Blog: General

Many businesses and financial institutions have seen an increase in the number of employee-owned devices over the past few years. Employees are using these devices to access email, download files, launch a remote desktop, or use a Virtual Private Network (VPN) connection for a remote "on network" experience.

Some customers prohibit or restrict personally-owned devices from connecting to the network. However, in some cases, this is not feasible, such as employees or contractors who rarely visit the home office, or employees with very specific device requirements and preferences. The common term for the policy of allowing personal devices is Bring Your Own Device or BYOD.

Unprotected personal devices connecting to the network are a significant security risk. The most common issue with these devices is inadequate anti-virus and anti-malware software. Built-in free solutions like Windows Defender are not up to the task of protecting against the sophisticated zero-day threats which are common today. Additional strategies to manage a BYOD environment include Mobile Device Management (MDM) and Network Access Control (NAC).

CylanceProtect is widely recognized as the leader in the endpoint protection segment, winning multiple industry awards for their machine learning approach to stopping security threats. Over the past 2 years since CoNetrix has been a Cylance partner. We have installed almost 5,000 endpoints for customers across the US.

Last year Cylance released a home version of CylanceProtect called Smart Antivirus. This product is specifically designed to provide the same technology as the corporate version, with easy self-administration and the ability to protect multiple devices in a household for a low annual cost. Windows and macOS devices are currently supported, with support for iOS and Android devices coming later this year.

Smart Antivirus is a great option for an employee security awareness program or as a company-paid benefit for employees and business partners. Individual licenses can be purchased from Cylance using the link below.

https://conetrix.com/cylance-smart-antivirus

Smart Antivirus licenses of 50 or more are available through CoNetrix for a discounted price. Contact CoNetrix Technology sales at techsales@conetrix.com for more information about licensing for CylanceProtect and Smart Antivirus.


 

Microsoft has been emphasizing Office 365 subscription services since the public introduction in 2011. As a result, the popularity of these services has grown to over 155 million active users as of October 2018, and is gaining new users at over 3 million seats per month. With this growth, on-going marketing, and the increasing acceptance of public cloud services, many businesses and financial institutions are starting to look at Office 365.

In this article, we will highlight several pros and cons of Office 365 you should consider to determine if it's right for your business.

Office 365 encompasses several different products and services, but in this article, we will address these services in two primary areas: user applications and back-end services.

Office 365 User Applications

As the name implies, most Office 365 subscription plans include Microsoft Office applications like Word and Excel running on Windows, macOS, and portable devices running iOS and Android. Applications are also available through a web browser but most customers are interested in Office 365 applications as a possible replacement for traditional Office licensing.

What are the primary differences between Office 365 and traditional on-premise Office applications?
  • Office 365 is an annual subscription per user or seat. Each user is entitled to run the Office 365 applications on up to 5 devices for the term of the subscription. As long as you continue to pay the annual subscription you are covered for the Office applications included in your plan.
  • Office applications through Office 365 are designed to be downloaded from the O365 portal. There is no license key to determine if you have a valid license. After installation the applications routinely "check in" to the O365 portal to ensure there is an active account. Because of this check-in process IT administrations must use a specific procedure for mass deployment of O365 applications. Additionally, installation on multi-user servers like Remote Desktop Services and Citrix requires a new approach.
  • Office 365 applications are designed to install features and security updates directly from Microsoft when they are released. Legacy patch management solutions like Windows Server Update Services (WSUS) and 3rd party solutions will not work with O365. This can create a challenge for regulated customers who are required to report on patch status. Scanning tools used by auditors to determine patch levels will need the ability to recognize the differences between O365 and traditional Office applications. The O365 update process could also create an issue for Office-integrated applications if a hotfix is released that affects the compatibility of those applications, as there will be no option to block that update from being installed.
  • Office 365 applications utilize a feature called Click to Run. This feature, which was originally introduced with Office 2016, provides a streaming method for installing features and patches for Office 365 and Office 2019 applications. Our experience is that Click to Run can use a significant amount of bandwidth if you are installing Office applications or large updates on multiple systems simultaneously.
Is licensing through Office 365 less expensive than traditional licensing?

For most customers the biggest question is: "Is licensing through Office 365 less expensive than traditional licensing?" The answer is "It depends!" Office 365 licensing could be financially attractive if:

  • Your business always updates to the latest release of Office.
  • You want the flexibility of per user licensing.
  • You want to take advantage of the licensing of up to 5 devices for multiple systems, mobile devices, home use, etc.
  • You need a simplified update process that works anywhere the PC has Internet connectivity.
  • You need to use the browser-based applications for a specific function or employee role.
  • You plan to implement one of the Office 365 back-end services.

