Wi-Fi is not Wireless Fidelity

/in , , /by

Garin Livingstone and Gavin Livingstone, Bryley Systems Inc.

Wi-Fi is not an abbreviation for wireless fidelity1; it is a trademarked phrase that refers to wireless communication between electronic devices and a Wireless Local Area Network (WLAN) based on the IEEE 802.11x standards.

Wi-Fi is brought to us by the Wi-Fi Alliance®, a worldwide network of companies with the mission to drive the adoption and evolution of Wi-Fi globally.  The Wi-Fi Alliance tests and certifies that WLAN equipment meets its stated standards.

Current standards include:

  • 11g
  • 11n
  • 11ag

Speeds have grown substantially, now rocketing up to a potential 1,300Mbps using the latest WiGig™, 802.11ac, standard (although actual performance is typically significantly less than its potential).

wifi-standard

At their core; wireless networks are less secure than wired networks (since a potential intruders does not need a physical connection), although encryption technologies (Wi-Fi Protected Access or WPA and WPA2) exist to secure WLANs.

Large-scale Wi-Fi implementations include:

  • City-wide Wi-Fi – Free Wi-Fi provided in St. Cloud, FL, Sunnyvale, CA, etc.
  • Campus-wide Wi-Fi – Wi-Fi throughout a campus environment

1See ‘Wireless Fidelity’ Debunked by Naomi Graychase of WiFi Planet.

2See Wikipedia IEEE 802.11.

Are You Considering Outsourcing IT Services for Your Business?

/in , /by

If you’re not considering outsourced IT, you should be!

Here are 5 reasons to choose Bryley Systems as your Managed IT Service provider!

  1. Predictable cost

Managed IT Service providers offer “packaged” services for a fixed monthly fee. Budgeting your IT doesn’t get any easier than that!

  1. Improved operational efficiency

Your staff will experience minimal downtime if you have a Managed IT Service provider who performs proactive maintenance and remote remediation services.

  1. Enhanced security and compliance

Every Massachusetts company, by law, is required to have IT security policies in place. Qualified Managed IT Service providers will minimize security risks by implementing these policies for your business. Watch our video at youtu.be/EHOgbxsfxz0 on how the law applies to your business.

  1. Trained and certified staff

Reputable Managed IT Service providers invest in training and industry standard certifications for their staff, while also providing an environment in which their team members gain experience. Founded in 1987, Bryley Systems has certifications with the following partners: Microsoft, VMWare, HP, Cisco, Untangle and much more!

  1. Stay focused on your core business

Time and resources are limited in every organization.  Let Bryley Systems focus on your IT so you can do what you do best!

To find out if Bryley Systems is the right Managed IT Service provider for your organization, call the Bryley team at 978-212-5806, email us at ITExperts@Bryley.com.

Top 5 Common Support Questions – Asked and Answered

/in , /by

Why, Why, Why? These are the questions the Bryley support team hears every day. We know the answers!

1. Why did it fail?

Computers are extremely complex systems.  As complexity increases, so does the likelihood of failure.  A computer depends on many things to go right for it to work properly.  If the smallest thing goes wrong, it can cause failure of the entire system.  The FRU’s (Field Replaceable Units) within a computer system are becoming fewer and fewer such that if something does go wrong, replacing the entire system is often the best option.  Having done failure analysis in a previous life, I can attest to the fact that the process is difficult and the results are not guaranteed.  Sometimes, my best explanation for failures is “cosmic radiation”… or more likely, a defective hard drive.

2. Why didn’t you know this problem was happening?

Bryley Systems monitors feedback from systems covered under a CSP (Comprehensive Support Program) agreement.  There are a variety of alerts that create service tickets for us to investigate.  Results from Patching, AntiVirus and Malware logs are reviewed to insure issues are addressed before they become major problems.  We can’t possibly see everything that’s going on, but we do have a hand on the pulse of our clients’ systems and we monitor their systems on a regular basis.  If you encounter unanticipated or spurious problems, we respond promptly with the expertise and determination to get you back up and running as soon as possible.

