logo

Award-Winning Dallas-Fort Worth IT Services.

Questions? Call (817) 859-7140

You are here: Learning Center / Blog / Happy Thanks giving

VersaTrust Blog

VersaTrust has been serving the Texas area since 1997 , providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

Happy Thanks giving

Thanksgiving wouldn’t be complete without sending a thank you to all of the local businesses in our community and a special thank you to those who put their trust in us to manage their technology. As we spend the day reflecting on what we’re thankful for, we hope you’re doing the same (and enjoying

Thanksgiving wouldn’t be complete without sending a thank you to all of the local businesses in our community and a special thank you to those who put their trust in us to manage their technology.

 

As we spend the day reflecting on what we’re thankful for, we hope you’re doing the same (and enjoying some delicious pumpkin pie while you’re at it!)

Have a great Thanksgiving!

Are SAML-enabled Enterprises Needed?

SAML-enabled Enterprises Increase Network Security with SSO SAML helps organizations implement single-sign-on. End-users need a single username and password for system access. SAML simplifies management of network security One of the first things most of us do when we arrive at work is sign-on to the corporate network. On the rare occasion that we

SAML-enabled Enterprises Increase Network Security with SSO

SAML helps organizations implement single-sign-on. End-users need a single username and password for system access. SAML simplifies management of network security  

One of the first things most of us do when we arrive at work is sign-on to the corporate network. On the rare occasion that we have to sign on to a specific application, we’re irritated. Why is the separate sign-on necessary? The simple answer is SAML.

>

What is SAML?

SAML stands for Security Assertion Markup Language. It is an open standard for sharing information across an enterprise for authentication and authorization of the end-user. It’s what lets you sign on once to access multiple applications. For SAML to work, all applications must communicate using the SAML specification. If an application cannot support SAML, the end-user will have to sign on separately.

How Does SAML Work?

A single-sign-on (SSO) environment has an identity provider where the user’s identity information is stored. When the end-user wants to use an application in the SSO environment, the application or service provider makes a request to the identity provider. The identity provider authenticates the end user’s identity and responds to the service provider’s request. The end-user is either granted or denied access.

A simplified SAML process for an end-user named Joel might flow like this:

  • Joel tries to sign on to his work computer. His sign on initiates a request to the company’s identity or SSO provider, asking for authentication.
  • The SSO provider authenticates Joel’s identity and grants him access to the network.
  • Joel launches his email program. His request initiates an exchange with the email application referred to as a service provider.
  • The service provider is configured to authenticate using SSO, so the application asks the identity provider for authentication of Joel.
  • The identity provider responds to the service provider with a digitally signed response that identifies Joel.
  • The SAML-formatted response either authenticates and authorizes Joel for the email application or denies access.
  • The service provider validates the identity provider’s response and either grants or denies access to the email application.
  • Joel accesses his email via the service provider’s application, based on the identity provider’s response.

All requests and responses must conform to the SAML protocols for exchanging information.

Why Use SAML?

SAML centralizes the authorization process. It also externalizes authentication to a separate identity provider. The configuration provides several benefits for both the end-user and the organization.

  • SAML provides a standard for deploying internet-based single sign-on.
  • SAML raises security access to the highest level. An identity provider can enforce a high level of authentication, such as Two-Factor Authentication, even if the individual applications do not support a high degree of authentication.
  • SAML simplifies the sign-on process for the end-user, who only has to remember a single user name and password.
  • SAML offers a single point for deactivation by centralizing access rights.
  • SAML enables the identity provider to audit access across SAML-enabled applications.

With a SAML-enabled enterprise, administration and monitoring of user access are reduced. Using an identity provider with a higher level of authentication than other applications within the network increases security. Allowing end-users to sign-on with a single username and password minimizes the number of times individuals require assistance because of forgotten passwords or usernames. The ability to control user access from a single point enables an organization to de-activate end-users quickly.

