Skip to content

Posts tagged ‘security’

Feb 12

Binary Matrix Security
1 Comment

Avoiding Identity Theft Online

Everyone these days is buying something online. Sometimes it is for personal use, but sometimes that can also be for business. Identity theft does not just happen to the ignorant, it can also happen to intelligent people who happen to leave the wrong information available for predators to find.

The first step to securing your identity online is to use a strong password. Wherever possible, letters, numbers, and a special character can be used. Avoid names, birthdays, places you know, or your childrens’ or spouse’s names or birthdays as well. This is important for  every E-Mail address and online banking login you have. Never stick your passwords to your laptop with stickers. People make the excuse that they forget, but this is a case where forgetting is as inexcusable as forgetting to hold the steering wheel while you drive.

Frequently check your credit report for lines of credit or debts that you do not recognize. If you see them, a lawyer or good credit counselor can help.

Do not share your social security number with anyone other than your spouse. That number is critical. there are  a number of services that provide protection for your social security number, but personal vigilance is all you really need.

It is vital to watch out for your mail. People could be ordering credit cards in your name and sent to your address and then they can pick the envelope right out of the mail. The same axiom is equally valid for checks that you are sent. All a criminal needs to do is head to the ghetto to the nearest “no ID” check cashing place and bingo, what was supposed to be your payday is now a payday for them. These types of scammers particularly look for tax refund checks and also the Social Security checks of the elderly of disabled.

Are you getting notices in the mail from credit card companies that say, “You’re pre-approved for a new ____Card”? If so you are on a list that is sharing your identity. Call 888-567-8688 to be removed from this list permanently. You will have to provide your social security number for this action.

People need to use a secure PIN number for their bank and credit cards. Please remember our advice about birthdays. This  pin number should be completely arbitrary. Make the extra effort and memorize it. If you write your bank PIN number on a piece of paper and put it in your wallet with your bank card, your life savings could be wiped out in days.

Be very careful when you shop online. Make sure the top of the browser bar has https:// instead of http://. The S is for security, and it indicates that the information is being sent in an encrypted manner. Do not use your bank  card with your life savings in your account to buy things online. There is very limited protection for using a bank card, and you are liable for fraudulent purchases. Instead, get a great credit card with consumer protection in case of theft. Most cards limit your liability to $50 in case your card number is stolen, provided you report the theft quickly. If you do not want to pay interest, pay back your card immediately. Using a credit card responsibly helps improve your credit as well.

For businesses, be careful about trusting employees with access to the online banking for the business. There are ways to reconcile the books through software automation between your online bank accounts and your accounting software. These methods are known to the Web and I, and we are prepared to help you. To discuss your privacy concerns informally, call us at any time at 646-853-0573.

Feb 6

Cloud Security
2 Comments

New Office 365 2013 Preview: Security Recommendations

GLEN COVE, NEW YORK

Premier Microsoft Office 365 cloud services consultant, the Web and I, is releasing our latest security recommendations for your Microsoft Office 365, Microsoft Dynamics CRM, and related products soon to be released. Soon to be released will be Microsoft Project Server, Microsoft Dynamics GP Microsoft Dynamics NAV.

From our experiences in professional installations and the security considerations we have had as well as our experiences with the new Office 365 to be released to the public on February 27 (or here from us at the Web and I today!).

There are several types of administrators for Office 365 and related products, and it is clear to see their intended roles. Whoever manages the credit or debit card associated with payment, probably the owner or the accountant will be assigned the Billing Administrator position. The implementation I.T. consultant will have the Global Administrator role The Global Administrator can make changes to the Exchange, Lync, and SharePoint servers.. The Service Administrator is someone who has the permission to go and check the status of the cloud service health on a dashboard provided by Microsoft Office 365. The User Management Administrator can add and remove users and re-set passwords. The company HR person or IT person who works with the HR department are the natural choices for User Management Administrator. Since User Management Administrators are not always from a technical background it is vital to explain to them the importance of not duplicating users and stressing the permanence of deleting users.

