Keep Your Data Safe With Secure Email

encryption

Are you using secure email?

This post is focused on secure email but some aspects like SSL and encryption apply equally to data in general.

  • With all the breaches in the headlines, it behooves us to secure our email.
  • Breaches expose client data that can be used to access your accounts.
  • Even if a hacker has your email account credentials, he may be unable to read encrypted email.
  • Email can be accessed by the unscrupulous in a number of ways.
  • Sending email without SSL is like sending your mail on postcards.

Think your data is safe?

Our focus is finding solutions that work for our clients with minimal intervention and/or setup.

Recent Breaches?

Fraud

These high profile breaches are a reminder that our data is not as secure as we would like.

Anything shared on the Internet is vulnerable to various types of snooping and hacks.

Email is no exception.

With the information gleaned from breaches, hackers may have direct access to your accounts if they uncovered passwords that you use elsewhere.

That’s why we suggest unique strong passwords  for every account.

Let’s investigate methods to secure our email.

How Difficult is it for Someone to Hack Your Data?

With folks getting emails on their mobile devices via Wi-Fi, it’s more important than ever to use secure email.

The best defense is to use encryption but that is not as convenient as we would like.

SSL email helps in most cases.

Otherwise your email is open to anyone that can sniff it out of the air.

That’s easier than you may think using attacks like Man in the Middle.

Hacking Methods Used

Once hackers have your information there are a number of ways to access your accounts.

With enough information, a determined hacker can gain access to your accounts.

  • Phishing – acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication
  • Man-in-the-middle attack (MITM) – attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
  • Session stealing (cookie hijacking) – exploitation of a valid computer session (session key) to gain unauthorized access to information or services in a computer system. … theft of a magic cookie used to authenticate a user to a remote server.
  • Keylogging (Keystroke logging/keyboard capturing) –  recording (logging) the keys struck on a keyboard, typically covertly.
  • Social Engineering – psychological manipulation of people into performing actions or divulging confidential information
  • Hacking your computer – malware planted on your computer allows hackers complete access to your data
    • If a hacker has access to your computer you need to have it cleaned.

Doesn’t  SSL Secure My Email?

Using SSL for your email provides security between you and your email host.

Prior to SSL (Secure Socket Layer) emails were sent in plain text from your email client like Outlook to the host server.

Google’s chart below shows that most email to and from Gmail in the America’s uses SSL.

Volume of email to and from Gmail

SSL is helpful but it doesn’t keep anyone with access to the server from reading your email or necessarily guarantee that it will be transported to the recipient via SSL.

Client-side SSL is a step in the right direction but encrypting you email is much more secure.

Using SSL and SSL Email Setup?

If you want to check whether you are using SSL you can use Comcast’s guide to interrogate various email clients.

If you need to setup an email account to use SSL you can contact your provider or Google setup “Provider Name” email.

“Provider Name” is the provider who sends you a bill each month.

Implementing Secure Email

Secure Email

We encrypted email for our clients back in the late 1980s but it was tedious to setup and use.

Consequently, secure email was not considered a priority and seldom used.

We need encryption to ensure that sensitive email is not compromised.

This requires some inconvenience on the clients but it’s the best way to secure our email.

HIPAA Compliant Email

With the advent of the HIPAA (Health Insurance Portability and Accountability Act) companies have become more security aware.

If you send sensitive email or work in the medical industry you may be required to secure your email or face penalties.

The Health Insurance Portability and Accountability Act (HIPAA), sets the standard for protecting sensitive patient data. Any organization dealing with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.

Paubox article on HIPAA compliance

sending receiving email

Is HIPAA Email Encrypted?

Some HIPAA email providers like GoDaddy do not necessarily encrypt email in transit.

There is some debate on whether or not HIPAA requires email to be encrypted.

GoDaddy encryption has an add-on for HIPAA email. It’s an all or nothing scenario so all your mailboxes either get encryption or they don’t.

Likewise encrypted email isn’t necessarily HIPAA compliant.

HIPAA compliance requires partners to sign a Business Associate Agreement (BAA).

HIPAA Compliant Hosts

GoDaddy and other hosts offer HIPAA compliant email.