3. Why can’t my AntiVirus and AntiMalware protect me from all the Internet Threats?

This is indeed a common question.  Why not one and done?  The reason is that the threat landscape is changing constantly.  There are hundreds of thousands of virus and malware signatures that are used to protect a single system… but that is not always enough.  Dozens if not hundreds of threats appear daily.  There are Cyber-Crime Syndicates in Russia and the Czech Republic that are selling Ransomware tools to anyone interested in cashing in on the encryptions  for money schemes rampant on the internet today.  Symantec estimated that their clients alone are paying more than $500,000 to these criminals each month.  We work on the principal of minimizing your surface of vulnerability.  Criminals are not lazy, but they will opt for the low hanging fruit every time.  We chose AVG and MalwareBytes as our AntiVirus and Anti-Malware software because they are leaders in the industry.  But unfortunately, there are Zero Day Threats that someone has to receive before the signature can be recognized and distributed to protect other unsuspecting folks.  There are vendors working on “Behavior Recognition” to detect suspected Virus or Ransomware behavior that is now being released.  MalwareBytes is working on a module that will likely be a part of their current offerings to conduct similar detections.  Here at Bryley Systems we are constantly watching how effective these new and yet to be proven products perform and will insure that our clients are provided the best protection we can offer.

4. Why don’t we contact the Police or FBI about this Ransomware infection?

Many people, businesses, and institutions have been affected by Ransomware in the past year.  The criminals usually trick you into running their specially crafted code, and then unbeknownst to the victim, this code encrypts every file it can find that could possibly be useful on the system and on the network.  Each new variant is more clever and devious that the previous.  The victim ends up with folders full of useless files they can no longer open or use and they are forced to pay a ransom to the perpetrator.  We at Bryley do not recommend that you pay.  Although you have suffered loss that is often significant, the dollar threshold for reporting this crime to the authorities, Local Police, State Police, and FBI, is $10,000.  You need to prove this loss before you can open the door.  Unfortunately the door has been left open and the impact is profound.   The best way to thwart this kind of attack is to have a good backup system.  That system should be independent of your working environment to maximize isolation from the attack.   We provide a BUDR (Back Up and Disaster Recovery) solution to minimize the impact of an attack such as this.  In addition to protecting important data from everyday disasters, it will allow our clients to restore their files and get them back up and running in a very short time without paying the ransom demand.  Always have backups.  Make sure they cannot be touched by a malicious attack on your systems.  Someday you may be thankful you did.

5. Why do I need a Password to access my system?

In the spirit of best practices and minimizing your surface of vulnerability, you want to close the door to accessing your system by unauthorized personnel.  Most security breaches occur from the inside.  It could be an employee who is in no way malicious, perhaps just walking by and noticing that your system is open while you’re out to lunch.  They didn’t plan to access your personnel records, but the opportunity presented itself.  The criminals have many ways to attack you.  It can sometimes be easy for them to breach your first line of defense and gain access to your network remotely.  Why make it easy?   Protect yourself and your data with Layers of Security, including passwords that are hard to crack.

Bryley Systems can be YOUR Trusted Advisor.

Bryley Basics: Why do my outbound emails show up as spam?

/in , , /by

Anna Darlagiannis and Gavin Livingstone, Bryley Systems Inc.

I just got a call from a prospect; he notes that his emails are showing up as spam and his email recipients now think he is a spammer.  This is a topic that many email-oriented organizations experience.

Unfortunately, with ransomware growing more common, spam-filtering efforts are getting more aggressive, which makes it even easier to be labeled a spammer and then blacklisted.  Is it a losing battle?

Spam is unsolicited/unwanted bulk email; it is often easily identified, but can also be a bit ambiguous, making it difficult to separate desired email from undesired.

