26 November

Entrusting your data to HP

Posted

IF YOU CAN’T TRUST YOUR HARD DRIVE –

DON’T TRUST YOUR DATA

Why Buy HPE Server and Storage Hard Drives?

In today’s distributed enterprise with larger, more complex applications than ever before, an increase of mission-critical data moving to the server, and continued server consolidation, storage has become more important than ever. HPE delivers the highest quality products to ensure the integrity and availability of data. A major component of this process is HPE’s commitment to deliver the highest quality hard drives in the industry. So Why Buy HPE Hard Drives?

Qualification Process. HPE drives are NOT the same as their OEM equivalent. HPE has set up an industry recognized qualification process unmatched in the industry with four teams dedicated to testing drives in real-life and extreme environments:

  1. Selection Evaluation Team
  2. Development Validation Team
  3. Supplier Production Qualification Team
  4. Continuous Improvement/Performance

Not only does HPE test for data and signal integrity and physical defects, but we also audit supplier processes and put drives through real-life situations to see how they cope with the differences of various operating systems. The HPE system compatibility aspects of an HDD product are validated through a series of test sequences defined by a set of matrices that describe representative configurations, including both HPE legacy and new storage applications. Typically, more than 2,000 unique HDDs are used to evaluate a product family during the Development Validation phase, and approximately 2 million drive test hours occur during each family qualification. Closed-Loop Quality System. HPE’s closed-loop

Closed-Loop Quality System. HPE’s closed-loop quality system includes multiple quality controls and monitoring systems. These quality controls and monitoring systems ensure the product meets HPE’s quality and reliability requirements. The controls will alert HPE and the HDD Supplier to any “out of control” conditions and quality issues, allowing HPE to contain nonconforming product and implement corrective actions prior to shipment of nonconforming product to customers.

Integration. Many issues customers have with third party hard drives have to do with “simple” integration concerns. All HPE hard drives ship with the correct cables, SCSI ID settings, termination schemes, and documentation for HPE servers. When buying from another supplier, there is no guarantee that these drives have been set properly from their generic default settings to ensure proper operation with HPE servers.

HPE has developed strong long-term working relationships with all of its HDD suppliers. HPE engages with HDD suppliers in researching new technologies, product requirements, long-range product roadmaps, new features, and defining requirements for product designs. HPE also works with HDD suppliers 2 to 3 years in advance of product availability to ensure technology feasibility and successful system integration.

Firmware. High performance drives include a firmware-based feature named “Tagged Command Queuing”, which improves performance and dramatically increases the complexity of drive operations, making the firmware similar to a multi-tasking operating system. There are an enormous number of timing sequences that need to be tested to ensure that the drive firmware design is “bullet proof” with amendments made accordingly. Only HPE drives have firmware tested and optimized for HPE systems.

Pre-Failure Warranty. HPE’s Integrated Lights Out (iLO) leverages technology embedded in Smart drives to detect anomalies in drive operation. When a drive performs outside an accepted parameter, the agents send an event to iLO. Under HPE’s exclusive Pre-Failure Warranty, the drive can then be replaced at HPE’s expense. This feature allows Systems Administrators to proactively schedule downtime for maintenance without interruption to business critical operations. With a combination of hot-pluggable drives and a Smart Array Controller, the faulty drive can be replaced without any downtime. Only HPE drives can be monitored by the health log and benefit from this warranty. Note of caution: The HPE warranty may be invalidated when HPE products have been damaged or rendered defective by the installation or use of third-party parts.

Price Competitiveness. HPE monitors the drive market on an on-going basis to ensure that our drives are price competitive with all competitors and to offer superior price/performance and the lowest total cost of ownership (TCO).

 

Written by Levi Norman, HP

CITON has used HPE hard drives since the first server we built. We believe in providing the highest quality products to our customers. Hard drives are a vital piece of equipment for the security and performance of your business. Contact CITON to learn more on how HPE hard drives can improve the integrity of your data.

21 November

Taking Caution in Cloud Security

Posted

CLOUD SECURITY MISSTEPS

HOW TO AVOID COMMON SECURITY PITFALLS.

