Welcome to the Sentinel Blog!
We are proud to feature a carefully curated collection of articles and other content related to the most important technology topics of today and beyond. Our posts are composed and edited by Sentinel’s ALWAYS ENGAGED team of solutions architects, engineers, project managers and other subject matter experts.
Sentinel Responds to COVID-19 Technology Challenges
As the world faces an unprecedented crisis with the COVID-19 pandemic, Sentinel wants to help ensure our customers are equipped with the proper tools to manage the many challenges associated with maintaining strong employee communication and productivity in any scenario. Today’s technology enables organizations of all types to stay connected, collaborative, and secure across platforms and locations, so you can continue to conduct business with minimal or no disruption. While many companies already have things like remote and mobile work capabilities deployed within their environments, not all systems are designed to scale out rapidly in an emergency or can handle the demands of an entire mobile workforce. If you’re at all concerned about your organization’s ability to properly function from an operational standpoint during a pandemic or other major crisis situation, or are simply interested in enhancing the work from home experience for your employees, please contact Sentinel for more information on solutions or upgrades for your business.
Here are some of Sentinel’s offerings that may help during these difficult times:
Pandemic Continuity of Operations Plan
Continuity plans serve as guides for maintaining essential business functions and services during a viral outbreak or pandemic. This plan neither replaces nor supersedes any currently approved continuity plan, but can function as a supplement to any existing continuity plan. It supplements the traditional, all-hazards continuity planning by addressing additional considerations, challenges, and elements specific to the dynamic nature of a pandemic.
Based on our tailored engagements, Sentinel offers a Pandemic Continuity of Operations Plan to help our customers quickly initiate and develop a comprehensive recovery strategy. Sentinel can also provide the guidance around IT systems readiness, collaboration tools, cloud services, and other critical IT services in support of your organization’s plan.
Remote Productivity Express Plan
Most organizations have a mobile working strategy in place, but few have the tools and capacity to handle extreme mobility demands. If the number of employees working remote instantly jumps to 100%, new challenges may emerge. Your plan (if one exists) might not execute properly, the technology required might not be available, or your system might not be able to handle all the remote workers. Security is also a major concern, as organizations often lower defenses for expediency. This may be normal and expected, but bad actors will take advantage of any opportunity to compromise your environment.
Sentinel’s productivity express services can help deliver agility for your organization and its employees. Our rapid mobility workshop features a gap analysis to determine your immediate needs, identify ideal solutions, and map to vendor promotions so you can get productive quickly.
High Capacity and Specialized Collaboration
Collaboration among branches, partners, and remote co-workers is nothing new. Solutions range from simple voice or chat to fully immersive video rooms that make people worlds apart feel like they're two feet away. However when your all your employees are trying to collaborate from home at the same time, you quickly discover the limitations of your existing capabilities. Sentinel can help with agile cloud-based offerings that can be deployed quickly for real-time communications, advanced content collaboration, and video capabilities for individuals/groups.
Sentinel offers innovative collaboration solutions for organizations of all sizes. We work with our partners to provide advanced collaboration capabilities through pay-as-you-go or extended trials of solutions from industry leaders such as Amazon Chime, Cisco WebEx, and Microsoft Teams. Sentinel's digitization experts will help align your needs with the right solution for your team. Our aim is to keep your business productive, communicating within and between organizations, and collaborating with everyone, from anywhere.
Some industries face unique collaboration challenges. Along with person-to-person and business-to-business voice, video, IM, and other collaboration essentials, additional tools are required for events, distance learning, and even telemedicine. Some solutions such as telemedicine at healthcare facilities and eLearning in K-12 schools have been available for years but have lacked proper funding and adoption. Sentinel can provide the design, implementation, and support services combined with solutions from our partners to increase your capacity and capabilities in a matter of days if required.
Connect From Anywhere
During a crisis, it is important that all workers have the ability to immediately access critical applications from anywhere. Your current capabilities may only require an expansion of capacity for internet and VPN, or your situation might be more complicated and require services such as emergency virtual desktops. If your organization doesn't have a mobile workforce plan, company-issued laptops, and regular mobility testing for all workers, you may encounter challenges when working remotely. Sentinel wants to help ensure your employees can connect and compute quickly and securely from anywhere during critical situations.
Sentinel has the proven ability to assist customers with mobile devices and laptop imaging as well as delivering on demand, public cloud-based virtual desktop services from our partners at Amazon and Microsoft. Traditional VDI solutions require large hardware purchases, long design cycles, and on-site installation, which can take months or years in addition to being quite costly. Sentinel’s cloud compute now services connect you with an architect to engineer a solution for your network and users. We have quick turnaround plans able to deliver compute on demand (VDI) services in a few weeks or less. These proof of concept services for cloud virtual compute can support nearly every device your users have, and includes trial periods of up to 90 days.
Stay Secure Everywhere
While the health of your workers remains a top priority, don't forget about the health of your systems. Your organization needs to consider cyber security when rushing to provide remote capabilities for a large portion of your staff in short timeframes. Sentinel provides solutions across all areas of the NIST cyber security framework. Our Advisory consultants can assist in creating a “work from home” security policy. Protection, detection, and response is provided via technologies from Sentinel’s partnerships with global security leaders. Also, in the unfortunate event that your organization experiences a security breach, Sentinel Incident Response Services stand ready to help you recover critical assets to minimize both business loss and damage to your reputation.
