April 26, 2019 Albany Zeno

One key area of concern that I am noticing when vetting and designing a customer’s solution is the lack of attention that is given to the bandwidth that is ACTUALLY needed to transmit their data, run their apps, etc. Often times the estimated bandwidth needed is severely underestimated and being miscalculated with speed or “throughput” estimates vs. bandwidth needs. Think of it this way, when you are sitting in a 6 lane traffic jam on the highway going 10 miles per hour in a car that can do over 100 miles per hour, the problem is not the car, the problem, at this particular time, is the number of lanes that is being utilized, or blocked at the peak time in which most people are trying to use it. The cars ability to go 100+ miles per hour in this scenario is the speed; whereas the highway and lanes in which the car travels on is the bandwidth. So, when thinking of a solution, are you ok with traffic jams during peak times that can result in Jitter, Latency, Packet Loss etc., or would you determine if an 8-lane highway is more suitable?

When planning on how much bandwidth is enough, you would need to take into account the number of users, number of devices, size of your office or home, intended usage, current/future network MAXIMUM capabilities of throughput, in addition to deciding which is most important – figuring which device will deliver the data the cheapest (per unit or per mbps) or getting my data there efficiently. Check and compare manufacturers throughput allowance when designing your network. The most expensive or most well-known brand is not always the best performing.

Security parameters or protocols will eat into your speed, much like if the car you are driving on an open freeway has car washes on said freeway every 5 miles and you MUST go through them. Your time from A to B would be delayed.

Normal digital footprint for speed in the data ecosystem is about 12-19 Mbps per user and if you are working with 4K streaming it jumps to 25-39 Mbps per user. Factor in your peak times with usage estimates and see where you fall within. Additional things to think about, as you transition to more AI and Automation, how will that consume your network capabilities.

There are many different highway types, i.e. Wi-Fi, WLAN, LAN, 4G, 5G, WAN, SD WAN, etc. Each type has a limit based on the manufacturer throughput allowance (going 35 miles per hour vs. 70 miles per hour)

Here are the speeds you can expect*

Internet Connection Bandwidth
56 kbit/s Modem / Dialup
1.5 Mbit/s ADSL Lite
1.544 Mbit/s T1/DS1
2.048 Mbit/s E1 / E-Carrier
4 Mbit/s ADSL1
10 Mbit/s Ethernet
11 Mbit/s Wireless 802.11b
24 Mbit/s ADSL+
44.736 Mbit/s T3/DS3
54 Mbit/s Wireless 802.11g
100 Mbit/s Fast Ethernet
155 Mbit/s OC3
490 Mbit/s 5G 3.5 GHz
600 Mbit/s Wireless 802.11n
1 Gbit/s Gigabit Ethernet
1.3 Gbit/s Wireless 802.11ac
1.4 Gbit/s 5G 28 GHz
2.5 Gbit/s OC48
5 Gbit/s USB 3.0
7 Gbit/s Wireless 802.11ad
9.6 Gbit/s OC192
10 Gbit/s 10 Gigabit Ethernet, USB 3.1
40 Gbit/s Thunderbolt 3
100 Gbit/s 100 Gigabit Ethernet

*speeds are only peak speed recordings; you will never achieve these numbers during normal use due to overhead and other network factors.

February 15, 2019 Jerry Young

 

5 Biggest Security Myths Busted

The rise of the modern collaborative digital workplace means an increasing number of wireless, mobile and BYOD users on company networks. That’s why endpoint security has become an important strategy for protecting business data assets, but there are a number of common misconceptions about it. We invite you to review the top five biggest myths, and then consider how advanced HP security solutions from MNJ Technologies can help keep your company safe.

1. “We’ve got antivirus so we’re good”
Don’t think just because you have an antivirus product installed on all your devices that you’re protected against malware of every kind. If the antivirus protection isn’t regularly updated, or you don’t do regular security scans, the latest iteration of malware can sneak in without you knowing. Same with periodic OS updates from each device’s manufacturer: you need to do them, but they can’t protect you against everything. Cybercriminal methods quickly have become so sophisticated that a dense patchwork of antivirus, anti-spyware, firewalls and intrusion detection won’t even slow them down.

2. “Endpoint security slows down workflow”
You may have heard that rigorous endpoint security protection tools get in the way of work because they slow down apps or interrupt people from doing their jobs. This myth probably arose due to the effect of bad implementations of security tools rather than any fault of the tools themselves. The best endpoint security tools are specifically designed to provide the necessary level of security without affecting the workflow or user productivity.

