Tier1Net welcomes Virakmony “Richie” Richard to the team! Our newest Junior Help Desk engineer is pursuing a degree in Information Technology with an emphasis on Cyber Security. He has been building computers with his dad since he was 7 years old and comes to us with a range of interests that include hardware configurations, software deployment,  programming, and gaming.  We are very excited to have him here at Tier1Net.

With the widespread adoption of Windows 10 Microsoft has changed its former strategy of releasing new Operating Systems every few years.  In its place they have moved to a new strategy named Windows-as-a-Service.  With Windows-as-a-Service Microsoft will continuously update Windows 10 with feature updates.  These feature updates will be released twice a year, usually around March and September, and are more than a typical Windows Update as they include additional Operating System functionality and enhancements.

Consequently, Tier1Net will automate the deployment of Windows 10 feature updates to its customer’s devices via its patch management services.  This will ensure Operating Systems stay current and continue to receive monthly security patches from Microsoft.  As these updates are significant its possible that end users may notice several changes with each new release.  Also, end users may notice that their PC takes several minutes to log on once a feature update has been installed.  The updated PC will post a notification to the user and it is critical that the PC be allowed to complete the update without interruption.With this new strategy Microsoft has also reduced the number of years it will support a version of Windows 10.  As each new version is released it has a support lifetime of only 12-18 months.  With the end of a particular Windows 10 version’s support Microsoft will no longer release new security patches or updates.  As such it is critical to keep all instances of Windows 10 current.

For more information on Microsoft Windows-as-a-Service see https://docs.microsoft.com/en-us/windows/deployment/update/waas-overview

 

 

 

 

 

 

 

 

 

 

 

Tier1Net is proud to announce that we have expanded our team to include a dedicated Finance Associate. We recently hired Pat O’Donnell for this exciting new position. Pat has a degree in Economics from Merrimack College and experience with Accounting and Customer Relations.  In the coming months Pat will be working to streamline our purchasing, renewal and invoicing processes to better serve all of our wonderful clients.

Background

Tier1Net has been notified by its preferred Certificate Authority, Thawte, that all SSL certificates must be reissued and validated by its new parent company, Digicert.

Impact

Impacted SSL certificates are still secure and are not vulnerable to any exploits.  If the SSL certificate were not reissued it would simply post a certificate error when loaded within Google’s Chrome web browser.

Next Steps

In the coming weeks Tier1Net will be reissuing the appropriate SSL certificates on your behalf.  Prior to reissuing the SSL certificate a Tier1Net engineer will notify of you that a Digicert representative may contact you to validate the reissued SSL certificate.

For more information on this issue please click here.

Should you have any questions or concerns please open a ticket with Tier1Net by emailing help@tier1net.net and reference Master Ticket # 81113.

Thank You,
Tier1Net Support
781-935-8050
www.tier1net.com

 

 

 

 

 

 

Tier1Net would like to share the latest available information on the Spectre and Meltdown vulnerabilities.  First and foremost, it is important to note that there are still no known exploits actively targeting the vulnerabilities.

 

Firewall Layer

Tier1Net’s preferred firewall vendor, Sonicwall, has confirmed it has deployed antivirus and intrusion prevent signatures which will protect against attempted Spectre and Meltdown attacks.  These antivirus and IPS updates have already deployed to Tier1Net’s cloud and customer networks.

 

Patch Status

Tier1Net is actively tracking the status of patches as they are released.  Once released Tier1Net will evaluate patches for stability before releasing them for install.  A Tier1Net representative will contact you if it is determined that the installation of a particular patch requires manual intervention or a maintenance window.  Tier1Net recommends that its customers take immediate action to update their iPhone and Android devices using the Knowledgebase articles documented below.

To review the status of patches being released please see the following vendor list.

Microsoft

Microsoft has already released patches for the latest version of Windows 10 as well as patches for its web browsers, Internet Explorer and Edge.  With regards to older versions of Windows Microsoft will be releasing those patches this week.  PCs and servers within Tier1Net managed networks will automatically receive the patches via Tier1Net’s Windows Update service.