Sentinel cyber security experts stand ready to assist you in defining a mobile cyber security strategy now. Leverage our experts and proven experience in creating a mobile strategy to support your work from home initiatives to meet immediate challenges and your long-term mobile workforce needs.
If you are interested in learning more about any of the solutions outlined above, please contact Sentinel for additional information. We hope that you stay safe and healthy during this unprecedented and difficult time, and look forward to assisting with your technology needs today and in the future.
Sentinel Helps A Financial Institution Achieve Dividends With Customer Care Technology
A financial institution was having issues with their aging and scrambled Cisco customer contact center platform. Their dated Cisco collaboration environment had been in place for well over a decade. Over that time, the customer had worked with multiple vendors/partners on a variety of tasks, including upgrades, additions, and process changes. The revolving door of management, team members, and partners also created a situation where critical information about the system as well as key operational details were not passed along to the next people to take over those roles.
The organization was also struggling to define attainable and measurable business objectives in order to address concerns about customer satisfaction and improve efficiencies surrounding customer interactions.
Sentinel decided to work with the customer to address their system issues in a proactive and holistic manner, rather than waiting for individual problems to arise and handling them one by one. This would enable the business units to focus their energy on clearly defining the objectives of the organization and mapping them to the appropriate features and technologies. We recommended Sentinel’s Advisory Services to help.
Sentinel’s Advisory Services engaged with the customer through a workshop format. Key members of management and staff gathered in a non-technical environment to assess all of the relevant items, topics, and issues, then assigned them each a priority level based on importance, relevance, and measurability. They defined goals and objectives, made a list of all the elements required to complete them, and established a solutions summary with detailed recommendations and next steps.
This was a multi-phased methodology that ensured the goals developed for management were “specific, measurable, achievable, relevant, and time-bound”. The strategic plan encompassed functional requirements, solution costs, action/activity timelines, and their expected impact.
The key goals included (but weren’t limited to):
+Address the growing number of customers asking for multiple ways/platforms to interact with the organization (omni-channel)
+Establish self-service capabilities for customers
+Reduce call abandonment rate
+Develop more accurate activity awareness metrics
+Improve reporting and data collection
+Provide the administration with change capabilities outside of IT
+Strengthen call capacity management
+Install call recording features and other capabilities
+Use agent skills routing to improve service call quality and efficiency
The organization faced a number of different challenges and roadblocks while working toward their goals, such as:
+Additional Employee Training
+Lack of Support
+Securing the Proper Budget/Funding
+Incompatible Policies and Processes
+Convincing Employees to Accept New Methods/Systemic Changes
+Under Staffing and Deficient Skillsets
Once the customer’s business goals and objectives were clearly defined, Sentinel provided solutions to address, fix, change, remediate, delete, add, and track activity using metrics. Solutions included a reduction in configuration complexities, native feature configurations, and new products, as well as customizations for scripting, reporting, and training.
Through the collaboration workshop created by Sentinel’s Advisory Services for this customer’s situation, we were able to not only save their current investment, but build upon it. Their faith and comfort grew as they learned new skills and became reacquainted with the refreshed systems in their environment. It helped them to gain a better perspective and understand how their own business processes map to the technology.
The customer’s systems were essentially “cleaned up” and realigned according to industry best practices and configurations. These routing efficiencies and standardizations improved performance and gave administrators a better understanding of the tools and solutions within their corporate environment.
The customer also gained a stronger understanding of metrics and reporting, which enabled them to gather and track data for historical significance and the measurement of key performance indicators.
About Sentinel Collaboration Advisory Services™
There are two methods by which Sentinel will engage and advisory effort, they are “strategic” and “tactical”.
The strategic assessment approach aligns organizational goals and objectives with technology recommendations. Sentinel will meet with key organization stakeholders to gain insight into current challenges as well as future initiatives. This process will provide guidance for the analysis and recommendation phases of the engagement. Sentinel will gather information about the current technology area, i.e. collaboration, etc. infrastructure, topology, devices, and configuration to review it for technical best practice adherence and alignment with organizational goals. A prioritized list of recommendations will be presented to the organization and linked to the key initiatives that are defined in prior phases.
The tactical assessment approach does not consider overall organizational goals and objectives and is meant to serve as a focused “immediate fix” set of recommendations. Sentinel will gather information about the current technology, i.e. collaboration, etc. infrastructure, topology, devices, and configuration to review it for technical best practice. A prioritized list of recommendations will be presented to the organization for review.
The goals of these assessments are to provide comprehensive analysis and an objective review of the current implementation, along with insights into any future changes that should be made.
Sentinel Uses AWS to Develop a Cisco Jabber Messenger Migration Tool
When you are faced with complex business challenges, public cloud providers can offer a number of different paths to a solution. These solutions frequently need to be tailored to your organization's specific use case, but can also focus on required features alone to provide faster if less elegant resolutions to your issues.
