Good morning everybody. This is [inaudible] with Tsi, truly solutions and innovations. And today I’d like to talk about security solutions. So security, much like cloud services or cloud is, um, there’s a lot to it. It’s a very loaded term. Um, but in this day and age it is tremendously important. There have been data leaks all over, I say all over, you know, who knows what we haven’t been told as far as data lake scope, but there are common common occurrence and a lot of times it’s do well. I mean there are varying factors. You’ve got social engineering, somebody pretending to be somebody else or somebody just following somebody into a locked building that they shouldn’t have access to. You know, somebody holding the door open for this person they’ve never seen before, but they, you know, being polite.
It’s unfortunate that people take advantage of that. Um, uh, just other data breaches. You’ve got the wanna cry virus, a virus that wreaked havoc on a lot of businesses. Well actually they didn’t even touch, but it was just mostly government and health care. I think it was primarily healthcare. I was actually placed, I was at, we actually had a few infections of that and that was fun dealing with that because the things were not being patched as they should’ve been. So, um, there when you talk about security, there are a couple of, well, other than physical security, there are couple of, um, groupings I guess, or categories for an it environment. And as an MSP, security is paramount to everything you do. If you’re gonna open up ports for server, make sure they’re not, you know, make sure you’re accessing the right ports and make sure they’re not open to wide open world.
There was a, Oh, I can’t, I can’t think of the name. There was a site that I guess it listed out, uh, publicly of a open, publicly opened, um, like camera systems and people could just get it in there and they had default credentials for logging into the, the camera feeds and you could watch people in their house. I can’t remember the name of that. What was it? Well, in any case, you don’t want that. You don’t want that at your house. You don’t want that in your business, you just don’t want that period. So finding the right it service provider, uh, who can help you or if you’re a an intrepid person, you can do it yourself. Um, there’s a lot to learn as far as what, what you, what steps you need and what makes sense for your environment. And it’s, I would most certainly suggest talking to a professional.
It’s kind of like you wouldn’t write up a contractual agreement with somebody without at least having a lawyer look at it. So I’m sure MSPs or even your break fix provide a it person can look now you, I don’t, don’t just be 100% on board, you know, kind of, I’m, I’m a very big fan of doing your own research. So with regard to what salute you say you approach them, ask them, say, hey, I would like to look at, um, some security solutions for a encryption on, unlike highly unlikely, but unless you’re in healthcare, but there are plenty of instances that encryption would be an idea, a or antivirus or d at DNS. Well now the DNS protection is more of an enterprise type deal. Um, training, uh, even, uh, basically like say you want to, you ask them about email protection, like I’m tired of getting these phishing emails.
Um, see what they say and ask for that. I’m sure they have a service that they offer. Ask Them for information as far as like how effective is it? That’s, that’s a good question. How effective is it? And I don’t know the next question typically or even the first question to be how much is it, um, some of these modules or these add ons for like for instance, email. They’re pretty, they’re, the cost isn’t that high, but it’s knowing what pieces to use for given environment. So find out what they offer. And I, I don’t, I mean maybe you can haggle. I have no idea. They may be comfortable with that. Maybe not. I don’t know. Um, you may be comfortable with that. I’m not sure. But in any case, don’t take their word that it’s, Oh, this is the best thing ever, or this, this, you’ll never have another issue again.
You can always ask for a trial. I know as an MSP, um, my it services are available for four months for free because I don’t want you to, I want you to see what it’s like working with me as an it professional, as an MSP, what we do and how we interact with you and response time suit. See how quickly we respond to an issue that you raise. And you know, I want to build trust with anybody. It, it’s not, it’s a partnership. It’s not you’re hiring me and I work for you. It’s a partnership and it’s not me being a consultant saying you need to do this, you need to do this, you need to do this. Uh, I mean sometimes that does happen because you may not have anything you need, but know that I’m coming, that I hope to establish that rapport and that trust within that month.
I granted, you know, it takes a lot longer than that to really build trust. But I know that giving people a glimpse of how I work and how I help and the things I do to help it, it would be tremendously beneficial for, uh, as a preliminary to be having that relationship where money’s exchanging hands and we’re in an agreement on what’s happened, what’s going on. So in any case, the two groups for it, uh, they security solutions, um, it services are, you have software based, which typically, which target, you know, servers and pcs, any, any workstation you’ve got. Uh, within that you have a what’s called DNS protection. So DNS protection is, it’s using, a lot of them are in the cloud. Some of them offer hard hardware, like a DNS server that you can attach to your network. So what it is a DNS stands for domain name services.
