m.a.collins

Should You Go with the Cheapest MSP Proposal?

Not All MSPs are Created Equal!

Just like many other things in life, all MSPs aren’t created equal. The reality is that even if you were to find two MSPs who are using the same technologies and toolsets, they can be vastly different in degrees of how they use them, how they interact with their clients, how they control the precision of implementation, how security-minded they are in implementation, etc.  As unlikely as it is to find two MSPs with identical technologies and toolsets, it’s still easy to comprehend the truth of how different they could be.

Back when I started my IT career as a network administrator, one of my bosses told me a story I would never forget to this day. He said that he met the best sales person he had ever met in a motorcycle shop. While there to buy a motorcycle helmet, a sales clerk offered to assist him. He asked the sales clerk what the difference was between a $100 helmet and a $500 helmet. The sales clerk simply responded, “Do you have a $100 head or a $500 head?” I can remember my boss laughing as he said the point was so well-made, that he walked out of the store buying one of the more expensive ones. Why would he pay more for what looks like the same thing? Because, although it wasn’t readily obvious to the naked eye, the more expensive helmet offered better protection to a vital part of his body. The same is true as it relates to IT security and MSP pricing. The right tools and the right personnel to use them properly come at a cost; and cutting corners on either could spell disaster for your business.

Three Realities That Impact MSP Pricing

The first reality regarding MSP pricing is that as business IT environments are getting more complex while, simultaneously, attack vectors are increasing in complexity, security-related IT costs are naturally going to increase proportionately. Simply put, more tools and more tech specialization are required today to implement, monitor, and employ effectively than it did yesterday.

The second reality regarding MSP pricing is sustainability. Business owners know how much of a headache switching MSP vendors can be. Choosing an unsustainable MSP due to cut-rate pricing could cost you in the long run by requiring you to make an unplanned MSP change due to that MSPs poor business practices.

The final reality when it comes to MSP pricing is every good MSP should be seeking to improve process, adopt new security technologies, and improve service delivery. Continuous improvement is itself a costly venture both in time, resources, and money. You want to choose an MSP that is committed to continuous improvement, because who wants an MSP using 10-year old technology? Or who would want an MSP approaching security the same way they did 5 years ago?  We see how fast technology is evolving around us, so wouldn’t it make sense that an MSP would need to be constantly working not only to learn new technologies but also adapt proper security protocols for them?

Just Because It’s Working, Doesn’t Mean It’s Right!

A number of years ago, we were taking over a client from another MSP.  After a couple of weeks of onboarding, we performed a permissions audit to determine why everyone in the company had access to files and folders even when they weren’t members of the associated permissions group.  During the audit, we discovered a major problem! In order to resolve a permissions issue, the previous MSP had added the everyone group to the domain admins group. This effectively giving all the users complete administrative access to everything on every server.  We worked with the customer to migrate them to a least-privilege permissions policy for all users.  This situation gave birth to one of our company mantras:  Just because it’s working doesn’t mean it’s right!  This customer didn’t realize they were one disgruntled worker away from complete disaster.  Add to that the inept backup application they were using at the time, they were on the brink of existential disaster and were blissfully unaware.

Qualifications are Important!

Just because you have an M.D. doesn’t mean you are qualified to perform brain surgeries.  In the same way, just because you know a little bit about networking doesn’t mean you are qualified to manage a company’s cyber security. It’s essential that you take into consideration the complete picture when deciding between MSPs, instead of making price the primary deciding factor.

Contact TCS today for more information on our unique approach to managing your IT infrastructure efficiently and securely, while also remaining committed to a culture of empathy and continuous improvement!

/by
m.a.collins

Why Geo-IP Filtering is a Critical Layer of Any Defense-in-Depth Strategy

Geo-IP filtering has been around for quite some time.  TCS has been configuring it for at least a decade on our next-generation firewalls.  This article will define what Geo-IP filtering is and why it is critical for any CyberSecurity model.  Before we get too carried away, it’s imperative that we emphasize that Geo-IP filtering is one of MANY layers that should comprise a CyberSecurity posture. Nevertheless, it is a vital layer.  What is Geo-IP filtering?

Geo-IP Filtering Defined

In writing an article of this nature, it would be foolish to assume everyone understands Geo-IP filtering is.  Every device that connects to the Internet is assigned an IP address, and the IANA (Internet Assigned Numbers Authority) allots different numbered IP addresses to different countries.  Since every country registers its own numbering format, this makes it possible to determine if Internet requests are coming from the US or Canada, British Isles, or even Zimbabwe. 

For SMBs and local governments and municipalities, there really is no need to allow your network to communicate with the entire world.  If you’re not running or managing a global enterprise, odds are allowing communication with every country in the world is more of a liability than a necessity.  Even global enterprises can benefit by whitelisting specific international IP addresses necessary for their business, but that is very complex – something that enterprises generally have the resources to handle internally.  Exceptions aside, the bottom line is a local plumbing company, doctor’s office, or financial institution probably has little need to communicate with Vietnam, North Korea (Democratic People’s Republic of Korea), or South Sudan.  Why South Sudan?  According to Kaspersky’s World Threat Map, It registers as number two (#2) on the world map of attack sources accounting for 8.49% of all attacks worldwide.  Who would have thought that?

Why Geo-IP Filtering Is So Critical

It might be obvious to some why filtering out countries known for their bad actors would be a good thing, but some might remain unconvinced.  One lead question I often use with potential clients is, “Do you want your business to be able to communicate with enemies of the US?”  Most business owners, unless they have some alliance to trade in other countries, answer “No way!”  That settles it for them.  But what are some of the nuances of how Geo-IP protection can benefit an SMB?

