alt tag

Posts from July, 2016

Are “Bandwidth Hogs” Slowing Your Network?

Tuesday, July 26th, 2016


Last time, we talked about several handy do-it-yourself online tools to measure your office broadband speed. If your online connections aren’t quite as fast as you expected from your service provider, don’t be afraid to show them the “hard numbers” and ask for a solution.

But what if those speed tests appear quite acceptable, even though many of your workgroup’s essential functions—VoIP phone calls, videoconferencing, remote file access, and more—are still plagued by spotty quality and annoying lag?

The problem may actually be a hardware issue on your end—one or more networked devices that regularly consume heavy shares of precious wi-fi bandwidth. In that case, it’s time to go hunting… for bandwidth hogs.

It Starts at the Router

Your first step in isolating bandwidth-hogging devices is auditing your wireless router’s bandwidth distribution—to literally see “what’s going where.” Most newer name brand routers come bundled with their own quality-of-service (QoS) firmware enabling you to easily track every active client on the local network (identified by their IP or MAC address). In many cases, you can mitigate bandwidth issues by manually configuring the router to devote more bandwidth resources to high-priority uses (VoIP, streaming media) while limiting traffic for secondary needs (routine software updates, web browsing).

If you can’t locate your router’s QoS app, another option is DD-WRT, a popular downloadable open source (not-for-profit) router monitor compatible with many brands. While installing and customizing DD-WRT “from scratch” can be tricky for a non-IT person (we’d recommend against it), many affordable new router models come with DD-WRT pre-configured. Similar free utilities include GargoyleNetworkMiner, and Capsa.

Tracking Down the Culprit(s): Troubleshooting and Tweaks

Once active connections are audited at the router, it’s fairly easy to pinpoint obvious bandwidth bottlenecks. What immediate steps can you take to alleviate choke points within your local network?

  • Terminate any unauthorized wireless connections (neighbors or other bandwidth “pirates”).
  • Free up local wi-fi by hardwiring as many devices as possible via high-speed Ethernet connections.
  • Position essential wireless devices as physically close to the router as possible.
  • Determine which devices can operate on 5GHz versus 2.4GHz. While the 2.4GHz channel has a longer local range, devices sharing the 5GHz channel generally encounter less interference.
  • For individual workstations that inexplicably gobble up huge chunks of bandwidth, check Windows Task Manager and Resource Meter for strange high-volume connections that may be bots—malware used by hackers to discreetly send hundreds of spam emails per day.

At the end of the day, your expanding company may be simply outgrowing its current broadband bandwidth limits—and it’s time to look toward the future. For more ideas on getting the most out of your network resources, talk to us.

Is Your Broadband Fast Enough? Here’s How to Check

Tuesday, July 19th, 2016


How fast is your company’s broadband Internet speed compared to ten years ago? Chances are that while your online connection at work back then was faster than your first home Internet service (think of that annoying dial-up modem noise), if you tried using that “primitive” DSL at work today the relatively slow data speed—with frequent “lag”—might drive you crazy.

Do you know your current broadband speed? How can you find out? How fast is considered “standard” for everyday business use?

These are questions we’d like to look at today.

Free Tests Galore

The most popular free third-party broadband speed test is Ookla’s In just moments, Speedtest—via a cool speedometer-like interface—determines download and upload speeds (the time it takes to exchange data, measured in Mbps) between the computer and a test server. It also “pings” the computer to determine latency—the time (in milliseconds) it takes for a single “packet” of data to travel from Point A to Point B and back, versus jitter—any fluctuation in that time over several seconds. Excessive jitter (20 milliseconds or higher) can affect the quality of VoIP phone service, video-conferencing, and other streaming media.

Other free tests include SpeakEasy from MegaPath and Bandwidth Place. Each offers very similar measurements, ensuring a reasonable level of accuracy.

A single broadband speed test is usually just a “snapshot” of service at that particular time. Other than physical distance from the testing server, connections can be affected by peak Internet traffic, during the workday, or evenings—considered “prime time” for home video streaming and online gaming. Establish a baseline by conducting multiple tests throughout the day.

How Fast Is “Fast Enough”?

Most MSPs offer customers a “lump sum” of total bandwidth shared by every onsite computer, laptop or mobile device. For basic tasks (email and web browsing), each device should average a minimum download speed of about 2.0Mbps. For users dependent on frequent video chats or streaming video, 5.0Mbps offers better performance.

Upload speed is almost always less than download speed, because more data is “delivered” than “sent” online. Higher-than-average upload speeds are important for live two-way video (an extra 0.5Mbps for standard definition or 1.5 more for Full HD), or for users who frequently access work files from home.

If your current broadband speed measurements fall short of your MSP’s guaranteed SLA levels, hold their feet to the fire to make sure you’re getting what you’ve paid for. Ask them to run network diagnostics to detect any issues on their end and to recommend onsite improvements if necessary. If that doesn’t work, it’s time to shop for a better solution—talk to us.