PCs not managed by Tier1Net (for example, personal use and home PCs) will automatically receive patches as long as they have been enabled to receive updates via Microsoft’s Windows Update service.  Please see the following for further information on enabling Microsoft’s Windows Update service: https://support.microsoft.com/en-us/help/12373/windows-update-faq

Apple

Apple has released iPhone iOS version 11.2.2 which includes code mitigating the Meltdown and Spectre vulnerabilities.  Tier1Net recommends installing the updates as soon as possible.  Please see the following KB detailing the steps required to update an iPhone’s iOS:  https://tier1net.itglue.com/DOC-1500653-1490177

Google

Google patched Android against Meltdown and Spectre in a January security update.  The specific availability of this update is based on the Android device manufacturer’s approval of the update.  Tier1Net recommends checking for and installing the most recent updates available as soon as possible.  Please see the following KB detailing the steps required to update an Android device:   https://tier1net.itglue.com/DOC-1500653-1490202

Google is also releasing an update for its Chrome web browser in the coming days which will obstruct attempts to exploit the Meltdown and Spectre flaws.  Chrome will automatically install the latest available version when the browser is launched.

Mozilla

Mozilla has released an update for Firefox to mitigate against Meltdown and Spectre.  The update will be installed automatically when the browser is launched.

VMware

VMware has released patches for its ESX hypervisor to address the Spectre and Meltdown vulnerabilities.  The ESX hypervisor typically operates on server hardware and is responsible for running virtual instances of Windows servers.  Tier1Net is in the process of evaluating these patches and will deploy them to its cloud and customer networks once patch stability has been fully confirmed.

 

Performance Concerns

There have also been reports of patches negatively impacting a device’s CPU performance once installed.  The initial reports of the performance impacts may have been overstated with conflicting reports on observed performance impact.  Microsoft has warned users of older PCs of a possible performance impact once patches are installed.  Regarding servers, any impact to performance is load dependent and may be further reduced by a new discovery made by Google researchers.

 

 

 

 

 

 

Introduction

Details on two security vulnerabilities impacting nearly all modern Operating Systems and Hardware were made public yesterday.  At this time new details are still emerging with many questions still unanswered.  Tier1Net has been evaluating information as it has been released and would like to share its findings with you.

Technical Information

The vulnerabilities have been named Meltdown and Spectre with Meltdown being the more serious of the two.  Based on current public information Meltdown impacts all devices running Intel CPUs while Spectre impacts nearly all CPUs made in the last 20 years including Intel and AMD.  A successful exploit of either would allow a bad actor or malicious program to read data as it passes from an Operating System to the CPU and back again.  This includes passwords and other sensitive data.  Spectre is less serious as it is much more difficult to exploit than Meltdown.  For further technical information please visit https://meltdownattack.com

Steps Being Taken by Tier1Net

As with all major security vulnerabilities there are a lot of news headlines sensationalizing the impact.  At this time there are no known exploits in the wild.  Furthermore, Tier1Net deploys multiple security layers to both its own internal and hosted infrastructures as well as client supported networks to greatly reduce the exploit risk of any single vulnerability.

With that in mind, Tier1Net is still taking all appropriate steps to address these vulnerabilities as quickly as possible.  Microsoft has released several patches via its updating service to mitigate the risk within its Windows Operating Systems while other patches from other vendors are still in development.  In the coming days and weeks Tier1Net will be testing and deploying patches as they become available with the goal of balancing security, vulnerability and stability.

Additional Information:

https://nakedsecurity.sophos.com/2018/01/03/fckwit-aka-kaiser-aka-kpti-intel-cpu-flaw-needs-low-level-os-patches/

https://www.pcworld.com/article/3245606/security/intel-x86-cpu-kernel-bug-faq-how-it-affects-pc-mac.html

https://www.theverge.com/2018/1/4/16848976/how-to-protect-windows-pc-meltdown-security-flaw

A vulnerability in the WiFi WPA2 security protocol which was discovered several months ago was made public earlier today.  The vulnerability named KRACK impacts the underlying WiFi WPA2 security protocol itself so all devices that interact with a WiFi network are potentially vulnerable.  This includes mobile phones, laptops and IoT devices (e.g., Alexa, Nest, etc).  To exploit the vulnerability a 3rd party would need to be within range of the wireless network to which a device is connected.  If exploited the vulnerability would allow a 3rd party to intercept and read traffic originating from a device and potentially inject malicious code into that traffic.  However, the 3rd party would NOT be able to read or inject code into any traffic that was sent over an encrypted session such as a HTTPS secured website or a VPN connection.  Furthermore, though the vulnerability has been made public, the code in which to exploit it has not been made public so there is little risk of widespread attacks.

