Not all phone systems are created equal.

Not all phone systems are created equal.

Not all phone systems are created equal. That being said, most phone systems on the market today will all have the same basic features and capabilities.  So what makes them different? The biggest difference is how they are connected within your office or building. VoIP telephones require power from either a wall adaptor at each phone or from a power over Ethernet data switch. Since they are connected over the data cabling, distance is limited to 100 meters.

Traditional telephones (digital or analog) are powered by a telephone switch usually located in a central equipment room. These telephones will have greater distance capabilities often up to 2500 feet and they do not require special cabling or network hardware to operate.

The good news is that Quanexus offers solutions that connect analog, digital and VoIP phones on the same system. Another great feature is the ability to connect multiple offices together and or place phones at the homes of teleworkers.  This enables better workflow and reduced operating costs.

Posted by Terry Watson in Telephone Systems
Dangers of Hotel Internet Access

Dangers of Hotel Internet Access

Think twice before you use the hotel’s internet access abroad.  An alert was posted by the Internet Crime Complaint Center (IC3)  reports that guests staying at multiple hotels abroad have had malware loaded onto their machines without their knowledge.

The malware presents itself when a guest tries to gain access to the free internet provided by the hotel.  A pop-up window will appear asking the guest if they wish to update their software, and clicking accept enables the malware to be installed.  If you are promoted to update software, either close the window or check to make sure the digital certificate matches the software vendor that’s trying to conduct the update.

However, hotels are not the only potential for this attack vector.  Any establishment, especially franchises, that offer free wireless internet access are a potential risk.  This is because most franchises use the same equipment at all their locations, and often times are connected to the head office.  If an attacker is able to compromise once hotel or chain they often are able to compromise the entire network.

Posted by Ryan Sevey in Wireless
Too Small to be Hacked?

Too Small to be Hacked?

A lot of small and medium sized business owners and even their IT staff are still under the mindset that they’re either too small for an attacker to go after, or they have nothing of value. I cannot even count how many times I’ve had a system administrator say “who would want to hack us, we have nothing of value?”

Additionally, it’s important for all businesses to understand that once an attacker is successful, often times they will try to maintain access for as long as possible.  According to Richard Bejtlich, chief security officer for computer security firm Mandiant, the average cyberespionage attack goes on for 416 days.  Simply put, the attackers aren’t going to notify you when they break in.  It will be up to you to find out if you’ve been breached.

The simple fact is that small companies accounted for the largest number of data breaches according to the 2012 Verizon Data Breach Report. Companies with 11 to 100 employees reported 570 data breaches, which was followed by 101 to 1,000 employee companies reporting 48 breaches. The numbers aren’t really that surprising when you start to think about why this is occurring.

  1. Larger companies probably have defined Information Technology budgets, with funds also allocated to Information Security.
  2. Larger companies are more likely to ensure compliance such as PCI or GLBA.
  3. Larger companies are more likely to have dedicated staff for information security.

While the large company may have more resources, smaller businesses still need to ensure they have proper defenses.  Using consultants who have a strong background in information security is always a good place to start, as is conducting a risk assessment.

The risk assessment will help show your company where you’re weak, along with where your strong.  This can then translate into smart spending of your resources.  For example, if the assessment shows that your routers and switches have old firmware which has exploitable vulnerabilities, you can wisely spend money to fix that issue. The assessments will also offer the review of policies, employee training, human resource review, and more.

One thing is very clear that these attacks will not be diminishing anytime soon.  For the past few years we’ve seen the attacks increase in volume and there aren’t any signs of them slowing down soon.

Posted by Ryan Sevey in Information Security, Small Business
SCADA Devices Hiding on Your Network?

SCADA Devices Hiding on Your Network?

Many organizations are unaware that they are implementing SCADA type devices on their networks and unaware of the potential risks this creates. SCADA stands for supervisory control and data acquisition. The SCADA technology is heavily used in power distribution/management, gas distribution and waste water treatment, but is now finding its way into a lot of small businesses, churches and office buildings. Heating and air-conditioning vendors who remotely manage your HVAC systems, use technology to remote into your network and use a web based application to manage the system. 80% of all recent hacks have been against vulnerabilities in web based applications. The big question is, if they can remote in, who else can remote in?
Before letting an outside vendor put equipment on your network, it is important to understand how they will be gaining access and if your organization is comfortable with the technology they will use. In November, a water treatment facility in Illinois was hacked which caused a pump to burn up. Potential threats of an attack could result in the heating of your building being turned off in the Winter, causing pipes to burst. In the Summer, your air-conditioning system could be set to cool off the building after hours, which would increase your energy costs. Also, there is always the threat that this is a back door into your network. A back door would allow hackers to gain access to your servers and data. The potential threats are: loss of data or having your servers compromised to either host nefarious services (game sites, porn sites etc.), or be used to launch attacks against other sites.
The best way to prevent having an issue with SCADA devices on your network is to understand the technology that is being implemented and take appropriate measures to secure any vulnerability introduced by the SCADA type equipment that will be installed.

Posted by Ryan Sevey in Recent Posts