All posts by author

27 Apr 2017

Server 2016 VPN bug (Bad patch: KB4015217)

Problem:
Windows Server 2016 freezes when setting up SSTP VPN in RRAS. First the “OK” button stops responding in properties windows inside RRAS. In particular after attaching an SSL Cert in RRAS, the problems start occurring. Then the RRAS services get stuck in a “Starting” state. Then the server becomes very sluggish and starting basic tasks like opening Task Manager hang. Rebooting the server sometimes results in a blue screen.

Solution:
Uninstall Server 2016 security patch KB4015217 – released April 11, 2017. Following removal, you may need to reboot several more times and remove and reinstall the Remote Access role before the problem is resolved.

Quick workaround:
Disabling RRAS services and removing the Remote Access role also fix the server slowdown issues.

We spent many hours battling this issue before narrowing the issue down to this bad patch.  We have a support case open and the bad patch has been reported to Microsoft’s product development team to fix the broken patch in a future Server 2016 patch.

FacebookTwitterGoogle+LinkedInTumblrEmailShare
02 Dec 2015

Virus Alert: Major Banking Site Redirect + Phishing

Our engineers have reported a Trojan virus that’s floating around that’s utilizing a new phishing tactic that’s worthy of passing along to you.  Internet crooks and scammers are extremely active this time of year due to the massive number of online shopping transactions and they’re constantly coming up with ways to steal your financial information.  Here’s how this particular scenario unfolds:

  1. If your antivirus protection application is out of date, antivirus definitions are out of date, or the antivirus vendor has not included protections against this virus and\or its variants in their most recent definitions release, your machine may be infected by a Trojan virus that allows for this exploit.
  2. You browse to your bank account (this virus is applicable to most major banks).   You put in your username and password and everything appears to work as usual.
  3. If your machine is infected with this virus, the screen may spin for a few seconds or go white for a short period of time, the URL stays the same (your address bar gives the appearance that you’re still on yourbank.com) then suddenly, a box comes up saying your account has had some strange activity and they are forcing you to verify who you are.  The page prompts you for personal financial information such as your debit card number, expiration, 3 digit code, PIN or other security questions.  If you were to enter these and click next, it would say ‘thank you’ and take you to the screen for your bank like nothing ever happened when in reality, you just sent all of the personal financial information that you just entered to the bad guys.

This is a sophisticated scam called a “man-in-the-middle” attack.  The technical trickery that is happening in the background is re-routing of DNS over SSL AFTER you type in your pertinent log-in details, which then attempts to phish you for your credit card information.

Please remain diligent when faced with these crafty methods thieves utilize to phish for your personal financial information.  Asking for your personal financial information should always raise a red flag as legitimate financial institutions do not ask for your account numbers, credit\debit card numbers, PIN or Social Security Number to verify your identity.

17 Sep 2015

Virus Alert: Ransomware Diligence

The purpose of this virus alert is to inform and educate you, as well as encourage you to remain vigilant against malware. We continue to experience isolated incidents of CryptoLocker and its variants, a type of virus known as “ransomware”.  To learn more about CryptoLocker and ransomware please reference our previous blog post here:

https://sisadmin.com/virus-alert-cryptolocker-how-to-protect-yourself/

As mentioned in the above-referenced blog post, here’s steps you can take to protect yourself:

  1. Never open email attachments from unknown senders. Keep in mind that the people who create these emails are crafty. They are often carefully constructed to appear as if they came from legitimate businesses or vendors.
  2. Don’t follow links received in SPAM emails from unknown senders.
  3. Back up your data.
  4. Keep your antivirus and antimalware software updated. We recommend Webroot and MalwareBytes as a solid deterrent. Please be aware that no preventative platform is foolproof.

How do you know if you’ve been infected?

  1. You are unable to open files and/or files appear to be corrupted. This may occur on your local hard drive or on network shares if the infection has spread beyond a local machine.
  2. File extensions are changing from what they should be (.doc, .pdf, .xls) to .encrypted, .cryptolocker, or .[random characters].
  3. A HELP_DECRYPT file has appeared in each folder where files have been encrypted.
  4. A ransom screen may appear informing you that your personal files have been encrypted.

What do you do if you suspect an infection?

  1. Immediately disconnect your computer from your wired and/or wireless network. This will prevent it from further encrypting any files.
  2. Call SisAdmin at 425-482-1919 to report the infection ASAP.
04 Sep 2015

Three Ways to Boost Your Mobile Security

mdm-key

We live a mobile lifestyle. Our mobile devices keep us connected, and we can do anything from our mobile devices – from anywhere in the world. Online banking, hotel reservations, email – all can be accessed with a tap of the finger.

