Matthew Buck’s Blog - Principal Engineer at RatwareUK

At RatwareUK every customer comes to us with a different set of problems. Every business is different, we know this. We’re different too. It would be easy to roll out a template that 75-90% fits their requirements, but we’re perfectionists. A solution that fits with the client’s business as well as creating new depth and scalability is what we’re after. This is why last week, when we were designing a wide area network, myself and a couple of engineers worked on a Saturday to discuss and configure the VPN and servers.

Free from the daily tasks of maintenance and programming, we set up a projector, meeting desk and proceeded to discuss and design a company’s network - literally - on the wall. We found this workshop approach was extremely productive. As engineers we were actively learning and implementing new skills and our combined rigour and ingenuity was poured into the new system. We then continued bench-testing the system and it was eventually deployed the following week. It was a complete success and the customer was provided with a system that worked precisely the way they wanted it to. You’d be surprised, but this sort of forward thinking is discouraged in some organisations. I certainly, would not work for any other company.

I’ve just come across a great new video from Microsoft which details the advantages of Windows Mobile deployment on Exchange. Check out Windows Mobile Video for more information!

If anybody needs any advise concerning Windows Mobile deployment at work, please do not hesitate to contact us.

This week, several clients have contacted RatwareUK after purchasing a blackberry-style BT Broadband Anywhere bundle. See the following link BT Broadband Anywhere .

Many customers believe this is a plug and play solution that can be used at their business to give staff access to email whilst on the move. This is not the case. The product above is for home use only. It is linked to a residential BT Hub (which they provide) and it uses BT’s independent mail servers supplying a btconnect.com (or similar) email address. It will not link up to your company’s exampledomain.com or your company’s mail server.

To compound matters, BT are also accidentally sending out residentially configured phones to customers requesting them for business use!

In a nutshell: Rolling out compatible mobile devices which staff can use to access their company email is more complicated. Considering Windows Mobile devices specifically; if you have Microsoft Small Business Server, or Microsoft Exchange Server you have to complete the following steps:

1. Purchase 1 or more Windows Mobile Devices with GPRS connectivity. (See BT Business Product as one example - there are many more).
2. Install Exchange SP2
3. Install ActiveSync 4.2 or higher
4. Enable mobile services for users
5. Configure your company’s firewall and web services
6. Install a secure certificate on the device
7. Configure Windows Small Business Server 2003 for MSFP
8. Configure device synchronization
9. Test the deployment

If anybody requires any assistance with remote working solutions, please do not hesitate to contact us. We’d be more than happy to advise. Remember, don’t just dive in on what looks like a good deal.

Hope this helps!

Matt

According to a report from IronPort called “2008 Internet Security Trends” it would appear that if 2007 was a bad year for spam - 2008 will break the record again!

One interesting statistic I found on the internet was from the European Unions Internal Market Commission, which estimates that junk email costs internet users 10billion Euros per year worldwide. For small to medium size businesses, this figure may seem like an incomprehensible fact. However, consider with me for one moment what happens in your business when just one spam email enters your company.

1. Spam email finds its way through your company’s internet gateway. At this point the rogue email will take up a small percentage of the costly bandwidth allocated to your company by your ISP. If the spam e-mail contains an attachment, it will take up even more bandwidth. This reduces the bandwidth available for incoming/outgoing emails, surfing the internet, remote workers, VPN tunnels connecting branch offices… etc.
2. The spam e-mail then penetrates your company’s mail server. If the rogue email is addressed to an invalid user, your company’s mail server will then attempt to reply to the spam sender saying the address has failed. This takes up more processing time and bandwidth. If the rogue email is addressed to a valid user, your mail server will deliver it into that user’s mailbox. Again, taking up more processing time. Remember, if your mail server is also your main domain server - it has other things to do with its time - like serve files and manage print jobs!
3. The end user eventually receives the spam in their inbox. Inevitably, the user will then delete the email. However, when deleting it, due to human error, they often miss legitimate emails because they are caught in a sea of rogue ones. Also, sifting through spam emails takes up an employee’s time and the quality of the spam email is most likely undesirable.

The above is a rather crude view summarising the knock-on effect of one spam email entering your company. However, it’s worth remembering, as imagine the human and computer processing time taken up by 500 spam emails a day, not to mention the drain on bandwidth.

At RatwareUK, we have our own mail relay server. In a nut-shell, this means that spam can be filtered off-site and legitimate emails can then be passed through to your company, thus completely saving on a company’s bandwidth and human/computer processing times. Not only will our relay server eliminate spam, it will also scan all inbound emails for viruses!

If you are receiving 500 spam emails a day, knocking those out of the equation will definitely allow your server to perform daily tasks faster and save bandwidth. For more information, visit our Anti-Spam Services page.

I’m writing this post because in the last month two security issues on our customer’s websites have come to light. Before I continue, it’s worth mentioning that neither of these issues relate to customers on RatwareUKHosting. Both customers were using different third party web hosts. For obvious reasons I’m not going to name any of the companies involved.

Security Issue 1:

RatwareUK were asked to do some general housekeeping on a client’s web space. Upon logging in we noticed an odd looking file called phishing.tar. On investigation somebody or something had uploaded a zip file to the root of the hosting package, unzipped and installed a mini Bank of Scotland login page! It became instantly apparent that a little corner of this customer’s web space was being used to collect valuable bank login details from those people foolish enough to click through from spam emails! How did it get there? We have no idea and as we didn’t have control over the server, we passed it up to the third party web hosts. Eventually they returned our call saying it was nothing to do with them and we should just deal with it. Nothing in the logs or in the permissions to be worried about then?

We removed the zip file, changed the root passwords and also made sure the file permissions were locked down. However, this is pretty basic stuff and we felt quite helpless. We are now monitoring the site for the customer and if this happens again we’ll recommend they move web hosts. Nasty files like these must get uploaded due to a generic security weakness on the web server. Totally unacceptable and I can’t believe the web hosts weren’t concerned.

Security Issue 2:

Recently a client made us aware of a strange occurrence when they accessed their corporate homepage; when they loaded the page in their browser, a small command prompt window opened and closed quickly and their Sophos AV system sent out alerts. On inspection, RatwareUK discovered that a script had been injected into their index.html which executed a download and install! Upon further inspection, the new files were running processes and attempting to open ports - typical trojan behaviour. I hadn’t seen anything like this in action before and it was particularly concerning how smooth the infection was.

For a script to be injected into an HTML file, there must be vulnerabilities in the web server’s software, enabling the remote administrator to change the permissions and upload the “cuckoo’s egg”. RatwareUK changed all the passwords, permissions and removed the script. Since then there hasn’t been a problem, but without knowing your vulnerabilities, how do you plan your security?

Similar to the issue above, we contacted the web hosts and they didn’t want anything to do with it. They wouldn’t alter the file or shed any light on the incident. Almost as if they didn’t want to admit liability or in fact confirm the issue. There certainly was an incident though and these recent events would only lead you to believe cybercrime is on the increase. Especially with web hosts not prepared to look into them.

With the new release of Back Track 3 BETA; RatwareUK now have a vast range of security auditing tools. If you are concerned about your company’s firewall, VPN, wireless or network security, please get in touch and we’d be only happy to advise.