Office 365 Back-End Services

Microsoft provides several cloud server applications through Office 365 including Exchange Online (email), Skype for Business Online (voice and messaging), SharePoint Online (web collaboration), and OneDrive (file storage and sharing). These back-end services can be implemented individually, or as part of a bundle with or without the Office applications depending on the plan. However Exchange Online vs. Exchange on-premise is receiving the most attention from our customers.

What should I look for when performing due diligence?

The security and compliance of back-end Office 365 services is not significantly different than any other cloud-based application or service. The areas that should be researched include:

  • External audit attestation – SSAE 18 or similar
  • Data location residency – production and failover scenarios
  • Data privacy policies - including encryption in transit and at rest
  • Contracts and licensing agreements
  • Intellectual property rights
  • Service Level Agreements – service availability, capacity monitoring, response time, and monetary remediation
  • Disaster recovery and data backup
  • Termination of service
  • Technical support – support hours, support ticket process, response time, location of support personnel
A few more things you should consider.

As a public cloud service Office 365 has several challenges that need specific attention:

  • The business plans listed on the primary pricing pages may include applications or services that you don't need. All of the various features can be confusing and it's easy to pick the plan that is close enough without realizing exactly what's included and paying for services you will never use.
  • Most of the back-end O365 services can integrate with an on-premise Active Directory environment to simplify the management of user accounts and passwords. This provides a "single sign-on" experience for the user with one username and password for both local and O365 logins. Microsoft has several options for this integration but there are significant security implications for each option that should be reviewed very carefully.
  • Microsoft has published several technical architecture documents on how to have the best experience with Office 365. This is especially important for larger deployments of 100+ employees, or customers with multiple physical locations. One of the notable recommendations is to have an Internet connection at each location with a next-generation firewall (NGFW) that can optimize Internet traffic for O365 applications. Redundant Internet connections are also strongly recommended to ensure consistent connectivity.
  • The default capabilities for email filtering, encryption, and compliance journaling in Exchange Online may not provide the same level of functionality as other add-on products you may be currently using. Many vendors now provide O365-integrated versions of these solutions, but there will be additional costs that should be included in the total.
  • Microsoft OneDrive is enabled by default on most Office 365 plans. Similar to other public file sharing solutions like Dropbox, Box, and Google Drive, the use of OneDrive should be evaluated very carefully to ensure that customer confidential data is not at risk.
  • Several other vendors provide Office 365 add-on products that provide additional functionality which may be useful for some businesses. Netwrix Auditor for Office 365 can provide logging and reporting for security events in your O365 environment. Veeam Backup for Office 365 can create an independent backup of your data to ensure it will always be available. Cloud Access Security Brokers (CASB) such as Fortinet FortiCASB and Cisco Cloudlock can provide an additional layer of security between your users and cloud services such as O365.

It is certainly a challenge to research and evaluate cloud solutions like Office 365. Financial institutions and other regulated businesses with high-security requirements have to take a thorough look at the pros and cons of any cloud solution to determine if it's the best fit for them.

CoNetrix Aspire has been providing private cloud solutions for businesses and financial institutions since 2007. Many of the potential security and compliance issues with the public cloud are more easily addressed in a private cloud environment when the solution can be customized for each business.

However, the combination of Office application licensing with back-end services like Exchange Online can be a good solution for some businesses. The key is to understand all of the issues related to Office 365 so you can make an informed decision.

Contact CoNetrix Technology at techsales@conetrix.com if you want more information about the differences between Aspire private cloud hosting and Office 365.


 

The Equifax data breach announced yesterday potentially affects 143 million U.S. consumers and is one of the largest breaches of personal information. The following steps can be taken by consumers to help protect against fraud and identity theft:

  1. Enroll in the free security services offered by Equifax - https://trustedidpremier.com/eligibility/eligibility.html
  2. Place a security freeze on your credit file with each of the credit bureaus
  3. Monitor your financial accounts for unauthorized activity and report unauthorized activity immediately
  4. Obtain a copy of your credit report, review it for unauthorized activity, and report unauthorized activity immediately - www.annualcreditreport.com
  5. Set up alerts on your debit and credit accounts to notify you of transactions, changes to your account, or other alerts offered by your financial institution

Additional details:

 The credit reporting bureau, Equifax, reported yesterday that they have been compromised. Non-public information affecting potentially 143 million U.S. consumers was stolen, primarily consisting of names, Social Security numbers, birth dates, addresses, and, in some instances, driver's license numbers. Additionally, credit card numbers for approx. 209,000 U.S. consumers and dispute documents for approx. 182,000 U.S. consumers were accessed. Further details from Equifax can be found here:

For information from a source independent of Equifax, Brian Krebs' coverage can be found here - https://krebsonsecurity.com/2017/09/breach-at-equifax-may-impact-143m-americans/.

