IT Solutions Blog | Trigon Technology

IT Support | The Evolution of Cyber Attacks & US Concerns

CNN recently ran articles on the increasing number, sophistication, and severity of cyber-attacks occurring in the United States.  After reading the articles, you quickly realize how this threat has evolved from impacting individual users to now our national corporations and the government. 

At its basic level, personal identity theft and financial loss are the primary concerns of a cyber-attack.  This threat has existed for years.  More recently, US corporations are now facing cyber-attacks, where loss of client data and intellectual property are the main concerns.  In addition to the corporate world, US government agencies are experiencing attacks aimed at various components of US infrastructure and institutions.  Because many of the attacks are initiated by not only criminals, but also nation states, the US government views these actions as “cyber warfare” and a threat to national security.  The goal of these attacks is to steal business knowledge and negatively impact US infrastructure such as telecommunications, power, and water.  They have increased exponentially in number and severity and have the US government very concerned.

The Obama administration has taken steps to address these growing concerns to national and business security by signing an executive order initiated to stop or slow cyber-attacks.  US government agencies are being tasked with assisting more in the defense and prosecution of attacks, providing corporations with information to enhance their own security, and enlisting the help of foreign countries in controlling attacks. 

Corporations who were once slow to accept the government’s advice and offers of partnering in the cyber warfare fight, are now realizing its impact and importance.  They are applying more resources and effort toward developing strategies to minimize their exposure.

In light of this rapid evolution, everyone should consider and question how safe they are as an individual or business entity.

IT Solutions | Trigon Online Backup

Image this: You are at an office of a potential buyer of your products. The meeting is to begin in 30 minutes. You are getting prepped and discover that your presentation on your laptop is corrupted! Do you panic? Maybe, but you also realize your data is backed up to the cloud.

You call your backup provider. I answer. I listen to your frantic whispering over the cell phone, and then I remotely restore your file to your laptop that was backed up the night before. You present your presentation minutes later and win the day!

We at Trigon provide a backup solution leveraging cloud resources to back up your data be it at the office or on the road. The Trigon Online Backup can be used to backup critical data from servers, laptops, and workstations. The service backs up data and restores data, it isn’t designed for bare metal restoring, though Trigon does have service for this as well.

Why backup to the cloud?

• One advantage of the cloud backup was highlighted in the scenario above. The remote backup of offsite resources. The travelling staff members can have their laptops backed up and restored out in the field. They do not have to come back to the office to upload and download data, no VPN needed, just a network connection. The restore can be initiated by the user or remotely by Trigon.

• The backups can be set up with bandwidth throttling to have minimum impact on the computer performance. The users will not notice it is running and their changes are being saved. This bandwidth control also limits the impact on your office network as well if there are multiple machines backing up to the Trigon Online Backup at the same time.

• The data stream to and from the cloud resources are all protected with a military grade encryption. 256-bit AES security. So if you are on a public or guest network, the data passed back and forth is protected if someone is nearby wearing the black hat and nefarious moustache. The encryption is maintained while the data is at rest as well.

• The very nature of cloud backups means that your data is stored offsite. No need to remember to bring home tapes, external USB drives, or send them to be secured in offsite storage. The data is stored at two secure data centers located in different parts of the country. So the backup service has redundancy built into it as well.

• For those who do use tapes, a major quality of life improvement is you don’t have to switch out tapes. How many times did you remember to switch out the tape at the last minute or when you got home? How many times did you get the tape rotation messed up? Not with a cloud backup!

• The Trigon Online Backup solution has the ability to back up critical production data from virtual servers, Exchange servers, and SQL servers. The backups can be set up to be rather specific. For example you can set the mailbox backup to exclude messages on the subject level.

• The Trigon Online Backup utilizes bit level backups, so it reduces bandwidth and storage needed. Only backing up what has changed since last time the job was run.

• Backup jobs are monitored and reviewed for failures and warnings. We monitor the jobs for issues and address them to make sure your data is being captured and saved.

• Cost savings. By having the backups move to the cloud you no longer have to pay for utilities to run the backup tape drive or other devices. No service costs for the hardware No need to purchase new tapes every year. Reduction of staff time transporting the backup media offsite. You will no longer have to pay for the offsite storage. The price point for the Trigon Online Backup is minimum compared to what is spent each year maintaining the onsite backup solution.

There are a lot of reasons to participate in a cloud based backup solution: convenience, accessibility, cost, and security. Add in the granular level backups that can be done, and the built in redundancy, then the Trigon Online Backup is even more appealing. Best of all, NO MORE TAPES!