3. “Some protection is better than none”
If you were concerned about a burglary, you wouldn’t lock your front door but fail to arm your home security system. We all know that layers of protection are more effective. A layered approach to endpoint security is also the best one, and ideally includes a number of different elements, like network perimeter security, strong user authorization policies, end-user education, data access monitoring and disaster recovery protocols.

4. “All our endpoints are covered”
Even if you diligently apply security patches and put up a good defense-in-depth, don’t assume you’ve got security covered. No company is ever hackproof. Hackers work hard to find new ways to exploit software or human nature to get into an endpoint. And too many companies are not prepared for the consequences of a data breach. You should always assume a data breach will occur, and continuously monitor and strengthen your security posture.

5. “We’re too small of a target”
Huge corporations and big-name businesses that get hacked make the news most often, and so it can seem like only big companies are being targeted. Wrong. Cybercriminals actually seek out small businesses with ties to larger ones — in hopes of getting access to the larger companies. For example, in 2013, hackers breached a small HVAC service company and gained access to all the credit card data in a major retailer’s point-of-sale system.

Keep endpoints secure with MNJ Technologies
MNJ can help strengthen your endpoint security by upgrading old, outdated, or insecure devices to the latest notebooks and tablets equipped with multiple levels of protection. We’re a strategic technology solutions provider that specializes in helping transform businesses both large and small with best-in-class solutions and services. As an HP Gold partner, MNJ Technologies can give your company the advantages of superior security features- such as HP Sure StartGen4, HP Sure Run, and HP Sure Recover —available on HP Elite PCs and HP EliteBooks. Consult with the experienced professionals at MNJ today to discover how we can help you keep your company’s valuable data resources safe from hackers.

 

February 15, 2019 Jerry Young

 

Can your business survive being hacked?

Cybercriminals and data thieves are experts at exploiting the vulnerabilities of notebooks and tablets. Data breaches and intrusions reported by businesses of all sizes are at an all time high. Could your company recover from identity theft, stolen competitive information, or compromised customer data? Find out how you should respond to being hacked, and then consider strengthening endpoint security with advanced solutions from MNJ Technologies.

Investigate and verify the attack
It’s important to have an incident response team in place that can immediately swing into action following a cyberattack. Quick response is the key to limiting damages. According to a Ponemon Institute study, leveraging an incident response team was the single biggest factor associated with reducing the cost of a data breach — saving companies nearly $400,000 on average. Here are the first, critical steps your team should take:

  • Identify the compromised systems
  • Investigate IP addresses used in the attack
  • Determine the type of attack, e.g., virus, malware, unauthorized access, etc.

Once you know the details of the threat or vulnerability, you can immediately warn other users on the network and inform them what type of attack to look for and how to avoid it.

Mitigate and isolate the damage
Don’t panic and shut down your entire network, disrupting your business operations and risking missed deadlines, angry customers, and damage to your company reputation. Instead, get busy isolating and mitigating damage to affected systems.

Don’t hesitate to notify customers and stakeholders of the attack. It’s better to admit to a data breach up front rather than keep the attack a secret. Should news get out that you’ve tried to hide or cover up a security breach, your company’s integrity could take a big hit.

Quarantine all infected computers or impacted applications on the network. By isolating affected systems, you can contain the damage and prevent any virus or malware from spreading. Your incident response team should also look for backdoors that hackers may have set up to get into your system in the future. If vendors, customers, or suppliers have been hacked, block all access from these accounts until security issues have been resolved.

Plug the holes, spread the word
Change company-wide passwords for access to any systems that were affected, and install clean data and software backups, preferably from off-site devices not connected to your network. Make sure there are no default “admin” or other obvious usernames and passwords in place that could allow hackers back in. Then, spread the word: Take steps to ensure all employees are trained in basic cybersecurity procedures and policies, such as keeping passwords secure, not sharing personal information, and avoiding emailed links and downloads.

Get the best protection for endpoint devices
By now, you’ve probably figured out that the best way to survive a data breach is not to have one. Endpoint devices have become the latest target, and attacks against notebooks and desktops increased by 132% in 2016 alone. That’s why it’s essential to strengthen endpoint security by replacing old, outdated, or insecure devices with notebooks and tablets equipped with multiple levels of protection to help secure your company’s valuable data assets.

Stay secure with MNJ Technologies
MNJ is a strategic technology solutions provider that specializes in helping transform businesses both large and small with best-in-class solutions and services that enable them to exceed expectations. We know every business is unique. That’s why we strive to understand your technology challenges and company goals, so the solutions we provide will drive business success for your organization. As an HP Gold partner, MNJ Technologies can give your company the advantages of superior security features- such as HP Sure StartGen4, HP Sure Run, and HP Sure Recover — available on HP Elite PCs and HP EliteBooks. Consult with the experienced professionals at MNJ today to discover how we can help you keep your company’s valuable data resources safe from hackers.