And what can happen with domain name services is that the idea behind it is computers talk and numbers, Zeros and ones, um, Ip addresses, uh, things like that. So what happens when you go to google.com, you’re, you search for google.com. The computer has no idea what google.com is. So it talks to a domain name server that says google.com. Okay. That translates to this Ip and that sends you to that Ip. So in your browser though, you see google.com and you’re there. So for, uh, with protection for Dns is that you’re going to a secure DNS server that’s typically hosted in the cloud. And what it does is it looks at the site you’re going to, it has that translation to the Ip, but it also keeps track. Another aspect is they keep track of, uh, I guess reliability or, uh, let’s see what, um, solar winds terms it, uh, well website.
There we go. Risk the risk that the trustworthy site or they receive a score from zero to 100. The higher the score, not a reputation, the better, the more likely you know what it is you’re going to, the lower reputation. It’s, it could be Mao, uh, a malware site, a Bot net site, you know, just different types of malware or viruses that, well, the site would direct you to a place where you would wear something, would get downloaded or put on your computer that you don’t necessarily want. And you know, in, for our next thing, you know, you’ve got popups, you’ve got Microsoft calling you telling you you have issues with your computers. Just a spoiler alert. Microsoft doesn’t care about your computer after you buy it, unless you get a IT Services Bartlesville protection plan with them. I don’t even think that’s a thing. I’m pretty sure it’s not.
Um, they’ve milky for money and you know, the next thing that they want you to buy as more stuff like office three, 65 or whatever. They’re not, they don’t care about the events that are going on on your computer and they’re not most certainly not going to call you and try and fix them. So just keep that in mind. Um, so for Dns, it’s, it’s really, it’s primarily web protection. It’s, and one thing to keep in mind with security is that, uh, it’s likened to an onion. The more layers you have, the better. So you want, you would like to know, well, it’s good to know. Some people like to know, some people don’t. As a business owner and being an it professional myself and being an MSP, I like to know what technology is being used. I mean, I’m, I’m the ones pay, I’m the one picking it and implementing it.
So that makes, it just makes sense for other business owners. They just want something to get done and they don’t care how it, how it happens or they just don’t, they don’t want to understand it and they just wanted implemented or they want to know what you’re putting in and why. So it’s just, it’s different for different owners, for different people. Some like to understand the technicalities involved in other people. Just say, I, I don’t know. I don’t care. I just want it to work. So in any case, a DNS is one piece of the, uh, software puzzle. Uh, it helps with trying to, helps with mitigating antivirus, fishing. Um, Pos malware, it, anything that can infect a PC. So I think that’s, those three are the main ones. Then you’ve got a software for the PC and actually serve as a antivirus. You have antivirus now antivirus on a server.
Um, it’s, it can be hit or miss depending on what, how your vendor coated their software, their solution. It may not play well with an antivirus. Keep that in mind. One, I know one thing that typically has been suggested as, oh, just disabled the virus, the virus or the firewall and the firewall and everything will work well. Yeah, that’s, that’s not always the case. Um, a next you’ve got encryption. Uh, this is very, very important for Hipaa. Um, I know I’m familiar with Symantec endpoint encryption. It’s, it’s, it seems like a, it seems pretty, pretty. Okay. I haven’t touched the, uh, administrative back end on it, but it’s, it gets, yes, the job done. Um, I didn’t really look into a whole lot of encryption pieces. I know a couple of others we’ve used where bitlocker I think that’s, that’s uh, baked into windows pro or enterprise.
Uh, and then you’ve got a, what was the one where you shook the mouse around? Um, I guess that one wasn’t as secure as everybody thought it was. And I can’t, I’m terrible with names. Um, anyway, moving on. Uh, security training, kind of software based. A lot of training modules can be, or a training platforms are web based and they, they, they really just teach people what to look for, what not to look for. Especially I know, uh, fishing, that’s actually the next one. Uh, anti fishing, um, trying to block them before they get to the end user, but at the same time you can’t catch all of them there. It’s just, it’s an up and massive uphill battle. But at the same time, uh, you can do training to help people recognize, okay, this, this IT Services Bartlesville email look legit. Why would she want my, why would, uh, uh, I don’t know.
Mastercard want me to log in and give my credit card information just so they can verify that it’s still active. It’s not just something crazy like that or you’ve won a free trip. Um, and the site takes to a site from China. You know, I don’t, I don’t think China wants to give out free trips to people in the US or anywhere else for that matter. So just understanding that, taking that training and applying it to, uh, for end users is, it is, it’s tremendously helpful and mitigating that risk. That’s one of the, I mean that’s a very high, uh, risk and with access to email for anybody. Um, so, and then finally the RMM tool for security. Uh, I don’t know, solar winds has, uh, it managed, the antivirus manages the antivirus. It also has a web based firewall. So you can say I want to apply this policy for this and it’ll kind of go through and block certain categories or a look at the reputation and block certain sites that are questionable.
