June 2017 Podcast

Gregory Dover was recently interviewed by WJOL in June 2017.  Greg chronicles how GAD Group was started and his motivation for entrepreneurship.

New Windows Server Setup

New Windows Server Setup
Notes from the field
July 6, 2017








As most of you know I like to stay technically astute and there's no better way to do that than to cover for a field tech that's on vacation.

Today I'm installing Windows Server 2016 on a new HPE ML30 Proliant Server.  The server hardware setup portion of the install went fine.  That process involved popping two hard drives into server.  The server did not come with a DVD-ROM reader so I quickly contacted another tech in the area and had him drop off his reader.  Since this is a small customer (less than 10 employees), I'll be configuring the server with RAID 1.  The process involve using HP's embedded raid array utility.  I selected both drives, each 1TB in size, which yield a new logical drive that's 995GB in size.


After RAID configuration, its time to install operating systems.  The OS install splash screen comes up and I choose Windows Server Standard 2016.  The small print for this option indicates it will install the OS without the graphical user interface (GUI).  I didn't see this up front and had to re-install to get GUI version.  This is necessary due to old Quickbooks database server that needs GUI for installation.  The other issue during the install was that Windows did not detect the new drive array and associated disk volume, so I had to go and download drives from HPE website.

New server is up and running.  I didn't expect that taking the first and default OS option would install the command line only version, so be on the lookout for that.

Network Management for Small Businesses That’s Simple and Secure

Network Management for Small Businesses That’s Simple and Secure: I welcome Michael Proper, ClearCenter CEO, to our blogging community and am excited to have him tell the HPE and ClearOS IT management and network story. Let’s be honest. Managing a network today for a small business can be a mess. You may splurge on a decent firewall appliance but then you’re force...

Introducing the HPE ProLiant MicroServer Gen10 Small Scale Server

In Preparation of Ransomware Hit

Background

Ransomware happens when an unsuspecting user clicks on a link within an email message or download a small piece of software unknowingly from a website.  This software, often disguised as something legitimate, proceeds to encrypt all of the files on your computer system.  The latest variants event target the network drives if you are connected to a corporate or business network.  The result is that it encrypts all company files located on the network drive.  It spreads rapidly from computer to computer until all computers are infected and files are encrypted.

Users are left with a note on their computer desktop instructing them to purchase bitcoin and send the digital currency via email to the author of the ransomware.  After receipt of the email, the author sends a software key to the user to decrypt their files.  Beware that there are many cases where the author does not respond back with the key.  In this case you are left with nothing.

According to FBI...

Here are some tips for dealing with ransomware (primarily aimed at organizations and their employees, but some are also applicable to individual users):

• Make sure employees are aware of ransomware and of their critical roles in protecting the
• organization’s data.
• Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
• Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
• Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
• Configure access controls, including file, directory, and network share permissions appropriately. If users only need read specific information, they don’t need write-access to those files or directories.
• Disable macro scripts from office files transmitted over e-mail.
• Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
• Back up data regularly and verify the integrity of those backups regularly.
• Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.

source:  https://www.fbi.gov/investigate/cyber

What can you do...

The latest variants took advantage of unpatched Windows PCs.  Simply apply the latest security updates in order to ward off these variants.  

We also know that SMBv1 is the main culprit.  Microsoft actually discourage use of this protocol.  ZDNet recently posted an article relating to the subject.  

According to ZDnet (1) Two devastating global ransomware outbreaks, WannaCry and Petya, spread quickly because of a vulnerability in one of the internet's most ancient networking protocols, Server Message Block version 1 (aka SMBv1).

Your PCs that run Windows 10 are protected from that exploit, but that doesn't mean you'll be so lucky the next time.

In the interests of implementing a comprehensive, multi-layer security policy, Microsoft recommends that you disable the SMBv1 protocol completely. The world has already moved on to SMBv3, and there's no excuse for continuing to let that old and horribly insecure protocol run on your network.

To permanently remove SMBv1 support from Windows 10 do the following:

Open Control Panel (just start typing Control in the search box to find its shortcut quickly). Click Programs, and then click Turn Windows features on or off (under the Programs heading). Clear the check box for SMB 1.0/CIFS File Sharing Support, as shown here. That's it; you're protected.
(1) source: http://www.zdnet.com/article/windows-10-tip-stop-using-the-horribly-insecure-smbv1-protocol/?ftag=TRE-03-10aaa6b&bhid=113555250