iMacs and MacBooks disconnecting from Virgin Media wireless network (Thomson TWG870 router) after sleep mode

Computer systems disconnecting from WiFi when trying to get some important work done can make for an extremely exasperating experience.
We recently helped a Dublin advertising agency with such a problem. Their iMacs and MacBooks would stay connected to their Virgin Media Thomson TWG870 WiFi router for hours. But as soon as their Macs went into sleep mode and transitioned to “normal” mode, the operating system would wake up but not the wireless connection leaving users in the office frustrated and cursing like sailors. Unfortunately, this is a glitch in many versions of OS X (10.8 – 10.12) which Apple have still not remedied successfully. However, in most cases, the solution is nice and simple.

This problem occurs because OS X seems to “forget” which wireless connection it had established before going into sleep mode. For example, there might be four of five wireless networks such as “hotel wifi”, “meeting room wifi”, “guest wifi” etc. stored in the network settings but upon waking from sleep mode OS X does not know which one to connect to. To remedy this, go to System Preferences > Network > WiFi > Advanced. Then go to the “Preferred Networks” panel and delete all networks listed here using the “-“ button, followed by “ok”.

Now go back into the Network panel and click on “Locations” followed by “Edit”. Click on the “+” and give your network location a new name like “New Office Network”. Click on “Done” followed by “Apply”. This helps to “lock in” a wireless network to your iMac or MacBook meaning that next time it goes into sleep mode it will not lose its wireless connection upon waking.

On follow-up a week later, all users were relieved to have a robust wireless connection. They could continue their work uninterrupted by internet blackouts or by swearing colleagues.

If you’re having wireless network problems with your Apple Mac in Dublin, RealClear are here to help. We work with most wireless networks including those from Virgin Media, Eir, Three, Vodafone and Magnet. You can contact RealClear on 01- 685 4833.

Why you should not be using indigo.ie or eircom.net for your professional email.

We are still shocked at the amount of business owners (legal professionals, consultants, etc.) who contact us about with problems with their indigo. IE or eircom.net email address. Whilst we can help these users to get their email fully operational again, using outdated domains such as indigo.ie as a professional email address is wrong for so many reasons!

1) The indigo.ie domain along with iol.ie were one of the first native email providers in Ireland when the internet started to become mainstream (1994 – 2000). (The eircom.net domain coming on stream circa 1999). The email service provided by these domains served a purpose back then for basic email but times have now changed. Most email services now need to support the IMAP protocol, which is needed for email on mobile devices.

2) Domains such as indigo.ie and iol.ie have long since changed hands from their original owners. Their new owners give these email domains only skeleton maintenance and support.

3) Using older domains like indigo.ie means you get very poor server-level spam filtering. This means a time-consuming nuisance to wade emails from Nigerian princes, but it also poses a security risk.

4) Using an indigo.ie or eircom.net email address does not project a professional image for your business.

5) You are at the mercy of their new owners. For example, the current owners of indigo.ie, Eir, might decide to pull the plug on indigo.ie any day leaving you in the lurch.

RealClear can help migrate your business to a more robust and reliable email platform which offers spam-filtering and higher levels of security

Your Mac will not boot after an update.

Most updates to the OS X operating system are trouble-free. However, a number of clients have recently contacted us informing us of a “blank screen and cursor” problem after they downloaded an update for OS X Sierra. Upon rebooting their iMac or MacBook they were greeted by a cursor and a blank screen. Not a sight you want to see when you just want to get some work done. The problem appears to be related to some “plist” and “Apple Upgrade” files going corrupt. Apple have not yet released a fix for this issue nor have they documented the issue in their knowledge base, but our solution is quite easy to implement.

1) Start your MacBook or iMac while holding the “Command” and “S” keys simultaneously.
2) After a minute or two you will be presented with a command line terminal screen. (This is a black screen where you can input commands)
3) Now type in the following commands in sequence.

/sbin/fsck -fy
/sbin/mount -uw /
rm -f /Library/Preferences/com.apple.loginwindow.plist
rm -f /var/db/.AppleUpgrade
reboot

Press enter after each command. After you’ve entered all commands successfully your MacBook or iMac should reboot and you should be back in business!

RealClear @ 44Con London and Advanced Persistent Threats

Last month RealClear IT Support attended the 44Con IT security conference in London. There were lots of interesting talks given, including those on threat intelligence, network security, application security, operating system attacks and hardware hacks.

