Counting Down…

10. Patch .. Update.. Upgrade.. and then Risen & Repeat !

This goes without saying… You need to keep up with your patches. There are tons of Zero Days exploits coming out and yet some of them are not patched right away since they are Zero day but you can still protect yourself from the ones they patched up. There is no excuse of not updating your windows and other software when it comes to patching. Yes you need to update all your other softwares as well since they can be the weakest point in your network. You can have Windows OS patched up to latest version however, a vulnerability found in WinRar or any other software can compromise your whole network.

It also goes without saying that you should not be using any pirated softwares as 99% of the time they have some kind of backdoors for hackers to take over your machine. They might not get triggered right away but they can be silently waiting for commands from hacker to activate and steal your data or to make your computer a zombie client which can be used to DDoS attack – Distributed Denial of Service other companies just for giggles for the hacker. Below is an illustration of an DDoS attack. You don’t what’s inside the code for cracks/patches…

9. Antivirus and Network monitoring

Make sure you have proper Anti-Virus software and that it is fully functional and updating properly. First thing any virus software does is deactivate your protections. You need to make sure you keep an eye on your Anti-Virus software from time to time. If it active scanning has been stopped or its not even running then that means your security has been compromised.

Also note that mayne Anti-Virus just does not look for other types of malicious softwares i.e. malware softwares or adware software which are pesky little things and those needs to be cleaned up by professional software which look out for these kind of pesky software. One that comes to mind is MalwareBytes it has a very good reputation around the global for cleaning up infected systems.

If your budget permits you should also deploy SIEM Security Information & Event Management solutions.

However, if you are small or midsize company and you have a tight budget you can deploy PowerShell scripts to alert you when some abnormality activity has been found and these can be done via filtering your Events Logs from Active Directory Server.

You might have seen some of the SIEM features being triggered by Gmail, Dropbox, Online Banking and many other web based solutions when you try to log into their services from an unknown location. These events basically knows that you have been logging into your services via specific IP + Location and when you go on vocation for example your Public IP and Location of that IP changes with it so that in-turn triggers an event and shoots out and Email to you and their security team for follow-up.

8. Email Filtering (Scam, Phishing, virus attachments)

As you might have already read there has been rise in Phishing attacks on companies and government offices. These CyberAttacker use techniques which utilizes social media to target an attack on a specific company. Since these attack are usually targeted, the success rate of these are very high unless you have well educated employees who are trained to look out for these attacks. Some of these attacks can be so simple that an employee might not even think twice.

For example, an employee can get an email from his manager asking him to buy couple of gift cards since he got stuck in the meeting with CEO and that the CEO wants to give out Gift Cards to his direct reports for amazing work and a P.S note would say since I won’t be coming back to my desk can you just send me the codes for those Gift Cards via email. Another, attack I have seen during our chat with clients is changing the Payroll of employee to another bank. Request comes in as an employee stating that he/she has change banked and that Payroll needs to update the payment using the below Direct Deposit form provided.

This is why deploying solutions to catch these nasty attacks before they reach your employees is very important. This way you are protecting your employees and your data from breach.

If you are using cloud solutions these options are available by default however, out of the box solutions even on Office 365 is not sufficient unless until you tweak them to your business setup. You can also make specific rules to catch a known phishing attack that way similar attacks cannot be used again on your company. Since at start hackers only try specific user however, when it does not work they start to email every email they find for a company and start targeting them too.

7. Plan out for Types of security event

So you got hit! now what? well either you can run around the office like a headless chicken or have actual plan on how you going to isolate and recuperate. There is nothing wrong with getting hit by an attack, however how you handle it has a lot to do with how things will go for you.

• Identify breach/attack

Successfully identifying your attack can help fight it and stop it from spreading. if one of your employee came to you and said oh I think I have accidently clicks on a phishing email and provided my username and password. Then instead of educating the user on his mistakes you should take steps to first address the issue by deactivating his account and doing audit trail and running anti-virus and malware scanning on his/her pc.

You also need to be cognizant documents exposed via cloud services i.e. if your company utilizes Office 365 then make sure all your SharePoint documents are protected and the said user has not uploaded any document files with a macro which could spread viruses to other employees.

• Detach & Quarantine

If attack has installed some malicious software or you believe it might have then disconnect it from network and run full scan on it. If you have a possibility of nuking the system I would suggest go for it. However, make sure your user has all important document backed up before you nuke it.