How to Hire Qualified Computer Specialists

Need to Hire a Computer Repair Specialist? 5 Criteria to Consider Are You Ready to Hire a Computer Repair Specialist? Read about the 5 Criteria You Need to Evaluate to Avoid Hiring the Wrong Person and Costly Mistakes Computer use in the U.S. has grown exponentially in the last decade. Over 15 million computer

Need to Hire a Computer Repair Specialist? 5 Criteria to Consider

Are You Ready to Hire a Computer Repair Specialist? Read about the 5 Criteria You Need to Evaluate to Avoid Hiring the Wrong Person and Costly Mistakes  

Computer use in the U.S. has grown exponentially in the last decade. Over 15 million computer devices were shipped out to users per year in 2003, according to industry data. That amount rose to an astonishing 65 million per quarter in 2015. With that many devices in consumers’ hands, computer repair specialists are a must for personal and enterprise users when something goes wrong. However, when it comes time to decide who to hire, knowing what criteria to look for can mean the difference between a mediocre and an excellent result.

Experience Levels

When deciding to hire a computer repair specialist or vendor, ask about the length and type of experience the specialist has. A specialist that has years of experience with the types of devices your organization has is ideal. If hiring a specialist from a local or national vendor, ask how employees or contractors are selected. Some vendors, for example, will only hire contractors that have successfully completed various industry certifications.

Education and Training

Hiring specialists that possess a formal degree in computer science or information systems can help improve the quality of service you receive. Industry certifications specific to general computer repair and troubleshooting, Apple, and Microsoft devices can also help. Specialists that keep up to date with industry trends and changes through continuing education courses is another good sign you will receive excellent service. Yet, industry certifications and degrees alone are not as important as years on the job and skills.

Device Types

Take a look at what types of devices your organization has and what devices require ongoing or periodic support. Some repair technicians will be highly specialized in certain types of devices, such as tablets or desktops. Repair specialists may only work on specific brands like Apple or Dell. Another important consideration is determining which repairs and devices can be supported internally versus externally. Simple repairs like replacing or upgrading RAM might be able to be completed by your internal IT department, depending upon the device brand and type. Other repairs like replacing a motherboard could be more complicated and require the device to be shipped into a vendor’s depot or replaced with a similar unit.

Cost

The cost of hiring a qualified computer repair specialist is usually at the top of most organizations’ criteria. Although it can be tempting to choose the vendor or specialist that offers the lowest price, this may not always be the best option. Consider whether there will be extra fees for issues that come up after the initial repair is completed. Also, check into whether completed repairs come with a warranty and how long the warranty lasts. Keep in mind that while the price of the service is not necessarily equated with quality, choosing smaller vendors or individual repair specialists will likely provide you with the best value.

Recommendations

Ask peers for recommendations on qualified computer repair providers. If the vendor or specialist is local, visit the location as a potential customer to see how the specialist responds. Assess whether you were treated courteously, whether the technician attempted to listen to your problem, and what repairs the technician recommended.

Chrome Users Need to Update Now

Why Google Chrome Users Should be Concerned About Security Patches Does Your Organization Use Google Chrome? Find Out Why Recent Security Flaws Have Created an Urgent Need to Update Your Devices’ Browsers Immediately If users in your organization use Google Chrome, there is a high chance that several of those systems are creating an

Why Google Chrome Users Should be Concerned About Security Patches

Does Your Organization Use Google Chrome? Find Out Why Recent Security Flaws Have Created an Urgent Need to Update Your Devices’ Browsers Immediately  

If users in your organization use Google Chrome, there is a high chance that several of those systems are creating an opportunity for hackers to install malware. Google recently identified a major security flaw with its Chrome browser that impacts Windows, Mac, and Linux-based devices. Although Google has released a security patch to correct the security vulnerabilities, the patch fixes two separate problems.

Security Vulnerabilities

One of the security vulnerabilities Google identified is Chrome’s audio component. The other vulnerability is tied to the browser’s PDF library. Both allow unwanted modifications or corruptions to memory data. This allows hackers to elevate privileges on the device or within applications installed on the device. If someone is able to gain administrative access to a system or software on a system, the individual could make unwanted changes or wreak havoc on the device’s operating system. There is also a high chance that a hacker could install malware or execute malicious code on the device.

Version

The version of the browser that fixes the security issues is 78.03904.87. Although the Chrome browser may be configured to automatically update itself in the background upon launch, it is a good idea to manually check each device. The browser can be manually checked by selecting the Help menu and then “About Google Chrome.” If there is an update available, the browser will automatically search for it and find it. The browser’s version will also be displayed in the “About” section. If the listed version is 78.03904.87 or later, then the device has received the necessary security patch.

