"You need a pen test. This is a vulnerability assessment. Have you considered Red Team testing?" You might have been told this by a regulatory examiner, your IT vendor, a senior partner, a Board member, or read it in an article. It's a common statement in the penetration testing space these days and with good reason. The scope and methodology of penetration tests is not standardized or regulated, so each provider can create their pen test service as they see fit. This puts more responsibility on you, the customer, to determine if they are meeting your needs.

On Wednesday, November 14th, the Federal Financial Examination Council (FFIEC) released an updated version of the Business Continuity Management Booklet. One of the changes is related to business continuity and disaster recover exercises and tests. In the new booklet, the FFIEC redefines the testing methods and introduces more delineation between a BCP exercise and a BCP test.

CoNetrix is selected the Best Business Computer Technology Company and Best Computer/IT Services company by Lubbock Avalanche-Journal readers in 2019. CoNetrix is also selected as the runner-up for Best Work Place in Lubbock. Multiple companies around the Lubbock area participated in the Lubbock Avalanche-Journal's "Best of Lubbock" campaign. Lubbock area businesses cast their vote, making CoNetrix the best IT services company in Lubbock and the surrounding region.

I was needing to add some interactive check boxes to a Word document, but found out that they only show up in the "Developer" menu, which does not show up by default in Word. To add the "Developer" tab menu, you must follow the following steps:  

CoNetrix celebrates National Cybersecurity Awareness Month (NCSAM) 2019 by becoming a Champion and offering complimentary resources for cybersecurity resilience. CoNetrix joins the global effort, along with businesses, government agencies, colleges and universities, associations, nonprofit organizations and individuals, to promote the awareness of online safety and privacy.

Account passwords are required for security and accountability but are often despised by users that must remember them and network administrators that must reset them when users ultimately forget after a long weekend or a donut-infused sugar coma. While recommendations have changed slightly over the years, the base settings remain the same: sufficient length to prevent easy guessing or cracking (currently around 14 characters), complexity levels to discourage the use of names and dictionary words (3 of 4 types of characters – uppercase, lowercase, numbers, or special characters), and password change cycles to force new passwords that are fully up-to-date with policy settings and not used anywhere else (30 – 90 days, typically).

Unauthorized individuals have accessed nonpublic information, who do you notify? Whether it be documents discovered in dumpsters that should have been shredded, ransomware holding information hostage, or a tornado that blew files all over the county. Definition of Information

On May 24, 2019, Fortinet published an advisory stating that certain versions of their FortiOS software are vulnerable to a path traversal attack which allows an attacker to download system files through specially crafted HTTP requests. The vulnerability is only present when the SSL VPN service is enabled – either web-mode or tunnel-mode. The vulnerable FortiOS versions and the corresponding patched versions are:

After an HVAC crew at a customer's DR site triggered multiple power outages, their recently repurposed ESX host (an HP ProLiant DL360 G9), which wasn't connected to a UPS at the time, would no longer pass POST. It would stop at 'Loading System Firmware Modules' before faulting and hitting the RSoD. After trying multiple options we thought the power surges/outages might've caused a hardware failure, but the errors from the RSoD didn't seem to indicate this to be the case. I found a related article (https://support.hpe.com/hpsc/doc/public/display?docId=mmr_kc-0128466) that is geared toward issues relating to BL460c's not being able to POST after firmware upgrades, and decided it was worth a shot before going down the hardware replacement route.