Livingstone interviewed by CEOCFO Magazine

Gavin Livingstone, President at Bryley Systems, was interviewed by Lynne Fosse of CEOCFO Magazine, which was published in the 4/28/2014 web-edition.

Registered subscribers can see this in-depth overview of Bryley Systems by logging into the Subscriber Exclusives section at www.CEOCFOMagazine.com.  (The article resides at http://ceocfointerviews.com/CEOCFO-Members/BryleySystems14-CEOCFO-Article4.pdf.)  Or, click the button below to read the article on our website.

[su_button url=”http://www.Bryley.com/wp-content/uploads/2014/05/Bryley-CEOCFO-Interview-4-28-2014.pdf” target=”blank” style=”soft” background=”#cc0c00″ size=”5″]Read The Article Now[/su_button]

 

 

The problem with Heartbleed

Heartbleed is a much-publicized security flaw in the OpenSSL cryptography library; an update to this OpenSSL flaw was published on April 7th, 2014, which was (coincidentally?) the same day that the flaw was disclosed.

OpenSSL runs on secure web servers certified by trusted authorities; it is estimated that about 17% of secure web servers may be vulnerable to an attack based on the Heartbleed flaw, which could compromise the server’s private keys and end-user passwords and cookies.

Fortunately, most organizations with secure web servers have taken steps to identify and fix this flaw.  And, to date, no known exploitations of this flaw have taken place.

Unfortunately, this flaw has been around for over two years and leaves no traces; if exploited, there would be no ready evidence that anything was wrong.

At the moment, there is not much any end-user can do except to logout of any secure web server that has not been patched.  (See http://filippo.io/Heartbleed/, a site created by Italian cryptographer Filippo Valsorda, which claims that it can identify unpatched servers.)

Http://money.cnn.com/2014/04/09/technology/security/heartbleed-bug/index.html contains an informative article and video by Jose Pagliery at CNN Money.

Living with Windows XP

Microsoft has officially ended general support of Windows XP, but many have not updated or replaced their Windows XP PCs.  Although we recommend against continuing to use Windows XP, particularly in any Internet-facing role, there are some steps that can be taken to reduce the risk of remaining on this platform.

The easiest, but least practical solution would be to disconnect all Windows XP PCs from the Internet or to limit their access to the Internet.  This step could exclude exposure to outside sources, but reduces the effectiveness of these PCs.

The second-most effective strategy would be to replace older versions of Internet Explorer (IE) with a supported Internet browser; replacing IE with Mozilla Firefox or Google Chrome will reduce, but not eliminate, the risk of using a Windows XP PC to browse the Internet.  (Windows XP originally released with IE 6, but most Windows XP systems are now running version 7 or 8.  The current version of IE is 11.)

Updating to Mozilla’s Firefox is easy:

Please see http://www.zdnet.com/windows-xp-support-ends-survival-tips-to-stay-safe-7000028188/ for more information from Charlie Osborn of ZDNet.  Or, visit http://www.computerworld.com/s/article/9246877/US_CERT_urges_XP_users_to_dump_IE?source=CTWNLE_nlt_pm_2014-03-11 for a similar message from Gregg Keizer of ComputerWorld.

Additional steps to reduce Windows XP risk include:

  • Disable the ability to add new applications to a Windows XP PC
  • Remove administrative rights of all Windows XP users
  • Disable ports and drives on Windows XP PCs

See the article from Toby Wolpe of ZDNet at http://www.zdnet.com/windows-xp-support-end-10-steps-to-cut-security-risks-7000028193/.

98% of mobile-device malware attacking Android (DROID) phones

Worldwide, a significant portion of the population owns and uses a smartphone;  mobile users search Google over 5.9 Billion times daily while over 6 Billion hours of YouTube are watched each month on mobile devices.  (Statistics taken from a presentation by Intel Corporation at the MOBILE World Congress 2014.)

Since most smartphones are based on Google’s Android operating system, these are the primary targets of malicious attacks.  Kaspersky Labs, a prominent anti-virus software manufacturer, reports that 98% of malware targeted at mobile devices attacks Google’s Android (DROID), which confirms “both the popularity of this mobile OS and the vulnerability of its architecture”.

Suggestions for DROID (and other smartphone) owners to suppress malware:

  • Keep your mobile phone updated with the latest patches
  • Deploy an anti-malware application

Visit http://blogs.computerworld.com/mobile-security/23577/98-mobile-malware-targets-android-platform for the entire article by Darlene Storm at ComputerWorld.

Fitness regime for your IT equipment: Keep it clean, cool, and empowered

IT (Information Technology) equipment is somewhat temperamental; it requires reasonable temperatures; stable, uninterrupted power; and some air flow to operate efficiently.  Cleanliness is important.  Here’s how to keep it toned.