If you forget your phone at a restaurant, at work, or anywhere else unattended – how confident are you that nobody else can access your information?

While browsing the Internet, how confident are you that your information is only being viewed by you?

Follow these steps for a confidence boost in your mobile security:


1. Set a pin or passcode

This is your first line of defense. If someone wants to access your device, they will first need to break this code. This is not an easy task, and can operate as a deterrent against theft. Some device manufacturers have an option to automatically wipe your device after a few unsuccessful attempts at your passcode or pin; so, even if your phone is stolen, your information cannot be accessed.


2. Remote locate and wipe tools

There are thousands of applications out there, and many involve more than just crushing candy or shooting birds at pigs. Certain software can help you locate your lost or stolen device through its GPS. Apple offers a service like this for their mobile devices aptly named Find my iPhone. For Android users, the Android Device Manager offers these services. Windows Mobile users also have this option from the Windows Phone website. Similarly, many third party applications are available in each of the app stores.


3. Keep your device clean

Utilizing an Antivirus and Malware scanner is never a bad idea. Your phones are mini-computers, and just like your “big” computer – they need to be cleaned up from time to time. Malware and Virus threats can compromise information stored on your mobile devices. Malware has a snowball effect, and can continuously pile up until it slows downs or stops your device. Look for an MSP that offers Malwarebytes as a solution to this problem for both mobile devices and computers. It will keep your end points clean and secure from outsiders. Consider Webroot as an antivirus application that scans your downloaded apps and devices for any threats.  Equipped with internet security, this defense will give you a heads up if it detects any malicious activity from your device’s browser.

In the end, the number one security measure on your mobile device is you. Be proactive. Protect yourself and your information using the steps above!

20 Aug 2015

Moving Offices? Watch out for data cabling issues!

There’s many things to plan for when occupying a new office space. Move logistics can be daunting and often your IT infrastructure is the furthest thing from your mind.  The truth is, planning for an smooth transition of your IT infrastructure is one of the most critical aspects of a successful move.  I’ve often jokingly referred to IT being like toilet paper… you take it for granted that it’s always going to be there but when it’s out, you sure do panic!

One critical aspect of IT move planning is your data and voice cabling.  Networks are so commonplace that almost every office space has some sort of existing cabling.  The natural assumption is that you’ll be able to utilize the existing cabling when you move in, and everything will be just fine.  This line of thinking is fraught with peril and you shouldn’t make any assumptions when it comes to cabling.  A typical worst-case scenario goes something like this:

  1. There’s existing cabling in your soon-to-be office space so you say to yourself “I’ll just use what’s there.”
  2. You assume that the vacating tenant will leave the cabling in ‘as is’ condition, or you specifically ask the landlord to make sure the cabling is left intact.
  3. You take occupancy of the space only to find that the cabling has been cut with butcher knife and is rendered useless.  Yikes!

There’s a few reasons this type of thing occurs:

  1. The hard truth is that the vacating tenant often doesn’t give a rip if you inherit functional voice/data cabling (that they likely paid for).
  2. The vacating tenant wants to take their patch panel and/or server rack (that they also likely paid for) with them.  In order to do this, they have to either cut the cables or rip them out of the back of the patch panel.
  3. There are requirements in the lease, or local building and fire codes, that require them to remove the existing cabling.

If you fall victim to this situation, chances are that you won’t find out until you take occupancy of the space, which is often far too late in the game to do much about it.  Remember what I said about IT being like toilet paper?  Occupying a space without data cabling is like being stranded on the toilet without a roll.  Now you’ll need to find a cabling contractor to bail you out in a hurry which is often expensive and highly stressful.

One way to avoid a bad scenario is to assume that you’ll need to deal with cabling issues once you have the keys to the space and allow yourself enough time to deal with them prior to setting your move-in date.  You should also evaluate the cabling situation far in advance of getting the keys.  Make it one of your site evaluation steps to inspect the quality of the cabling and the speeds it can support.  Do your best to protect the cabling when the previous tenant vacates the space and if they do happen to cut it, have a contingency plan in place for how to deal with it.  Having a cabling contractor on stand-by is also a great precaution.

We highly recommend retaining SisAdmin to assist with the IT components of your office relocations.  Cabling is just one of the many things that need to be planned and accounted for during an office move.

12 Jun 2015

Windows 10 Free Upgrade: Make the Leap?

Windows 10

Windows 10 is coming soon; July 29, 2015 to be exact. Microsoft has announced that all systems currently running Windows 7 SP1 or Windows 8.1 are eligible to upgrade to Windows 10 free of charge. Beginning June 1, 2015, Microsoft activated a notification that appears in your PC’s taskbar which states “Get Windows 10. Reserve your free upgrade.” If you opt into the upgrade, Windows 10 will download to your PC as soon as it’s available, and you will be able to install it at your convenience after July 29th. The download consumes approximately 3 GB of disk space.

