Zero-Day Flaw Equals Vulnerability for All - Except TPSU Members

zero_day_flaw_tpsu_membersAdobe has issued an advisory warning of the zero-day flaw (CVE-2015-0313), a previously unknown point of vulnerability within the latest version (version 16.0.0.296), as well as earlier versions of its Flash Player plugin. If exploited, this download attack causes a system crash that allows the attacker to take control of the affected system. Unfortunately this kind of attack is quite commonly and actively used; at this point the download attack has been actively linked to maladvertising against Internet Explorer and Firefox users, on either Windows, Mac or Linux (versions 11.2.202.440 and earlier).

Though updates have been made available for manual download, the next steps for Adobe Flash users have not been made completely clear. Krebson Security suggests that Windows users using browsers other than Internet Explorer may need to apply the patch twice, once with IE and once with the alternate browser. However, users of IE and Chrome should also auto-update their versions of Flash. For a vulnerability that Adobe categorizes as critical, much is still left unclear.

Luckily, folks enrolled in our Third Party Software Update program (TPSU) have nothing to fear; they are fully protected. And this TPSU program is far from expensive; in fact, for our current customers in good standing, this program is completely free. Simply read the activation instructions here.

For those that don’t know, TPSU is your automatic updater, pushing current versions of applications onto your system, unless users have made individual exceptions. The service runs just after each round of standard Workstation patching and after the round of standard Server patching. The schedule has been created this way to ensure that our users maintain the highest level of security, which unfortunately means that this schedule must be maintained, unless a zero-day vulnerability appears which will then be pushed out immediately.

The combination of the established TPSU schedule with the flexibility for immediate patching of zero-day vulnerability ensures that you, or customers, are always protected. And in a world that depends increasingly on technological systems, this constant security can make all the difference.

Data Recovery Assessment

How do I backup my servers in AWS?

backup_servers_in_aws_cloudData loss can be an insurmountable challenge for firms and unfortunately it is a common problem. Disasters come in many forms, such as power interruption, corrupted database, hardware failures, software glitches, or network outages. In a cost-cutting environment with intense global competition, you need a solid plan that is cost-efficient, yet ensures that backups are performed regularly and recovery from any disaster quickly.

Many companies have outsourced the data backup and recovery component of the IT function to the cloud, including Amazon Web Services (AWS) storage solutions. AWS provides secure, scalable and robust storage in a more efficient and scalable data backup and recovery environment – eliminating the need for in-house infrastructure dedicated to this purpose.

Conventional Data Backup and Recovery

Even for IT departments, the data backup and recovery environment can be complex. Typically, most companies rely on a very heavy-handed agent strategy for their backup and recovery. They backup the content on their servers over the storage area network (SAN) or over the local area network (LAN).

With the constantly evolving dynamics of data growth, data center consolidation and virtualization, traditional legacy backup and recovery approaches have become overwhelmed.

Backing Up Your Servers in the Cloud

AWS simplifies the data backup and recovery by automating the entire process. The backup and recovery process has now been reduced to a point-and-click web-based interface as software performs labor intensive and complex tasks.

Simply sign up for an AWS account and complete the setup process, including obtaining receiving root account credentials, which allow full access to all resources in the account and AWS Identity and Access Management (IAM).

IAM allows you to control access to AWS services as well as the resources for users to link to their accounts. You can create unique user credentials to define who has access to which resources for daily interaction with AWS.

Now you can begin the process of backing up your standard server, such as an application server or web server:

  • Build Your Amazon Machine Image (AMI): AMI serves as a template that contains the operating system and relevant web server applications such as Apache or IIS, and other software. Choose an AMI provider by AWS, the AWS marketplace, the AWS community, or create your own
  • Launch Instance: Click “Launch Instance” to create a new instance of your web server. You can create as many or few virtual servers you need from the AMI
  • Region and Availability Zones: Place and replicate resources – instances and data – across multiple “regions,” and within each region, specific isolated locations or “availability zones”
  • Networking and Security: Create the key pair – public to encrypt data and private key to decrypt data – to log into an instance
  • Create a security group (virtual firewall) and rules to control network access to one or more instances: Amazon EC2 provides the instances with IP addresses and DNS hostnames

Benefits of Data Backup and Recovery in the Cloud

The AWS platform provides IT departments with an easier, faster and more cost-effective approach to data backup and recovery. The advantages for companies include:

  • Eliminate hardware-based infrastructure in favor of virtual abstract resources instantiated by code
  • Scalable infrastructure, and the ability to pay for capacity incrementally, driven by demand and as resources are needed with no upfront outlay
  • Gain the ability to deploy resources, in minutes, and perform configurations in real-time
  • On-demand availability of server images, the ability to maintain them, and activate them without delay.