IT equipment should be kept in a clean, neat, and (preferably) dust-adverse/static-resistant area; walls with painted surfaces, tiled or coated floors without carpeting, etc.  Fire-suppression equipment is a plus, but cannot be water-based.

Access should be restricted; a separate, locked room is ideal, but a closet with sufficient space and air flow can work for smaller sites.

Dust is the enemy of fans and electrical components; a reduced-dust environment and regular cleaning of equipment fans can lengthen the life of most items.  (Note: cleanings should be performed when equipment is powered-down, which is not always desirable or feasible.)

The area should have dedicated electrical circuits with sufficient amperage to match the power requirements of the equipment.  We also recommend an Uninterruptible Power Supply (UPS) for all critical items (and require them for equipment that we cover under our Comprehensive Support Program); the UPS provides emergency power when the input-power source is unavailable, but it also helps to regulate fluctuations in power, both spikes/surges (voltage overload) and brown-outs (reduction in voltage) that can damage sensitive equipment.

Cooling and humidity control are very important; most equipment runs optimally within a narrow range of temperature (64° to 81° Fahrenheit) and a maximum range of relative humidity of 60%.  HP, in an effort to be “greener”, lists current specifications on its DL360 server that provide a wider range of 50° to 90°F with 10% to 90% humidity (non-condensing).  However, cooler temperatures do make things last longer.  (The DL360 will actually throttle-back the CPU when the air-inlet sensors detect temperatures over 85°F.)

The area should have continuous air flow (to provide new, cool air while removing heated air that is exiting the equipment) and remain uncluttered to facilitate this air flow.  A dedicated A/C unit combined with a closed door is optimal; locating all equipment within a rack enclosure (with blanking panels over open areas) can enhance air flow.

TechAdvisory has 9 tips at http://techtimes.techadvisory.org/2011/11/9-steps-you-must-know-to-prevent-a-server-crash/.

CryptoLocker Case Study

The following event depicts a real-life malware attack that infected a New England manufacturing firm. The company has chosen to share its story anonymously to help other businesses avoid a similar fate.

The unsuspecting sales rep certainly reacted in a way anyone would expect. He received an email with a voicemail attachment that looked like it came from the company CEO. When the CEO calls, reps jump to attention, and at this particular manufacturing firm based in New England, the business relies on a communication system that sends voicemails as email attachments. So the sales rep had no reason to suspect anything was wrong.

As it turns out, something was very wrong.

Click the link below to read the full article.

Bryley — CryptoLocker Remediation — 2013

Bryley Data-Backup Guidelines for 2014

Please note that this document has been depreciated, and a more up to date version can be obtained from our articles page.

Bryley Systems is pleased to present our updated Data Backup Guidelines for 2014.  This free guide is updated annually and includes these topics:

  • The Importance of Backups
  • Backup Technologies
  • Cartridge-Based Backups and Scheduling
  • Backup-Rotation Calendar
  • Backup-Event Log

 

 

Comparing Cloud-based services – Part 2: Storage

Many Cloud-based services fall into one of these categories:

  • Productivity suites – Applications that help you be more productive
  • Storage – Storing, retrieving, and synchronizing files in the Cloud
  • Backup and Recovery – Backing-up data and being able to recover it
  • Prevention – Prevent malware, typically spam and related components
  • Search – Find items from either a holistic or from a specialty perspective

In this issue, we’ll explore popular options within Storage, the highlighted item above, and compare them with one another.

Storage often comes in a free version with separate professional/business (paid) versions that includes advanced features.  The basic premise is that your data is stored in the Cloud – hopefully in a secure manner with sufficient redundancy – is available from any location on any device, and is synchronized between devices.

Most free versions offer these minimum features:

  • At least 2Gb of storage with synchronization across multiple computers
  • Easy access from mobile devices and PCs via downloadable client software
  • Direct access to files through a web browser
  • File sharing with other users

However, you typically must upgrade to a paid version to receive these capabilities:

  • Access control – Define and control who can access what, where, and when
  • Additional storage – Purchase extra storage once your limit is exceeded
  • Auditing – Identify and record what files are stored where and by whom
  • Integration – Integrate with other platforms (i.e.: Active Directory)
  • Security – Enable advanced encryption and security techniques

Popular services (alphabetically) include:

  • Box – 10 Gb free storage with NetSkope’s second-highest rating
  • Dropbox – 2 Gb free storage with over 200 million subscribers
  • Google Drive – 15 Gb free storage shared with Gmail and Google+ Photo
  • SkyDrive – 7 Gb free storage and integrated within Microsoft Office apps

Box

Box (www.Box.com) is a Q3-2013 leader in Forrester’s “File Sync & Share Platforms”.  It offers a free version, but is built for professional use with available integration to Active Directory and LDAP, security with rotating encryption keys, access control, and auditing.