If there are problems with the browser updating, it may need to be removed from the system and reinstalled. Some organizations have an automatic process to uninstall and reinstall applications from the server once the devices connect to the organization’s network. Reports can be run to see which systems still have outdated versions and technicians should manually check those systems to diagnose why automatic updates are not going through.

Other Considerations

A system that is not receiving automatic updates from Google Chrome may have other issues. Technicians should check for the following:

  • Is the anti-malware program up to date and running correctly?
  • Is the OS receiving approved updates and are these updates installing?
  • When was the last time the system pinged the network?
  • Has the system been restarted recently?
  • If the system has been disconnected from the organization’s network, how long has it been offline?
  • Has a malware scan recently been run? Were any malicious items identified and removed?
  • Are there are any suspicious executables or unauthorized programs installed?

Sometimes wiping a system and completely reinstalling the OS are the best courses of action. Signs that a device may be too infected, corrupted, or outdated include the presence of unauthorized or suspicious applications, more than 100 pending OS updates or a previous update date that is more than a month old, and an anti-malware program that will not update or run a scan correctly. Before wiping a system and reinstalled the OS, a technician should check for and back up any user data that may be installed on the device’s hard drive. However, the data should be carefully scanned for any malware infections prior to transferring it back onto the system.

What Are Your Company’s Responsibilities Following a Data Breach?

Learn from Marriott’s Example: Notification Responsibilities After a Data Breach Most states, the District of Columbia, the Virgin Islands and Puerto Rico have passed legislation regarding notification of security breaches. Know the laws in your state. To answer this question, let’s start with the example experienced by Marriot International recently when a breach exposed the

Learn from Marriott’s Example: Notification Responsibilities After a Data Breach

Most states, the District of Columbia, the Virgin Islands and Puerto Rico have passed legislation regarding notification of security breaches. Know the laws in your state.  

To answer this question, let’s start with the example experienced by Marriot International recently when a breach exposed the social security numbers of the hotel chain’s associates. Then, we’ll look at the federal and state requirements for notifying those impacted by a breach that involved their data.

How Did Marriott International Employees Fall Victim to a Data Breach?

Marriott International told some of its employees that their social security numbers (SSNs) had been exposed to an unknown person. The risk came from a vendor that handled documents for the hotel chain.

On September 4, 2019, Marriott found out that someone access information recorded on those documents, which included subpoenas and court documents. The notification, which came two months after the incident, merely stated that someone may have accessed the records, which is all hotel representatives claim to know. The potential breach impacts over 1,500 Marriott employees. On October 30, the hotel started sending notifications via regular mail for anyone it hadn’t been able to find.

Those impacted will receive free credit monitoring as well as identity theft protection for one year at the company’s expense. Notification and credit monitoring services are part of recent data breach laws, but one must wonder what took Marriot so long to notify the victims.

Why Did Marriott Have a Difficult Time Finding Victims?

Marriott received a list of those impacted, but most had no address. This may be the most significant factor in the delay. And, it’s not an unusual one. Company records breached by hackers may be incomplete in the best of circumstances, and this information was sitting in several external systems.

The unnamed firm said all Marriott employee data was deleted from its system. One of the problems in cases like this is storing data in multiple systems, which increases the risk of theft and data breaches. Marriott no longer partners with the vendor.

What Are Your Company’s Responsibilities in Case of a Data Breach?

The FTC recommends following these steps, some of which are legally required.

Secure your Operations

Move quickly to take whatever steps are needed to secure your systems. Otherwise, your data breach can result in a series of breaches. Mobilize or form a breach response team to shore up your network against further loss.

Fix Vulnerabilities

As part of the fix, you need to anticipate questions that clients, associates and the authorities may have. Put together clear questions and answers to post on your website. Direct communication may ease frustration and concerns, especially if it takes some time to identify those impacted, as in the Marriott cases.

Work with forensic experts to track to determine what records were at risk.

Notification

Most states, the District of Columbia, the Virgin Islands and Puerto Rico have passed legislation regarding notification of security breaches. You must notify the affected parties when personal information is involved. Check the laws in your state as well as the federal laws and consult with your legal team regarding your responsibilities.