Category: Chicago

Chicago, CrossRealms, CrossRealms Team

My Experience at CrossRealms

Jul 16, 2019 by Sam Taylor

Hi, my name is Dayoung KO, I’m from Korea and I am working as a marketing intern at CrossRealms. I am studying abroad here at IIT, and this internship is a part of my schooling. Since the internship class that I’m in is only scheduled for 6 weeks, this will be my last week here at CrossRealms.

 

Thinking back over the past few weeks at CrossRealms, I can describe the experience in a few words: “I’ve learned a lot.” I remember the very first day I met Usama, the president of CrossRealms. He told me that he wants me to learn as much as I can from here as well as share my culture with my co-workers who are from different cultures. As a result, I learned not only about the marketing field I’ve been working in, but I’ve also learned about building personal relationships with coworkers with different cultural backgrounds.

 

One thing I enjoyed about CrossRealms, is that every employee is free to speak their mind. Regardless of what kind of work I’ve done, I participate in almost every meeting for marketing. My co-workers always asked my opinion and had me speak out during the meeting. I felt totally free to give my opinion and ask questions when I did not understand certain things. I could feel myself building real relationships with them and felt that they have truly respected me. My co-workers were interested in Korean things, so we went out as a company to Korean restaurant so that I could talk about Korean culture and food. I know that not all the companies in the US have the same culture, but the culture of CrossRealms is totally different from Korea, in a positive way.

 

I really appreciate having been a part of CrossRealms though it was only for 6 weeks. Thanks to Usama, Sam, Unme, Johanna, Candice, Matt, Constantine, and Jasper! I hope to see you guys again.

 

안녕하세요, CrossRealms에서 마케팅 인턴으로 일하고 있는 한국에서 온 고다영입니다. 인턴십 과정이 포함된 프로그램으로 IIT에서 방문학생으로 수학 중입니다. 이 인턴십 과정이 6주로 예정되어 있기 때문에 이번주가 CrossRealms에서의 마지막 주가 될 것입니다.

 

CrossRealms에서의 지난 몇 주를 회고해보면 딱 한 문장으로 설명할 수 있을 것 같습니다. “많은 것을 배웠습니다.” 창업자인 Usama를 만났던 첫 날을 떠올리면 그가 저에게 했던 말이 기억에 남습니다. 그가 제게 기대하는 유일한 것은 제가 여기서 배울 수 있는 최대한 많은 것을 배우고 다양한 문화권의 동료들과 저의 문화를 나누는 것이라고 했습니다. 그 결과로 저는 제가 일했던 마케팅 분야뿐만이 아니라 문화적 차이와 인간관계를 맺어가는 과정을 배울 수 있었습니다.

 

이 회사에서 좋았던 점 중 하나는 모든 동료들이 서로의 의견에 스스럼없이 자신의 생각을 말합니다. 제가 어떤 업무를 하고 있던 상관없이 저는 거의 모든 마케팅 회의에 참여했는데

 

동료들과 상사는 항상 제 견해를 물어봤고 회의 중에 제 의견을 피력할 수 있도록 도와주었습니다. 그 결과로 자유롭게 제 의견을 말하고, 궁금한 것이 있거나 이해가 안됐을 때 스스럼없이 질문할 수 있었습니다. 저는 그들과 개인적인 인간관계를 형성해가고 있음을 느꼈고 그들이 저를 존중해준다는 느낌을 받았습니다. 또한 모든 동료들이 한국에 관심이 많아서 다같이 한국음식점에 가서 문화와 음식을 나누기도 했습니다. 미국의 모든 회사의 문화가 이와 같지 않은 것은 사실이지만, CrossRealms의 사문화는 완전히 긍정적인 의미에서 한국과는 몹시 달랐습니다.

 

비록 6주에 불과했지만 그 동안 CrossRealms의 구성원이 될 수 있음에 감사했습니다. 제 인턴십 과정은 끝났지만 저는 계속해서 CrossRealms와 함께 나아갈 예정입니다. Usama, Sam, Unme, Johanna, Candice, Matt, Constantine, 그리고 Jasper까지 모두에게 고맙습니다! 다시 만나기를 기대할게요

Written by Dayoung KO

글: 고다영

Chicago, CrossRealms Team

Plants with Sam: Snake Plants

Jul 16, 2019 by Sam Taylor

Hi, Sam here with the latest installment of Plants with Sam! As a reminder, I’m starting a new blog series on the care of plants to complement CrossRealms’ Let’s Grow initiative. My first post with more details can be found here.

