The capacity to tap into enormous volumes of data to enable real-time, intelligent decision-making is of crucial importance for any smart building. Builders need a dependable and adaptable communications infrastructure that can serve both current and future use cases. Security is paramount to all digital technologies as traditional WiFi deployment architecture has become vulnerable. Builders and contractors must consider addressing these constraints to improve the experience of residents using WiFi in smart buildings.

Constraints over deploying WiFi in smart buildings: -

1. Leave no blind-spot - Someone might require network access in lobbies, meeting rooms, and other common areas. Physical security management teams increasingly require comprehensive coverage. Wireless IoT sensors could be deployed at elevator shafts, maintenance rooms, roofs, & parking garages. 
   
2. Cabling and installation - Twisted pair cabling improves the WiFi 6 and 6E performance. Category 6A cable should be installed as PoE (Power over Ethernet) devices get more complex, and frequently require more power to function. Ensure safe delivery of high electric watt supply to WiFi APs (Access Points), UHD (Ultra-HD) security cameras, IoT sensors, and PoEs.
   
3. Antenna and Radar - Antenna types such as yagi, panel, and parabolic are better alternatives for coverage and performance in regions with concrete or plaster walls or huge metal machinery. The interior-exterior environment such as office spaces, atriums, parking garages, maintenance, or engineering floors often decides the type of antenna to be deployed. WiFi access points with built-in antennas must be created for conventional office area deployments. This will bypass the physical obstacles such as drywall, cubicle barriers, office-grade doors, and glass panes.
4. Network subnetting - Strict WiFi access controls must be implemented by employing micro-segmentation to mitigate malware outbreaks and service disruptions. LPWAN (Low-Power-Wide-Area Networks) provides ease of deployment, and ultra-low power consumption is required to scale with low-computing, battery-operated IoT sensor devices. LPWAN system requires a single base station to link thousands of scattered endpoints across the building utilizing the basic star topology. LPWAN utilizes sub-GHz frequencies. This helps to avoid excessive interference from old wireless systems functioning in the building at 2.4 GHz range. This ensures long-term network dependability. At the end of the day, the robustness and reliability of your WiFi systems will determine whether your smart building architecture succeeds or fails.

The range of smart building applications is enormous, and it's developing all the time. As a result, in order to take advantage of everything that this transition has to offer, both existing broadband networks and future low-power IoT connections will need to coexist in the wireless architecture.

WiFi deployment in smart buildings helps in: -

1. Occupancy and damage detection - Integrating different systems over WiFi in smart buildings can help in regulation of safe distance measure and sanitation operations. It can also detect faults in time and prevent avoidable maintenance and energy expenditures.
2. HVAC and access control systems - Smart building systems can reduce utility expenditures, carbon emissions and increase tenant satisfaction by installing AI-enabled HVAC (Heating Ventilation and Air Conditioning) systems. Smoke detectors, window/door sensors, intrusion, and fire alarm systems can also integrate with HVAC and the system can identify irregularities proactively to resolve them early on.
3. Monitoring of the environment & consumables - Smart building systems can monitor IAQ (Indoor Air Quality) conditions to enhance the health, comfort, and well-being of building occupants and to lower the risk of respiratory complaints. The WiFi enabled system can also monitor in real-time how much hand sanitizer, soap, paper towels, and toilet paper is being used in the building. To guarantee timely refills and the health and safety of tenants, receive notifications when products are running short.

Centex Technologies provide IT and networking solutions for establishments. For more information on deployment of WiFi for smart buildings, call Centex Technologies at (972) 375 - 9654.

What Is Multi-Cloud?

Multi-cloud means utilization of two or more public cloud service providers to serve the needs of IT services and infrastructure of an organization. The organizations may choose the best services from different cloud service providers based on multiple factors such as cost, technical requirements, geographic availability, security, etc. A simple example is where an organization uses one cloud service provider for development/test, one for disaster recovery, and another to process business analytics data.

Alternatively, an organization may leverage multiple public clouds in combination with private cloud deployments and traditional on-premise infrastructure.

