info@qualityplusconsulting.com l 262.425.0026

Special note for Ubuntu users

Breakfast Bytes podcasts are streaming MP3. In order for Firefox on Ubuntu to play the streaming MP3, install the GStreamer extra plugins that list MP3 as one of the supported formats. GStreamer can be obtained through the Ubuntu Software Center.

Breakfast Bytes - Midyear Security Review - Part2

9/30/2016

 

 

Midyear Security Roundup - Part 2



 

Part 2 of the midyear security roundup. Changes to how Microsoft Updates are being delivered. Why you should use OEM hardware. Most popular breach methods. Business email compromise scams.

MP3 - 2016 Midyear Security Roundup - Part 2

 
 

 

 

Trend Micro's 2016 Midyear Security Roundup - Part 2

Ransomware is up by 172% as compared to last year. As I have talked about extensively before, you have to have advanced persistent threat detection and blocking technologies implemented in depth and in alignment with a cyber security kill chain strategy.

Go here for Trend Micro's article.

http://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup

 

High level coverage of the Trend Micro first half 2016 security report

Flash player vulnerabilities - mostly through embedded malvertisements
Device loss accounts for 41% of all data breaches

Most popular breach methods:
    - Get malware on the endpoint
    - Brute force attack
    - Social engineering

Lots of banking Trojans being delivered via PDF, or other document formats through email. So you if you do not have APT scanning capabilities in your email system to scan for this malicious content BEFORE it hits the users' mailbox, they you have a gaping hole in your security.
Always use MFA on all your banking websites. If you bank does not offer it, call them up and ask them when they are going to implement MFA.

 

Changes to Windows OS servicing / patching - Why to only use OEM equipment

Exchange and SQL servers and patching
    - You have to patch these manually. Do not rely on Microsoft Update, WSUS, or other any automation tool.

Changes to Windows servicing …. Patching model for Windows 7, 8.1, 2008R2, 2012, 2012R2 - BIG NOTICE
https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/

https://blogs.technet.microsoft.com/windowsitpro/2016/10/07/more-on-windows-7-and-windows-8-1-servicing-changes/
Nice chart that explains how it works is here.

Starting in October 2016, the patching model for Windows and other Microsoft applications will become cumulative updates. This means you can no longer piecemeal updates.

By the way, this is ANOTHER huge reason why you should not be building your own server hardware. Buy server hardware from OEMs like Dell or HP because that hardware is extensively tested for Microsoft Updates. If you decide to put together your own server hardware, you will end up regretting it on many levels. Not only do you not have any diagnostics system to use to troubleshoot and patch hardware on the server, but that hardware combination you have is never tested by anyone but you. So what money do you think you are saving when you are creating a big risk for your business?

Frankly, I have the same opinion about workstations and laptops also. I only buy business-class workstations and laptops for QPC and for clients. Only in that way do you have diagnostics, one point of contact for warranty support, and testing for compatibility with drivers and updates is done by the OEM and Microsoft. If you build your own systems, you have none of that.

 

 

Linkedin