We are thrilled to extend our invitation to you for an exclusive Cocktail Party hosted by Acture Solutions! This will be a fantastic opportunity to network ...

There has never been a more important time for a comprehensive cybersecurity implementation plan. Consider this: On average, US schools lose $500K daily ...

It seems like Cyber Attacks are happening everywhere these days. Whether it’s a national news report of an attack against a company that has your credit ...

LAPS is a powerful security tool built into Windows that you can use to secure local administrator accounts on your organization's workstations and mitigate ...

"School's out for summer."

-Alice Cooper, 1972

School's out for the summer. By the time you read this, I hope my son graduated and is on his way ...

I spent the day today at the soccer field for the championship games of the local town soccer season. My daughter's team came in third place, winning ...

Today’s Internet and network security environment differs greatly from just a few short years ago. As we’ve discussed, legacy tools, basic firewalls, ...

I have a confession to make.

My wife is mad at me.

She insists that I have been negligent about cleaning out the hallway closet. It is small, stuffed, ...

"I wanna be a lifeguard. I want to guard your life..."
-Blotto 1979
Three of my kids are certified lifeguards. Two have the elite Ellis Lifeguard certification ...

School's out for the summer.
My son graduated high school.
The 4th of July is our country's 247th birthday.
It is time to make some noise!
Besides ...

"None shall pass."
-The Black Knight, Monty Python, and the Holy Grail
We continue to see attacks from misconfigured VPNs. Today I want to focus on ...

Every year, we hear about the Chinese New Year, the animal featured that year, and its significance.
With the start of the new school year, I would like ...

I read an article today in which a judge declared that Google monopolized search.

Well, that is a big duh!

How long did it take the government to ...

We are excited to partner with NYSCATE to bring you this important upcoming webinar!
New York State K-12 school districts must comply with EdLaw 2-d, ...

Cyber risk is growing every day. CSI wants to get you the information you need to know. We invite you to spend a day learning about the cybersecurity ...

Great News!!
The Federal Communications Commission (FCC) has announced the opening of the Cybersecurity Pilot Program application window for K-12 schools ...

Exploring the Benefits of Digitalization

Digital transformation is no longer an option. It’s a necessity for school districts aiming to thrive in ...

I stare at the Paladin Sentinel Monitoring Console every morning and see what happened with our monitored servers and networks overnight. I see many patterns ...

At 5:30 am one morning, I was awoken by the sound of fire trucks. My neighbor's house diagonally behind my house was on fire. The fire department promptly ...

A few years ago, there was a very public cyber insurance denial case. As I understand it, the business contracted with Travelers for cyber insurance. ...

It is Tuesday at 12:29 a.m., at the end of Labor Day weekend. I am driving back from Westchester County Airport, having just flown in from Charlotte, ...

"Reality is merely an illusion, albeit a very persistent one."

-Albert Einstein

"You live in a world of illusion Where everything's peaches and ...

I remember those days when the Apple folks would scoff at having to have antivirus. Macs were superior, and Windows devices had all those problems.

The ...

Today’s cyber landscape feels a lot like this picture. Anyone who uses a device connected to the internet is under threat. You never know when that ...

You arrive at work tomorrow and are greeted by the news that a cyber-attack has compromised your district’s network, and the network is unavailable. ...

I read the other day that today is "Worldwide Backup Awareness Day." I have no idea who declares these days. I am guessing you already know you should ...

Here is my "Top 5" list to up your cybersecurity defenses:

Make sure that whatever your current endpoint protection strategy is, it is 100% in place. ...

There is a new, growing attack surface that is becoming increasingly dangerous to your network operations—the cloud, specifically your Google Apps or ...

Welcome back!

This summer flew by, and my summer vacation seems like a distant memory. In my 44 years of helping schools open for the new school year, ...

A year ago, my very short wife sat in a restaurant during March Madness on a bar stool that was too tall for her. The result was that while getting down ...

You already know that "all" in security protection is vitally important. You need all your endpoints and servers protected with something. Hopefully, ...

We live in interesting times and continue to face unique challenges to keep your school district safe and stable so teachers can teach, students can learn, ...

You have probably heard of the AT&T breach by now. Reports describe it as the largest breach in history with serious national security consequences.

AT&T ...

"Trust but verify."
-President Ronald Reagan, December 8th, 1987, at the Intermediate-Range Nuclear Forces (INF) Treaty Signing
I watched a presentation ...

It has been a rough two weeks for many of us who support technology for our school districts.
We have experienced the worldwide meltdown of CrowdStrike ...

During the Pandemic, Threat Actors had a field day using phishing and SEO poisoning to attack users.

We are in the same climate again with the horrible ...

Gabe, Lisa, and I attended the annual CyberSecurity Summit at my Alma Mater, Marist College. Back in the day, at the beginning of the IBM/Marist Joint ...

CISA in their January and August 2023 Bulletins again called out some of the most important ways that schools can protect themselves from cyber attacks. ...

As we attempt to harden our networks and strengthen our passwords, I wanted to bring up something again I have talked about in various settings. Password ...

Recently it was worldwide "change your password" day!
I have a few thoughts.
If you attended the CSI CyberSecurity event in December, you heard the ...

Would you be comfortable giving your plumber the key to your house so he/she can come in at any time to fix anything they might feel is amiss? The answer ...

We live in interesting times and continue to face some very unique challenges to keep your school district safe and stable so teachers can teach, students ...

We live in interesting times and continue to face some very unique challenges to keep your school district safe and stable so teachers can teach, students ...

