Category: News

How to Secure Your Email and Keep it Out of Junk! Part 2

Posted on by admin

PART 2 – DKIM

Currently, the three protocols you need to put into place to secure and authorize your email are SPF, DMARC and DKIM. This post will talk about creating a DKIM record. DKIM stands for Domain Keys Identified Email and is a somewhat more involved and challenging element to implement than SPF. DKIM also requires outgoing email servers to be authorized over and above just adding a DNS record.

DKIM requires a DNS record that includes a public cryptography key to help verify that a sender is allowed to send email for a given domain as well as the private key that is used for signing outgoing email. Adding a DKIM entry for a domain is basically the same as the SPF record; add a new TXT record but for the host name option, you will need to use the proper “selector” which is basically a prefix for your domain and then the public cryptography key. There are lots of ways to generate a proper key – on a Linux system, ssh-keygen tool can be used and on a Microsoft system, PuTTYgen can be used. For a Microsoft 365 hosted domain, double check the Admin portal as it will give you instructions on setting up the selectors properly. You can also search online for tools that will generate the proper public/private key pair. A sample DKIM entry may look something like the following:

TXT Record .dmarc._domainkey.dmarc.site v=DKIM1; t=s; p=ASDJAQWERTSDNGFDSJKassdalkre

But that only covers the DNS entry portion of the DKIM record setup. The other half is getting a DKIM signer setup on a mail server. This is where we recommend to use Microsoft 365 to host your email as you can use their detailed guide on how to get this implemented.

Once you have all of the records in place, head on over to https://appmaildev.com and just follow the instructions to test your records.

How to Secure Your Email and Keep it Out of Junk! Part 3

Posted on by admin

PART 3 – DMARC

Currently, the three protocols you need to put into place to secure and authorize your email are SPF, DMARC and DKIM. This post will talk about creating a DMARC record. Without a DMARC record, and attacker can easily impersonate your domain and make any email look like it came from your account.

DMARC stands for Domain based Message Authentication, Reporting and Conformance – it is a protocol built on top of existing SPF and DKIM protocols. DMARC does a couple of things:

  1. It reads the results from SPF and DKIM
  2. It requires SPF AND DKIM to pass AND the domain used by both of those protocols has to be the same as the domain found in the ‘From’ address in order for DMARC to pass
  3. Reports SPF, DKIM and DMARC results back to the domain found in the ‘From’ address
  4. Tells receivers how to treat emails that fail the DMARC validation by specifying the policy in the DNS record

You will need to check with your hosting provided on the proper settings for a DMARC records. For example, with GoDaddy, you add a TXT record but make sure the host portion is “_dmarc”. Adding the actual DMARC record is probably best explained by showing an example record:

v=DAMRC1; p=quarantine; rua=mailto:reports@domain.com; ruf=mailto:reports@domain.com; adkim=r; aspf=r; rf=afrf

  1. The “p” option has three choices: none, quarantine, or reject. This sets how the email should be handled if it violates the policy. You may want to start off with quarantine to test your record first and then move to reject when you are comfortable your settings are correct
  2. The “adkim” and “aspf” options define how strictly DKIM and SPF policy should be applied – “s” indicates strict and “r” indicates relaxed.
  3. The “rua” option provides an address for aggregate data reports and the “ruf” provides and address for forensic reports.

Once you have all of the records in place, head on over to https://appmaildev.com and just follow the instructions to test your records.

An Example of What Ransomware Can Do

Posted on by admin

Here is a real world example of the danger and consequences of ransomware. Colonial Pipeline, who provides 45% of the East Coast’s fuel, had to shut down after it was hit with ransomware. Analysts have warned that a prolonged shutdown could lead to higher gas prices. Ransomware costs are expected to reach $20 billion this year alone!

Here is the link to the full story:

https://www.nytimes.com/2021/05/10/business/dealbook/ransomware-pipeline-colonial.html

Beware of the Increase in Deepfakes!

Posted on by admin

The evolution of technology used for cybercrime is scary! Deepfakes are the latest trend and can be used to craft a realistic scam when used maliciously. Here is a short video to help you learn about deepfakes, the threats they pose and how to spot one.

A couple of Quick Tips from the video:

  • Slow down and don’t feel rushed into action
  • Watch for clues of a deepfake, such as unnatural movement or blinking

Here is the link to the video:

https://www.pii-protect.com/MicroTrainings/micro_training_view/219?brand_key=zv53o&ID=490600

What is 2FA? MFA? Are they the Same? Different?