October 12, 2017 Nick Kozak

In the world of IT, hot topics usually come and go quite quickly.  However, SD-WAN remains a topic of interest among any client with multiple locations. While many networking technologies are often labeled “the next big thing,” SD-WAN is delivering on the promise. Adoption rates are increasing exponentially and production implementations are happening almost daily. Companies that are refreshing WAN edge equipment, renegotiating carrier contracts, building out new branches, or aggressively moving apps to the cloud, should be seriously considering SD-WAN. When advising clients on this, MNJ usually gets the question, “are there any downsides?

With this backdrop in mind, here are some of the downsides that we have seen in SD-WAN deployments:

  • Substantial security gaps at branch locations could occur if the internal security posture does not align with the deployment of SD-WAN as whole.  While there may be an overall savings in the cost of your WAN by introducing SD-WAN, customers should review the security strategies to ensure their SD-WAN deployment is not compromised with a security breach. Many well-known SD-WAN vendors/products will not discuss this with you because it simply is not their business, but it should be brought up with your IT team or vendor.
  • SD-WAN can facilitate a move towards lower-cost Internet transport, but this can lead to challenges in managing heterogeneous connectivity.  MPLS did something that everyone knows about, but that most people don’t really appreciate – consolidate office interconnectivity over a single vendor.  The proverbial “single-hand to shake.”  In speaking with clients who were early adopters of SD-WAN, I discovered that nearly all started bringing in multiple low cost bandwidth connections, only to find that the offerings prompted them to bring in a third-party aggregator to manage it.  Managing the various vendors became a full-time job, which was not anticipated when deploying.
  • Despite fancy marketing terms like “software defined” and “touchless provisioning,” it still involves hardware and a time investment from your IT group.
  • SD-WAN offers a fancy GUI interface for administration, and while this makes for ease of management, it also abandons knowledge of the traditional skills associated with networking.  While this is great when everything is functioning flawlessly, it can tend to cause issues in design as well as supporting problems with the implementation.   
  • SD-WAN is much easier to configure and operate than traditional routers, yet many SD-WAN implementations have added technical debt to the branch because clients can’t relinquish the comfort a traditional router brings them.  Most SD-WAN vendors allow for clients to keep their routers, but that doesn’t mean customers should.  As SD-WAN adoption rates continue to increase, routers will become more and more obsolete.
June 8, 2017 Nick Kozak

When thinking about IT, it is easy to imagine a solitary experience. Our society has painted a picture of an isolated workplace, a civilization that is only linked via a monitor screen or headset. In other words, a world void of face to face human interaction, which sounds like an extrovert’s nightmare. That was my fear when I entered the world of technology, feeling alone and lost in a jumble of acronyms and words there are no set definitions for. However, after immersing myself in the realm of IT, I was elated to discover that I was overwhelmed by the rich connections and relationships I was able to form and experience not only with my fellow colleagues, but the incredible partnerships the company I work with has. Instead of isolation, the communication that flows between networks and different spheres of hardware, solutions, and offerings is constant. This is a society that values sharing knowledge and improving yourself because it makes the community a more successful place.

This culture can be compared to the family dynamic theory, a pattern where each member interacts as a unique player although still sharing similarities. To be immersed in this culture is an incredibly empowering experience. The technology that defines this society is constantly changing and improving. In order to stay relevant in the ‘family’, you must continue to grow and achieve bigger and better things. Some might think, “this sounds like a competitive and aggressive description”. However, I have found the opposite to be true. The IT community encourages growth and supports the setbacks, as they only show room for improvement. By facilitating growth in a competitive environment, there is a solidarity that can be found, which allows for progress in your particular area of expertise.

MNJ Technologies is a great example of this culture. There are multiple pieces that go into a successful and growing company, for example, in order for one department of an IT company to succeed, they depend on all the other departments to fulfill the needs of the ‘family’. No one department is seen as more important than the other. There must be full interdepartmental cooperation every day in order to succeed and continue to promote the advancement of the community. I feel this goes to show the rich and inclusive culture that can be found throughout the IT community.

MNJ is a family owned business, which exemplifies the culture they exude not only with customers but with the supportive partners we have. By encouraging interdepartmental growth, MNJ has now been listed in CRN’s 2017 Solution Provider 500 List as well as in the CRN’s 2017 MSP 500: Elite 150 List. MNJ and our incredible partners have shared their knowledge and willingly supported each other to help form a stronger bond that certainly reflects in our customer’s experience as well as the success we have had.

