Has Malware Made a Home in Your Router?

Hackers and cybercriminals, like most people, tend to gravitate towards high-reward activities. In this case, that means that focus is turning to creating malware that attacks the router, potentially infecting the users that leverage it to connect wirelessly to the Internet. Researchers at Kaspersky Lab recently discovered an example of such a malware, so today, we will review this threat and how to best protect your network.

Slingshot
This threat, codenamed Slingshot, targets MikroTik routers and utilizes a multi-layer attack to spy on the PCs connected to the router. By replacing a library file with a malicious alternative that subsequently downloads other pieces of the malware, Slingshot is able to bypass security solutions unscathed. It then launches a two-pronged attack, one leveraging low-level kernel code to give an intruder carte blanche access to a system, the second managing the file system and preserving the malware – allowing it to continue.

If this sounds impressive, it is – not only does this attack access additional code from an encrypted virtual file system, it does so without crashing its host. This quality and complexity led the security experts at Kaspersky Lab to conclude that this attack was state-sponsored. Based on reports, this malware can collect just about any data that it wants to from its target, from keystrokes to passwords to screenshots to network traffic.

According to MicroTik, their routing firmware has received a patch for this vulnerability, but it is still unknown if routers from other manufacturers are affected. If they have, Slingshot could suddenly become a much larger issue than it already is.

Other Router Malware
Of course, Slingshot isn’t the only issue that affects router security. The fail-safes and security measures baked into routers have been historically unreliable. This can largely be attributed to manufacturers building numerous products with no comprehensive strategy concerning their security and keeping it up-to-date. However, this doesn’t mean that the user is off the hook, either. It is up to them to actually update the router’s firmware, not something that is necessarily their first, second, or even twenty-third thought. Furthermore, the updating process can often be challenging, as well as time-consuming.

Hackers will often change the DNS server setting on a router in order to attack a network. Rather than directing you to the secure website you are trying to navigate to, the altered DNS will instead send you to a phishing site. Since these sites are often convincingly created and designed to fool their targets, you may not realize you are being victimized until it has already happened.

In addition to attacks like these, hackers will also often use methods like barraging their targets with ads or infiltrating them via drive-by download. Some attacks leverage cross-site request forgery, where a hacker will develop a rogue piece of JavaScript that will attempt to load a router’s web-admin page to alter the router’s settings.

How to Mitigate Damage to You
If you suspect that you are the target of a router-based attack, your first step should be to confirm that something is wrong. While there are assorted ways to accomplish this, the most effective is to check if your DNS server has been changed. To check, you’ll need to access your router’s web-based setup page, and from there, the Internet connection screen. If your DNS setting is ‘automatic,’ you should be okay. However, if it says “manual,” with custom DNS servers entered, you may have a problem.

In order to mitigate damage in the case of compromise, you’ll need to make sure that your router matches the specifications set by the manufacturer. To do this, make sure you:

• Promptly install firmware updates: Keeping your router’s firmware up-to-date will assist you in keeping your router secure.
• Disable remote access: By disabling the capacity for your router to be accessed remotely, you prevent the chance of someone changing the settings without your knowledge.
• Disable UPnP: While there is definitely some convenience to be had with the assistance of plug and play capabilities, UPnP could lead to your router becoming infected, as it is predisposed to trust any requests it receives.
• Change your access credentials: A simple means of upping your security is to change your access credentials away from the router defaults.

If you want to know more about your cybersecurity, the professionals at Net Activity are there here to help you keep your network and infrastructure safe. Call us at 216-503-5150.

Source – http://www.netactivity.us/malware-router/

Learn More about VoIP Architecture & Call Components

A lot has been written about the features and benefits of VoIP services. So, in this blog, we would concentrate on understanding the architecture and components of Voice over Internet Protocol (VoIP) services. We would consider the major components along with their individual functional characteristics.

