So the Cloud is “Safe”

It’s National Cyber Security Awareness Month! Of course you should be aware of cyber security every month. Intel has done an interesting page of cyber security suggestions at https://www-ssl.intel.com/content/www/us/en/security/lifehacks.html. Check it out.

I know it seems like I have been picking on Google for the last couple of posts, but they are such an easy target. This time, Google’s CIO, Ben Fried had some interesting things to say in an article written by Liz Gammes of All Thngs D. The article talks about how Google employees are insulated from what is used in the outside consumer world. Google’s mantra is that everyone should trust the cloud to handle their communications and data storage. Employees should collaborate and develop corporate strategy on the web rather than their own internal networks.

Now, Google follows its philosophy by using its own products, like Google Apps and Google Drive for their internal development in their internal cloud. But how does it feel about using other’s products, or the cloud in general? “The important thing to understand about Dropbox,” Fried said, “is that when your users use it in a corporate context, your corporate data is being held in someone else’s data center.” To put that in a real context, Google’s basic philosophy, from my understanding, is anything that is stored on Google’s servers is Google’s property. That may be a bit of an overstatement, but they do feel they have the right to mine your data in order to target ads to you. What is to prevent and Edward Snowden from coping your information and passing it to others? You are relying on Google to tell you that your data has been compromised, and it is because of a breach of their security. Can you say “lawsuit”?

This is not to say that Google is worse than any other cloud provider. They are open about their position on data mining and I am not saying that anyone else is data mining or not data mining. What I am saying is that moving your data to the cloud means that you are consciously giving up control of your information to someone else. You are trusting them to prevent anyone other than yourself from accessing, destroying or changing that data.

As the old consumer adage goes “Buyer beware”.

Android on course for One Million Malware Apps

After taking some time off to attend to my real business, I have found some time to write again. The article the peaked my attention the most was a recent article in Fox Business News. The headline to this article is “Cyber Hackers on Course for One Million Malware Apps” and they are talking just about the Android operating system! According to the article it took over a decade to reach that many malware applications on the “much” beleaguered Microsoft operating environments. However, do we hear a cry from the public about how bad the Google Android operating system is? Not really, we just hear sales numbers on how that OS is selling better than anyone else.

I can go on about the details in the article, but it is written in plain English and doesn’t need any technical translation. What I really what you to think about is how this affects your policy on Bring Your Own Device (BYOD). It is evident the malicious software industry is turning its attention from the evermore hardening arena of the PC environment to the easy pastures of the mobile environment. Not to get too into Google bashing, but it is evident that Google has not learned from the mistakes of its predecessors in the industry. I will not say they are ignoring the security of their customer’s data and money, but they are evidently not doing what is necessary to control the massive outbreak of malware in their OS environment. The excuse that they just create the OS with associated patches and it is up to the licensees to distribute and implement those patch is ludicrous. If Google wants to be recognized as a true software vendor for the business environment, it needs to step up to the responsibilities of a true software vendor. This means they have to reach out beyond the environment that they completely control and make sure that the people using their software are protected as much as reasonable possible.

How secure is your cell phone?

A recent Computerworld article talked about a research paper by Daniel Brodie, Sr. of Lacoon Moblie Security. In this paper, Brodie talked about spyphones, surveillance tools surreptitiously planted on a user’s handheld device, have become more and more common. If you have been watching CBS’ Person of Interest, you would note the first thing that is done is that a spyphone is put on the subject’s cell phone. Now, you might think this is just Hollywood’s version of reality, but the truth of the matter is that it has become reality.

Lacoon Mobile Security partnered with several global cellular network providers to sample 250,000 subscribers in March of last year and again in October. The first sampling showed that 1 of 3000 devices had spyphone software installed. The second sampling showed the infections tripling to 1 in 1000 devices being infected. The initial survey showed that 74% were iOS (Apple) devices while the second showed the percentage dropping to 52% being iOS devices. The following chart from the research paper shows the percentage of devices infected by operating system.

Why the increase in infections? Lacoon Mobile Security identified more than 50 families of spyphones. As stated in the research paper “These spyphones run the gamut from dedicated high-end groups targeting specific nations and corporations, to low-end software targeting the private consumers…. At the lower end of the spectrum are spyphones which most commonly portray themselves as promoting parental controls and spouse monitoring.” What is more amazing is the cost of this type of software. Again from the research paper, Brodie noted

“The difference between the military and non-military grade spyphones? The device infection vectors and accordingly, their cost. Current estimates hold nation-targeted spyphones at $350K1. In the meanwhile, the commoners-targeted spyphones follow a monthly low licensing model– sometimes as low as $4.99.

