Do you have right Antivirus/Antimalware installed on your computer?
How many times have you received an email from someone you knew, but something about the email didn’t seem quite right? You shouldn’t trust everything you get from anyone. If you have been using a computer for sometime, you should be very well aware that having some type of antivirus is a must on your system. You should also keep that antivirus up-to-date.
How do you know you have the best and does it matter?
When it comes to antivirus, choice matters. A rule of thumb is to stick with the big boys, but they can be costly. Not all antivirus software are created equal and free doesn’t always mean better, just as expensive doesn’t always mean it will function with superiority. You should take the time to do some research on reliability, customer support and how often their product is updated.
Am I completely safe after installing antivirus software?
Once you have an antivirus installed you are ready to start scanning anything that comes in via e-mail or Internet downloads for any type of media. Your antivirus says everything is clear. More often than not, your antivirus may give you the green light, however, antivirus are not always perfect.
Chances are you may have heard of a buzzword such as zero-day. Zero-day is basically a geeky term to call a virus that may not be detected by many antivirus applications. Wouldn’t you like to have multiple antivirus applications installed on your system to cover as many types of malicious files? Unfortunately, installing more than one antivirus on a computer may cause you quite a bit of trouble. That type of software does not play well with others alike.
It’s like the old saying about oil and vinegar or better yet, it’s like beer and liquor…never been sicker. Well, having Antivirus Brand 1 and Antivirus Brand 2 installed on your system is like that. They could wreak havoc on your computer to render it useless or extremely frustrating.
Can I scan my files with multiple antivirus software that I don't need to install on my system?
Here is my tip to help you out get a better "warm fuzzy".
First, understand I am not asking you remove your antivirus installed on your computer. You need something on your system to keep you safe and you need to make sure you are keeping it up to date.
Modern day full antivirus suites scan e-mail automatically, as well as files downloaded from the Internet. I recommend keeping all foreign files in a specific folder until they have been vetted. Make sure your antivirus scans the files in that folder.
Now it’s time to scan a file with multiple scanners at the same time.
1. Virustotal (http://virustotal.com)
Open up your favorite browser and navigate to http://virustotal.com.
Click on the Choose File button and a window should pop up. Navigate to your folder where you are keeping the files in question and select 1. Finally, click the Scan It! button.
Please note that Virustotal may say it scanned a file already, but just to be on the safe side tell it to scan it again.
You should see a small window saying "file uploading". Soon after it’s done you will see that the "file is being analyzed". Right below that you will see the results trickle in. You will also notice that it is using several antivirus engines to scan your files.
It will display the antivirus brand followed by the scan result and date. That date is when that Antivirus was updated. Note that they are kept fairly up to date.
Virustotal uses about 47 different scanners. If these 47 scanners are still not enough for you, you can also try a couple of other websites that practically do the same thing. In addition to scanning files, Virustotal also has the capability to scan URL links.
2. Jotti (http://Virusscan.jotti.org/en)
Jotti is another site just like Virustotal. Open up your browser, and go to http://virusscan.jotti.org/en:
Jotti, unlike Virustotal, lets you know up front what the server load is like. This is good if the server shows that there is a heavy load and you will have to wait or just go to another site.
The results page is simple and easy to read and also includes dates of updates and color coded font with its results.
3. Metascan (www.metascan-online.com)
Metascan uses 42-43 scanners and the results page is very similar to Virustotal and Jotti.
By using these three different options for scanning for viruses for viruses on your files you won't have to install or pay for additional software to do so. However, it is important to note that these sites are useful for scanning files only. In addition, using these websites depends on having Internet access. Thus, having an antivirus/antimalware scanner installed on your system is a must. Many of these applications also monitor your system memory and behavior.
Here is another link to another site, but it is not as simple as the others. However, you do have several options. If you feel comfortable give it a try: http://anubis.iseclab.org/?action=advanced_form
Scan, be safe and prosper!
Ernesto Fuller is the Senior Security Administrator for JHC Technology. He can be reached at efuller (at) jhctechnology.com or connect with him on LinkedIn.
Subject Matter Experts: AWS Cloud | Microsoft | Citrix | BlackBerry
About Me
- JHC Technology, Inc.
- JHC Technology is a Service Disabled, Veteran-Owned, Small Business based in the Washington, DC Metro area. Our primary focus is to offer customized solutions and IT consulting to our Commercial and Government clients. Our experts have a broad experience delivering and managing Microsoft Enterprise applications and Cloud and Virtualization Solutions, as well as mobilizing Enterprise data.
Friday, November 22, 2013
Tuesday, November 12, 2013
Hybrid Cloud Solutions: Amazon Web Service (AWS) and Microsoft Office 365
Can Microsoft Office 365 and
Amazon Web Services (AWS) work together?
The answer to this cloud riddle is YES.
