The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations

U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:


09/06/2016 06:29 PM EDT
Original release date: September 06, 2016 | Last revised: September 28, 2016

Systems Affected

Network Infrastructure Devices


The advancing capabilities of organized hacker groups and cyber adversaries create an increasing global threat to information systems. The rising threat levels place more demands on security personnel and network administrators to protect information systems. Protecting the network infrastructure is critical to preserve the confidentiality, integrity, and availability of communication and services across an enterprise.

To address threats to network infrastructure devices, this Alert provides information on recent vectors of attack that advanced persistent threat (APT) actors are targeting, along with prevention and mitigation recommendations.


Network infrastructure consists of interconnected devices designed to transport communications needed for data, applications, services, and multi-media. Routers and firewalls are the focus of this alert; however, many other devices exist in the network, such as switches, load-balancers, intrusion detection systems, etc. Perimeter devices, such as firewalls and intrusion detection systems, have been the traditional technologies used to secure the network, but as threats change, so must security strategies. Organizations can no longer rely on perimeter devices to protect the network from cyber intrusions; organizations must also be able to contain the impact/losses within the internal network and infrastructure.

For several years now, vulnerable network devices have been the attack-vector of choice and one of the most effective techniques for sophisticated hackers and advanced threat actors. In this environment, there has never been a greater need to improve network infrastructure security. Unlike hosts that receive significant administrative security attention and for which security tools such as anti-malware exist, network devices are often working in the background with little oversight—until network connectivity is broken or diminished. Malicious cyber actors take advantage of this fact and often target network devices. Once on the device, they can remain there undetected for long periods. After an incident, where administrators and security professionals perform forensic analysis and recover control, a malicious cyber actor with persistent access on network devices can reattack the recently cleaned hosts. For this reason, administrators need to ensure proper configuration and control of network devices.

Proliferation of Threats to Information Systems

SYNful Knock

In September 2015, an attack known as SYNful Knock was disclosed. SYNful Knock silently changes a router’s operating system image, thus allowing attackers to gain a foothold on a victim’s network. The malware can be customized and updated once embedded. When the modified malicious image is uploaded, it provides a backdoor into the victim’s network. Using a crafted TCP SYN packet, a communication channel is established between the compromised device and the malicious command and control (C2) server. The impact of this infection to a network or device is severe and most likely indicates that there may be additional backdoors or compromised devices on the network. This foothold gives an attacker the ability to maneuver and infect other hosts and access sensitive data.

The initial infection vector does not leverage a zero-day vulnerability. Attackers either use the default credentials to log into the device or obtain weak credentials from other insecure devices or communications. The implant resides within a modified IOS image and, when loaded, maintains its persistence in the environment, even after a system reboot. Any further modules loaded by the attacker will only exist in the router’s volatile memory and will not be available for use after the device reboots. However, these devices are rarely or never rebooted.

To prevent the size of the image from changing, the malware overwrites several legitimate IOS functions with its own executable code. The attacker examines the functionality of the router and determines functions that can be overwritten without causing issues on the router. Thus, the overwritten functions will vary upon deployment.

The attacker can utilize the secret backdoor password in three different authentication scenarios. In these scenarios the implant first checks to see if the user input is the backdoor password. If so, access is granted. Otherwise, the implanted code will forward the credentials for normal verification of potentially valid credentials. This generally raises the least amount of suspicion. Cisco has provided an alert on this attack vector. For more information, see the Cisco SYNful Knock Security Advisory.

Other attacks against network infrastructure devices have also been reported, including more complicated persistent malware that silently changes the firmware on the device that is used to load the operating system so that the malware can inject code into the running operating system. For more information, please see Cisco’s description of the evolution of attacks on Cisco IOS devices.

Cisco Adaptive Security Appliance (ASA)

A Cisco ASA device is a network device that provides firewall and Virtual Private Network (VPN) functionality. These devices are often deployed at the edge of a network to protect a site’s network infrastructure, and to give remote users access to protected local resources.

In June 2016, NCCIC received several reports of compromised Cisco ASA devices that were modified in an unauthorized way. The ASA devices directed users to a location where malicious actors tried to socially engineer the users into divulging their credentials.

It is suspected that malicious actors leveraged CVE-2014-3393 to inject malicious code into the affected devices. The malicious actor would then be able to modify the contents of the Random Access Memory Filing System (RAMFS) cache file system and inject the malicious code into the appliance’s configuration. Refer to the Cisco Security Advisory Multiple Vulnerabilities in Cisco ASA Software for more information and for remediation details.