The 4 major VoIP components include:

• Signaling Gateway Controller
• Media Gateway
• Media Server
• Application Server

SIGNALING GATEWAY CONTROLLER

The signaling gateway controller (SGC) is a known as ‘called agent’ due to its call control function and is popularly referred to as a ‘Media Gateway Controller’ because of media gateway control function included in the system. The SGC entity is the heart of VoIP platform and performs multiple roles out of which connecting the PSTN world with the IP world is its main function. Some of the main characteristics of SGC component are:

• Supporting signaling system 7 (SS7) protocol stack
• Supporting voice call control protocols such as H.323 or SIP
• Supporting media control protocols such as Megaco (H.248) or MGCP
• Generating detail call records
• Providing bandwidth management control using admission control mechanisms
• Supporting bandwidth policing mechanisms
• Allocating media connections

MEDIA GATEWAY

The transmission of voice packets is performed by the media gateway by using RTP transmission protocol. The media gateway performs extra functions such as packetization when it’s used in a converged IP/PSTN network. It requires using IP trunks on one side and TDM trunks from the other. Some functions of the media gateway can be listed as below:

• Supporting MEGACO or MGCP
• Transmitting voice data using RTP
• Supporting E1/T1 Trunks
• Supporting various compression algorithms
• Managing digital signal processing (DSP) resources

MEDIA SERVER

The role of media server comes into the picture when additional features such as video conferencing or voicemail is needed. It also assists when announcements or special tones need to be transmitted. Media server performs the following functions:

• Voice activated dialing
• Voicemail function
• Transmitting customized call progress tones or special service announcements
• Transmitting voicemail to email
• Supporting Interactive Voice Response (IVR)

APPLICATION SERVER

Application Server takes the responsibility to provide value-added services to the IP network. The server provisions both – customer specific and global services. Moreover, session specifications and call characteristics are also influenced by the application server. Below are its main functions:

• Offering basic services like call forwarding, call waiting, call transfer, etc.
• Supporting private dialing plans
• Generating call detail records (CDR)
• Free Phone service

Once you opt for VoIP phone services, it is important to decide on a reliable VoIP service provider who can assist you with business-specific requirements and provide cost-effective services to your business. The Net Activity team is well-versed and well-equipped to serve your organization with a functional VoIP system. Please visit http://www.netactivity.us/services/voip-business-phone-services to know the details or contact Harry Bhatia at 888-545-5346.

Source – http://www.netactivity.us/blog/learn-more-about-voip-architecture-call-components/

Is Switching to a Third Party Hardware Maintenance Provider a Good Idea?

IT managers usually face the fiscal pressure of reducing costs while improving operational efficiency. One of the major costs involves repairing and replacing system hardware components. Strategies that help in extending legacy hardware life cycles are gaining popularity. They allow organizations to continue using the hardware for a longer duration and thereby minimize the cost of IT.  While it’s difficult to maintain a balance between legacy and contemporary hardware, this complex environment invites major challenges, this complex environment is important to maximize the value of data center systems.

All of these strategies that aim at extending hardware life cycles focus on having alternative hardware maintenance plans. A major problem here is relying too much on the OEMs (original equipment manufacturers). They undoubtedly offer best-of-the-class experience; however depending solely on the OEMs would leave the hardware uncovered once the end-of-service-life date arrives. Moreover, the extended warranties are way too expensive. A better solution would be to hire the services of third party providers. Let’s see how…

Reduced Costs

Cash is often a huge concern and bottom line for IT managers while aligning operations and business priorities. Getting Dell, HP, EMC support from third party IT Managed Service providers seems to be more budget-friendly.

Simplified Approach

While concerning with OEMs for managing extended warranties of the hardware of your data centers is difficult. It leaves the IT managers confused with many points of contact and complexity that eventually increases the gap. A third-party provider possess the capability to handle multiple device types at a time ensuring that the IT managers focus on their core tasks rather than communicating with many points of contact at the OEMs.

