Are You Having A Technology Emergency?

True North Networks Blog

True North Networks has been serving the Swanzey area since 2002, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Everything You Need to Know About Router Security to Avoid Getting Hacked by Cybercriminals

The bad news: most people don’t give a second thought to their routers.

This lack of know-how puts a lot of households in a dangerous position. The United States Computer Emergency Readiness Team (US-CERT) has issued an alert about Russian state-supported hackers carrying out router march 2019attacks against a large number of home routers in the U.S.

Some routers are inherently flawed and can never be fixed. To help beef up your router’s security, here are five tactics for protecting your home network, devices and files from hackers.

First, check your router's admin page

Before you start, make sure you can get into your router's administration console; this is where you manage your router's settings, including password management to firmware updates.

First, make sure your computer is connected (either wired or wirelessly) to your router, open a web browser and type in the router's IP address. The IP address is a set of numbers, and the default depends on your router's manufacturer. The common ones are 192.168.1.1, 192.168.0.1 or 192.168.2.1.

If you're don’t know your router's IP address or password, it’s on the internet

1. Select the best encryption

Criminals love unsecured home Wi-Fi networks. Securing your Wi-Fi network can also shield you from unwelcome connections that may be using your network for illegal activities.

This is why it's important to protect your Wi-Fi network with strong encryption. If you are required to enter a password to connect to your Wi-Fi, you already have some encryption enabled on your router.

There are different types of Wi-Fi encryption, and you have to make sure that it's the most secure one you can employ.

The most widely-used Wi-Fi security protocol right now is still Wi-Fi Protected Access 2 (WPA2) encryption. However, this standard is over a decade old, and it is already susceptible to serious security vulnerabilities like 2017's KRACK attack.

If you're shopping for a new router, look for one that supports the newest security standard called WPA3. These models have just started rolling out. Every router has a different menu layout, but you should be able to find encryption under the "Wireless" or "Security" menu. You'll have a number of encryption options: if you still have an older router, you want to select one that starts with "WPA2." If your router is not WPA3 compatible, then "WPA2-PSK AES" is your best option right now.

However, if you have older Wi-Fi gadgets, you might have to select the hybrid option "WPA2-PSK AES + WPA-PSK TKIP" to get them working.

Never choose Open (no security), or if it is using WEP, change the security setting immediately. An open network will make it easy for someone to steal your Wi-Fi, and the older WEP security is easily hacked.

If the only encryption options your router has are WEP or WPA, tell your router to check for a firmware update. Look in your manual for the instructions.

Don't have your manual anymore? Try ManualsLib or ManualsOnline, which both have hundreds of thousands of manuals, from routers to refrigerators to anything else you might need.

If there's no firmware update or your router updates but you're still stuck with WPA or WEP, it's time to buy a new router. These encryption methods are too unsafe to use, plus it means your router is probably more than 7 years old.

2. Pros set up an additional separate network

A great tactic is to put visitor devices on a separate network. You do this by setting up a completely different Wi-Fi router or enabling your router's "Guest Network" option, a popular feature for most routers.

Guest networks are meant for visitors to your home who might need a Wi-Fi internet connection, but you don't want them gaining access to the shared files and devices within your network.

This segregation will also work for your smart appliances, and it can shield your main devices from specific Internet-Of-Things attacks.

To avoid confusion with your primary network, set up your guest network with a different network name (SSID) and password. Please make sure you set up a strong and super-secure password on your guest network, as well. You still won't want crooks and strangers mooching off it for security reasons.

Newer routers do this segmentation automatically. With this feature, it allows users to put Internet-of-Things appliances on a separate network, shielding your central computers and other personal gadgets from attacks.

With this virtual zoning of your network, you can still allow all your smart appliances and hubs to communicate with each other while keeping your main computing gadgets safe in the event of an Internet-Of-Things attack.

Also, if you're worried about "wardrivers" or people roaming around looking for Wi-Fi spots to hack, you can disable the broadcasting of your network and your guest network's name (SSID) entirely.

3. Use the free parental controls

To shield your kids from inappropriate sites, most routers have built-in content filters, parental controls and time-based restrictions.