In August 2016, a group known as “Shadow Brokers” publicly released a large number of files, including exploitation tools for both old and newly exposed vulnerabilities. Cisco ASA devices were found to be vulnerable to the released exploit code. In response, Cisco released an update to address a newly disclosed Cisco ASA Simple Network Management Protocol (SNMP) remote code execution vulnerability (CVE-2016-6366). In addition, one exploit tool targeted a previously patched Cisco vulnerability (CVE-2016-6367). Although Cisco provided patches to fix this Cisco ASA command-line interface (CLI) remote code execution vulnerability in 2011, devices that remain unpatched are still vulnerable to the described attack. Attackers may target vulnerabilities for months or even years after patches become available.


If the network infrastructure is compromised, malicious hackers or adversaries can gain full control of the network infrastructure enabling further compromise of other types of devices and data and allowing traffic to be redirected, changed, or denied. Possibilities of manipulation include denial-of-service, data theft, or unauthorized changes to the data.

Intruders with infrastructure privilege and access can impede productivity and severely hinder re-establishing network connectivity. Even if other compromised devices are detected, tracking back to a compromised infrastructure device is often difficult.

Malicious actors with persistent access to network devices can reattack and move laterally after they have been ejected from previously exploited hosts.


1.    Segregate Networks and Functions

Proper network segmentation is a very effective security mechanism to prevent an intruder from propagating exploits or laterally moving around an internal network. On a poorly segmented network, intruders are able to extend their impact to control critical devices or gain access to sensitive data and intellectual property. Security architects must consider the overall infrastructure layout, segmentation, and segregation. Segregation separates network segments based on role and functionality. A securely segregated network can contain malicious occurrences, reducing the impact from intruders, in the event that they have gained a foothold somewhere inside the network.

Physical Separation of Sensitive Information

Local Area Network (LAN) segments are separated by traditional network devices such as routers. Routers are placed between networks to create boundaries, increase the number of broadcast domains, and effectively filter users’ broadcast traffic. These boundaries can be used to contain security breaches by restricting traffic to separate segments and can even shut down segments of the network during an intrusion, restricting adversary access.

  • Implement Principles of Least Privilege and need-to-know when designing network segments.
  • Separate sensitive information and security requirements into network segments.
  • Apply security recommendations and secure configurations to all network segments and network layers.
Virtual Separation of Sensitive Information        

As technologies change, new strategies are developed to improve IT efficiencies and network security controls. Virtual separation is the logical isolation of networks on the same physical network. The same physical segmentation design principles apply to virtual segmentation but no additional hardware is required. Existing technologies can be used to prevent an intruder from breaching other internal network segments.

  • Use Private Virtual LANs to isolate a user from the rest of the broadcast domains.
  • Use Virtual Routing and Forwarding (VRF) technology to segment network traffic over multiple routing tables simultaneously on a single router.
  • Use VPNs to securely extend a host/network by tunneling through public or private networks.

2.    Limit Unnecessary Lateral Communications

Allowing unfiltered workstation-to-workstation communications (as well as other peer-to-peer communications) creates serious vulnerabilities, and can allow a network intruder to easily spread to multiple systems. An intruder can establish an effective “beach head” within the network, and then spread to create backdoors into the network to maintain persistence and make it difficult for defenders to contain and eradicate.

  • Restrict communications using host-based firewall rules to deny the flow of packets from other hosts in the network. The firewall rules can be created to filter on a host device, user, program, or IP address to limit access from services and systems.
  • Implement a VLAN Access Control List (VACL), a filter that controls access to/from VLANs. VACL filters should be created to deny packets the ability to flow to other VLANs.
  • Logically segregate the network using physical or virtual separation allowing network administrators to isolate critical devices onto network segments.

3.    Harden Network Devices

A fundamental way to enhance network infrastructure security is to safeguard networking devices with secure configurations. Government agencies, organizations, and vendors supply a wide range of resources to administrators on how to harden network devices. These resources include benchmarks and best practices. These recommendations should be implemented in conjunction with laws, regulations, site security policies, standards, and industry best practices. These guides provide a baseline security configuration for the enterprise that protects the integrity of network infrastructure devices. This guidance supplements the network security best practices supplied by vendors.