Flexibility

OEMs have their support models. However, they concentrate more on their business’ core competency – selling hardware. Maintenance is the secondary goal and they often have rigid maintenance plans while they strive to excel in their primary goals i.e. the operational sales. IT managed service providers promote support activities as their core competency and therefore can adapt easily to different client demands. IT managers can be more comfortable working with these third-party providers.

Value Addition

A third-party IT maintenance provider offers reliable plans at the best market value. A partnership with them also gives IT managers the access to refurbished parts, making component purchasing decisions, migrating data, and help them move hardware between facilities.

Although hardware maintenance may not seem to be the game changer or revenue generator for businesses, it helps IT manager greatly to simplify operations. Net Activity, Inc. is an IT Managed Service provider in Cleveland that conforms to the latest technological advancements while delivering best-in-class service to its clients around Ohio. Please contact Harry Bhatia at 888-545-5346 to discuss further or visit our website http://www.netactivity.us/it-managed-services.html for more information.

Source – http://www.netactivity.us/blog/is-switching-to-a-third-party-hardware-maintenance-provider-a-good-idea/

Why Your IT Needs a Disaster Recovery Plan

We often hear in the news costly business disasters due to infected IT and mostly the losses are too big to overcome. Most of the time the IT disaster is harmful to an extent that data cannot be recovered and so, it is very important to have a disaster recovery plan.

Although planning for the unexpected can be difficult, it shields you when a natural or man-made disaster happens. It’s unpredictable as to how likely your organization is prone to cyber-attacks, it is vital for every organization must take IT disaster recovery and prevention as its primary objective. Here’s why:

HARDWARE IS BOUND TO FAIL

While IT hardware is built with the most secure practices and using tough components, there are doorways to peep in. Internet connections are a profound source of these kinds of interventions and disaster recovery plan is the only way to save the priceless data from being corrupted. A more sensible option is to have your data regularly backed-up by outsourcing your IT infrastructure to a Disaster Recovery service provider rather than building your own data center.

TO ERR IS HUMAN

Much like machines, humans also are not perfect. So, a disaster recovery system is essential that will keep log files by creating online backups and letting you restore files easily.

CUSTOMERS EXPECT PERFECT, ON-TIME DELIVERY

Customers have an advantage today as there are many options available in the market. If you can’t deliver on time, your competitor will. So, being prepared with a disaster recovery plan is always a good idea. You cannot complain about your anomalies to customers.

LOSING CUSTOMERS IS DEVASTATINGLY EXPENSIVE

It is widely known that retaining a customer is comparatively cheaper than re-acquisition of an old customer after an IT disaster. Customers maybe disgruntled when they learn that the organization they rely upon does not have enough security to secure their data. So, it is recommended to have a plan to detect defects long before they cause lasting damage to your business.

Net Activity, Inc. understands IT loopholes better and serves their best to shield you with proven disaster recovery plans and online backup systems. We are a company that has been providing IT Managed Services across the country since 2002 and ensure that your IT infrastructure remains safe and healthy.  Contact Net Activity today at 216-503-5150 to set up a Disaster Recovery Plan.

Source – http://www.netactivity.us/blog/why-your-it-needs-a-disaster-recovery-plan/

US Government’s Revelations Against North Korea Cyber Attacks

Recently, the FBI and The Department of Homeland Security (DHS) issued alerts to warn people of two types of malicious software or malware that the North Korean hackers are using to attack telecom, media, aviation, and finance industries.

One of the malwares is known as FALLCHILL and has been in use since 2016. It facilitates hackers to get access of and monitor infected computers remotely. The malware spreads when users accidentally download it by visiting infected websites. The DHS and FBI also mentioned that FALLCHILL uses multiple layers of ‘proxy malware’ to conceal its origin and makes it even more difficult to trace the hackers.

