0 comments on “Ransomware is all the craze!”

Ransomware is all the craze!

Ransomware is a type of malicious software that’s designed to encrypt your data and then hold it for ransom until you pay the hackers to get the decryption key.  There are several reasons to be concerned.

1. You’re data is encrypted and you’re not getting it back unless you pay the ransom or you reload your data from a recent backup. (big concern there!)  Depending on the type of backups you do and the number of infections you have in your organization, it could conceivably take anywhere from a few hours to upwards to a month to get fully restored.

2. If you pay the ransom (which can range from a few hundred dollars to a few hundred thousand dollars), there is no guarantee you’re going to get the decryption key.  Think about it.  Paying the ransom is basically saying that you trust the people that hacked your computers in the first place.  That’s just crazy, yeah?

What can you do to make your computers and local network more secure against hackers and malicious software?

While ransomware is not new, a new wave is sweeping over computer networks around the globe.  The most recent breakout infected over 300,000 systems in 150 countries across all industries.  However, there is a way you can dramatically reduce your chances of getting a ransomware infection.

It starts with updates.  Keeping your operating system (OS) updated is the first line of defense against any kind of malicious software attack.  It goes without saying (so I’ll say it), at this point you should not be using Windows XP or earlier OS.  They are not being supported anymore.

So using the latest OS and keeping that OS fully updated is the first, and easiest, way to minimize your risk of infection.  Apple and Linux get viruses, too.  So even if you’re not using Windows, keep your system updated.  That will go along way in protecting you.

Along with keeping your system updated, backups are important.  People generally don’t think about backups.  But, if the data on your system is vitally important, say, payroll, inventory, time sheets, AR, or any mission critical data, you should be doing nightly backups of that data.

If you become infected with a virus, or more specifically with ransomware, then you can recover your data by restoring the backups.  Problem solved!  No ransom payment!  The boss thinks you’re a genius and everything is right with the world!  Assuming your backups are good backups, you will be able to completely recover from a ransomware attack using them.

You should also have anti-virus software installed and running.  These days, ransomeware and other malicious software attacks usually start with clicking on an email attachment.  Just clicking the infected attachment will install the malicious code.  A good anti-virus will scan your emails when they appear in your inbox and alert you to possible infections.

The anti-virus program for your organization should be a business-class, i.e., an enterprise-level, version as opposed to the free stand-alone versions you can download from the Internet.

An enterprise-level anti-virus program can be a little pricey.  It depends on the vendor, which anti-virus you choose, and how many computers you want to put it on.  There is nothing wrong with the free versions on your home computer mainly because… well… they’re FREE!  But, free shouldn’t a consideration for your business, in this case.

So, to recap…

1.    Keep your operating system updated.
2.    Have an anti-virus running and keep it updated.
3.    Save early and save often.  Make backups!
4.    Don’t open email attachments.

0 comments on “How’s your network security?”

How’s your network security?

Creating, upgrading, and maintaining you network is a full time job.  But are you doing everything available to secure your network against cyber threats?  Maintaining your network is the easy part.  Securing it takes a little more thought.

Let’s start with your software.  Legacy software can be described as any program that uses older technology.  Generally speaking, not only is it hard to update legacy software, that software typically must use older hardware to run.  And the combination of old software that hasn’t been updated and old hardware is a recipe that hackers love to exploit.

If you’re still using Windows XP… stop it, already.  Windows XP is no longer supported and hackers know that there’s still a huge installed base out there.  1 + 1 = you’re increasing your chances of getting infected or hacked if you don’t upgrade to the latest OS.

Yeah, Windows 10 has its quirky bits, but what Windows OS doesn’t?  Going to Windows 10 will improve your PC security and it looks and acts enough like XP that there really is no learning curve. (Don’t even get me started on Windows 8!)  Saying that, one of the easiest ways to minimize your chances of bad stuff happening to your network is to ensure that you’re using the latest fully updated operating system and your applications are also up to date.

So, you have the latest OS and you’re running everything on newer hardware.  What happens if, even in spite of your best attempts at securing your network, one of your computers becomes infected with a virus, or worse… ransomware?

Three words… backups, backups, backups.  If the data is mission critical, then not backing it up is just asking for something bad to happen.  If you have to re-image a computer on your network because it has been hacked or infected, then having a recent backup can mean the difference between success and getting eternally ridiculed from everyone at the office.