6. Backup and then back up to backup that backup.

Yes that sounds funny but dont mess around with backup. Only way you can be protected from ransomware is to have consistent backup solution. Since, backup eats a lot of space it is very crucial to identity your important data and have specific policy to perform backup on a higher retention then your normal data. You can even have more frequencies on your important data i.e backup it up 3 times a day one before the workday starts, one by the lunch hour and one end of the day. I know some of you might just said backup during lunch hour? is he crazy.. no you can have backup done via VSS Shadow copies and only cost for that might be little slowless on the system but hey its cost of having a backup when you need it. These days ransomware are going after backup solutions and some of them basically deletes your checkpoint on virtual machines and even deleting your backups. So to counter that you should also protect your backup from deletion which can be done by many ways. I will let you figure that one out however, you can leave a comment and maybe we can discuss it here

5. Whats what on Network?

Knowing your weak points are very important. No I am not talking about job interview question I am talking about company network. Know what can connect to your network and how can you remove it from network when some malicious intent is found via user.

Unless until you have deployed state of the art solutions at your company there are couple of weak points on any company networks. They are usually related to WiFi and BYOD devices or rogue devices on network.

Your employees can register their own mobile devices to WiFi and create issues if they have malicious software on their phone or they can just bring their personal laptop in which has millions of viruses since they love to download pirate softwares. These issues are very hard to fight against unless you have proper backend security which can prevent users from doing these unauthorized actions.

For preventing users from bringing in personal laptop you can implement 802.1x security which basically makes them authenticate before they can have access to the network. However, your switches should be capable of doing 802.1x authentication.

For preventing users from connecting to your corporate WiFi which gives them access to everything then using device based certification for SSID would make sense however, you will need to deploy device certificates to his/her device.

4. Switch based (acl) Access control list

Another security implementation can be done is ACLs on switch level. This can be done by splitting your VLANs to Servers, Computers, WiFI and guest WiFi. This way you can create specific access rules for each of these Vlans. One example could be that normal Computer can only talk to specific servers via specific ports. This way you can blocking all ports going to your server. You can also lock it down more to have only RDP access enabled for your IT Admin team etc..

For WiFi you can lock your guest WiFi SSID to just internet traffic and don’t provide any access to your internal network. This way even if they manage to break in due to bad security or someone giving out guest WiFi password to someone malicious they would only be able to go on internet from there.

3. User Education

You need to train your employees for attacks and maybe send out mass email when you find new type of attack addressed to your company. This way information is provided to end user and they are aware of these attacks and avoid. They need to recognise suspicious activity and flag it to your IT department. These activity can not only come from email but also from phone itself.

A lot of successful hacks has been done via phone as well where threat actor impersonate someone else to either get more information about the company or even get username and password. Once they have someone’s credential they can go next level by using credibility of that compromised user and attack payroll or accounts department.

2. Reset Default passwords

Never leave default passwords on any device… enough said!

1. Block USB Drives and Removable Media using Group Policy

Yes!! you heard me. Block those removal devices. It will save you tons of headache. You can even blame it on DLP when you do implement this setting.

There are ways to block it from GPO for all users or just specific ones via security group. For example, if you don’t trust your domain admins that much you can block them from using USB. However, since they are domain admin they can go and change the policy too which could be funny but if you do it right audit trail will catch the naughty admin.

Hope you enjoyed reading our article. Feel free to check out our services.

Skype For Business can be used with Auto Attendant to provide IVR solutions however its bare minimum to address your needs for handling multiple calls from your clients. You can shop around for 3rd party solutions for call center which care compatible however, must of them lack some mandatory features or have not been tested in the field.

We have designed and implemented Anywhere 365 solutions to many clients who are pure Skype For Business shop and they are amazed by this robust and scalable solution. You can select any of their licensing tiers which are as follows :-

Anywhere 365 is very feature rich and you can use multiple services which can make life of your agents easier for day to day tasks. Here is a comparison sheet for licenses while we are still on that topic.

Features	Workgroup	Small Business	Corporate	Enterprise	Enterprise+
Number of UCC’s	1	2	8	Unlimited	Unlimited
Reception Attendant
IVR & Skill Routing
Dialogue Intelligence
Skill Based Chat Routing
Webchat
Unlimited IVR Depth
CRM Integration
Supervisor Listener
Reason Code Per Skill
Call Recording
Dialogue Management
Outbound Call Recording
Callback & Interceptor
Webvoice + Webvideo
Failover Compatible
Smart Routing Table
Caller Specific IVR
Anywhere365 SDK
Cross-Independent
Nested UCC Failover
Social Media Dialogue
Azure Service Integration *
Bot Framework
Anywhere365 GridChat
CRM Web Agent
Bridge Supported

In addition on limitation on number of UCCs for smaller tiers there are feature specific functions which are limited in each tiers. If you want to fully utilize all the features you are better off with Enterprise license. For budget purposes you can start off with smaller license tier and upgrade your license as you go this way you can manage your finances while your business expand and you need more features.

