6 Important OS Hardening Steps to Protect Your Small Business IT Investment

Proper patch management is critical to protecting data and uptime, but it’s just one of many security considerations. With Ransomware-as-a-Service and Angler, Bedep and Neutrino exploit kit adoption on the rise, Small Businesses must strengthen their defenses against outside attack. When attempting to compromise a device or network, malicious actors look for any way in. Unbeknownst to many small- and medium-sized businesses, operating system vulnerabilities provide easy access. In order to provide you with peace of mind, safeguard your sensitive information and differentiate your security services from the competition, here are six ways to harden your operating systems:

Definition of OS Hardening

So what is OS hardening exactly? Here is one definition from a Search Security column:

When you harden a box, you’re attempting to make it bulletproof. Ideally, you want to be able to leave it exposed to the general public on the Internet without any other form of protection. This isn’t a box you’ll use for a wide variety of services. A hardened box should serve only one purpose–it’s a Web server or DNS or Exchange server, and nothing else. You don’t typically harden a file and print server, or a domain controller, or a workstation. These boxes need too many functions to be properly hardened.

Another definition is a bit more liberal:

Hardening of the OS is the act of configuring an OS securely, updating it, creating rules and policies to help govern the system in a secure manner, and removing unnecessary applications and services. This is done to minimize a computer OS’s exposure to threats and to mitigate possible risk.

6 OS Hardening Tips

While different operating systems have their own intricacies, there are recommended practices that apply universally. This list is not all-inclusive and you may implement additional best practices when applicable. However, in order to minimize clients’ risk of suffering a cyber-attack, adhere to the following protocol:

1. Programs clean-up –

Remove unnecessary programs. Every program is another potential entrance point for a hacker. Cleaning these out helps you limit the number of ways in. If the program is not something the company has vetted and “locked down,” it shouldn’t be allowed. Attackers look for backdoors and security holes when attempting to compromise networks. Minimize their chances of getting through.

2. Use of service packs –

Keep up-to-date and install the latest versions. It’s that simple. No one thing ensures protection, especially from zero-day attacks, but this is an easy rule to follow.

3. Patches and patch management –

Planning, testing, implementing and auditing patches should be part of a regular security regimen. Make sure the OS is patched regularly, as well as the individual programs on the client’s computer.

4. Group policies –

Define what groups can or can’t access and maintain these rules. Sometimes, it’s simply user error that leads to a successful cyber-attack. Establish or update user policies and ensure all users are aware and comply with these procedures. For example, everyone should be implementing strong passwords, securing their credentials and changing them regularly.

5. Security templates –

Groups of policies that can be loaded in one procedure; they are commonly used in corporate environments.

6. Configuration baselines –

Baselining is the process of measuring changes in networking, hardware, software, etc. To create a baseline, select something to measure and measure it consistently for a period of time. Establish baselines and measure on a schedule that is acceptable to both your standard for maintaining security and meeting your clients’ needs.

Everything you need to know to secure your business.

Here’s a peak of what’s inside!

Why do I need to complete the form?

Your information is safe with us. We don’t sell or give away any of your contact information. The below form helps us better understand you and your needs. Our goal is to give you peace of mind on your computers and network so you can focus on your business. Have any questions? Let us know! We would love to help.

By supplying your contact information, you authorize OC Technology Solutions to contact you with further information.

Recently upgrade to Windows 10? Seasoned Windows 10 veteran?

There’s always more to learn!

Check out our latest video to learn time saving tips and tricks using the Windows 10 Start Menu.

(To view the video, please visit this page on a desktop or laptop)

April 12th. Memorize that date.

In case you haven’t heard, a security vulnerability called Badlock was recently discovered in Windows and Samba. While the nature of the bug has not yet been revealed, patches along with details of the flaw will be released next week on April 12th. Ever since news of the vulnerability broke in March, hackers have been salivating at the mouth, ready to pounce. Indeed, some may have already discovered the bug. Since attackers will be eagerly awaiting the disclosure, once patches are released next week, Windows and Samba users must immediately patch their systems to prevent exploitation.

Badlock Bug Background (Details TBD)

“Please get yourself ready to patch all systems on this day. We are pretty sure that there will be exploits soon after we publish all relevant information.”