But one of the consistent themes of the conference and one of the areas which is keeping CIOs awake at night is that of the Advanced Persistent Threat. APTs are targeted, persistent, multi-phased and sophisticated threats which operate in stealth mode on the modern computer network. Their ultimate goal is to exfiltrate data back from a business or organisation to the attacker’s “command and control” centre. This might sound all very X-files-like, but APTs have become a reality in today’s threat landscape. With traditional security defences in place, they can go unnoticed in your network for years.

One of the first high-profile APT attacks was discovered in 1998 when a computer technician at an American-based company ATI Corp identified a remote access connection on their network to a US Air Force base. The RAT (remote access Trojan) was initiated every morning at 3am. The technician reported his findings to law enforcement. A specialised team of military and information security specialists from the US government was mustered. After months of research, “Operation Moonlight Maze” found that several businesses and universities were being used extensively as proxies for attacks. Proxying RAT connections from local businesses and universities is much less suspicious than those from emanating from Russia or China. The attackers used Telnet and FTP to exfiltrate thousands of classified documents from US military sources.

Since these attacks, several other high profile APTs have been discovered including those which infected RSA (ironically a computer security company) and the New York Times. In 2011, RSA a leading provider of two-factor authentication security tokens to banks, finance and healthcare organisations, got hit by an APT. Like with Moonlight Maze, the FTP protocol was used exfiltrate files which compromised their SecureID system.

The New York Times was attacked by an APT in 2012 when their journalists started investigations into the relatives of Win Jiabao, the then Chinese prime minister. The threat went unnoticed for months. Corporate passwords for every journalist were stolen. Over 45 pieces of custom malware were installed. Their Symantec endpoint security software which the company was using to protect their PCs only identified one of these (which it quarantined).

Vectors of attack

One worrying aspect of the APT threat is the simplicity of their initial attack vector. For example, the RSA hack was traced back to just one phishing email sent to a member of their administrative staff. It contained an Excel worksheet which was completely blank except for an “X” letter in one of the spreadsheet’s cells. Out of curiosity the employee clicked on it, but nothing appeared to happen. Unbeknownst to them or the firm’s security team, the Excel sheet had an embedded Flash exploit called “Poison Ivy” which, when clicked, got activated and then connected to the attacker’s command-and-control server. A payload was then surreptitiously downloaded. This seemingly innocuous action gave the attackers the keys to the kingdom as it were. The compromised system was used as a launch pad for other attacks across the New York Times computer network.

There are several other examples of how APTs exploit a seemingly small vulnerability. The “Duqu” malware strain, discovered in September 2011 exploited a vulnerability with True Type font in a Microsoft Word document as the initial attack vector. The payload installs malware which subsequently connects to the attacker’s control and command servers via TCP ports 80 and 443 using a custom protocol. For port 80 bound traffic, Duqu uses steganography for encoding and attaching data to JPEG files. It uses XOR encryption to encrypt data captured by it’s keylogger. “Flame” is another piece of malware used in APT attacks. Discovered in 2012, it propagates via USB devices and a bogus Windows Update Service (a favourite strategy of the NSA also…). Having a paltry size of just 20MB, it can take screenshots, intercept email and activate PC microphones. It communications back to its command and control server over HTTP, HTTPS and SSH. Using such prosaic protocols makes it easy to slip under the radar of even the most sophisticated firewalls. Or consider “Red October” which steals information from iPhones by using SNMP brute forcing. Once installed, it collects data via a plugin for Microsoft Office and Adobe Reader. It evades detection by encrypting its main executable with XOR encryption. For initial infection, Red October uses infected Word and Excel documents for initial infection. These are then propagated via phishing attacks.

Implications for your business

Initially, most of these attacks did not use highly sophisticated approaches to hack their victims. They used what could be described as “everyday software” coupled with social engineering (phishing) to launch. In your business environment, there are some simple steps you can take to counter such threats.

Office and Adobe PDF documents should be opened with extreme prudence. Users should be trained to spot anomalous emails, attachments and know how to manage them securely.

You should be using the recent versions of Microsoft Office for maximum protection. For Microsoft Office 2010 (and later) each version has included “protected view” functionality which acts as a sandbox and allows documents from untrusted sources to opened in a safer way. Alternatively, you could use the free Libre Office suite, but this does not suit every business environment.

Antivirus products alone cannot be trusted as most of these still use signature-based scanning, which cannot detect zero-day vulnerabilities. The New York Times hack has shown us that 44 out of 45 strains of malware went undetected by their Symantec endpoint security software. Ancillary software like Java and Flash player should always be kept up-to-date.

All your operating systems should be fully patched and updated. This includes users of Mac OS X (many of whom still believe that “only Windows users get viruses”). Be suspicious of update requests that appear out-of-the-blue. You can manually update your OS or if you want to automate it a little you can use software like Personal Software Inspector from Flexera Software (Windows).

