The Top 25 Easy To Guess Passwords

Easily guessable internet passwords don’t just let you in, they let hackers in too! That’s why it’s time you knew the worst passwords you can possibly choose (and avoided them!). To make it easier for you, here’s a list of the worst passwords of 2011 (Go through it, and while you are at it, don’t forget to thank SplashData, which has created the rankings based on millions of stolen passwords posted online by hackers).

  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123
  6. monkey
  7. 1234567
  8. letmein
  9. trustno1
  10. dragon
  11. baseball
  12. 111111
  13. iloveyou
  14. master
  15. sunshine
  16. ashley
  17. bailey
  18. passw0rd
  19. shadow
  20. 123123
  21. 654321
  22. superman
  23. qazwsx
  24. michael
  25. football

If you happened to spot your password in the list, change it ASAP. And the next time you are creating a password, make sure it meets the following criteria.

  • Your password should be a combination of various characters that range from numbers to letters to special characters.
  • It should contain eight characters or more. And don’t forget to separate short words with spaces or underscores.
  • Most important of all, don’t use the same password and username combination for multiple websites. If you have problem keeping track of all your accounts, you should probably use an online password manager.

Trust us; having your accounts compromised is a trouble that is much bigger than choosing secure passwords.

Is your Orlando business WiFi network secure?

Tired of myths that surround Wi-Fi? Here are some do’s and don’ts of Wi-Fi security (and some serious myth busting, too!):

The Don’ts:

  1. Don’t use WEP: Do not use Wired Equivalent Privacy (WEP) security …at all. Its underlying encryption can be broken so quickly and so easily that even the most inexperienced of hackers can get you. Instead, upgrade to WPA2 (Wi-Fi protected access) with 802.1X authentication 802.11i. And don’t worry even if you have legacy clients or access points that don’t support WPA2; you can always try firmware upgrades or simply replace the equipment.
  2. Don’t use WPA/WPA2-PSK: If you run a business or an enterprise, you should not be using the pre-shared key (PSK) mode of WPA and WPA2 security. Really, it is really unpractical. If you didn’t already know, when using this mode, the same pre-shared key must be entered into each client, which means the PSK would need to be changed each time an employee leaves and when a client is lost or stolen.
  3. Don’t trust hidden SSIDs: Disabling the SSID broadcasting of access points will hide your network, or at least the SSID, making it harder for hackers, right? Wrong! Disabling the SSID only removes the SSID from the access point beacons and not from the 802.11 association request, and sometimes, the probe request and response packets as well. So there is every chance of a “hidden” SSID being discovered fairly quickly and thus hacked into. Your network has a higher chance of being hacked if it is busy a one with a legitimate wireless analyzer.

Sure, they might say disabling SSID broadcasting provides another layer of security. It does, however, have its own set of negative impacts on the network configuration and performance. Besides having to manually input the SSID into clients (and thus, complicating client configuration), disabling SSID would also cause an increase in probe request and response packets, decreasing available bandwidth.

  1. Don’t trust MAC address filtering: Enabling MAC address filtering adds another layer of security, controlling which clients can connect to the network. This is yet another myth. Well, it does have some truth to it, but if you look at the big picture (of overall security, that is), it isn’t exactly true. Eavesdroppers can easily monitor the network for authorized MAC addresses and then change their computer’s media access control (MAC) address. So, clearly, implementing MAC filtering isn’t going to do much for security.
  2. Don’t forget about protecting mobile clients: Mobile clients should be protected too. Why, you ask? Because you can always protect users with smartphones, laptops and tablets onsite, but what can you do when they connect to Wi-Fi hotspots or to their wireless router at home? Becoming hopeless, of course, isn’t the solution. You should instead try to secure their other Wi-Fi connections as well. This can definitely prevent intrusions and eavesdropping.

So, the first thing you need to do is make sure that all laptops and netbooks have a personal firewall (such as Windows Firewall) active to prevent intrusions. This can be enforced via Group Policy if running a Windows Server or using a solution such as Windows Intune to manage non-domain computers.

Also make sure the user’s Internet traffic is encrypted from local eavesdroppers while on other networks. You can do this by providing VPN access to your network. Consider outsourced services such as Hotspot Shield or Witopia if you don’t want to use in-house VPN. For iOS (iPhone, iPad, and iPod Touch) and Android devices, you can use their native VPN client. However, for BlackBerry and Windows Phone 7 devices, you must have a messaging server setup and configured with the device in order to use their VPN client.

Don’t forget to secure your Internet-exposed services, too. You should get this done because a user can NOT use the VPN while on a public or untrusted networks. If, for example, you offer email access (client or web-based) outside of your LAN, WAN or VPN, make sure you use SSL encryption to keep any local eavesdroppers at the untrusted network from capturing the user’s login credentials or messages.