IT Support | Microsoft Forefront for Office 365

Spam almost feels like a part of life anymore.  I expect that when I open my email, I’m going to see a couple spam messages that the junk folder settings just didn’t catch.  It barely fazes me anymore, I just delete the spam in my inbox and junk folders and go about my day.  The real problem comes in for those that receive far more than just a couple spam messages in any given day so I can understand the frustration that comes with having to go through and delete all of those.  Thankfully for Office 365 customers, Microsoft provides a means of being able to block those messages from landing in anyone’s inboxes to begin with.  That tool is called Forefront Online Protection for Exchange. 

Forefront makes it extremely simple to create rules that can block or allow emails to come through based off of the following information:

• Header
• Sender
• Recipient
• Attachment
• Subject
• Body
• Message

Now not all of this information is needed for each rule, but it’s great that rules can be setup to block or allow emails of a certain topic or from a specific sender or domain.  Based off of my experiences there did not appear to be any delay in the mail filtering after the rule was setup.  If you’d like to start blocking some of those pesky spam messages then follow these steps to set up rules of your own:

• Log into the Office 365 portal using an administrator account
• Click on the Manage link listed under Exchange
• On the left hand side of the page select Mail Control
• On the right hand side of the page click on the link labeled “Configure IP safelisting, perimeter message tracing, and e-mail polices.”
• If not already selected then click on the Administration tab at the top of the page
• Select Policy Rules right below the administration tab
• On the right hand side of the page click on the New Policy Rule link

From there you can go ahead and set the parameters for the rule and once done select Save Policy Rule.  After that you’ll see your new rule listed under Policy Rules and from there you can make modifications to the rule as necessary or delete it if it’s no longer needed. 

Based upon what I’ve seen, Forefront doesn’t always catch blatant spam messages on its own without the aid of the rules, however after creating rules I have seen the amount of spam messages received drop dramatically.  All in all I have to say that Forefront Online Protection for Exchange is a great tool for use with Office 365. 

IT Support | Troubleshooting wireless access networks/Wireless site surveys

One of the hardest things to troubleshoot in the realm of networking is wireless connectivity.  There are a number of things that you can do in order to resolve wireless issues quickly and with little technology expertise.

First of all, if you are unable to establish a wireless connection, there are a few basic troubleshooting steps you can take. The easiest task to complete is to simply reboot your device (laptop, smart phone, iPad, etc.).  Sometimes, that will resolve the issue and you can get connected.  The second thing to try is to reboot the nearest wireless access point (WAP). If you reboot that device, many times you can then connect as expected. After rebooting your device and the nearest access point and the issues isn’t resolved, the next step would be to remove the wireless connection from your device and try to connect again. This is true even if you were previously connected but just cannot access the network now. 

To recap, the troubleshooting steps are as follows:

1. Restart the wireless access point
2. Reboot your device
3. Remove the wireless network settings from your device
4. Disable your wireless card
5. Re-enable my wireless card
6. Re-connect to the network

Granted, that is a lot of steps but it will usually resolve your issue.

Another thing that may be necessary is physically relocating the wireless access point so that you are in closer proximity to where you intend to use your device.  In a business environment, this may not always be the easiest task to complete, as there typically is a dedicated Power over Ethernet (PoE) network connection to where the access point is plugged into the network.

In a business environment, more work goes into completing a wireless site survey. Specialized tools and utilities are necessary in order to optimally locate WAPs for coverage.  If you do not have wireless access and are looking to implement it, completing a site surveys will save you time and frustration down the road. One item that is reviewed during such a survey is the makeup of the actual building itself. If there is a lot of “brick and mortar”, you will need to have more access points installed than one that is made up predominantly of drywall and drop ceilings.  Wireless signals are able to easily penetrate this type of material but the thicker the material, the more difficult the signal has of making it through.

Another item reviewed during a wireless site survey is the type of coverage you are looking for.  If you want to have “access everywhere”, you probably will need additional access points. Whereas, if you only need access in “most” locations, you can typically use a few less devices.  For the access in the most often used locations, a centrally located WAP can typically be sufficient but, as you move further away from the access points, you will not have connection at all or will have limited connection speed.  For instance, if you have a 300 foot hallway and you only need access in the majority of areas on either side of the hallway, you can probably install two or three at specific intervals.  If you require access in the very corners of the far ends of the hallway, you may need to put in additional devices, which will increase the range.