A stateful application-layer firewall should be used. These can be effective in detecting connections from anomalous servers and can detect custom protocols. Moreover, this type of firewall will drop encrypted traffic, which cannot be decoded.

A host-based intrusion detection (HIDS) will be much more effective than anti-virus solutions for detecting more sinister threats. These can perform log analysis, Windows registry monitoring and rootkit detection. Moreover, a HIDs will be more likely to detect malicious process injection from Office documents.

There is no magic bullet for IT security, but having a layered approach greatly enhances your security and reduces the risk of your systems being compromised.

Concerned about IT security? You can contact RealClear IT support in Dublin on 01 – 685 4833. Fast remote IT support nationwide. On-site IT support for the Dublin area. Practical and no-nonsense advice.

10 essential things to remember about data backup

backup-system-installation-dublin

It has been said ad infinitum on this blog that data backup is one of the most important IT tasks you will ever perform in your business. Servers, desktops, laptops and tablets are all replaceable. Your data is not. But we keep seeing the same fundamental backup mistakes again and again. These leave your business wide open to data loss.

So, let’s get down to the brass tacks and look at some mindsets, assumptions and scenarios which lead to data loss.

1. The “I don’t have time to back-up” mindset held by some SME owners is short-sighted. If you perceive data backup taking up too much time, wait till you see how long it takes to recover from a catastrophic disk failure or a ransomware attack. A properly configured backup system should not take up any of your time. It will just run in the background automatically – minimal human intervention needed.

2. “We’re using mostly new computers here we don’t need to back-up”. Having the newest and shiniest IT equipment does not exempt you from backing up. Hard drive failure rates follow what is known as the “bathtub curve” of failure where the probability of failure is elevated in the first 12 months of a disk’s life. Moreover, cryptographic ransomware does not care how new your equipment is.

3. “Our IT support guy said all the data was being backed up to that box over there” We’ve been hearing this old chestnut for years. When you do check the timestamps of backups of “that box over there”, which is normally a server, NAS or external hard drive, you sometimes find that their backup is months out-of-date. The only thing “the box over there” was amassing was cobwebs.

4. The same phenomenon happens with the Cloud backup solutions, some SME owners will say “our data is being backed-up to the Cloud” as if some divine intervention is spiriting their data safely into the clouds. Your data needs to be verified, no matter how reputable you think your Cloud back-up service is. And on the subject of Cloud backup, it would be a good practice that on some idle Friday afternoon to perform a mock restoration of data. We have heard several horror stories of SMEs restoring from Cloud backup services only find all their data corrupted.

5. There are some still SME owners in Dublin who still are only performing local (i.e. not off-site) backups. While Dublin might not get tornadoes or severe lightning strikes, the risk of fire, burst pipes, flood, sabotage, theft and ransomware attacks is ever present.

6. With the multiplicity of data-holding devices such as smartphones, tablets, desktops, laptops, external drive and USB memory keys, data sprawl sets in. This results in many office environments having a hodge-podge of different data sets. This is why your data need to be categorised, prioritised and centralised.

7. Once you have your data categorised, your back-up plan should endeavour to back-up all data to a central file-server (hosted or local). Some SME owners (and some IT admins, alas) make the mistake of backing-up each system to a direct attached storage device. These devices (such as USB external drives) are then used to back up other systems. What results is a messy data sprawl, making reliable off-site back-up more difficult and data restoration processes more time consuming.

8. Some backup software vendors make a virtue of how comprehensive their backup products are. For example, their software might offer one hundred different ways to back-up. Complexity does not make backup software better or more reliable, it just elevates the risk of human error. Complex backup software is anathema to best backup practice simply because users hate using software that is designed like a tax form. Simple, easy-to-use backup software will trump complex software any day. Apple Time Machine is a classic example of this. When software becomes too complex to use, some users stop using it and will resort to drag n drop backup strategies with a USB memory stick…argh.

9. Encryption-based ransomware attacks have been a real game-changer in terms of backup system configuration. Some of the recent variants of ransomware have been extremely agile in propagating across networks from just one infected Mac or Windows system. Good backup systems are designed with such eventualities in mind and support versioning and backup set isolation.

10. Finally, it is important to remember that every IT set-up is constantly changing. Employees leave and new employees arrive. Hardware gets changed. Software gets changed. A good backup system should be flexible enough to be easily re-configured to allow for such changes.

Don’t have nightmares about data backup. RealClear IT Support is based in Dublin, Ireland. Our (local and hosted) backup systems are easy-to-use, reliable and secure. We also support Apple and Windows systems via our remote and on-site service. Call us on 01 685 4833 for some professional, experienced and practical advice.

