Network Security: First, Middle and Last

We had the fun privilege this week of doing a security check for a restaurant.

We have agreements with banks, credit card processors and more to analyze a network for security issues or make changes to a client’s network because of a new point of sale system to be installed or modifications to existing ones.

The Restaurant’s Network

It was a simple restaurant, 5 workstations, a router and on-screen credit card swiping.

The meeting was to discuss security, and how to implement it in a manner that doesn’t impact the business. I arrived early with the credit processor and sat down.

Gaining Entry to the Network

Within a minute I had on a Samsung Tablet, logged into his wireless, logged into his router, cataloged his entire network, logged into the music system and started playing “The Pinacolada Song” through the overhead speakers.

With the next two minutes, I logged into the into the point of sale computer, copied the outstanding credit card batches report, locked all the workstations, and had the HP printer print out the lyrics to “I’m a little teapot.”

By the time the manager sat down, the network was in our total control with the ambiance now the melodic sounds of Rupert Holmes which were heard throughout the restaurant.

Complete Takeover: Under 5 Minutes

Total time, 4 minutes. Complete network take over without any advanced tools.

As I explained this in front of his credit processor, I could see the blood leave the face of the manager. And to show I truly did have control, I changed the music to “The girl from Ipanema.”

You could hear their collective jaws drop as they hit the table.

What You Need for Network Security

Over the next hour, we talked about securing the network using Sophos Firewalls, Ubiquiti Wireless Access, and a Cisco switch to VLAN everything together. Proposal accepted in FULL.  

Security is no joke, and it should be the first thing you consider when designing a network. It’s not a burden when it protects what you have, your clients data and can keep your business working especially when the banks can giveth and taketh away your credit card processing ability. Contact us today if you’re interested in knowing how secure your business network is.

The Importance of Thorough Vendor Evaluations

In the last decade, we have seen something that is somewhat upsetting.

Vendor network evaluations are not worth anything.

Yup, we said it. From ISPs, printer providers, virtual server providers, email providers and others; all have failed to live up to their engineering personnel’s recommendations. It’s only after the disaster begins do we see what narrow scope they have been placed in with a specific goal that does not see the big picture in a network.

Case Study: Promises of a Local Cloud Provider

A long time local non-profit client of Triton Technologies was approached by a local cloud provider of managed servers. Without our knowledge, its network interface box was installed and we were called to “integrate and migrate” their servers to these new cloud servers.

We saw an immediate problem: no real questions were asked of the client during the evaluation.

If you are ever involved with non-profits, many of them will run software into the distant future to keep from buying additional software or expense. So once bought, they’ll basically run it until they have no choice anymore. That is exactly what happened here.

They were using a Windows NT 4.0 (yes, that old) software database from a company that has gone out of business, but it still worked. Years earlier we migrated the software through a VMWare P2V converter and installed it on their 2008 server in-house to keep using it as long as possible. It was working excellently, but with a major grant that came through, they wanted to update their hardware and software again.

So in 2014, we submitted a proposal and waited. Waited, and waited.

No response. Unknown to us this company came in and promised the world. In retrospect, it was a make-believe land.

A Bad Installation After a Bad Evaluation

Installed was a T1 line and a VPN link to their data center. If you know anything about a T1, it’s only 1.5 Mbps – or 66 times SLOWER – than their current 10/100 network from 6 years earlier. So after copying the server to the data center which took 22 days at 1.5 Mbps (slower than DSL), the programs the client used took over 10 minutes to run, databases over an hour, and emails were still updating 8 days later.

Fast forward 2 months and after MANY consults, an unexpected $4500 a MONTH in virtual server billables, and unable to actually FUNCTION, the client decided to pull the plug. In the end, the customer lost over $12,000 in upfront costs, about $44,000 in labor costs, and months of down time in marketing and client growth.

In the end, the vendor didn’t take into account old software, old databases and custom software that did not match the exact idea of how cloud servers work. Vendors need to ask a lot more questions about a client’s network than what they presume.

Want to see what a real evaluation looks like? Schedule a free consultation with us.