Sentinel recently utilized multiple AWS cloud services to demonstrate these possibilities. In this particular case, the business needed to migrate the contacts from hundreds of Cisco Jabber Messenger users to On-Premises Jabber services before the legacy messenger service was deprecated. This was phase one in a multi-phase migration to Cisco's WebEx Teams platform. Utilizing the application programming interfaces of both platforms, the Sentinel team developed a solution that provided a seamless user experience throughout the migration. Here are the technical details surrounding how we built the architecture and arranged the configuration.
The user interface for the tool was a single page web application, written in Angular. The "web server" was an S3 bucket with HTTP access enabled. Although there was no direct communication between the client and the server, CloudFront was used to provide a friendly HTTPS point of access. After the single page application was loaded by the client, all further I/O was through API Gateway.
The application prompts used a wizard-style approach to walk users through the migration process. The first step was for each user to enter their WebEx credentials, which was passed to the API Gateway (backed by a Lambda function). The Lambda function returned either a failure to authenticate or a list of contacts from WebEx. The next step was to enter Sentinel credentials for the IMP server, which was also passed to the API Gateway and a Lambda function. Once again, the Lambda function returns either a failure or a list of contacts.
With regard to the Lambda implementation, it is worth noting that there was a bug that prevented the IMP API from providing a list of contacts (the API result was successful but the list was always empty). To work around this problem, the Lambda functions created a Jabber-like client then connected to WebEx and IMP using the native protocol (XMPP), allowing it to get a full contact list that way. A client was created dynamically in each Lambda invocation and destroyed when the Lambda function exits.
The single page web application then performed a "diff" between the two contact lists, calculating the changes that were needed – contact additions or modifications needed to put the IMP server in sync with WebEx. As the next step in the wizard process, the SPA sent the desired changes to another Lambda function (via API Gateway), which connected to Sentinel's IMP server and made the necessary changes.
As for visibility, API Gateway and all Lambda functions used X-Ray to view the interaction between AWS services. Real-time service activity was stored in CloudWatch via log groups, and a log of all user activity was stored in DynamoDB programmatically. The DynamoDB table allowed for identification of users that had not yet performed authentication or attempted to use invalid credentials, along with other useful information to aid in user troubleshooting. It also had a table to track outages (such as if WebEx or Sentinel's IMP server were unavailable) so that email notifications could be sent (and then suppressed for a time period).
AWS services that were leveraged in building this solutions:
+ S3 – web server and location of web files
+ API Gateway – provided an HTTPS REST API endpoint for the single page app communication
+ Lambda – provided the logic for the REST API
+ CloudFront – provided HTTPS termination for the REST API
+ Route 53 – provided an alias to the S3 bucket so that users had a friendly name that ended in "sentinel.com"
+ CloudWatch – location of logs for Lambda functions
+ X-Ray – tracing was enabled for the API Gateway and all Lambda functions, providing end-to-end visibility
+ DynamoDB – tables for user activity logs and service state tracking
If you are interested in learning more about AWS and how it can be used to develop tools and applications for your organization, please contact Sentinel for additional information.
Sentinel's Spring 2020 Event Calendar
While it’s not technically spring quite yet, the weather is starting to warm up and so is Sentinel’s event calendar! We love hosting events, because it gives us an excuse to interact with our customers and talk about some of the great new innovations and technologies designed to enhance and protect the workplace. There are a few exciting things happening over the coming weeks and months across all Sentinel locations, so take a look at the summaries below and register to attend if you’re in the area or interested in learning more!
March 5 – Incident Response and Steak to Go
Here’s a great opportunity to learn a bit more about the latest incident response solutions and techniques from the experts at Cylance, while also taking home a delicious meal. Sentinel’s Denver office will be hosting a special workshop at Elway’s on Thursday, March 5th, where you’ll get an in-depth look at tools that assist in preventing, detecting, and responding to security incidents. That includes CylanceOPTICS, which pushes all detection and response decisions down to the endpoint, thereby eliminating response latency and preventing threats from becoming widespread across the entire enterprise. Light appetizers and drinks will also be served, and on the way out the door those in attendance will get a boxed up delicious steak dinner to enjoy at home.
March 6 – School Safety Program Webinar
In case you weren’t already aware, the Michigan State Police have created a $10 million statewide competitive grant program designed to fund security improvements at K-12 schools. This money can be used for purchases such as new security cameras, panic buttons, or mass notification systems designed to keep students, teachers, and other staff aware of incidents and potentially dangerous situations. We’ll be hosting a webinar on Friday, March 6th to detail the School Safety Program and highlight how Sentinel can help throughout the process, from writing a strong grant proposal to the purchase and deployment of new security technology throughout your environment.
March 17 – Enhanced 911 Webinar
A new law passed by the State of Michigan last year significantly tightens the Enhanced 911 (E911) requirements for organizations operating multi-line telephone systems (MLTS) or private branch exchange (PBX) phone systems. Once the new law goes into effect in the coming months, enterprise organizations will need to provide 911 dispatchers with detailed caller and location information so they can ensure first responders reach emergency situations as fast as possible. Sentinel will be hosting a highly informative webinar on Tuesday, March 17th with the experts from E911 provider RedSky, who will detail the new regulations and offer solutions to help organizations achieve compliance in a timely fashion.