The logical first question you are probably asking yourself is “Should I take advantage of this upgrade?” Well, there’s good news and bad news.

The good news is that all indications point towards Windows 10 being a worthy successor to Windows 7 and corrects many of the flaws of Windows 8 (the Start menu is back!). Faster overall speeds along with quicker startup and system resume have also been promised, along with a boast out of Redmond that Windows 10 is “the most secure platform ever.” Even more good news is that you have an entire year to upgrade your system for free.

The bad news is that Microsoft has a long and distinguished track record of unforeseen problems in the days, weeks and months following new operating system releases. Many IT professionals would advise that you wait until the first major service pack release prior to making the leap to a brand new Microsoft operating system.

SisAdmin’s recommendation is to wait a few months to see how everything shakes out before considering the upgrade. When the dust has settled and the kinks have been worked out, please reach out to us so that we can assist you with a smooth transition to Windows 10.

If you decide that you’d like to be on the bleeding edge of technology and just can’t wait to take the leap, Microsoft has outlined what you can expect here. If you’ve already opted in and have reserved your upgrade, don’t fret, you can postpone performing the actual upgrade to a time that’s convenient for you.

06 May 2015

SisAdmin Sponsors Vistage Executive Summit 2015

VES 2015

Representatives from SisAdmin attended the Vistage Executive Summit 2015 yesterday, May 5th, at the Hyatt Regency Bellevue.

We would like to thank all of you that stopped by our booth to say hello.  We really enjoyed meeting and visiting with our existing customers, Vistage members and chairs, industry peers and colleagues, and guest attendees.  The venue was spectacular, the guest speakers were inspiring, engaging and insightful, the food was delicious and the atmosphere and energy was second to none.

We look forward to seeing you all next year!

The SisAdmin Team

01 May 2015

Security Alert: Wire Transfer Scam

phishing-attacks

We are issuing this security notice to alert our customers to a fraudulent wire transfer technique that some of our customers have encountered this week.  The technique is called spear phishing and relies upon email messages posing as urgent communications from senior officers to lower level employees.  The messages demand that employees wire funds to destination accounts provide in the message.

These emails can be very convincing and are typically sent to corporate executives, corporate finance personnel, or others likely to have roles in authorizing or executing accounts payable operations.  We highly recommend making your employees aware of this threat and cautioning them against falling victim to these attacks.  Typical signs to look for beyond the obvious tone of the funds transfer demands are:

  • Suspicious emails sent to executives or received from executives
  • Check the sender’s email address closely for spoofed or impersonated domains
  • The body of the email instructs the target to pay all new or outstanding invoices via wire transfer to a new bank account
  • The body of the message often includes a fake, back-dated “original message” in an attempt to set the context of the transfer request
  • Attached to the email is a PDF document containing wire transfer instructions, including bank name, account number, etc.
  • Wire transfer destinations typically include banks in the US, UK, China and Taiwan

The technical details of how scammers accomplish this are as follows:

  1. Scammers register “typo squatting” domains that for all intents and purposes look like the target company’s domain, but are subtly different.  For example, the legitimate domain www.mybusiness.com would be registered as www.mybusiiness.com.
  2. Scammers then create email accounts at the fake domain that mirror legitimate executive email accounts.  For example Joe.CEO@mybusiness.com would be created as Joe.CEO@mybusiiness.com, and the common name that appears on the email account would be identical to the original account, such as Joe CEO.
  3. The attack often relies upon knowledge of key players within the company and emails that are highly convincing to the recipients are created.  They rely upon the fact that when the CEO asks you to do something, you do it!
  4. Emails are sent to lower level employees from executives that are brief and urgent, demanding the transfer of funds and the progress of the transfer, thus making the request appear more authentic.

Please let us know if you have any questions or need our assistance.

24 Apr 2015

Windows Server 2003 Support is Ending July 14, 2015

XP-Gravestone-banner

Amongst the geek speak you may have overheard recently, the term “End of Life” (EOL) may ring a bell.  This term refers to the product(s) supplied to customers that are at the end of their useful life and the vendor (more often than not Microsoft) intends to stop supporting it.  There are some key Microsoft products coming up on End of Life in the first half of 2015; the major one being Windows Server 2003 (all versions) which subsequently includes Small Business Server (SBS) 2003.   Specifically, support will end for these products on July 14, 2015.

So what does this mean to you and your business?  In a nut shell, continuing the use of these products becomes a liability and vulnerability as Microsoft will no longer issue security updates for any version of Windows Server 2003.  According to Microsoft “you need to take steps now to plan and execute a migration strategy to protect your infrastructure.  By migrating to Windows Server 2012 R2, Microsoft Azure or Office 365, you can achieve concreted benefits, including improved performance, reduced maintenance requirements, and increased agility and speed of response to the business.”

