread https://www.reddit.com/r/sysadmin/comments/7o39et/meltdown_spectre_megathread/?utm_content=title&utm_medium=hot&utm_source=reddit&utm_name=multi) of users saying that the patch will slow down any CPU by 1 to 20% after patch, and some AV will not like it at all.

Update *

VMware has also released an advisory with patch links:

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

Update **

MS Disables Windows Updates if AV is not Spectre/Meltdown compliant

Update ***

Fortinet released new Forticlient 5.6.4 and it is fully compatible with the latest Windows patch.

Keep in mind that the Forticlient is seen as AV client from the OS (because it has an AV engine).

This in case you are unable to patch a system, make sure Forticlient is on latest version.

Forticlient can be freely downloaded here www.forticlient.com



Why Use a Managed Firewall Service?

We have had a few organisations with internal IT outsource the management of their Firewall and sometimes networking for us to they can concentrate on other aspects of the business. We usually arrange for a Site Networking Assesment were we come in and document ( if not already documented ) and provide some recommendations if nessesary on projects to get the network in a stable state.

Some reasons people outsource networking to us are as follows : 

Flat Rate

A managed firewall service gives you a flat monthly fee of managing each one of your firewalls or switching in regards to Monitoring , Security Updates and changes. This means you don't have any shock bills to worry about. 

Expertise

Our inhouse Networking gurus live and breath 1's and 0's flying across networks. We have notifications setup for the latest malware trends and 0 Day exploits currently beaing released on the internet and the patches to resolve them. Stay on top of patch levels from manufactures such as Cisco, Juniper, HP and Fortigate saving you the hassle. We also provide internal change control's to make sure each update gets installed without a hitch.

Monitoring

Our monitoring speaks to your router using various technologies such as SNMP , SSH and HTTP's to make sure we are getting the latest CPU and Memory load as well as making sure your bandwidth is not being over utilisted. If any of these are true we contact you about either performing QoS on your network or upgrading your Firewall/Connection to make sure your business is not disrupted.



Windows 10 Intune

As part of Microsofts Cloud offering , Intune is the functionality to control remote devices via the cloud instead of OnPremise Domain Controllers. With remote workers using devices like Microsoft Surfaces nowadays for portability they are rarely in the office or connected to a VPN which is able to connect back to the domain for new updates.

Windows 10 Intune allows a user to go to a store and purchase a device with their company credit card , and enter their Office 365 username and password on setup and it will setup the computer and download all the App's over the internet wiithout the need for being in the Office!

With Azure AD offering and now Windows 10 Intune slowely removing the need for onpremise Group Policys the move for cloud management is coming! You can also use these policies for deployment to Phones and Tablets as well. It's also a great tool for Asset Management, Security Auditing and remote assistant for devices in your firm.

Cost

Packages start from 4.50 GBP / Month

https://www.microsoft.com/en-gb/cloud-platform/microsoft-intune-pricing

Windows 10 inbuilt MDM or the Client

There are some features that the Inbuilt MDM in Windows 10 cannot do per below

Features

First, let’s take a look at an overview of the features available for the client and for Windows 10 MDM:

FEATURE INTUNE CLIENT Windows 10 MDM
Auto Enrollment via Azure AD
Software Deployment via Single MSI
Software Deployment via MSI + additional files
Software Deployment via EXE + additional files
Configuration Policies
Compliance Policies
Windows Update Policy Approved Updates & Reporting Policy
Endpoint Protection Policy & Reporting Policy
Software License Management
Hardware Inventory Limited
Conditional Access

 

Note 3 key items here – software deployment, Windows Update management and Endpoint Protection management:

 

Policies

Understanding the configuration policies possible with either approach is important for getting a full picture of how much control you have over Windows 10 PCs:

POLICY Intune Client Windows 10 MDM
Custom Configuration (OMA-URI)
Edition Upgrade Policy✗✓
Email Profile✗✓
General Configuration✗✓
PKCS #12 (.PFX) Certificate Profile✗✓
SCEP Certificate Profile✗✓
Trusted Certificate Profile✗✓
VPN Profile✗✓
Wi-Fi Import✗✓
Windows Information Protection (Enterprise Data Protection)✗✓
Microsoft Intune Agent Settings N/A
Microsoft Intune Center Settings N/A
Windows Firewall Settings
Exchange ActiveSync
Mobile Device Security


IT Support for Retail

Retail organisations such as shops and places that deal directly with the public through a shop front rely on IT Systems for multiple transactions through the day.

These systems are usually:

  • Point of Service Systems for purchases and stock audits

  • Systems for Payments e.g. Credit Card Machines and or systems like Square

  • TimeSheeting Software to check staff in and out for Payroll
  • Site to Site VPN's for shop connectivity to the main office for stock ordering and finance reconciliation and also failsafe options for secondary internet or offline processes if connectivity fails
  • Coupon Validation
  • Systems for Audio and Visual such as background music that is streamed and organised from the head office to all royalties are paid for and managed

Retail organisations also have multiple premises around the country if not world, so an IT provider needs to have engineers around the country available through all hours of the day and also prioritise busy seasons for retail companies e.g. Black Friday and Xmas to make sure any problems are dealt with efficiently and effectively

Retail organisations also need CCTV systems for their premise for security and insurance purposes and these should be stored either in the cloud or at the main office for archival purposes.

Future

Some stores are also now using iPAD's for PoS systems and also giving these out to their customers for the shop experiencing in being able to find new items and also try outfits on virtually.

Free Wifi in stores also enables Stores to gather information about their consumers and start building a Customer Management System for offering offers for repeat business and building analytics to increase return sales.

 

Contact us today for how we can help your Retail Organisation with it's IT Support today



Integrating your Remote access Citrix/Terminal Server Solution with Office 365 Two Factor Authentication

We preach two factor authentication whenever we can!

Previously ths cost of this has been pretty expensive for Customers due to the Labour of performing the following 

  • Setup of a DMZ on your Network 
  • Creation of a New Subnet
  • Firewalls Rules between on premise and DMZ 
  • Setup of MFA Software
  • Purchase of Licenses
  • Setup of MFA Application on Users Phone

However what if a customer already has office 365 ? They can enable 2fa authenticaiton with their 365 Tenant for free and outsource this setup and security to Microsoft.

To do this you just need a machine to be able to accept the SAML Tokens and Citrix's Netscaler does just this!

Not only can you toughen up the security to your inhouse and hosted apps but you can also restrict access by Enabling Country of Origin in a Conditions in Conditional Access Policies in Active Directory and SAML
 

 You can host a Netscaler in Azure if you already have infrastucture there or you can host it as a Virtual Applicance on your existing Virtual Infrastructure.

You can host a Netscaler in Azure if you already have infrastucture there or you can host it as a Virtual Applicance on your existing Virtual Infrastructure.