So a software based, um, it, it’s the, there are many layers to the onion in software is definitely just kind of like the innards depending on which pieces. DNS is probably outward. Uh, inside is definitely antivirus. A encryption and fishing would probably be outside with, uh, the DNS. But in any case, um, I’m going to break this up into two. Well we’ll, we’ll just, we’ll just keep you on and I can, uh, split the audio. So, um, that, that’s, those are the list is by no means exhaustive, but those are definitely big pieces to uh, your software based. And one thing I didn’t mention was firewall. Um, yeah, uh, I know windows has its own firewall and that’s always fun to play with, especially with different programs. But um, firewall, that’s kind of what the RMM can provide. I wouldn’t say it’s like a straight up firewall. It just looks at where you’re going. I guess that would probably be more DNS protection. So a software based firewall essentially blocks any connections that aren’t, that you don’t want to happen. Uh, firewall can block a certain programs, access to the Internet. It can block, uh, inward connections or outward connections coming in.
Um, my main experience with that is windows firewall. Um, you can tailor rules just like another, any other firewall to allow certain things to happen. I want this, I’m sure some of you have had that pop up just asking you, hey, are you, what do you want this program to do? Do you or do you want to allow it to connect to the Internet? Things like that. Um, just another piece of that or another layer of that onion. So it’s, um,
eh,
it’s a very layered aspect. Either describing it as an onion is a very apt description. So a onto hardware. So for hardware, uh, the biggest piece are the main pieces. I mean, they all, they’re all main pieces. You want them, you want ideally as many as you can get that makes sense for your environment. Um, properly configured and network equipment is obviously very important. Uh, as an MSP, uh, we, we have procedures in place for what configurations we need to allow. Uh, and it’s just a baseline and then we look at the environment. So, okay. What does the vendor do? Vendors for this software needs specific ports open for, you know, remote, remote support or do they need it for, um, the reporting for their stuff? Yeah, there’s, there’s no telling what ports vendors need available and it’s just, you know, here, throw a dart at a dartboard and okay, we’ll pick that and that’s, that’s the port we want.
Or it could be like, you know, for 80, 84 or something. That’s what based, but just a little, I mean there’s no, there’s no rhyme or reason typically for the ports that are picked. Um, you have firewall for heart. Uh, that’s the mets. A network 100% fire. A firewall is imperative in most in any business IT Services Bartlesville environment. They are very, very, very, very important. Um, that’s where, uh, for those of you who aren’t familiar with firewall, so what it is, is it, it looks at all outgoing connections and if it, if it’s sore, if the destination is, uh, blocked by a policy or like, say you’re at work and you want to go to Youtube, uh, nine times out of 10, probably more than more than that, probably you’re not going to be able to access it because it’s blocked by a firewall policy. You don’t have some goofy things, show up on your browser saying this has been blocked by or whatever.
And that’s a firewall. So it not is it security, but it’s also productivity because you know, you don’t want people getting on Youtube unless they’re, unless they need it for their job. You don’t want youtube to be just accessible to anybody at the computer or anybody, any employee if they’re, you know, if that’s not within their job description. So it’s just one of those things. Um, so a router, a capable of VPN and it doesn’t have to be a router. I think their VPN appliances out there, uh, I’m not familiar with many of them. I know that, uh, windows servers you can do and set up RDP gateways or RDP session host. Um, so those, those set up in that VPN uses a, I think most of them can use radius to authenticate, which is just, uh, well you set up a user, you set up users and radius and they can connect with those credentials that have been created and it’s there. They’re just authenticated. Um, can also tie it into, uh, active directory, which that’s, you know, for domain control, a domains that’s there could just use that, their credentials,
which is pretty handy. Um, I know passwords in accounts or can easily get out of hand. Um, you know, hosting server. I’ve got probably, let’s see, I’ve got one for SQL, um, pseudo and uh, well I think that’s, that’s it for that. But you know, you, you’re going to end up with a lot of passwords doing it work. So any case, um, and that kind of ties into the whole wall. That is the whole server authentication. You, you definitely want good, solid, um, requirements for passwords, for accounts and obviously don’t want anything being shared. Any account credentials being shared.