This warning comes straight from the official Badlock website and speaks to the growing anticipation within the cybercrime community. Although we don’t know where the Badlock bug lives, InfoWorld is attempting to connect dots by sharing hints given by SerNet, the Samba consulting company responsible for the Badlock website. Since Badlock implicates Windows and Samba users, it is likely that it “has something to do with the SMB protocol, used to read and write files over the local network, or Common Internet File System (CIFS), the SMB implementation used in Windows.” As a result, it may be reasonable to expect that any software using SMB will be impacted. Johannes Loxen, SerNet’s CEO, even spread speculation that with Badlock, attackers could obtain administrative access to local networks because the vulnerability would mean “admin accounts for everyone on the same LAN.” Again, nothing is certain, but even contemplating the implications of such an uncertainty should light a fire underneath you. Managing Badlock has to be priority one.

How You Can Prepare for April 12th

“Thinking will not overcome fear but action will.” ~W. Clement Stone~

You may be thinking that you don’t have to worry about Badlock until April 12th since you don’t know what it is you’re dealing with. Ever since Stefan Metzmacher, a member of the international Samba Core Team, discovered and reported the bug, there’s been a lot of hype around Badlock and what it means for users. Some even question the point of announcing the presence of a vulnerability weeks before MSPs and IT service providers can correct it. Still, all should take advantage of this 20-day advanced notice. As far as which patches will be available, the Badlock website lists Samba 4.4, Samba 4.3 and Samba 4.2. It is also important to note that all Windows machines are expected to be impacted.

If you’re a TotalCare Client…

In response, we will bypass our standard patch testing procedure and will whitelist this patch immediately upon its release so that it is available to you, our TotalCare Managed Services clients. To complete the patch installation, OC Tech will complete the following:

1. Ensure and/or update your patching policy to take place on Tuesday, April 12, 2016.

or

2. Be prepared to manually patch your Windows machines on April 12, 2016 as soon as the patch is whitelisted by our NOC.

We will continue to provide more specific information as it is made available, but wanted to make sure you know that we are preparing accordingly. For more information on Badlock, visit http://badlock.org/.

Access the data you need, when you need it.

Windows 10 is the new major release of Microsoft’s Windows operating system and is the successor to Windows 7 and Windows 8/8.1.  Windows 10 includes several new features and important changes, in addition to its platform unifying design. Microsoft believes the future of Windows is as a platform for all. The strength of Windows is in the thousands of companies that develop for it and use it in their products.  Windows 10 is no longer just an operating system for 32 and 64-bit PCs, as it will also run on the ARM platform for smaller tablets and smartphones.

Here are some of the exciting new features:

1. Start menu: Customize your Start menu!  Windows 10’s new Start menu combines the Windows 7-like application list and the live tiles interface from Windows 8’s Start screen. However, note that you can right-click on any tile and select “Resize” to alter the tile’s dimensions or if you despise live tiles you can select “Uninstall” to wipe them from your system.
2. Make Mail your own: Windows 10’s overhauled Mail and Calendar apps are amazing compared to Windows 8’s dull offerings. They’re faster, more full-featured, and have customization options.
3. Schedule your restarts: If you’ve got pending updates that require you to reboot your PC, Windows 10 will allow you to schedule a specific time for it to do so.  Finally!
4. Virtual desktops: Segregate your open apps into discrete areas; literally multiple, virtualized versions of your PC’s desktops.
5. Action Center: Provides you with a single location for all your app alerts, along with quick access to some of the settings you utilize most often.
6. Improved security: Microsoft is addressing security threats by strengthening identity protection and access control, information protection, and is threat resistance.
7. Microsoft Edge: Windows 10’s new Edge is a blazing fast engine and forward-thinking tricks like intelligent, automatic Cortana integration for supplementing the info you’re looking at.  Also very exciting are Reading View and Reading List.  Reading View (the small book icon, next to the bookmark star) strips away ads, sidebar images, and other clutter to present a clean, straightforward reading experience. You can also share to the Reading List app, which functions like Pocket or Instapaper, letting you add a story for later reading. Click the bookmark star and opt to save the article to your Reading List rather than as a bookmark.
8. Cortana integration: Cortana’s finally made the leap to the PC in Windows 10.  Microsoft’s voice-powered personal assistant can be configured to take over the Search box.
9. Xbox Live integration: Windows 10’s new Game DVR function is supposed to be used for recording video proof of your most magnificent gaming moments, but it will also let you create videos of any open app or desktop software.
10. Enhanced graphics: Windows 10 will include new versions of DirectX and WDDM to improve game performance.