April 2 – Security and Sunglasses
Sentinel customers in Wisconsin have the opportunity to learn about the latest security solutions and trends when we host a fun event with Cisco at the Sunglass Hut location in Mayfair Mall on Thursday, April 2nd. Experts will be on hand for some friendly discussions about the security challenges many organizations are facing today, and the best steps to take so your company can properly defend itself against even the most sophisticated attacks. This is also a great opportunity to network, meet some of the Sentinel team, enjoy some light appetizers and drinks, plus check out some cool sunglasses!
We’ve got plenty more events currently being planned for later this year, and are excited to share them with you as they are announced. If you’re curious about any Sentinel events that might be happening in your area, please keep an eye on our Events page for the latest updates!
Sentinel Loves Technology
At Sentinel, technology is our specialty and our passion. After more than 35 years of working in and evolving with the IT industry, we’re still as in love with it as we were on day one – maybe even more so. We also love our customers. Sentinel wouldn’t exist without them! In honor of Valentine’s Day this week, we asked some staff members to share what sparks their passion for technology. Here are some of their answers, which ranged from funny to profound to deeply personal.
“My favorite thing about technology is that there’s always something fresh and exciting happening. Whether it’s a brand new solution or a major upgrade to an old one, I’m never bored and remain eager to see where things will go next.”
-Geoff, Solutions Architect
“The diversity in tech is pretty incredible. There are more products out there than ever before, and every one is built to fill a particular need. And because Sentinel has so many offerings I feel like I’m never at a loss for things to talk about with customers, from advisory to cloud to security to staffing to storage, and on and on and on…”
-Chris, Sales Executive
“The people who work in tech are certainly a special breed. I mean that in the best way! I’ve met some life-long friends because of this job, some of them co-workers, some of them partners, and some of them customers. So many great people at this company and in this industry in general.”
-Mike, Sales Executive
“I love technology because I’m always learning something new. People rely on me for my expertise, and if I’m not keeping up with trends and innovations or exploring unfamiliar ideas I start to get restless. To put it another way, IT keeps me sane.”
-Tim, Solutions Architect
“I’m a natural helper. That’s my thing. Tech gives me the opportunity to help people all the time by providing them with solutions and services that can improve their efficiency, better connect with others, and protect them from cyber attacks. It’s both personally and professionally fulfilling.”
-Bill, Sr. Sales Executive
“Innovation! It’s a real thrill to be at the forefront of things, where you can share a brand new concept or solution with someone before most people have ever heard of it. Then you watch that thing change the IT industry or revolutionize the way that business is done. That’s a whole lot of fun.”
-Robbie, Sales Executive
“I love working in the IT industry, mostly because of the acronyms. I save an average of five to ten minutes a day saying things like "IBR" instead of Install Base Report, for example. That gives me more time with my Total Gym. And as Chuck Norris told me in an infomercial at 5AM this morning, the Total Gym can give me great physical results if I just dedicate five to ten minutes a day to various workouts.”
-Kevin, Customer Renewals
“Sentinel’s customers are the absolute best! Yes I realize this is absolutely pandering, but it’s also the truth. Their passion for technology inspires and motivates me on a daily basis. I love tech because they love tech, simple as that.”
-John, Director of Sales
Kari's Law and Enhanced 911
When an emergency occurs, it is essential to act quickly and communicate clearly with first responders. Even the most minor of delays could mean the difference between life and death. New technologies such as mass notification systems and federal legislation such as Kari’s Law aim to minimize the chance of critical issues or errors during emergency situations.
A new federal regulation known as Kari’s Law requires all organizations implementing a new multi-line telephone system (MLTS) or private bank exchange (PBX) phone system to enable direct 911 calling without first needing to dial an extra prefix to establish an outside line. For example, most enterprise businesses have phone systems where users have to press “9” (or some other code on the keypad) to get a dial tone before entering a standard area code and number. This new law means a user can dial 911 in an emergency situation and not have to worry about any other prefixes or digits, resulting in faster response times and less confusion about how to obtain help. Kari’s Law goes into effect on February 16, 2020.
The primary purpose of Enhanced 911 (E911) technology is to provide more detailed caller information to dispatchers so they can ensure first responders reach emergency situations as fast as possible. When a person calls 911, their callback number and precise location are automatically provided to the operator. This can be particularly helpful in situations where a connection gets lost or callers have trouble verbally communicating their location due to a medical emergency, handicap, dangerous situation, unfamiliarity with their surroundings, or foreign language barrier.
Many organizations that use MLTS or PBX phone systems are also large enough in size to make it difficult for emergency dispatchers to identify exactly where a 911 call is coming from. This is particularly true for businesses located within high rises or building complexes, which often share a phone system and might only display the most basic details to dispatchers such as a street address and corporate phone number without a floor/building number or the caller’s direct extension.
The specific regulations and compliance requirements for E911 vary by state, but Sentinel can help your organization provide detailed caller and location information to emergency services if it is available in your area.
