Frequently Asked Questions

Can Synergies Systems help our business relocate our IT infrastructure?

A: Synergies Systems will supply a Microsoft-certified IT expert who can help you plan and manage a seamless IT infrastructure relocation to a new facility, including data center selection and deployment, project management, ISP and telecommunications carrier selection and coordination, and coordinated network upgrades — all with expert support throughout.

I am having a technology emergency and need help right away. Can a Synergies Systems consultant help?

A: Synergies Systems is staffed to provides emergency troubleshooting services. Our consultants are generally always working in the field on technology projects. One of our staff will take the time to help you through a trouble spot.

Some of my employees are seeking privileges that I feel compromise the integrity of my network. Could you share some best practices for network security so that I can prove how dangerous these privileges are?

If someone can't provide a valid *business* justification for the escalated privileges, We fight strongly against providing them. If a business application requires escalated privileges, We escalate the issue with that vendor to make it clear to them that requiring escalated privileges is against the corporate security policy, and that if they can't provide a workaround, we won't be buying or using their product. In today's environment, many software vendors have more restrictive access requirements that they can run under, but that they do not always make publicly known (you need to ask for them). If all else fails though, we then work under the basic premise of the most restrictive rights possible. So before we make a user a local administrator, we will check and see if they can do what they need to do as a power user. Before we make a user a power user, we will check to see if we can grant specific rights to the user (or more practically to a group the user is a member of) or specific rights to the appropriate registry keys or files. The bottom line here though is, your best weapon is the ability to demonstrate how the users can perform all of their required business responsibilities at the lower privilege level.

What types of threats can occur to my network via wireless connections?

A: Wireless networks offer additional opportunities for attackers to gain unauthorized access to network resources, as they no longer need to gain physical access to a network connection. Wireless networks that are not properly configured may propagate signals beyond an organization’s physical boundaries, allowing an attacker to gain access to the network and sniff packets from a parking lot or a neighboring building. Wireless networks are also more susceptible to DoS attacks than wired networks, as an attacker must merely disrupt radio waves. In order to prevent DoS attacks, unauthorized disclosure, and other attacks, preventive (management, operational, and technical) measures need to be implemented to protect the network (both physical and logical).

Why do I need to evaluate or audit my wireless network periodically?

A: Security audits/assessments should be done on a periodic basis to ensure that the security posture of the wired and wireless network remain secure and identify any threats facing the networks. Because attacks and environments are continually changing, a through audit/assessment schedule should be implemented by network management. In addition, it is recommended that network monitoring be conducted 24x7 as an added level of network security. Rogue devices - unauthorized wirelessly enabled devices - can be introduced to the wireless network intentionally or unintentionally and pose significant threats to wireless networks and may go unidentified without the execution of proper audits/assessment. Additional security vulnerabilities may also be identified, including incorrectly configured devices, plain-text data transmission, and signal bleed.

What is a firewall?

A: A firewall is a device that serves as a barrier between networks providing access control, traffic filtering, and other security features. Firewalls are commonly deployed between trusted and untrusted networks, for example between the Internet (untrusted) and an organization’s trusted private network. They can also be used internally to segment an organization’s network infrastructure, for example; deploying a firewall between the corporate financial information and the rest of the company network. Firewalls are additional security mechanisms that should be included in all networks, both wired and wireless, in addition to being implemented on client devices as software applications. With the increased risks that are associated with wireless networks, it is important to include firewalls and other security mechanisms during the design phase.

What are the types of encryption that I can use?

A: Only Federal Information Processing Standard (FIPS) 140-2 compliant encryption methods are authorized to be used for data transmissions over wireless networks. Wired Equivalent Privacy (WEP), the most commonly used wireless encryption method, is defined by the IEEE 802.11 standard and uses the RC4 algorithm to encrypt data. However, WEP is unacceptable due to significant issues facing the implementation of specific aspects of the encryption algorithm. Triple Data Encryption Standard (3DES) is an encryption method that produces an encrypted datastream. Advanced Encryption Standard (AES), a replacement for 3DES, uses symmetric block cipher to encrypt and decrypt data and supports key sizes of 128, 192, and 256 bits. 802.1x, often confused as an encryption method, is a port-based access control solution that is commonly paired with Extensible Authentication Protocol (EAP) to authenticate users via a third party.

What measures to take to protect against viruses?

  • Disable booting form drive (A:)
  • Keep scan definitions up to date
  • Institute Organization-wide policy:
  • Never run untrusted code
  • Keep OS security patches up to date
  • Educate yourself and your end-users
  • Scan all files (default setting on Anti-Virus software is set to scan program files only)
  • Scan e-mail attachment
  • Keep browser version and security patches up to date
  • Take a look at your browser’s security settings and set them strong
  • Consider: Scan at internet gateway/firewall (content scanning)
  • Consider: Manage user’s internet browser "Plug-in’s"
  • Subscribe to a security web site
 
 
You are here: Home FAQ