Permission Billing administrator Global administrator Password administrator Service administrator User management administrator
View company and user information Yes Yes Yes Yes Yes
Manage support tickets Yes Yes Yes Yes Yes
Reset user passwords No Yes Yes No Yes; with limitations. He or she cannot reset passwords for billing, global, and service administrators.
Perform billing and purchasing operations Yes Yes No No No
Create and manage user views No Yes No No Yes
Create, edit, and delete users and groups, and manage user licenses No Yes No No Yes; with limitations. He or she cannot delete a global administrator or create other administrators.
Manage domains No Yes No No No
Manage company information No Yes No No No
Delegate administrative roles to others No Yes No No No
Use directory synchronization No Yes No No No

Security in SharePoint

SharePoint has its own set of security roles which can be user defined, and access can vary from site to site, from site collection to site collection. Companies can store all of their information on SharePoint and selectively share it with employees, clients, and consultants to any extent needed. Security in Enterprise-grade SharePoint such as in the S2, E1, and E3 plans have 256 bit encryption and it makes as safe and compliant an area for intranets and extranets as those used by online banking.

Security in E-Mail, Exchange, and Outlook

The Global Administrator can load the global address book or change user E-mails. Users with the Global Administrator status can also turn on and off features like mailbox archive and litigation hold. Nobody but the Global administrator can touch Exchange settings which serves to protect the E-Mail of the company by putting the responsibility squarely in the hands of Global Administrators only.
E-Mail is scanned for viruses as it arrives, and this helps prevent costly infections and having corporate information compromised.
We at the Web and I are ready to help you with your Office 365 Security plans. Please call us for an informal discussion at any time at 646-853-0573.

Jan 8

Microsoft Security Essentials: Integrated into Windows 8

Pristine Security Record Since our Founding in 2007

New York, New York

Cloud service consultancy the Web and I has a perfect security record for the five years we have been in  business. Our clients include small businesses in the legal and financial services sectors as well as retail, wholesale, entertainment, education, and government.

Our perfect security record means that we have never had a breach of client data, and our clients have never had a loss of data or significant service interruption of more than a few hours. Our medical clients have HIPAA compliance, our government and educational clients have systems that are rated with sufficient security and redundancy sufficient for GAO approval. This success is no accident, and can only result from a dedicated staff that lives and breathes compliance, reliability, usability, and enterprise resource planning, along with all of the security aspects of each of these. Our professional core of discriminating clients have been our best guide and inspiration to excel at security, and we anticipate keeping this perfect record indefinitely.

With change, however, comes new threats. Complacency is a condition affecting many computer consultancies when their security records are great, their engineers tend to believe they know all they need to about security after achieving their initial success. They may stop reading professional journals and bulletin boards, and they may not be aware of the next threat headed towards business, education, and government users. We are always aware, and always keep ourselves informed of the latest technologies and techniques used by the experts as well as the hackers.

This security has meant a lot for our clients. Our long-term clients never think about security threats anymore because they have been a thing of the past for years. This allows them to focus on work. For some of our businesses and for some types of business insurance, the kinds of security guarantees, service level agreements, and compliance standards we can achieve the kind of risk management which lower their business insurance costs. We are ready to provide all manner of consultation on limiting the liability exposure of your firm.

When you are considering outsourcing your computing expertise, choose a firm like the Web and I, who have a proven track record of security and satisfaction. Our clients are our best resource for you to find out our difference and what it means for your firm. We could work in so many areas of computing, but secure cloud and on-site computing using industry-standard technologies is our focus. Maintaining that focus allows us to strive for excellence, which then manifests itself in the lack of headaches our clients experience compared to what they are used to from having on-site staff or other consultants.

If you are not using the Web and I, you are doubtless going through a lot of unnecessary trouble, risk, and exposure liability. To find out how you can put these problems under control and in perspective while increasing your functional capabilities and the productivity of your employees, contact us for a complimentary initial consultation. We can be reached at any time at (646) 853-0573.