How to access your Mac or Windows PC remotely from your iPad

access-windows-pc-remotely-using-ipad

The iPad has been a great boon for mobile computing, but unfortunately, it might not have all the files or applications needed to run your business. While it might do everything from web browsing to email, it will not run your Sage accountancy package or your AutoCAD design suite. This can be an inconvenience.

Picture the scene. You’re away from your office and for the sake of traveling light have only brought your iPad with you. But when on-site with a client you discover an important file needed for a presentation or meeting is residing back in your office on your iMac (or MacBook or Windows PC). This could mean making an SOS call to a colleague or family member to email you the file. Worst case scenario, you have to postpone your meeting. Neither of which solution is ideal.

Thankfully, Splashtop Business allows you to quickly and securely log in to your MacBook, iMac, Mac Mini or Windows system just using your iPad. The process is relatively easy. You install Splashtop on each system which you would like to access remotely (and of course on the iPad itself). When you need to log in, all it takes is a few clicks and you are virtually in front of your office computer. You can open up applications, make changes, perform file transfers and even video streaming. Data transmission is secured using end-to-end TLS 256-bit encryption and Splashtop is fully HIPPA compliant.

A very neat app which can save you time and potentially a lot of hassle.

What Irish small businesses can learn from the Mossack Fonseca (Panama Papers) data leak.

it-support-dublin-importance-of-data-encryption

A couple of weeks ago on 3rd April the world became aware of an alleged cyber-attack on the law firm of Mossack Fonseca in Panama. A couple of days later, it emerged that the attacker leaked over 2.6TB of data including over 4.8 million emails, 2.1 million .PDF files, 1.1 million images and 320,166 text files into the public domain. The files contained confidential financial information belonging to prominent politicians, actors, lawyers and business people.It was interesting to read the media coverage of this case. A lot of general media commentators cited the firms’ failure to update its WordPress and Drupal content management systems. While this did possibly contribute to the ease of access which the hacker(s) had, the roots of this hack lie a lot deeper.

Firstly, the data which Mossack Fonseca was holding was not encrypted. Given its confidentiality and headline worthiness, this was an egregious mistake. Storing confidential personally identifiable information in plain-text format is far from best practice. It should have been protected using AES whole-disk encryption or at a bare minimum stored using file-level encryption.

Next mistake was having a public-facing mail server dual-purposing as a document server. This means that a hacker having compromised their website could – with a little more work – hack into emails and then their documents. Easy peasy. Their mail server should have been in their DMZ protected by an external and internal firewall. The document server should have been put on an ultra-secure subnet, with stringent logging (monitored by experienced IT professionals who can spot anomalies quickly) and protected by an APT detection system.

Once they had their network structure secure, they could have then worried about the technicalities at the presentation and application layer of their network. Why was their email was not using TLS? Why was WordPress (with its one-click update function) or Drupal not updated? Why were their WordPress plugins not updated etc? (In other words, the stuff that Sky News talk about after there has been a cyber attack)

Lastly, for a business dealing with such confidential information of such prominent people, from media reports at least, there appeared to be a very low level of cyber-risk awareness present among senior or lower ranking staff. It might have just taken one employee to notice something was awry when 2.6TB of data was going into the ether.

As a result of failing to have a secure IT infrastructure and a cyber risk-aware culture in place, Mossack Fonseca got worldwide negative publicity and severe reputational damage to their business.

When Time Machine Won’t Backup

mac-support-dublin-ireland

Reliable Time Machine functionality is essential in any Apple environment. In most cases, Time Machine is a reliable backup application but can occasionally develop glitches. It is important not to ignore Time Machine errors or put them on the “long finger” because Murphy’s Law dictates it will be the very time your hard drive will crash and you might risk losing important data. The following is a brief (non-exhaustive) checklist on what to do when Time Machine will not backup.

Make sure your Time Machine disk using the GUID or Apple Partition Map. Most external hard drives come pre-formatted with NTFS (which is designed for Windows OS). This needs to be changed to HFS+ Journaled with GUID.

Time Machine might not be backing up because your Time Machine or Time Capsule disk is running out of space. This is a common issue for users who decide to use a single backup disk for various TM backups from different machines. This is not considered best practice, especially when using USB external drives because it often leads to confusion when it comes to restoring a disk in an emergency. To delete TM backups, use the Time Machine browser by clicking on the Time Machine icon on your dock. Locate the TM backup you want to delete via the Timeline. Control-Click the item and select “Delete Backup”.