The do’s:

  1. Do implement 802.11i: The best security possible with WPA2 is 802.1X, also known as 802.11i and that’s why you should implement it. The EAP (extensible authentication protocol) mode of WPA and WPA2 security uses 802.1X authentication instead of PSKs, which means you will be able to offer each user or client their own login credentials: username and password and/or a digital certificate.

Plus, you don’t have to worry about the encryption keys, either. The actual ones are regularly changed and exchanged silently in the background, thus eliminating the need to change the PSK on each client. All you need to do is modify the login credentials on a central server if you want to change or revoke user access. The unique per-session keys also prevent users from eavesdropping on each other’s traffic which is now possible (and easy!) with tools like the Firefox add-on Firesheep and the Android app DroidSheep.

You need to have a RADIUS/AAA server to enable the 802.1X authentication. For those running Windows Server 2008 and later, consider using the Network Policy Server (NPS), or the Internet Authenticate Service (IAS) of earlier server versions. For those who aren’t, consider the open source FreeRADIUS server.

If you’re running Windows Server 2008 R2 or later, you can push the 802.1X settings to domain-joined clients via Group Policy. If all else fails, consider a third-party solution to help configure the clients.

  1. Do secure 802.1X client settings: Just implementing the EAP mode isn’t enough; you need to secure its settings for the clients since it is vulnerable to man-in-the-middle attacks. Here’s a tip you might find useful; in the EAP settings of Windows, you can enable server certificate validation by selecting the CA certificate, specifying the server address, and disabling it from prompting users to trust new servers or CA certificates. You could also push these 802.1X settings to domain-joined clients via Group Policy or use a third-party solution (Avenda’s Quick1X).
  2. Do use a wireless intrusion prevention system: Hackers don’t just try to gain access to your network; they setup rogue access points or perform denial-of-service attacks too. That’s why you need to implement a wireless intrusion prevention system (WIPS) that detects and combats them. Though the design and approaches of WIPSs vary among vendors, they are generally the same. They monitor the airwaves looking for rogue access points or malicious activity, alertyou and help you possibly stop them. AirMagnet and AirTight Neworks are some of the commercial vendors you can turn to for WIPS solutions. On the other hand, there are also open source options, such as Snort.
  3. Do deploy NAP or NAC: If you want additional control over network access based on client identity and compliance with defined policies, you should deploy a Network Access Protection (NAP) or network access control (NAC) solution. Besides giving you the control you want, these solutions also offer you the functionality to isolate problematic clients and remediation to get clients back within compliance.

You can go for an NAC solution that includes network intrusion prevention and detection functionality too. Make sure it specifically provides wireless protection, though. If you are running Windows Server 2008 or later and Windows Vista or later for the clients, you can use Microsoft’s NAP functionality. There are third-party solutions, such as the open source PacketFence, too.

  1. Do limit SSIDs users can connect to: Users may knowingly or unknowingly connect to a neighboring or unauthorized wireless network, opening up their computers to possible intrusion. That’s why you need to filter the SSIDs. For those who use Windows Vista and later, you can use the netsh wlan commands to add filters to those SSIDs users can see and connect to. You could deny all SSIDs except those of your wireless network for desktops. And as for laptops, you could just deny the SSIDs of neighboring networks, while still enabling them to connect to hotspots and their home network.
  2. Do physically secure network components: Unless you want someone to reset an access point to open access, you are going to physically secure your network components too. See to it that access points are placed out of reach; above a false ceiling is a good place or you could mount access points in a secure location and then run an antenna to an optimum spot.

ASysTech are your Orlando business WiFi security specialists. We will work with you and your team to ensure your wireless networks are as secure as possible. Contact us today for a no obligation review of your business network and IT security.

Is Your Orlando Business Data Backed Up?

Many of you have no backup or business disaster recovery strategy in place!

According to a research conducted by Optus, more than half of all Orlando businesses do not have a website! Sounds depressing doesn’t it?

But more depressing than that is the fact that only 21% of the 850 SMBs surveyed actually bothered regularly backing up their data. Out of the 21% who regularly backed up their data, 53% reporting doing it onsite, while just 8% said they did it offsite. Well, it’s great that some SMBs are taking measures to keep their data safe but we have a bone of contention here… is backing up data onsite the right thing to do? We mean, how useful is having data backed up right beside the original data when both of them could be destroyed by a fire or any other natural disaster?

So what should you do? Try cloud-based services instead! They allow you to back up data regularly and your data is stored offsite. Plus, they also allow relatively cheap access to online back-up services. Trust us; there is no time to waste pondering over what to do. Back up your data today, if you haven’t, and choose ASysTech and stop gambling with your backups today? We are your trusted Orlando backup and disaster recovery professionals.