Emergency Mass Notification Systems
Beyond these 911 regulations, Sentinel also wants to make it easier for organizations and schools to notify the proper personnel when an emergency occurs. Mass notification systems can send alerts to designated staff, management, security guards, or those in the building with medical training so they are immediately informed of a dangerous or emergency situation. These notification systems can be triggered through a number of different methods and devices, including when 911 is dialed from a building phone. Alerts are provided to specified people via text, email, desktop pop-up or phone, and can incorporate a feature that enables them to connect and listen to an in-progress 911 call to gain a better understanding of the situation for a more effective response.
If you are interested in learning more about mass notification systems and how they can help your organization meet emergency services compliance requirements, please contact Sentinel for additional information.
Sentinel Helps A Utility Company Restore Their Environment Following An Attack
A utility company was having issues with business workflows and production that was impacting their business connectivity. After reviewing the current state of their network, Sentinel determined that unauthorized user(s) were accessing their system via a Citrix server. This could have occurred due to stolen credentials or a brute force login attack. This type of attack not only results in unauthorized access to data, apps, and other resources, but also serves as an entry point for further attacks.
The unauthorized access impacted the company’s current backups along with an encrypted SQL server. The attacker then executed malware to disable servers and encrypt file structures.
The utility company required assistance to determine the current state of their network, to stop and remediate the current attack, and to implement additional security measures that would help identify and prevent unauthorized access to their network via Citrix or any other method moving forward. Sentinel’s incident response team provided assistance to disable the unauthorized access to the company’s network and worked to remediate the environment to a state before the attack occurred based on the customer’s backups.
It was determined that attacker(s) gained remote access to the customer’s network via a Citrix server, then used credentials from three different domain admin accounts to access other portions of the environment. The attacker(s) deleted disk-to-disk backups, disabled terminal servers, encrypted SQL servers, and executed malware, all of which significantly impacted business workflow and production. Also during Sentinel’s network security review, it was discovered that several unauthorized remote logins to the company’s Veeam proxy server had occurred via the server administrator account and were used to access the backups and network.
Resolution / Remediation
Sentinel assisted with many areas of the incident response, including providing security recommendations, securing the environment, and contributing to restorative activities.
Sentinel’s Cyber Security Engineers (SCSE) started the process by disabling the affected Citrix server and all domain admin accounts, as well as blacklisting all .exe file types in Cisco AMP (Advance Malware Protection) to prevent the current situation from becoming worse. The current state of the network was reviewed to determine if there were are additional areas where the attacker(s) would be able to reenter the network. It was discovered that the Veeam proxy server had unauthorized administrator accounts for remote logins that granted access to the backups and to the company network. SCSE disabled all VPN access until new protection methods were in place to combat the unauthorized access to the network.
Once the network was secured and infected servers / workstations cleared of any viruses / malware, SCSE started the remediation of the damaged and compromised systems. SCSE discovered the only tape backups that had not been deleted were a couple of weeks old. SCSE rebuilt the Veeam proxy server since the server was compromised during the attack. Once the Veeam proxy server rebuild had been completed, the remaining compromised or damaged servers were restored using the available backup files.
SCSE deployed Cisco AMP for Endpoint on every server to help block / prevent malware at the point of entry. Cisco AMP was also deployed to gain visibility into file and executable-level activity so malware could be removed at this level.
SCSE deployed additional security measures throughout the customer’s environment to significantly improve protection, detection, and recovery capabilities.
SCSE started by working with the company’s IT team to harden the password requirements and reset all user passwords to meet these requirements. This provided an additional level of security, so in the event of another brute force attack these more complex passwords would be tougher and take much longer to crack.
SCSE also implemented Cisco Duo for multi-factor authentication. Duo requires users to confirm their identities before granting them access to corporate applications. Controls allow the company to make application access decisions based on the user’s identity and the trustworthiness of their device(s) rather than the networks from where access originates.
Cisco Identity Services Engine (ISE) was also deployed by the SCSE to provide identity access to switches, wireless, and VPN connections. The additional layer of security created by ISE enabled the organization to better determine which corporate issued or approved outside devices should have the ability to log in to the company’s private network and which ones should be restricted to the guest-only public Internet. SCSE also implemented additional ASA firewall rules to harden access to and from the Internet.
SCSE implemented Sentinel’s Backup as a Service (BaaS) to provide air gapped backups through Veeam. Sentinel’s BaaS enables organizations to efficiently protect, locate, and recover critical data across all types of environments and platforms so they can return to business quickly and with minimal disruption following a data loss event. Sentinel’s Security Operation Center (SOC) was also deployed to provide security monitoring and strategic security guidance. Sentinel’s 24x7x365 SOC keeps a close eye on the company’s critical infrastructure elements to ensure their sensitive data and applications remain protected and satisfy performance metrics.
The SCSE team was able to determine the state of the network during the attack and identify the penetration points used by the attacker(s). Sentinel engineers were able to disable the rogue access within the network and begin the remediation. Restoration was completed using the remaining stable backups as necessary, along with any additional updates required to secure the network. SCSE implemented multiple solutions designed to enhance the security within the network and VPN access. The final portion enabled off-site, air gapped backups to add an extra layer of security and allow for faster and easier restoration should the network become compromised again at some point in the future.