Just backing up is not enough.  Once the data is backed up, it should be taken off site.

If you’re backing up your data on a USB drive, ensure that the drives are disconnected from the computer after the backup completes.  That way, if the computer becomes infected, the backups will be safe.  Even more, once the backup is complete and the USB device is disconnected from the PC, the backup media should be removed from the current location.  If your office experiences a catastrophic event, then your backups will still be intact.

The most efficient way to do this is to have a cloud-based backup solution.  That way, all of your backed up data is stored at another site, usually in a geographically different location.  Cloud-based backup solutions are, obviously, fee-based solutions.  But the ability to quickly restore your data and get up and running is priceless.

Network security is also as simple as educating your employees.  A well designed and implemented acceptable use policy would explain what employees can and cannot do regarding the hardware and software in your office.  It’s also a good tool to use to make your employees aware of what they should (and should not) do in the event of a suspected hack, breach, or infection.

Even the best anti-virus, anti-exploit, anti-malware, and anti-ransomware is only as good as the person using the PC.  Social engineering can defeat security software.  Employees should be educated in how to recognize phishing attempts, suspicious looking websites, etc. that can be used to gain unauthorized access to your data.

And don’t forget about face-to-face and telephone conversations.  People who engage in social engineering are good at making you feel at ease.  They’re pros at making you think the questions they’re asking or the access they’re requesting is legitimate.  They may drop names of your supervisors, or act as though there’s a sense of urgency.  But an employee education program can train users on how to spot attempts at social engineering being used to gain access to your data.

Now, here’s the difficult and (probably) expensive part… securing access to your network with network-wide hardware/software solutions.  Obviously, the firewall is the gateway to your network.  Having a robust firewall that also provides content filtering, anti-virus/anti-malware, and intrusion prevention goes a long way toward securing your network environment.

Of course, the newer firewalls that provide these services are pricey.  I’ve seen it first hand that many managers don’t want to, or can’t, spend a few thousand for a piece of equipment that they never see.  And if people don’t see a piece of equipment at work, they generally don’t realize the benefit of having it… until it’s too late.

Along with the next generation firewalls, an enterprise-level anti-virus is essential.  Many companies will put free anti-virus software on their computers.  They’re free, so there is that.  And they do detect incoming viruses.  But that’s about the only benefit.

The problem with using free anti-virus titles is that the act as though they’re independent installations.  And they are!  It comes down to simplifying your administration.  If you have 20 PCs running stand-alone anti-virus software, then you have to constantly check 20 different computers to ensure that the software is fully updated and that you have no viruses.

With an enterprise-level anti-virus solution, you’ll commonly have a dashboard from which you can check connected systems, software update status, infection status across ALL computers on the network, etc.  Having this solution will ensure anti-virus consistency across your network.  And that means less work for you!

But with today’s threat environment, just having an anti-virus solution may not be enough.  In addition to your anti-virus, you may need to add some software to address specific issues like malware and ransomware.  A multi-factor approach to security is always the better option.

0 comments on “Windows 7 – Client Access vs Windows 7, The Sequel”

Windows 7 – Client Access vs Windows 7, The Sequel

On my last two posts, I discussed enabling the Windows 7 Administrator account and the problems associated with installing and using Client Access on Windows 7.  This post will show you the steps to take to configure Client Access for every user on a Windows 7 PC.

While changing these files, we’ll use the snap-to-edge feature of the Windows 7 Aero Desktop.  This will allow you to see two windows at the same time much like an FTP screen.  First Go to the Control Panel and click on Folder Options.  Go to the View tab and under the Advanced Settings area click the radio button next to the “Show Hidden Files” entry and then Click the OK button.

Assuming you’re logged on as the Administrator:

  1. Click on the Start Menu and click the Computer link (on the right side of the menu).
  2. Double click on the C: drive and go to Program Files/IBM/Client Access/Emulator/Private.
  3. Click the title bar and drag the window right until the cursor touches the right edge of the screen. (It should resize and fill half the screen)
  4. Click on the Start Menu and click the Computer link.
  5. Double click on the C: drive and go to Users/Administrator/AppData/Roaming/IBM/Client Access/Emulator/Private.
  6. Click the title bar and drag the window left until the cursor touches the left edge of the screen.
  7. In the left window, with the Ctrl key pressed, click the AS400 file and the newly created workstation file. This should highlight both files.
  8. Right click on one of the files and choose Copy.  In the right window, right click and choose Paste. Replace any file that requires it.
  9. In the right window, right click the workstation icon and choose Open With, then choose Notepad.  (Remember to uncheck the “always use the selected program to open this kind of file” check box)
  10. Find the “defaultkeyboard” entry and enter this line: “DefaultKeyboard=C:Program FilesIBMClient AccessEmulatorprivateAS400.KMP” without the quotes.