To enable these filters, visit your router's administrator page or app again and look for a section called "Parental Controls" or "Access Controls." Here, you can choose what type of sites to disable access to, set the schedule when the filters are in effect and set curfew hours for certain gadgets.

You can even set filters for specific IP and MAC addresses. The downside of this method is the inconvenience and it takes a bit of technical skill to pull this off. The good thing about this is that you'll have a map of all your connected gadgets and their corresponding IPs.

To take this a bit further, turn on MAC (Multimedia Access Control) filtering. With MAC filtering on, you can specify which MAC addresses will be allowed to connect to your network at certain times. Note: MAC addresses can usually be found in the gadget's settings, label or manual. Look for a set of 16 alphanumeric characters. (Here's an example of what a MAC address will look like: 00:15:96:FF:FE:12:34:56 )

4. Turn on the VPN

You have likely heard of a VPN (Virtual Private Network), which is an excellent way to boost your online security and privacy.

With a VPN, your gadget's IP address is hidden from websites and services that you visit, and you're able to browse anonymously. Web traffic is also encrypted, meaning not even your internet service provider can see your online activity. It is a good way to hide your internet tracks from would-be snoops.

VPN services are typically accessed via software, but some newer routers can be configured with VPN capabilities straight into the router itself. Instead of protecting each gadget protected with its own VPN service, your router will protect every connected device.

Routers with this capability have open source router software support (such as DD-WRT), and they can be configured to use services like OpenVPN.

Currently, there are a variety of open source and OpenVPN capable routers to choose from, but the most popular models are the Linksys AC3200 and the Netgear Nighthawk AC1900.

5. Turn on and test the firewall

One valuable tool that can protect your router from hackers is a firewall. With it, even if they manage to know your router's location and IP address, the firewall can keep them from accessing your system and your network.

Almost every newer router has built-in firewall protections in place. They might be labeled differently, but look for features under your router's advanced settings like NAT filtering, port forwarding, port filtering and services blocking.

With these controls, you can configure and specify your network's outgoing and incoming data ports and protect it from intrusions. Be careful when tweaking your port settings though, since a wrong port setting can leave your router vulnerable to port scanners, giving hackers an opportunity to slip past.

To check if your router's firewall and your ports are secure, you can use an online tool for a quick test.

 

  0 Comments
0 Comments
Continue reading

12 Most Common Phishing Email Subject Lines Cyber Criminals Use to Fool You

The most common subject lines used in phishing emails targeting businesses show how cyber criminals are exploiting urgency, personalisation and pressure in order to trick victims into clicking on malicious links,phishing 3 2019downloading malware or otherwise surrendering confidential or sensitive corporate information.

Cyber criminals are well aware that people respond to dozens if not hundreds of emails a day – and this is reflected in the most common subject lines used when conducting business email compromise attacks.

After analyzing 360,000 phishing emails over a three-month period, researchers at cybersecurity company Barracuda Networks have detailed the most common lines used in phishing attacks – these subject lines are the most common because it's highly likely they're often the most successful bait for reeling in victims.

According to Barracuda's spear phishing report, by far the most common subject line used in attacks is simply 'Request' – accounting for over a third of all the phishing messages analysed. That's followed in popularity with messages containing 'Follow up' or 'Urgent/Important' in the subject line.

The simple trick attackers are using here is to make potential victims think they need to open and respond to the email as a matter of urgency – especially if the message is designed to look as if it comes from one of their colleagues, or their boss. That could nudge the victim into responding quickly, without thinking, especially if it claims to come from a board-level executive.

The top subject lines according to Barracuda analysis are based around the following key phrases:

  1. Request
  2. Follow up
  3. Urgent/Important
  4. Are you available?/Are you at your desk?
  5. Payment Status
  6. Hello
  7. Purchase
  8. Invoice Due
  9. Re:
  10. Direct Deposit
  11. Expenses
  12. Payroll

'Are you at your desk' uses the trick of familiarly to try and coax victims into falling for the attack, while subjects suggesting the email is part of a previous conversation are also used for a similar goal – to trick the user into trusting the sender.

