Closing the STEM gap

If there is one thing our current crisis has taught us, it is that we need more investment in STEM programs. More specifically, we need more investment in girls STEM programs. Technology can help bridge the education gap and encourage all of our kids to stay in school and look at STEM as a career opportunity. Our CITON educational field teams are doing an incredible job maintaining the technology that, now more than ever, support distance learning.

Take a Look

Remote work requires reliable, secure and easy-to-use Wi-Fi? Introducing Wi-Fi that works from @ArubaNetworks

Citon Networking Infrastructure Team

Thanks to @ArubaNetworks, CITON can deliver big-impact Wi-Fi right-sized for your smaller business. Introducing Aruba Instant On! Wi-Fi that works for small and medium-sized business.

Your small business deserves Wi-Fi that delivers an amazing experience! Aruba has just introduced Aruba Instant On, check out the video to learn how Instant On provides incredibly fast, simple Wi-Fi for your business.

For more information on Wi-Fi that works, contact our remote team on 888 462 4866 or 888 GO-CITON.

Firewall: 101

How well do you know your firewall?

Do you know how your firewall works? Firewalls are an essential part of your infrastructure’s defense. It decides which network traffic to reach your computer. The two layers that are involved from the OSI model are 3; Network layer, and 7; Application Layer. Layer 7 interacts directly with the software applications, while layer 3 transfers data.

Firewall Layers

When it comes time to tell your firewall which types of traffic are OK to admit and which ones it should block, there are multiple ways to categorize traffic into “OK” and “not OK” categories. Each approach corresponds to a different firewall “layer,” as defined by the OSI model.

Layer 3 Firewalls (Network Firewalls)

One way is to categorize traffic according to IP addresses. You could tell your firewall to accept traffic from certain IP addresses while blocking all other traffic. Alternatively, you could blacklist IP addresses that you know to be sources of abuse.

If you categorize traffic in these ways, you’re operating on layer 3 of your firewall. You’re essentially allowing and blocking individual network packets depending on where they originated and which ports they want to talk to.

Layer 7 Firewalls (Application Firewalls)

The other common approach to firewall configuration involves layer 7, which is also known as the application layer.

Layer 7 lets you sort traffic according to which application or application service the traffic is trying to reach, and what the specific contents of that traffic are. Rather than simply blocking all traffic on a certain port, you could use an application firewall to accept traffic on that port in general, but block any traffic that contains a known vulnerability.

Layer 3 vs. Layer 7

If layer 7 provides the greatest opportunity for advanced firewall configuration, why would we talk about layer 3 at all? The answer is that they’re different tools that mitigate different kinds of risks and it’s not an either/or question. In most cases, you’d use both a L3 and an L7 firewall and the two complement each other.

L3 firewalls make decisions based on a much more narrow set of variables (IPs and ports) than L7 firewalls, which look at a literally infinite amount of unique requests. Thus, L3 firewalls are generally able to have much greater throughput than L7 firewalls. Further, because they address a lower level of the stack, L3 firewalls cover a wider variety of scenarios than an L7 firewall.

The lack of protocol awareness, though, is a significant blind spot the L7 firewalls address. Especially as HTTP has become the universal app protocol, attackers are more likely to probe and exploit weaknesses within the app layer. So, if you have just an L3 firewall that allows all traffic to port 80, you’re blind to those risks. An L7 firewall is able to look within the app layer and make decisions regarding whether to allow a request based on what it contains—not just the port it’s trying to reach.

Because of these trade-offs, the best model for most scenarios is to use multiple layers of defense in depth; specifically, have an L3 firewall at the edge that only allows inbound traffic on the specific ports your apps use.


Ideally, then, you’ll have the ability to use both layer 3 firewall filtering and layer 7 filtering as needed. By being able to filter both at the network level and the application level, you have maximum ability to protect your infrastructure and services against intruders.

Article written by John Morello at Security Boulevard.


Here at CITON, we believe knowledge is power. We hope this article provides you some insight as to how important our firewall software is to your business. Call us for more information (218) 720-4435.

What do your employees know about social engineering?

Have your employees been informed about the safety of phishing through social engineering? There are numerous ways to fall victim to this attack. Be prepared to protect your data with software that can protect against this.

