Lanit Updates 5/2020

Hello Spring?!?!?

Okay, I'm giving in...Multi-factor authentication, AKA; 2FA and MFA. Lots of acronyms in the IT world and here's a couple more.

If you're not aware of what this means it's basically a second authentication method of proving you are who you say you are when logging into your computer network. Not just a second password but a completely different authentication "system" that uses an outside device that's controlled by the user who's trying to log in initially. This is a nice concept to ensure you still have control if your username/password ever gets compromised and gives you time to change your credentials before any harm is done. 

The first generation of 2FA wasn't easy to setup, manage, or to use for the end user and often caused more issues than it solved. That's always been the balance with security, you can have 6 passwords, biometrics, and 3 cell phone notifications to show off how secure you are but if it doesn't work or the "secured" user is worn out by the time they get to their actual work then what good is it really doing. The same goes with complex passwords. Even the Microsoft employee that originally developed the idea of complex passwords has recently stated that it's one of his worst ideas. Passphrases are much more secure and easy to remember. You can have the nuclear code password but that doesn't do any good either since you will more than likely find that user has it saved somewhere either on a posit it or even worse directly in their browser. It's much easier to remember ILike2019FootballSeason! than it is to try and remember $HR^%)#09835oiidfjg90e408**! of course your users aren't going to memorize that so they're going to document it somewhere and it's not any more secure than the passphrase.

Introducing DUO, a 2FA system that's owned by Cisco and that Lanit has recently partnered with for our cloud integration as an option for our customers. This 2FA is as easy as it gets, no codes, no texting, and no phone calls. It's simply an app that loads on your mobile device and gives you two options when logging into Lanit Cloud Services - a large green Approve and a large red Deny button on your mobile device. Very simple to use and very straightforward. The setup is just as easy. Once you receive the registration email it already has your username and email address configured by Lanit so all you have to do is download the DUO app and scan the bar code with your phone that's in the registration email and your done. The next time you log in you will see the large buttons to either approve or deny access. 

It's important to keep in mind that this is just added layer of security for your username and password and doesn't actually do anything to protect your data. If you have concerns about someone compromising your user account or would like to control someone who already knows your account information and when they can access it then this is a great addition. 

In order for Lanit to offer 2FA it had to be easy to use, easy to setup, and security worth the time to implement the system. DUO has matched all three of those categories and is being used for about 60 of our current cloud users with no issues. If this is something you're interested in, as always, please feel free to reach out and I would be happy to discuss it with you.  


Regular IT Meetings


CEO Fraud

CEO Fraud / BEC is a type of targeted attack. It commonly involves a cyber criminally pretending to be your boss, then tricking or fooling you into sending the criminal highly sensitive information or initiating a wire transfer. Be highly suspicious of any emails demanding immediate action and/or asking you to bypass any security procedures and set up a 2FA system such as implementing a policy that requires you to call the requesting person to verify before making any changes or giving any information. 


Security Awareness 

Top 5 Work from Home Steps

By SANS Security Awareness

This may be a little behind in our current work environment but is still good stuff to follow - 

We know that working from home can be new to some of you, perhaps overwhelming as you adjust to your new environment. One of our goals is to enable you to work as securely as possible from home. Below are five simple steps to working securely. The best part is all of these steps not only help secure your work, but they will make you and your family far more safe as you create a cybersecure home.

1. You: First and foremost, technology alone cannot fully protect you – you are the best defense. Attackers have learned that the easiest way to get what they want is to target you, rather than your computer or other devices. If they want your password, work data or control of your computer, they’ll attempt to trick you into giving it to them, often by creating a sense of urgency. For example, they can call you pretending to be Microsoft technical support and claim that your computer is infected. Or perhaps they send you an email warning that a package could not be delivered, fooling you into clicking on a malicious link. The most common indicators of a social engineering attack include

  • Urgency: Someone creating a tremendous sense of urgency, often through fear, intimidation, a crisis or an important deadline. Cyber attackers are good at creating convincing messages that appear to come from trusted organizations, such as banks, government or international organizations. 
  • Policies: Pressure to bypass or ignore security policies or procedures, or an offer too good to be true (no, you did not win the lottery!)
  • Contacts: A message from a friend or co-worker in which the signature, tone of voice or wording does not sound like them.

2. Home Network: Almost every home network starts with a wireless (often called Wi-Fi) network. This is what enables all of your devices to connect to the Internet. Most home wireless networks are controlled by your Internet router or a separate, dedicated wireless access point. Both work in the same way: by broadcasting wireless signals to which home devices connect. This means securing your wireless network is a key part of protecting your home. We recommend the following steps to secure it: 

  • Change the default administrator password:  The administrator account is what allows you to configure the settings for your wireless network. An attacker can easily discover the default password that the manufacturer has provided.
  • Allow only people that you trust: Do this by enabling strong security so that only people you trust can connect to your wireless network. Strong security will require a password for anyone to connect to your wireless network. It will encrypt their activity once they are connected.
  • Make passwords strong: The passwords people use to connect to your wireless network must be strong and different from the administrator password. Remember, you only need to enter the password once for each of your devices, as they store and remember the password.

3. Passwords:When a site asks you to create a password: create a strong password, the more characters it has, the stronger it is. Using a passphrase is one of the simplest ways to ensure that you have a strong password. A passphrase is nothing more than a password made up of multiple words, such as “bee honey bourbon.” Using a unique passphrase means using a different one for each device or online account. This way if one passphrase is compromised, all of your other accounts and devices are still safe. Can’t remember all those passphrases?

Use a password manager, which is a specialized program that securely stores all your passphrases in an encrypted format (and has lots of other great features, too!). Finally, enable two-step verification (also called two-factor or multi-factor authentication) whenever possible. It uses your password, but also adds a second step, such as a code sent to your smartphone or an app that generates the code for you. Two-step verification is probably the most important step you can take to protect your online accounts and it’s much easier than you may think.

4. Updates:Make sure each of your computers, mobile devices, programs and apps are running the latest version of its software. Cyber attackers are constantly looking for new vulnerabilities in the software your devices use. When they discover vulnerabilities, they use special programs to exploit them and hack into the devices you are using. Meanwhile, the companies that created the software for these devices are hard at work fixing them by releasing updates. By ensuring your computers and mobile devices install these updates promptly, you make it much harder for someone to hack you. To stay current, simply enable automatic updating whenever possible. This rule applies to almost any technology connected to a network, including not only your work devices but Internet-connected TV’s, baby monitors, security cameras, home routers, gaming consoles or even your car. 

5. Kids & Guests:Something you most likely don’t have to worry about at the office is children, guests or other family members using your work laptop or other work devices. Make sure family and friends understand they cannot use your work devices, as they can accidentally erase or modify information, or, perhaps even worse, accidentally infect the device.