Many of the most-used subject lines also refer to finance and payments; if the recipient thinks they might lose money if they don't respond, they'll likely jump to it. The same also goes for messages about payments – an employee might think it will look bad if they leave somebody without being paid, especially if the request comes from someone who is their senior.

"Increasingly the social element is becoming the key "attack vector" in cybersecurity attacks. In the past, attackers sent ransomware emails, which actually took over the computer and encrypted the files, asking for a ransom," Asaf Cidon, VP for content security at Barracuda Networks told ZDNet.

"But today, they don't even need to send ransomware. They can simply use social manipulation to get the recipient to send a ransom – which is far cheaper, more effective and harder to detect."

To avoid falling victim to phishing attacks, cybersecurity researchers recommend the implementation of DMARC authentication to avoid domain spoofing, along with the deployment of multi-factor authentication to provide users with an extra layer of protection. Those techniques should be combined with user training and the use of security software.

 

  0 Comments
0 Comments
Continue reading

Massachusetts Public Defender System Hit with Ransomware Attack

The Massachusetts Committee for Public Counsel Services (CPCS) is in the process of restoring its systems from backups in the wake of a February ransomware attack. CPCS CIO Daniel Saroff says that the 5aa7983c1f0a6.imageorganization’s network was hit with both a Trojan and ransomware. The organization did not pay the ransom. The attack has caused attorneys who work through CPCS’s bar advocate program to miss a payday. A notice on the website as of Monday evening March 18, says “CPCS’s computer systems have been attacked and are not working properly. We are still representing clients. In addition, there is no evidence that confidential information from clients has been released as a result of these attacks.”

The Massachusetts public defender agency has been unable to access its IT network for weeks, following a cyber attack that forced the shutdown of its email service.

The Committee for Public Counsel Services suffered both a ransomware attack, in which hackers demand money to restore access to data, and a Trojan horse attack in which malicious software is installed on a network, CPCS Chief Information Officer Daniel Saroff told MassLive.

The committee, which employs staff attorneys but also manages the bar advocate program that assigns private lawyers to represent indigent criminal defendants, immediately shut down its servers to prevent further damage, Saroff said.

That has left CPCS unable to pay the bar advocates who handle 80 percent of the public defender caseload in Massachusetts, CPCS told MassLive. CPCS has since cleared the ransomware off its network and is gradually restoring its systems from backup data.

“The comptroller and the courts and executive branch and the legislature have all been extremely supportive of us," CPCS General Counsel Lisa Hewitt said.

CPCS refused to meet the payment demands made by the hackers, both because the committee had backups of its data and because complying with hackers can leave agencies vulnerable to future attacks, Saroff said.

The agency posted a notice on its website on Feb. 28 saying that its email service was down, but at that time did not publicly disclose the hack.

Saroff said that the organization has hired two consulting firms to assist in the recovery and harden its security. CPCS has not identified any data that was stolen, though that remains under investigation.

CPCS has contacted the Massachusetts Attorney General’s Office and the Office of Consumer Affairs and Business Regulation, as is standard protocol following a cyberattack, the committee told MassLive.

CPCS is working with the state comptroller’s office to speed payment to bar advocates, who have so far missed one payday.

“Our office is aware of this and we are reaching out to gather more information," a spokesperson for the Office of Attorney General Maura Healey said in a statement.

Resource: https://www.masslive.com/news/2019/03/disney-completes-71b-acquisition-of-much-of-fox-entertainment.html

 

  0 Comments
0 Comments
Continue reading

Wi-Fi 6: Is It Really That Much Faster?

Wi-Fi is about to get faster. That’s great news: faster internet is constantly in demand, especially as we consume more bandwidth-demanding apps, games, and videos with our laptops and phones.Wifi 6

But the next generation of Wi-Fi, known as Wi-Fi 6, isn’t just a simple speed boost. Its impact will be more nuanced, and we’re likely to see its benefits more and more over time.

This is less of a one-time speed increase and more of a future-facing upgrade designed to make sure our speeds don’t grind to a halt a few years down the road.

