About Me

My photo
JHC Technology is a Service Disabled, Veteran-Owned, Small Business based in the Washington, DC Metro area. Our primary focus is to offer customized solutions and IT consulting to our Commercial and Government clients. Our experts have a broad experience delivering and managing Microsoft Enterprise applications and Cloud and Virtualization Solutions, as well as mobilizing Enterprise data.

Thursday, December 26, 2013

JHC Integrates AWS CloudTrail

JHC Technology has integrated Amazon Web Services' CloudTrail as a best practice for all our AWS solutions.  AWS CloudTrail is a fully managed web service that provides increased visibility into a customer's cloud solution and user activity by recording the API calls on that customer's account.  JHC utilizes CloudTrail to perform the following services in order to provide enhanced security for our AWS customers:

·        CloudTrail is the first service activated on new AWS accounts to ensure every API call is captured from the onset of the account.

·        JHC configures CloudTrail to capture both regional and Global API calls while preventing duplicate global events in the logs.

·        JHC deploys custom Identity and Access Management (IAM) permission policies on CloudTrail to prevent unauthorized access to logs.

·        JHC Enables versioning and logging on CloudTrail S3 buckets for added protection.

·        JHC deploys and configures Splunk Enterprise Instance inside customer's Virtual Private Cloud (VPC) and integrates Splunk with CloudTrail in order to gain additional insight into security related activities.

·        JHC creates custom notifications on CloudTrail S3 bucket to immediately notify customers when objects stored are lost.
 
James Hirmas is the CEO for JHC Technology.  He can be reached at jhirmas (at)jhctechnology.com, @JHC_JamesHirmas, or connect with him on LinkedIn.

Friday, December 13, 2013

JHC to be Panelist at NIST Industry Day - Dec. 16, 2013

Craig Atkinson, JHC's Chief Technical Officer has been selected to be one of the panelists that will be presenting during this year's NIST Industry Day. The event expects to attract 600 registrants from around the DC Metro area seeking to learn more about the challenges of Cloud computing in the Federal Government.

The industry day will focus on the challenges that the Federal Government is experiencing when it comes to the disruptive technology, specifically around procuring Cloud services and infrastructure. As the landscape for procuring computing power is being transformed by Cloud computing, the industry day will attempt to address the changes in the market that can assist the Government in transforming the way it procures Cloud computing moving forward. The industry day also promises to touch base on the capabilities available in the commercial market space in regards to Cloud web hosting and content management.

JHC Technology will also have a booth set up where you can stop by, meet our team and learn more about what we have cooking in the Cloud today.

The Industry Day will be held at the NIST location at 100 Bureau Drive, Building 101, Gaithersburg, MD 20899 on Monday, December 16th. To register, visit https://www-s.nist.gov/CRS/conf_disclosure.cfm?conf_id=6571

Friday, November 22, 2013

Antivirus vs Antivirus

Do you have right Antivirus/Antimalware installed on your computer?
How many times have you received an email from someone you knew, but something about the email didn’t seem quite right? You shouldn’t trust everything you get from anyone. If you have been using a computer for sometime, you should be very well aware that having some type of antivirus is a must on your system. You should also keep that antivirus up-to-date.

How do you know you have the best and does it matter?
When it comes to antivirus, choice matters. A rule of thumb is to stick with the big boys, but they can be costly. Not all antivirus software are created equal and free doesn’t always mean better, just as expensive doesn’t always mean it will function with superiority. You should take the time to do some research on reliability, customer support and how often their product is updated.

Am I completely safe after installing antivirus software?
Once you have an antivirus installed you are ready to start scanning anything that comes in via e-mail or Internet downloads for any type of media. Your antivirus says everything is clear. More often than not, your antivirus may give you the green light, however, antivirus are not always perfect.

Chances are you may have heard of a buzzword such as zero-day. Zero-day is basically a geeky term to call a virus that may not be detected by many antivirus applications. Wouldn’t you like to have multiple antivirus applications installed on your system to cover as many types of malicious files? Unfortunately, installing more than one antivirus on a computer may cause you quite a bit of trouble. That type of software does not play well with others alike.