Dec 7

Cost Savings
1 Comment

Creating a Private Microsoft Office 365 Style Private Cloud in your Company

Goals

This project is intended to provide a secure intranet environment for the multiple offices of Your Corporation with the features of secure services including zones for document collaboration, E-Mail with Exchange, remote PC access from tablets, and the ability to have multiple users collaborate on the same documents simultaneously. Corporate instant messaging and online meetings are also desired features. In short, an environment should be created on local servers in one office and be usable by the other offices. Security considerations include a secure locked area for servers at least consisting of a lockable server cabinet for access control and removable drives. Removable drives should be consistent in size and type across all servers so that they can be changed without powering down the servers. The parity information on the drives should allow for rebuilding of information on a freshly inserted drive. Two load-balanced web servers with firewalls will serve as application servers. Additionally, a firewall appliance can act as a second level of firewall protection. The firewall appliance should be a Linux-based model with statefull packet inspection, because this is a complementary firewall strategy to that of Windows. This strategy has been successfully used by clients including NYU School of Medicine and our own offices. The servers needed are: Lync Server 2012, Lync Edge Server 2012, SQL Server, Exchange Server 2012, Office Web Apps Server 2012, IIS Web Server (A component of Microsoft Server 2012), and SharePoint Server 2013. Using the most recent products will bring You in line with the upgrades for Office 365 scheduled tentatively for the end of December 2012. Investing in the latest technology has risks involved with using the newest technology including undiscovered performance issues. As an alternative, the earlier versions of the software can be purchased and used. Backup will be relegated to a dedicated appliance that provides continual automated backup, one backup appliance for each server. These appliances can be carried away from the premises if needed just as easily as the removable hard drives.

Martin Low of the Web and I, Inc. is available to serve as the functional lead and project manager, and he is working from his office to select experts for an installation and integration by technical experts in each server type which can take place over two days convenient to Your Company on that weekend Mr. Low will configure SharePoint, oversee technical staff, clean up the contact list for the Exchange Global Address List, and assign security roles to users at Your Company

Following installation, Mr. Low will initiate training operations at the pleasure of Your Company He can initiate training in the main office in the first week and can provide additional training at other offices in person or through web meeting. In person training is recommended, but the wishes of Your Company will prevail.

Your Company has expressed a concern with server maintenance including software and hardware maintenance hours and expenses. Software maintenance can be had through technical experts in the individual server products by remote access or in person locally from an area accessible to Katonah. We recommend using local resources for increased security. Maintenance of the servers from a mechanical standpoint has a few possible approaches. The Web and I is experienced in the sourcing and construction of quality servers brand new from parts. The advantage to this is the lower costs of the servers Your Company needs to purchase. However the Web and I can also purchase the necessary servers from Dell at a discount through Dell Outlet. The advantage of using Dell for critical equipment is that Dell has service plans that guarantee on-site service including any needed parts all included in low-cost annual plans. The Web and I, Inc., despite our ability to make our own computers also chooses to use Dell because of the security our organization needs for the computers which run our mission-critical applications. The Web and I, Inc. represented by Martin Low will do a study of projected expenses for purchase as well as ongoing expenses for maintenance prior to the commencement of the Project. A formalized project management strategy will be used in accordance with best practices.

Implementation Methodology: Project Management

Accountability

There are people who need to be assigned responsibility for actions, decisions, and policies concerning the management of the implementation and governance, all within the scope of their role within the project. In other words, someone puts SharePoint in place; and project management helps this by defining the what, when, why, and where of this implementation.

Sustainability

While preserving the integrity of the platform delivered to the organization, the platform must meet present needs, but also future organizational requirements. These new technological capabilities need to be managed and governed to grow. Project management helps by providing methods so that issues concerning the economic (user requirements in terms of added features or products), social (the ability to enhance and connect people), and environment (the infrastructure can be scaled, for example) are protected and managed.

Resiliency

A SharePoint implementation needs to be robust to survive. All systems must have the ability to provide and maintain an acceptable level of service in the face of faults and challenges to normal operation. Project management provides processes such as configuration management, planning for backup, disaster recovery, monitoring, and performance levels.