January 26, 2017 Jason Chapman

Websites that don’t go full site HTTPS may be in for a surprise in the coming weeks. Google and Mozilla Firefox, popular web browsers, will now show a warning to users who visit websites not accessed through a secure connection. While only sites that collect passwords are impacted, that will still include a vast majority of websites.

Google, particularly, has been focused on creating a more secure and faster web; ranking secure, fast, and mobile friendly websites higher than their counterparts. In fact, site speed and security is now built into Google’s core search engine ranking algorithm.

Traditionally, e-commerce websites that collect sensitive customer and payment information have been the only sites to secure via SSL and HTTPS, while most customer-facing marketing sites have not even bothered to due to the cost and headaches associated with setup. However, over the past few years it has become much easier. Community driven projects like Let’s Encrypt, a community supported certificate authority, are now offering free SSL / TSL certificates. Not only that, web hosting companies are now integrating that service directly into their administration panels for webmasters to procure and install instantly.

It sounds like a no brainer, right? While it may seem as easy as setting up SSL and installing the certificate, there are a few gotchas. Your web team may have to perform additional work to ensure your site works properly over HTTPS.

Why? For one, most web pages actually load resources from several domains and CDNs (content delivery networks). Not only do websites need to load assets from their servers over HTTPS, they also need to make sure all third party assets (images, data, external javascript libraries) are also loaded over HTTPS. If not, your browser will display a mixed content warning which could be even worse. Essentially, this warning will tell customers that the site they are on thinks that it is secure, when it’s really not 100% secure.

Google has provided a list of considerations, but the following highlight the main areas that would need to be considered when going full-site HTTPS:

  • Server side redirects – your website should redirect all HTTP requests to HTTPS, so that your site is always accessed via HTTPS (secure), not HTTP (insecure)
  • Use the Fetch as Google tool to make sure your website is accessible via HTTPS
  • Ensure that www and non-www requests are encrypted

In the end, it may be a very easy fix for your site, or a complicated one, depending on your requirements, infrastructure and change-agility. Regardless of the effort involved, it’s your duty to ensure a safe browsing experience for your customers and of course they will greatly appreciate a company that provides them safety over a company that does not!

August 23, 2016 Nick Kozak

WAN (Wide Area Network) Optimization is often requested by our clients. They want their circuit to perform better than the TCP/IP (Transmission Control Protocol/Internet Protocol) windows will allow their traffic to. WAAS (Wide Area Application System) is Cisco’s response to this demand. Many of these products look similar, from Riverbed to Silverpeak, but in Cisco’s case the software exists on the router itself instead of a dedicated appliance. This is key when protecting an investment of a Cisco router versus competing products.

WAN Optimization typically becomes a priority once a WAN network is taken across many sites, long hauls, or international. A typical ping from the United States to China is over 200ms. This is a result of distance; the light can only travel so fast. With a delay of 200ms, the circuit performance becomes critical because the introduction of any jitter or packet loss will be dire to the throughput. Companies then install appliances like Riverbed, Silverpeak, or Cisco WAAS to do some of the following functions:

  • Packet Deduplication
  • Forward Error Correction
  • Packet Order Correction
  • Optimize SSL traffic

Utilizing this technology can increase the performance of your circuits and maximize the data transmitted. However, there is a core issue here that we regularly run into with our clients. These devices typically can improve circuit performance by 15-30%. This is a great number, but from an economy of scale perspective, this is relatively small. Increasing a 10Mb circuit by 15% will only add an additional 1.5Mb of throughput.

Some international sites will benefit from WAN Optimization when their existing bandwidth is sufficient. If it is a poor performing circuit, or they are frequently accessing a central file server on a long haul, these are prime candidates. It’s important to note that WAN Optimization is not the right answer for a location that is currently inundating the existing circuits. We need to review the bandwidth utilization, future growth, potential new systems, and the circuit performance. From here was can establish a plan of attack for how best to improve site performance.

June 11, 2016 Nick Kozak

The technology around circuitry is evolving. As a service provider, much of our business is involved in circuits. We feel the pain you feel when there is an outage. Recently in the Chicagoland area, there was an accidental fiber cut with Comcast that resulted in a six-hour outage for some of our clients. Not only does this bring our project work to a halt as we look at all solutions possible to bring clients back up, it exposes networks that do not have a back-up circuit. Many organizations site cost as the reason they do not have a back-up. There are ways of reducing that cost through Active/Active strategies.