Host

GoDaddy was the least expensive of the providers we found using Exchange email.

HIPAA COMPLIANT EMAIL

HIPAA requires health care providers to ensure that their business associates will safeguard Protected Health Information (PHI). If you are interested in emailing with your patients, or sending any patient data through email, you need to be sure that your email is protected in a HIPAA-compliant manner.

OFFICE 365 FROM GODADDY HELP

Exchange

Some vendors offer HIPAA compliant email with Exchange like features.

In some ways, these email services may surpass Exchange by encrypting email.

On the other hand, why not get a service that is like Exchange when you can have Exchange even if it isn’t encrypted.

Encryption

You need encryption if you want to secure your email while in transit.

Encryption Key

HIPAA email providers using Exchange email do not necessarily encrypt in transit.

There are, however,  encryption add-ons.

Encryption uses PGP key pairs.

One key is shared with the public and the other is private.

Without the private key, your message is safe from prying eyes.

Generating Keys

Part of the challenge of setting up and using PGP encryption is the generation and tracking keys.

Security Key

The nomenclature is a bit confusing.

Key generators typically import private keys and export public keys.

Some key generators will export both public and private keys simultaneously.

Kleopatra

GPG4Win’s Kleopatra Interface is a bit clunky but works fine once set up.

Kelopatra

We did have issues with some public certificates generated in Kleopatra not working with Gravity Form PGP Extension.

Interestingly the Kleopatra generated  public key did not work with Kleopatra but did work with Gmail Mailvelope extension.

Importing the  Kleopatra public key into Mailvelope and exporting produced a working certificate for our server.

Mailvelope

Mailvelope Chrome extension easy to install and use.

Mailvelope

After running into issues with Kleopatra generated public certificates, we tried generating keys via Mailvelope.

Unfortunately, the certificates didn’t install well on Gravity Form PGP Extension.

Gravity Form PGP Extension requires a matching email address for a notification email and the Mailvelope public certificates displayed none.

Symantec Desktop Email Encryption

Symantec Desktop Email Encryption was the easiest solution to work with but expensive.

It works with Macs & Windows but not Linux.

Once setup outlook emails are decrypted automatically with no intervention of the user.

Secure Email

ProtonMail and Gmail send encrypted email these days but you lose that

Secure Email

feature when you send to an outside account.

Gmail is not HIPAA compliant.

Google Apps business email is HIPAA compliant.

Web Forms

If your website asks for sensitive information you should use SSL and encryption to protect that data.

Installation instructions for Gravity Forms PGP Encryption plugin

Gravity Forms and their PGP Extension  makes it easy to setup an encrypted form.

Gravity Form PGP Extension requires public keys and matching email for notifications to be send.

Decryption

When you send encrypted email you must decrypt to read it.

The following table lists software that handles encryption/decryption.

Recommended Software

Gpg4win

Gpg4win is a free solution for Windows Outlook users.

  1. Import private key
  2. Certify you will be able to
  3. Decrypt messages
    1. Open message
    2. click decrypt

Mailvelope

Mailvelope is a free and easy solution to implement for Gmail and Chrome.

This is the easiest solution if you are using Gmail and Chrome.

  1. Install extension
  2. Import private key
  3. Emails are automatically decrypted

Conclusion

  • Use SSL Email at very least.
  • Make sure your computer doesn’t have malware.
  • Encrypt email if you and your correspondents want the most security.
  • Use HIPAA email if you deal with Protected Health Information (PHI).

Best Home Small Business Printer

Best Home Small Business Printer

Best Home Small Business Printer – where do I find one? The problem these days is that there are too many choices.

While a color laser printer used to be out of reach for home and small businesses they can be had for a reasonable price these days.

The initial cost of the Best Home Small Business Printer is just the beginning.

Keeping them in ink or toner can be expensive.

Bells and Whistles for Best Home Small Business Printer

Adding to the confusion of finding the Best Home Small Business Printer is all the bells and whistles that are available.

  • WiFi
  • FAX
  • ADF (Automatic Document Feeder)
  • Ethernet
  • print-shop-quality color prints
  • laser-sharp black and color text
  • high-speed prints
  • multiple paper trays
  • monthly duty cycle (pages/month)
  •  auto 2-sided print/copy/scan/fax.