Join us, as Scott discusses his latest "Tech Tidbits" including updates on security and industry news since we last got together.
Watch ...

Join us, as Scott discusses his latest "Tech Tidbits" including updates on security and industry news since we last got together.

Watch it here

×
Please ...

Tech Tidbits - Scott's updates on security, updates, and industry news since we last got together.
Harden your endpoints as part of your overall ...

Tech Talk Part II will be a special session on email. We will talk about the following:

Reading email headers. Every time something bad comes into ...

Bob will be discussing infrastructure upgrades covering hardware "end of life" planning over the next few years as well as new switch management alternatives ...

Part one of CSI's Fall 2022 technical discussion is oriented toward K-12 public school district technical staff featuring technical and security news, ...

Happy Spring!
As Spring break looms for most of you, I once again need to be a killjoy and remind you of a stark reality.
Whenever you and your team ...

I know of three CIAs:

The Central Intelligence Agency (CIA)
The Hudson Valley's Culinary Institute of America (CIA)
The Triad of Information ...

Please join us on Wednesday, March 8th, as Scott Quimby delivers a special update addressing the current K-12 cybersecurity challenges, NIST Cybersecurity ...

It seems like Cyber Attacks are happening everywhere these days. Whether it’s a national news report of an attack against a company that has your credit ...

Everyone knows the adage “No one is perfect”. Unfortunately for anyone with a computer network, the bad actors who want to infiltrate your system ...

Join Cisco and CSI for a very special upcoming webinar. We will be joined by several specialists from Cisco (including Cisco Talos) who will discuss the ...

Scott Quimby discusses the following:
Reading DMARC reports - In preparation for achieving DMARC Quarantine status, Scott will walk you through reading ...

My wife works for a multi-billion dollar hospital network you all will know. Every time she signs into their mandated VPN and MFA solution she curses ...

New York State K-12 school districts must follow EdLaw 2-d. We all know that is easier said than done. It is hard work with limited staff and limited ...

Microsoft has tried hard to increase awareness of "pass the hash" attacks. They have been patching, but the threats keep coming. Back in April Microsoft ...

The first session will be led by Scott Quimby, CISSP, Vice President and CTO of CSI. He will focus on "Tech Tidbits" providing timely informational updates ...

Join us, as Jeff Pigula, CSI Senior Network Engineer (Cisco CCNA and CC-NSF) will be discussing the changing world of PoE power management - what you ...

March marks the month that I have been working with technology professionally for 46 years! It seems like yesterday that as a 16-year-old high school ...

This week, I would like to talk to you about Malware Defenses. This topic is in the NIST Detect and Protect categories.

Antivirus has been around for ...

We are pleased to announce our upcoming Tech Talk/SYSOP will be IN PERSON on Wednesday, April 17th! This is the first in-person Tech Talk since the ...

'Those who cannot remember the past are condemned to repeat it'
-George Santayana From his work; Life of Reason, Reason in Common Sense 1905
You have ...

What would you do if you came into school tomorrow and were told that all your District’s data had been corrupted? Your next step would be to check ...

Now that I work in a hybrid mode, it is always so annoying when I go to the office and forget my office keys. I have to ask someone to let me into my ...

It has been reported that when attackers breach your network, they often first go after your backups in an attempt to corrupt them so that you have no ...

Acture/CSI is growing again.  We are looking for high-quality individuals to work with our service delivery team.

For more information on the Acture ...

On behalf of the entire CSI team, I want to wish you a very happy holiday season. Hopefully, you can enjoy some downtime with friends and family and maybe ...

Have you ever started looking into a complex topic, and been overwhelmed by all the details of what is involved? Not only is it hard to understand, but ...

We have had several districts come online with CSI's CyberCNS Vulnerability Advisory Service. That has given me a substantial amount of vulnerability ...

Cyber risk is growing every day. In 2022 K-12 education was the single most targeted industry for ransomware. CSI wants to get you the information you ...

From all of us at CSI we wish you a Happy Thanksgiving.

We are thankful for all of you. We are proud that we first started working with K-12 school ...

One thing that became very clear to me over the summer is that the bad guys are being very intentional in formulating attacks against your districts and ...

Children spread viruses of all sorts – at home and in the classroom. It is just something you come to expect. Did you know they can also spread Cyber ...

Cyber risk is growing every day. In 2022 K-12 education was the single most targeted industry for ransomware. CSI wants to get you the information you ...

It is already a weird summer for me. I normally go to Acadia National Park right about now and enjoy the Maine weather. (It is so weird that NY has Maine ...

How do you intend to block lateral movement if an attacker has made it into your network?
In looking at recent ransomware attacks there are some consistent ...

Today's assignment is both easy and hard - Look through your password database, talk to your staff, and identify all the vendors and devices that are ...

When it comes to improving network security, the question asked is usually “Can we afford it?” But with Cyber Crime evolving every day, the question ...

Your assignment this week is to evaluate the printers on your network.
The reality is that network-enabled printers are a serious security threat to ...

VMware has published a security advisory regarding a critical out-of-bounds write vulnerability (CVE-2023-34048) that has been fixed in the latest updates ...

As the school year winds to a close, preparation begins in earnest for summer projects. Many departments within your district will be planning new additions ...

The rate of cyber-attacks has significantly increased over the past few years. Districts of all sizes are at risk of becoming victims of them, which is ...

Today we continue with our series discussing the highest priority cybersecurity steps as identified in the January 2023 CISA published report “Partnering ...