For many small companies, data is at the core of their operations. AWS provides a reliable, scalable and cost-effective solution, which improves your company’s abilities to optimize resources for data backup and recovery.

whitepaper_what_you_need_to_know_about_cloud_backup

 

What's Driving the Need for Cloud Collaboration?

What's Driving Cloud Collaboration?Organizations are finding that cloud collaboration is becoming critical to their ability to compete. The growing importance of collaboration is being fed by fundamental trends…

Competition: The barriers to entry are lower than ever, and you cannot predict who will enter your market next. How do you stay ahead when you don’t know which organizations you’ll be competing with next month or next year?

Focus: Companies once could gain an advantage by owning every aspect of a value chain with the goal of vertically integrating an industry. Today, it makes more sense to focus on the aspect of the value chain that is most critical to success and partner for the rest.

Open systems: The Internet and networking technologies have connected us in ways once thought impossible, opening the door for innovative business models. Now, businesses must adapt to another wave of networked technology that is shaping the modern working experience into one that is mobile, social, visual and virtual.

Together, these trends are shaping a new business landscape, making speed and flexibility the most important competitive differentiators in just about every industry across the globe. This makes collaboration technology a must-have as you build a real-time enterprise that can adapt to fast-changing market pressures.

Subscribe to Cisco's Online Collaboration Community here

Contact CWPS today… We help you plan and implement a cloud collaboration solution that will help keep your business moving ahead: (877) 297-7472 or connect@cwps.com.

CWPS Cloud Assist - Amazon Web Services

IT_ComanagementAre you considering outsourcing part of or your entire IT environment? Do you need to add capacity for growing workloads but don't know by how much?

It's becoming increasingly clear that cloud computing by Amazon Web Services (AWS) can provide some answers and bring significant benefits to small and medium businesses (SMB) such as yours. With cloud computing you don't need to make large upfront investments in hardware. Instead you can provision exactly the right type and size of computing resources you need to operate your IT department. You can access as many resources as you need, almost instantly, and only pay for what you use.

 

The Benefits of Utilizing AWS Include:

  • Pay for Infrastructure as you need it, not up front.
  • Lower Total Cost of IT
  • You don't need to guess capacity
  • Increase innovation: experiment fast with low cost and low risk
  • Get rid of undifferentiated heavy lifting
  • Go global in minutes

Amazon Web Services Infrastructure Services

 

Amazon Web Services offers a complete set of infrastructure and application services that enable you to run virtually everything in the cloud.  It is made up of four components:

 Compute: Processor, memory and operating system

  • Storage: Block or object based (EBS or S3), flexible and cost effective
  • Network: Your own Virtual Private Cloud (VPC)
  • Database: Managed database services (RDS)

CWPS Cloud Assist - Managed AWS

 

With the implementation of AWS, you will need assistance in deployment and maintenance. The CWPS Cloud Assist package consists of foundation managed services that include:

 

  • Backup and Disaster Recovery
  • Identity Access Management
  • Network Element Management       
  • Billing and Optimization

There are also optional services that include incremental offerings for customers with specific needs not addressed by foundation managed services.  One of them includes Advanced Security Services provided by Alert Logic. Alert Logic SOC and CWPS NOC work together 24X7X365 to provide deep security insights, continuous protection, and lower total costs.

 

AWS and CWPS Cloud Assist reduces total IT costs by at least 30% compared to an on premise deployment. Not only do you save money but you can also spend more time focusing on your business and not the daily IT hassles.

 

whitepaper_what_you_need_to_know_about_cloud_backup

 

CWPS Cloud Assist - Your Road to the Cloud

Cloud_AssistMoving your IT applications to the cloud may eliminate unpredictable capital expenditures and many "pain points" of owning your own infrastructure, but what happens once you have your workloads and applications in the cloud? When everything is offsite, your connection is critical and Quality of Service (QoS) is not available over the Internet. This is essential for voice, video and other real-time communications.