  1. Many Crypto-Ransomware attacks depend on being able to communicate with out countries in order to complete the ransomware hijack. 

Here is a very helpful infographic from Sophos showing the five stages of a crypto-ransomware attack: 



Note:  Full article including the graphic can be located here.

Notice Step 2 of their graphic:  Contacting Headquarters.  Often, these ransomware headquarters are off-shore, because they are trying to avoid legal accountability, or they are state-funded attacks to create disruption.

If the ransomware needs to contact a server in one of the blocked countries in order to complete the process, you have blocked an integral part of the process.  That doesn’t mean you are safe just yet, BUT your files aren’t encrypted yet either.

  • Email Scams with hyperlinks often originate in Eastern Europe and countries in Africa.  When you receive an email stating there is a problem with your Amazon purchase, or you have a UPS package that is undeliverable, those emails will often include a link to click on in order to resolve the issue.  Those links often point to webservers in other countries.  Filtering communications with those countries helps protect your users, should one click on the link.  This isn’t a substitute for end user security awareness training, but it does add another layer of protection against user error.
  • The final way that Geo-IP filtering can prove helpful is the all-to-common mistyped web address, or typo-squatting as it has commonly called in the industry.  While protections have been put in place to guard against these mishaps, they still occur.  The most well-known historical example is misspelling Google.com as Goggle.com.  This led to Google purchasing the rights to Goggle to ensure it didn’t get misused.  If the misspelling is attempting to connect a user to a server in a restricted country, the end user is blocked from accessing the site, which cues them to investigate the spelling instead of opening up your organization to malicious attacks.

Conclusion 

No single security layer is the end-all security measure for businesses and organizations, but Geo-IP filtering can help mitigate against malicious attacks on your network from other countries.  Management of Geo-IP filtering can be tricky and tedious at times, but the juice is most certainly worth the squeeze.  There’s no reason to allow communications with other countries beyond those mission-critical sites necessary for your business to function properly.

/by
Charlie Waters

Hardening the User

Defense in Depth Redux

Today, we are continuing our conversation on Defense in Depth.  We have firewalls with features like Geo-IP blocking, Intrusion Prevention, and content filtering.  Web browsers and DNS servers join in to warn about or block access to compromised web sites.  Endpoint security now goes beyond traditional signature-based anti-virus, adding artificial intelligence and application behavior analysis to protect against unknown threats.  Spam filtering and anti-phishing security protect our email inboxes from the nasties.  Hard drive encryption protects data at rest and security protocols encrypt data in transit.  Computer hardware helps protect operating systems from root kits that hijack the lower level “ring zero” (trusted) access to memory, cpu, storage, and other system resources.  Two-factor authentication and biometric access are quickly replacing traditional passwords.  In all of this “geek speak”, we left out a key ingredient – the end user.

End users are often referred to by IT support in the pejorative as the weak link in security, ie: PEBKAC (Problem Exists Between Keyboard and Chair) or ID-10-T error (read: IDIOT).  If you have ever watched an episode of The IT Crowd, then you have likely observed the true nature of many tech-heads.  This arrogant attitude is often delivered with snarky and condescending questions like: “IS IT PLUGGED IN?!”, “IS IT TURNED ON?!”, “DID YOU REBOOT IT FIRST?!”  And whenever I’m on the receiving end of this treatment, I want to respond, “If I’m calling you then it’s not in your scripted manual, so please escalate to someone who can really help!”

But why this love-hate or sometimes hate-hate relationship between end-users and technical support?  It shouldn’t be that way.  Users need technology and the IT Department doesn’t exist for its own sake.  This dynamic needs to change from what is often “us versus them”, to “we”.  Working with, rather than against, the user is an opportunity to enhance security…and that’s a win-win!  To borrow a line, “All in all it’s just another brick in the wall.”  The user is a critical component of information security, perhaps the most critical.

The True Enemy

When we recognize we are all on the same team, we are ready to do battle against the true enemy – the sinister hacker.  We should not be surprised the end goal for hackers is often financial reward.  Our business systems with its files and data are a treasure-trove of valuable information – proprietary business intellectual property, credit card numbers, social security numbers and other Personally Identifiable Information (PII).  Healthcare has what is called Protected Health Information (PHI).  Selling this information for use in identity theft and insurance fraud is a big reward.  Don’t forget bank account information, stored user credentials to all sorts of internal and external systems.  And even if our data isn’t valuable to the attacker, they know our data is valuable to the operations of our business.  Hackers encrypt the stored data, holding it hostage in exchange for a ransom.

Remember the Colonial Pipeline shutdown?  Their CEO authorized a $4.4 million dollar payment to the hackers.  Just imagine making that tough decision! Somehow departing with millions in Bitcoin was the best decision in the moment. Monday morning quarterbacking makes me wonder about their business continuity plan, but that’s a topic for another time. Much of this activity is coming from foreign governments – their employees clock in every day and launch attacks against businesses, large and small.  Many hackers get paid commissions on how much money they can extort.  We are all targets!

How to Harden the User

How do we go about solving the problem?  Here are some proposed first steps on our journey to hardening our end users:

  • Recognize the need to start a security awareness and education program
  • Incorporate regulatory compliance standards if required
  • Start somewhere, make improvements each time, and measure results

To that end, let’s start somewhere…

The upcoming TCS Education Webinar for Q3 2021 – “Hardening the User” will provide practical advice on how to be aware of and avoid the following user security issues:

  • Not believing we are a target (optimism bias)
  • Identity theft and other data privacy issues
  • Bad password habits
  • Using public wi-fi
  • Social engineering, including phishing and SMShing
  • Unsecure browsing

Stay tuned for more when we release the upcoming video companion and training guide to this article.  You will be able to share this out as a Security 101 class for your users.

/by