Sometimes you might see a message that the “backup volume is read only”. This can be solved by simply disconnecting and reconnecting your drive from your local computer or network. If this does resolve the issue, this error can be solved by repairing permissions using Disk Utility (or running an “fsck” command in Terminal). Please note that for best results, it is strongly advisable to copy your Sparcebundle to a local computer on which the repair will be executed instead of executing a repair over your LAN or WLAN.

When backing up to a network drive you might sometimes encounter a “back-up disk image could not be created”. This can be caused by your Mac having no “Localhosthame”. To change this, go to System Preferences>Sharing panel and then insert a name into the “computer name” box at the top of the dialog box.

Sometimes anti-virus products (like Bitdefender for Mac) can interfere with the Time Machine Backup process making it slow down to a crawl. Make sure that you add your AV application to the “safe zone” of any such products or simply use an alternative AV solution like Sophos for Mac. Also beware of third-party disk applications like WD Smartware which can interfere with TM accessing network drives.

Encrypting a Windows 10 Pro Laptop

enable bitlocker encryption it support ireland

If your Windows 10 laptop ever gets lost or stolen, you are potentially putting your data or that of your client’s at risk. The Windows login password is not enough as this can often be bypassed within minutes. Only by using a whole disk encryption application like Bitlocker can the confidentiality of your data be maintained.

To enable Bitlocker on Windows 10

  • Click Start > File Explorer > This PC. Then right-click your system drive where Windows 10 is installed, then click Turn on BitLocker.
  • Enter a password to unlock your drive; this will be an important test to ensure you can boot the system if you happen to lose the recovery key.
  • Decide how you want to back up your recovery key, you can use your Microsoft account if you have one, save it to a USB thumb drive, save it somewhere other than the local drive or print a copy.
  • The option presented asks you how much of your drive you need to encrypt. If your laptop is new select “Encrypt used disk space only”. If your laptop has already been used select “encrypt entire drive”. (make sure your laptop is securely connected to a mains power supply during this entire process)
  • You will now be asked to choose which encryption to use “new” or “compatible”. Choose “new encryption” as this uses the very secure XTS-AES algorithm.
  • The encryption process will now begin.
  • After this process has run its course, your data should be fully encrypted.

 

Encryption does not protect your data from failing hard disks or accidental data loss. Moreover, in rare instances, encryption applications can go corrupt rendering your data inaccessible. Therefore, it is imperative that your freqently perform data back-ups.

7 Tips to keep your Wireless Network Secure

secure eircom wireless network

Driving out of an industrial estate in south Dublin recently at around 7pm in the evening something caught my eye. I spotted a dark coloured Honda Civic with three large antennas on it’s roof parked in a lay-by of the estate. Inside were three occupants each of them tapping away furiously on their laptops. Now they could of been a harmless group of guys who just needed to check out the special offers on the  Halfords website or they could have been engaging in a bit of “wardriving”. This is the practice of people driving around actively searching for insecure wireless networks. When they do find insecure networks they will try to access them.  People think this only happens in Hollywood films but wardriving does occur, even in a grey Dublin industrial estate.

Here are a few tips to protect your wireless network from unwanted snoopers.

 

  • Change the default login settings of your wireless router. Each router will have default username/password settings, (like admin / admin) which most hackers know about. Changing these combinations will make their life a little more complicated. But don’t forget to record these somewhere safe.
  • Make sure the remote management functionality of your wireless router or access point is disabled. Disabling HTTP and Telnet requests is also worthwhile.
  • Your router’s firmware should be up-to-date. Reputable manufacturers continually release new firmware for their devices and some of these can help enhance security.
  • Always apply the most secure wireless security protocol to your network. WPA is no longer secure, but WPA2 is considered “secure enough” for most SME’s. Make sure that that passphrase used contains numerals, characters and symbols. For example, “blackthornroad2016” is not secure where as “$KwiOl-qnCZng%2Z4S%p6ed&Z” is much more secure.
  • Change the default SSID to something that does not readily identify your company. For example, calling your network “Blackthorn Finance Secure Network” could be a red rag to a bull for some hackers. An anodyne name like “network 57” would be much less alluring.
  • Create an isolated guest network. Visitors or contractors to your business might need to access your wireless network. It can be a good idea to have a separate “guest network”. Using VLANing a guest network can be isolated from your business network.
  • Some wireless routers or access points come with a scheduling feature where they can be disabled between certain hours e.g. between 7pm and 7am. This can reduce the window of opporitunity for potential hackers.

 

Addendum: A lot of SME owners ask us “why can’t you just make my wireless network invisible?”. Well, that usually means configuring the router or AP so that an SSID is not broadcast to local computers. This sounds all well and good but most hackers will be using specialised wireless sniffing software which is designed to detect hidden SSID’s.