The amazing part is that the end-result is essentially the same on the targeted devices. So for just a bit more than the price of a Starbucks latte, an attacker can purchase a spyphone with nearly identical capabilities to that of a top-end spyphone.”

The conclusion of the paper is even more interesting. Brodie concludes that “It is important to recognize that infection is inevitable.” But he also notes that we have seen this before in the computer desktop environment. The steps that we use to protect ourselves from malware in the desktop world are needed in the mobile world. The problem is that the tools to prevent mobile device malware are not there yet and the awareness of the problem is not large enough for the tools to be profitably developed.

How can you protect yourself? First follow the same rules on your phone that you do on your desktop computer. Be very careful on what apps you download. Keep up with what is happening on mobile device security. Talk to your IT Professional to help you defend against this new type of malware.

It’s 6 Months later. What should you do about the end of life for Small Business Server?

Hiding the announcement like a politician hides bad news, Microsoft announced the end of life for their Small Business Server (SBS) last July. It’s now nearly six months later, and they are still trying to figure out what the replacement for Small Business Server should really be. Just this month, Microsoft has changed the licensing rights for those that purchase Small Business Server 2011 with Software Assurance. The original announcement gave Software Assurance purchasers rights to one Windows Server 2012 Standard license, one Exchange 2010 Standard license and the associated CALs to match the Small Business Server CALs. The new announcement gives the purchaser rights to two Windows Server 2012 Standard licenses along with the Exchange 2010 license. Additionally, you will be able to upgrade to Exchange 2013 if you wish.

One other announcement that has been made by Microsoft is how to transmogrify Windows 2012 Server Essentials into a normal Windows 2012 Server environment. Transmogrification (yes, this is a real word according to Microsoft), can be simply accomplished by activating a Windows 2012 Server Essentials environment with a Windows 2012 Server product code. There are no additional charges outside of the CAL requirement for every user/device connected to server. This act also increase the number of computers that can be backed by the Essentials server up from 25 to 75

So what does this really mean to the business owner? The choices have become more numerous than before which really means you need an expert to determine what is best for your business. Let’s assume that you are moving from SBS 2003 to something. What should you choose?

One choice would be Small Business Server 2011. Although you can no longer purchase Software Assurance for the product, you can still purchase it until July of this year. Jeff Middleton of IT Pro Experts argues that SBS 2011 will have validity for the next five years. I think this is a valid assumption if you think your company will grow within the restraints of SBS (75 users).

Another choice would be to move to either Small Business Server Essentials 2011 or Windows 2012 Server Essentials for your internal server as long as you will stay within the 25 user limit. For this size business, I would recommend an outside mail server such as Microsoft Office 365.

For larger businesses, you could go to a Windows Server version and either have your email hosted in-house or in the cloud. In doing analysis for a number of different clients, I have found that the conversion costs to cloud email versus keeping mail in-house break even at about 5 years.

These are just high level overviews of what choices are available. There are many variations within the choices I have mentioned. If you have more questions, let me know an I will try to address them.

What are your younger employees thinking about IT Policies?

Cisco has released their “Connected World Technology Report 2011“. This was a worldwide study of 1,441 College Students (age 18–24) and 1,412 End Users (21–29) who completed an online survey between May 13 and June 8, 2011. The study covered 14 countries with about 200 entries per country. The End Users were screened were college graduates or higher, employed full time in a non-IT role, and worked for an organization that employs 10+ people worldwide. The purpose of the study was to examine the behavior and expectations of the world’s next generation of workers and how their demands for information access are changing business communications and the future of work.

Among other findings, the 2011 Cisco Connected World Technology Report revealed:

  • One of every three college students and young employees believes the Internet is as important as air, water, food, and shelter.
  • Two of five said they would accept a lower-paying job that had more flexibility with regard to device choice, social media access, and mobility than a higher-paying job with less flexibility.
  • Regarding security-related issues in the workplace, seven of ten employees admitted to knowingly breaking IT policies on a regular basis, and three of five believe they are not responsible for protecting corporate information and devices.

     

When looking into the detailed answers of End Users from the US, your current employees, some things definitely pop out.