Wireless Printers

Wireless printers allows printing from tablets (e.g., iPad) and

smartphones (e.g., iPhone). Not all printers make this easy.

Some printers may require mobile devices to print to the cloud (Internet).

While this can be useful we want our Best Home Small Business Printer to connect directly to.

Some may require you to print to their cloud or allow popular clouds like Dropbox, Google Drive, and OneDrive.

Printing to the cloud may not be a concern if you have high-speed Internet but it might be a problem if you depend on a cellular data plan to upload the files.

There are also security concerns for uploading sensitive documents to the cloud.

Downs Consulting recommends a wireless printer that doesn’t require printing to the cloud. We prefer our Best Home Small Business Printer to print directly via WiFi.

Printing to the cloud is a nice feature but we don’t want all our print jobs to go through it.

Wi-Fi

Wireless setup sounds nice. In theory you setup your Best Home Small Business Printer anywhere you have

Wireless Connection

power and WiFi reception and you are “good to go”.

The printer forums are littered with complaints about printers connected or rather not connected via WiFi.

It’s common for WiFi to drop the connections. It’s similar to mobile phone connections.

Dropping a connection in the middle of a big print job could cause problems. Maybe you would have to start all over again after waiting minutes for it to enter the print queue.

The reality is that WiFi is not as dependable as an Ethernet connection.

Our advice is to use a wired connection if at all possible. This requires an Ethernet connections which some models may not have.

Ethernet

This is our preferred method of connecting our printer. We

can still use WiFi to connect to our mobile devices.

Downs Consulting recommends a networked printer that is not tied to a computer.

Many printers limit their functions if connected via USB.

Some printers may not have this capability.

Footprint and Noise

A noisy printer right next to you in a small office is no small intrusion on

your space.

Likewise, a huge printer is not going to very welcome either.

While there are plenty of small printers they tend to skimp on some features.

A small printer may be better for a Home user that doesn’t need all the “bells and whistles”.

When we settled on our Best Home Small Business Printer we still had to convince our office that we had room for it.

Printer Maintenance Costs – Ink & Toner

A major concern is operating costs. It’s common to see the ink/toner

replacement cost more than the printer.

Printers often come with starter

supplies that don’t last as long as the standard capacity.

Usually, you can find high-yield supplies that are a better buy in the long run.

It also saves on the aggravation of running to the store for supplies.

Some printers may refuse to work at all if one of their cartridges are low. This is particularly frustrating if you don’t need that cartridge for the job you have queued up.

New Color Inkjet printers can be up to 50% cheaper to operate than a color laser.

Review Sites

Review sites are a good place to start looking for available features, costs,

and buyer or editor opinions.

Preferably the  site has lost of reviews so the overall score can’t be skewed one way or another by a few one-sided reviews.

If there are not many reviews you may not get an accurate assessment.

Likewise, the site should not have a vested interest in the sale of the product and reviewers should be able to post sincere remarks.

A lack of disparaging or complimentary remarks could be a sign of bias.

 

Consumer Reports

Consumer Reports is a great resource for buying appliances like this but you need a subscription to see their reviews online. They compile statistics on the main categories including maintenance cost, print quality, photo quality, and speed.

You can usually get a free trial for online or magazines. The magazines come with a buyers guide and is a good resource in itself.

The Consumer Reports interactive video below offers some good advice.  You can click on the sections you are most interested in.

Other Review Sites

Some websites like PC Magazine have editor and user reviews.

Amazon has good prices and user reviews.

Bad Reviews

No printer is perfect in every way and we found bad reviews on the best-rated ones.

Some bad reviews may have been from lemons or simply technical errors. Some may have had issues with their networks. Some may have been malicious.

Laser Printers

Since some inkjet printers are cheaper to run than a color laser we would

not recommend a color laser as a Best Home Small Business Printer.

If you are only concerned about printing text then you may want to consider buying a monochrome laser printer.

Text quality has long been the domain of the laser printer but even here  inkjet printers are competitive with text print quality and speed.

Inkjet Printers

For us, all roads point to a Multi-Function inkjet printer which is somewhat disappointing.