Cloud computing remains shrouded in mystery for the average American. The most common sentiment is, “It’s not secure.” Few realize how many cloud applications they access every day: Facebook, Gmail, Uber, Evernote, Venmo, and the list goes on and on… People flock to cloud services for convenient solutions to everyday tasks. They are so easy to start using that consumers rarely think twice about setting up an account or downloading a new app.

Regardless of whether you acknowledge it, cloud usage incurs risk to your personal information. The data breaches in the news have much worse repercussions than just the need to reset your password. Cloud usage from your phone or computer may expose your data to criminal hackers who sell the information on the black market, or Darkweb.

TAKE HEED OF THESE COMMON CYBER SECURITY PITFALLS:

Misstep: You lost control of your data because of the fine print in a user agreement. Solution: Many cloud services claim ownership of any uploaded data, even after you delete your account. These tricky rules are hidden in plain sight in the terms and conditions.

Misstep: You sent out a public link to a Google Doc so others could view and edit.

Solution: Creating a public link is a convenient way to share a common document, but this means literally anyone who guesses the link can view the document. You may not care about your grocery list getting loose on the internet, but even documents like a party-planning sheet may have your address or other information you want to keep private. To restrict access, invite email addresses instead.

Misstep: You granted an application every permission under the sun.

Solution: Applications request authorization for device permissions, but sometimes these can overstep boundaries. Be discerning when services seem to overstep their bounds by requesting access to contacts or even your camera, for example. These permissions can cost you money by making phone calls, violate privacy, or make a malicious attack more dangerous. Look out for permissions that seem unnecessary for the application’s function.

Misstep: You use the same password for every app on your phone.

Solution: The previous tip discussed how attackers can gain access to your sensitive information by guessing or using a stolen password. Don’t make it easy for them! If you use the same password for all online services, a breach at Twitter may give attackers entrance into your bank, Amazon, and corporate email accounts. Use a password manager to minimize the damage in the event a single service gets breached.

 

Article retrieved from Cloud Tweaks.

A recent trend in the cybersecurity industry has removed the “blame” of security failures from technology users and shifted the focus to making security easy. With that in mind, there are simple choices people make online that affect the likelihood of becoming a victim to cybercrime.

8 November

The Power of Partnership

Posted

Hewlett Packard Enterprise

We have been doing the I.T. thing for a long time.  A really long time.  So long in fact that I think we have printers older than some of our employees. (Those HP Laserjets just keep going when you maintain them!)

One of the reasons we remain relevant in this cloud obsessed big-data driven world are the partnerships we have created since 1994.  We are a really loyal company. We believe in the power of consistency. Because when you combine loyalty and best in class vendor performance, the result is a powerful IT platform that will outperform the competition year after year.

These partnerships take work.  We meet, we strategize, we continually learn to ensure that we are offering you, our customer, the very best that I.T. has to offer. We believe that this gives you an edge. An edge over your competition and an edge that provides for razor-sharp performance and incredible customer service.

We have had some vendor relationships for over 24 years.  For example, HP Inc and HPE have been providing desktops, servers and storage on the most stable platform we have experienced since we started our little company in 1994. Their products rarely fail but if they do we have found that their support is the best in the world.  With local depots for stock and a commitment to parts (sometimes beyond a product’s usable life) we are able to support you because they support us.

The role of I.T. has always been one of enablement from vendor to distributor to solution provider (that’s us!) and finally to you our customer. We want our I.T. served hot with power, performance and longevity – just like that bullet proof Laserjet printer. Thanks HP!

Steven Dastoor

At CITON our IT solutions are dependent on our vendor partnerships. We focus on aligning with great companies that offer great solutions. But that’s not enough. Our vendor partners have to provide us with the best possible support as well. HPE supports us so we can support you.

5 November

Microsoft’s Antivirus Update. Do you have it enabled?

Posted

Sandboxing:

Microsoft Windows Defender Antivirus.

cloud2

Microsoft Windows built-in anti-malware tool, Windows Defender, has become the very first antivirus software to have the ability to run inside a sandbox environment.

Sandboxing is a process that runs an application in a safe environment isolated from the rest of the operating system and applications on a computer. So that if a sandboxed application gets compromised, the technique prevents its damage from spreading outside the closed area.

Since antivirus and anti-malware tools run with the highest level of privileges to scan all parts of a computer for malicious code, it has become a desired target for attackers.