Social engineering is a technique used by criminals and cyber-crooks  to trick users into revealing confidential information. The data obtained is then used to gain access to systems and carry out actions to the detriment of the person or organization whose data has been revealed.

This practice basically exploits the trust that the user unwittingly places in the criminals, who often pose as a company employee, colleague, friend or boss. Under the guise of checking or protecting the user’s information, the criminals ask for confidential information which can then be used to steal the victim’s identity, money, etc.

How does social engineering work?

Social engineering is still one of the most common means of cyber-attack, primarily because it is highly efficient. To criminals, the user is the ‘weakest link in the security chain’.

Users are normally targeted in two ways: either over the phone or online.

– By phone, criminals pose as employees of a company or organization, say a bank or ISP, and after going through some typical questions and statements in order to gain the trust of the potential victim, they will then ask for login credentials and passwords.

– The most common fraud technique on the Internet is phishing. In this technique, users reveal data because they think they are on a trusted website. Another way that social engineering is used online is using attachments to emails from people known to the victim. Malware is used to attack users’ address book sand send emails –with the attacker’s file attached- to all their contacts.

How to avoid falling victim to social engineering

First and foremost, to prevent data theft through social engineering be wary and use common sense:

– Never reveal your passwords or login credentials to anyone. If a legitimate technician needs to access your account or information, they should be able to do this without needing you to give them your details.

– When you enter your details on a website, make sure the URL is correct.

– Never open strange-looking files or attachments, even if they come from someone you know.


Thank you Panda Security for the article.

Call CITON to find out how we can help defend your business’ data and hardware. (218) 720.4435.

Protecting against Ransomware

Ransomware attacks can happen to any business of any size. Usually the target of these attacks are individual computers, but recent attacks on weak IT infrastructures have been on the rise. Here at CITON we pride ourselves in protecting our customer’s data. Ask us about our Aardvark software to assist in defending your business.cloud2

How Ransomware Attacks Typically Work

In a previous post from, they described the common vehicles used by hackers to infect organizations with ransomware viruses. Most often, downloaders distribute trojan horses through malicious downloads and spam emails. The emails contain a variety of file attachments, which if opened, will download and run one of the many ransomware variants. Once a user’s computer is infected with a malicious downloader, it will retrieve additional malware, which frequently includes crypto-ransomware. After the files have been encrypted, a ransom payment is demanded of the victim in order to decrypt the files.

What’s Changed With the Latest Ransomware Attacks?

In 2016, a customized ransomware strain called SamSam began attacking the servers in primarily health care institutions. SamSam, unlike more conventional ransomware, is not delivered through downloads or phishing emails. Instead, the attackers behind SamSam use tools to identify unpatched servers running Red Hat’s JBoss enterprise products. Once the attackers have successfully gained entry into one of these servers by exploiting vulnerabilities in JBoss, they use other freely available tools and scripts to collect credentials and gather information on networked computers. Then they deploy their ransomware to encrypt files on these systems before demanding a ransom. Gaining entry to an organization through its IT center rather than its endpoints makes this approach scalable and especially unsettling.

SamSam’s methodology is to scour the Internet searching for accessible and vulnerable JBoss application servers, especially ones used by hospitals. It’s not unlike a burglar rattling doorknobs in a neighborhood to find unlocked homes. When SamSam finds an unlocked home (unpatched server), the software infiltrates the system. It is then free to spread across the company’s network by stealing passwords. As it transverses the network and systems, it encrypts files, preventing access until the victims pay the hackers a ransom, typically between $10,000 and $15,000. The low ransom amount has encouraged some victimized organizations to pay the ransom rather than incur the downtime required to wipe and reinitialize their IT systems.

The success of SamSam is due to its effectiveness rather than its sophistication. SamSam can enter and transverse a network without human intervention. Some organizations are learning too late that securing internet-facing services in their data center from attack is just as important as securing endpoints.

What all the organizations successfully exploited by SamSam have in common is that they were running unpatched servers that made them vulnerable to SamSam. Some organizations had their endpoints and servers backed up, while others did not. Some of the victims chose to pay the ransom — a strategy that in the past hasn’t guaranteed that the hackers will decrypt the hijacked files.

Article written by Roderick Bauer from

Call CITON today to have your IT infrastructure assessed (218) 720-4435.