Little background on the interworking of the product. There is two part installation for Anywhere 365 which include on-prem installation of UCC server which hooks into your Skype For Business 2015 front-end server via Skype Trusted Application (Endpoint). Once everything is configured you have to install SharePoint template which holds the master record for all your settings and this is how you interact with the product. You can either use the SharePoint Online – Office 365 Cloud services or the On-Prem SharePoint if that’s what is installed in your company.

Once you have installed the required SharePoint template you can start modifying the default template. Below is an screenshot for the SharePoint Template.

Initial configuration will be done in “UCC General” tab on the bottom left side where you can configure multiple default values for your UCC. You can then go on from there to configure Skills and then your agents in your respective sections.

Feel free to drop us an email if you have any questions. Email support@sjstechnet.com or click here to go back to our services page.

Below is the powershell script for Office 365. Once you are connected you can run the script.

Make a DL / Security Group called “Denied Users” and add users or user to that DL if you want to block him/her from sending emails to DL. Please note that this script will only add the Denied User DL in block list once i.e only the existing DLs will be modified. So if you create a new DL after running this script then that DL will not have Denied users in rejected user and hence you will have to re-run the script or you can run this script daily via windows scheduled tasks.

$temp = Get-DistributionGroup -ResultSize Unlimited
foreach($group in $temp)
{
Set-DistributionGroup -Identity $group -RejectMessagesFromDLMembers "Denied Users"
}
#Remove the above setting incase they change their mind.
#Set-DistributionGroup -Identity $group -RejectMessagesFromDLMembers $null 

Set-MailboxFolderPermission meetingroomname:\Calendar -User Default -AccessRights Reviewer

$rooms = get-mailbox | where {$_.resourcetype -eq "room"}
foreach ($room in $rooms)
{
Add-MailboxFolderPermission -Identity ($room.windowsliveid + ":\calendar") -user user@SJSTechnet.com -AccessRights Editor
}

Before we deep dive into this article let us explain what exactly is Ransomware. Little snippet from wiki below: –

“Ransomware is a type of malware from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash or Bitcoin and other cryptocurrency are used for the ransoms, making tracing and prosecuting the perpetrators difficult. “

Dental offices are being targeted by Ransomware and are crippled by it. One of administrative had this to say:-

“We have no access to the patient charts, schedule, x-rays, or payment ledger,” Shae Johnson, the Clinical Coordinator at Dentistry Design in McFarland, Wisconsin, told CNN. “The doctor cannot do proper treatment without a chart history and x-rays.”

As you can see these causes chaos and costs business income and gives a negative image as patients plan their week out and maybe take sick day for the doctors appointment just to find out that the dentist office an no longer accommodate them.

There are many ways to prevent these issues and or at least land back on your feet after a successful ransomware attack. These includes having a proper backup solutions in place just so that you can grab a copy of non-encrypted files from your backup storage and continue assisting your customers while your IT department actually put out the fire per say.

While fetching data from backup seems very easy however, it is yet time consuming task and knowing what is critical vs what you can live without during the outage is very important. Sort your backup in category which mark them as important verse non business critical category. These can actually save ton of time while restoring files from backup maybe even cut times from few hours to just half an hour.

Depending on what line of business you are in you might find it easier to divide them in “Year” folders i.e. 2018 Folder, 2019 Folder etc.. and then you can further divide into critical vs non critical folders. One example could be that anything payment and invoice related can be in non critical as those are not something you would require in a full out blackout of your data due to viruses or ransomware attack or in fact any of the cyberattacks.

Quote from the article: –

“Essentially the restorations are ongoing,” Brenna Sadler, a spokeswoman for Digital Dental Record, told CNN. “It’s a very difficult, lengthy, methodical process. So it’s taking some time.”

Here is another quote from the article. A scenario no one wants to go through of “What could go wrong” and having everything go wrong!

“It had a devastating effect on our office,” said Paul Levine, a dentist who runs a private practice near Milwaukee. “Monday, Tuesday, Wednesday, until this morning when they got us up running, we were not able to see half of our patients because we were handicapped from taking x-rays. You can’t see an emergency patient without an x-ray. You can’t see a new patient without x-rays.”

As a new owner you need to invest little bit on safeguarding yourself from these issues. These safeguard might look like waste of time and or money however, when things go wrong you at least have backup plans. It’s like having a car insurance it pays for itself when someone steals your car or unfortunate event of you having in an accident.

As you can see you can be out for days / weeks without vital business functionality. You can successfully prevent these issues if you plan accordingly and have proper backup plan in place. You can be proactive rather than waiting for cyberattack to render your business systems useless. You rather put checks in place to avoid these issues and future proof yourself from these nasty attacks and keep your business reputation and your royal clients happy.