On the left side, click the back button until you’re at the C: drive.  Double click the Users folder and then the Public folder.  Double click the Desktop folder.  In the right screen, right click the workstation icon you created and drag and drop it into into the left screen and into the UsersPublicDesktop folder.  When asked, choose to make it a shortcut icon.  This will put the workstation on everyone’s desktop.

Using these steps, you’ll be able to install Client Access, move and configure the workstation file to the IBM folder that everyone has access to, and then create a shortcut on everyone’s desktop.  All your coworkers will look at you with envy!  They’ll want to be you!  If you get too lost while trying to accomplish these instructions, call me and I’ll get you straightened out.

0 comments on “Windows 7 – Client Access vs Windows 7”

Windows 7 – Client Access vs Windows 7

I started using Windows 7 not long after it came out.  It didn’t take me long to realize that it is easier to use than Windows XP and more stable that Windows “Linux is Better” (also known as Windows Vista).  I had a concern that there might be problems with the vast array of software that our customers use.  That turns out not to be the case….almost…

Windows 7 is a little quirky when it comes to allowing users to access some programs.  This is very evident when it comes to Client Access.  You install Client Access the same way you did in Windows XP.  The fun begins when you start configuring it.

If you haven’t read my other Windows 7 article about setting up the Administrator account now would be a good time to do so…go ahead…I’ll wait.  If you can’t find it, look in the Networking/PC Support Category on the right.

Assuming that you’ve enabled and logged onto the Administrator account, let’s proceed.  To configure Client Access, click on the Start Menu and then All Programs.  Click on the IBM iSeries folder, then the Emulator folder, and then the “Start or Configure Session” icon.  Configure the session and save it.  For instructions on configuring the Client Access sessions, email me at treynolds@dsmhospital.com and I’ll send you a cheat sheet that will walk you through the steps.

If you launch Client Access (and it’s configured correctly) then you should be able to log on to the server.  It’s all fun and games until you change user accounts, then you’ll get so many error messages that you’ll probably start apologizing for things you didn’t even do! (I personally confessed to the Chicago fire, but after I calmed down I realized that was a bit nutty.  I have since recanted.)

You see, the saved Client Access configuration is NOT placed in the Program Files/IBM/Emulator/Private folder like it is in Windows XP.  Instead it’s saved in the App Data folder of the installing user account.  In this case, the Administrator’s App Data folder.  Since other users would not normally have access to this folder, access error messages will appear if another user tries to use Client Access.

To solve this problem, you’ll need to move and edit a few files.  I’ll talk about this on the next post titled “Windows 7 – Client Access vs Windows 7, The Sequel.”

0 comments on “Windows 7 – Administering the Administrator”

Windows 7 – Administering the Administrator

As people cling to Windows XP like it was the last donut in a room full of policemen, Windows 7 is quickly becoming more noticeable. Like every other version of Windows, Windows 7 is an improvement over it’s previous flavors. It’s not without its quirkiness, however, and one of the most notable is the configuration of the local Administrator account!

Though it was not so important in XP, major installations (Client Access, anti-virus, etc.) should be installed using the Administrator account. Win7 takes the role of Administrator seriously. So seriously, in fact, that the Administrator account is not even enabled by default. When you start to configure a new Win7 PC, a good place to start is by enabling the Administrator account.

To enable it, simply log on to the first user account you create. Click on the start menu, click on All Programs, and then click on the Accessories folder. Right click on the Command Prompt icon and choose “Run as administrator.” At the prompt, type in the command “net user administrator /active:yes” without the quotes. Hit the enter key and you should get a message stating that the operation was successful. Remember to open the command prompt by right clicking and running as the administrator. This is important because simply opening the command prompt and running this command will lead to error messages and possible balding, though the latter is still unconfirmed.

