Are you too small for server virtualization?

Are you too small for server virtualization?

Are you too small for server virtualization? There are many reasons to virtualize a server, but for a small organization, it comes down to resiliency.  If your organization has only one server and you are running Microsoft Small Business Server, you can still virtualize your server with no additional cost.  Virtualization provides the ability to easily transport your entire SBS server to a new hardware platform.  This could be handy if you experience a serious hardware problem and need to bring in a replacement server that is not identical to the server that went bad.  Once the new server has the basic virtualization environment created the SBS server can be placed on the new hardware platform and you are up and running.  The only downside to creating a virtualized environment for a small business is a little bit of added complexity that is well worth the effort. 

Another benefit that is not often taken advantage of is the ability to take a snapshot of your environment.  With a snapshot, you can quickly restore the server to a previous state.  This is handy if you are doing a major upgrade to your software and something goes wrong.  The snapshot feature lets you roll your system back to just before you attempted the updates, essentially creating a safety net. The only downside to creating a virtualized environment for a small business is a little bit of added complexity, but is it is well worth the effort.

Posted by Jack Gerbs in Small Business, Virtualization
Not all phone systems are created equal.

Not all phone systems are created equal.

Not all phone systems are created equal. That being said, most phone systems on the market today will all have the same basic features and capabilities.  So what makes them different? The biggest difference is how they are connected within your office or building. VoIP telephones require power from either a wall adaptor at each phone or from a power over Ethernet data switch. Since they are connected over the data cabling, distance is limited to 100 meters.

Traditional telephones (digital or analog) are powered by a telephone switch usually located in a central equipment room. These telephones will have greater distance capabilities often up to 2500 feet and they do not require special cabling or network hardware to operate.

The good news is that Quanexus offers solutions that connect analog, digital and VoIP phones on the same system. Another great feature is the ability to connect multiple offices together and or place phones at the homes of teleworkers.  This enables better workflow and reduced operating costs.

Posted by Terry Watson in Telephone Systems
Dangers of Hotel Internet Access

Dangers of Hotel Internet Access

Think twice before you use the hotel’s internet access abroad.  An alert was posted by the Internet Crime Complaint Center (IC3)  reports that guests staying at multiple hotels abroad have had malware loaded onto their machines without their knowledge.

The malware presents itself when a guest tries to gain access to the free internet provided by the hotel.  A pop-up window will appear asking the guest if they wish to update their software, and clicking accept enables the malware to be installed.  If you are promoted to update software, either close the window or check to make sure the digital certificate matches the software vendor that’s trying to conduct the update.

However, hotels are not the only potential for this attack vector.  Any establishment, especially franchises, that offer free wireless internet access are a potential risk.  This is because most franchises use the same equipment at all their locations, and often times are connected to the head office.  If an attacker is able to compromise once hotel or chain they often are able to compromise the entire network.

Posted by Jack Gerbs in Wireless
Too Small to be Hacked?

Too Small to be Hacked?

A lot of small and medium sized business owners and even their IT staff are still under the mindset that they’re either too small for an attacker to go after, or they have nothing of value. I cannot even count how many times I’ve had a system administrator say “who would want to hack us, we have nothing of value?”

Additionally, it’s important for all businesses to understand that once an attacker is successful, often times they will try to maintain access for as long as possible.  According to Richard Bejtlich, chief security officer for computer security firm Mandiant, the average cyberespionage attack goes on for 416 days.  Simply put, the attackers aren’t going to notify you when they break in.  It will be up to you to find out if you’ve been breached.

The simple fact is that small companies accounted for the largest number of data breaches according to the 2012 Verizon Data Breach Report. Companies with 11 to 100 employees reported 570 data breaches, which was followed by 101 to 1,000 employee companies reporting 48 breaches. The numbers aren’t really that surprising when you start to think about why this is occurring.

  1. Larger companies probably have defined Information Technology budgets, with funds also allocated to Information Security.
  2. Larger companies are more likely to ensure compliance such as PCI or GLBA.
  3. Larger companies are more likely to have dedicated staff for information security.

While the large company may have more resources, smaller businesses still need to ensure they have proper defenses.  Using consultants who have a strong background in information security is always a good place to start, as is conducting a risk assessment.

The risk assessment will help show your company where you’re weak, along with where your strong.  This can then translate into smart spending of your resources.  For example, if the assessment shows that your routers and switches have old firmware which has exploitable vulnerabilities, you can wisely spend money to fix that issue. The assessments will also offer the review of policies, employee training, human resource review, and more.

One thing is very clear that these attacks will not be diminishing anytime soon.  For the past few years we’ve seen the attacks increase in volume and there aren’t any signs of them slowing down soon.

Posted by Jack Gerbs in Information Security, Small Business