  • Disable unencrypted remote admin protocols used to manage network infrastructure (e.g., Telnet, FTP).
  • Disable unnecessary services (e.g. discovery protocols, source routing, HTTP, SNMP, BOOTP).
  • Use SNMPv3 (or subsequent version) but do not use SNMP community strings.
  • Secure access to the console, auxiliary, and VTY lines.
  • Implement robust password policies and use the strongest password encryption available.
  • Protect router/switch by controlling access lists for remote administration.
  • Restrict physical access to routers/switches.
  • Backup configurations and store offline. Use the latest version of the network device operating system and update with all patches.
  • Periodically test security configurations against security requirements.
  • Protect configuration files with encryption and/or access controls when sending them electronically and when they are stored and backed up.

4.    Secure Access to Infrastructure Devices

Administrative privileges on infrastructure devices allow access to resources that are normally unavailable to most users and permit the execution of actions that would otherwise be restricted. When administrator privileges are improperly authorized, granted widely, and/or not closely audited, intruders can exploit them. These compromised privileges can enable adversaries to traverse a network, expanding access and potentially allowing full control of the infrastructure backbone. Unauthorized infrastructure access can be mitigated by properly implementing secure access policies and procedures.

  • Implement Multi-Factor Authentication – Authentication is a process to validate a user’s identity. Weak authentication processes are commonly exploited by attackers. Multi-factor authentication uses at least two identity components to authenticate a user’s identity. Identity components include something the user knows (e.g., password); an object the user has possession of (e.g., token); and a trait unique to the specific person (e.g., biometric).
  • Manage Privileged Access – Use an authorization server to store access information for network device management. This type of server will enable network administrators to assign different privilege levels to users based on the principle of least privilege. When a user tries to execute an unauthorized command, it will be rejected. To increase the strength and robustness of user authentication, implement a hard token authentication server in addition to the AAA server, if possible. Multi-factor authentication increases the difficulty for intruders to steal and reuse credentials to gain access to network devices.
  • Manage Administrative Credentials – Although multi-factor authentication is highly recommended and a best practice, systems that cannot meet this requirement can at least improve their security level by changing default passwords and enforcing complex password policies. Network accounts must contain complex passwords of at least 14 characters from multiple character domains including lowercase, uppercase, numbers, and special characters. Enforce password expiration and reuse policies. If passwords are stored for emergency access, keep these in a protected off-network location, such as a safe.

5.    Perform Out-of-Band Management

Out-of-Band (OoB) management uses alternate communication paths to remotely manage network infrastructure devices. These dedicated paths can vary in configuration to include anything from virtual tunneling to physical separation. Using OoB access to manage the network infrastructure will strengthen security by limiting access and separating user traffic from network management traffic. OoB management provides security monitoring and can implement corrective actions without allowing the adversary who may have already compromised a portion of the network to observe these changes.

OoB management can be implemented physically or virtually, or through a hybrid of the two. Building additional physical network infrastructure is the most secure option for the network managers, although it can be very expensive to implement and maintain. Virtual implementation is less costly, but still requires significant configuration changes and administration. In some situations, such as access to remote locations, virtual encrypted tunnels may be the only viable option.

  • Segregate standard network traffic from management traffic.
  • Enforce that management traffic on devices only comes from the OoB.
  • Apply encryption to all management channels.
  • Encrypt all remote access to infrastructure devices such as terminal or dial-in servers.
  • Manage all administrative functions from a dedicated host (fully patched) over a secure channel, preferably on the OoB.
  • Harden network management devices by testing patches, turning off unnecessary services on routers and switches, and enforcing strong password policies. Monitor the network and review logs Implement access controls that only permit required administrative or management services (SNMP, NTP SSH, FTP, TFTP).

6.    Validate Integrity of Hardware and Software

Products purchased through unauthorized channels are often known as “counterfeit,” “secondary,” or “grey market” devices. There have been numerous reports in the press regarding grey market hardware and software being introduced into the marketplace. Grey market products have not been thoroughly tested to meet quality standards and can introduce risks to the network. Lack of awareness or validation of the legitimacy of hardware and software presents a serious risk to users’ information and the overall integrity of the network environment. Products purchased from the secondary market run the risk of having the supply chain breached, which can result in the introduction of counterfeit, stolen, or second-hand devices. This could affect network performance and compromise the confidentiality, integrity, or availability of network assets. Furthermore, breaches in the supply chain provide an opportunity for malicious software or hardware to be installed on the equipment. In addition, unauthorized or malicious software can be loaded onto a device after it is in operational use, so integrity checking of software should be done on a regular basis.