About Sentinel SecuritySelect™
Sentinel’s SecuritySelect™ offerings are designed to handle today’s complex business and IT landscape, closely engaging with your organization to develop and implement a comprehensive security strategy suited to your company’s unique needs. Our SecuritySelect™ portfolio includes:
+Assessment and Prevention
+Security as a Service (SECaaS) via Sentinel CloudSelect™
+Security Operations Center (SOC) 24x7x365 Monitoring
+Identity Access & Endpoint Security
+Network & Perimeter Security
If you are interested in learning more about Sentinel SecuritySelect™ and how we can help protect your environment, please contact us for additional information.
Excerpt: Managing Certificates With Windows Certificate Manager and PowerShell
By Michael Soule, Sentinel Strategic Solutions Advisor
Recently, Sentinel Strategic Solutions Advisor Michael Soule wrote a lengthy, in-depth tutorial for the IT site Adam the Automator surrounding the challenges involved with managing certificates through Microsoft Windows. It is more technical than what we typically feature on this blog and may not be easy for some people to understand, but we wanted to share an edited excerpt from it anyway in case anyone is interested in learning more. If this interests you, the full tutorial can be read here.
If you're a Windows system administrator, you might have been forced to work with certificates. Working with certificates in Windows is typically one of those extra hats a sysadmin has to take on. Certificates are notoriously complex and hard to understand, but my hope is that by the time you're done reading you'll realize that certificates aren't that scary in Windows!
Within Windows, all certificates exist in logical storage locations referred to as certificate stores. Certificate stores are "buckets" where Windows keeps all certificates that are currently installed and a certificate can be in more than one store.
Unfortunately, certificate stores are not the most intuitive concept with which to work. Each store is located in the Windows Registry and on the file system. When working with a certificate in a store, you are interfacing with the logical store; not directly modifying the registry or file system. This simpler manner lets you work with a single object while Windows takes care of how to represent that object on disk.
“You'll sometimes see certificate stores referred to as physical or logical stores. Physical stores reference the actual file system or registry location where the registry key(s) and/or file(s) are stored. Logical stores are dynamic references that reference one or more physical stores. Logical stores are much easier to work with than physical stores for most common use cases.”
Windows stores certificates in two different areas - a user and computer context. A certificate is placed in one of these two contexts depending on if the certificate should be used by a single user, multiple users, or the computer itself.
If you intend for a certificate to be used by a single user, then a user certificate store is ideal. This is the common use case for certificate-based authentication processes such as wired IEEE 802.1x.
User certificates are located within the current user's profile and are only logically mapped within that user's context. User certificates are "mapped" and are unique for each user, even on the same systems.
If a certificate will be used by all users on a computer or a system process, it should be placed inside of a store in the computer context. For example, if a certificate will be used on a web server to encrypt communication for all clients, placing a certificate in a store in the computer context would be ideal.
You'll see that a computer's certificate store is logically mapped for all user contexts. This allows for certificates in a computer certificate store to be used by all users, depending on the permissions configured for the private key.
Computer certificates are located in the Local Machine Registry hives and the Program Data folder. User certificates are located in the Current User Registry hives and the App Data folder.
PowerShell vs. the Windows Security Certificate Manager
Since certificates can be managed a few different ways in Windows, which one do you choose? Should you go the GUI (MMC) route or command-line with PowerShell?
First, consider the lifecycle of a certificate. If you only intend to install or remove a single certificate once, consider using the MMC. But if you're managing multiple certificates or find yourself performing the same task over and over again, the command-line route may be the way to go. Even if you don't know how to write PowerShell scripts, it'd be worth learning if you have many different certificates to manage.
Let's first take a look at how to discover the certificates installed on Windows using both the Certificate Manager and PowerShell.
Using the Windows Certificate Manager
To view certificates with the MMC, open up the Certificate Manager open your Start menu and type certmgr.msc. This will bring up the Windows Certificates MMC. This initial view will provide an overview of all the logical stores displayed in the left window.
There are many attributes of a certificate you can see when viewing them with the MMC. For example, you will likely want to select specific certificates.
The easiest way for you to accomplish this is by referencing the certificate's Serial Number or Thumbprint extension value. If the certificate was signed by a certificate authority (CA), it will have a serial number when issued. The Thumbprint is calculated every time the certificate is viewed.
One important feature to point out is embedded private keys. Certificates in Windows can also have a corresponding private key. These private keys are stored in corresponding physical stores as encrypted files.
To quickly distinguish a certificate with and without a corresponding private key, look at the certificate icon. In the MMC, if the icon simply looks like a piece of paper with a ribbon, there is no corresponding private key. If a certificate does have a private key, you will see a key in the MMC icon, and you will see a key at the bottom of the General tab when you open the certificate.
As with the MMC, you can view and manage certificates with PowerShell as well. Let's first inspect certificates in their physical stores (the registry and file system).
By Physical Store
Using the Get-ChildItem PowerShell cmdlet, you can enumerate all of the keys and values inside of the parent HKCU:\Software\Microsoft\SystemCertificates\CA\Certificates\ registry key path.