Now comes the fun part – are you going to be moving down the hallway and need constant communication or are you able to drop your connection for a second or two?  For those that need a constant session from one end of the hall to another, you will need a more advanced wireless network that will be centrally managed. A controller will allow the access points to “talk” to each other as you go from one device to the next.  If you don’t have a network that has the access points talking to each other and they are all simply connected to the network to provide wireless service, you will lose connection from one access point as you leave the range of that WAP and will then pick up another access point as you move into its available range.  During this change of access points, you will temporarily drop your network connectivity.  When having a wireless site survey completed, this scenario will be reviewed and steps will be taken to ensure that you will never be too far away from any access point and you won’t lose connection.

If you are interested in discussing the pros and cons of a wireless site survey, please contact Trigon at solutions@trigon.com or (484) 323-5000.

IT Support | PCI Compliance - Tokenization

If you own a local business in the Central PA / Philadelphia region and accept payment through credit cards, you should be familiar with filling out an annual Self-Assessment Questionnaire (SAQ) to keep current with your Payment Card Industry Data Security Standards (PCI DSS) compliance requirement.  Depending on how your business accepts credit cards, whether it is through a Point of Sales system (POS), a web based e-commerce portal, or card-not-present transactions over the phone, adhering to the requirements of PCI DSS and becoming compliant may a daunting task.  Businesses with payment card systems that store cardholder data are required to complete SAQ D, which is the strictest of all the SAQ’s. This form has 288 questions and requires many policies and procedures to be implemented.  Qualifying for one of the other SAQ’s, which are basically subsets of SAQ D, would lessen the burden on becoming PCI compliant.  But don’t confuse an easier SAQ with being less secure.  The requirements of SAQ’s A, B, CV-T, and C require an even more secure infrastructure as it relates to PCI and cardholder data by not allowing any cardholder data to be stored on any system in the environment.  So you ask, “How can I prevent the storage of cardholder data and move from SAQ D to SAQ C?”  The answer is Tokenization. 
 
Tokenization works by replacing cardholder data in your payment system with a unique string of characters called a token.  This token is generated by a payment gateway, such as PayPal, and is sent back to the merchant’s payment system to take the place of the cardholder data.   The gateway then completes the transaction with the acquirer or bank.  Any future transactions utilize the token, removing the need to transmit cardholder data.  By eliminating the card holder data onsite, tokenization greatly reduces the scope and risks associated with PCI security standards.  While Tokenization does lessen the burden on your annual PCI SAQ, it is always best to consider all of the guidelines outlined by the PCI DSS.  It is always recommended to implement as many security best practices as possible even if they are not required by compliancy.
 
While Trigon does not implement Tokenization directly (your payment system vendor or acquirer would assist you with this), Trigon can assist you with becoming PCI compliant.  Trigon has extensive knowledge and expertise in securing data infrastructures and is proficient in vulnerability management.
 
If you have any questions or would like to discuss how Trigon may help you with your PCI requirements, contact Trigon today!

IT Solutions | Google Glass Review

If only Alice had a pair of these wicked specs, she may have ignored the brazen pocket watch holding bunny and steered clear of the rabbit hole. Then again, in my initial foray, I must admit that I was not impressed with the physical appearance of Google Glass (No, I am not a slave to fashion but I do not want to walk this earth as a live action model for a ‘B’ rated Tron movie!) However, upon further investigation, the sheer capability of Google Glass has me strongly considering a life outfitted in iridescent electrode clad skin suits.  I mean… c’mon, look at these bad boys: 

…errrrr….. wait a minute, that’s not it – ahhhh, here we go:

Uh-huh, I knew it. You think they are pretty sweet also!  If you have not been formally introduced already, ladies and gents, let me present to you Google’s latest and greatest (we can dispense with the drum roll) Google Glass!

At first glance (without your Google Glasses on, of course) Google Glass is a wearable computer that utilizes a head mounted display to provide smartphone features and functions in a sleek and futuristic hands free format. Further investigation of this device reveals that they do more than make you look trendy. Boasting such features as the ability to take a single photo or shoot a video, send a text message to your buddy, get directions to your favorite hideaway or confirm flight information all by using simple voice commands.  Truly remarkable!  

Google Glass was introduced to the public in August of 2011 with plans to have a version available to our greedy hands by the end of 2013.  Initial testing of the glasses was coordinated through the Glass Explorer Program (the program has since closed but you are able to place yourself on an informational waiting list) and live field testing is being completed by the ‘bold, creative individuals’ who answered the call on Twitter or Google+ to explain in 50 words or less on how their lives would be enriched by using Google Glass. I am sorry that I missed this bus!