Supportability

These technologies need to be looked after. Project management defines the quality-control measures to be enacted by the team that is responsible for the implementation.

As a Project Manager Mr. Low needs to ensure that when describing the four above elements to the Your Company that they understand there is a timeline to put in these technologies. Best practices do not allow for letting the client put together the timeline themselves, because they will start by reasoning that anything they don’t do is easy to do. Designing a platform for mission critical operations cannot be completed in two weeks, for example.

Accountability, supportability, resiliency, and sustainability cannot be assured in a week. Those are continual processes, and to make sure you can apply those means planning through to implementation. The estimated project timeline is one month. Two days for installation of the servers, and one month for ongoing training, quality assurance, contingency planning, and more.

Securing Office Web Apps Server communications by using HTTPS

Office Web Apps Server can communicate with SharePoint 2013, Lync Server 2013, and Exchange Server 2013 by using the HTTPS protocol. In production environments, we strongly recommend that you use HTTPS. You’ll have to have to install an Internet Server certificate that can be assigned to the server that runs Office Web Apps Server (if you are using a single server) or to the load balancer (if you are using multiple servers that run Office Web Apps Server).

With Microsoft server products, properly integrated and implemented, there is no need for expensive Wide Area Network (WAN) solutions, as these server products can be accessed securely over the Internet with 256 bit encryption.

Next Steps

  1. Approval of Project Outline by Your Company
  2. Contract Signing and 10% down payment of consultation budget. (the Web and I, Inc. will sign any confidentiality contracts you may require at this time by authorized signer Martin Low.)
  3. Plan for Procurement Methodology to  be completed by the Web and I, Inc.
  4. Approval of Procurement Methodology for hardware by Your Company
  5. Project Budget to be prepared by the Web and I, Inc.
  6. Project Budget to be approved by Your Company
  7. Project Kick-Off Date selected by Your Company
  8. Staff Selection Completed by the Web and I, Inc.
  9. Staff Approval by Your Company
  10. Technology Maintenance Plan to be completed by the Web and I, Inc.
  11. Technology Maintenance Plan to be approved by Your company
  12. Disaster Management and Recovery Plans to be completed by the Web and I, Inc.
  13. Disaster Management and Recovery Plans to be approved by Your Company
  14. Projected Ongoing Expenses to be completed by the Web and I, Inc.
  15. Projected Ongoing Expenses to be approved by Your Company
  16. Project Plan completed by the Web and I, Inc.
  17. Project Plan Approval by Your Company
  18. Business Process Re-Engineering Plan completed by the Web and I, Inc.
  19. Business Process Re-Engineering Plan approved by Your Company
  20. Software Testing, Quality Assessment and Quality Improvement Plan completed by the Web and I, Inc.
  21. Software Testing, Quality Assessment and Quality Improvement Plan approve by Your Company
  22. Regulatory Compliance Plan to be completed by the Web and I, Inc.
  23. Regulatory Compliance Plan to be approved by the Web and I, Inc.
  24. Staff Training Plan to be completed by the Web and I, Inc.
  25. Staff Training Plan approved by Your Company
  26. Payment of 40% of Consultation Budget and 100% of Hardware and Software. Alternatively hardware and software can be ordered by Martin Low directly at Katonah using Your Company payment methods for shipment to Your Company
  27. Purchase of Servers to be shipped directly to Katonah Office.
  28. Installation and Integration on Project Kick-Off Date to take place on two days.
    1. Project Kick-Off Meeting.
    2. Install Windows Server 2012 on all 8 Servers (6 product servers and two load-balanced web app servers).
    3. Windows 8 Upgrades on all Desktops.
    4. Configuration and Testing of Backup Appliances.