  • Nearly Two-Thirds of End Users believe ‘Company-Issued Devices Should Be Available for Both Work and Play.’
  • When asked, US End Users were split evenly on whether their company should give the same equipment to everyone, or they should be given a budget to buy their own equipment, or they should have company supplied equipment but be able to use their own devices at work.
  • Over half thought they should be able to access their corporate network from their home computer and nearly as many thought they should be able to from personal mobile devices. A third thought they should be able to access the corporate network from any computer anywhere.
  • In an answer to that expectation, over half the End Users could access their corporate network remotely, but not always from all locations.
  • In deference to their international colleagues, nearly two-thirds US End Users would take a higher salary over the ability to work remotely.
  • About a third of US End Users report their company restricts access to Online games and Social Networking sites. Of those restricted, a third thinks it would be nice for work/life balance issues if these sites were available. While nearly as many think that they and their co-workers would waste a huge amount of time if the sites were available.
  • 40% believe that their company IT policies need slight improvement or updating. Even though, over half believe the company policies are fair.
  • Only 34% always follow their company IT policies while another 53% say they follow those policies most of the time.
  • 64% of those that break the company policies believe that they are doing nothing wrong.

 

Most of the US End Users responding to the survey were between the ages of 25 and 29. Half of the End Users worked for companies with more than 750 people. A third of the respondents worked for companies with less than 100 people.

 

So what can be drawn from this study? From the employee’s point of view, remote access is desirable and may lead to better productivity. There is no real consensus on who should supply end user equipment, but employers should be looking at or developing policies on Bring-Your-Own-Device (BYOD) questions. But for most employees in the US, pay is more important than remote access and flexibility.

 

Employers should recognize that they need to define policies. Those policies can be restrictive if fair. Once policies are defined, they need to be updated on a regular basis.

 

There were a lot of other issues questioned in this study, but I believe these are the key points for the small business owner that is looking ahead:

  • Be aware that younger users expect more in IT connectivity.
  • They will basically follow the rules if the rules seem logical. Otherwise, they will find a way around them.
  • Times have changed. If you aren’t already doing it, you should look at restricting Internet access during your work day. Tomorrow may be too late because expectation of access is already there.
  • Make sure your employees understand their responsibility for the security of the company’s data and equipment.

 

How to check your user licenses in Office 365

I recently got asked by one of my clients to check what users were on what plan in their Microsoft Office 365 account. You can imagine my surprise when Microsoft billing told me the only way to do this was to go down each user in the administrative portal, click on them and check the licensing page to see what license is assigned. I asked if there was a way to do this with Powershell and I got sent off to technical support. They found nothing that would do this in their quick technical answers and they would have to get back to me.

After a bit of research on my own, I ended up creating my own script to get the information. Here’s that script:

—————————————————————————————————

# Script to retrieve a licensing report from Office 365 and output it to CSV

# DISCLAIMER

# The sample scripts are not supported under any Microsoft standard support program or service.

# The sample scripts are provided AS IS without warranty of any kind.

# The entire risk arising out of the use or performance of the sample scripts and documentation remains with you.

# Created by Ted Giesler http://blog.cypgrp.com

Function Get-FileName($initialDirectory)

{

     [System.Reflection.Assembly]::LoadWithPartialName(“System.windows.forms”) | Out-Null

     $OpenFileDialog = New-Object System.Windows.Forms.SaveFileDialog

     $OpenFileDialog.initialDirectory = $initialDirectory

     $OpenFileDialog.filter = “All files (*.*)| *.*”

     $OpenFileDialog.ShowDialog() | Out-Null

     $OpenFileDialog.filename

     If ($Show -eq “OK”)

        {

        Return $objForm.FileName

        }

    Else

        {

        Write-Error “Operation cancelled by user.”

        Exit

        }

} #end function Get-FileName

# *** Entry Point to Script ***

# load the MSOnline PowerShell Module

# verify that the MSOnline module is installed and import into current powershell session

If (!([System.IO.File]::Exists((“{0}\modules\msonline\Microsoft.Online.Administration.Automation.PSModule.dll” -f $pshome))))

{

    Write-Host “The Microsoft Online Services Module for PowerShell is not installed. The Script cannot continue.”

    write-host “Please download and install the Microsoft Online Services Module.”