  • Maintain strict control of the supply chain; purchase only from authorized resellers.
  • Require resellers to implement a supply chain integrity check to validate hardware and software authenticity.
  • Inspect the device for signs of tampering.
  • Validate serial numbers from multiple sources.
  • Download software, updates, patches, and upgrades from validated sources.
  • Perform hash verification and compare values against the vendor’s database to detect unauthorized modification to the firmware.
  • Monitor and log devices, verifying network configurations of devices on a regular schedule.
  • Train network owners, administrators, and procurement personnel to increase awareness of grey market devices.


Shadow Broker Exploits
Vendor CVE Exploit Name Vulnerability
Fortinet CVE-2016-6909 EGREGIOUSBLUNDER Authentication cookie overflow
WatchGuard CVE-2016-7089 ESCALATEPLOWMAN Command line injection via ipconfig
Cisco CVE-2016-6366 EXTRABACON SNMP remote code execution
Cisco CVE-2016-6367 EPICBANANA Command line injection remote code execution
Cisco CVE-2016-6415 BENIGNCERTAIN/PIXPOCKET Information/memory leak
TOPSEC N/A ELIGIBLEBACHELOR Attack vector unknown, but has an XML-like payload
beginning with <?tos length=”001e.%8.8x”?
TOPSEC N/A ELIGIBLEBOMBSHELL HTTP cookie command injection
TOPSEC N/A ELIGIBLECANDIDATE HTTP cookie command injection



Revision History

  • September 6, 2016: Initial release
  • September 13, 2016: Added additional references

Prime Telecommunications Offers Innovative Cloud Disaster Recovery Solutions

Prime Telecommunications, Inc., a leader in unified communications, announced today that it has launched a program that focuses on cloud-based data safety. This program is aimed to help small to mid-sized businesses (SMBs) to effectively store, manage, and transfer their critical business files seamlessly while simultaneously increasing the overall security of all of their business files. Whether employees are utilizing files on their servers, laptops, workstations or smartphones, this Cloud Disaster Recovery Program will change the way that business owners handle their sensitive corporate and financial information.

For those who aren’t yet familiar, disaster recovery, is a set of policies and procedures which enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster. The majority of enterprise-level organizations have recognized the blatant need for disaster recovery programs because they focus on strengthening the underlying IT or technology systems supporting critical business functions, especially in moments of need. For example, when an organization starts growing and adds on more staff, there are more possibilities for human-induced disasters or data theft. An accidental deleted or misplaced file can can cost companies dozens of hours in lost producitity. Futhermore, with more staff come more devices, which in an increasing BYOD (Bring Your Own Device) environment, means that there are more vulnerability points for hackers to enter the network. When businesses begin to scale, these productivity interruptions are no longer tolerable.

“When a business begins its growth trajectory, it’s easy to sit back and enjoy the success,” stated Vic Levinson, President at Prime Telecommunications. “We know that feeling. It’s so rewarding to see your business growth outpacing your operating expenses and all of the years of sacrifice make it completely worth it. It’s so easy to kick your feet up, relax and enjoy the fruits of your labor in that moment, however, this is precisely when businesses need to take the steps to protect themselves so they can continue to grow at that same rate. This is when they are most susceptible to virtual disasters and without a comprehensive disaster recovery plan and cloud technology that is engineered specifically to shrug off these types of disturbances, they are putting that stable growth at risk.”

In years prior, many businesses were hesitant to purchase cloud-based disaster recovery solutions because they required large, up-front capital expenditures. Prime Telecommunications’ cloud disaster recovery program breaks this pattern because its on a pay-as-you go model, so businesses only pay for what they use, enabling them to scale up and down their disaster recovery program in perfect sync with the pace of their businesses. It’s file syncing, syncing with business growth, syncing with a cost structure that makes this technology easy to implement into any growth-oriented SMB.

Prime Telecommunications Educates Customers on Password Protection Policies to Keep Their Businesses Safe

PasPassword Managementsword management has become increasingly important with daily attacks from hackers specifically targeting SMBs (Small and Medium sized businesses) . For example, 6 million LinkedIn account passwords were compromised just a couple of years ago and the list of breach has grown dramatically since. Anyone who has been using major social media sites, like LinkedIn, may have received a notification in the past couple months forcing them to reset their passwords. This is the result of the colossal breach in Internet security and Prime Telecommunications has taken the initiative to advise businesses on how to protect themselves.

As the Internet continues to expand in complexity, so do its vulnerabilities. In order for business owners to protect their organizations, they need to utilize best practices in password security. Here are some steps that business owners can take immediately.