Each entry in the Registry hive you see will correspond to the Thumbprint of the certificate for a trusted CA and it's certificate in the corresponding property.
Another common store is the Personal store. Your certificates for this store are located on the file system rather than the Registry.
By Logical Store
Since working with certificates in their physical paths is uncommon, you will be working with the logical stores for the rest of the examples.
PowerShell can access Windows logical stores using the Cert: PSDrive. The Cert: PSDrive maps certificates to the physical stores much like the MMC does.
Unfortunately, the MMC and the Cert PSDrive do not label the logical stores the same.
If you are interested in reading the complete tutorial, along with examples, screenshots, and graphics, please click here. As evidenced by this excerpt, Sentinel can help your organization manage its certificates, or aid in demystifying the process so your IT team can handle it without much trouble. Please contact us if you would like additional information.
Five Technology Highlights From 2019
As the year comes to a close and everyone starts looking ahead to 2020, we wanted to take a brief moment to reflect on a few of the technology developments that helped shape 2019. The IT industry has come a long way in such a short time, and while in many respects we’re still talking about a lot of the same topics from year to year, there have still been plenty of noteworthy innovations that have showcased significant growth and positioned us for even greater achievements throughout the next decade. Here are five key technology highlights from 2019.
Hybrid Cloud and Multicloud
As organizations continued to shift more of their infrastructure into the cloud this year, they quickly discovered that not all clouds are created equal. The connectivity, user access control, activity logging and monitoring, automation services, application offerings, and pricing all varied widely depending on the provider. Amazon Web Services (AWS) and Microsoft Azure remained the two most prevalent public cloud offerings, and many businesses chose to invest in both as they satisfied different needs. The resulting hybrid and multicloud environments helped most of these organizations increase their agility and efficiency while keeping costs to a minimum.
This year the folks at Cisco Meraki released their most advanced security cameras to date: cloud-hosted devices that consume only a fraction of the network bandwidth of most other security cameras. They’re easy to install and manage too, with a secure dashboard tool that allows users to stream footage, adjust quality settings, quickly jump to specific times, identify motion events in user-defined areas, and share videos as needed. There are also advanced analytics tools that enable organizations to learn more about the environments the cameras are monitoring, including traffic flows and secure area entrances. Since they can only be accessed by Meraki dashboard administrators, these cameras also can’t be hacked by outsiders. If you’re curious about how the Meraki Cameras will operate in your environment, ask your Sentinel rep to send you a few to test out!
Safer Schools and Workplaces
When an emergency occurs at your office or school that puts your safety and/or the safety of others at risk, what do you do? Is there a system in place to let employees, visitors, and students know what’s happening? Sentinel began offering a number of different mass notification devices and systems this year, designed to help raise public awareness and contact emergency personnel during dangerous events such as severe weather, medical emergencies, lockdowns, and intruder alerts. The goal is to use audio and visual elements including panic buttons, video surveillance systems, phone systems, strobe lights, digital signage, overhead speakers, and text messages to keep people safe and informed about a particular situation.
Security continues to be an extremely hot topic, and one of the most talked about pieces of that particular puzzle this year has been tetration. In case you’re not familiar, tetration provides workload protection for data centers, cloud, and multicloud environments through the use of segmentation. It gives IT departments greater visibility throughout their infrastructure, enabling them to reduce the attack surface, detect software vulnerabilities, and identify security incidents faster. Things like application dependency and mapping tools help identify which workflows are talking to which servers, which also proves quite useful for troubleshooting purposes. Tetration also offers insight into a number of other areas: What process owns what port? What is the root cause of a specific network communication? Who installed that software? Why is that software running there? What is that software’s purpose? Does this process need to be talking to this server? These are the sorts of things that can start a discussion and lead to network and infrastructure improvements. If nothing else, tetration is useful as a tool to better understand what is happening inside your organization.
One of the biggest and arguably most important developments of 2019 was the sharp increase in the number of organizations deploying software-defined wide-area networks (SD-WAN) into their environments. SD-WAN creates a common network infrastructure that has security, multipathing, resiliency, and redundancy all built into it, so that way you’re properly routing your network and your traffic to different areas of the cloud. In the near future we’ll likely have cloud, core, and edge infrastructures all interlinking with each other, and SD-WAN will function as the plumbing for that. The main benefit of SD-WAN for most organizations is going to be network redundancy, along with using the transport layer however they want. The best SD-WAN solutions reduce the cost of expensive circuits such as MPLS, use direct internet access at the edge to enable technology at small or remote offices, and bring those things together so your network connectivity, from your end user to your core data center to your cloud service, remains highly secure. So SD-WAN is really the marriage of not only your traditional routing and VPN services across your WAN and end users, but it also incorporates security into that model too. It takes an overlay, puts it across the wide area network, and makes sure that everything routes and functions properly through automated and orchestrated means.
If your organization has yet to embrace some (or all) of these technology highlights, don’t worry! Everyone moves at a different pace based around need and budget. Plus, what’s right for one organization might not be right for another. Talk with your Sentinel rep about your business goals, and we’ll work with you to find the right IT solutions and services to achieve them. As always, feel free to contact us for more information. Thanks to our customers and employees for a wonderful 2019! We can’t wait to continue this technology journey with you in 2020 and beyond!