According to Netskope’s review of Cloud-based applications, Box was the second highest-scoring Cloud application, coming in the number two spot on the NetSkope Q3-2013 Cloud Report.  (Please visit Netskope’s http://www.netskope.com/reports-infographics/netskope-cloud-report-q3-2013 for the complete report.)

My take:  Box is the most-comprehensive offering, but a bit more complex due to its advanced features.  It is a serious choice for those that value advanced features (access control, auditing, integration, etc.) and are willing to pay to get them.

Dropbox

With over 200 million users, Dropbox (www.Dropbox.com) claims market leadership.  It is built upon Amazon’s S3 storage and is easy to use.  The free version offers 2 Gb, but there is a professional (Dropbox Pro) version with greater functionality (and storage) and a business version (Dropbox for Business) that offers team collaboration.  All three versions offer synchronization and file-sharing; the help screens are brief, useful, and entertaining.

My take:  Dropbox is the easiest and most-fun to use, but it has the least amount of free storage and its paid plans are a bit more expensive than others.

Google Drive

Google offers Google Drive (www.GoogleDrive.com) as a stand-alone service or bundled within Google Apps.  The free version offers 15 Gb with synchronization among devices and sharing among peers.  It is a no-frills alternative with little glitz, just reliable storage at reasonable cost.  It is the base of Google Apps.

My take:  Google Drive has fewer doodads and the least amount of whimsy, but it is reliable and offers the greatest amount of free storage.

SkyDrive

Microsoft offers its free version of SkyDrive (www.SkyDrive.com) with seven Gb plus an additional three Gb for students.  SkyDrive is an option in newer versions of Microsoft Office and integrates to Facebook, Twitter, LinkedIn, and Bing.  You can also “fetch” files from your base computer via web-browser on a remote computer.

My take:  SkyDrive offers the most for the least, although there is some buzz about slow synchronization between devices.  Its “fetch” feature is unique among these alternatives and its integration within Microsoft Office is a killer feature.

Upcoming changes to major Microsoft products

Microsoft Windows 8.1 released on October 18th

The second iteration of Microsoft Windows 8, 8.1, occurred on October 18th.  Significant changes to this operating system include:

  • Boot to Desktop – Yes, you can restore the Start button and bypass the tiles, but don’t expect the traditional Start menu to appear since pressing Start takes you to the live tiles of the current Start screen.  (You can, at least, shut-down from the Start button once again.)
  • Help + Tips – Helpful clues are sequenced to usage, permitting an easier start-up and shortening learning times.
  • Smart Search – Windows 8 Search charm on steroids; all search results, local and otherwise, pooled together in a comprehensive summary.
  • Snap – Open up-to four applications and display them simultaneously on a single screen.

An excellent review of Windows 8.1 by Brad Chapos of PC World is available at http://www.pcworld.com/article/2048508/windows-8-1-review-the-great-compromise.html.  He also provides the top-five reasons to upgrade to Windows 8.1 at http://www.pcworld.com/article/2043268/the-top-5-reasons-to-upgrade-to-windows-8-1.html.

Microsoft Windows Server 2012 R2 release date was October 18th

Release 2 (R2) of Microsoft Windows Server 2012 is now available. 

Per Microsoft:  “Windows Server 2012 R2 offers exciting new features and enhancements across virtualization, storage, networking, virtual desktop infrastructure, access and information protection, and more.”

Along with this revision, Microsoft increased pricing on Windows Server Data Center to $6,155 and on Remote Desktop Services (RDS) Client Access Licenses (CALs) to $118.

For details, please visit http://www.microsoft.com/en-us/server-cloud/windows-server/windows-server-2012-r2.aspx.

The end is near for Windows XP, Office 2003, Server 2003, and Exchange 2003

Microsoft is ending support of Windows XP, its most-popular, desktop-computer operating system, on April 8th, 2014.  In addition, Office 2003, Windows Server 2003, and Exchange Server 2003 will reach end-of-life (EOL) on this date.

Basically, Microsoft will discontinue patching and updating these products, which exposes them to security and compliance risks; it will likely also end support for third-party applications that work with these products.

Microsoft’s message:  Upgrade these products now or risk problems later.

Bryley Systems receives SBIEC’s Massachusetts Excellence Award

Bryley Systems has been selected for the 2013 Massachusetts Excellence Award amongst all its peers and competitors by the Small Business Institute for Excellence in Commerce (SBIEC).

Bryley Systems has consistently demonstrated a high regard for upholding business ethics and company values which is a trait seldom found in its industry. This recognition by SBIEC marks a significant achievement as an emerging leader within various competitors and is setting benchmarks that the industry should follow.