Posted on by admin

You will see me talking about 2FA and MFA on quite a few posts and using the terms almost interchangeably – so what do they mean?

2FA stands for two-factor authentication and MFA stands for multi-factor authentication. 2FA really is just a subset of MFA.

MFA is a security protocol where a user is required to verify their identity by providing multiple pieces of identification before gaining access to either a device or application. Typically this is using at least two of the following factors:

  1. Knowledge – something only you know i.e. password, challenge questions
  2. Possession – something you have i.e. Yubikey, one-time password
  3. Inherence – something you are i.e. fingerprint, retina scan

So you can see how 2FA is just a subset of MFA as you only need to have two factors to successfully authenticate. For instance, using an ATM machine requires you to use your card (something you have) as well as your PIN (something you know).

Now if you add something like a USB device (we love YubiKeys!!!) that you have to plug into your system, you now have three factors needed for authentication and hence one example of MFA. A better example of MFA is to use a program or App that requires the use of an external device, like your phone, that requires your fingerprint (hence inherence) to unlock. This then allows you to accept the authentication on an app on your phone or to get a one time password generated by your phone app. If this seems a little confusing or if you are just intrigued, we will be posting more about our offerings of Duo Security and Passly that you can use to implement MFA in a secure way.

WiFi KRACKs Attack

Posted on by admin

Now that the information of the vulnerability in the WPA2 protocol has been released publicly, here is a link to what has happened:

https://www.krackattacks.com/

The WPA2 protocol is used in every wireless device on the market today.  If you don’t want to read the whole article, basically what you need to do is to research if your Wireless Router, Access Point, IoT device etc. has had a firmware release to deal with this as well as making sure that all of your operating systems (Windows, Linux and yes, macOS) are updated.

For my customers, I have already applied the firmware updates necessary to negate this vulnerability.

Printer Stuck During Installation

Posted on by admin

If your printer gets stuck during the installation phase (i.e. doesn’t get past “initializing printer”), and you can’t ‘remove’ it to try again, here is one solution to get rid of it.

I have run into this issue more often lately and it has always been frustrating to clean up after a failed printer install.  The first step is to get into Device Manager – in Windows 8 and 10, right click the Windows Icon to get to the Quick Access Menu and then choose ‘Device Manager’.   Once in Device Manager, on the Main Menu, select ‘View’ and then ‘Show hidden devices’.

You can now scroll down to the ‘Print queues’ section and then delete the printer that is stuck initializing.

For good measure, go ahead and reboot your computer and then try again.  If you are installing a wireless printer, make sure your anti-virus program allows this process – there are unfortunately too many different anti-virus programs to give you a walk through on how to do this, but hey, ‘Google’ is your friend!

Link to Check Your Home Router

Posted on by admin

Here is a link to an online utility that can check your router to see if it has been hacked.  In the last couple of months, the number of routers that have fallen victim to certain vulnerabilities has risen drastically.  I will add that this appears to be more of an issue with European countries, but for the sake of a minute to run the check, it is worth it as these compromised routers can give an attacker full access to your home network and all of the devices on it.

Here is the link: Wordfence Router Check

The page explains what is going on and the button for the utility is about half way down – once again, just for the peace of mind, I would urge you to run this.  The site also gives some suggestions if it comes back with a vulnerability detection.

Configuring NTP Server for Time Synchronization

Posted on by admin

This post is about how to process a Windows Server 2012 or 2016 domain controller to synchronize its time with a trusted external resource.  Having a valid and accurate time source is critical for a properly configured domain.

Use your favorite search engine to locate the trusted NTP time servers for your area.  I am located in Canada and so I will be using

0.ca.pool.ntp.org
1.ca.pool.ntp.org
2.ca.pool.ntp.org
3.ca.pool.ntp.org

Log into your domain controller with administrative credentials and launch a command prompt.

Stop the time service:

net stop w32time

Enter the following to configure your NTP time servers:

w32tm /config /syncfromflags:manual /manualpeerlist:"0.ca.pool.ntp.org, 1.ca.pool.ntp.org, 2.ca.pool.ntp.org, 3.ca.pool.ntp.org"

and then hit Enter.  Remember to use your time servers in place of *.ca.pool.ntp.org.

Let the domain controller know that these are your trusted servers:

w32tm /config /reliable:yes

Restart the Time Service:

net start w32time

Review the results:

w32tm /query /configuration

Ensure everything is proper and typed correctly and if so, close the command prompt.