With CWPS Cloud Assist, you are able to access cloud services through a private line connected from your premises to our datacenter at Equinix in Ashburn, VA. You can also leverage an inexpensive Internet connection for a second, redundant path to the cloud. From our datacenter CWPS can provide a direct connection to many cloud services to include AWS, Microsoft, and 8x8 Hosted Voice services. With a direct connection, you can guarantee QoS, reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience for your organization.

CWPS_Cloud_Assist


Planning and executing the transition to the Cloud is streamlined
 with CWPS’ expertise in design, implementation, management, security, and customer service.  Let's talk about Cloud solutions for your business. Contact CWPS today to arrange a planning discussion: (703) 263-9539 x2 or connect@cwps.com.

whitepaper_what_you_need_to_know_about_cloud_backup

 

What do you do when Microsoft Office 365 goes down?

12057455_sFor businesses, both large and small, Microsoft’s Office 365 suite has become an integral part of day-to-day operations. This is understandable due to the all-encompassing nature of the product line – from word processing and spreadsheets to PowerPoint and email.

If your business also utilizes the Microsoft Office 365 platform, you know that a disruption of any kind in service would not only bring day-to-day operations to a halt, it would also be quite costly. Here are three steps you can take immediately to address an Office 365 service interruption:

Determine the true source of the disruption

The first thing you should do is check the status of Office 365 to see if Microsoft has reported any outages or issues. From this page, you can also login to check on the health of your organization’s own Office 365 service, if you have the proper access.

If it isn’t an Office 365 issue...

If you’ve verified that the issue is a local issue – meaning there is no service disruption with Office 365 globally or with your account – confirm that more than one person is able to replicate the issue. If only one person is reporting a problem, have your onsite IT staff member or your managed services provider troubleshoot that individual’s machine. If it is impacting more than one individual in your organization, again you will want to loop in your IT resources to investigate the matter further.

If it is an Office 365 issue...

If the status reflects there is an issue with Office 365, either globally or with your account specifically, Microsoft should provide information as to when you can expect the restoration of your service. This is another area where your IT resources will be able to follow up directly with Microsoft to ensure the timely resolution of the matter.

The key with issues of this nature – whether it is the fault of Microsoft or not – is to have a staff that is trained to proactively report when they encounter such a serious IT infrastructure challenges. Because the sooner a problem is identified, the sooner the correct parties can be brought together to diagnose it and provide a solution.

Ebook_what_you_need_to_know_about_vmware

 

"Flapjacks Monday" at CWPS

CWPS_team
It was a “Flapjacks Monday” at CWPS Headquarters this morning. As a sign of appreciation for the hard work they do, the CWPS sales team cooked up a hearty breakfast for all of the CWPS engineers. The main item on the menu was pancakes. All of our engineers dedicate a lot of time and effort to deliver the best products and solutions to our customers. We, at CWPS, are grateful for all of their services and thank them for all that they do.


Cost Advantages of a UCS Download

What You Need to Know: The Shellshock Bug and CWPS' Response

21569597_sHere’s a quick High Level Overview of the CWPS response to the Shellshock bug:

  • What is Shellshock?
    Shellshock is the name given to a bug that affects the Bourne-Again Shell (BASH) in Linux and UNIX operating systems.  Successful exploitation of this bug could result in a full system compromise.

  • Who is affected?
    Largely any UNIX or Linux system is impacted (this includes Mac OS & Android).  A smattering of Cisco products are also impacted.

  • How would this bug affect your business?
    95% of customers are unlikely to see any immediate impact relating to this bug.  This stems from the fact that an overwhelming majority of these impacted systems are not Internet-facing.  In order for an attacker to exploit this bug for nefarious purposes, they would have to have external access to these affected systems, either through SSH, web or publicly-accessible service endpoints.  Even then, the attacker would have to find a vulnerability /outside/ the realm of the Shellshock bug in order to then “get in” and /then/ make use of the Shellshock bug.

  • What is CWPS doing about this?
    So far, we have ensured that our internal infrastructure (much like many of our customers’) is not exposed in such a way that would cause concern.  We are continuing to monitor our vendors’ updates & patch releases, and as we receive and digest this information, we will (as necessary) work to address these individual impacted systems with our customers individually.