There seems to be an overall confusion between what these Cloud venders
provide as services. To be clear, Amazon
Web Services is an Infrastructure as a Service (IaaS) provider and Microsoft Office 365
is a Software as a Service (SaaS).
In
enterprise deployments of Office 365, many organizations have requirements to
manage and synchronize user profiles to Office 365, restrict user access,
provide secure mobile access, and advanced Exchange/Lync/SharePoint management
(Remote PowerShell and management consoles).
In order to satisfy these requirements, organizations will need to deploy
the following components within their controlled environment:
- Mobile Management Solution (Blackberry Enterprise Server 10)
- Active Directory Federation Services (ADFS) internal and proxy
- Exchange and Lync Management Console
- Remote PowerShell for SharePoint, Exchange, Lync, and other Office 365 components
Some of our clients have elected
to move these components into their own Virtual Private Cloud (VPC) within
Amazon Web Services (AWS) so that they can take advantage of the power of AWS
(Elastic, Pay as you go model, network, high availability, etc…) and remove their
dependencies on managing their own data centers. Once these components have been deployed they
can be configured to integrate/communicate with Office 365 Exchange,
SharePoint, Lync, and other Office 365 components.
JHC Technology has also
designed and implemented virtual application and desktop technology to run on
Amazon Web Services. We are able to
deploy the Microsoft Outlook virtual application as well as other office products
on AWS and connect them to Office 365.
In this scenario, users are able to connect to an AWS region and access Outlook either via virtual desktop or virtual application from any device and
pull down their Office 365 exchange mail securely.
Organizations should not be tied
down to use only one cloud model (IaaS vs SaaS). They should
look at their overall requirements and choose an architecture that is flexible
enough to expand for future requirements.
James Hirmas is the CEO for JHC Technology. He can be reached at jhirmas(at)jhctechnology.com,@JHC_JamesHirmas, or connect with him on LinkedIn.
James Hirmas is the CEO for JHC Technology. He can be reached at jhirmas(at)jhctechnology.com,@JHC_JamesHirmas, or connect with him on LinkedIn.
Friday, November 8, 2013
Cloud Isn’t All or Nothing
One of the misconceptions that I run into as I visit
potential clients is the amount of access a company like ours has when
performing a cloud project for a company or individual. Invariably, at some point, the question of
data visibility comes to the forefront.
It usually goes something like this:
“So are you going to be able to see everything, because we can’t have
that!”
The answer to this question is the same as many other
answers we give when it relates to highly malleable cloud projects: “It depends.”
Cloud isn’t an all or nothing endeavor. Your data doesn’t have anything to do with
our work, and whether we get to see the data is totally up to you. I look at it this way: A cloud provider, such as AWS, can come to
the site at which you’re building your dream home. AWS will put a Home Depot on the site and
then leave. AWS doesn’t tell you how to
build your home, what boards to use, or whether that joint requires a nail or a
screw. All they do is keep the Home
Depot stocked. JHC handles the
architecture and deployment, and we know all the best practices when it comes
to using the material. But that’s where
it ends. We can build your house without
ever knowing what will go in it.
Your data is the same way.
We don’t need to see it and building your cloud environment isn’t
dependent on having any access to it at all.
We are doing one project with a global organization in which
we have full control of the cloud infrastructure we are deploying. This infrastructure is being deployed in an
AWS Virtual Private Cloud (VPC). As part of
the creation of the VPC, our client’s requirement was that the VPC only allows
access from a specific set of IP addresses.
As it stands, that IP range is limited only to our client’s development
servers. What that means is while we can
deploy a server into the AWS VPC, we can’t even verify its operation beyond the
fact that the server is running. We have
no access to ping the server or remote into it.
The only access comes from the client’s on-premises machines.
Testing the capabilities of the cloud can provide tremendous
insight for an organization. Many times,
involving an outside consultant with cloud experience is also the wise step. But, don’t fret that you’ll need to give the
ol’ “Keys to the Kingdom,” to your consultant.
You can build and test all sorts of services without exposing your data
outside your organization.
Matt Jordan
is the Cloud Services Manager for JHC Technology. He can be reached at mjordan(at)jhctechology.com, @matt_jhc, or connect
with him on LinkedIn.
Tuesday, November 5, 2013
DIY, Cloud Style
Unless you’re actively working in the cloud technology
space, you’re probably relying on those that are to provide you the cloud
services you’ve come to depend on. One
of the biggest pieces of the move to cloud is the use of the cloud for backing
up your data. I know many people that
either utilize their own external storage drives or pay a yearly/monthly
subscription to backup info to an online vendor.
While an external drive is good, it’s not always there when
you need it, and while an online vendor is an easy choice, what do you really
know about them? Can you trust the
storage? Can you trust that they’ll be
in business? Can you trust that they
won’t make a mistake and delete your files?