Why:  With several new features, including security updates, and a platform-unifying design, it marks the beginning of Microsoft’s new “Windows as a service” mentality.  Instead of releasing a new numbered version of Windows every few years, the company will continuously release new features and updates.  Microsoft has committed to support Windows 10 for a decade after the July, 2015 launch.

Who:  Windows 10 is available as a free upgrade to qualified devices running Windows 7 (SP1) or Windows 8/8.1 during the first year.  Users running Windows XP or Windows Vista, must purchase a copy of Windows 10 from the Microsoft Store or other retailer and do a “clean install”.

When:  It already happened!  Microsoft made Windows 10 Home and Windows 10 Pro generally available on July 29, 2015 through a staggered release schedule. Windows 10 Enterprise and Windows 10 Education editions were made available on August 1, 2015 through Microsoft’s Volume Licensing Center.  However, neither edition is included in the first-year-free program.

How:  Most Windows 7 (SP1) and Windows 8/8.1 users can get Windows 10 through the Get Windows 10 app.  Users can also download a Windows 10 ISO to be used on multiple PCs.  Here is step-by-step walkthrough.

OC Technology Solutions is excited to announce the addition of, Kyle Hannis, to the team as our new Account Executive!  He brings more than 10 years of business development experience having worked with Fortune 500, Top Workplaces, & Fastest Growing Companies.  Kyle graduated from California State University Fullerton with a degree in Marketing.  His background includes selling to business owners & CFO’s for small to mid size companies.  When Kyle is not working hard, he loves sports, BBQing, going to the beach and spending time with his dog.  Find out more about Kyle by visiting him here;  LinkedIn & Facebook.

Even if your relationship with Gmail is love/hate, I believe you will LOVE these Gmail hacks.

“Unsend” a message!

This Gmail feature made headlines recently.  There are so many reasons this app could save your life.  Have you ever sent an email half finished?  Have you ever replied to all with a personal message to the original sender?  Have you ever let your emotions get the best of you and replied to an email that made your blood boil?  Well, this new feature gives you a certain amount of time to change your mind and “Undo Send”.  After a designated time has passed (you can choose up to 30 seconds), only then will your email be sent.  Phew!  Here’s your Step-By-Step guide:  http://www.cnet.com/how-to/how-to-unsend-a-sent-email-from-your-gmail-account/

Fake a timestamp!

The Boomerang app is utterly amazing!  It allows you to schedule emails, set up snooze messages, and get reminders. You can schedule emails to go out at any time, so it’ll look like you’re sending something at 8:00 a.m. on Monday, even though you scheduled it on Saturday at 2:00 am. You can also choose to “boomerang” emails, meaning you can mark an email to leave your inbox and return on a certain date. Let’s say there’s a reminder for a networking event next month and as much as you want the email, it’s cluttering your inbox. Just choose to “boomerang” the message, so that it leaves your inbox for now but returns two days before the event. You can also ask Boomerang to send you a reminder if nobody replies to an email, so you’ll never forget to follow up with people again.

Gmail keyboard shortcuts, Oh My!

To enable them for Gmail, go to the gear on the top right-hand corner of your main page, go to Settings, scroll down to “Keyboard shortcuts”, make sure they’re turned on, and then save your changes. Now you can plow through your email without leaving the keyboard. Need to draft a new email? Just press “C”. Need to mark something as important? Just press “+”. Need to mark an email unread? Just hit “Shift + U”. Get ready for your boss and coworkers to be amazed at how quickly you get through the morning emails.

Immediately pull someone’s name, title, mutual connections, etc…

Have you ever stalked one of your prospects?  Yea, of course you have!  Searching for them on LinkedIn, trying to see if you have any mutual connections, wait, how do you spell their name?  Problem solved!  A new Gmail extension called, “Rapportive”, is your new best friend.  You can now pull up LinkedIn profiles right inside of Gmail, so you can see someone’s profile alongside your message.  Rapportive will give you quick information to “warm” up your email whether you are sending or receiving an email.

We hope these tips and tricks help to put your mind at ease while you’re “Gmailing”!

Thanks for stopping by, see you next time!