The Administrator account does not have a password when you enable it so log off the current user and you’ll see the Administrator icon on the Welcome screen. Click it and, after the desktop loads (which might take a little longer the first time) click the Start Menu and go to the Control Panel. The default view for the control panel is supposed to be user friendly, but, like swimming with lead flippers, I find it a bit cumbersome.

Near the upper right corner you’ll see a link labeled “View by.” Click on the word “Category” and choose “Large Icons” from the drop down menu. Scroll down to the bottom of the screen and you’ll see an entry for user accounts…so….click it. In the middle of the window there will be several links for different tasks. Choose the link that enables you to create a password and follow the on-screen prompts. When you’re done, close everything out and you’re ready to use the Administrator account.

0 comments on “See you later, PIX!”

See you later, PIX!

Unless you talk to your IT people frequently, you may not be aware of the equipment that keeps your network up and running.  One of the most important pieces of network hardware is the firewall.  Through the years I’ve noticed that quite a few DSM customers use the Cisco PIX 501 firewall.  They’re small and work well, but they’re reaching their end of life.

Cisco has stopped selling them years ago, and if you didn’t have an existing service contract for the PIX as of July 28, 2009, then you can no longer purchase coverage for support, maintenance, or replacement.  The PIX has been around for a while and it might be time to consider an upgrade to a Cisco ASA.

While I would love to go on about the “neat stuff this” and “cool stuff that”, the ASA’s performance and reliability over the the PIX can be summed up by saying…it has faster performance and better reliability.  What does this mean to your average user?  Well…not much, really.  But to the facility administrator, switching to an ASA means up-to-date Cisco support, greater reliability and security for vendors connecting to your network, faster throughput, and enhanced technology such as the ability to use SSL VPNs for remote access to your network.

Generally speaking, it’s better to modify your network before it crashes.  A proactive move to an ASA is a good way to ensure that your hospital or clinic has access to important Web sites, vendors, and our rabidly dedicated support staff here at DSM!

Call me or email me with any questions you might have about switching from the PIX firewall to the ASA

601-925-6279
treynolds@dsmhospital.com

0 comments on “Thinkpoint spyware!”

Thinkpoint spyware!

Like there’s not enough out there to worry about…..

There’s a type of spyware that’s been going around for a few years known as “rogue spyware”.  Basically they look legitimate with their Windows-style popups warning you of some impending doom if you don’t immediately scan your computer.  If you choose to scan, then the spyware takes over your system, finds some bogus infections, and offers to fix the problem (for a fee, of course).

To the untrained eye, trying to discern whether the infection warning is real or fake is like trying to find the difference between whether it’s live or Memorex!  If you get an infection warning on your PC, and the hairs on your neck stand up, and you get that sinking feeling in the pit of your stomach, and an unexplainable anxiety washes over you, and you’re not in a campy horror movie, then call me.  I’ll take a quick look at the message and find out if it’s legitimate or bogus.

The latest rogue spyware I’ve encountered is Thinkpoint.  Normally, this type of spyware feeds you a steady diet of annoying popups, but doesn’t actually stop you from using your computer.  Not Thinkpoint.  Oh no!  Thinkpoint starts up when Windows boots, hijacks your computer, and keeps you from getting to your desktop.

If you see this screen when you turn your computer on, then it's time to whip out the Lorazepam.

If you see this screen then, sadly, it’s too late.  The fix is pretty simple, but it involves deleting and changing some critical registry entries that, if done incorrectly, could turn your PC into an attractive and rather ineffective paperweight.

Thinkpoint is an extreme case, but that’s not to say that you can’t catch some other malware infection.  There are several common sense things you can do to minimize your chances of getting infected.

1. Don’t install unauthorized software on your PC.  I know that new Fabio screen saver is irresistible, but do you really know where it’s coming from?  Think about it…if a stranger stopped you on the street and offered you a brownie, would you eat it?  Same principle!

2. If you do get infected, don’t ignore it.  Like running from the cops, it will usually turn out badly.  Talk to your IT people or call me if your PC gets infected.

3. Keep your anti-virus running and updated.  This one’s pretty straight-forward, so there’s nothing cute to say about it, but if I think of something later I’ll silently pretend you thought it was funny.

4. Keep Windows updated.  This one’s pretty straight-forward, too. so…there’s nothing cute yada yada yada…..

Catching some sort of funky malware is a part of using Windows, it seems.  So if you find yourself in this position, give me a call at 601-925-6279 and I’ll solve the problem.

(I’ll keep the Fabio thing between us)