Feds Want Super Cyber Security

Do you have regulators from three or four different federal agencies auditing your network security compliance every single year? If you do, you must know how tiring it is and not to mention, costly too! Because it saps their budgets, regulatory compliance has become a burden for CIOs and CISOs lately. Take for example a speaker at the SINET Innovation Summit in Boston last week who said his agency spends 40% of its budget on complying with regulations. It’s more for others! But thanks to recommendations from a congressional task force set up by House Speaker John Boehner in June, you will be able to cut back the number of annual audits to just one, meaning you’ll be able to save more time and money!

The congressional task force recommends a super standard that would incorporate cyber security mandates issued by disparate agencies into a single set of standards that would satisfy all their requirements.

So what other recommendations has the congressional task force made? Read on to find out:

  • The government should have someone else do the investigation of cyber attacks. That’s the only way it will ever be able to get the big picture. For this, the task force recommends that an organization (which is separate from the government) be set up; it should gather data on cyber attacks for government and private groups for the government to tap into when it needs a picture of ongoing cyber activity threatening critical infrastructure. The organization would also respond to ever changing threats in a timely manner, something that the government is too slow to do. In other words, the role of the government should be limited. Similar thoughts were expressed at the SINET Innovation Summit.
  • There should be a set of incentives that encourage businesses to do the right thing to defend their networks against cyber attacks. The task force’s report recommends that incentives such as reducing data-breach liability, tax credits, insurance breaks and tying government grants to cyber-compliance be considered. Extending or expanding tax credits such as the current research and development credits so that it includes cyber-upgrades is yet another possible incentive. While giving out grants to businesses, Congress could require compliance with minimum cyber security protection standards if the grants pertain to national security, law enforcement and critical infrastructure.
  • Congress should look into whether insurance companies could encourage better cyber security among policy holders. The task force didn’t seem to know how insurance companies handle this, though. But it did recommend finding out.
  • Further regulation may be warranted in cases of industries that control critical infrastructure, but the new requirements be kept light. Businesses directly involved in these critical areas should contribute to developing these additional standards, according to the report. Plus, if businesses comply and are breached anyway, their liability should be reduced by virtue of compliance.
  • Investigating into whether it makes sense for businesses to report more cyber-incidents than they are required to under current laws with the goal “to improve both law enforcement response and protection of critical infrastructure.” Rather than just reporting incidents in which personally identifiable information such as credit card numbers are stolen, businesses might also have to report when intellectual property was stolen.
ASysTech works with Orlando business to ensure that all their business and personal information is completely secure. Speak with us today about our IT security services.

Systems Engineer At ASysTech Expands Microsoft 365 Knowledge With Recent Training

Continuing education in the Information Technology (IT) field is critical to keeping up with new and innovative releases of hardware and software as they appear in the marketplace. Leo Vieira, Systems Engineer at ASysTech, gained invaluable knowledge and expertise on Microsoft 365 deployment strategies during recent training that took place in Miami.

With the recent global release of Microsoft Office 365 by Microsoft, new learning opportunities for Information Technology (IT) specialists everywhere opened up. Such was the case with Leo Vieira, Systems Engineer at ASysTech, Inc.

Mr. Vieira jumped at the chance when training opened up in the last week of September for O365 Deployment Training for Partners. The 3-day workshop that was held in Miami was focused on Office 365 deployment capabilities. Leo Vieira gained an in-depth look into the planning, preparing and migrating phases of deployment for this latest software that includes the Microsoft Office suite of desktop applications and hosted versions of Microsoft’s Server products.

The intense training was centered around the two separate modules of gathering information and developing strategies for deploying Office 365 service offerings and successfully configuring Office 365 SharePoint and Lync, with plenty of time in between sessions to reflect and build upon the learning gained from the previous lectures and discussions.

As a Microsoft Office 365 partner, ASysTech is uniquely positioned to offer Orlando business IT support to small to medium-sized businesses who are contemplating switching to Microsoft Office 365. As the number of business owners and managers decide to make that all-important change-over, the call for qualified support will increase dramatically. This places Mr. Vieira at an advantage for sharing the knowledge and expertise he has gained from the deployment training. “The training has definitely been a worthwhile investment for ASysTech to make on my behalf,” said Leo Vieira. “For that, I thank management, in particular Rick Hardin, for making the decision to send me to the 3-day training.”

ASystech is a leading provider of managed services to small and medium-sized businesses at an economical price while providing exceptional quality. The company is well-known for offering the best IT services and tech support packages that Orlando and Central Florida businesses can utilize. As a matter of fact, they recently came out with a new trial invitation on Microsoft Office 365 for those business owners and managers that are interested.

###

About the Company: If your business can’t justify the expense of full-time IT staff, we provide the perfect solution: A managed IT services package, which provides you with access to our managed service provider specialists for all your IT needs.

To get your free consultation and find out how ASysTech can make your technology worry-free, call 407-647-7787 or contact us to see how more than 50 years of industry experience can benefit your business. We make I.T. work!