Though the concept of a wearable ‘Heads Up’ display type of technology is not new, packaging this technology into a universally acceptable device that is anticipated to weigh less than an average pair of sunglasses is.  Those of you fortunate enough to have answered the call, while still holding on to your 32oz double caf whipped caramel skim latte and noshing on your organically correct marathon muffin, can begin to enjoy surfing the web, taking photos, texting all by simply saying ‘ok glass. . . ‘ I am truly at a loss for words at how cool this technology is going to be and I am sure, once Calvin Klein, Ray-Ban and Oakley throw their hats into the ring for lens development and options, we will truly see and appreciate Google Glass’ full potential.  If you have not checked this technology out, do yourself a favor, stop what you are doing, do not pass go and do not collect $100. Get Google Glass on your mind – I already know the first question I am going to ask – ‘ok glass, what IS really at the bottom of the rabbit hole. . . ‘

If you have any questions or would like to discuss how Google Glass may affect the way you work, contact Trigon today!

IT Solutions | Hyper-V 3.0 Live Migration

With the release of Windows 2012, Hyper-V 3.0, and the new System Center Suites, Microsoft truly has a developed a hypervisor solution which can rival the entire feature set of VMWare's vSphere platform.  I tend to prefer and recommend Hyper-V over VMWare for a few reasons, with the prominent reasons being cost and availability.  It’s true that in the past Hyper-V's feature set was not as strong as VMWare's, but for most SMB's the feature set was indeed enough to satisfy their business and technical requirements. The cost of VMWare could often only be justified in larger organizations with bigger IT budgets and more demanding requirements.

Things have now changed.  The gap between Hyper-V and VMWare has slimmed to a point where it’s now virtually non-existent.  True, VMWare provides a solid and mature hypervisor platform, but many organizations are now seriously considering Hyper-V over VMWare due to its new bolstered feature set, low cost and overall ubiquity. 

One of the newest features in Hyper-V 3.0 that I've worked with lately is Live Migration.  For those who are familiar with Hyper-V Clusters, this concept is not new since Live Migration is one of the pinnacle reasons to implement a Hyper-V Cluster.  For those not familiar with clusters, there should be some clarification as to what the new Live Migration feature entails in a typical setup.  That is, a setup with a few standalone Hyper-V hosts and no shared storage.

When you’re working in a cluster and initiate a Live Migration, ownership of the virtual machine and its working memory are simply transferred from one node to another (see: http://trigon.com/tech-blog/bid/35259/Microsoft-Virtualization-Part-2-Live-Migration). Depending on the RAM consumption of the VM, this could take seconds, or just a few minutes.   With the use of shared storage, the VHD's don't have to move, so basically its quick process with no downtime incurred. 

In order to avoid confusion, a distinction should be made between a Live Migration in a clustered/shared storage environment and a Live Migration in a standalone environment.  In Hyper-V 3.0, and in our "typical" scenario, a Live Migration is essentially a Live Storage Migration.  This Live Migration does indeed keep the virtual machine online, but it copies the entire VHD and VM config files to the new host, not just ownership of the VM and the working memory state.  It is a much more time consuming process but by allowing administrators to perform this type of Live Migration directly from Hyper-V Manager  adds a great deal of flexibility without the need for an expensive or complex infrastructure.

It is important to note that Live Migration in a “typical” scenario isn't very scalable.  Even if you have a dedicated 10 Gb Live Migration network, if you have 30 VMs you want to migrate, that is at least 30 VHD's that have to be fully copied over the network.  Yes, you could schedule them through PowerShell and get it done, but it could quickly become a cumbersome process.  The moral of the story is to just ensure you do not confuse the capabilities and function of a Live Migration in differing scenarios.  Also, having Live Migration capabilities at your disposal right out of the box does not negate the need for a Hyper-V Cluster in order to provide High Availability for your virtual machines.

IT Solutions | Direct Access: So-long, VPN Client

What is DirectAccess?

Direct Access is a means by which your enterprise workstation is able to ‘phone home’ without any assistance, such as would be required to access a VPN configured through a firewall or a Microsoft Routing and Remote Access Server.  The idea is that you are always able to route back to your Microsoft network using public IPv4 DNS records via the Secure Sockets Layer, similar to how you would sign-in to a secure web page for sensitive information, such as personal banking.  This eliminates the need for integrating a service like RADIUS to provide domain-based authentication and deploying an VPN client software to all of the systems (not to mention training your staff on how to use it.)

Why use DirectAccess?

