10 IT Security Essentials for your business

When people think IT security, they usually think of it in a negative light. Complexity, expensive, time-consuming – which is simply not true. Practicing good security for your company does not have to be any of these things, and can be accomplished with a well-thought out strategy and implementation that gets you the most bang for your buck. Without further ado, here is a list of the ten things every business should be doing to protect their assets:

  1. Install security patches on an automated, scheduled basis
    • Patching is an easy and simple way to ensure you are protected from the latest threats on your systems. This needs to be done for all PC’s, mobile devices, and network equipment, and servers for your business. This includes operating systems such as Windows or iOS, applications and firmware. Schedule these to occur and protect yourself from the latest threats.
  2. Restrict “Administrator” access to only those that need it
    • Limit the ability of anyone to have access to “everything” – which will prevent destructive ransomware attacks on your data. Consider locking down individual workstations so that software can only be installed and maintained by trusted administrators. Privileged Identity Management is critical for maintaining a secure environment.
  3. Enforce strong passwords and rotation policy
    • Passwords are the keys to your kingdom – you need to make sure they are strong and rotated on a consistent basis. Make sure to rotate these passwords on a consistent basis and don’t forget to change service accounts and network device passwords periodically as well.  If you are using “Guest” wifi access to your network, these passwords need to be rotated as part of this policy.
  4. Segment your network 
    • As any security professional will tell you, no network is 100% secure – so it is important to limit the damage of any intrusion or attack by segmenting your network to limit the ability of an attacker to move laterally inside of your business. At a minimum have a firewall at your perimeter, a DMZ for your internal/external traffic, and proper VLAN’s in place to limit attack vectors. Using NAC (Network Access Control) to segment your network using policy-enforced VLAN’s is a cost-effective means to limit access to your network for insecure endpoints.
  5. Enable multi-factor authentication for your network 
    • End-users are the weakest link to your organization. If a password is stolen or compromised, you need to be able to ensure that there are other requirements to gain access to your systems. Two factor authentication helps prevent the abuse of poor passwords that are reused from other breaches because you now need a second form of authentication to gain access to the network. Two Factor Authentication is the most common method requiring something you know and something you have (ie. a password and a key). Two factor authentication helps prevent the abuse of poor passwords that are reused from other breaches because you now need a second form of authentication to gain access to the network.
  6. Install and maintain endpoint malware/virus detection 
    • Any endpoint that connects to your network (PC, laptop, mobile device, servers) needs to be protected from malware and virus attacks. If the device does not meet endpoint protection requirements , then it should not be allowed on the network (Network Access Control).
  7. Know your environment and what exists on your network
    • The creation of automated network maps that show what exists on your network and where devices are located are critical to understanding the security posture of your environment. You cannot protect what you do not know about.
  8. Inspect your network traffic for any anomalies 
    • You should have a clear understanding of what a baseline of your network traffic looks like and then be able to determine if something is happening that is out of the ordinary. Log analysis and event correlation is critical to determine if a security incident is actively being utilized on your network.
  9. Conduct regular vulnerability assessments and penetration testing
    • In order to ensure the policies and tools you have implemented are working properly, it is important to run a vulnerability assessment of your environment on a scheduled basis. This will let you know of any gaps that exist in your security posture. It is also important to have a regular penetration test to determine if an ethical team of hackers could break into your company which can improve your defenses.
  10. Conduct periodic security training with your employees
    • Educate your employees on the do’s and don’t’s of safe security practices – such as how to identify phishing attempts and malicious links, social engineering detection and how to properly access resources on your network.

 

Greenway Intergy v10.10 upgrade on Windows 8/10

Intergy as a EHR platform has had several different owners, but it is now owned by Greenway Health. Recently we performed an upgrade from version 10.00.00.11 to version 10.10.00.16 for a client and ran into some issues on Windows 8/10 getting the upgrade to work properly.

This particular client runs Intergy as well as Intergy EHR on several workstations across a number of clinics that are connected via MPLS. The RMSS suite from Intergy allows an administrator to schedule the delivery of the update packages in advance to all of the workstations in the environment. Another benefit of using the RMSS suite is that you can schedule downloads to occur at particular times of day in order to not affect normal business traffic. All of this is accomplished through the “DownloadStatus.exe” tool as part of RMSS.  This is useful because the size of the updates and hotfixes are quite large (the 10.10 release was 1.6gb and the hotfix was around 630mb). Using this tool you can verify the successful distribution of the installation files to all of your PC’s in your environment.

Once you have distributed all of the necessary files for your upgrade, you can then use the RMSS suite to kick off the upgrade remotely. In this particular case, Windows 8/10 machines ran into into an issue when attempting to install the 10.10.00.16 hotfix. The installation of the upgrade to 10.10 proceeded without any problems, but once the hotfix began to install, EHR attempted to uninstall the 10.00.00.11 binaries that were no longer on the system. This caused the upgrade process to hang indefinitely without an administrator stopping the process.