Spam filters, both free-standing (Reflexion, MimeCast, Proofpoint, etc.) and built-ins (spam-deterrents built into Google Gmail and Microsoft Office365) use various algorithms and keyword searches to review incoming email, apply a spam “score”, and then block those that exceed a specific threshold.  In addition, they blacklist repeat offenders considered spammers, effectively preventing the source emailer from reaching their intended audience.

Subject-line triggers are a significant issue; using words like “Free” or “Viagra” in your email subject line (and within the body of your email) can easily get your message labeled as spam.  Send this email to hundreds of recipients will get you blacklisted as a spammer.

In addition, these are other common email-spam identifiers:

  • Generic greetings
  • Grammatical and spelling errors
  • Unusual use of capitals or punctuation (BUY!!!)

Here’s how to stay off the spam-filter radar:

  • Avoid attachments
  • Check spelling and grammar
  • Provide an unsubscribe option
  • Avoid certain keywords1 and subject-line triggers

1Please see “The Ultimate List of Email SPAM Trigger Words” by Karen Rubin of Hubspot on January 11, 2012.

Do I need Cyber Liability Insurance?

/in , , /by

Gavin Livingstone, President, and Mike Carlson, CTO at Bryley Systems Inc. with Bill Percuoco, Sales Executive at DF Murphy Insurance Agency, Inc.

In general, Bryley retains business insurance to address all areas of significant risk; we ensure that we have sufficient coverage for all big-event issues, while usually requesting the greatest deductible possible.  Cyber Liability Insurance is high on our list of must-have coverage; both for ourselves, and for our clients.

Cyber Liability Insurance is designed to protect consumers of technology services or products.1  It provides coverage for data breaches, known or even undiscovered, and is a risk-transfer option designed to address some of the costs of mandatory notification (required within the Commonwealth of Massachusetts and 45 other states) and to deal with the remedial aspects of a data breach.2

Coverage typically includes:

  • Data breach/crisis management costs – Reporting and managing an incident, including remediation
  • Network security liability – Third-party damages due to denial of access
  • Multimedia liability costs – Restitution for defacement of website(s)
  • Extortion liability costs – Losses due to extortion attempts

Organizations that process credit cards are at risk; more so if they store credit-card information on their network.  In addition to credit-card information, a data breach that discloses other types of personal information can introduce extensive liability:

  • Employee information is a risk for any employer.
  • Information collected and retained from medical applications may include confidential medical and/or personal data.

While non-Fortune-5000 organizations are unlikely to be specifically targeted for their data, many of these attacks are broadly distributed, often via forged emails sent to thousands of people.  The attackers gather data from successful attacks and then determine if it is of any use to them.

Another targeted area could be your public presence – web site, Facebook/Twitter, etc.  This is more of an embarrassment than a financial liability, but restoring the web site and regaining access to hacked social-media accounts and the like does have a cost.

Bill Percuoco of the DF Murphy Insurance Agency, Inc. (our insurer), notes that they have recently seen several claims stemming from social engineering where a criminal has tricked an individual into transferring money.  (Social engineering is the psychological manipulation of someone to reveal confidential information or perform a desired action.3)

Due to supporting the technology of our clients, Bryley Systems remains extremely diligent; in addition to our security measures and internal controls, processes, and policies, we have had Cyber Liability Insurance for many years.  Our premiums are based on annual sales, factored by industry, services, policies, security, and risk-exposure; we are likely at the high end since we protect other organizations.

We believe that it is far less expensive to purchase Cyber Liability Insurance coverage than it is to face these situations without sufficient resources.  To that end, we recommend Cyber Liability Insurance to our clients and to all organizations using online technology, particularly those that accept credit cards and/or use online financial, medical, or employee-oriented applications.

1Please see “Data Breach and Cyber Liability: Real Risks in a Virtual World” in the blog at DF Murphy Insurance Agency, Inc. from May 11, 2015.

