Select Page
Epicor ERP and Your Anti-Virus: A Love-Hate Relationship

Epicor ERP and Your Anti-Virus: A Love-Hate Relationship

I’ve seen enough of Epicor ERP installations to know that a finely tuned system needs… fine-tuning. Perhaps that’s obvious, but nonetheless, I’ve seen many deployments where Epicor ERP is installed, but not set up optimally. One area that has my bits all scrunched up is anti-virus, sometime called anti-malware, or malware protection. I’ll just call it anti-virus for purposes of this discussion.

Each vendor does it a little differently, but there are three primary aspects to worry about.

  1. Real-time scanning
  2. Scheduled scans
  3. Injection into an application

 

Depending on the tool and the configuration, you might have one or all three at play, on both your SQL and Epicor ERP servers. Done right, they’ll do their job, keep you protected, and stay out of your way. Done wrong, and your performance, reliability, and up-time will suffer.

Now, in my humble opinion, a dedicated, patched, protected, and behind the firewall SQL server needs no anti-virus – it’s not a file server, nor a SharePoint server, nor do any end-users directly interact with it. Your installation might be different, check your exposure! Anti-Viruson a SQL server, improperly configured, will just slow it down and give you headaches. If you can avoid it, do so. Of course, your company policy might require AV installations on ALL servers. Please follow Microsoft’s guidance for choosing anti-virus software to run on SQL Servers, including their exclusions. Some AV software will recognize SQL and exclude automatically, but don’t assume that to be the case.

Epicor ERP is another animal. By definition, an Epicor ERP application server is also a file server and is often exposed to the internet in some capacity. Therefore, in addition to your firewalling, patching and backups, make sure to protect your Epicor ERP Application servers with anti-virus – with the proper exclusions.

Some anti-virus platforms let you do the exclusions on the end-point, others require a central management console. Many enterprises have a team to handle it. Either way, set up the exclusions and then test them by dropping a copy of the test malware Eicar (from eicar.org) into one of the folders. The file won’t execute (since it’s an OLD win16 file), but if AV is scanning that folder, it’ll pluck it out and you’ll know AV is active in that folder.

Replace the X: with the volumes you’ve deployed Epicor ERP on. Not all installations will have all these folders, depending on the extensions and add-ons deployed.

X:\Epicor* X:\Program Files (x86)\Common Files\Epicor Software Corporation* X:\Program Files (x86)\Common Files\Epicor Software* X:\Program Files (x86)\Common Files\Epicor* X:\Program Files (x86)\Epicor Software* X:\Program Files (x86)\Insite Software* X:\Program Files (x86)\Seagull* X:\ProgramData\Epicor Software Corporation*

X:\ProgramData\Epicor* X:\ProgramData\EpicorSearch* X:\InsiteShip* X:\APM* X:\Applications\EKM* X:\BarTender Formats* X:\BarTenderData* X:\BarTenderTaskList* X:\Program Files (x86)\Insite Software* X:\inetpub\wwwroot\(Servers) – replace with appropriate folders X:\inetpub\wwwroot\(Servers)-(extensions) – replace with appropriate folders

Don’t forget the Epicor clients – whether they be full Windows clients or Terminal Servers:

C:\ProgramData\Epicor* C:\Program Files\Epicor Software* C:\Program Files(x86)\Epicor Software*

 

Looking for assistance with your Servers? Contact Us and don’t worry, we’ve got IT covered.

 

Ransomware, a Good Way to Stop Your Business. Or Maybe Not?

Ransomware, a Good Way to Stop Your Business. Or Maybe Not?

I just need to get this off my chest – so bear with me. 

First off, I’ve been doing sysadmin work for scores of years now, and the idea of backups, business continuity, and “bad guys” isn’t new.  However, this week it was brought to a new and interesting head for one small business. 