Simply put, DirectAccess eliminates one more step that is needed to remotely access a corporate environment, and reduces the surface area for end-user error.  Since it uses the Secure Sockets Layer – which is shared by the aforementioned secure web browsing, variables such as remote routers and firewalls can also be eliminated as a variable since there are usually no restrictions on the SSL port, whereas a non-SSL VPN client would require that specific additional ports be opened at the connecting network, relative to the protocol being used.

A problem that used to exist in the old DirectAccess architecture of Server 2008 R2 was the reliance on IPv6, which as I mentioned can be a big project in itself to implement on a network that is not already using it.  Server 2012 Direct Access is fully IPv4 compliant, and the configuration of it

What do you need to run DirectAccess (Windows 2012)?

DirectAccess requires the following components on your network:

-          Client workstations running Windows enterprise software (Windows 7 Enterprise or Ultimate, Windows 8 Enterprise)

• If using Windows 7 clients, a local Certificate Authority is recommended to provide client-authentication certificates for backwards-compatibility.  This is not a requirement in Windows 8.

-          A Windows Server 2012 host with a network controller

-          A Windows domain controller (running Windows Server 2008 SP2, or a higher edition) and DNS server

Contact Trigon today if you would like more information on Direct Access and how it can improve your small business!

IT Solutions | Downgrading from Windows 8

Windows 8 has been successfully launched and many new computers are shipping with it pre-installed.  What if your business isn’t ready for the jump to the new operating system?  Never fear because Microsoft has provided a fairly painless (though a bit tricky) way of downgrading your Windows 8 Professional PC to Windows 7 Professional. 

First, you will need to assemble everything that is required for the downgrade.  You will need to make sure that the computer is running Windows 8 Professional (32 or 64 bit doesn’t matter but only the Professional version of Windows 8 is eligible for downgrade).  Next, you will need installation media (DVD or USB) for Windows 7. Once again, 32 or 64 bit versions are both usable but you need to match the version to the currently installed Windows 8 version.  Finally, you’ll require a valid, temporary Windows 7 license key. Lastly, for post installation tasks, you need a telephone, pencil and paper.

Before starting the downgrade process, it is recommended that you backup all of your files to a secure, external location like a network share or removable USB media. Then, create recovery media for Windows 8, which should include a system image and recovery disk. Once the recovery set is finished and placed in secure storage, you are ready to begin the actual process of downgrading the computer.

The actual downgrade process is the same as if you were performing a clean install of Windows 7.  Insert the bootable media and restart the computer.  Follow the prompts to complete the installation and input the temporary license key for Windows 7.  When the PC starts up, you will be prompted to activate Windows, which will fail.

The final part of the downgrade process involves a call to Microsoft technical support.  After your automatic activation fails, you will see a screen with contact information for Microsoft Activation support.  Make sure that you have the activation key from Windows 8 available.  Explain to the Microsoft representative that you are downgrading and provide them with the Windows 8 license key. You will be provided with a single activation code that will activate Windows 7.  Once all of these steps are completed, you will need to re-install any applications and update Windows 7 with the latest set of security patches. Then, finally, you need to transfer over any of the old files from Windows 8 that were backed up earlier.  To complete the process, a Windows 7 restore set should be created and placed in a secure location.

IT Support | SQL Server 2012

Microsoft released SQL Server 2012 on April 1^st, 2012.  The product is part of a tradition of scalable database solutions, and offers many great improvements over the previous releases.

The most important thing to note about SQL 2012 is its reporting capabilities and how they integrate with SharePoint.  Microsoft SQL Server 2012 offers a new feature called PowerPivot, which involves a direct integration with SharePoint server and Excel 2010 and 2013 that provides real-time data views and reports.  PowerPivot provides an easy way to create and share Business Intelligence for billions of rows of data.

SQL 2012 also offers new high-availability features, such as multi-subnet failover clusters.  A multi-subnet failover cluster allows SQL servers in different LAN segments - such as distinct office locations - to host database failover clusters, which provide high-availability and redundancy to databases.  This allows companies with distributed computing environments to utilize the server infrastructure of multiple sites.

Licensing SQL Server 2012 for hardware has been completely re-thought. SQL Server 2012 will be licensed based on processor cores, which is a new idea in the 2012+ line of products from Microsoft due to the density of processors in modern computing hardware.  This can make using the hardware-licensing model too expensive, so companies may be more interested in licensing based on User or Device CALs instead, which provides a simpler planning infrastructure.

Contact Trigon today if you would like to find out more about SQL Server 2012 and how it can improve your business!