What Is The Purpose Of Multi-Cloud Approach?

Here are the reasons why an organization should adopt a multi-cloud approach:

• Overcoming Data Gravity: Data gravity refers to the idea that it is difficult to move or migrate large data sets and thus, it is important to store the data in proximity with applications and services used to analyze them. Using a cloud-attached storage solution that connects to multiple clouds simultaneously can help in overcoming data gravity. Efficient solutions help in reducing latency by hosting data in close proximity to cloud data centers.
• Optimizing Work Loads: Every cloud service provider offers its own set of physical infrastructure components and application services, while releasing new features on a regular basis. Thus, no cloud service provider can provide cost-optimized services. By adopting multi-cloud approach, organizations have an option to select most suitable provider for every workload leading to enhanced application performance.
• Avoiding Vendor Lock-In: Vendor lock-in refers to a situation where it becomes difficult for an organization to transfer its business away from one service provider to another service provider or back to on-premise infrastructure. However, by adopting multi-cloud approach, an organization has the flexibility to transfer its application to any cloud service provider which allows the organization to take advantage of new technologies.
• Additional Benefits: Multi-cloud approach serves the purpose of enhancing disaster recovery capabilities, meeting regulatory compliance, curbing shadow IT, elevating application performance, etc.

How To Monitor Multi-Cloud Strategy?

• Use monitoring tools designed specifically for multi-cloud environment.
• Leverage a configuration management database.
• Adopt a mechanism that can sense, analyze, adapt, and visualize to help admins resolve outages.
• Use monitoring tools that support automation.

For more information on implementation of multi-cloud for organization, call Centex Technologies at (972) 375 - 9654.    

View Full Image

Voice over Internet Protocol or VoIP is also known as IP Telephony. It is a method of delivering voice communications and multimedia messages over Internet Protocol networks. The technology converts the voice signals into digital signals allowing the user to make a call directly from a computer, VoIP phone, smartphone or any other digital device with an internet connection and VoIP application.

Switching to a VoIP telecommunication system offers an array of benefits for businesses:

• Low Cost-Per-Call: A VoIP telecommunication system converts the communication data into packets and sends it over the IP network as opposed to the traditional telephonic communication channels. In case of traditional methods, calls are placed using phone lines which means a line is taken up by two callers. Since there is a limit to number of phone lines, the calls are expensive, specifically if they are long distance. On the other hand, in case of VoIP, the use of office internet connection to relay communication data makes domestic as well as international calls cheaper.
• Service Mobility: In case of traditional phone system, a line that runs to a business is assigned its own phone number. This results in limited mobility as user is required to remember right codes for accessing the messages sent to that phone number (when receiving messages on a separate device outside the office). However, VoIP system eliminates the physical limitations and the users can move freely as per the business requirements and avail the communication services on any device equipped with an internet connection and the VoIP application.
• Efficient Client Interaction: Business needs may require employees to travel which may result in missing important client calls or communications, if using traditional phone systems that are wired to the employee desk inside the office. On the contrary, when using a VoIP system, employees can choose where the call rings and how. For example, the system settings can be made in a way that first few rings are sent to the office. If the employee doesn’t answer, further rings can be forwarded to another device, say a mobile phone or laptop. This helps employees to attend important calls irrespective of their location which improves the efficiency of client interactions.
• Multi-Functionality: VoIP systems offer an array of additional communication services like instant messaging, presence status, teleconferencing, video conferencing, etc. The systems also allow the users to receive voicemail and faxes over their email. These services enhance the efficiency of business communication within and across the teams.

For more information on why a business needs VoIP, call Centex Technologies at (972) 375 - 9654.          

Pirated versions of popular games such as Grand Theft Auto V, NBA 2K19 and Pro Evolution Soccer 2018 attract a large number of gamers as they can download these versions free from different forums. However, there might be a hidden cost associated with these pirated versions of popular games. It has been reported that threat artists are using the cracked or pirated versions of popular games to distribute malware. This malware aims at secretly mining cryptocurrency using the infected systems.