Another type of malware introduced by the North Korean hackers, named VOLGMER uses a spear phishing technique to infect computers. It sends a legitimate-looking email with a link that spreads the virus when clicked on. The US authorities say that North Korean computer hackers have been using this malware since 2013.

According to the DHS and FBI identified both the above mentioned malwares to be in association with HIDDEN COBRA, a term used by the US government to refer to the “suspicious & malicious cyber activity by the North Korean government.” In the recent years, North Korea has been linked to a few of the most high-profile, destructive cyber attacks that includes a $101 million theft from Bangladesh’s Central Bank in the year 2016, an attack on movie studio – Sony Pictures in 2014 and several disruptions to its neighbor South Korea’s systems. These hackers also have been accused of being the mind behind Wannacry Ransomware attack in May 2017 that caused a terrible loss to hundreds and thousands of computers across the world.

The North Korean cyber attacks have been making headlines for quite some time. However, the countries that are capable of doing so are constantly tracking, watching and spying on the capabilities of other countries. They usually attack the countries that fall beyond its immediate borders with cyber intrusions or missiles.

Net Activity, Inc. is protecting businesses of such kind of malware attacks since 2002 and has proven the competence of its IT Managed Services at the time of cyber attacks. Secure your network and hardware system before a malware takes its control. Contact Net Activity today at 216-503-5150 to learn how to protect your business from these malicious attacks.

Source – http://www.netactivity.us/blog/us-governments-revelations-against-north-korea-cyber-attacks/

Hybrid Cloud – Definition, Benefits, & Limitations

Though cloud computing is not a new concept, it has its own set of complexities and people often try to overlook them ending up in choosing a cloud server that does not suit their specific business purpose. Since hybrid cloud is still a mystery for many, here is a brief understanding of what hybrid cloud is and how it helps businesses.

What is Hybrid Cloud?

As the name suggests, hybrid cloud is a combination of public cloud server and a private cloud platform. Both these cloud infrastructures operate independent of each other and communicate using a technology that permits the portability of applications and data over an encrypted connection. The point of focus here is the public and private clouds work independently so that the business can extract the ability to leverage resources using a public cloud service and store privileged data on a private cloud server. This arrangement is very beneficial as there’s minimal exposure of data that ensures protection of sensitive data.

What are the benefits?

One of the major benefits of hybrid cloud computing is utilization of a private infrastructure that enhances latency and access time when compared to public cloud servers. The volleying of threats among service providers and the halting of Net Neutrality, it’s not unacceptable that businesses rely on a single source. This is where switching to Hybrid Cloud servers is a game changer. Apart from securing your data, the hybrid cloud computing model provides a computational on-premise infrastructure that manages average workload for organizations while retaining the public cloud servers for failover circumstances.

What are the limitations?

Besides all the advantages hybrid cloud provides, it exhibits its own set of limitations and certain privacy/security issues. The network used to transfer information can be sometimes subjected to third-party interference. Data transfer is a critical operation that is very sensitive as it takes place across a network. Another point of thought is the price factor. There are many organizations that have a thin budget and as a result can’t afford the hybrid cloud solution. The upfront costs of acquiring the private servers are substantially high and are a deciding point for those who can otherwise opt for public cloud servers.

At Net Activity, Inc. we provide public, private, and hybrid cloud computing solutions to organizations. Please visit us at http://www.netactivity.us/services/cloud-computing-services to know more about our cloud services or call us at 888-545-5346.

Source – http://www.netactivity.us/blog/hybrid-cloud-definition-benefits-limitations/

Is Ransomware a Threat to Enterprise Back-ups?

Recently, in May 2017 a ransomware named WannaCry was the matter of discussion among many organizations. The considerable damage WannaCry made to some of the corporate giants was constantly in the news and organizations were horrified due to the extensive loss in data. However, interestingly it didn’t take much time for the organizations to recover the lost data back from back-ups. Although this is a good thing, it may be an alarming situation if the enterprises are slowly adapting to ransomware, it is surely going to target advanced backup strategies.