 

Today I would like to talk about the snake plant. The snake plant is a part of the Sansevieria family and another common nickname for it is mother-in-law’s tongue.

 

Sansevierias are perfect plants for those who tend to be forgetful, and don’t always water their plants. I just recently got one of my own and love the way it looks. We have one in the office as well. They can grow to be pretty large so they make great floor plants when they are older.

 

Snake plants are very tolerant and can survive most conditions, including low levels of light, as well as drought and just being ignored in general.

Although it is easy to care for, here are a few tips and tricks to keep your snake plant happy:

Light

While sansevierias can handle any light and can handle low light or full sun, it is best to give it indirect light.

Water

Because snake plants are considered succulents, they can be very susceptible to rot. It’s best to not water too often, and barely any water at all during the winter. Try to let the soil dry out completely between waterings.

Soil

Most soils that drain quickly would work fine for these plants, but since they originate from the desert, sandier soils will work best.

Temperature

Temperatures between 55 and 85 degrees Fahrenheit are best. Anything below 50 will damage the plant.

Fertilizer

Feed with a mild cactus fertilizer once during the growing season or a balanced liquid slow-release (10-10-10 fertilizer) diluted to half-strength. Don't fertilize in the winter.

If you follow these tips, your snake plant will have no issues being happy and healthy! Don’t forget to stay tuned for more plant care tips!

Business Continuity, Chicago, Compliance, CyberSecurity, Data Protection, Development, Disaster Recovery

BUSINESS CONTINUITY IN THE FIELD: A SERIES OF CASE STUDIES BY CROSSREALMS

Jul 11, 2019 by Sam Taylor

Case Study #1: Rural Hospitals and New Technologies: Leading the Way in Business Continuity

The purpose of this series is to shed light onto the evolving nature of Business Continuity, across all industries. If you have an outdated plan, the likelihood of success in a real scenario is most certainly diminished. Many of our clients already have a plan in place, but as we start testing, we have to make changes or redesign the solution altogether. Sometimes the Business Continuity plan is perfect, but does not include changes that were made recently – such as new applications, new business lines/offices, etc.

In each scenario, the customer’s name will not be shared. However, their business and technical challenges as they relate to Business Continuity will be discussed in detail.

Introduction

This case study concerns a rural hospital in the Midwest United States. Rural hospitals face many challenges, mainly in the fact that they serve poorer communities with fewer reimbursements and a lower occupancy rate than their metropolitan competition. Despite this, the hospital was able to surmount these difficulties and achieve an infrastructure that is just as modern and on the leading edge as most major hospital systems.

Background

Our client needed to test their existing Disaster Recovery plan and develop a more comprehensive Business Continuity plan to ensure compliance and seamless healthcare delivery in case of an emergency. This particular client has one main hospital and a network of nine clinics and doctor’s offices.

The primary items of concern were:

  • Connectivity: How are the hospital and clinics interconnected, and what risks can lead to a short or long-term disruption?
  • Medical Services: Which of their current systems are crucial for them to continue to function, whether they are part of their current disaster recovery plan, and whether or not they have been tested.
  • Telecommunication Services: Phone system and patient scheduling.
  • Compliance: If the Disaster Recovery system becomes active, especially for an extended period of time, the Cyber Security risk will increase as more healthcare practitioners use the backup system, and, by default, expose it to items in the wild that might currently exist, but have never impacted the existing live system.

After a few days of audit, discussions, and discovery, the following were the results:

Connectivity: The entire hospital and all clinics were on a single Fiber Network which was the only one available in the area. Although there were other providers for Internet access, local fiber was only available from one provider.

Disaster Recovery Site: Their current Business Continuity solution had one of the clinics as a disaster recovery site. This would be disastrous in the event of a fiber network failure, as all locations would go down simultaneously.

Partner Tunnels: Many of their clinical functions required access to their partner networks, which is done through VPN tunnels. This was not provisioned in their current solution.

Medical Services: The primary EMR system was of great concern because their provider would say: “Yes, we are replicating the data and it’s 100% safe, but we cannot test it with you – because, if we do, we have to take the primary system down for a while.” Usually when we hear this, we start thinking “shitshows”. So, we dragged management into it and forced the vendor to run a test. The outcome was a failure. Yes, the data was replicated, and the system could be restored, but it could not be accessed by anyone. The primary reason was the fact that their system replicates and publishes successfully only if the redundant system is on the same network as the primary (an insane – and, sadly – common scenario). A solution to this problem would be to create an “Extended LAN” between the primary site and the backup site.