Never Use the Same Password Twice: One of the most effective ways to prevent breaches is also the simplest; never use the same password for multiple accounts. Strong, unique passwords, with symbols, numbers and capital letters are usually far more effective than anything else.

Enable Two-Step Authentication/Verification: This is one of the other simple ways that a business can instantly upgrade the security of their entire network, by simply passing a company policy. Two-step password authentication essentially means that when a user logs into their account, they’ll be required to confirm that log-in attempt by replying to a text message or phone call. This best practice makes it much harder for hackers to impersonate the true account owner because it requires them to have access to multiple accounts before their hacking attempts can be effective.

Stay Vigilant Against Phishing: Hackers have long relied on phishing, a common strategy in which a hacker attempts to defraud an online account holder of financial information by posing as a legitimate company. For example, a hacker will gain access to your account information by purchasing your email and password on the black market and then they will log into your email and send a desperate email to one of your contacts, posing as you. “John! My transmission just blew and I’m stranded out here. My phone is about to die. Can you send me $2,000 to this account? I’ll pay you back as soon as I get into town.” Users need to constantly remain vigilant against attacks like this because they are prevalent and have proven effective over the years.

“While these are a few proactive steps a company can take in the right direction, they are only a mere shadow of what is possible if they work with a true managed IT services provider, like Prime Telecommunications, who is regularly monitoring, maintaining and optimizing the security of every device on a business’s network,” stated Vic Levinson, President of Prime Telecommunications. Prime Telecommunications partners with SMBs that need to secure a competitive advantage with advanced technology and want to remain focused on growing their business, instead of keeping up on the latest in online security. “That’s our job,” said Mr. Levinson.


Prime Telecommunications sponsors a hole at the Action Sertoma Golf Outing!

Prime sponsors a hole


The Action Sertoma Club would like to thank all of our supporters of our 2016 Golf Outing Fundraiser which was held on July 13th 2016, at the Odyssey Country Club in Tinley Park, IL.

 The event was a tremendous success, the weather was perfect, over 230 golfers and guests attended the event, and it would not have been such a great success without your support.

 We thank you for being a  Hole Sponsor.

 Each year our club attempts to raise more funds then the previous year. This year was no exception.

 All of the funds raised at this event will be donated to the Sertoma Centre, Inc. The Centre since 1971 has been assisting people with personal challenges, including mental health, developmental, mental and physical disabilities.

 This year over 1,200 people with disabilities are being served daily.

 Again we thank you for your support, without you we would not be able to assist in the donations we make to the Sertoma Centre, Inc.


Waazzzup? WaaS – Work Space as a Service!

Prime Telecommunications, Inc., an industry leader in unified communications, announced today the release of their newest technology deployment, which is their WaaS (Workspace-as-a-service) program that is being offered to the SMBs (small to mid-sized businesses). The program is designed to help businesses make the proverbial jump to the cloud. As the number of executives increase, so does the demand for more flexible and secure applications, hardware, software and virtualized components. WaaS takes this a step further, by taking office technology to new heights by running every component through a virtualized network, instead of requiring local device management. Prime Telecommunications is very excited to announce this program and to share the value-adds with their existing client base.

In layman’s terms, WaaS virtualizes every component on a desktop computer. So instead of having a physical component such as servers on-site, which can become obsolete, security-breached or malfunctioning, all components are run through the cloud. For end users, this means that every single component of an employee’s workstation will be available to them, regardless of where they’re located or which device they happen to have with them. Everything resides in the cloud including all software, data, file sharing capabilities, Microsoft programs, and line of business software.

“We’re so excited to offer our WaaS program to SMBs,” stated Vic Levinson, President at Prime Telecommunications. “The majority of businesses will be transitioning the bulk of their IT infrastructure to the cloud and our WaaS solution enables them to do it in a secure manner without compromising their need for flexible access to all of their software tools and programs. Most businesspeople don’t have access to all of their technology at any point in time and WaaS eliminates this problem forever. Furthermore, the complete virtualization of the IT network into the cloud bolsters security. For example, in a WaaS environment, employees can BYOD (Bring Your Own Device) onto the network without any hassle and if that employee leaves the company, their access to the cloud can simply be deactivated, drastically reducing the risk of data loss, systems-breach or malicious use. The case for WaaS is quite clear, because it increases employee flexibility and company security. Over time, these combine to drive productivity and boost the bottom line, which is the core reason for any technology to reach popularity in the business community.”