Oct 13

Department of Defense
1 Comment

United States Announces New First-Strike Cyber-Forces

The Defense Secretary Leon Panetta has announced the creation of a new first-strike cyber-force which will stand guard over the computing systems of the national infrastructure. Panetta states that there are very credible threats from abroad to the infrastructure of the United States by taking advantage of computing vulnerabilities, which could easily spell impending disaster in any number of scenarios. According to Panetta, “An aggressor nation or extremist group could gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country. Such a destructive cyber-terrorist attack could paralyze the nation and create a profound new sense of vulnerability. Such a destructive cyber-terrorist attack could paralyze the nation and create a profound new sense of vulnerability.”

For a few months now, companies in the United States have experienced attacks. Cyber-attacks are not only occurring in the U.S.: oil companies Saudi Arabia and Quatar have been hit with a massive data attack now known as the Shamoon Attack. This attack tried to send massive amounts of data to those companies, attacking around 30,000 computers.

The cyber-force consists of engineers at computers proactively monitoring computer systems that control systems in our nuclear power plants, railroads, power plants, telecommunications firms, internet service providers, and more.

According to Panetta, “Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America or its interests. If we detect an imminent threat of attack that will cause significant physical destruction or kill American citizens, we need to have the option to take action to defend the nation, when directed by the president.”

 

Jan 19

3 Comments

Microsoft Office 365 and the Security and Compliance of your Data

When comparing cloud productivity services such as Google Apps, IBM Lotus Live, and Microsoft Office 365, most companies do not realize that only Office 365 complies with leading information security and privacy standards. As part of their commitment to customers, Microsoft is certified for ISO 9000 and the Health Insurance Portability and Accountability Act (HIPAA).

Microsoft also has implemented a site called the Office 365 Trust Center. This site has comprehensive information about the privacy and security practices for Office 365. The Office 365 Trust Center is available at http://trust.office365.com.

Compliance Updates

The European Union released model contractual clauses that are a standard for transferring personal data internationally outside the European Economic Area(EEA). When these model clauses are included in service agreements with corporations housing the data, customers are assured that their data has been safeguarded, even if that data is stored in cloud-based service centers outside the EEA. Regulators in the EU have stipulated that they can request that customers halt using a data service that has not implemented their specifications for data protection.

Microsoft has used the model clauses specified by the EU, which is something that none of the other cloud service providers has done. Microsoft has also recognized the fact that 27 member countries in the EU have more stringent and specific regulations than the EU Data Protection Directive. Microsoft has added clauses to make them compliant with the requirements of these 27 member states as well.

Creating cloud productivity applications that are suitable to businesses with European customers means more than just building functional applications that work in a browser. Microsoft has taken European data protection and security standards seriously, and they have implemented a comprehensive approach to making sure that their product complies completely.

Another stringent standard for information security management is the ISO/IEC 27001. In addition to strict standards to achieve this benchmark, there is a yearly audit to ensure compliance and maintain the standard. Microsoft Office 365 is the first major cloud software to achieve this benchmark. Microsoft has also ensured that safeguards are in place to make sure that Office 365 is fully compliant with HIPAA.

Lack of HIPAA compliance has previously prevented healthcare organizations from taking advantage of cloud productivity software. Microsoft has removed this barrier by taking the steps with their policies, their program, their security, and the underlying physical architecture of the cloud service centers to ensure that they comply fully with HIPAA standards. Office 365 is a natural fit for the administrative needs of hospitals, health insurers, clinics, and individual physician’s offices. While maintaining compliance, they can lower IT operating costs by using Office 365.

About Office 365

Microsoft Office 365 is the cloud productivity software suite from Microsoft. Included with Office 365  is Microsoft Office, SharePoint, Exchange, and Lync. Office 365 gives you robust E-Mail service for all of your employees, the latest version of Office for their desktops, document storage and collaboration, video teleconferencing, and enterprise instant messaging.  All of these services are more compliant, secure, and reliable at a price hundreds of times lower than would be possible with an on-premises solution would be. As Office 365 does have some technical intricacies in its’ implementation, it is a good idea to have an experienced partner to help you. The Web and I has experience in implementing Office 365, and we are certified Microsoft Channel Partners.  Call us today for a free consultation at 646-853-0573.

Follow

Get every new post delivered to your Inbox.

Join 904 other followers