Last week I discussed the need to have all passwords minimally 12-18 characters to remain safe. While that is an absolute security requirement, we all ...

Everyone has heard about the cyber attack on casino giants MGM and Caesars Entertainment in September 2023. It is alleged that the attack on MGM was done ...

Today we continue with our series discussing the highest priority cybersecurity steps as identified in the January 2023 CISA published report “Partnering ...

Reality Check - Adobe FLASH IS DEAD! THERE SHOULD BE NO FLASH IN YOUR NETWORK!
As I start seeing more and more of these vulnerability scans from districts ...

Today we continue with our series discussing the highest priority cybersecurity steps as identified in the January 2023 CISA published report “Partnering ...

Today we continue with our series discussing the highest priority cybersecurity steps as identified in the January 2023 CISA published report “Partnering ...

Your district network is complex. You have lots of VLANs. You have lots of servers and endpoints. Lots of UPSes, switches, and on and on. Then you have ...

Add the last "S" for security.
I remember the old mattress commercials. You left the last "S" of the phone number for savings. In our world, we need ...

The FBI has just issued a warning that cyber criminals are using search engine fake ads to launch cyber-attacks.
Their suggestions are excellent.
You ...

I am not a basketball person, but it is said that the late Kobe Bryant had one of the best work ethics in all of sports spending endless time practicing ...

We live in interesting times and continue to face some very unique challenges to keep your school district safe and stable so teachers can teach, students ...

Today we continue with our series discussing the highest priority cybersecurity steps as identified in the January 2023 CISA published report “Partnering ...

On any team, there is someone who has the vision and sets goals, and there is someone on the ground who makes sure those things happen. No team can be ...

As we mentioned in our last bulletin, in January 2023 CISA published a report “Partnering to SafeGuard K-12 Organizations ...

We have been talking a lot in these bulletins about the increase in Cybersecurity incidents and what can be done to mitigate that risk. Congress also ...

I am sitting here at 6 a.m. doing the morning review of all our Paladin Sentinel Monitoring school districts. The storm came overnight and there were ...

Today it seems everything is connected to the internet in some way. At home, you have doorbells, garage doors, TVs, and a myriad of other things. School ...

Today's Tidbit should be quite simple once you get going. NIST requires data to be encrypted in transit and at rest.
Probably you have a number of staff ...

Imagine you’ve been hit by a Cyber Attack. Your network is locked by ransomware and all your data is compromised. What ...

In August of 2021, CISA added "Single Factor Authentication" to its list of practices it considers "exceptionally risky" as it exposes you to an "unnecessary ...

I watch a lot of Cybersecurity presentations. Ransomware is on everyone's lips as a major concern. Here are two interesting tidbits of information.

...

Perhaps you’ve heard the story of the young girl walking along the seashore, who noticed hundreds of starfish that had washed up along the beach with ...

Today’s Internet and network security environment is very different from what it was just a few short years ago. As we’ve discussed, legacy tools, ...

Have you ever been part of a group where a leader has not been clearly identified? It takes twice as long to get anything done and arguing and conflict ...

In October 1993 I was sitting in a van in dusty Nmanga, Kenya. Nmanga was the only legal border crossing between Kenya and Tanzania. It is next to Amboseli ...

Everyone knows the adage “No one is perfect”. Unfortunately for anyone with a computer network, the bad actors who want to infiltrate your system ...

Last week we talked about how one weak link can open the door to a Cyber Incident. We discussed the weak link of old, unused user IDs remaining in your ...

There is a new critical security issue that affects web browsers as well as other software that use something called libwebp. This feels a whole lot like ...

We have all heard the phrase "A chain is only as strong as its weakest link". When it comes to Cyber Security that phrase is all too true. Sometimes ...

Last weekend my youngest daughter started a new baton program on Saturday mornings. Sitting there I realized I have been taking at least one of my four ...

In August of 2021, CISA added "Single Factor Authentication" to its list of practices it considers "exceptionally risky" as it exposes you to an "unnecessary ...

Far too often we hear people say “I don’t need to worry about security tools and training, I have Cyber Insurance”. While this doesn’t apply to ...

Whether you are a sports enthusiast, a volunteer, or part of a work team, you have experienced first-hand the importance of good teamwork. We have all ...

Business Email Compromise (BEC) has become a security buzzword. It simply means using email to attack and gain access to your network. *Phishing* or *Spearphishing* ...

Welcome back!

It was a very busy summer for all of us. Summer and the start of the school year felt much more "normal" to us.

Putting my parent ...

This week I would like to talk to you about Malware Defenses. This topic is in the NIST Detect and Protect categories.

Antivirus ...

As mentioned in last week’s Tech Tidbit, we have begun a new series of weekly bulletins sent to School Business Officials giving ...

This week I’d like to talk a little bit about the NIST Category - Recover. According to NIST, the Recover Category “identifies ...

In last week’s email, we talked about the third NIST Cybersecurity Framework category – Detect. ...

In last week’s email, we talked about the second NIST Cybersecurity Framework category – Protect. ...

In last week’s email, we talked about the first NIST Cybersecurity Framework category – Identify. This ...

In last week’s email, we talked about what the NIST Cybersecurity Framework was, how it ...

Your district is faced with ever-increasing threats, pressures, and regulations. The list is endless. K-12 Cyberattacks continue ...

I learned to drive "on the wrong side of the road" on a Monday morning in downtown London.   I hit my first object in about 50 feet when I ran over ...