It’s like the old saying about oil and vinegar or better yet, it’s like beer and liquor…never been sicker. Well, having Antivirus Brand 1 and Antivirus Brand 2 installed on your system is like that. They could wreak havoc on your computer to render it useless or extremely frustrating.

Can I scan my files with multiple antivirus software that I don't need to install on my system?

Here is my tip to help you out get a better "warm fuzzy".

First, understand I am not asking you remove your antivirus installed on your computer. You need something on your system to keep you safe and you need to make sure you are keeping it up to date.

Modern day full antivirus suites scan e-mail automatically, as well as files downloaded from the Internet. I recommend keeping all foreign files in a specific folder until they have been vetted. Make sure your antivirus scans the files in that folder.

Now it’s time to scan a file with multiple scanners at the same time.

1. Virustotal (http://virustotal.com)

Open up your favorite browser and navigate to http://virustotal.com.



Click on the Choose File button and a window should pop up. Navigate to your folder where you are keeping the files in question and select 1. Finally, click the Scan It! button.

Please note that Virustotal may say it scanned a file already, but just to be on the safe side tell it to scan it again.



You should see a small window saying "file uploading". Soon after it’s done you will see that the "file is being analyzed". Right below that you will see the results trickle in. You will also notice that it is using several antivirus engines to scan your files.



It will display the antivirus brand followed by the scan result and date. That date is when that Antivirus was updated. Note that they are kept fairly up to date.

Virustotal uses about 47 different scanners. If these 47 scanners are still not enough for you, you can also try a couple of other websites that practically do the same thing.  In addition to scanning files, Virustotal also has the capability to scan URL links.

2. Jotti (http://Virusscan.jotti.org/en)

Jotti is another site just like Virustotal. Open up your browser, and go to http://virusscan.jotti.org/en:



Jotti, unlike Virustotal, lets you know up front what the server load is like. This is good if the server shows that there is a heavy load and you will have to wait or just go to another site.



The results page is simple and easy to read and also includes dates of updates and color coded font with its results.



3. Metascan (www.metascan-online.com)


Metascan uses 42-43 scanners and the results page is very similar to Virustotal and Jotti.

 

By using these three different options for scanning for viruses for viruses on your files you won't have to install or pay for additional software to do so. However, it is important to note that these sites are useful for scanning files only.  In addition, using these websites depends on having Internet access. Thus,  having an antivirus/antimalware scanner installed on your system is a must. Many of these applications also monitor your system memory and behavior.

Here is another link to another site, but it is not as simple as the others. However, you do have several options. If you feel comfortable give it a try:  http://anubis.iseclab.org/?action=advanced_form

Scan, be safe and prosper!

Ernesto Fuller is the Senior Security Administrator for JHC Technology.  He can be reached at efuller (at) jhctechnology.com or connect with him on LinkedIn.

Tuesday, November 12, 2013

Hybrid Cloud Solutions: Amazon Web Service (AWS) and Microsoft Office 365


Can Microsoft Office 365 and Amazon Web Services (AWS) work together?  The answer to this cloud riddle is YES.  

There seems to be an overall confusion between what these Cloud venders provide as services.  To be clear, Amazon Web Services is an Infrastructure as a Service (IaaS) provider and Microsoft Office 365 is a Software as a Service (SaaS).  

In enterprise deployments of Office 365, many organizations have requirements to manage and synchronize user profiles to Office 365, restrict user access, provide secure mobile access, and advanced Exchange/Lync/SharePoint management (Remote PowerShell and management consoles).  

In order to satisfy these requirements, organizations will need to deploy the following components within their controlled environment:
  • Mobile Management Solution (Blackberry Enterprise Server 10)
  • Active Directory Federation Services (ADFS) internal and proxy
  • Exchange and Lync Management Console
  • Remote PowerShell for SharePoint, Exchange, Lync, and other Office 365 components

Some of our clients have elected to move these components into their own Virtual Private Cloud (VPC) within Amazon Web Services (AWS) so that they can take advantage of the power of AWS (Elastic, Pay as you go model, network, high availability, etc…) and remove their dependencies on managing their own data centers. Once these components have been deployed they can be configured to integrate/communicate with Office 365 Exchange, SharePoint, Lync, and other Office 365 components.