2Please see “Understanding Cyber Liability Insurance” from Trusted Choice® Independent Insurance Agents.

3Please see Social Engineering at Wikipedia, the free encyclopedia.

Bryley Basics: Critical steps before opening an unknown attachment or a link

/in , /by

Since Ransomware and other malware often travel as attachments or web-links, Anna Darlagiannis, Manager of Client Relationships, offers these tips:

1. Don’t open an email or attachment or click on a link within an email if you don’t know who sent it to you….period!

2. Check and see who the email was actually sent to.

If the email was sent to a distribution list, then be especially vigilant before opening it.  For example, hackers can assume that a company’s accounts payable distribution email address is accountspayable@companydomain.com or any other variations such as AP@companydomain.com or accounts-payable@companydomain.com.  Hackers recognize that accounts payable departments anticipate attachments marked “invoice” or “PO” or other related keyword(s) and will name the attachment accordingly.  Furthermore, distribution lists are typically posted on a company’s website making these email addresses public knowledge and easy targets.

Tip:  Setup rules within Outlook to have emails that are sent to a distribution list automatically move into a specified folder(s).  This will make it easier to know exactly what email address was used to send you the email.

NOTE:  It is NOT safe to assume that all email attachments and/or links sent to your personal email address are safe to open.

3. Check who sent you the email.

Hackers can spoof a name, but they can’t spoof an email address.  The email may be marked with a familiar name, prompting you to open the email and/or attachment/link, but if you pay close attention to the actual email address, you may be surprised.  (Unfamiliar email addresses should never be opened.)  For example, your boss’s name is John Smith and his email address is JSmith@companydomain.com.  You receive an email that is marked “From: John Smith” and assume this came from your boss.  You go to open the email and find an attachment.  At this point, you must also look at the actual email address before opening the attachment.  If the email address isn’t JSmith@companydomain.com, then delete it and/or block the domain with your SPAM filter immediately and make everyone in the organization aware of what is going on.

If the email address is correct, but the attachment/link/signature/way that the person writes an email looks suspicious, be cautious, call the person that sent you the email (do not email in case the email address is compromised) and ask if what they sent you was in fact legitimate.

4. Scan the attachment with your anti-virus program before opening.

Take the attachment from the email and drag it to your desktop.  From there, right click on the attachment and then scan it using your anti-virus program.  Be sure to update the anti-virus program prior to scanning it, to ensure that you have the latest updates applied to the anti-virus program.

Unfortunately, this approach isn’t full proof.  An anti-virus program may not recognize all viruses, especially if they are newly created viruses.

Bryley Basics: Setup your Android or Apple phone as a burner

/in , , /by

Anna Darlagiannis and Gavin Livingstone, Bryley Systems Inc.

Wouldn’t it be great to have a disposable phone-number; one you could use to make calls to an unavoidable person that you’d rather not have call you back?  Well, you can now get Burner from Ad Hoc Labs, Inc.

Burner creates phone-numbers on your existing phone.  You can create multiple burner numbers, temporary or long term, which are accessed through the app.

Burner is perfect for keeping your phone-number private.  Potential uses include:

  • First dates,
  • Selling items on craigslist, and
  • Responding to nuisance situations.

Basically, any time you wish to remain anonymous and keep your real phone-number private, you can call or text through Burner and avoid the hassle of a potential call-back or text-back.

Burner starts at $1.99 and can be purchased through App Store (Apple) or via Google Play.  Pricing is based on functionality:

  • Number of texts sent,
  • Number of minutes used, and
  • Number of days the phone number stays active.

Burner is, however, free to download and Ad Hoc Labs provides a free trial – you can test a free burner phone-number for up to seven days.

Bryley Basics: How to identify the ransomware source on a computer network

/in , /by

Mike Carlson and Gavin Livingstone, Bryley Systems Inc.