Late in the afternoon on a Friday, I created a bit of a scare for those of you who are part of our Paladin Sentinel monitoring system.  I was doing my ...

We have recently been approached by many school districts to talk to their district office staff and in some instances their faculty about phishing and ...

If you subscribe to our Paladin Sentinel monitoring service, hopefully, you know that either myself or one of our technical staff actively sweeps through ...

Occasionally the SentinelOne agents included in our CSEDR offering are operating but show a red "x" denoting that the agent is operational, ...

We have a new technology coming online with all the popular web browsers.  It is called DNS over HTTPS or DoH.   The concept is instead of using your ...

We all understand the scourge of Ransomware.   It is debilitating.   Even in the best case, it consumes a huge amount of time to recover.  However, ...

“You don’t have to run faster than the bear to get away. You just have to run faster than the guy next to you.”

― ...

It is already a weird summer for me. I normally go to Acadia National Park right about now and enjoy the Maine weather. (It is so weird that NY has Maine ...

I was watching a panelist discussion post-mortem discussing firsthand knowledge of 25 major ransomware-style breaches. One of the panelists was an award-winning, ...

Cyber Security has grown into an issue that needs to be addressed by everyone in a school district, not just by the Director of ...

In August of 2021, CISA added "Single Factor Authentication" to its list of practices it considers "exceptionally risky" as it exposes ...

Last weekend my youngest daughter started a new baton program on Saturday mornings. Sitting there I realized I have been taking ...

How do you intend to block lateral movement if an attacker has made it into your network?

In looking at recent ransomware attacks ...

I am sitting here at 6 am doing the morning review of all our Paladin Sentinel Monitoring school districts. The storm came overnight ...

Add the last "S" for security.

I remember the old mattress commercials. You left the last "S" of the phone number for savings. ...

In today’s school environment, everyone and almost every piece of equipment talks to the internet and run on your network. Your HVAC system, ...

"I am watching you...Always watching"
-Roz Monsters Inc.
For New Year's we once again had a holiday crisis. Fortunately, this wasn't an attack. Microsoft ...

Please join us *tomorrow - Wednesday, October 12th* for an upcoming webinar focusing on Business Email Compromise. Jason Whitehurst, a cybersecurity professional, ...

All versions of vSphere prior to version 7.0 are about to be retired from support

I would like to make you ...

"None shall pass"

-The Black Knight "Monty Python and the Holy Grail"

Today I would like to challenge you ...

A few years ago, in a Tech Talk I talked about a major college that suffered a complete network lockout due to a soda machine ...

The first line of email defense is a properly formed SPF record

"Paper's Please"

Those words ...

We always have the Paladin Sentinel Monitoring console up during the day.  I am still seeing mass use of the domain administrator account to RDP into ...

You all may have heard Scott talking about "those ex-NSA guys at Huntress" he talks to. Bob and Scott have been stressing the importance ...

"Treat your password like your toothbrush. Don't let anyone else use it and change it every six months"

-Clifford Stoll

Password security ...

I wanted to update you on the Microsoft authentication issues caused by the May patches.

Microsoft has released an "out of band" update ...

This month we talked about how the Ukraine situation affects the cybersecurity landscape for the US and what it means for network security. ...

I wanted to update you on the Microsoft authentication issues caused by the May patches.

This only potentially affects Microsoft Domain ...

Recently I wrote about the increasing vulnerabilities in BIOS/UEFI underneath the operating system and encouraging you to update your devices ...

Quest has notified us that they have a critical vulnerability. If you use a KACE appliance, please read this information and perform their ...

"Legends state that Achilles was invulnerable in all of his body except for one heel because when his mother Thetis dipped him in the River ...

Speaker: Alan Winchester, Chief Development Officer, Caetra.io

Alan Winchester is the Chief Development Officer and creator of CyMetric™. ...

Mitre Engenuity has released its 2022 fully independent evaluation of 30 of the most common cybersecurity endpoint protection platforms. Why does this ...

Your techs *should not* be local admins anymore. It is simply too dangerous.

I have personally been a limited user on all ...

We have to plan to safely ride out storms and other unforseen events

I am fresh off another weekend of power issues with ...

"War, huh, yeah What is it good for? Absolutely nothing, uh-huh, uh-huh"

-War by Edwin Starr

The world is ...

How I manage the storm of information and how you can quickly know what I think is important.

A few thoughts on how I manage ...

Today's NIST Topic is - "Implement a Security Awareness and Training Program"

This is something ...

"Mind the Gap"

As the war unfolds and these "Hacktivist" Guerillas take their shots at both sides of the fight, the details ...

“Just when you thought it was safe to go back in the water...”

― Peter Benchley, Jaws

It ...

Please join us for CSI's Cybersecurity Event, Session Three! We will continue to build the list of actions ...

Surge protectors need to be banned from your wiring closets

Hi Lisa,

A few thoughts on UPSes and Surge Protectors.

If you need ...

"I think someone shot a torpedo at us"

-The Hunt for Red October

It started out as an ordinary weekend full of kid's schedules ...

You can easily block these applications from getting on your endpoints

Here's a quick Tech ...

"Everyone fears rejection"

-Derek Jeter

It finally happened. I got kicked in the head and rejected.

Here ...

Keep your browser extensions limited to those you need to support the district and trust

"There ...

"I am watching you...Always watching"

-Roz Monsters Inc.

For New Year's we once again had a holiday crisis. ...

Boring Email Formatting = Improved Reliability

We love to use graphics and links in our emails. There are lot ...