Prime Telecommunications Educates Customers on Ransomware


Prime Telecommunications, Inc., a leader in unified communications, announced today that they have launched a ransomware awareness campaign. The purpose of the campaign is to quickly educate business owners in understanding one of the latest threats now facing small to mid-sized businesses (SMBs). Ransomware is a specific variation of malware, that is growing in popularity amongst hackers and Prime Telecommunications is doing its best to alert business owners of this new tactic. Prime Telecommunications’ existing customers are very well protected against this type of threat but many business owners may be unaware of the potential destruction this has on an organization.

While business owners have always understood the need to protect their businesses from malware, short for “malicious software”, ransomware is a new tactic that hackers are using to attack businesses in an especially wicked way. Essentially, an employee will receive an email with a deceptive link, labeled “See Resume Here” or “Download Report Now”, and then upon clicking the link, a ransomware application will be installed immediately on the computer. Then, the software can remain hidden for several days, until it is activated. At that moment, the ransomware application will hijack critical files, remove them from the network, encrypt them so no other computers can access them and then hackers will send an email demanding payment for the release of the missing files. The biggest problem with this type of cyber attack is that it leaves absolutely no leverage to the business owner. Even if they pay the “ransom”, hackers don’t necessarily unlock the files every time. “This is a huge problem that could have drastic impact on an organization and the craziest thing we notice is that there is such a simple solution,” stated Vic Levinson, President at Prime Telecommunications.

“These types of attacks happen far too often, and we take great pride in protecting our customers from threats like this,” added Levinson. “The first line of defense for these kinds of attacks is a technically educated staff. While the majority of these threats come in the form of suspicious email links, an educated staff can avoid these catastrophes simply through awareness. That’s one of the reasons why we issued this press release,” commented Levinson. “For business owners that see the value of peace of mind, we devise comprehensive solutions that thwart these types of attacks from every angle. We take a global approach that includes a combination of anti-virus software, anti-malware software, strong firewalls, employee education, data backup, and network redundancy. What we’ve noticed over the years is that every network has different exposure points and our job is to come in as a technology advisor and to proactively prevent not only ransomware attacks, but the myriad of others attacks that a business owner may face for years to come.”

Prime Telecommunications’ mission is to leave business owners in a more empowered position by serving as an educator of emergent technologies. “Our biggest aim with this campaign is to usher in a sense of urgency amongst business owners so they take action now, instead of waiting to be in a difficult, immutable situation later,” closed Levinson.

Eight Reasons Why Small and Mid-Sized Businesses Need Managed IT Services

Managed Networks Chicago

Managed IT services is rapidly becoming one of the hottest solutions in business today because it dramatically improves an organization’s profitability, frees up internal resources, and offers a unique competitive advantage.   Simply put, managed IT services are designed to assist companies in maintaining and supporting their network and IT infrastructure with the assistance of an outsourced managed services provider (MSP).  Types of services may include remote network monitoring, programming and reporting (24/7), firewall monitoring, intrusion detection, preventative tasks, disaster recovery, data backup and help desk support.  There are eight critical reasons why small to midsized businesses (SMBs) need managed IT services now and throughout the life cycle of their business.

Dependence On IT

Almost all businesses have become more dependent on computer technologies in the past few years.  And, it’s a rapidly changing environment.  Every business has become dependent on its IT infrastructure to perform at a high level, while effectively delivering its products or services.  As a result, it has become more difficult to maintain the expertise to properly deploy, manage, and monitor this new technology, especially as a business evolves.


The fact that this new technology is new makes it more difficult for the average employee to understand and use effectively.  The level of demand and sophistication from today’s businesses are driving up complexity.  Distinct disciplines or specialties are emerging in a variety of technology related areas such as telephony, desktop, network, application and database support.  The breadth and depth of technology an organization requires immediately places the resources at a small to mid-sized businesses (SMBs) at a distinct disadvantage.

Insufficient Solutions

Traditional support options such as a one man IT consultant, or a one or two person in-house IT department cannot effectively handle the occasional network breakdowns that are bound to occur. This is especially true when compared to a team of external resources that  proactively monitor the SMB’s installed technology at all times.

Lack of Process

An IDC study reinforces the notion of lack of process, showing that 78% of all IT downtime is caused by change.  If you could simply eliminate change from the computing environment, you would substantially decrease the risk. Unfortunately, most SMBs lack the procedures, documentation standards, and scope of work, which often results in major disruption and downtime.