Additional information about the steps consumers can take to protect against fraud and identity theft:


 

 

 

CoNetrix Website | Contact Information

Cisco Hardware Issue with Clock Signal Component

 

On February 2, Cisco released information about an issue affecting many of their hardware systems. This issue may cause eventual hardware failure on specific models and hardware versions after 18 months or longer.

The most common affected systems include ASA 5506, 5508, 5516 firewalls, and 4321, 4331, and 4351 routers.

Details about the issue with a complete list of affected hardware is available at http://www.cisco.com/c/en/us/support/web/clock-signal.html. The "Field Notices" tab contains links to the specific hardware.

For CoNetrix Technology customers, we are currently reviewing all documentation to determine those customers with affected hardware. We will contact those customers when additional action is needed.

Other CoNetrix customers should review their installed Cisco hardware or contact their IT service provider as soon as possible.

CoNetrix Technology customers can contact Support at 806-687-8600 or support@conetrix.com with any questions or concerns.

 

 

 


 

iOS 9 now will "help you out" by having the device switch to cellular data if it thinks your Wi-Fi connection is too slow. This could end up using more of your cellular data than you'd like. This appears to be turned on by default after the upgrade. You can turn it off by going to Settings -> Cellular then finding Wi-Fi Assist at the bottom of the screen.


 

Registration for the new “.bank” domains is coming up soon. These domains could be prime Internet names in the future. A few quick notes: [more] 

  • Early “sunrise” registration will be May 18, 2015 with general availability on June 24th.
  • Registration will be limited to domain names with corresponding trademark, trade name, service mark, or bank name. 
  • There will be a verification procedure to ensure these domain names are only issued to valid financial institutions.
  • Banks should consider registering a trademark now to be able to register the associated domain during the sunrise registration period. 
  • Registration will be on a “first come, first serve” basis, so if a bank with similar names want the good domains, they need to register early.
  • More information is available at https://www.ftld.com

 


 

When setting up a new user using Team Foundation Server, I got an error saying “The path … is already mapped in workspace …” The workspace listed belonged to another user that had previously used the computer. I was able to remove the previous user’s mapping with the command:

tf workspace /delete /collection:"TFSCollectionURL" workspace;owner

Since TFS considers both the computer name and the owner when comparing workspaces, there are a few things to remember:

  • If a computer is going to a new user and the computer name has not changed, the workspaces tied to this computer that belong to the previous owner should be removed.
  • If a user is getting a new computer and the computer name has changed, the user will need to configure new workspaces on the new computer or update the computer name associated with the workspace before they will be able to access the workspace on the new computer. You can update the computer name for a workspace by running this command on the new computer: 

tf workspaces /updateComputerName:oldComputerName workspacename /collection:"TFSCollectionURL"


 

Do you have an iPhone, iPad, or iPod with broken buttons? Do you want an alternate way of accessing features without using the buttons? Go to Settings, General, Accessibility, AssistiveTouch, and Set to On [more]

“AssistiveTouch allows you to use your iPhone if you have difficulty touching the screen or if you require an adaptive accessory.”

Turning on AssistiveTouch gives you a circle “button” on your screen that you can use to complete functions that real buttons would perform. You can move the circle around on your screen if you need to access that part of the screen for some other items.  

You can use AssistiveTouch to lock the screen (circle “button”, Device icon, and Lock screen icon), set mute, change volume, and other items. If it is your lock screen button that does not work, you can use AssistiveTouch to take a screen capture pic. Start by pressing the circle “button”, then Device icon, then press and hold normal Home button, and finally press the Lock Screen icon on AssistiveTouch. Also, you can use AssistiveTouch to do a power off by pressing the circle “button”, Device icon, and press and hold the Lock Screen icon until the “slide to power off” message appears.


 

After upgrading an iPhone and iPad to IOS 8, the iPad may “ring” every time a phone call is received on the iPhone for same id user account that is used on the iPad.  There is a setting in the FaceTime app that can be used to enable or disable this feature.  Go to Settings, FaceTime and turn on or off the “iPhone Cellular Calls”.  The description of feature “iPhone Cellular Calls” is “Use you iPhone cellular connection to make and receive calls when your iPhone is nearby and on Wi-Fi.”


 

User was unable to log into a PC, and user was getting error message that said, “The user profile service failed to logon. User profile cannot be loaded.”  Another user account also received same error message when trying to logon.  Admin user also received same error message when trying to logon. [more]Rebooting the system into Safe Mode with Networking and testing admin login did work. After a reboot, the same user was able to log into the PC without getting an error. 

The Event Viewer had the following event: 

Windows cannot copy file \\?\C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\SQM\iesqmdata_setup0.sqm to location \\?\C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\SQM\iesqmdata_setup0.sqm. This error may be caused by network problems or insufficient security rights. 

DETAIL - Access is denied. 

Resolution was to delete the iesqmdata_setup0.sqm file from the directory mentioned in the event log. After deleting the file, all users could log in successfully.