MPLS has its place in the world, but it can be expensive. The reference to Public Internet is any non-guaranteed/bulk internet provider such as Comcast Business Class or Cogent. This also pertains to DIA circuits as well. To set a baseline, some obvious positives of these services are below.

MPLS:

  • SLA’s and performance guarantees
  • Secure route traffic and control
  • Easily monitored, maintained, and to troubleshoot

 

Public Internet/DIA:

  • Inexpensive per MB
  • Quick to install/turn up
  • Great way to handle non-mission critical traffic (Social Media, Streaming, etc.)

 

MPLS is needed for critical activities, especially with technologies such as voice, video, or anything that requires a secure, controlled circuit. Many of our clients use MPLS for their primary and their back-up with a larger MPLS as the primary for cost control. There are two ways to rethink this model; one is to use a Public Internet circuit for your bulk traffic and use an MPLS as a backup, and a way to route mission critical traffic.

The other way to rethink this model is a little more risky, but can save your organization money in the long run. One of our clients is using two Public Internet circuits at the majority of their sites, and only MPLS at a select few, larger sites. The purpose of this was to save money over the staggering rates they were paying for a nearly 100 site MPLS deployment. How did we do it? How does it work?

MNJ leveraged three existing technologies into one box. We used Cisco’s iWAN, DMVPN, and WAAS on a Cisco router, and put a router at each location. We put a central DMVPN hub into our core and centralized all routing protocols at this location. Utilizing WAAS, we are able to cover de-duplication and bandwidth optimization. Utilizing iWAN, the router is smart enough to determine which circuit is operating best and send traffic across the more effective circuit with performance based routing. Utilizing DMVPN, we were able to create a mesh network so that we did not have to place static routes at any of the client sites and we could simplify new site deployment

The benefit of this deployment is the client is able to save a great deal of money. By leveraging these technologies, the sites will perform nearly as effective as their MPLS circuits did previously, but at a fraction of the cost. Additionally, the DMVPN is smart enough to redirect traffic between locations directly instead of sending the traffic back to the core/hub every time, which saves on some bandwidth usage. While this solution may not be perfect for every organization, it is a good way to rethink WAN design when approaching the end of your existing circuit contracts.

May 11, 2016 Mark Dryfoos

Wireless growth continues to explode in today’s enterprise networks.  Wireless devices used for production, 1:1 initiatives for education, and BYOD have caused traditional wireless and network infrastructures to strain, and in some cases become, a bottleneck.  On top of that, 802.11ac Wave 2 access points capable of 5Gbps+ have recently been released.  These access points provide multiuser multiple-input multiple-output or (MU-MIMO) technology which splits signals between clients, maximizing throughput.

Additional speed and throughput is great – if you can support it.  The fundamental problem with providing the necessary speed to access points is that that majority of existing network infrastructure today, at the access layer, is 1GB.  How to get around this bottleneck?  Vendors have proposed two ways.

First, many new access points include a pair of 1GB Ethernet uplinks which can be combined together to provide a 2GB connection to and from the connecting switch.  This solution can work well, but requires costly, invasive and sometimes non-feasible wiring and does not scale.  Running a second gigabit line to each access point provides a maximum connection speed of 2Gbps and with 802.11ac Wave 2 providing 5Gbps+, you could be paying for speed you cannot access.

The second solution is much more elegant and scalable – multigigabit switching.  Cisco, Hewlett-Packard Enterprise, Brocade and other vendors provide multigigabit switches at the access layer.  Depending on the model and vendor, multigigabit switches can provide 100, 1GB, 2.5GB, 5GB and 10GBASE-T bandwidth per port.  Multigigabit switches utilize the same RJ-45 Ethernet ports used today, but are capable of providing speeds in excess of 1Gbps over those ports.  While the ports are the same, the cabling is not.  What makes this solution so elegant is that existing Cat5e cabling can be used to provide the additional bandwidth – to a point.  While Cat5e will support up to 5Gbps, that’s where it stops.  Cat6, Cat6a and Cat7 cables are required to provide higher speeds over greater distances.  In addition to the bandwidth increase, these multigigabit switches can also provide 60+ watts of PoE per port.  60W per port is enough to power energy-hungry access points and even power smaller switches.

Today, multigigabit switching is available from Cisco, Aruba Networks (HPE), Brocade and other vendors.

Thinking about a wireless initiative?   Let MNJ Technologies help!  Our team of Solutions Architects and Engineers can assist with the assessment, planning, design and implementation of your wireless infrastructure.  Reach out to your MNJ Account Executive to learn more.