chromebooksChromeBooks

Google has released a low cost operating system installed on laptops called a Chromebook. The Chromebook has been around for about 2 years, but it seems to be gaining in popularity especially in schools.

The Chromebook integrates with Google Apps for Enterprises or Education. You can push certain settings down, and have email and Google docs setup.

What I like about the device is the low cost and the ease of use. You just need a google account and you can log-on to the device. You then have access to a web browser, Google docs and Gmail.

If you have a Google Apps for Education or Google Apps for Enterprise account, you can manage the Chromebooks from a central console.

The other item I like is the device is a low risk for viruses at this time.

If you are looking for a simple device with a web browser and basic document creation, the Chromebook is the device for you.

software-update-iconMaintaining a Security Posture

I have just completed another penetration test and I am amazed at the lack of a security focus that still exists. One of the first and foremost things I always seem to find is default directories and help files on webservers. These are not needed and give hackers an extra clue of what is running on the webserver.

The other item that I find quite often is open source software that is not updated. Products such as PHP, Apache and WordPress are great applications, but they are not without security issues. You need to make sure you are updating those programs, as Windows will not update them automatically. Each of these programs have had some serious security vulnerabilities in the past few years that are now patched.

The final item I also seem to find is “test” or abandoned programs. These are test programs that are not removed and are forgotten. Sometimes these programs expose more than they should, and should not be installed on a production web server.

You cannot just setup a webserver, install software, and forget it. You will need to make sure you are patching it and any additional software that exists. You will also need to perform an audit from time-to-time to ensure that you are catching everything you need.

metasploit-logoTool of the Month – Metasploit

Sometimes it is a new device and sometimes a useful tool.

Metasploit is an open source vulnerability scanner and penetration testing tool. It can be installed on Windows with a program called BackTrack.

The tool allows you to easily scan and attempt to find vulnerable servers. Once you find it, you can run numerous tools and scanners against it.

If you are looking for a great, free tool for vulnerability/penetration testing, Metasploit is the tool for you.

techTipOfTheMonth2

Periodically Check Your Credit Report Online

You can get a copy of your credit report from the three major credit bureaus every year. (Federal law gives you the right to one free credit report from the three credit bureaus: Equifax, Experian, and TransUnion — http://www.ftc.gov/bcp/conline/pubs/credit/freereports.htm.)

You should consider checking those reports to make sure everything on your credit report is accurate. You can also stagger the request so you can get a report once every four months. It is a good way to watch for identity theft or for inaccurate information on your credit.

iPad Mini GiveawayWin an iPad Mini

We at TBJ are looking to grow our business and we would like to enlist your help in finding clients who might benefit from our services.  For any qualified leads that result in a meeting, you will be entered into a quarterly drawing to win an iPad Mini. Our best leads come from referrals and we would like to reward you.

If you know of someone that you network with that could benefit from our services, use the form below or email us at sales@tbjconsulting.com

If you have a referral, please Enter the Details Here

Computer-GuyFinal Thought of the Month – Internal Security and End Users

The world has changed. Most people used to be concerned about people hacking into their network. I think that has changed. My bigger concern these days is internal security and your end users. With Facebook coupon websites and the additional various methods that people use to access the internet, it is easy for them to be tricked to click on something they are not supposed to. That would expose their machine to malware/spyware, bypassing your security posture.

Also, most remote offices lack security. How easy would it be to act like an AT&T repair man and gain access to the server room? Once in that room, how difficult would it be to plug in a device that would bypass your firewall?

My suggestion is to start a security awareness program for your end users to educate them about the various security threats that exist. This will help keep your network secure and benefit your end users.

You should also put a “default deny” on your firewall for people or devices that are not identified. That will help protect you from someone plugging in and gaining internet access.

Another approach is a NAC (Network Access Control) product that can identify who is and is not a trusted user.

The people attempting to compromise your network are getting smarter. They are going after the weakest link: the human behind the keyboard.

TBJ Monthly Word Find

Solve Our Word Find And You Could Win a $25 Dollar Gift Card

We have these simple rules:

  • One entry per person per month
  • One winner each month
  • Contest Closes on September 29th, 2012

All entries with correct answers will be entered into a Random draw that will determine the winner.

You can submit your crossword puzzle:

Correct answers will be featured in the TBJ Newsletter.