Mike Carlson, CTO and a young, 20-year employee at Bryley Systems, had these suggestions on what to do when you get ransomware on your computer network:

  • Identify the end-user login name associated with the ransomware “How to decrypt” text files that are placed in the shared folders. (You would look at the properties of all of these text files to determine the originator.)
  • Remove this end-user’s workstation from the network immediately; preferably disconnect the network cable, but, if not feasible, power it down.
  • Restore all encrypted files from backup.
  • Erase the infected workstation(s) completely, then rebuild it.

In addition, we offered these suggestions in our July 2015 Bryley Information and Tips (BITs):

  • To be prudent, change online and system passwords
  • Create forensic images of infected computers
  • Preserve all firewall, Intrusion Prevention, and Active Directory logs for potential analysis by law-enforcement officials

These three can’t hurt, but the first one won’t stop the next attack and the last two are a bit of a stretch; it seems unlikely that the criminals will ever be pursued unless they happen to be working in this country (which also seems unlikely).

The US Computer Emergency Readiness Team (US-CERT) defines ransomware, its variants, and some solutions at Alert TA16-091A, Ransomware and recent variants.

Search Engine madness

/in /by

Lawrence Strauss, Strauss and Strauss

A long time ago in the Information Age, there was Yahoo!. Yahoo! was the work of Jerry Yang and David Filo, grad students at Stanford, and was a guide to the soon-to-be-bursting-out World Wide Web. Here is a snapshot of an early version of Yahoo!, when there were about 200,000 websites (now there are around a billion).

Yahoo! was the work of people, who spent their time looking for interesting sites on the Web and, when they found something of value, the discovered site would make the Yahoo! list, sometimes with a brief, opinionated review of what to expect on a visit. And an opinionated review is what netizens sought to deal with the voluminous web: What do the people at Yahoo! think is a good resource for any given subject?

But when the sites and the pages ballooned in the mid-’90s, it begged for developers to write software-based means to reveal the Web’s contents in a helpful way. And the engineers adapted database-sorting software to the task, authoring Lycos, Overture, Excite and Alta Vista. AOL was the most popular way to access the Internet at the time. And so it was imitated, generating what became known as “portals”. Each of those software search engines, one by one, tried to follow AOL’s model, and tried to each create a content-rich site so visitors would theoretically never have to leave1.

Google, also developed by students at Stanford, Larry Page and Sergey Brin, had a different approach. Google emerged from this trend of bloated interfaces as a bare-bones search engine. Google also incorporated a different technology, Page Rank. Page Rank aided in prioritizing search results not just on the basis of the page’s content, but also on the basis of how often it is linked to by other web pages. The thinking behind this was that a good resource will be highly valued by others and so these others will naturally want to link to it on their web pages. Google uses a combination of methods to arrive at its results to a given search. And Google, so confident it would lead visitors to the right answer, included an “I’m Feeling Lucky” button to take a visitor directly to the top item on the search result’s page.

Google’s technology and approach left the others in the dust … and now we are in an age in which Google is nearly the only major search engine left. And while still extant, CEO Marissa Mayer is selling Yahoo! for parts.

Today, it’s estimated that 80% of the time that we search the web, we Google.

(See comScore’s comScore Releases February 2016 US Desktop Search Engine Rankings and Search Engine Land’s Who’s Really Winning The Search War? By Eli Schwartz on 10/24/2014.) The other options include Microsoft’s successfully relaunched Live Search, now known as Bing (and on Yahoo’s site, branded as Yahoo! search), which has search engine traffic around 20% of Web searches. And there are lesser-known search engines like DuckDuckGo (although growing because of its privacy aims, it’s mostly a Bing-derived search2 and represents less than 1% of searches) and similar and even less frequently used Google-derived privacy protected search, such as at ixquick.com.