Just when the costs of color laser have become affordable, inkjet

Inkjet printer – Downs Consulting

technology has become competitive in all respects.

 

We shouldn’t complain since keeping up with multiple toners for the color laser is not a task we would want.

Inkjet ink itself is expensive enough.

Compromises for the Best Home Small Business Printer

 

If you find a printer that is perfect in every way then it is likely a budget breaker.

Consequently, you have to decide what’s the most important features you need and what you can do without.

Our Best Home Small Business Printer requirements:

  1. Network connection  using our LAN (local area )
  2. Print laser-sharp text
  3. Print color and text
  4. FAX
  5. Scan
  6. Low Cost
  7. Reasonable speed
  8. Reasonable maintenance costs – Save on ink or toner
  9. Multiple Paper Trays

Nice to have features

  1. ADF – Automatic Document Feeder
  2. Automatic 2-sided print/copy/scan/fax
  3. Easy printing from tablets and smartphones – Android, Apple & Windows products
  4. Fast print speeds
  5. Stunning graphics and images

Windows 10 Upgrade? – Restore Old O/S

Windows 10 Upgrade?

 

 

Windows 10 Upgrade, should I allow it? For the most part Windows 10 is a decent Operating System.

There are over 200 million installs and Microsoft’s goal is one billion.

There are some issues with Windows 10 that may cause grief for some

users.

Isn’t Windows 10 Upgrade a Better Operating System?

Certainly Windows 10 has a much better reputation than Windows 8.

Our recommendation would be to upgrade Windows 8 unless you have applications that are not officially supported for Windows 10.

If you are using Windows 7, you may want to keep the O/S. It will lose extended support for security patches in 2020 but by then you will may want a new computer.

 

Is Windows 10 Upgrade Secure?

There are some security issues with the default settings but

It’s easy enough to change those.

Overall we think Windows 10 is secure but you may want to change the settings.

Keep in mind that you are already tracked by the likes of Google, Facebook, Amazon, and Microsoft.

In some cases, you don’t have to be logged in to be tracked. Certainly you are tracked if you are logged into their accounts.

That said Windows 10 is not any more intrusive than Google, Facebook, Amazon, Microsoft, …

All Programs Are Compatible with Windows 10 Upgrade, Right?

Some folks assume that Windows 10 is compatible with their applications

since it runs a test prior to the upgrade.

 

While the test is a good precaution it’s a Herculean task to test every

application in the world not to mention applications you may not  have currently installed.

Case in Point – Windows 10 Upgrade Gone Wrong

To our dismay we have found some applications like LogMeIn Backup are not officially supported for Windows 10.

While it may work the LogMeIn team is clueless about fixing the problem or even moving your backup to another machine.

Part of the problem is with the USB drives we use for backups.

Unfortunately for us this was after the thirty-day rollback period and

moving the application required a full backup.

A full backup backs up every file. Subsequent backups are much quicker since you don’t have to backup files that don’t change.

Note that moving backups requires a lot of time for the full backup and being cut off from the previous backups is disconcerting too.

Some of our remote full backups  take twenty hours.

Obviously we were not happy with this pitfall of Windows 10 and in the end wiped our computer and installed Windows 7.

 My Hardware is Supported for the Windows 10 Upgrade , Right?

In most Windows 10 Upgrade cases, you probably won’t have issues with hardware if it was

installed prior to the upgrade. In theory Windows 10 would warn you if the hardware was incompatible.

USB external drives may not be compatible with Windows 10.

Manufacturers like Western Digital and Seagate may not a Windows 10 driver that works reliably for relatively new drives.

We found that our external drives using USB 3 were not compatible. This was very disconcerting since most of our files are backed up to external drives.

In our case, LogMeIn backups and even Windows Explorer couldn’t get the drives to show a listing until we installed a Windows 7 driver!

Even with the Windows 7 driver, we suspect we didn’t get USB 3 speeds but never measured.

How Did I End Up With Windows 10 Upgrade?

Microsoft has gotten more aggressive in pushing out Windows 10. They

made it a recommended upgrade so it upgraded if you had automatic updates on.

Downs Consulting recommends Windows Updates so the dilemma is that we don’t necessarily want the upgrade but do want updates.