How could ransomware target system backups?

When the user attempts to hold data located at the target for ransom, it can be difficult for the target to restore it from the backup. Most of the home users and municipal corporations don’t invest heavily on data backup and recovery systems and rely on the basic, built-in protection for their computers, laptops, and servers. This basic system, known as Windows Volume Shadow Copy is present in the editions since Server 2003 and XP and stores pictures of the files on an endpoint. As it is commonly used by home users as well as small businesses, the ransomware such as WannaCry have tools to delete it.

Ransomware like Locky, WannaCry, Cryptolocker, and CryptXXX are capable of deleting the volume shadow copies with the help of strings in command line. This is probably the reason why some ransomware variants failed to make much profit as most enterprises use more robust protections than just shadow copies. WannaCry hit enterprises rather than attacking small businesses or home users and as a result global companies with thousands of employees fell victim to its attack. Within an enterprise, data backup adoption is at extremely high levels while cloud backup and recovery comprise a high percentage of cloud-based investments. Companies have the best potential to overcome a ransomware attack by restoring from backup.

Conclusively, with a malware like WannaCry, it’s proven by the ransomware authors they can attack enterprises. However, they don’t have a persistent mechanism. Additionally, the enterprise backups are too robust to cause much damage as they are capable of retrieving data from backups within a day at most. Although the enterprise backup systems are sufficiently secured, there’s something really to worry about as hackers intelligently innovate ways to overcome these technical obstacles. So, companies must be prepared with the possibility of ransomware attacking their backups for encryption or deletion.

Visit http://www.netactivity.us/wannacry-ransomware-latest-hack-explained-and-prevention-tips for more details about how Net Activity, Inc. is helping organizations stay protected from the malicious malware attacks.

Source – http://www.netactivity.us/blog/is-ransomware-a-threat-to-enterprise-back-ups/

Sophos Security Equipment – Security Made Simple

Choosing from the many brands of Unified Threat Management (UTM) is a tough task pertaining to the fact that many competitive companies have set their foothold on the market. The decision making process has become more difficult with overwhelming options available out there. To narrow down your quest for network security equipment, here is a proven technology that’s relied upon by many users for managing their IT security in a cost-efficient manner – Sophos.

Sophos Technologies, an international network security appliances provider features unified threat management appliances that offer user identity-based network security. Providing extensive security to individuals, it offers high-end security to organizations on a larger scale.

However, before deciding on a UTM provider, you must consider the following parameters:

Intrusion prevention

The UTM provider must be capable of identifying malicious activity and log pertinent information about any fraudulent activity. The Sophos Security equipment performs the intrusion prevention that is a to menace entities and prevent their access. It bounces back intruders even before they enter your system and cause further damage.

Anti-Virus scanning

With the emergence of various kinds of malware, ransomware, backdoors, malicious LSPs, Trojans, etc. the role of anti-viruses expanded to implementing strategies to protect the PCs from other computer threats such as malicious and infected URLs, phishing attacks, electronic spamming, and advanced persistent threats.

Bandwidth adjusting

The UTM provider must detect the tempering of your internet service by an ISP. Sophos abates the traffic coming to a network to avoid congestion and allows intersections to perform smoothly.

Data loss prevention

Data loss prevention is a strategy that is used to prevent sending critical data across in a corporate network, accidently or maliciously. Your unified threat management provider should ensure NDA (non-disclosure agreement) that is capable of protecting proprietary information or any type of trade secrets.

Reporting

Many UTMs create reports that show how your network is being used. The implementation of reports involves extracting, transforming, and loading procedure (ETL). Reporting is very important for knowledge administration and business intelligence.Sophos tracks and stores all the information and facilitates easy retrieval.

Call us at 888-545-5346 to know more details or visit http://www.netactivity.us/services/it-managed-services to browse through our IT managed service offerings.