Your technical staff's equipment needs to be the best maintained in the district

Some thoughts on patching your holy of holies.

If ...

Cybersecurity Event Session Two: The Front Lines of Ransomware

Speaker: Chris Loehr, Co-Founder, Service Provider Partners

Chris ...

It has been a very frustrating couple of months trying to keep everyone safe and stable. Since the Spring we have been pummeled ...

I have four quick thoughts for you to ponder

Here are a couple of items that I have been reminded ...

With school districts now required to adopt the NIST Cybersecurity Framework (CSF) for managing their IT operations, our district ...

I have something hard that I really need you to do - audit your DNS. It takes a lot of time. It is boring to do. However, it ...

I heard the other day that the FCC is moving to get more aggressive in getting phone carriers to do all they can do to block ...

"Breakin' Up Is Hard To Do" - Neil Sedaka 1966

In the last 10 days we talked about the attacks on VCenter and recommended ...

In August CISA added "Single Factor Authentication" to its list of practices it considers "exceptionally risky" as it exposes ...

As I have gotten older I have developed claustrophobia. MRI machines are now my nemesis. Fortunately, I have not needed one ...

Join us for a quick, 30-minute webinar to learn about the potential technology funding available to school districts through ...

I think by now everyone is officially open. I know some districts locally and in the Northeast had horrific transportation issues. ...

Back in April, I had sent Bob and Scott's top 3 solutions you should have in place NOW to best protect against ...

My daughter graduated just from High School. Immediately following her graduation, we leave for our yearly family vacation back ...

Over the first three Securing Active Directory webinars, we have covered a lot of ground. If you haven't watched ...

Would you like a more organized, hardened environment considering today's threat landscape? What actions can you ...

"A chain is only as strong as its weakest link"

-Thomas Reid, "Essays on the Intellectual Powers of Man" - 1786

The SolarWinds ...

"A chain is only as strong as its weakest link"

-Thomas Reid, "Essays on the Intellectual Powers of Man" - 1786

The SolarWinds ...

Today we continue our look at a series of practical steps that districts can use to increase their NIST compliance. Looking ...

There is nothing more important than keeping your district and staff and students safe. Cybersecurity is not a topic that you can simply ...

Today's NIST topic is data recovery. The most obvious example of meeting this NIST standard is maintaining good backups. This ...

It has always been a challenge to provide adequate technical staffing to support both teaching and learning and the back-end administrative functions ...

Today we continue our look at a series of practical steps that districts can use to increase their ...

Today we continue our look at a series of practical steps that districts can use to increase their ...

Today we continue our look at a series of practical steps that districts can use to increase their NIST compliance. Looking ...

This week's NIST TechTidbit is: Maintenance, Monitoring and Analysis of Audit Logs / DETECT.. Activate Audit Logging ...

This ...

Today we continue our look at a series of practical steps that districts can use to increase their ...

Controlled Use of Administrative Privileges / DETECT / PROTECT..Change Default Passwords..Ensure the Use of Dedicated Administrative ...

Today we continue our look at a series of practical steps that districts can use to increase their NIST compliance. Looking ...

As we continue our NIST series, I am going to take a moment and discuss inventory and control of software assets in the IDENTIFY ...

Today we start a new series where we will touch on a series of practical steps that districts can use to increase your NIST ...

Weekly Tech Tidbit - Guarding The Wall

"Son, we live in a world that has walls, and those walls have to be guarded by men ...

On Wednesday we had some power failures due to that high wind storm coming through the region. There isn't really anything to ...

"Clean up, clean up, everybody, everywhere, Clean up, clean up everybody do their share"

-Barney

That song has been stuck ...

"When it absolutely, positively has to be there overnight" - FedEx

As many of you know, Bob and I have been doing this for a while - 41 years in fact.  ...

Last time I talked about making email safer.   I focused on inbound email to your users and outbound encrypted emails.   However, I neglected to say ...

Last week I talked about the importance of Cloud Backup in our new remote teaching and learning and back-office school environments.

This week I am ...

Disk encryption is growing in popularity as a means of better-securing laptops and desktops.   Microsoft is offering BitLocker natively in Windows ...

For the last few years Microsoft has been talking about "Modern" this or "Modern" that.  In the quest for improved security they are agressively trying ...

Every day I am talking to a school district remotely and the conversation goes something like this, "We can't get into our buildings" or "We have very ...

We are not doing our full April Tech Talk in our office due to the shutdown. However, we wanted to do a virtual get together and share Scott's ...

I constantly harp on denying the bad guys access to your network, and if they are inside already, denying lateral movement.  At the last Tech Talk, I ...

We have spent two decades linking all sorts of servers and processes to Active Directory for "ease of use".   Sadly ease of use now can also mean "ease ...

Cisco is trying to do their part during the Pandemic.

If you are a Cisco AMP, Cisco DUO, Cisco Umbrella, or Cisco AnyConnect client, Cisco is allowing ...

The reality of many K-12 school districts is that you either have handed out or are handing out laptops to teachers and critical staff to get through ...

As I write this on Tuesday, March 24, 2020, I do hope that this message finds you well and staying safe as we all adapt to our new normal under the COVID-19 ...

K-12 education has been turned upside down. Remote learning is obviously the term du jour. At the same time as we are figuring out what remote instruction ...

Scott Quimby will go back to basics and talk about best practices for cleaning up Active Directory. For many of you Active Directory is now ...