  • How can we be more proactive about these types of security incidents in the future?
    CWPS now offers a managed security service, consisting of several components:
o   Intrusion Detection System (IDS) & vulnerability scanning

o   Proactive log analysis for a variety of OSes and devices

o   Web Application Firewall (WAF) for behavior & traffic analysis of public-facing websites

If you’re interested in learning more about our managed security service, please contact your Account Executive and/or Customer Account Manager.

For a quick ~4 minute explanation in video form, we’d definitely recommend watching YouTube contributor Tom Scott’s video.

The Bottom Line

Any Linux/UNIX-based device that serves up Internet-facing webpages and/or services may be vulnerable to the Shellshock bug.  This assumes that these websites and/or services are calling direct system functions through commands issued on said site (widely considered to be a no-no from a security perspective) -or- are vulnerable to a remote command execution vulnerability.  Therefore, successful exploitation of this bug requires three things:

  • A Linux/UNIX-based device that…

  • Must be Internet-accessible via public-facing website and/or service and…

  • Said website and/or service is poorly coded so as to potentially allow for running direct system functions through a vulnerability in the website’s code -or-

  • Said website and/or service has a remote command execution vulnerability (which is highly likely to have been addressed by the vendor/site author long before the appearance of Shellshock)

Put another way, you should not be worried if:

  • Your device is not running Linux/UNIX

  • Your Linux/UNIX device is not public facing (i.e. not serving up Internet-facing webpages and/or services)

Here is a breakdown, product-by-product, of CWPS’ stance on each potentially vulnerable platform and/or device:

Apple Products

There is no official fix at this time, and the only remedy is to wait for Apple to release a patch through their standard update process.  The workaround (recompiling bash, seen on several developer-type websites) is a highly advanced and unsupported method to temporarily mitigate the risk until Apple releases an official patch.  Unless your Mac is being used to serve up web pages that are Internet-accessible, we believe that waiting for the patch is the best approach as your exposure to potential attack vectors is low.

Cisco Products 

Cisco has released a security advisory that details the impacted products.  We are continuing to monitor this security advisory as they continue testing & validating fixes for each impacted item.  You can expect updates as we identify impacted products & customers.

As is the case above with Apple products, unless your device is serving up web pages or services to the Internet (i.e. is publicly-accessible), the risk factor is limited.  99% of the time, any management web pages on these devices/appliances that could be used as a vector to attempt an exploit of the Shellshock bug are locked down to local Intranet and are not open to the world and as such are not immediately in need of a fix.

These devices will; however, show up on an security audit if said audit scans the internal network and (as such) should be patched prior to said audit.

Linux Servers

All of CWPS’ Linux servers have been patched to protect against this bug.  If you have an internal Web Development team that manages your own company-owned Linux servers, we would highly recommend following your Linux distribution’s vendor’s advice on patching same. 

If you have any questions whatsoever, please feel free to call your Account Executive, Customer Account Manager and/or the Service Desk with any questions you may have at 703-263-9539 x6.

IJM Case Study

How Server Virtualization Can Benefit Your Business

server-virtualizationServer virtualization is a powerful term that has a lot of important people buzzing for its possibilities. But amid the clamor, it can be easy to not have a full understanding of what sever virtualization actually is or why it will help your business. The following will serve to point out some of virtualization's most powerful benefits.

Defining server virtualization

Server virtualization is the process of splitting up one physical server into several partitions, which allows each virtual server to function independently. Each virtual server can run its own operating system and use only as much memory as it needs. An entire company's worth of different divisions may be able to fit onto a single server, making virtualization a valuable data storage simplification strategy for any business.

Empower employees with adaptive technology

Each organization has a unique way of streamlining the workflow of their employees. Maybe you have everyone using the same type of hardware and software, or perhaps you allow everyone to "do their own thing" with their own personal devices. While this can work to an extent, server virtualization is more effective because the same physical server can feature as many partitions and operating systems as your organization needs. For example, virtualization would enable you to have graphic designers running on Mac computers, while your accounting team works in a Windows environment.

Another benefit is that each department would no longer has to maintain their own physical server. And if there are compatibility issues between existing hardware or software and a new component, they can be resolved relatively quickly because of the centralized nature of virtual servers.