An alternative is to use something like GWX Control Panel.

GWX Control Panel should stop the upgrade to Windows 10.

Restore Old O/S – How Do I Go Back to My Previous Operating System (O/S)?

If you ran into as many issues as we did then you will want to revert back

to your old O/S.

Gracefully Revert to Your Old O/S

If you decide to revert your old O/S in the thirty-day window you may back out gracefully.

To uninstall Windows 10 within the first month, go to the Start menu and choose “settings.” From the resulting menu, choose “update and security,” then click “recovery.” You’ll be given the option to “go back” to Windows 7 or Windows 8.1, depending on what you had previously. Click “get started.”

Reinstall Windows

If you are beyond the thirty-day window you are looking at a re-install of

Downgrade Windows 10

some sort.

Image Backup

If you made an image backup of your system you may want to restore it

but that will wipe out all your data too.

Likewise you could use the factory image backup to restore everything back to the day your computer arrived.

To install the factory image backup, you probably have to press specific keys during start-up. F8 & Advanced Boot Options work for some Dell computers.

Image backups will restore all software  that was installed at the time the image was made.

A factory image may contain trail software that they sent with the computer.

A personal image will have the software, data and updates that resided on the computer at the time of the backup.

New Installation

New installation is not for the faint at heart but it may keep your files in

Windows.old. This is a nice backup but we recommend backing up your files to an external drive as a precaution.

You will have to restore all the Windows updates and any software you use .

Obtaining Recovery Media

Ideally you created  backup disks when you received your computer. If you

can locate these disks then you can restore the factory image backup.

If you don’t have recovery media then you will have to contact the computer manufacturer. This may be a nominal fee if you are no longer in warranty.

Our Experience Obtaining Recovery Media

Hopefully you won’t have as much trouble obtaining recovery media as we

did. Maybe you can avoid some of the pitfalls of our experience.

It started out well enough with our first contact at Dell and we were prepared to pay the $20 or so since we were no longer in warranty. So far, so good.

We ran into problems when they wanted our account. Since we were logged into our Dell Advantage account this didn’t seem to be a problem but they wanted an account number.

We didn’t have an account number on our purchases or our online account.

Seven conversations and two hours later we assume the original person wanted a financial account which we didn’t have. We finally explained we wanted to pay by credit card and got the media in a couple of days.

To add insult to injury, we discovered later that we had a $20 credit we could have used for this transaction.

Backup You Files

As a general rule, most of your files will be in your User folder. If the user

is “Randy” then the user folder will look something like the following:

C:\Windows.old\Users\Randy – backup profile in previous Windows

C:\Users\Randy – profile in current Windows

Once you have you files backed up you can initiate a new install and preferably keep old files in Windows.old.

You can always remove this later if space is an issue.

Removing Windows.old

Removing Windows.old should be done via Disk Cleanup.

Here’s the proper way to delete the Windows.old folder: Step 1: Click in Windows‘ search field, type Cleanup, then click Disk Cleanup. Step 2: Click the “Clean up system files” button. Step 3: Wait a bit while Windows scans for files, then scroll down the list until you see “Previous Windows installation(s).

 

Why DHCP Ain’t as Good as it Used to Be

Why DHCP ain’t as good as it used to be.

DHCP used to be the go-to protocol when setting up computers and printers.

These days you may want to use static IPs for printers and maybe even computers if you user RDP (Remote Desktop Protocol).

DHCP (Dynamic Host Configuration Protocol) allows a server to hand out IPs and network information to devices joining your network. Often this is handled by a router. The router may be built into your cable modem on a home network.

Every device on your network requires a unique IP so that the requests for network and web resources get routed correctly.

The alternative is to set up static IPs, in which case, you manually enter pertinent information like the gateway (router), DNS servers, and a static IP that is not in the DHCP IP pool or previously assigned.

DHCP is much simpler especially is you have lots of devices coming and going. In fact, it is easier to enter a static IP after first reviewing a CMD prompt of ipconfig for the DHCP assigned values.

On a domain, this is best done by the server.

System

For our discussion, we will assume a small single server (server) but the principles apply to most DHCP servers.

Windows Server 2008 R2 Standard
DC (domain controller) for corp.domain.com
AD (Active Directory)
connected to the Internet via a cable router.

