[G13net]

*This post will detail an account I had with a customer while working at the ISP*

We were alerted that a certain IP of ours was spitting out spam and malware traffic like crazy.  When we pulled the connection history, all of their outbound traffic was port 25(SMTP) leaving the country.  We located the client and attempted to contact them.

The first few calls were unsuccessful.  After you leave a few messages and the staff says “the owner is not here right now, but I will leave this message” it smells of a small shop.  I called later in the day and was finally able to reach the manager.  I explained to him the traffic we were seeing and that he should contact his tech support.

I asked him about his setup and he said he had only one PC connected to our network with no router in between. All of our connections were bridged so that PC was full blown on the internet.  He said it was an old windows 98 machine; to make matters worse!  He then told me that this is his only POS(Point of Sale) machine and it handles all of his credit card transactions.  What he told me next made my jaw drop; his IT support told him not to worry about the virus!

So we have a machine, spitting out tons of spam and stealing who knows how many credit cards and the guy he PAYS for support told him not to worry!  His IT support told him not to worry about it because there is nothing he can do and even if he does fix it a problem will just show up again; viruses are everywhere!

I couldn’t believe what he told him.  It took a lot of convincing to get the owner to even understand why this was such an issue.  At the end of the day I still couldn’t get him to take it seriously and deal with the issue.  We ended up turning off his internet connection to save his customers.

Always keep in mind when dealing with smaller merchants; they usually don’t have the money or training to even care about security for their credit card transactions.  They are using software that *may* be secure and who knows if their computers are maintained.

If you see something fishy or if the staff is having a hard time with their computer; just pay cash!

ISP Stories, Security

I recently came across this post at the Iowa Technology Blog about security in small businesses.  I wanted to add a few stories of mine to demonstrate the importance.

For a short while, I worked at an ISP in their Internet Abuse Dept.  We were responsible for responding to alerts and notifications of spam and other malware coming from our network.  All of our clients were on Static IPs, so we were able to identify our clients and give them details about the kinds of traffic we were seeing.

Our main offenders were always small businesses.  These were companies that had less then 10 computers, no full time IT staff, and had no idea about computer and network security.  These were often the most difficult clients to deal with as when I called no one in the office had an idea as to what I was calling about.

In the next few posts I will detail a few cases that I dealt with while working at that ISP.

Security

I was tasked with coming up with a solution to allow people to securely access our network.  We did not want to have a client, so IPSEC VPNs were out.  We currently use Cisco’s SSL VPN but were unhappy on how it operated.  It is not very user friendly.

I was torn between using Sonicwall or Barracuda’s SSL VPN appliance for this task.  Either would allow us to have a public web page which users would have to enter their credentials and have access to the network.  We went with the Sonicwall due to price and features.

After some initial configuration headaches, I am really coming to enjoy working with this appliance.  I wish that making bookmarks for services can be done at the server end; this would help when configuring new users.

Security