Rewind the clock two years and we were in the conversation with this business about where they host their “golden nuggets” of their business, what servers did what, where were the users, how did the backups fare, state of malware, web filtering protection, etc.  You know, all the “normal” stuff any qualified IT provider would ask a prospective customer. “We’re fine” was the answer – they had an in-house IT guru watching all that stuff.  However, they did make a (wise) decision to host their ERP solution with us.  

Last week, our monitoring went suspiciously quiet, it looked like the company went on vacation, or they had fallen asleep at the keyboard. I reached out to the company, and was informed that they had been the victim of the latest ransomware attack, and all their documents were encrypted and unusable. Thankfully, since they were hosting their ERP system with us, that was safe from the attack. All their ERP data was secure but everything else they controlled was locked. Backups proved unreliable or inaccessible, so the ransom was paid. The company got lucky and the recovery key worked and they got their documents back.  What they didn’t get back was Active Directory.  Ouch!  Nobody could login, even though their documents were back on a server, nobody could access them. 

A week later, a new domain, and new profiles on everyone’s desktop, new shares, new permissions, and they were back up and running. After everything, the company is back to doing business, but it could have been a much worse situation. A critical note: the ERP system was never at risk and no ERP data was lost since that was safely stored elsewhere. 

Moral of the story: 

  • Test your backups. Not just documents, but the whole server.  How long does it take to get it back? It should not be more than a few hours.
  • Just because you can restore files doesn’t mean you can go out, buy a new server and restore your existing workload onto a new server. 
  • If you can’t live without it, and you don’t have the in-house expertise to manage it – outsource it! Let the pros handle the critical IT while you do what you do best: making essential product and making your business grow. 

 

Contact Us to learn whether Hosting is right for your company.  

Learn more about EstesGroup’s EstesCloud Hosted ERP here… 

How You Can Strengthen Your Network and Security with Passwords

How You Can Strengthen Your Network and Security with Passwords

We’ve all done it, at least once. Some of us maybe more than a couple of times, and I know there’s few that are repeat offenders. You know what I’m talking about – the bane of the security admin’s existence – default passwords.

Those are the usernames and passwords that come with every device. Even in this day and age, most systems don’t REQUIRE you to change the credentials that get you system admin rights. The bad guys know that and use it to their advantage.

When most of our business and personal systems are protected with just a name and a basic password (and maybe a trusted network range?), that’s pretty easy pickings for someone with a brute force tool or a sniffer to find out your secrets. And once the bad guys have your credentials, then what? Well after that is when the real dangers begin.

When’s the last time you changed your voicemail PIN from 0000? Perhaps your home router is still admin/password even though the FBI issued a warning for everyone to change it? And how many ERP users keep system admin “manager” around with the default password of… you guessed it. And those accounts open the door wide to anyone wanting to get in; good and bad.

If you have systems exposed to the bad guys (and we all do!) then this post is for you. STOP IT! Even if you told me “Well, none of those systems are internet exposed”, I’d ask “where are the bad actors in your network?”. If you said “outside the firewall”, I’d respond with something like “I dare you to create a share/folder called “payroll” and see how long some curious netizen (aka employee) fell into that folder looking for something juicy.

Imagine splaying your entire infrastructure wide open to someone who just happened to know that Netgear uses admin/password for all their routers? Or that your company name is NOT a good password?

So what’s a concerned system admin gonna do? It’s easy in theory and hard in practice. Here are some digital security tips that will create a stronger password security strategy:

1. Change the default username and change the default password.

2. Start using stronger passwords, not [email protected] We recommend pass phrases, or a sentence that you can remember but the bag guys will have a hard time guessing.

3. Enable account lockout so that if “x” bad passwords are guessed in a row, the account is locked FOREVER (not reset after 10 minutes, thank you Microsoft). Helpdesk notification of such a lockout will put you in the know.

4. Remove admin credentials from being used on untrusted networks. Yes, your users are untrusted! Create a management VLAN, or a specific set of IP’s that can RDP, or shutdown the access from outside devices altogether.

5. Enable multi-factor authentication. This can easily be enabled in Office 365 and Active Directory, and if your devices leverage that directory then they automatically get that 2FA protection as well.