Save space and reduce overhead costs

Servers require power to operate them, floor space and air conditioning to keep them from rapidly overheating. In the case of virtual servers, you can potentially consolidate a large number of servers into one or two servers that will use a fraction of the original amount of power, while taking up much less place.

In addition, the heat produced by each server is a relatively fixed amount of BTUs. Naturally, having less physical servers due to virtualization saves the amount of heat that is produced. This means you can funnel capital typically taken up by the costs of electricity, air conditioning and space toward more revenue-generating business objectives.

Minimize data loss and streamline data transfers

Upgrading components or changing locations can be a serious problem if you require significant up times, as most businesses do. But with server virtualization, you will operate a server where everything is contained in files that may be transferred and copied at will. Not only will this dramatically decrease the likelihood of catastrophic data loss, upgrading your server will be as simple as adding the new physical server, transferring all of the files, and then removing the old one.

Summary

No matter how you slice it, operating a physical server or farm of servers is complicated. It requires additional manpower, extra space and the allocation of funds to cover any overhead infrastructure costs. Consolidating your business’ physical servers into a single, virtualized solution will make every operational task and project feel more streamlined, efficient and accessible at a more reasonable cost. 

 

Intl Assn of Fire Chiefs Case Study

 

24x7 IT Solutions for Business

24x7_IT_SolutionsToday’s information technology departments have more complex challenges as businesses, governmental entities and other organizations harness technologies like mobility, cloud computing and social media to improve internal operations, deliver product and services and build relationships with customers. They must not only build and manage a cost-efficient IT infrastructure, but keep it operating at optimal capacity.

Savvy CIOs, IT executives and system administrators understand the importance of the role IT support plays in helping organizations meet strategic objectives. Not only does the IT support staff need to have the necessary skills to solve technical issues, but it must also provide responsive and effective services.

Decision makers must determine which model for delivering 24x7 IT solutions-- on-site IT staff, managed services provider or co-management partner, a combination of the two approaches--will help the organization meet its goals.

Maintaining In-house IT Support

This solution requires you to find the right individuals, and budget for recruitment and training costs and associated labor expenses to perform day-to-day tasks, including troubleshooting, help desk services, software patches, upgrades, data backup, etc. Keeping IT support in-house allows your staff to grow its technical knowledge and insights about the infrastructure as it relates to your business processes and needs.

If you plan to provide IT support using only an in-house team, you should put in place clearly defined support policies and areas of responsibility to ensure that your support staff knows what’s expected of them. You should also identify the upper limits of your internal IT support staff and potential gaps in support, particularly at night and on weekends and holidays.

For small operations, there is an ongoing risk of not having sufficient coverage if an employee is out sick, on vacation or leaves the company. Additionally, if the in-house staff lacks the necessary experience in some areas of technology, you will need to go outside the organization to find help.

Considerations for Outsourcing IT Support

There are numerous advantages for business owners to consider when it comes to outsourcing IT services. Chief amongst these is gaining the services of a high-quality IT support staff without the all of the overhead and labor costs. In addition, regardless of the situation, you are always assured of having 24x7 IT solutions. Other benefits you may want to consider include:

  • Elimination of the need to hire, train and retain IT support personnel.
  • The ability to reassign the IT staff to focus on high level strategic initiatives and issues.
  • Availability of help desk experts who are on top of industry best practices.
  • Greater efficiency, reliability and reduced costs.

Anytime you outsource a mission critical function such as IT support you may incur risks, such as low employee morale, loss of control or an inflexible service agreement. You can easily mitigate or eliminate potential problems by clarifying what you want from the outsourcing relationship and asking potential partners the right questions.

Co-Management IT Support Option

For many businesses, the best strategy involves a combination of internal and external IT support services. In these arrangements, the in-house staff can still carry out day-to-day IT support services, while the co-managed services provider ensures you have 24x7 IT solutions as well as the ability to consult external experts regarding your overall IT strategy.

Co-management solutions also provide the following advantages to your organization:

  • Ability to scale up IT support for growing operations.
  • Reliable 24x7 IT solutions for remote facilities.
  • Greater predictability of IT expenses.

If you are undecided about the best IT solutions for business – internal staff, external IT support or co-management IT - outsourcing a portion of the company's support services assures you of having 24x7 IT solutions in place while you evaluate your options.

 

Intl Assn of Fire Chiefs Case Study