These have been extraordinary times for the world, our country, our school districts and our families.  We are implementing remote learning plans and ...

Earlier this month, on March 2, NIST formalized a significant number of changes to its password recommendations as part of the final release of its updated ...

As part of our client school district's response for Corona virus preparedness, we see an uptick in requests for VPN access into the school district's ...

This morning I read the headline that a second New York school district has shutdown over Coronavirus concerns.  The question becomes how does a school ...

We have all had at a flood of information come at us in the last nine months regarding ransomware, malware, and cyber security options from all different ...

Microsoft has announced they are tightening the security standards for LDAP communications on Microsoft Active Directory networks.  This has huge implications ...

In the continuing quest to battle ransomware in our networks, as well as other types of malware, just this month (Jan 2020) the National Institute ...

Happy New Year!   Unfortunately, there is no rest for the weary fighting the battle to keep everyone safe.

Today I read a couple of scary articles:

"Couple ...

As 2019 comes to a close, on behalf of everyone here at CSI, I would like to say thank you for entrusting us with your technology needs.  We appreciate ...

Happy Holidays.

As we go through the last full school week before the holiday break, I have a couple of quick professional and personal thoughts:

...

The Cybersecurity news has been pretty depressing over the last week.

I read an article that a Cybersecurity insurance company is refusing to pay for ...

We have all heard the story of the Trojan Horse.  The Greeks built it and left it in front of Troy.  The Greek army left.  The Trojans went outside ...

Note:  The response to our CyberSecurity Event has been overwhelming.  To accommodate everyone who wants to attend we have moved it to a much large ...

Bob and are now multiple years in discussing the same thing - how to improve your district's security footprint.   For most of that time many ignored ...

Most of can easily agree that our IT universe has been dominated over the past several months by cybersecurity discussions as we daily (sometimes it feels ...

We have been having a lot of discussions about how to better protect against ransomware and other threats with the recent attacks that have happened in ...

This week’s Tech Tidbit is shorter on my thoughts and words since the attached link below contains lots of reading on its own.

For the start of the ...

Over the past few years, we have been recommending the use of switch stacks in all your MDF and IDF locations.   This has been done to aid in simplifying ...

In my 20s I went to Tahiti and went on a sunset cruise on the famed "Liki Tiki".   It was an amazing sunset.  Hula girls, and music.   Along the ...

Over the past few weeks, we have had a number of cases where support tickets needed to be opened to resolve issues where end-users were reporting “inability ...

A constant frustration of ours is ensuring "clean" backups.   If you corrupt your data or have a server failure, we need to reliably get that data back.  ...

Hopefully, you all had a relatively sane and productive summer.   Security-related topics have been in the news for most of the summer with several ...

Just when you thought it was safe to move along to other technical topics, along comes Scott Quimby's Hardening Active Directory Part III to scare you ...

We harp on the fact that if you have *ANY* VPN, or remote access capabilities into your district, you *MUST* use a commercial SSL certificate and not ...

All of us at CSI are techs at heart.   We love talking about technical topics.  However, we do also sell products.  As you go into finalizing your ...

Hopefully for most of you, this is old news, but I know how busy everyone gets, especially this time of year with the end of school coming upon us.   ...

I was recently reading a security study that said that 25% of applications are unpatched for an entire year!  As you approach the summer remember that ...

Now that we have shifted to predominantly remote workers and remote teaching and learning, we have a number of new challenges as well as increased threats.

Challenge ...

This tidbit is part three in a series on understanding some mechanisms available to you for protecting e-mail sent from your domain.   We covered this ...

One of the most important principles of a good network design is accurate time.   Windows time is a whole lot like the 1960s car clock - always drifting ...

This tidbit is part two in a series on understanding some mechanisms available to you for protecting e-mail sent from your domain. We covered this topic ...

We are so focused on our networks being breached and the bad guys gaining a foothold to steal our money and personally identifiable information that we ...

Bob and I have discussed over and over the need for improved public wireless configuration.   Some of you have gotten the message.  Sadly many have ...

The reality is that your network is under attack.  We need to protect our servers.  We need to protect our data.  One way we do that is by not remoting ...

Do you know how secure you are from the outside world?  Maybe you're new and inherited a network, or there has been so much churn over the years with ...

This tidbit is starting a series on understanding some mechanisms available to you for protecting e-mail sent from your domain.   We covered this topic ...

Another short and sweet tidbit.

When you are installing software, updates, patches, etc., reboot your server.   I can't tell you the number of times ...

I have been watching the Cisco AMP and Paladin CyberSentinel Managed Endpoint Detect & Respond consoles for a number of clients of late.  One thing ...

This tidbit is a refresher on looking at Cisco Firepower Intrusion Event logs and daily reports. Specifically, I wanted to review for all of you again ...

One of the things we are quite proud of here at CSI despite the numerous network down stories over the years (many of them gruesome) we have never had ...

This one is short and sweet.

Once in a while we encounter equipment or software that you have purchased elsewhere, but you want CSI to actively support ...

Often we all don't get true clarity on the importance of certain issues until you are living them.  That is why for instance Dutchess County BOCES attempts ...

Keeping up with my theme on DNS related posts, this week I will again reprise a post from over a year ago on the importance of implementing proper control ...

In the February Tech Talk Webinar entitled,  "SCCM Troubleshooting Part II" Scott introduced the new  Support Center for client troubleshooting ...

The US-CERT (Computer Emergency Response Team) recently gave a presentation on what China has been doing to hack anything they can hack with the goal ...