Defend Your Network Against Advanced Persistent Threats

Tuesday, July 12th, 2016


If you’ve looked over our previous posts since we’ve started our blog, you know how serious we are about protecting your company from everyday cyber-threats—mainly phishingransomware, and various other malware. Today we’d like to discuss a different form of cyber-threat plaguing businesses over the past decade: what the security community has termed advanced persistent threats, or APT.

What exactly is “persistent” about APT? Most hacking attacks can be classified as “smash-and-grab robbery”: Break into a network and make off with anything of value—user identities, account numbers, cash—and disappear before anyone notices.

An APT attack compromises a network’s defenses and stays as long as possibleweeks, months, or years—discreetly infiltrating servers, eavesdropping on email, or discreetly installing remote bots or trojans which enable deeper espionage.

Their primary goal is information—classified material, trade secrets, or intellectual property—that might draw interest on the black market.

Robbery, Inc.: A Worldwide Enterprise

While unsophisticated hackers might lurk in the shadows like criminal gangs, APTs often emanate from professional environments not unlike a prosperous Bay Area tech company—posh high-rise offices, full-time employees with salaries and benefits, and formal product development teams. The difference is they’re conducting business in China, Russia, and other cyber sanctuary nations where international cybersecurity is unenforced and intellectual property laws don’t exist.

The more extensive an APT infection, the harder it is to isolate and eradicate it—like cockroaches under a kitchen sink. Many enterprise IT managers simply accept APT as a fact of life—conceding that trying to combat these intrusions would actually encourage the culprits to dig deeper into the network.

So if APT makes long-term data theft inevitable, how can you still protect yourself? Make the stolen data unusable.

Alphabet Soup? Fight APT with DLP

The second acronym we’ll talk about today is DLP: data leak protection. DLP encrypts sensitive data so that it can only be accessed by authorized users or workstations with a corresponding decryption key. If that data is intercepted by an APT, it’s rendered unreadable—and worthless.

Multiple name-brand security vendors offer a wide range of turnkey DLP solutions. Low-end products will automatically encrypt data which follows specific patterns (Social Security numbers, 16-digit credit cards), while high-end products can be configured to use complex algorithms and language analytics to locate and protect other specific forms of confidential data (such as client files, product designs, or sales figures). When unauthorized access is suspected, files can be temporarily quarantined against a possible data breach before they leave the company network.

Are APTs already lurking within your network? What proprietary data can your business not afford to lose? How can you evaluate DLP products to find the best solution for you? Talk to us for help.

The “Wearable Revolution”: Is Your Company Prepared?

Thursday, July 7th, 2016


It’s a fair bet that one of your employees has already shown off a trendy new wearable gadget around the office. What began with Bluetooth earpieces would branch off into smartwatches, smart glasses, wrist-worn fitness trackers, and even smart clothing (including a smart bra!) Research firm Gartner forecasts sales of over 274 million wearable technology products in 2016—soaring past 322 million by 2017.

New Technology = New Targets for Hackers

For better or worse, wearable devices are on their way to becoming part of everyday life—including the workplace. But while manufacturers race to pack every new gadget with interesting bells and whistles, hackers and cyber-crooks are looking for emerging security weaknesses to exploit.

What are the potential security risks with wearable devices?

No Password Protection. Many wearable devices on the market—including high-end fitness trackers with email and social media connectivity—access external networks and store data without the password/PIN protection, biometric authorization, or other user authentication we’ve come to expect on smartphones. If the device is physically lost or stolen, that data is virtually exposed to anyone.

Unencrypted Data. A lack of standard encryption is also an issue for many wearables—either unencrypted files stored locally on the device or unsecured wireless connections when synced with smartphones or other host devices (Bluetooth encryption is avoided as it often causes additional battery drain).

A Spy’s Dream? James Bond (circa the “Goldfinger” era) probably would have loved the miniaturized functions of a modern smartwatch—in particular its ability to record still images, video, and audio. But if that device is hijacked by a malicious hacker, it may become a mobile portal for industrial espionage, either stealing recordings or eavesdropping in real time.

But That’s Not All… If the above reasons weren’t enough to be wary of the influx of wearable devices, a 2015 study released by the University of Illinois revealed that monitoring the electronic motion sensors on a Samsung Gear smartwatch could determine words typed on a keyboard! Think about that before you write your next confidential email or memo.

Where Do Wearables Fit In to Your BYOD Policy?

While wearables are increasingly common on and off the job, they represent an undefined grey area for business IT security. Many operate on their own platforms and aren’t compatible with most MDM solutions designed to regulate smartphones and laptops. Permissible onsite use of wearable devices will need to be incorporated into your company’s formal BYOD policy, which we’ve recommended that our customers define in writing.

Are your employees’ wearable devices a potential “weakest link” in your security chain? For ideas and solutions, talk to us.