Sentinel's Holiday Gift Guide 2019
We’re once again deep into the holiday season, and if you’re still on the hunt for some fun and smart gifts to give friends and family this year, allow Sentinel to help you out with a few smart, technology-focused ideas designed to enhance the lives of anyone who receives them. These cover a variety of different categories and price points, so hopefully you can find something for everyone on your list!
The Mirror [$1,495]
It’s always a little tricky when giving anything fitness-related as a gift. Unless you’re a woman in a Peloton commercial, most people don’t like gifts that imply they need to get into better shape. Of course it’s a different story if they ask for equipment to help them exercise. As one of the latest innovations in fitness, The Mirror provides much more than a simple reflective surface you can stare at and check your outfit or makeup. It’s a home gym disguised as a traditional mirror. You can take a wide variety of classes (yoga, kickboxing, weight training, cardio, barre, etc.) with certified expert trainers either live or on demand, with customized adjustments and tips provided based on your own set of goals and preferences. It connects to Spotify for custom playlists, and can sync with Bluetooth heart monitors such as the Apple Watch to track your heart rate. The Mirror also provides performance metrics to keep an eye on personal improvements and help you achieve certain benchmarks. Yes, it’s an expensive piece of equipment, but the price reflects the level of features provided.
goTenna Mesh Off-Grid Devices [$125 for two]
If you know someone who loves to travel or regularly spends time outdoors hiking or camping, they could probably benefit from devices that enable them to stay connected just about anywhere in the world. Mesh Off-Grid devices connect to your smartphone and provide GPS location details as well as the ability to send encrypted chat/text messages to any other Mesh devices within a four mile radius. It can also send out public emergency alerts to any smartphones in the area should the situation require it. It’s a perfect way to stay connected in areas where cell service is unreliable or nonexistent, or to avoid roaming/international data charges when traveling abroad. The devices also include access to the goTenna app, which features detailed offline maps of any region in the world just in case you happen to get lost.
Neo Smartpen M1 with Transcribing Notebook [$115]
Blur the lines between analog and digital with a smartpen able to convert your handwriting and drawings into data you can download, edit, and share through all of your devices. The Neo Smartpen M1 works exactly like a normal pen, so you can take notes in meetings or jot down ideas onto a pad of paper whenever the mood should strike you. Using an internal memory card, the smartpen keeps track of every stroke and scribble up to 1,000 size A4 pages, which can then be sent to a phone, tablet, or laptop exactly as they appear on the page via the Neo Notes app. The app can also convert your handwriting to plain text, though you may need to make some minor corrections if the program has trouble deciphering your particular brand of chicken scratch. From there, notes can be edited and shared with others through common services such as Microsoft OneNote, Adobe Cloud, and Google Drive.
Hidrate Spark 3 Smart Water Bottle [$60]
Most doctors advise people to drink anywhere from six to eight 8-ounce glasses of water every day. That’s a lot of water, but essential to our survival as dehydration can leave you sluggish and create a whole host of other problems in the human body. Unfortunately a majority of people don’t quite reach the recommended daily water consumption benchmark, though it’s not for lack of effort. Days get busy, and taking regular sips from a water bottle might not be the first thing on our minds. That’s where the Hidrate Spark 3 Smart Water Bottle comes in. You fill it with water, connect it to your smartphone via Bluetooth, and keep track of exactly how much you’re drinking. Set hydration goals for yourself with the free hydration app, compete with friends and co-workers to see who can drink the most water, and receive push notification reminders encouraging you to take a sip periodically throughout the day. Oh, and it also glows to show you the water level as well as occasionally blinks to catch your attention when it’s time for a drink. You can even sync it to most fitness apps so your hydration goals can properly adjust based on your activity levels throughout the day. If you know someone who wants to drink more water but struggles to do so, this might be the perfect gift for them!
Wyze Cam Pan [$35]
While Cisco’s Meraki Cameras might be an ideal choice to keep an eye on secure areas of your business, they’re probably not the right fit for personal use around the house. That would be the equivalent of using a flamethrower to light a birthday cake candle. Thankfully there are plenty of high quality and affordable home security cameras available to help protect all types of rooms and indoor areas. Developed by former Amazon employees, the Wyze Cam Pan offers a compact security camera with the ability to pan, tilt, and zoom in 1080p HD video. Users can live stream video from anywhere through their smartphones, and even talk to others through two-way audio. The camera also has infrared night vision up to 30 feet, plus motion and sound detectors so it only records when there’s action. You can set the camera to send push notifications to your phone in certain situations, and can control certain features using a voice assistant such as Alexa or Google. All video is stored for free in the cloud for 14 days, or owners have the option of buying a separate MicroSD card to save video that way. Basically, this camera is packed with all of the advanced settings and security features you could want in an easy-to-use and inexpensive package.
Of course if your company is interested in picking up something nice to enhance technology across the organization, Sentinel would be more than happy to help make that holiday wish come true. Please contact us if you are interested in learning more!