We constantly harp on all of you segregating third-party vendor equipment on to vendor VLANs.   The purpose of that is to keep third-party vendor equipment ...

Last month on January 22nd the US Dept of Homeland Security took the unusual step of issuing Emergency Directive 19-01 to all Federal Agencies.   The ...

We continue our discussion of your closets and dumb stuff that can really hurt you.  In part III we look at "plan b" and "plan c" for what to do if the ...

Right about now most of us are getting fairly comfortable with our current 802.11ac Wave 2 wireless deployments.   But as we all know technology, and ...

The February Tech Talk Webinar is SCCM Troubleshooting Part II.  Scott will introduce the new  Support Center for client troubleshooting which became ...

In part I we were talking about UPSes.  In part II we are going to continue our MDF/IDF UPS theme.

I want you to physically audit the power situation ...

Happy New Year!   I was heartened by the number of noisy UPSes there were over the holiday break as people were taking my advice and calibrating their ...

This tech tidbit is a reprise of a tidbit we sent out back in June of 2018.   You may have missed this post back then as it was the end of the school ...

As 2018 comes to a close, on behalf of everyone at CSI I would like to say thank you for entrusting us with your technology needs.  Unlike most of our ...

As we approach the holiday break it is time once again to remember some basic maintenance that should be done.   On a day where there isn't any bad ...

The FBI came to visit us last week.  No it wasn't an investigation.  It was for CSI's 3rd annual Security Event.  I have talked about the topic of ...

I am watching with some interest a growing trend with district’s implementing newer IP-based building systems (HVAC control, food service temperature ...

As you go through your normal yearly planning cycles remember that in January 2020 Microsoft will be retiring Windows Server 2008 R2, Windows 7, and Microsoft ...

In an Active Directory domain, we generally rely heavily on group policies.   Microsoft best practices say that you should have at least two domain ...

This week's Tech Tidbit is short and sweet.

If you have a server or device that is internet facing, make sure you have a real, commercial SSL certificate ...

When all else fails we reach for the backups.   However, increasingly the bad guys are consciously seeking out your backups and deleting them as part ...

One of the key features of the newest firewalls and intrusion protection systems (IPS) has been the addition of something called GeoBlocking. This feature ...

Trend Micro has stated many times that you have approximately 4 minutes between when a threat enters your network and the infection breaks out.

But ...

At some point in your life, you probably were locked out of something - your house, your car, your office.  I am sure it was awful trying to figure out ...

Most of Google's products are free.  The reason is that you are their product.   Their computers read your emails.  They send you targeted ads based ...

It is important to have accountability to the taxpayers independently proving that each school district has adequate financial controls in place and ...

I can't tell how many times I have heard from non-technical Mac people that, "they don't need anti-virus." The Apple person that sold them their Mac told ...

Recently I read an interesting article on malware development techniques.  SentinelOne, Cisco AMP, and other antivirus products rely on the VirusTotal ...

We have to be constantly vigilant to prevent malware, trojans, and other bad actors from taking root in our school networks to steal personally identifiable ...

The school year has started and we're anxious to update you on what our webinar, seminar, and Tech Talk schedule for the Fall and Winter.

Wednesday, ...

SCCM Configuration Manager is an amazing tool.   But when things don't go as planned, that tool becomes immensely frustrating.  Scott Quimby will walk ...

On Wednesday, October 3rd Cisco Meraki will be running a hands-on workshop where you can learn all about the new additions to Cisco Meraki's cloud-managed ...

Through our partnership with Synnex Corporation CSI is an approved vendor on the NCPA national purchasing contract which is a legal alternative for our ...

During our May Tech Talk meetings one of my summertime recommended tasks was for everyone to find and eliminate “zombie” servers.   Zombie servers ...

When something goes sideways in our technical worlds some of the first questions we get asked, after “when is XXXX going to be back up”, is “what ...

**Note – Client tech directors in Dutchess County got a preview of this Tuesday so if you are in that group you may skip the rest of this note and go ...

We have been discussing a whole lot of security issues over this past year.  Many of you are already moving forward to address many of our recommendations.  ...

While we can never say, all is well in the world of network security, this week I feel I can write to you about something other than a US-CERT alert.

This ...

As I write this, Netflix is bringing back a new version of "Lost in Space".  Hopefully, it is better than the movie and truer to the original series.  ...

Well, it’s time for another Tech Tidbit from me and right on cue another alert from the National Cyber Awareness system run by the good people at the ...

The other day I was sitting in one of our Tech Talk presentations and Bob discussed the importance of Internet of Things (IoT) security.  That made me ...

Many of you may be on the US-Cert alert e-mail list, but I suspect many of you are not.   Since most all of you have Internet-facing devices, or even ...

We spend huge amounts of time thinking about server and workstation patches, firewall and switch patches and software patches, but when was the last time ...

 One of the most confusing things we all encounter is Microsoft software licensing.   You hear one explanation and then another.  We are left mystified ...

CSI is excited to announce our third hands-on learning event entitled "Introducing Microsoft Teams for Next Generation Classroom Teaching and Learning" ...

CSI is pleased to announce that on Thursday, May 3rd from 8:30-4pm we will be hosting HPE Nimble in an all-day event.  In the morning Nimble will ...

Preparing for "A rather blustery day"

"Oh the wind is lashing lustily
And the trees are thrashing thrustily
And the leaves are rustling gustily
So ...

"Configuring and Managing APC UPSes" was held on Tuesday, April 3rd at 10:30 am.  One of the most valuable items in your data center and your network ...

