Cyber security

VPN Services, Protecting Your Identity

When you think about a VPN in the traditional business context, you think of connecting your remote computer or multiple locations together via a virtual private network (VPN), using the Internet or some other media.  The VPN piece of the solution creates a secure connection over a non-secure media, such as the Internet.

The term VPN has been expanded to include the ability for users to send and receive data while remaining anonymous and secure online.  There are many VPN service providers out there, some are free, and others charge about $3 to $7 per month.  If you are truly concerned about security, you should not use the free service providers.  For the most part, they have very limited features and with the price being free, you need to consider how they are making money, and how serious they are concerned about protecting you.

How Do These VPNs Work:  Typically, you have to install client software on your computer.  The client allows you to securely connect to another network.  Once connected to this third-party network, your traffic will be sent to the Internet through one of many (often many thousands) of IP addresses from all over the world.  When you surf the web or access any web services, all your traffic will appear as if it was coming from the third party.  The technical term for this is obfuscation (to make things confusing or ambiguous, hide or conceal).

Key Performance and Protection Items:  The more IP addresses a VPN service has, the harder it will be for your identity to be discovered.  Network speed performance is based on the performance of the VPN servers to receive and resend your traffic.  These two items typically drive the cost of the service.  The process of selecting a VPN service provider must include reviews that include performance, support, and privacy.  You need to spend the time to   understand what you can expect from these service providers.

Another key item to consider is, what country the VPN company is in and what country the servers are located in.  Each country has their own privacy laws and based on where the company is located and where the servers are located, it will affect the overall privacy of the traffic you will be sending through these providers.

Potential Issues with VPN Services:

  • Performance: If your VPN service provider has issues, you will be affected by their performance (meaning slow Internet browsing and responses).
  • Access to Sites and Services: You may get blocked from sites you usually visit or need.   Many firewalls are being configured to do Geo blocking/permit.  If the IP address you are assigned to surf from is in a range that belongs to a country that the firewall is programmed to block, you will be denied access to the site (you can typically override the client if necessary).  More advanced service providers will let you choose what country you want your traffic to originate from.
  • Privacy: If you are seeking the service of a VPN, you are most likely doing so to maintain anonymity.  As mentioned earlier, every country has their own privacy laws.  The privacy of your traffic going through the VPN will be based on the country that the VPN service provider is located and the physical location of the servers they are operating.

For a recent review of current VPN service providers follow this link to cnet.com’s “The Best VPN Services for 2019” written by David Gerwirtz, July 11, 2019 https://www.cnet.com/best-vpn-services-directory/?ftag=CMG-01-10aaa1b

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Cybersecurity, Information Security, Recent Posts, Small Business, Virtualization

Dell’s Preinstalled Support Software has a Serious Vulnerability

A new vulnerability affecting Millions of Dell computers has been found.  This issue effects both home and business computers.  Dell’s built-in support tool of Dell SuppoortAssist (all versions) has a vulnerability that allows for rights escalation.  The issue is, a user who is are not administrators can exploit this vulnerability and gain administrative rights to the computers.  Once administrative rights are granted, the unauthorized user is now free to see everything on the computer and can also install malware on the system to spy on the user.

The reason users should not have administrative rights to their computers is to prevent unauthorized access or malicious software from being installed.  I have presented on this topic many times.  Even home users should not be using an account with administrative right on their computer.  The only time administrative rights are needed and should be used, is to install new software or perform other administrative tasks on that system.  Another benefit of having non-administrative accounts on a computer, even a home computer, is the ability quickly recover a computer should a user profile become infected or corrupt.

Dell licenses their desktop support tool from PC-Doctor.  SafeBreach Labs identified the vulnerability.  Dell was notified of the issue on April 29, 2019 and PC-Doctor provided an update on May 28th.  Dell is encouraging all their users to update to the new version of Dell SuppoortAssist.   For more on performing the update, go to Dells’ support site and look up   DSA-2019-084.  This has been given CVE Identifier: CVE-2019-12280.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Cybersecurity, Information Security, Small Business

Computer Equipment Pricing and Availability Challenges Ahead?

It is very likely that we will be seeing computer equipment price increases and potential equipment shortages in the upcoming months. With the new trade tariffs, on Chinese products, that took place on May 10th it is likely that equipment pricing may increase 15 to 25%.  Equipment shipped and in transit prior to May 10th are not affected by the new tariff rate. The tariff rate in January was 10%. On May 1st the tariff was increased to 25%. It is not clear when we will be seeing price increases.

To make matters worse,  the IT industry is coming up on a critical date, January 13, 2020. January 13th is the last official day that Microsoft will release security updates for Windows 7 and Windows Server 2008 (all versions). After this final release Microsoft will no longer provide any support for these older operating systems making the vulnerable to new threats.  Many older computers do not have the resources to run the new server and desktop operating systems and many systems will have to be replaced. If you are still running on these older operating systems, you should plan accordingly to minimize the impact of the new tariff rate.

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Cybersecurity, Information Security, Small Business

Completed CompTIA Security Trustmark+

I am very happy to announce that, we successfully completed our annual review for the CompTIA Security+ Trustmark. We view this as a big differentiator between us and our competitors. While many organizations claim that they have good security practices in place, it is impossible for them to prove it. We submit Quanexus to an annual review of our security practices, where a third party, independent auditor reviews our polices, controls and practices. Our practices are based on the CompTIA Security+ Trustmark, which is based on NIST’s (National Institute of Science and Technology) Cybersecurity Framework.

This is important for several reasons. The first is, some of our clients operate in regulated industries, such as finance and medical. These organizations that operate in regulated industries are required to perform vendor due diligence; they need to prove that they are working with “trustworthy” vendors. By having a third party, independent auditor review our controls, it makes it easier for our clients to work with us.

The second reason we do this is, if we are going to consult and perform services in these industries, we have to understand and meet the same or very similar requirements that our clients have to meet. This provides us a much deeper understanding of the process and controls needed to operate.

Thirdly and most importantly, we take security very seriously! We need to be continually learning and adopting to the changes in the world that affect us. The CompTIA Security Trustmark+ helps us keep a keen focus on the evolving security landscape and helps us continually improve.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Recent Posts