Increased Use of Technology

Increasing use of computers, new software and procedures, often leads to increased complaints and loss of productivity. Typically, when network or desktop problems arise and escalate inside a company, the response time of the one man shop or internal staff is quite slow. This dramatically increases employee complaints and lowers productivity.  In many situations employees have to wait in line to receive help.  As a result the downtime and morale will impact the organization’s bottom line as well as their ability to meet their customers’ needs.  By implementing a managed IT services program, the demand on internal IT resources are lessened, and they can now be utilized for other purposes such as directly supporting strategic business objectives rather than becoming bogged down in frequent break/fix issues.

Controlling Costs

During these challenging times, the IT budget is frequently reduced.  In a recent survey of nearly 950 IT managers at companies in North America and Europe; nearly half of the U.S. respondents said they have already cut their IT spending budgets.  Unfortunately, a cut in IT spending doesn’t mean there is a cut in demand for services.  This adds tremendous stress and pressure on internal departments to support the same amount of work with fewer resources.

Technology Erosion

Computer systems must be maintained just like any other systems used within the business. Vehicle fleets, manufacturing equipment, and the physical plant, have all moved to a preventative approach. If a company does not implement this preventative maintenance strategy for its technology components, disaster might be the unpleasant and unprofitable result.


Finally, the technology utilized within an organization in most cases must meet specific compliance standards.  For example, a company’s business processes supported by technology may need to comply with Sarbanes-Oxely, Health Insurance Portability and Accountability Act (HIPPA), Gramm-Leach-Bliley Act (GLBA) and other requirements. Most companies don’t have the resources to fully understand and comply with all the detailed requirements of these regulations.

All of the above issues are driving the popularity of partnering with a managed IT services firm.  Companies that have made the transition already answered this question.  If deploying, managing and monitoring my IT infrastructure has absolutely nothing to do with the core competency of my business, why wouldn’t I outsource it to an expert?  This is a fairly easy question to answer and these organizations have reaped the rewards of increased profitability and a competitive advantage.

Want a honest assessment of your network? Give us a call at 847 329 8600!

Apple Ends Support of Quicktime for Windows

U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

04/14/2016 03:48 PM EDT
Original release date: April 14, 2016

Systems Affected

Microsoft Windows with Apple QuickTime installed


According to Trend Micro, Apple will no longer be providing security updates for QuickTime for Windows, leaving this software vulnerable to exploitation. [1]


All software products have a lifecycle. Apple will no longer be providing security updates for QuickTime for Windows. [1]

The Zero Day Initiative has issued advisories for two vulnerabilities found in QuickTime for Windows. [2] [3]


Computer systems running unsupported software are exposed to elevated cybersecurity dangers, such as increased risks of malicious attacks or electronic data loss. Exploitation of QuickTime for Windows vulnerabilities could allow remote attackers to take control of affected systems.


Computers running QuickTime for Windows will continue to work after support ends. However, using unsupported software may increase the risks from viruses and other security threats. Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows. Users can find instructions for uninstalling QuickTime for Windows on the Apple Uninstall QuickTime page. [4]


Revision History

  • April 14, 2016: Initial Release

Presence Management: The Greatest Form of Communication


Want to increase communications and productivity between employees and customers?  Then, presence management is the way to go.  This wonderful technology gives all individuals within a company the ability to know what everyone is else is doing in real-time.  Is someone in the building or even at their desk? Are they in a meeting? Are they on the phone? By having this information one can determine if and in what manner to connect with another person.  That’s essentially the purpose of presence management and it’s enhancing the way we communicate. Having this information presents one with an array of communication options that’s dramatically driving up productivity for those companies – both large and small deploying presence management.

Unified presence management is driven off of a company’s voice and data system and empowers people to control every facet of their communications.  It includes and functions off of all devices such as computers, cell phones, Voice over IP (VoIP), and personal communications services.  As soon as someone logs onto their computer a pop up window appears containing the names of fellow employees and their current activity as well as their location.  Essentially, the technology lets you see the presence status of others, send emails and voicemails, receive faxes, control all your phone calls via desktop phones or a softphone, send secure Instant Messages and voice messages, launch a collaborative web conference session – all with a single mouse click.  Users may also put notes into presence for everyone to see.  For example, a note may have the time when an employee will be back in the office from lunch or say an off-site meeting.  Another user may make everyone aware that they may be working from home that day.  Knowing everyone’s availability offers greater options to rapidly assist with everyday business issues.