Excuse me, I can’t stop yawning. Uh, and then for another aspect of physical security, how locked areas, most certainly for your sensitive equipment, you don’t want just anybody available to walk into the network room and start unplugging things and plug in whatever. That’s, it’s just common sense. Um, and cameras and Dvrs, you, you definitely want to, well at some point you want cameras if and to watch the outside as well as well as the inside. They all, it’s just more of the, you’re granted this is uh, this, uh, this does play into the onion because say somebody socially engineered their way into your network closet or you know, your office and they did something and we’ll let you have, not only do you have, uh, uh, the cameras and the d and the recordings, but you’ve also got, um, that maybe they used somebody’s badge to get in or they access somebody’s credentials, they access PC using somebody else’s credentials.
And then you know, that that trail, the onion plays its part more of finding out, wow, why it happened. But say they try to go in and go to a website to download something, but it’s blocked by the firewall, uh, or the DNS for neck protection. Or they tried to log in to something that they did it shouldn’t have access to and they didn’t have access to. So they tried multiple times, are used to program off a USB stick to try and brute force their way into a server or whatever. The RMM would catch that because of excessive login attempts, depending on how that’s configured for your environment. Um, and then you’ve got Kensington locks,
they’re the, a little locks that kind of attached to a slot on your pee, on your laptop or mini PC and you can lock it with a key or combination there. They’re just deterrence for somebody grabbing the machine and walking off with it. So somebody, you know, socially engineer their way and they try to walk off with a machine, like they wouldn’t be able to, if they did, then hopefully have some encryption on there and that would kind of foil any, a tip that they have is to access that information that was stored on there. So as you can tell, a onion is a very apt description for how to describe security solutions. Um, if you’re unsure of what all is implementations you have, maybe you’ve, maybe you’ve got somebody else who looks at, uh, an RFP or quotes or whatever for what your, it service provider is providing you.
Or maybe you don’t have this and you just had somebody come in and set it up and they’ve been, now you just have the break fix guy. Um, I would most certainly this can tie into that network documentation aspect is have your security document it, have it, have it all documented just so you know what’s going on, what’s there and what’s available or what you have and how the pieces played together. Right. And I’m sure a it professional would be happy to kind of explain what you have, what you don’t have, what they would suggest. I know as for me working, you know, owning the MSP and working in the MSP space, uh, the IT services that I provide, I’ve most certainly want to, I want, I want there to be no misunderstanding or lack of understanding on the business owner’s part or the client’s part.
If that’s what they want, I want them to know what’s going on and why and why. I suggest this. Um, I’ve sent some pretty lengthy emails and had some pretty lengthy phone conversations just describing what it is that I suggest as a solution because that understanding is that you don’t want, yeah. When it comes to security, I mean this, if there’s a breach that could potentially ruin your business, we’re in shut it down. That’s not if I’m in a position that mitigate that or stop it 100%. And then I, I will, I’ll, I’ll help you take those proper steps. And you know, I’m in the IT Services Bartlesville, I’m in business, so most certainly will provide quotes and, uh, justify those to any, to the potential client and help them understand why this makes sense and what they need, what’s next steps, what steps needed happen in order to achieve that.
So, uh, well that’s, that’s kind of security solutions in a, in a nutshell and an onion in a nutshell. But it’s an interesting concept. So, um, excuse me. This is, these are by no means exhaustive. You also have a couple of other things, like for hardware and software you can get, uh, some little tokens that kind of rotate through numbers, random numbers, but they communicate with each other through the magic of technology. And they can grant time to access to certain areas, kind of like a, a safe or network rooms or certain protections. A certain types of, um, software I’ve seen Symantec, they have, uh, they have a software solution for, um, like an ra, I think they’re called Rsa, Rsa Ids.
So Rsa secure ideas. I think that’s just what they call them, a security dynamics. And what they do is they say you have either a fob or an app on your phone and it grants you incur it cycles through numbers that will change after so many seconds and that will be paired. It will be authenticated. You use that to authenticate to whatever it is you’re trying to access. So it’s like I said, the onion just, it’s just going to get bigger and bigger, especially since, um, we’ve seen more and more breaches that the security is, it’s important to begin with. But the actual, the, the severity of a lack of understanding or a lack of implementation is becoming evident from these breaches and the fallout after afterward. So I hope that after, if you, if anybody listens to this, I hope they look into their security solutions that are currently in use in their environment and either try to hopefully understand it or push to have the proper, have a proper IT Services Bartlesvilleimplementation. And most certainly have it documented, but no time like the present to get something documented that isn’t. So I hope hopefully I’ve helped some people and they take this and run with it. So I appreciate your time and hope you have a good day. Thank you.