JHC Technology has also designed and implemented virtual application and desktop technology to run on Amazon Web Services.  We are able to deploy the Microsoft Outlook virtual application as well as other office products on AWS and connect them to Office 365.  In this scenario, users are able to connect to an AWS region and access Outlook either via virtual desktop or virtual application from any device and pull down their Office 365 exchange mail securely.

Organizations should not be tied down to use only one cloud model (IaaS vs SaaS). They should look at their overall requirements and choose an architecture that is flexible enough to expand for future requirements.

James Hirmas is the CEO for JHC Technology.  He can be reached at jhirmas(at)jhctechnology.com,@JHC_JamesHirmas, or connect with him on LinkedIn.

Friday, November 8, 2013

Cloud Isn’t All or Nothing

One of the misconceptions that I run into as I visit potential clients is the amount of access a company like ours has when performing a cloud project for a company or individual.  Invariably, at some point, the question of data visibility comes to the forefront.  It usually goes something like this:  “So are you going to be able to see everything, because we can’t have that!”

The answer to this question is the same as many other answers we give when it relates to highly malleable cloud projects:  “It depends.”

Cloud isn’t an all or nothing endeavor.  Your data doesn’t have anything to do with our work, and whether we get to see the data is totally up to you.  I look at it this way:  A cloud provider, such as AWS, can come to the site at which you’re building your dream home.  AWS will put a Home Depot on the site and then leave.  AWS doesn’t tell you how to build your home, what boards to use, or whether that joint requires a nail or a screw.  All they do is keep the Home Depot stocked.  JHC handles the architecture and deployment, and we know all the best practices when it comes to using the material.  But that’s where it ends.  We can build your house without ever knowing what will go in it.

Your data is the same way.  We don’t need to see it and building your cloud environment isn’t dependent on having any access to it at all.

We are doing one project with a global organization in which we have full control of the cloud infrastructure we are deploying.  This infrastructure is being deployed in an AWS Virtual Private Cloud (VPC).  As part of the creation of the VPC, our client’s requirement was that the VPC only allows access from a specific set of IP addresses.  As it stands, that IP range is limited only to our client’s development servers.  What that means is while we can deploy a server into the AWS VPC, we can’t even verify its operation beyond the fact that the server is running.  We have no access to ping the server or remote into it.  The only access comes from the client’s on-premises machines.

Testing the capabilities of the cloud can provide tremendous insight for an organization.  Many times, involving an outside consultant with cloud experience is also the wise step.  But, don’t fret that you’ll need to give the ol’ “Keys to the Kingdom,” to your consultant.  You can build and test all sorts of services without exposing your data outside your organization.

Matt Jordan is the Cloud Services Manager for JHC Technology.  He can be reached at mjordan(at)jhctechology.com, @matt_jhc, or connect with him on LinkedIn.


Tuesday, November 5, 2013

DIY, Cloud Style

Unless you’re actively working in the cloud technology space, you’re probably relying on those that are to provide you the cloud services you’ve come to depend on.  One of the biggest pieces of the move to cloud is the use of the cloud for backing up your data.  I know many people that either utilize their own external storage drives or pay a yearly/monthly subscription to backup info to an online vendor.

While an external drive is good, it’s not always there when you need it, and while an online vendor is an easy choice, what do you really know about them?  Can you trust the storage?  Can you trust that they’ll be in business?  Can you trust that they won’t make a mistake and delete your files?

For me, I decided that I wasn’t going to pay for an external drive, and there’s no reason for me to utilize an online vendor.  With Amazon Web Services and the free tier, I pay next to nothing for my small backup account.  This post will walk through the ease of using AWS’s Simple Storage Service (S3) to back up your own information and cut out the expensive hardware and expensive middle man.

If you haven’t done so already, create an AWS account by going to http://aws.amazon.com and clicking “Sign Up”.
  1. Once you have your account created, go to the AWS Management Console.  Select S3.  
     
  2. From the S3 Dashboard, select Create Bucket.  (Note:  an S3 Bucket is simply a container for your files.  Within Buckets you can have Folders to help organize information.)  
     