Vendors were alerted of this vulnerability when it was first discovered in August and some have already released patches.  Apple and Microsoft devices are much less likely to be exploited due to the way in which they implement the WPA2 protocol.  Both have also issued statements that they have already patched the issue within their respective Operating Systems.  Google has acknowledged its aware of the issue but will not have a patch for its Android OS for several weeks.  Tier1Net is currently working with its WiFi vendor partners to obtain and deploy patches to Wireless Access Points as they become available.

In the meantime, Tier1Net recommends avoiding public WiFi hotspots unless your respective device is running the latest version of its Operating System with all appropriate security patches installed.  For a full list of vendors and their patch release dates please see: http://www.kb.cert.org/vuls/id/228519

For more information or assistance please contact Tier1Net Support at 781-935-8050 or at HELP@TIER1NET.NET.

A new Ransomware attack named GoldenEye is rapidly spreading throughout Europe and Asia shutting down businesses and government networks alike.

Details are still emerging but experts believe the GoldenEye Ransomware attack is exploiting the same Windows vulnerabilities that were targeted by the WannaCry ransomware attack.  Microsoft released a patch to this vulnerability in March which was distributed to all potentially vulnerable PCs and servers via Tier1Net’s Windows Update services.

Nonetheless, it is possible this new Ransomware variant can exploit heretofore unknown exploits within Windows so Tier1Net recommends alerting all employees to be extra vigilant of all emails which request the recipient to click a link within the body of the email.  The GoldenEye attack has been using common phishing techniques so employees should be warned to suspect even emails coming from supposed trusted sources.

For more information or assistance please contact Tier1Net Support at 781-935-8050 or at help@tier1net.net.

 

 

The WannaCry ransomware is a perfect illustration of an attack which exploits multiple vulnerabilities within a network.

•  First it attempts to trick users into opening ransomware with common email phishing techniques
•  Then it attempts to exploit a Windows vulnerability to encrypt company data and hold it for ransom.
•  Finally it attempts to spread itself by infecting other PCs within the network.

There is no single solution to prevent cybersecurity threats such as WannaCry as they always attempt to expose multiple vulnerabilities within a company.  Tier1Net protects its clients against current and future cybersecurity threats by leveraging a balanced approach of prevention, education and redundancy.

How Do Tier1Net’s Managed Services Prevent Cybersecurity Threats?

Prevention:

•  Emails are scanned for known virus signatures, phishing techniques and potentially dangerous email attachments.
•  Network traffic is scanned at the perimeter by firewalls which examine all incoming and outgoing traffic for viruses and intrusions.
•  Tier1Net’s Managed Workplace solution automatically deploy patches to known vulnerabilities within a network.
•  Tier1net leverages advanced antivirus clients and internal network intrusion detection services to detect and prevent attacks from within the network.

Education: 

•  Tier1Net’s email phishing campaigns educate your employees on common email phishing techniques so they won’t be so easily fooled by the real thing.

Redundancy/Business Continuity:

•  Tier1net’s Disaster Recovery services provide the redundancy necessary to quickly recover from a cybersecurity attack.  Within minutes of an outbreak Tier1Net can quickly restore data from hourly snapshots which run seamlessly to protect corporate data.

It is this multilayered approach to Cybersecurity and data redundancy that Tier1net has specifically designed to prevent attacks and recover quickly should one ever occur.

If you have any questions about the WannaCry ransomware campaign or would like to learn more about Tier1Net’s services please email us at help@tier1net.net or call our office at (781)935-8050.

Thank you.

Tier1Net

Please join us in welcoming Eric Johnson to our Help Desk team!

  
Eric graduated from UMass Lowell with a degree in Information Technology. Eric’s broad range of technical expertise and proven track record of successfully supporting over 100 clients throughout New England for the past five years makes him the perfect addition to our staff.