The solution in this case was to do the following:

  1. Uninstall Intergy EHR
  2. Re-apply the 10.10.00.16 hotfix
  3. Install EHR 10.10.00.16 from the “ClinicalChart” folder inside of the 10.10.00.16 hotfix directory
  4. Reboot

For a handful of machines, doing this manually is not a huge waste of time – but for larger organizations, using a script to accomplish this would be highly recommended.

Unable to connect to SonicWall L2TP VPN’s on Mac OS X High Sierra

We are big fans of SonicWall devices due to their simplicity to manage and maintain for our clients. “Keep It Simple Stupid” has been a mantra we live by throughout our careers. Our clients use multiple devices and operating systems to connect to their networks, and a good network is flexible in handling any device from any connection at any time.

Some clients may want to connect to their corporate networks from a Mac, and a great way to provide this connectivity without using a SSLVPN license is setting up a L2TP VPN server on your SonicWall. The configuration will be discussed in another blog post, so let’s focus on issues you may have with connecting from a Mac.

“Racoon” is the IPSec application on a Mac that allows you to connect to a VPN and I have seen it become corrupted more times than not, usually by a third-party VPN application such as “Shimo”.   The executable is located at: /usr/sbin/racoon

In order to restore this file from a time machine backup, or to replace this file with a known, working copy, you must first boot into single user mode and disable System Integrity Protection which protects critical operating system files from being replaced. Once you have replaced a critical file, you will need to reboot into single user mode and from the terminal re-enable System Integrity Protection to protect your Mac from future attacks.

  1. Reboot your Mac and press and hold the “Command + R” keys to boot your Mac into recovery mode.
  2. From the “Utilities” menu, click “Terminal”
  3. Type the following commands in the terminal window:
    1. csrutil disable
    2. reboot
  4. Your Mac will then boot normally, and from a Time Machine backup or from a known, working copy of “/usr/sbin/racoon” as root, replace the corrupted file and attempt to connect to your L2TP VPN server.
  5. Once you verify success in your connection, reboot back into single user mode and type the following commands in a terminal window:
    1. csrutil enable
    2. reboot

Your Mac will now have System Integrity Protection turned back on to protect your critical system files.

Block Windows 8/10 Store updates from downloading automatically

One of the items we monitor for our clients is bandwidth utilization and how that affects the performance of their applications and network throughout the day. A feature of Windows 8/10 is the ability to get apps from the Windows Store and then have these apps get updated automatically, which in theory is a great practice, but it can be difficult to manage this centrally for organizations who want to limit the impact of bandwidth throughout the course of business operations.

To correct this issue, we need to place a registry key on each Windows 8/10 device that blocks automatic updates from happening to Windows 8/10 store apps. The key to do this is:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsStore

You need to create a new REG_DWORD value called “AutoDownload” and in the data field: 00000002

This will disable automatic downloads of Windows 8/10 store apps.

In order to roll this out to our client machines, we can use the “reg” command line tool:

reg add HKLM\SOFTWARE\Policies\Microsoft\WindowsStore /v AutoDownload /t REG_DWORD /d 00000002 /f

This command will add the registry key with the appropriate values and force the overwrite of any existing value that may have been there. This command can then be used with many other scripting techniques, such as PSExec, login script, or the reg command itself in order to roll this out across an organization:

REG ADD \\COMPUTER\HKLM\SOFTWARE\Policies\Microsoft\WindowsStore /v AutoDownload /t REG_DWORD /d 00000002 /f

The above command will force the registry key to be placed on the remote computer named “computer” assuming you have the correct permissions to perform the change. This will allow you to control centrally the process of downloading and installing Windows store updates and avoid unnecessary interruptions in available bandwidth during core business hours.

 

Using WMI to retrieve the version of Greenway Intergy software installed remotely

One of the applications we support is Greenway Intergy EHR (Electronic Health Records):

EHR & Practice Management

This application must be installed locally on client machines, and it can be useful to determine the version installed. Of course, you do not want to physically go around to each machine to do this, so let’s come up with a simple script that will accomplish this task.

I have used “PSExec” throughout my career, and for good reason – it is a simple tool that allows an administrator to run remote commands on a Windows device and collect the results centrally. In fact, many commercial management tools use this software as a core component for remote administration. It is a free tool and can be used like so:

psexec \\COMPUTER wmic product where “Name like ‘%%Greenway%%'” get Name, Version >> greenway-report.txt 

The above command will use PSEXEC to call “wmic” – the Windows Management Interface command line tool – on the remote computer “COMPUTER” – to pull the current version of the Greenway software installed and place it in a text file in the current directory called “greenway-report.txt”. There are many options you could use here, such as passing a username/password combination to PSEXEC if your current credentials did not allow you remote access to “COMPUTER”, parsing the text file for particular information using PowerShell or another scripting language, etc – but this should get you started in your adventures in scripting.

Automation is a key component of any properly configured infrastructure and the ability to script redundant and tedious tasks makes a huge difference in how your IT resources are utilized.