Wi-Fi 6 is just starting to arrive this year, and there’s a good chance it’ll be inside your next phone or laptop. Here’s what you should expect once it arrives.

WHAT IS WI-FI 6?

Wi-Fi 6 is the next generation of Wi-Fi. It’ll still do the same basic thing — connect you to the internet — just with a bunch of additional technologies to make that happen more efficiently, speeding up connections in the process.

HOW FAST IS IT?

The short but incomplete answer: 9.6 Gbps. That’s up from 3.5 Gbps on Wi-Fi 5.

The real answer: both of those speeds are theoretical maximums that you’re unlikely to ever reach in real-world Wi-Fi use. And even if you could reach those speeds, it’s not clear that you’d need them. The typical download speed in the US is just 72 Mbps, or less than 1 percent of the theoretical maximum speed.

But the fact that Wi-Fi 6 has a much higher theoretical speed limit than its predecessor is still important. That 9.6 Gbps doesn’t have to go to a single computer. It can be split up across a whole network of devices. That means more potential speed for each device.

WI-FI 6 ISN’T ABOUT TOP SPEEDS

Instead of boosting the speed for individual devices, Wi-Fi 6 is all about improving the network when a bunch of devices are connected.

That’s an important goal, and it arrives at an important time: when Wi-Fi 5 came out, the average US household had about five Wi-Fi devices in it. Now, homes have nine Wi-Fi devices on average, and various firms have predicted we’ll hit 50 on average within several years.

Those added devices take a toll on your network. Your router can only communicate with so many devices at once, so the more gadgets demanding Wi-Fi, the more the network overall is going to slow down.

Wi-Fi 6 introduces some new technologies to help mitigate the issues that come with putting dozens of Wi-Fi devices on a single network. It lets routers communicate with more devices at once, lets routers send data to multiple devices in the same broadcast, and lets Wi-Fi devices schedule check-ins with the router. Together, those features should keep connections strong even as more and more devices start demanding data.

OKAY, SO HOW FAST IS EACH DEVICE?

Unfortunately, there’s no easy answer here.

At first, Wi-Fi 6 connections aren’t likely to be substantially faster. A single Wi-Fi 6 laptop connected to a Wi-Fi 6 router may only be slightly faster than a single Wi-Fi 5 laptop connected to a Wi-Fi 5 router.

The story starts to change as more and more devices get added onto your network. Where current routers might start to get overwhelmed by requests from a multitude of devices, Wi-Fi 6 routers are designed to more effectively keep all those devices up to date with the data they need.

Each of those devices’ speeds won’t necessarily be faster than what they can reach today on a high-quality network, but they’re more likely to maintain those top speeds even in busier environments. You can imagine this being useful in a home where one person is streaming Netflix, another is playing a game, someone else is video chatting, and a whole bunch of smart gadgets — a door lock, temperature sensors, light switches, and so on — are all checking in at once.

The top speeds of those devices won’t necessarily be boosted, but the speeds you see in typical, daily use likely will get an upgrade.

Exactly how fast that upgrade is, though, will depend on how many devices are on your network and just how demanding those devices are.

HOW DO I GET WI-FI 6?

You’ll need to buy new devices.

Wi-Fi generations rely on new hardware, not just software updates, so you’ll need to buy new phones, laptops, and so on to get the new version of Wi-Fi.

To be clear: this is not something you’ll want to run out to the store and buy a new laptop just to get. It’s not that game-changing of an update for any one device.

nstead, new devices will start coming with Wi-Fi 6 by default. As you replace your phone, laptop, and game consoles over the next five years, you’ll bring home new ones that include the latest version of Wi-Fi.

There is one thing you will have to make a point of going out and buying, though: a new router. If your router doesn’t support Wi-Fi 6, you won’t see any benefits, no matter how many Wi-Fi 6 devices you bring home. (You could actually see a benefit, though, connecting Wi-Fi 5 gadgets to a Wi-Fi 6 router, because the router may be capable of communicating with more devices at once.)