Source – http://www.netactivity.us/blog/sophos-security-equipment-security-made-simple/

How to Train Non-IT Professionals for VoIP Phone Systems

Incorporating VoIP phone systems for your business adds value to your routine operations and results in improved profit margins. However, this is possible only when your staff is well-informed about the complete feature set of the phone system. Using the VoIP phones does not require any technical expertise; however, the non-IT professionals want to be trained to utilize the system to its full capabilities to extract the best possible outcome. It’s important to train the non-IT staff during the procurement and deployment of business VoIP phone systems. This will also give the employees reasons to excited about this transition and adapt to the new work environment.

Get end-users involved in the selection process

When you make decisions at the managerial level, you often tend to concentrate on figures and integration with your infrastructure. The system features appear to be a perfect solution to your business. However, you may be missing an important step – talking to the end users. The job duties of end users involve them in getting hands-on with the system on a day-to-day basis. So considering their views before making a selection would help in discovering the most useful features for employees so that they meet the expectations of the businesses to their full capacity.

Arrange extensive training sessions

Implementing VoIP phone systems to your business set up would mean a sudden transition in the working environment. The best thing to do is train your employees, especially the non-IT staff members so they are prepared for change in the work processes.

If you are a business in Northeast Ohio looking for a VoIP service provider locally, Net Activity is the place for you. We offer customized VoIP plans and well-planned training sessions for your staff members so that you define the objectives to be achieved by the implementation.

Sell focused benefits to the non-IT staff

Individuals tend to be more interested in role-specific benefits of the VoIP system implementation rather than knowing the complete set of features. The VoIP system has the potential to explore the untapped areas of your business. By addressing non-IT concerns while deploying it into your business will help in aligning the right efforts towards accomplishing your business goals. Net Activity, Inc. can be your technology partner for VoIP system installation. Please visit http://www.netactivity.us/services/voip-business-phone-services to see a list of our offerings or contact Harry Bhatia at 888-545-5346 to discuss further.

Source – http://www.netactivity.us/blog/how-to-train-non-it-professionals-for-voip-phone-systems/

Beware of PC Registry Cleaners: Are They Safe?

Windows registry is a repository which collects massive data about your computer as it practically records everything that is performed on Windows. It is literally a cluttered space as Windows, by itself is not capable of cleaning the system efficiently as it’s always busy in creating new entries. Even though you uninstall a program or application, it leaves some unneeded pointers in the registry and thus slows down your system.

To resolve this issue, many PC registry cleaners are marketed to the users with the claim that they would speed up the computer system making it function better. However, before making your decision to purchase or install a free PC cleaner on your computer system because above all claims they make everything depends on the condition of your registry and the effectiveness of the registry cleaner that you select. Another thing to be considered is that registry cleaners usually delete things from the registry. While most of the times it is safe, there are times when registry cleaners caused serious problems to the computers and their data.

Though most of the modern PC registry cleaners feature built-in methods to reverse changes when things go against expectations, it is not recommended to invest in an advertised PC cleaning system. Being diligent while making your choice is the first step towards protecting your system from unwanted attacks. Also, remember to back up your registry before letting the cleaner to remove or delete entries. Doing this would save you even if the registry cleaner doesn’t have an ‘undo’ option, you can use the backed up registry file to restore it back.

One more important thing to be highlighted is that registry cleaners do not speed up the computers and so, you do not need to run them regularly. Hackers are talented enough to compromise the quality of the wide range of PC cleaning software as happened with CCleaner software in August and September wherein malicious hackers had illegally modified the version 5.33 of CCleaner software which was available for download for about a month.

Your computer data is precious and we, at Net Activity, Inc. recommend you not to install any PC registry cleaners without proper survey of their history. Also, think twice before going for cleaners that invest huge amounts on marketing and advertisements as they are no good.

Source – http://www.netactivity.us/blog/beware-of-pc-registry-cleaners-are-they-safe/