Review servers and think about buying a single virtual server replacement, or a cloud server infrastructure for these applications. Both
servers have expired warranties, battery backup and security issues. Both servers could run easily on a newer generation Dell server and
keep costs low, while getting everything back under warranty and an opportunity to reconfigure the network / server settings with security in
mind fixing a lot of the issues expressed here today.
In general, the network is neglected. There is no maintenance schedule in place for the updates, and security review of the servers. While
it’s true the hack attempts were resolved, it was only found under a third-party review. There should be multiple layers of security which
doesn’t exist now.
Security isn’t a priority on the network.
Check recommended action items at the end of the document.
Network is running on a Dell Power Connect 5548, which is a great switch for this environment. Firmware is
outdated on the firmware, but isn’t a critical issue.
Firewall is a Fortinet 90D with wireless. Recommend replacing old firewall with a next generation firewall with
advanced threat detection – SonicWALL for example. Utilize VPN connections where necessary, and remote all
external access to servers except from authorized people.
Firmware on the firewall is expired and should be renewed or replaced.
Multiple firewall policies exist that shouldn’t allow traffic into the network. There are legacy items on the firewall
that should be removed to tightened security. It doesn’t look like the administrator has full understanding of the
features and functions of the firewall.
There is a lack of technical policy understanding on the firewall. Some policies exist that shouldn’t, allowing
traffic into the network. This is what caused the hack attempts into the network. There is no way to tell for sure
without a forensic audit of the servers if there was an actual breech of data.
We have the ability today to geo-limit people based on location, and payloads. Implement security, HIPPA and
remote access with the sensitive materials (pictures) and names of people would be a popular target for
Two physical servers are on the network, a T410, and an R520. Both of which have expired warranties. We recommend keeping any server in
production under warranty. For the cost of a single failed drive this server could be warrantied. I will attach a quote to renew the warranty.
Server hasn’t been updated since 2/11/2017, see screenshot below. Servers store critical data, and are susceptible to virus just like any other
machines. This server needs a maintenance schedule implemented, and updates installed.
Firewall is disabled, and should be enabled. See screenshot.
This server is running Small Business Server 2008, which is almost 10 years old now. The product has been in part end-of-lifed from Microsoft.
Server is not updating, and last attempts at updating failed, see screenshot. Last update was in January.
Java is out of date. Java, and Adobe are the two critical entry points for hackers. Keep them both up to date, and uninstall them on servers if
they’re not required.
Server firewall is disabled, and should be enabled with specific ports allowed through, just like the main Fortinet firewall, and the network
services that NextTech needed. See screenshot.
• Web Root is up to date, and managed on the network.
• Check license and expiration, and validate it’s not expiring.
• No access to the console of the Anti-Virus program.
Speed tests are slow, check local internet
options for faster internet. LIVE Consulting
has a master agreement that we have a
little bit of leverage to help get deals done
on internet. We can run the address if you
would like to see what’s available.
No software audit done. Check licenses for systems in use. Server and server CALs.
Microsoft has said they will audit every small business for licenses.
Physical security of the server is behind a
locked door, although the door isn’t
locked most days.
No software monitoring installed. Recommend a software package to watch for failed
updates, backups, event log errors, security events, and other type of agent monitoring
solutions for proactive maintenance.
SQL Server – backups are running as they should locally,
no offsite data existing. A job is created to copy all data
offsite, but the job is running into a timeout and failing.
See Screenshot below. This means if there was a fire,
theft of the server, or failure of the server room for any
reason no backups are recoverable of the most critical
data. Live Consulting recommends a 3-2-1 backup
system. 3 copies of the data, in 2 locations, 1 of them
You have 2 copies now, production, and local, but offsite is
imperative. With cloud options as cheap as they are, this
No power backup exists for the network or for
one of the servers. There is a battery backup
system in place, but the battery is dead, and
is working just as a power strip right now.
This was proved when the power went out
and the servers rebooted.
Recommendation would be to get a battery
that can support the network, and the servers.
Also, install the backups software to do soft
shutdowns of the machines so the servers
don’t hard power down which could cause
The domain is registered for another 4+ years, and is set to expire in 2022. Google does give a slight increase in search ranking
based on longevity of registration. Its only $8/year, so registering the domain to the maximum allowed time would be beneficial.
The issue here is that COMPANY doesn’t own the domain in the eyes of the internet. The registrant is registered to *****. It is
always recommended to keep the domain on an e-mail address of the business and give access to 3rd parties as needed. For
example, in this case you can set up IT@*********and send it to both Kim, and to the IT company. This gives them full access that
they need, but at the same time keeps Kim up to date with changes and needs of the domain, while keeping it owned by the
company. This is the same as lending someone your car and signing over the title to your car while they borrow it. They don’t
need to own it to manage it.
Spam filtering is hosted by
********, which is a great
Replace servers with single server. User VMware to utilize a larger server and
decommission both existing servers.
Replace existing battery in backup, or replace with a larger unit that can support firewall,
network, and servers.
• Implement a soft shutdown on power outages (happened 3 times while I was
there, data corruption will happen)
• Fix offsite backups so they’re working, would prefer a replacement to an
enterprise grade backup solution at a lower cost.
• Upgrade all server OS, and implement a maintenance schedule.
• Get a current copy of all documentation including account numbers, username
and passwords. COMPANY should own and have access to all software and
services you are or have paid for.
• Check available internet options. It’s possible there is faster internet available