SCAN

Someone is constantly attempting to breach your environment. Your IT infrastructure should be scanned to detect the loopholes and weaknesses. Scan identifies security gaps in your on-premises infrastructure, cloud offering, and human behaviour as well. This serves as a good foundation for IT security.

PROTECT

Let’s construct walls around your infrastructure that are high enough to protect your IT Infrastructure. The walls around you will be strengthened by updating your on-premises infrastructure to the most recent version and putting into effect best practices supplied or suggested by the cloud provider, CIS benchmark, or an equivalent for network security. Your security will be much greater if you use encryption and validate your organization’s security measures.

MONITORING

Instead than hearing that your infrastructure has been compromised, it is more helpful to know someone is “attacking your infrastructure” in real time. Real-time environmental protection is achieved by enabling monitoring and alarms. Installing Honeypots or alarm stations will draw attackers, allowing you to get alert for their activities.

DISASTER RECOVERY

There is still a chance of experiencing a catastrophe. However, disaster recovery is recognized as and acts as having a backup for your IT system. No matter how bad things appear after a tragedy, having a complete disaster recovery strategy in place will quickly restore things back to normal.

Cyber Security

Cyber Security Scan, Shield & Protection

Active Directory

Active Directory Migration & Upgrades

Email Services

Email Solutioning O365, Exchange or Email Relay Services

SQL Servers

SQL Server Upgrades & Migration

Modern Management

Manage your PC from Cloud, eliminiating the need of physical server

Azure - Live in Future

Azure Infrastructure Setup, Cloud Migration

Answers to

Frequently asked Question

Why do I need to upgrade my Active Directory?
Active Directory contains your User ID in the Infrastructure world. It is like the virtual avatar of your user or your representation. If someone can imitate you then he can gain all your privileges and act like you in your environment. Now depending on who you are, this can be very damaging for the organization.

Newer versions of AD come with new and updated security features. It’s been a while since FGPP (fine grain password policy) was released but I still see a limited implementation of that or even a proper password policy in the environment, similarly AD recycle bin. There has been a constant upgrade in the security posture of AD like a 2019 DC by default only allows LANMAN V5 for communications with clients. Also, the outdated Operating system does not get the latest security patches which is a huge risk for the environment.

How can we find weak/vulnerable passwords set in our organization?
Passwords are stored in security hashes in AD and the same can be exported by tricking the DC with a Repl command. But once you get the Hash, you need to identify which word the Hash looks like.
Some of the common passwords we have seen are Welcome, Password, The Name of the company, ACRONYN for the company.
So once you figure out common possible password and their hashes, it’s just a matter of matching them with your extracted password Hashes and identifying the passwords. There are tools also available which can do this for you. Believe me, it’s a lot easier for a hacker than it sounds here.
How often an external cyber security Scan of my an organization to be performed?
We would suggest at least once a year, New vulnerabilities keep coming into the environment, let alone human behavior which creates maximum loopholes. The environment should be validated often to ensure it’s still protected and if there is any new control or upgrade required to protect against the current vulnerabilities.
How do I secure my file servers?
Securing file servers should follow the practice of the least access model, and provide people only the access that they need, one could employ tricks like bypass traverse checking, etc to ensure the least access model. Of course, you have to ensure the User IDs that are being used are not local users but a fully secured Onprem AD or Cloud Identity.

It is also favorable to replace traditional file servers with newer options like SharePoint, Dropbox, Box, or One Drive, etc. because they offer modern security features and are constantly updated by the provider being a SaaS offering.

How do I secure my firewall?
A firewall works as the gateway security of your organization, it is of utmost importance that they are in their best health and always perform to their highest ability. A few things to ensure your firewall works to the best is, to always keep them licensed to the highest spec possible. Providers offer different licenses for Intrusion prevention, Threat Protection, Real-time Data packet inspection, Application Control, Content filtering, Deep packet inspections, etc. While each of them might cost you a little bit of extra money, the value they add is extensive.

While you add all these features to your firewall, it is also of utmost importance that you buy an adequately sized firewall to ensure it’s able to perform all the checks on your inflow data in time without getting overburdened and slowing down your network.

Apart from this, firewalls offer configuration where you should again follow the principle of least privilege in terms of Port Forwarding or NAT where needs to be configured. Integrating the login of the firewall to LDAP users instead of local user accounts is a great practice as well.