For me, I decided that I wasn’t going to pay for an external
drive, and there’s no reason for me to utilize an online vendor. With Amazon Web Services and the free tier, I
pay next to nothing for my small backup account. This post will walk through the ease of using
AWS’s Simple Storage Service (S3) to back up your own information and cut out
the expensive hardware and expensive middle man.
If you haven’t done so already, create an AWS account by
going to http://aws.amazon.com and
clicking “Sign Up”.
- Once you have your account created, go to the AWS Management Console. Select S3.
- From the S3 Dashboard, select Create Bucket. (Note: an S3 Bucket is simply a container for your files. Within Buckets you can have Folders to help organize information.)
- Once you’ve created the bucket, you will be prompted to enter a name. Keep in mind that this name is not simply unique to your account, which means you won’t be able to go generic. You may have to enter a couple of names to find one that works. I ended up with “demo-test-1” as my bucket name, as an FYI. As you can note, you also get to select the region in which to store your data.
- Once you’ve named your Bucket, click Create (You can also set up logging for the bucket, if you’d like).
- You will now have your bucket listed on the S3 dashboard.
- Access the bucket by clicking the Bucket name.
- You can create folders by clicking on the Actions dropdown and selecting Create Folder. Simply type the folder name in the line that appears.
- To upload a file or files, click Actions, then select Upload.
- You will then be prompted to select your files. Click Start Upload when finished selecting your files.
By default, the S3 bucket is accessible only to the user
account that created the bucket. In
order to make the bucket available to others, permissions will have to be
assigned via AWS Identity and Access Management users or through other
permissions that open availability to the public.
Matt
Jordan is the Cloud Services Manager for JHC Technology. He can be reached at mjordan@jhctechology.com, @matt_jhc, or connect
with him on LinkedIn.
Friday, November 1, 2013
Password Health: Are Your Passwords Secure Enough?
How healthy is your password? Do you know what to look for to determine the
health of a password? Depending on whom you ask, the answer may differ. In this blog post, I will
give you my 2 cents, which could be worth more.
First, how old is your password?
There is a
reason why work requires you to change your password every so often. Standard
practice is to change it every 90 days.
Second, how complicated is your password?
In order to increase the security of your password and decrease the likelihood that someone can easily guess what it is, most
employers require that you set password using upper and lower case letters with a variation of numbers and special
characters. The length
of a password is also key in maintaining good security practices.
Nowadays there are so many passwords one would need to
memorize and keeping track of every single one could get challenging. So lets
start by breaking down your most common password categories.
- Banks
- E-mails
- Home
- Social Sites
- Phone
- Computer / Mobile Devices
- Home WiFi network
Some categories are more important that others so one would
think that the passwords are more complicated and therefore harder to break…or
are they?
You have to consider that the bad guys are always trying to
get into your accounts. However, they usually get into accounts that are weaker
than others. The more difficult the account is
to break into the longer it will take the bad guys to get into it.
The bigger corporations have additional security
requirements to allow you to get in, which is great, but not fool-proof. If you are asked for a password and PIN to
get into your accounts and you have a habit if picking a PIN that is your birthday, then all the
bad guy has to do is know a little bit of info about you and he is in.
For example, do you use your kids, pets or any other
identifiable item that is unique to you in your password? Good security practice suggests you use other
criterion that is a little difficult for bad guys to guess.
Here's What I Recommend
I remember I was once advised to use a line in a song, then
start replacing certain letters for numbers and special characters. Obviously it has to be something that is easy
to remember, but you have to stick with a routine that is easy enough for you
to manage. It doesn’t have to be songs,
but maybe a quote from a movie, a poem, a line from a book or even a
phrase. All in all, the password
complexity would exist and you can still remember it. I know it takes time, but it can be done.
Just remember, the longer that password, the more difficult you make it for the bad guys to have to guess it. So ask yourself these key questions:
- When was the last time you changed your passwords?
- Are you using common words or names of people and birthdays?
- Are you making your passwords more challenging for hackers to break?
You may even want to consider using password-management software if you find it too difficult to remember all of your passwords.
Quick Tip: If you are
a Google user (Gmail, Google Drive, Google +, YouTube) , consider using Google
Authenticator. It is a token based app
generator that gives users an extra layer of security.
You just need a smart phone to install the app, but after
you install and configure it, all your Google services will require the use of this
tool. It basically generates a code, so
when you go to check your e-mail, for example, and you type in your password it will also
prompt you for this code (similar to multi factor authentication - MFA) You can read
up more on this here: http://www.google.com/landing/2step/?utm_campaign=en&utm_source=en-ha-na-us-sk&utm_medium=ha
Ernesto Fuller is the Senior Security Administrator for JHC Technology. He can be reached at efuller (at) jhctechnology.com or connect with him on LinkedIn.
Ernesto Fuller is the Senior Security Administrator for JHC Technology. He can be reached at efuller (at) jhctechnology.com or connect with him on LinkedIn.
Subscribe to:
Posts (Atom)