Telecommunication: The telecommunication system was not a known brand to us, and the manufacturer informed us that the redundancy built into the system only works if both the primary and secondary were connected to the same switch infrastructure.

Solution Proposed

CrossRealms proposed a hot site solution in which three copies of the data and virtual machines will exist: one on their production systems, one on their local network in the form of a Cohesity Virtual Appliance, and one at our Chicago/Vegas Data Centers. This solution allows for instantaneous recovery using the second copy if their local storage or virtual machines are affected. Cohesity’s Virtual Appliance software can publish the environment instantaneously, without having to restore the data to the production system.

The third copy will be used in the case of a major fiber outage or power failure, where their systems will become operational at either of our data centers. The firewall policies and VPN tunnels are preconfigured – including having a read-only copy of their Active Directory environment – which will provide up-to-the-minute replication of their authentication and authorization services.

The following are items still in progress:

  • LAN Extension for their EMR: We have created a LAN Extension to one of their clinics which will help in case of a hardware or power/cooling failure at their primary facility. However, the vendor has very specific hardware requirements, which will force the hospital to either purchase and collocate more hardware at our data center, or migrate their secondary equipment instead.
  • Telecom Service: They currently have ISDN backup for the system, which will work even in the case of a fiber outage; once the ISDN technology is phased out in the next three years, an alternative needs to be configured and tested. Currently there will be no redundancy in case of primary site failure, which is a risk that may have to be pushed to next year’s budget.

Lessons Learned

The following are our most important lessons learned through working with this client:

  • Bringing management on board to push and prod vendors to work with the Business Continuity Team is important. We spent months attempting to coordinate testing the EMR system with the vendor, and only when management got involved did that happen.
  • Testing the different scenarios based on the tabletop exercises exposed issues that we didn’t anticipate, such as the fact that their primary storage was Solid State. This meant the backup solution had to incorporate the same level of IOPS, whether local to them or at our data centers.
  • Run books and continuous practice runs were vital, as they are the only guarantee of an orderly, professional, and expedient restoration in a real disaster.
Chicago, CyberSecurity, Data Protection

100,000+ MALICIOUS SITES REMOVED WITHIN LAST TEN MONTHS

Jul 11, 2019 by Sam Taylor

Amidst a news cycle rife with malware incidents and cyberattacks, there is one shining spot of hope: 100,000 malware sites have been reported and taken down within the last year.  

Abuse.ch, a non-profit cybersecurity organization, has spearheaded a malicious URL hunt known as the URLhaus intiative. First launched in March 2018, a small group of 265+ security professionals have been searching for sites that feature active malware campaigns. These reported sites are passed down to information security (infosec) communities, who work to blacklist or take down URL’s completely.

While abuse reports are rolling in, there has been slow action on the web hosting provider’s part. Once a provider has been reported to have a malicious site, they need to take action in removing or altering the site. Average times to remove the malware infected site has been reported to be 8 days, 10 hours, and 24 minutes– a generous time delay that allows the malware to infect even more end users.

Heodo is one of the most popular malwares used, a multi-faced strain that can be utilized as a downloader for a variety of other attacks, acting as a spam bot, banking trojan, or a credentials swiper.

While sites aren’t responding with a particular deftness, it is still quite a feat to gather all these malicious URL’s with the power of such a limited group of researchers.

3CX, Business Continuity, Chicago, CyberSecurity, Data Protection

FROM THE TRENCHES: 3CX SECURITY

Jul 11, 2019 by Sam Taylor

This past month one of our clients experienced a security compromise with their phone system, where 3 extensions had their credentials swiped. Among the information taken was the remote phone login information, including username, extension and password for their 3CX phone system.

Our first tip off of the attack was the mass amount of international calls being made. We quickly realized that this was not your traditional voicemail attack, or SIP viscous scanner attack because the signature of it was different (more below). To alleviate the situation we immediately changed their login credentials, but to our surprise the attack happened again with the same extensions within minutes of us changing their configuration.

For those of you thinking that the issue can be related to a simple or easy username and password (extension number and a simple 7-digit password), that wouldn’t be the case here. It’s important to note that with 3CX version 15.5 and higher, the login credentials are randomized and do not include the extension id, which makes it a lot harder to guess or brute force attack.

We locked down International dialing while we investigated the issue, and our next target was the server’s operating system. We wasted hours sifting through the logs to see if there were any signs of attack, but absolutely none were present. We next checked the firewall and again saw no signs of attack– so how was this happening? How were they able to figure out the user ID and password so quickly and without triggering the built-in protections that 3CX has, like blacklisting IP addresses and preventing password guessing attempts?