    Exit

}

$getModuleResults = Get-Module

If (!$getModuleResults)

{

    Import-Module MSOnline -ErrorAction SilentlyContinue

}

Else

{

    $getModuleResults | ForEach-Object

        {

            If (!($_.Name -eq “MSOnline”))

        {

        Import-Module MSOnline -ErrorAction SilentlyContinue

        }

        }

}

# Connect to Microsoft Online Service

Connect-MsolService -Credential $cred -errorAction silentlyContinue -errorvariable $er

$users = Get-MsolUser -all

# Setup the output file

$defaultfolder = $Env:UserProfile + “\documents”

$outfile = GEt-Filename ($defaultfolder)

$header = “userPrincipaName,usageLocation,isLicensed,accountSKUid,servicePlan1,provisioningStatus1,servicePlan2,provisioningStatus2,servicePlan3,provisioningStatus3,servicePlan4,provisioningStatus4,servicePlan5,provisioningStatus5”

Out-File -FilePath $outfile -InputObject $header

# Write-Host $header

foreach($usr in $users)

{

    $lineOut=$usr.UserPrincipalName + “,” + $usr.usageLocation + “,” + $usr.isLicensed + “,”

    foreach($lic in $usr.Licenses)

    {

        $lineOut = $lineOut + $lic.AccountSkuID

        foreach($s in $lic.ServiceStatus)

        {

            $lineout = $lineout + $s.ServicePlan.ServiceName + “,” + $s.ProvisioningStatus +”,”

        }

    }

    Out-File -FilePath $outfile -Append -NoClobber -InputObject $lineOut

    # Write-Host $lineOut

    $lineOut = $null

}

Write-Host -ForeGroundColor BLue “Please review your output file at ” $outFile

————————————————————————————————————————–

This script will create a comma separated file showing each user and each license category that user has a license. Unfortuantely, this does not match nicely to the Office 365 plans. You will have to add the specific licenses together to try and match your Office 365 Plan licenses.

Hopefully this will help others looking for the same type of answers.

How are you most likely to get attacked by Malware?

Recently the Microsoft Trustworthy Computing group released their Microsoft Security Intelligence Report covering the first half of 2012. It is interesting to look at where most malware comes from and what has been the most vulnerable software.

The most prevalent method of malware distribution according to Microsoft had been what they call “unsecure distribution chains.” Fallowing in this category are websites that distribute “free software”, both legal and not legal. Some of the popular software names listed by Microsoft as containing malware include:

  • keygen.exe
  • mini-KMS_Activator_v1.1_Office.2010.VL.ENG.exe
  • AutoCAD-2008-keygen.exe
  • SonyVegasPro Patch.exe
  • Nero Multimedia Suite 10 – Keygen.exe
  • Adobe.Photoshop.CS5.Extended.v12.0.Keymaker-EMBRACE.exe
  • Call.of.Duty.4.Modern.Warfare.Full-Rip.Skullptura.7z
  • Guitar Pro v6.0.7+Soundbanks+Keygen(Registered) [ kk ].rar

They also listed a number of movie named files that contained Malware, including:

  •  The Avengers 2012 720p BDRip QEBS7 AAC20 MP4-FASM.avi
  • Prometheus 2012 DVDRip.avi
  • Wrath of the Titans 2012 DVDRip aXXo.avi
  • Battleship 2012 DVDRip.avi
  • What to Expect When You’re Expecting 2012.BRRip.XviD-KAZAN.avi
  • The Hunger Games 2012 TRUE FRENCH DVDRIP XViD FiCTiON L S79.avi
  • Sherlock.Holmes.2.A.Game.of.Shadows.2012.DVDRip.XviD-26K-0123.avi
  • The Five-Year Engagement 2012 HDRip XviD-HOPE.avi
  • Project X 2012 TRUE FRENCH DVDRIP XViD FiCTiON L S79.avi
  • Amazing SpiderMan 2012 DVDRiP XviD.avi

When looking at what got attacked by malware, the report notes that of the 3 categories, core operating systems, browsers and applications, most malware attacked applications and least attacked were core operating systems, In the application category, Java and Java Script were by far the most attacked, followed by Adobe readers and Adobe flash.

What was even more interesting is that when looking at the implementation of updates of these four applications, over 50% of users were missing the latest updates. In the case of Java, over 90% of users did not have the latest updates installed.

Looking at infections by operating system, Windows XP had the highest percentage of infections at 9.5% of estimated installed computers while Windows 7 SP1 64-bit had the lowest at 3.1%.

So what should a user learn from this report?

  1. Be careful what you download. You may get more than you asked for.
  2. Install your updates. Not just Microsoft ones but Java and Adobe are key.
  3. Run a current operating system. The newer the OS, the less likely you are to get infected. Remember, support for Windows XP ends April, 2014.