Vital Information

The vital pieces of information that DHCP must supply on a domain are the IP, gateway router, DNS servers, and domain.

DHCP scope options
003 router -192.168.0.1
006 DNS servers – 192.168.0.253 (our DC)
015 domain name – corp.domain.com

address pool : 192.168.0.50 -192.168.0.99

Typically we save a few IPs for static machines like servers, routers, and printers. For our system, we will reserve IPs below 192.168.0.50. For larger networks you may need multiple scopes and/or wider ranges.

The domain name should match the domain name in DNS forward lookup zone. You can find DNS & DHCP sections in Server Manager. Expand sections and right-click to select properties to  find & edit information.

Troubleshooting DHCP

For our demo system, we are assuming that server was in another domain prior (domain.com) to becoming DC (domain controller) for corp.domain.com. Since DNS forwarder shows corp.domain.com as the domain we will edit our DHCP name accordingly.

Our demo system also had a bogus router 0.0.0.0 so we delete the information and add our gateway 192.168.0.1.

These sorts of problems occur when the server goes from member server to domain controller of another domain.

In Conclusion

DHCP is still very useful so you will want to take advantage of it as much as possible.

Tip: Even if you use static IPs you may want to look at something that’s already on your network to see how DHCP set it up.

Slow Loading Websites & Resources

Network Issues

Slow Loading Websites & Resources

DNS (Domain Name System) is a service that translates website & computer names to ips (i.e., Internet Protocol addresses) so you can use friendly domain names like Google.com & Randy-laptop.

On a Windows domain this service is handled by the DC (Domain Controller).

IPs – IPv4

Note that every device on your network should have a unique ip. A duplicate ip causes confusion. Only the 1st device to secure an ip will be able to access the network.

Likewise many websites have a unique ip but this is not always the case. If your test website uses HTTP Secure(e,g, https://www.google.com)  then it has a unique website.

IPv4 is the easier protocol to deal with when accessing resources.

Applications

This article specifically applies to a Server 2008 R2 Standard single server domain with AD (Active Directory) but the principles can be applied to DNS servers everywhere.

A Server 2008 R2 Standard single server domain should point only to itself for DNS and not an external server. The rest of the domain should also point to this server. There should be no reason to have a forwarder in a single server domain but you might run across one if a server has been removed somehow.

Machines with static ips will have the local ip for the DNS server. Machines assigned ips via DHCP (Dynamic Host Configuration Protocol)  will get that ip from the DHCP server.

Troubleshooting Domain DNS

If your clients on the domain access computer resources like network shares & websites without issues then your DNS is working properly. If on the other hand it takes a long time for a website or network share to load then you may want to investigate DNS.

A simple way to troubleshoot DNS is to try accessing the ip rather than the FQDN (Fully Qualified Domain Name). Chances are you don’t know the ip of the resource but you can ping it from a CMD prompt.

The examples below we are pinging FQDN cisco.com   & Randy-laptop with the -4 flag set (return IPv4). Once we have the ip we can try accessing these resources.

In the case of cisco.com we put the ip 72.163.4.161 in our browser. If the page loads for the ip and not the FQDN then we have a DNS problem.

In the case of the network resource, we can try connecting with a net use command. Assuming you have permission to access the save share on Randy-laptop then the net use command should connect  drive X. If you can access the share via ip but not FQDN then we have issues with DNS.

Examples:

C:\Users\Randy>ping cisco.com -4

Pinging cisco.com [72.163.4.161] with 32 bytes of data:

C:\Users\Randy>ping Randy-laptop -4

Pinging Randy-Laptop [192.168.1.25] with 32 bytes of data:

Connecting to network share using ip:

C:\Users\Randy>net use x: \\192.168.1.25\save
The command completed successfully.

DNS Problem Forwarder

In our example we are going to assume that the network is slow and resources drag. Troubleshooting leads us to believe there is a DNS problem. Looking at the properties of our DNS we find a forwarder.

 

We know the forwarder should not be there so we remove it & restart the DNS service. This is more likely to occur when you remove a DNS server from your domain. It can also occur when you move your DC to a new domain leaving the old DNS server behind.