The Business of Searching for Business

Although popularly dubbed Web 2.0 around ten years ago and 3.0 more recently3, people still use the web to do most of the same things as in the ’90s. And 70% of the time, we start with a web search (per the 2014 research of 310 million web visits by web content-creating company, Conductor, in the Nathan Safran article: Organic Search is Actually Responsible for 64% of Your Web Traffic). So search is important to businesses who want to use the web to get searchers to consider their services.

And not only is the top position potentially lucky for the Google searcher, according to a study by ad network, Chitika, that top position in the search-results page is clicked 33% of the time (from the article No. 1 position in Google Gets 33% of Search Traffic by Jessica Lee). So, no wonder there is an industry, SEO (Search Engine Optimization), to try to get pages in that top position.

As a result of the desire for the top position, there is an ongoing cat and mouse game between makers of web pages (or their SEO contractors) and search engines. The makers are the cats who want to catch that elusive mouse of top-of-page placement when someone searches using the ideas that connect to their service.

One of the first examples of this game was the infamous Meta name=’keywords’. Created by the World Wide Web Consortium (W3C) in the ’90s out of a desire to get useful indexing information to the search engines the Meta Tag, Keywords could contain a list of words that would help a search engine’s software robot have ready access to the important ideas on a given page4. Only problem was how quickly web-page-writers tried to stuff (aka spam) the Keywords tag with words the writer thought would make it rise to the top of the pack of search results (and I’ve seen some ridiculous things like porn words placed by an “SEO expert” in the Keywords meta tag of a retailer).

In 2002, Alta Vista’s John Glick said, “In the past we have indexed the Meta keywords tag but have found that the high incidence of keyword repetition and spam made it an unreliable indication of site content and quality.” (See the Search Engine Watch article Death of a Meta Tag by Danny Sullivan on 9/30/2002.) And Alta Vista was one of the last to support the Keyword tag.

And this game goes on today, only the venue changes. Google just announced that it is delisting or downgrading sites that have outbound links it considers illegitimate (these links were intended to boost the Page Rank of the page being linked to). In the current case bloggers were linking to sites in exchange for gifts. Google discovered the pattern of behavior and exacted penalties on the offending bloggers’ sites. (See the Search Engine Land article Google’s manual action penalty this weekend was over free product reviews by Barry Schwartz on 4/12/2016.)

Google is our (mostly) sole arbiter of the content of the voluminous web that we access by its rankings in importance (aka software-derived opinionated review). And an opinionated review is what netizens seek in order to deal with the voluminous web: What does the Google engine think is a good resource for any given subject? Which of course sounds a lot like trying to appeal to David and Jerry’s Yahoo!: Fundamentally the rules that applied to catching Yahoo’s favor are the rules that apply to winning Google’s highest ranks.

Next installment: How the Web is Won.

Notes

1Keeping visitors was valuable two ways. In lieu of a truer model, a site’s “eyeball” count was a measure by which too many web-based companies’ valuation went stratospheric. Also ad revenues were based on the traditional media-derived model of cost per impression.

2DuckDuckGo’s search is not identical to Bing in the way Yahoo’s is, as of this writing. DuckDuckGo, per its own site, claims to have its own web robot collecting information on web pages and also aggregates information from disparate sources, chiefly Bing, and uses a proprietary method to weigh the importance of information from all the sources.

3Web 2.0 was to indicate increased content coming from web users (e.g. blogs and YouTube channels). Web 3.0 is a Web-inventor, Tim Berners Lee, proposal to increase and change the nature of the web’s html language to include access to additional code and computer languages so that computers can process data in the html, it’s designed so that both humans and machines can make use of the content in a way native to each. (See the W3C standards on Semantic Web.)

4Meta Tags or Metatags are mostly hidden html content. These include a page refresh function and page-content description.

Recommended Further Reading:

  • The Search: How Google and Its Rivals Rewrote the Rules of Business and Transformed Our Culture by John Battelle.
  • Googled: The End of the World As We Know It by Ken Auletta.