PENDING - What are the 10 most important things to secure my environment?
Why should you have single identity in the organization?
Smaller organizations often end up having multiple local users created in many different software including local user accounts on PCs. This not only leads to the inconvenience/loss of productivity for the users but they also end up storing credentials at compromising locations risking a possible leak. Also, it is almost impossible to secure different user accounts at all locations hence we recommend using Active Directory or Azure Active Directory as your single source of Identity or user accounts. Most modern applications can do an LDAP bind or SAML/Oauth integration to onprem AD or Azure AD respectively. Additionally, it is also highly convenient to set up multi-factor authentication, Password policies, and monitoring on that single identity source to ensure it is fully secured and being constantly watched.
What is the benefit of using Azure AD?
Azure Active Directory is a modern, secured Identity solution with almost zero maintenance given its PaaS service & highest level of configurable security, and modern monitoring and AI-driven risk detection mechanism.

By using Azure AD as your principal Identity you get free from maintaining on-premise domain controllers and get all the security and AI features at a fraction of the cost.

Once your applications and PCs (Modern Management, Azure Joined PC) are authenticating to Azure AD, it’s a breeze to set up Multifactor authentication, Smart AI risk detection, and other security features that MS offers today or will upgrade to in the future.

What is Modern Management of workstations?
The modern workforce is mobile. It works from anywhere and is not confined to the boundaries of the office. It needs to be protected on the go and yet needs to be flexible enough to achieve productivity. Modern management of PCs is the replacement of traditional active directory joined PCs and On-prem File servers with a solution that remains on the go like Azure AD joined PCs, Intune Managed, and using Office 365 solutions such as OneDrive and Sharepoint for storage. Contrary to the general understanding of mobile workstations being a risk, with the right kind of security in place with the help of Intune, Azure Rights Management, Data loss prevention (DLP) policies and Bit locker encryption a mobile PC can be more secure than a traditional desktop joined to LAN in an office.
Why should I secure LDAP communication on Domain Control?
LDAP binds are usually made by applications to authenticate user information, hence during such sessions, user information including his provided password is passed to the domain control. In the case of LDAPs (aka secured bind on port TCP 636) the information is encrypted and if the information packet is hacked over the network it cannot be decoded or read, however, if there is no Cert of DC and LDAP is being used then the passwords are passed in clear text which can be hacked and read by a malicious agent in your network.
PENDING - What are the most important aspect of Backup Planning?
Is it beneficial for my organization to move to Cloud?
Well, it’s a more complicated answer than simple yes or no and I think the sweet spot exists in a sort of a hybrid existence for most organizations. It’s a must for organizations to not waste any more time and energy to maintain on-premise email or file server solution when you can get an Office 365 subscription with Terabytes of storage and a world-class email solution (Exchange Online) for as low as $6 (USD) per month. There are other solutions for file storage as well like Dropbox, Soonr, etc which also offer competitive pricing. The SaaS offers security features and managed offerings so you don’t have to take any backups etc which is very expensive to achieve on-premise, especially for a small/micro business with 5-10 employees.

But at the same time, it may not be in the best interest financially for a small organization to dump their existing Hardware and move to Azure or AWS IaaS services like VM/ Storage, etc. Because even the smallest size of the VM comes at a high monthly cost, generally the cost of a similar physical server is divided into 36-48 months. However, our experience says good high-end hardware on-prem easily lasts for over 10 years for a company. And apart from VM you still have to spend money on Backup and monitoring etc of IaaS infra same as onprem Data center.

IaaS makes a lot of sense for applications where scale up/down and scale out of required on the fly but as a replacement for on-premise static servers like AD, SQL DB (you can use SQL PaaS instance) etc it might be too expensive to maintain.

Is my data secured in cloud? Who can access my data in cloud?
The short answer is yes. All the data that is stored in cloud providers is generally encrypted which means even their administrator will have a hard time getting access to it. However, they are admins if push comes to shove they can retrieve it (sometimes for your good like when you deleted it accidentally). Their whole business relies on trust, so why would they do anything to break it? On the contrary, your data is a lot insecure on-prem because most small organizations cannot achieve the level of physical, electronic, or technology security that a cloud provider does for its clients. Also when your data is on-prem it’s fully visible(at least the location of it) to the people who know its value to your business and its value which can be achieved by stealing it or using it for other motives.

So yes, we believe it is very beneficial for your data to be unidentifiable in the vast sea of data secured by industry-leading security with a cloud provider.

Why should I migrate to office 365?
We believe Office 365 is the highest-valued offering today in the market. Even a single-user organization can pay as low as $6 (USD)per month to get an enterprise-grade email solution, 5 Terabytes of encrypted storage, Teams as a one-stop communication solution, SharePoint online platform with unlimited capability to develop solutions, and many more features. With the level of security and productivity solutions that Office 365 offers, it’s almost impossible for even enterprise businesses to achieve similar outcomes with the coffers of money they have access to. Microsoft is further increasing Office 365 seamless integration with your devices with the latest upgrades of Windows like Win11.

It’s a no-brainer, every business should use Office 365, and most big businesses in the world today do use the Office 365 platform.