Again, this isn’t something worth rushing out and buying. But if your home is packed with Wi-Fi-connected smart devices, and things start to get sluggish in a couple years, a Wi-Fi 6 router may be able to meaningfully help.

WHAT MAKES WI-FI 6 FASTER?

There are two key technologies speeding up Wi-Fi 6 connections: MU-MIMO and OFDMA.

MU-MIMO, which stands for “multi-user, multiple input, multiple output,” is already in use in modern routers and devices, but Wi-Fi 6 upgrades it.

The technology allows a router to communicate with multiple devices at the same time, rather than broadcasting to one device, and then the next, and the next. Right now, MU-MIMO allows routers to communicate with four devices at a time. Wi-Fi 6 will allow devices to communicate with up to eight.

You can think of adding MU-MIMO connections like adding delivery trucks to a fleet, says Kevin Robinson, marketing leader for the Wi-Fi Alliance, an internationally backed tech-industry group that oversees the implementation of Wi-Fi. “You can send each of those trucks in different directions to different customers,” Robinson says. “Before, you had four trucks to fill with goods and send to four customers. With Wi-Fi 6, you now have eight trucks.”

The other new technology, OFDMA, which stands for “orthogonal frequency division multiple access,” allows one transmission to deliver data to multiple devices at once.

Extending the truck metaphor, Robinson says that OFDMA essentially allows one truck to carry goods to be delivered to multiple locations. “With OFDMA, the network can look at a truck, see ‘I’m only allocating 75 percent of that truck and this other customer is kind of on the way,’” and then fill up that remaining space with a delivery for the second customer, he says.

In practice, this is all used to get more out of every transmission that carries a Wi-Fi signal from a router to your device.

WI-FI 6 CAN ALSO IMPROVE BATTERY LIFE

Another new technology in Wi-Fi 6 allows devices to plan out communications with a router, reducing the amount of time they need to keep their antennas powered on to transmit and search for signals. That means less drain on batteries and improved battery life in turn.

This is all possible because of a feature called Target Wake Time, which lets routers schedule check-in times with devices.

It isn’t going to be helpful across the board, though. Your laptop needs constant internet access, so it’s unlikely to make heavy use of this feature (except, perhaps, when it moves into a sleep state).

Instead, this feature is meant more for smaller, already low-power Wi-Fi devices that just need to update their status every now and then. (Think small sensors placed around a home to monitor things like leaks or smart home devices that sit unused most of the day.)

WI-FI 6 ALSO MEANS BETTER SECURITY

Last year, Wi-Fi started getting its biggest security update in a decade, with a new security protocol called WPA3. WPA3 makes it harder for hackers to crack passwords by constantly guessing them, and it makes some data less useful even if hackers manage to obtain it.

Current devices and routers can support WPA3, but it’s optional. For a Wi-Fi 6 device to receive certification from the Wi-Fi Alliance, WPA3 is required, so most Wi-Fi 6 devices are likely to include the stronger security once the certification program launches.

WI-FI 6 IS JUST GETTING STARTED

Devices supporting Wi-Fi 6 are just starting to trickle out. You can already buy Wi-Fi 6 routers, but so far, they’re expensive high-end devices. A handful of laptops include the new generation of Wi-Fi, too, but it’s not widespread just yet.

Wi-Fi 6 will start arriving on high-end phones this year, though. Qualcomm’s latest flagship processor, the Snapdragon 855, includes support for Wi-Fi 6, and it’s destined for the next wave of top-of-the-line phones. The Snapdragon 855’s inclusion doesn’t guarantee that a phone will have Wi-Fi 6, but it’s a good sign: Samsung’s Galaxy S10 is one of the first phones with the new processor, and it supports the newest generation of Wi-Fi.

The inclusion of Wi-Fi 6 is likely to become even more common next year. The Wi-Fi Alliance will launch its Wi-Fi 6 certification program this fall, which guarantees compatibility across Wi-Fi devices. Devices don’t need to pass that certification, but its launch will signify that the industry is ready for Wi-Fi 6’s arrival.