The power of presence is absolutely incredible.  For instance, a customer may contact your facility with a question and the individual that answered the phone may not have the necessary information to respond appropriately.  Immediately, the employee can view presence and see who is available to assist the customer.  They may send a question via an instant message or put the caller on hold, contact their colleague to gather the information or directly transfer the call while giving the colleague a heads up.  The flexibility of presence is tremendous and one can assume that it is easily driving customer satisfaction levels through the roof.  A basic phone system cannot operate in this fashion and unfortunately those that utilize traditional telephony are missing the boat.

Included in presence are such features as find me follow me.  This unique technology gives people the ability to reach a specific individual anytime, anywhere based on the implementation of a few easy to set rules in the system.  A can call come in and the caller has the option of finding the person on their cell phone or at another predetermined location.  The user may also have all calls set to directly transfer to the cell as well.  Another relatively new feature is twinning – a setting that rings both the desk and mobile phone simultaneously.  Reaching the person you want to, has never been this easy.

Time is more important than ever in today’s business environment.  Presence management saves an incredible amount of time because of the technology’s innate ability to drive efficiency and productivity.  Every business owner realizes the positive impact that even a minimal amount of improvement in this area can have on an organization’s bottom line, not to mention the empowerment an employee has to make better-informed communication decisions that in the end drives satisfaction in the workplace.  Presence management is a true win for everybody!

5 Reasons Every Business Needs a Unified Communications (UC) Solution

No matter what type of business or size business you have, the one aspect that you cannot afford to neglect is the communications you have with your customers. Businesses today are reaping the benefits of adopting one reliable solution for all of their communication needs thanks to the evolution of cloud-based unified communications (UC) solutions.

Here are 5 reasons why every business today needs a quality unified communications solution in place.

1. Cost
If you think about all of the individual services, equipment and staffing your business requires to communicate with your customers, you will be shocked at your monthly expenses. Communications, no doubt should be an investment, but one that is affordable. Quality and affordability are often both difficult to achieve, but thanks to modern cloud-based unified communications solutions, both are now obtainable. Every business should be looking to adopt a full service, subscription-based UC solution, one where everything is included. When we say everything, we mean it. The best UC solutions will include your phones, advanced calling features like auto attendants, unlimited calling, online faxing, video conferencing, toll-free and the latest mobile apps and tools, all for no capital expense. When you think about the value of this and what you can eliminate, for example, your fax machine costs and maintenance, modernizing and unifying your communications into one cost-effective solution is a no-brainer.

2. Disaster avoidance
When you think of disasters in business, you immediately think of revenue lost and unanticipated costs. Disasters can range from man-made interruptions to natural disasters like hurricanes and blizzards that can affect your business for days on end. With a cloud-based unified communications solution, disasters are no longer a concern. Communications can remain intact because all of your features and services are managed and accessed through a secure, online portalfrom any device. This means, that you can forward your calls to any number and voicemails can be retrieved from anywhere you are. Features like auto attendants, can also be used to inform customers of office closures. So, while your physical place of business may need to close, your communications with your customers will never be down.

3. Mobility
One of the greatest benefits of a cloud-based unified communications solution is the mobility and flexibility they provide. The world has become forever mobilized and so should your business. You no longer need to be chained to your place of business waiting for calls, or be worried about giving out your personal cell phone number. Cloud-based UC solutions offer the mobility to get calls on any device, through features like mobile twinning, where your business phone and mobile phone will ring simultaneously, so you never miss a call or mobile softphones, where you can make and receive calls on your mobile device using your business number. The ability to make business happen wherever you are and on whatever device you choose, is a benefit that no business should overlook.

4. Scalability
No matter what type of business you have, your hope and plans are for growth and profitability. Since the speed of growth is unknown, it is often difficult to plan ahead when making important investments, such as your business technology. Fortunately, cloud-based UC solutions allow you to scale up and down as needed. Having the reassurance that you can add and remove new employees, services and equipment instantly, gives you peace of mind and more control over your bottom line.

5. Productivity
With a cloud-based UC solution, your employees productivity level gains an instant boost. Not only can employees from any of your locations communicate on one system through 3 or 4 digit extension dialing, but they can also chat live through a secure, online customer portal. New tools like video, audio and web conferencing allows your employees to meet, collaborate and share documents from any device, anytime.

Cloud UC solutions offer countless advantages to businesses and help to ensure it is business as usual, no matter what takes place or where you or your employees physically are.

Interested in learning more about the benefits of UC solutions? Prime offers an award-winning, 100 percent cloud-based unified communications solution, and has more than a decade of cloud experience. Click here for more information or a free quote for your business.