6. Hack yourself! Run a network scanner, or hire an outsourced IT firm to investigate for you, find the unsecured devices and fix them before the bad guys do.

7. Let us help you! We can run an ethical scan IT Assessment Detective scan of your systems, attempt to break into your systems, and give you a full reporting of your IT weaknesses. As “they say” knowledge is power.

So, don’t let your next phone call to the EstesGroup be “help me, I got hacked!” And let our managed IT services company help you run your business better with a strong password security strategy – before the bad guys teach you a lesson.

Interested in Outsourcing your IT? Or have a question on data security? Ask us, we would love to chat.

Ransomware is getting mean!

Ransomware is getting mean!

As you might have heard, or possibly experienced, ransomware is a particularly nasty form of malware that holds your files hostage. In fact, DC webcams were hacked by ransomware before the inauguration! In the past, the ransom was usually just under $2,000 and, if you paid it, you probably got your files back. Those days are passing quickly.

Lately, one of the biggest dangers of ransomware is that they’ve figured if you’ve paid once, you’ll probably pay again, so paying actually sets you up to get hit again! “Fool me once, shame on you, fool me twice…” In fact, we recommend against paying the ransom at all!. If infected, you can contact the FBI and while they won’t get your files back, they will open a case. I suggest you have a strategy for ransomware prevention implemented BEFORE you get hit.

To add injury to insult, when you do come up with the Bitcoin to pay (no, they don’t take American Express), there’s a possibility that you WON’T get your files back! The unlock key simply doesn’t work, and the bad guys no longer are interested in you at all. They got what they wanted,they might even ask for MORE money! Another danger of ransomware is that ewer variants will also start randomly deleting files until you pay up! Ouch!

Paying $600-$1,800 might not seem like a lot, but I am preparing for the day when the hackers don’t just demand money to return your files, they’ll start demanding MORE money to stop deleting your files, or worse yet, sell your files to your competitors! Can you afford a $20,000 ransom or risk your confidential data appearing in your competitors inbox?

Do you have a rock-solid backup policy? Have you been hit with ransomware and don’t want to fall prey again? Contact us today and let’s talk about ransomware prevention. EstesCloud has the vaccine for ransomware!

________________________________________
Click here to schedule a meeting to let us help you make your technology a no-brainer!

Healthcare Cyber Attack Protection

Healthcare Cyber Attack Protection

Are your electronic medical records safe from healthcare cyber attack?

Researchers at Microsoft are warning that several encrypted databases of medical records are vulnerable to attacks and information loss. With the increased use of cloud computing, data breaches on encrypted databases has increased, so healthcare industry cybersecurity is more important than ever. They identify the threats in multiple ways, but one is individual and aggregate. Individual attacks are designed to gather information about a specific person where aggregate attacks are meant to recover statistical information about the entire database. These can both be very malicious.

It is still common practice to use encryption to protect against cyberattacks, and it is still one of the best defenses, however, using encryption only, is not the best solution for healthcare cyber attack prevention. Encrypted information is unscrambled in a computer’s memory, so if a cyber terrorist is able to access that, it is dangerous. In order to be useful, encryption needs to be continual to prevent progressive decoding to occur.

Heathcare cyber attacks, like the ones most notably against Anthem and UCLA Health System, are on the rise. The healthcare industry has become a target due to their lack of security. It also isn’t just medical records, attacks against the accounting databases, which store significant information, are also at risk. To date, over 90 million patients have been affected by data breaches from such attacks on healthcare industry cybersecurity.

The largest concern with these attacks is the resulting identity theft. Due to privacy laws such as HIPAA, it is extremely difficult to remove misinformation on medical records, including something as simple as a blood type- which could result in the wrong blood transfusion in an emergency medical information.

The best solutions for healthcare cyber attack prevention include password protection strategies, encryption, firewalls, backup security, web filtering, and IT security action plans. These strategies for healthcare industry cybersecurity can all be created and implemented through IT Managed services and must comply with current HIPAA Security standards.