 

  0 Comments
0 Comments
Continue reading

What It Means When Microsoft Stops Supporting Your Version of Windows

Microsoft only supports each version of Windows for so long. For example, Windows 7 is currently in “extended support” until January 14, 2020, after which Microsoft will no longer support it. Here’s what that means.Windows 7

No More Security Updates

When Microsoft stops supporting a version of Windows, Microsoft stops issuing security updates for that operating system. For example, Windows Vista and Windows XP no longer receive security updates, even if substantial security holes are found in them.

On January 14, 2020, the same will be true for Windows 7. Even if people discover huge security holes that affect Windows 7, Microsoft won’t issue you security updates. You’re on your own.

Sure, you can run antivirus tools and other security software to try protecting yourself, but antivirus is never perfect. Running software with the latest security updates is important, too. Antivirus is just one layer of defense. And even security programs will gradually drop support for older versions of Windows.

Microsoft will keep making security updates for Windows 7, even though you can’t get them. Large organizations can sign “custom support” contracts to keep getting security updates for a period while they transition to a new operating system. Microsoft ratchets up the price going forward to encourage those organizations actually to move to a new version of Windows. The same thing happened with Windows XP.

Software Companies Stop Supporting It Too

When Microsoft ends support for an operating system, that’s also a signal to other software and hardware companies. They’ll stop supporting that older version of Windows with their own software and hardware, too.

This doesn’t always happen immediately, but it does eventually. For example, Windows XP support ended on April 8, 2014. But Chrome didn’t stop supporting Windows XP until April 2016, two years later. Mozilla Firefox stopped supporting Windows XP in June 2018. Steam will officially drop support for Windows XP and Windows Vista on January 1, 2019.

It may take a few years—as it did with Windows XP—but third-party software will gradually drop support for Windows 7 after the end of support date.

Software companies dropped support for Windows Vista more quickly, as it was much less popular than Windows XP.

New Hardware May Not Work

New hardware components and peripherals will stop working on your system, too. These need hardware drivers, and manufacturers might not create those hardware drivers for your old, out-of-date operating system.

The latest Intel CPU platforms don’t even support Windows 7 and 8.1 right now, although those operating systems are technically still in “extended support” today. It’s already beginning, and Microsoft is still supporting Windows 7!

Sure, you can keep using your old operating system with your current software and hardware, but you have no guarantees of future updates or compatibility.

When Will Microsoft End Support

Technically speaking, there are multiple types of “support.”

Normal consumer versions of Windows 10—that is, Windows 10 Home and Windows 10 Pro—receive feature updates every six months. Those updates are then “serviced” for 18 months. That means they’ll receive security updates for eighteen months, but you can always get more security updates by updating to the next release. Windows 10 automatically installs these new releases, anyway.

But, if you’re still using Windows 10’s Creators Update for some reason, Microsoft stopped supporting it on October 9, 2018, because it was released on April 5, 2017.

Businesses using Enterprise and Education editions have the option of using some of these updates for longer. In Windows 10 parlance, they’re “serviced” for longer. Organizations using Windows 10 LTSB have even longer support periods.

Things are a bit different with older versions of Windows. Windows 7 left “mainstream support” on January 13, 2015. This means that Microsoft stopped non-security updates. In extended support, Windows 7 is just receiving security updates. Those will stop on January 14, 2020. (Note that Windows 7 only receives security updates if you’ve installed Service Pack 1.)

Windows 8.1 left mainstream support on January 9, 2018, and will leave extended support on January 10, 2023.

You Should Upgrade Rather Than Using an Unsupported Windows

We don’t recommend using a release of Windows that’s no longer supported by Microsoft. It’s just not secure.

We recommend upgrading to a newer version of Windows. Don’t like Windows 10? Well, then consider switching to Linuxtrying out a Chromebook, or buying a Mac.

By the way, while Windows 7 only has until January 14, 2020, you can still upgrade to Windows 10 for free from Windows 7 or 8 with this trick.

Resource: https://www.howtogeek.com/392976/what-it-means-when-microsoft-stops-supporting-your-version-of-windows/

 

  0 Comments
0 Comments
Continue reading
TOP