We’re here to aid you through this transition.  Contact SisAdmin if you have any questions or concerns about your technical infrastructure in light of these upcoming product retirements.

23 Feb 2015

Virus Alert: CryptoLocker + How To Protect Yourself

Welcome to the first installment of the new SisAdmin blog!  Keep an eye on this space in the coming months for lots of useful information to help your technology work for you.

The first topic we’d like to bring to your attention is CryptoLocker, one of the most serious malware types out there today, which can dramatically impact your business should you experience an infection.  CryptoLocker and its variants, a type of virus known as ‘ransomware’, are becoming more and more widespread across networks with each passing day.  These viruses are able to evade commercially available virus and malware protections due to their ability to exploit legitimate, trustworthy actions such as file sharing.  We have resolved several CryptoLocker infections, and while we’ve been able to recover the client’s data each time, the infection has caused downtime, lost productivity and lost income for the client’s company.

CryptoLocker works by encrypting the files stored in folders that are available via the drive letters on the infected machine (C: or D: for desktop drives, U: or S: or others for server drives).  The organizations that create these infections then attempt to charge the victim a ransom for the decryption key required to regain access to these files.  While it’s possible to pay the ransom, we don’t recommend it.  The creators of these viruses are not ethical business people—you don’t want them to have your credit card info, and there’s no guarantee that they will provide you with the key needed to unlock your data after you’ve paid.

Since this infection doesn’t limit itself to personal files stored locally on a desktop computer, but also targets files stored on a server via a mapped drive, it can be particularly malicious and can potentially encrypt an entire network file structure simply by infecting one user.

CryptoLocker and its variants are often spread through waves of millions of emails that are sent by internet criminals to company email addresses, pretending to be legitimate messages from major companies such as FedEx, UPS, etc.  These emails contain a zip attachment that, when opened, infects the computer.  Infections can also occur as a result of the download of an application that appears to be legitimate, or via methods that attempt to bypass authorized access to a computer.

Exercising tried and true email security practices, such as never opening attachments from unknown senders, can go a long way toward protecting you from these infections.

But what else can you do to protect yourself from Crypto and its variants?  Three things: back up your data, update your antivirus software, and retire all your Windows XP computers.

1.    Back up your data

CryptoLocker cannot currently be fully blocked via commercial antivirus products due to its ability to mimic legitimate application functions.  The only way to block such software completely is to disable the file-sharing functions of Windows, which isn’t an appealing solution.  The only way currently available to recover from a CryptoLocker infection is to restore the infected files from backup.  Therefore, having consistent, updated backups available at all times is critical to avoiding data loss from a CryptoLocker infection.

If you are a SisAdmin Safeguard or Observational client, SisAdmin monitors your backups for you, but it’s still worth checking with your engineer to confirm the backup platform you’re currently using meets your needs.  If you are only backing up once a day (or only maintaining one day’s worth of backups) and CryptoLocker is discovered more than 24 hours after infection, chances are high that you will lose critical business data–potentially all your business data.

It’s also a good idea to schedule some time with your engineer to perform a test restore of your environment—that way you know exactly what will happen in the event of an infection like CryptoLocker and have the peace of mind of knowing you’ll have minimal downtime.

2.    Update your antivirus/antimalware software

While there is no foolproof way to prevent CryptoLocker infection, updated antivirus and antimalware software can help detect the source of infections and catch future ones—usually before the encryption spreads too far.  SisAdmin recommends VIPRE Business and MalwareBytes as a solid antivirus/antimalware products, but there are many reputable alternatives if necessary for your specific network.  Check with your engineer or the SisAdmin Service Desk to determine your level of protection and how it can be improved—we’re always happy to help.

3.    Retire Windows XP

Ah, Windows XP—it’s like an old friend, and one we’re all sorry to see go.  However, since Microsoft ended support and security updates for XP in April of 2014, it is no longer being updated as new vulnerabilities are discovered.  This means that having Windows XP systems still in production and connected to your network is like putting out a sign saying “Please, hack me!  Hack me now and encrypt all my data!”

Replacing your Windows XP computers is critical to network security today, including removing a potential vector for CryptoLocker to infect your files.  If you have XP machines on your network, speak with your SisAdmin engineer or the Service Desk about the best way to replace them with Windows 7 or Windows 8 desktops.

That’s it for our first post!  As always, if you have any questions about CryptoLocker or any other network issue, please give the SisAdmin Service Desk a call at (425) 482-1919.

REQUEST A
FREE QUOTE

Contact Form