Back on January 29th, there was a flurry of discussion in the IT world about the announcement from Cisco of an Adaptive Security Appliance (ASA) Remote ...

The call came in.  We have a serious virus outbreak.  Can you help?

Over the years we have been asked this question time and ...

The 2018 Yankees have taken the field.  We'll all find out soon who is playing second and third base.

In the meantime, I want to continue ...

The Snort IPS engine is at the core of both the Cisco Firepower Threat Defense and Cisco Meraki IPS systems. Maintained by Cisco’s Talos Group, the ...

Now that the NFL season is over we turn our eyes to Valentines Day when Yankees Pitchers and Catchers report for Spring training.   It ...

I wanted this week to take a few minutes to share with you our latest thinking on the Intel Spectre and Meltdown fiasco. In a nutshell, ...

One area of security we often overlook is that of the servers themselves. Most of our servers have some sort of remote access card built into them to ...

CSI and Microsoft are excited to present a Windows 10 in Education Deployment and Manageability Workshop on Wednesday, February 28th from 8:30-12pm.  ...

One of the most frustrating things for users and the technical staff that support them is erratic email flow.  Often users and staff don't know that ...

The requirements of K-12 are increasingly for anytime, anyplace learning as students use various devices both inside the district and at home.   One ...

One of the most frustrating things for users and the technical staff that support them is erratic email flow.  Often users and staff don't know that ...

Back in May 2015 we started talking about the Microsoft Group Policy security change to prevent a "man in the middle attack" where any Group Policy ...

Short but somewhat scary tidbit from me this week that serves as a reminder that there is a reason that the CSI team advocates:
1 – That we need multiple ...

You will find on our web site under Webinar recordings, Hardening Active Directory Part I and also Part II. If you haven't watched those presentations, ...

For years the best practice, and rules the most auditors hold IT departments to when it comes to secure password policies have included the following:

1 ...

Previously we talked about limiting the use of "local administrators" to improve the security of your network. However, we do actually need a local administrator ...

In this week’s Tech Tidbit I want to talk a bit about the importance of implementing proper control of DNS as part of your malware protection program.
DNS ...

In the real world, it’s no longer a matter of if an attacker will get in, but when and for how long. Is your district really prepared?

I am pleased ...

One of the most frustrating things for users and the technical staff that support them is erratic email flow.  Often users and staff don't know that ...

I have been talking over the past year about "Hardening Active Directory".   In those discussions, we have been talking about implementing a granular ...

The October Tech Talk meeting was jammed packed with information.   There was more information than time allowed us to present.

Therefore, Scott ...

Welcome to the second installment of, "Weekly Tech Tidbits".    This week I am going to answer a very common question, "Why do we have to remove local ...

Welcome to the inaugural edition of CSI’s “Your Weekly Tech Tidbit”. Building on Scott’s ever popular Tech Tidbits portion ...

The October Tech Talk meeting was jammed packed with information.   There was more information than time allowed us to present.

Therefore, Scott ...

We wanted to let you know the CSI Tech Talk meeting and webinar dates for the 2017-2018 school year.

Our Tech Talk free knowledge transfer sessions ...

The reality is that your network is under attack.   The bad guys are using advanced machine learning techniques to exploit sometimes subtle vulnerabilities ...

The next CSI Tech Talk Webinar entitled, "Hardening Active Directory and Group Policy Part II" is scheduled for Tuesday, September 19th at 10:30 am.   ...

CSI is pleased to announce that our Federal GSA IT Schedule 70 contract has been renewed.  This renewal came after an audit of compliance with the GSA ...

The reality is that your network is under attack.   The bad guys are using advanced machine learning techniques to exploit sometimes subtle vulnerabilities ...

Reuters reports, "A bill proposed in Congress on Wednesday would require the U.S. National Security Agency to inform representatives of other government ...

Systems Affected

Microsoft Windows operating systems

Overview

According to numerous open-source reports, a widespread ransomware ...

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology ...

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker may exploit some of these vulnerabilities to take ...

Microsoft solution available to protect additional products

Today many of our customers around the world and the critical systems they depend ...

This is so cool. This guy really did save a big part of the world.

A 22-year-old British cybersecurity researcher thwarted yesterday's "Wanna Decryptor ...

LinkedIn Learning is offering free training until May 31st on some of Microsoft's newest technologies for developers.   You can read about it here.

The summer months are often very busy times as we try to get all our projects accomplished before school starts again.

This month Scott Quimby will ...

Today Microsoft made some announcements regarding education.  At the core of the announcements was the announcement of Windows 10 S on $189 laptops that ...

**NOTE: Due to ALL THE WINTER SNOW cancellations we pushed this final tech talk of the school year back one week**

Our Tech Talk quarterly, free knowledge ...

This month Scott Quimby continues his discussion of Microsoft Group Policy.  He will focus on Microsoft Windows logon performance and reliability. There ...

This month Scott Quimby continues his discussion of Microsoft Group Policy.  He will focus on Microsoft Windows logon performance and reliability. There ...

Scott Quimby continues his discussion of Microsoft Group Policy.  He will focus on the different ways to deliver items to an end user's desktop.  These ...

CSI is excited to announce that the folks from Cisco Meraki in California will be in our office to lead a discussion on the following Cisco Meraki Cloud ...

Our Tech Talk quarterly, free knowledge transfer session is Tuesday, March 14th (snow date Tuesday, March 21st) at 8:00 AM. This session is designed for ...