What is the Zero trust security Model?
Today’s security does not believe in permanent admin access for anyone in your environment, gone are the days of having 15 domain admins and 5 global admins assigned permanently to your on-premise or cloud setups. We believe high privilege rights should be just in time with proper reasoning and approval to achieve the outcome and then revoked post that.

Office 365/Azure offers easy options to set up PAM (Privilege access management) solution with Azure P2 license where you can create flows to assign or revoke with approval of privileged roles like Global admin or exchange admin etc. Achieving a similar solution on-prem might be a more costly exercise and can involve implementing a PIM solution and setting up a bastion forest to achieve the outcome. However, we believe a similar outcome can be created by running scheduled scripts to revoke admin privileges from accounts and assignments should be done by a division of authority instead of one person or team owning the process end to end.

What is the easiest way for someone to Hack my Organization?
Any operations whether big or small have people and passwords (they are like keys). Now all attacks ultimately happen because of either of them or a combination. It’s always a question of how gullible your people are and how unsafe your passwords are in strength and physically. Scammers are always trying to find the passwords for your organization and they use many methods

Phishing Emails: Emails sent to you and your people pretending from the bank and asking for confidential info including PINs and Passwords.
Physical devices like Laptops/Phones with weak passwords stolen can reveal your passwords.
Guest connecting to the same network in your office, are already inside they can sniff passwords if sent in clear text over the network
No Lockout policy, A brute force attack (trial & Error of password) can lead to the breaking of your password
Distributing admin logins to non-required people or business accounts.

What is Microsoft Tiered security Implementation (Tier0,Tier1,Tier2)?
To Prevent misuse of credentials and to make them very safe, Microsoft recommends using different sets of credentials for different levels of tasks. Goes without saying a business user credential should have no admin privileges but at the same time highest admin credentials like domain admins (who have the privilege to do most activities in your organization) should not be used to log on to a lower tier system (compromising its own security/Keylogger/Password theft) like a file server or application server or worst a laptop.

Different admin accounts are created for Tier 0, Tier 1, and Tier 2 activities and security is implemented to ensure higher privilege accounts are unable to login to lower tier machines to ensure they are not used for such purposes.

Read more here at this link:
https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-access-model

Why should I have MFA for all my external connection?
The simplest security analogy I can think of is privacy lock vs Deadbolt locks. Inside our homes, we have privacy locks in toilets, bedrooms, etc but at the main door of our house, we always put a deadbolt or a keyed security lock. This is because inside our house we may need privacy from other members but we are not in danger from them so a simple password /privacy lock is enough to protect us within the confines of our office network/home but when we are connecting from outside/outside our home/Main door, the requirement for the security Lock is very high we want it as safe as possible because someone from outside we don’t just need privacy, we actually need protection. Adding multi-factor authentication to all our external user connections like VPNs, and port forwarding triggering like RDP provides that added level of security and protection, so that another external party if tries to use the same route or connection, has to face that additional security not just a password.
Similarly, all external app-based connections should be secured by certificates/encryption.
Why should the computers be upgraded from time to time?
Performing Windows security updates and getting the latest version of Windows is one of the best security enhancements for your organization. Vendors including Microsoft spend billions of dollars to identify new threats and incorporate features to protect us from them.

TESTIMONIALS

What People Are Saying

Testimonials

Pledge Technologies understands our service needs, and their expertise allowed us to feel confident that they can address our issues responsively at critical times when applications ...Read More

Scott Trowbridge
Managing Director
HSMC

Testimonials

The City of North Lauderdale has been using the services provided by the Pledge Technologies group for over 8 years.  Pledge Technologies has been our “go to” vendor for support ...Read More

Charles Wolfe
City of North Lauderdale

Testimonials

We would like to express our satisfaction with the cooperation regarding the office 365. Everyone is professional, excellent, ...Read More

Rahul Pratap Singh
Delhi Electric Company

Testimonials

I have been working with Pledge technologies for over 5 years and I have to admit how impressed I am with their professionalism, knowledge,   ...Read More

Kourosh Rashidi
Director
Storm Computers & Networking

Testimonials

5 Stars from excellent service and support to the entire team. They have been very helpful at any point in time. Much much appreciated...Read More

Deepti Oberoi
Rising Straits Capital Advisor

Testimonials

I would like to thank Pledge Technologies for seamless services provided to our organization. We sincerely appreciate your efficient...Read More

Nitin Mehra
Administration Manager
Elements Global Services

Testimonials

My team has called the help desk(Pledge Technologies) many times over the past two years. Every time, the problem has been resolved ...Read More

Manisha Agarwal
Director
DSRV and CO LLP

Pledge Technologies Pty Ltd

Kellyville, NSW 2155
Email: [email protected]

We would love to hear from you...