  3. Once you’ve created the bucket, you will be prompted to enter a name.  Keep in mind that this name is not simply unique to your account, which means you won’t be able to go generic.  You may have to enter a couple of names to find one that works.  I ended up with “demo-test-1” as my bucket name, as an FYI.  As you can note, you also get to select the region in which to store your data.  
     
  4. Once you’ve named your Bucket, click Create (You can also set up logging for the bucket, if you’d like).
  5. You will now have your bucket listed on the S3 dashboard.  
      
  6. Access the bucket by clicking the Bucket name.
  7. You can create folders by clicking on the Actions dropdown and selecting Create Folder.  Simply type the folder name in the line that appears.
  8. To upload a file or files, click Actions, then select Upload.  
      
  9. You will then be prompted to select your files.  Click Start Upload when finished selecting your files.  
      

By default, the S3 bucket is accessible only to the user account that created the bucket.  In order to make the bucket available to others, permissions will have to be assigned via AWS Identity and Access Management users or through other permissions that open availability to the public.

Matt Jordan is the Cloud Services Manager for JHC Technology.  He can be reached at mjordan@jhctechology.com, @matt_jhc, or connect with him on LinkedIn.


Friday, November 1, 2013

Password Health: Are Your Passwords Secure Enough?

How healthy is your password?  Do you know what to look for to determine the health of a password? Depending on whom you ask, the answer may differ. In this blog post, I will give you my 2 cents, which could be worth more.

First, how old is your password? 
There is a reason why work requires you to change your password every so often. Standard practice is to change it every 90 days.

Second, how complicated is your password?  
In order to increase the security of your password and decrease the likelihood that someone can easily guess what it is, most employers require that you set password using upper and lower case letters with a variation of numbers and special characters.  The length of a password is also key in maintaining good security practices.

Nowadays there are so many passwords one would need to memorize and keeping track of every single one could get challenging. So lets start by breaking down your most common password categories.
  • Banks
  • E-mails
  • Home
  • Social Sites
  • Phone
  • Computer / Mobile Devices
  • Home WiFi network 
Some categories are more important that others so one would think that the passwords are more complicated and therefore harder to break…or are they?

You have to consider that the bad guys are always trying to get into your accounts. However, they usually get into accounts that are weaker than others.  The more difficult the account is to break into the longer it will take the bad guys to get into it.

The bigger corporations have additional security requirements to allow you to get in, which is great, but not fool-proof.  If you are asked for a password and PIN to get into your accounts and you have a habit if picking a PIN that is your birthday, then all the bad guy has to do is know a little bit of info about you and he is in.

For example, do you use your kids, pets or any other identifiable item that is unique to you in your password?  Good security practice suggests you use other criterion that is a little difficult for bad guys to guess.

Here's What I Recommend
I remember I was once advised to use a line in a song, then start replacing certain letters for numbers and special characters. Obviously it has to be something that is easy to remember, but you have to stick with a routine that is easy enough for you to manage.  It doesn’t have to be songs, but maybe a quote from a movie, a poem, a line from a book or even a phrase.  All in all, the password complexity would exist and you can still remember it. I know it takes time, but it can be done. 

Just remember, the longer that password, the more difficult you make it for the bad guys to have to guess it.  So ask yourself these key questions:

  • When was the last time you changed your passwords? 
  • Are you using common words or names of people and birthdays?
  • Are you making your passwords more challenging for hackers to break?
You may even want to consider using password-management software if you find it too difficult to remember all of your passwords. 

Quick Tip:  If you are a Google user (Gmail, Google Drive, Google +, YouTube) , consider using Google Authenticator.  It is a token based app generator that gives users an extra layer of security. 
You just need a smart phone to install the app, but after you install and configure it, all your Google services will require the use of this tool.  It basically generates a code, so when you go to check your e-mail, for example, and you type in your password it will also prompt you for this code (similar to multi factor authentication - MFA)  You can read up more on this here: http://www.google.com/landing/2step/?utm_campaign=en&utm_source=en-ha-na-us-sk&utm_medium=ha

Ernesto Fuller is the Senior Security Administrator for JHC Technology.  He can be reached at efuller (at) jhctechnology.com or connect with him on LinkedIn.