Right back to square one, we needed more information. After contacting different contacts of the client, we found out that the three extensions were present at an International venue, which interestingly enough, was the target of all the International calls!!! Phew, finally a decent clue. Under the assumption of a rogue wireless access point present at the hotel, we asked them to switch to VPN before using their extension, which stopped any new authentication fields from being guessed  – – –

While we were able to get our client up and running again, there was something a bit more interesting going on here. The hackers were using a program to establish connections and then use those connections to allow people to dial an International country on the cheap (margins here are extraordinary). That program is using an identifier “user_agent” when establishing a connection to make the calls. If we filter for that, they will have to redo their programming before they can launch the attack again, which proved to be a quick and instantaneous end to this attack irrespective of source– even if they acquire the necessary credentials.

Here’s how I would deal with this next time, in 3CX you can follow the following steps:

Go to

  1. Settings
  2. Parameters

3. Filter for “user_agent”

4. Add the user agent used (The Signature) in the attack to either fields and restart services

Eg. The Signature (Ozeki, Gbomba, Mizuphone)

Chicago, CyberSecurity, Data Protection, Hacking

GOOGLE+ TERMINATED IN RESPONSE TO LEAKAGE OF USER’S DATA

Jul 11, 2019 by Sam Taylor
Google+ has hidden a data breach for the past 6 months in order to avoid a larger fallout.

In response to a publicized security breach, Google is looking to shut down their failed social media site. Google+ was created with the intention of overthrowing Facebook, but instead has left its scanty user base exposed to third-party data intrusions via software bug.

How Data Was Compromised

Destined to be a popular site, Google+ was once an exclusive social media alternative that required an invitation, which made it all the more alluring; how users data was then shared with others is less exclusive. When signing into apps, there was the option to sign in with Google+,  similar to signing into an app with Facebook, which then allowed the app to collect and harvest data generated by the user. When a Google+ user logged in with their account, they not only offered up their information, but also their friend’s information.

Who Was Affected

While Google+ never experienced the fame it had predicted, there was still a notable user base. 500,000 users were ultimately affected by this security bug, which revealed their age, jobs, and local information– placing them in danger of fraud. The software bug gave approximately 438 third-party vendors access to users private information from 2015 to March 2018, when the loophole was discovered.

Why Was it Not Made Public

The Google+ data leak was discovered in March– incidentally the same month that Facebook was under fire for the Cambridge Analytica scandal. Looking to avoid Facebook’s fate, Google+ chose not to disclose the data leak– instead choosing to quietly repair the software bug. The difference in data leaks is rather apparent, with Google+ having a much smaller user base in comparison to Facebook.

What You Can Do

Many users made a Google+ account when it was all the rage, but most didn’t use it after initial creation. While you may not be using Google+ anymore, one of your friends might have– leaving you exposed. Checking to see if you have a Google+ account is as simple as checking your gmail or university email, then going into your settings to completely delete the Google+ account. A lot users have an account and they don’t even realize it.

The site is said to shut down in ten months, while leaving a business aspect of Google+ still available.

Business Continuity, Chicago, Data Protection, Hacking

TECH UPDATE: 10 FEATURES YOU’LL LOVE ABOUT THE WINDOWS TEN UPDATE

Jul 11, 2019 by Sam Taylor
Windows 10 October 2018 Update

The October Windows Ten Update was released earlier this week, with changes that are sure to suit every user. The update will be available via the Windows website, or will begin to sneak onto Windows users screen as a reminder within the next week.

Kicking off this update are these ten new features:

Fewer Restarts

One of the most grating features of previous updates were sudden restarts. Dona Sakar, a Windows Insider, has noted these disruptions, “We heard you… We trained a predictive model that can accurately predict when the right time to restart the device is.” This means that getting up to get a cup of coffee won’t mean coming back to a computer in reboot mode.

Battery Usage

What’s draining your battery? Task Manager has a new feature that will allow you to view how much battery each app and program is using, best for identifying that excessive power gobbler.

Bluetooth Battery

Love your new wireless headphones? With the new update Windows users will able to see how much battery each of their bluetooth batteries has left.

Text Slider

Among the updates is one that will benefit those who need larger text. Instead of zooming in on a page and distorting the website layout, this text slider will allow the text itself to appear larger.

Snip and Sketch

Bundling multiple applications into one, the “winkey + shift + s” option will allow for a quick screenshot with the possibility of sketching on the saved image. Sharing and printing the saved clipboard image has gotten easier.

