Security Tips with Captain Security


A vulnerability scan can help identify what vulnerabilities exist on your network. It is wise to run a vulnerability scan at least once a year to help identify what potential vulnerabilities exist and to then patch them. A hacker/attacker of your network will be using a similar tool, if not one of the first tools they use. If you need a vulnerability scan, feel free to contact TBJ.


What is EXIF? It stands for “exchangeable image file format” and it contains information such as shutter speed, ISO speed, and various other information (including, if the device has a GPS, the location of the photo). 
If you are posting this information to the internet, you could be uploading this information with the picture. For example, if you post a picture of your house and sometime later you post you are on vacation. This would be all the information a criminal would need to gain access to your house.


Firewalls have had some major advancements in the last 3-5 years. If you are running an older firewall, it is time you look at an upgrade. Most modern firewalls can scan your traffic for viruses and threats. It can also have URL filtering built right into the device to help keep good employees from going to bad places. Finally, most modern firewalls have the ability to get dynamic updates, allowing you to keep yourself updated against the latest threats.


I have posted this tip before and I am going to post it again: You should really be looking at your router, network switches and firewalls to see if they need a firmware or code upgrade. These devices typically just run and people forget that they need attention from time to time. I would suggest upgrading these devices at least once, if not twice a year.


If you have not heard, a Russian based hacking group has compromised over 1.2 billion usernames and passwords. It is time to change your passwords on critical sites where you perform banking, and on sites that you use for ecommerce.

When you do change your password, it is a good idea to use different passwords for different websites. That way if one gets compromised, you will not have to worry about the other websites being compromised. Find more about the compromise here:


This is one of the ways the advanced persistent threats are being propagated. A link is embedded in an email and it looks to be coming from a credible source. Instead, it is coming from a hacker or a nation state. It is much easier to social engineer someone to click on an email, than to hack a firewall. Once they are on your machine, they can go undetected for years. Make sure you educate your end users on proper internet hygiene. You should also enable malware and malicious website categories on your web filtering product to help prevent you from going to places you should not go.


Windows Server 2003 has been out for quite some time and, while it has been a good operating system, it is time to retire this server. Microsoft has not released a service pack in years for this operating system. They are still releasing security fixes, but that will end in July of 2015. If you are still using Windows Server 2003, you need to come up with a plan to migrate to a more recent operating system. It will save you the rush of having to do it before a deadline when the server will not be patched anymore.


This is not the first time I have sent out this security tech tip. This is something important to do at least once a year. The firewall firmware update will include bug fixes to your firewall. It also might add some new features that will help protect you network better. This is something you should consider doing soon if you have not already done so this year.


In a recent Wall Street Journal Article, a few Symantec Executives stated that Antivirus is dead. (Find the article here.) Antivirus is not dead, it is just not as effective as it once was. Antivirus will still catch viruses, it just won’t catch some of the advanced threats that exist today. To catch advanced threats you will need to invest in new technology. But an antivirus can help keep your machine protected against malware, spyware and root kits. A better quote would have been “Antivirus is not the only layer of defense needed; it is one of many tools you will need.”


I have clients that tell me that a hacker would not want anything on their network. My response is “think again.” Nation states (China, Iran) are using small businesses as a jumping-off point to attack other networks. Think about it: how many people block the China IP address range? By using your network, they avoid being blocked. Also, if you do business with a large business, the hackers might use your network to compromise the large business. Which network is going to be easier to compromise?? Size of business does not matter. You still need to make sure that you have your network secured.