The need for sandboxing an antivirus tool has become necessary after multiple critical vulnerabilities were discovered in such powerful applications, including Windows Defender, in past years that could have allowed attackers to gain full control of a targeted system.

That’s why Microsoft announced to add a sandbox mode to its Windows Defender. So, even if an attacker or a malicious app exploiting a flaw in Defender compromises the antivirus engine, the damage can’t reach out to other parts of the system.

“Security researchers both inside and outside of Microsoft have previously identified ways that an attacker can take advantage of vulnerabilities in Windows Defender Antivirus’ content parsers that could enable arbitrary code execution,” Microsoft said in a blog post.

Google Project Zero’s researcher Tavis Ormandy, who found and disclosed several of these types of flaws in the past year, lauded the Microsoft’s effort on Twitter, saying it was “game-changing.”

“Running Windows Defender Antivirus in a sandbox ensures that in the unlikely event of a compromise, malicious actions are limited to the isolated environment, protecting the rest of the system from harm,” Microsoft said.

According to Microsoft, implementing sandboxing in Windows Defender was a challenge for its engineers because the process had the potential to cause performance degradation and required a number of fundamental changes.

However, the research community has taken it as a welcoming step by Microsoft that has raised the bar on security for commercial antivirus and anti-malware solutions out there.

How to Turn On Sandbox Feature in Windows Defender Antivirus

For now, Windows Defender running on Windows 10, version 1703 (also known as the Creators Update) or later, support the sandbox feature, which is not enabled by default, but you can turn the feature on by running following command on your system:

  1. Open Start and Search for “CMD” or “Command Prompt”
  2. Right Click on it and select “Run as administrator.”
  3. Type: “setx /M MP_FORCE_USE_SANDBOX 1” and then press ENTER
  4. Then restart your computer, that’s it

Microsoft is gradually rolling out a Windows Insider preview supporting the sandboxing feature in Defender Antivirus, and the feature will soon become widely available, though it is not sure when this will happen.

 

Thank you to thehackernews.com for this article!

Antivirus and anti-malware tools are just what you need to fend off attackers. Is your current software up to date? Call CITON to see how we can help defend your system. 

1 November

Ransomware attack: How to defend your data

Posted

Ransomware Attack

What is your plan to backup, monitor, and recover?

Ransomware attacks are becoming more rampant now that criminals have learned they are an effective way to make money in a short amount of time. Attackers do not even need any programming skills to launch an attack because they can obtain code that is shared among the many hacker communities. There are even services that will collect the ransom via Bitcoin on behalf of the attackers and just require them to pay a commission. This all makes it more difficult for the authorities to identify an attacker.

6-step plan to prevent ransomware attacks

1. Employee training: Your ransomware prevention plan should include training employees on what ransomware is and the method attackers primarily use to initiate attacks — phishing. This training should be conducted regularly.

2. Patch servers, devices and apps: Organizations must have a process for patching servers, network devices and applications. Many organizations do not stay up to date on patching their applications. Attackers know this, and they primarily target them. Patching progress, procedures and policies should be reviewed for effectiveness monthly or quarterly.

3. Antivirus tools on end points: You should also have a plan to use antivirus on your end points. Focus on using tools that can track suspicious behavior because many ransomware attacks are specifically designed to avoid being detected by signature-based antivirus programs.

4. Back up your data: Many organizations that have paid a ransom did so because they did not properly back up their data. Your backup process must be documented. Include your recovery point objective (RPO) and recovery time objective (RTO) in your disaster recovery plan, and test it each year to verify the objectives can be met.

5. Test your backups: You should test your backups regularly to verify all critical data is backed up. Also, it is important to make sure your backup data is protected from ransomware attacks. With the popularity of network-based backups, many organizations run their backup devices on the same network or VLAN as their standard production network. This should be avoided to prevent your backup data from being a victim of a ransomware attack.

6. Conduct vulnerability assessments: Vulnerability assessments that holistically review the security posture of an organization are beneficial in preventing a ransomware attack. These assessments should verify that the appropriate procedures to prevent ransomware attacks are being followed consistently.

 

These 6 tips on prevention are from Network World.

CITON has just the defense software you need to protect your business from ransomware. The attacks can cause serious damage and loss of data if a proper recovery plan is not in place.