Phone Sync  

Texting doesn’t have to stop at your phone. Syncing your phone has never gotten easier, the Windows update allows for you phone to link to your computer.The new “Your Phone” feature allows for messages and photos to be linked to your Windows 10 device. This means there is no need to transfer large files via Dropbox or email. 

As for compatibility, this works best with Androids and is quickly expanding for better functionality with Apple products.

Dark Mode

Dark Mode has expanded to other Windows 10 applications: File Explorer. This fan-favorite dark screen theme has expanded to your search for files.   

Cloud Clipboard

Those that have multiple Windows 10 devices will find this feature of the update most useful. With the Cloud Clipboard feature, you can easily have the same files available across all devices. The transition of moving from a work computer to home computer has been simplified with the new update. 

Search Preview

Looking for a file just got easier. With this new search preview feature, a user can search within the start menu and will be able view previews of the files. Allowing for an effortless search.

HDR Support

With the gamer in mind, this Windows 10 update will allow for more contrast and vivid colors than ever. While HDR support has been difficult in the past, this update is looking to fix that.

The new update will also allow for ray-tracing, a Nvidia feature that will allow for better gameplay.  

Chicago, CyberSecurity, End User Security, Hacking, Phishing

APPLE USERS ARE LEFT EXPOSED TO A NEW PHISHING ATTACK

Jul 11, 2019 by Sam Taylor

This new phishing attack has gained a level of sophistication that will trick even a trained user. An unpatched URL vulnerability allows a hacker to imitate a website address and then acquire information through a fake login portal.

The URL vulnerability was discovered by Rafay Baloch, a security researcher based in Pakistan. Microsoft Edge by Windows and Apple Safari by iOS are the two major browsers affected. While Microsoft has created a patch for the spoof URLs in the previous month– meaning Google Chrome and Mozilla Fox users are in the clear.

Baloch discovered that this vulnerability (CVE-2018-8383) as a result of a race type condition issue: a web browser will allow JavaScript to change the web address in the URL bar while a page is loading.

Here’s how this phishing attack works: hackers are able to load an authentic webpage, allowing for the proper web address to display in the URL bar, and then quickly swap in a more sinister code. Users are then led to what appears to be a legitimate login screen, where usernames and passwords are then captured. This can easily deceive a vigilant user, as the web address doesn’t appear to change drastically.

Any website can be recreated by a hacker with this URL loophole, including Gmail, Facebook, Twitter, and even a large number of banking websites.  

Baloch produced a proof-of-concept (PoC) page where he exposed the URL vulnerability on both Microsoft Edge and Safari. Both web pages granted JavaScript access to change the web address in the URL bar while the page was still loading.  

Ultimately, it’s best to double-check web addresses, but to also keep an eye on the latest phishing attacks.

To read more about technical details about the phishing attack, read Baloch’s blog.

Chicago, CrossRealms

EXPERIENCE CHICAGO: CUSTOMER REFERRAL PROGRAM

Jul 11, 2019 by Sam Taylor

As a thank you for a decade of innovation and success, we’re introducing a referral program that offers you an opportunity to truly Experience Chicago!

As the summer winds to a close, we ask you to help us continue to grow! If you’re happy with the IT services your company utilizes, refer a friend or business connection so we can continue to improve our services.

When you refer a qualifying client to CrossRealms, we will treat you to your choice of one of these exciting, uniquely Chicago experiences:

  • Chicago Helicopter Experience Tour
  • Chicago Line Architectural Cocktail Cruise
  • Chicago Sports Game
  • Exotic Car Tour

If you’re proud to call us your IT provider, spread the word! If you know someone in need of IT services, you’re eligible! Click the link below to participate and learn more! http://newtheme.jlizardo.com/experiencechicago/

Chicago, Community & Events, CrossRealms, CrossRealms Team

MEET THE NEWEST MEMBER OF CROSSREALMS’ ENGINEERING TEAM!

Jul 11, 2019 by Sam Taylor

Meet Jasen Jackson, the newest addition to CrossRealms’ engineering team! Jasen has a BS in Information and Computer Science: Networking and Security, and over 9 years’ experience working in IT.

“I know that exceptional IT service goes hand in hand with a commitment to excellent customer service and I’m dedicated to both,” Jasen said. “I’m also very excited to be a part of CrossRealms’ growth as it starts its second decade of providing IT services to companies throughout the Chicagoland area.”

Jasen is currently working towards completing his CCNP and CCNA certifications. A married father of three, he has an affinity for dogs, muscle cars, music, camping and philosophy!

We are excited that Jasen is adding his decade-long experience to the CrossRealms’ technical team and are looking forward for you to meet him!