Our Managed Services can help in deploying safeguards against these threats.

• System Properties – sysdm.cpl
• Add/Remove Programs – appwiz.cpl
• Date/Time Properties – timedate.cpl
• Display Properties – desk.cpl
• Internet Properties (Very useful if you want to setup Proxy – Bonus Google uses these Proxy for connections) – inetcpl.cpl
• Network Properties – ncpa.cpl
• Sound Properties – mmsys.cpl

Tired of doing the same thing over and over again? feel free to contact us via our managed services page. We might be able to help you through Managed Services and split your workload.

Possibilities are endless with this script as this takes care of your leg work for using this as base for your script. You may ask how? well you can use this script to go through your extension range and find out what extensions are not being used. Well you might ask if we are going in sequential why would we have this issue? well cause your employees leave and you have a broken chain in your sequential extension assignments.

PowerShell Code below: –

#Create table and populate users properties
$table = @()

#Get users who have Enterprise Voice Enabled and select Name, LineURI and #EnterpriseVoiceEnabled columns
$users = Get-CsUser -Filter {EnterpriseVoiceEnabled -eq $true} | `
Select DisplayName, LineURI, EnterpriseVoiceEnabled

#Loop through each users
foreach($user in $users){

#Get Name from the user list for each user
$name = $user.DisplayName
#Grab extension which is after = sign and grab the 1st part after =
$ext = $user.LineURI.Split("=")[1]
#Grab value of EnterpriceVoiceEnabled in this case it will be always True
#cause our initial search only includes Enterprise Enabled users.
$entvoice = $user.EnterpriseVoiceEnabled


#Add each columns with property for users.
$objAverage = New-Object System.Object
$objAverage | Add-Member -type NoteProperty -name "User" -value $name
$objAverage | Add-Member -type NoteProperty -name "Extension" -value $ext
$objAverage | Add-Member -type NoteProperty -name "Enterprise Voice" -value $entvoice

#Add them to table
$table += $objAverage

#Format the table. This is useless as we are sending email from below $body
$table | Format-Table -AutoSize
}

#CSS formatting
$a = "<style>"
$a = $a + "BODY{background-color:white;}"
$a = $a + "TABLE{border-width: 2px;border-style: solid;`
border-color: black;border-collapse: collapse;}"
$a = $a + "TH{border-width: 2px;padding: 2px;`
border-style: solid;border-color: black;background-color:GoldenRod}"
$a = $a + "TD{border-width: 2px;padding: 2px;border-style: `
solid;border-color: black;background-color:palegoldenrod}"
$a = $a + "</style>"

##############Change your SMTP Details Start###
#Your SMTP server
$smtpServer = "intermailserver.usyse.com"

#Your from address
$from = "Do_Not_Reply@usyse.com"

$To = "me@usyse.com", "you@usyse.com"
$CC = "someone@usyse.com"

##############Change your SMTP Details Ends### 
$Subject = "Skype For Business Extensions"

$Body  = "Skype For Business Extension Details<br>

 <br>
"
#Here I am sorting it out with Extension
$Body  += $table  | Sort-Object Extension | ConvertTo-Html -head $a
$Body  += "<br><br>"
#$message.Body  += " <br>"
#$message.Body  += " <br>"
$Body  += " "


#Send email finally

Send-MailMessage -To $to  -Subject $subject -Body $body -SmtpServer $smtpserver -From $from -BodyAsHtml  -Cc $CC

And here is the fancy looking script with color coding !

And your final result will be something like this :-

Still need help? feel free to contact us via our managed services page. Managed Services

Basically from 

To 

Copy Powershell code below

Import-Module SkypeOnlineConnector
#Change the below pool for targeting users
$RegistrarPool = "frontend.domain.com"

$users = Get-CsUser -Filter {RegistrarPool -eq $RegistrarPool} | select DisplayName 

$array = @()

foreach ($user in $users)
{

$userpolicy = get-csuser $user[0].DisplayName | select DisplayName,VoicePolicy, DialPlan

$array += $userpolicy

get-csuser $user[0].DisplayName | Grant-CsDialPlan -PolicyName ""
get-csuser $user[0].DisplayName | Grant-CsVoicePolicy -PolicyName ""

#Dialplan set
#get-csuser Firstname LastName | Grant-CsDialPlan -PolicyName ""
#VoicePolicy set
#get-csuser firstname.lastname@skype.com | Grant-CsVoicePolicy -PolicyName ""
}
$array | Export-Csv -notype -Path C:\Scripts\dialplanpolicyFinal-+$RegistrarPool+.csv

Here is a picture of the working code in PowerShell ISE you can run it from Start / Run and then type powershell ise and hit enter.

Still need help? feel free to contact us via our managed services page. Managed Services