The threat has been identified as Crackonosh and has been found to be active since June 2018. The malware wipes out the antivirus programs installed on the target system and uses the system for mining cryptocurrency.

Understanding Crackonosh

The main aim of Crackonosh is to install XMRig on the infected system. XMRig is a coin miner which is then used by the threat actors to secretly mine Monero cryptocurrency using the cracked software downloaded on the infected machine. Reports suggest that the threat actors have mined over $2 Million, or 9000 XMR in total. As of May 2021, the malware was reported to be still getting about 1000 hits a day.

Here is a brief account of how the malware operates:

Disabling Antivirus

Crackonosh caught the eyes of researchers when a large number of people reported that Avast Antivirus programs were removed from their systems. The malware has the capability to remove antivirus software and disabling security software & updates in addition to the use of other anti-analysis techniques. This makes it harder to discover, detect and remove the malware. Crackonosh can delete antivirus programs that use the command - rd <AV directory> /s /q; where <AV directory> is the default directory name that specific antivirus product uses, for example Adaware, Bitdefender, Escan, F-secure, Kaspersky, McAfee (scanner only), Norton and Panda.

Infection Chain

Here is the brief infection process:

• The target downloads and installs the cracked or pirated software.
• The installer runs maintenance vbs and starts the installation process using msi.
• msi registers and runs the main malware executable serviceinstaller.exe.
• The executable installs a file titled DLL, which extracts winlogui.exe and downloads winscomrssrv.dll and winrmsrv.exe.
• These files are contained, decrypted and placed in the folder.

Disabling Windows Defender

The malware deletes Windows Defender and Windows Update by deleting a list of registry entries. The motive is to stop Windows Defender and turn off automatic updates. Later, it installs its own MSASCuiL.exe instead of Windows Defender, which adds a Windows Security icon to the system tray. This tricks the user and prevents him from discovering the removal of original Windows Defender.

Conclusion:

Crackonosh attack re-emphasizes on the fact ‘when you try to steal a software, chances are someone is trying to steal from you.’ Such attacks can be prevented by steering away from downloading and using pirated or cracked software. Also, stay cautious and download software from authentic developer.

Centex Technologies has a team of cyber security professionals who help clients in understanding latest cyber security threats and formulate an effective defense strategy. To know more about latest malware attacks, call Centex Technologies at (972) 375 - 9654.

“Disaster Recovery As A Service” or DRaaS can be defined as a cloud computing service model which allows an organization to back-up its data and IT infrastructure on a third party cloud computing environment. It also provides disaster recovery through a SaaS solution to help an organization regain access and functionality to IT infrastructure after a disaster.

Benefits of DRaaS:

Cost Efficiency:

The most important components of disaster recovery include:

• Preventive measures that reduce the risk of man-made disasters
• Detective measures aimed at identifying disasters at the earliest
• Corrective measures to restore lost data and allow affected organization to resume business operations at the earliest, in case a disaster occurs
• Disaster recovery planning includes using innovative hardware, software and performing on-time updates.

In order to achieve these goals, organizations need to run regular analysis of potential threats, maintain IT systems in optimal conditions, and seek innovative solutions focused on cybersecurity. DRaaS providers take care of these requirements with high efficiency. They also include cloud-based data management where resources are replicated to many different sites to ensure continuous backup even if one site is not available. This helps in reducing the risk of disaster and reduces the cost incurred due to downtime after disaster.

Increased Employee Productivity: In order to execute a disaster recovery plan, it is important that employees should know their roles and responsibilities. When specific roles and responsibilities are assigned in advance, it will increase effectiveness and productivity of the plan. It is important for organizations to have at least two employees who can perform one task. This allows the organization to implement disaster recovery plan even if one of the employees is not available.  Opting for DRaaS allows the organization’s employees to focus on their own tasks as the disaster recovery is managed by the well-trained team of the service provider. Most managed service providers also train employees of the client to handle disaster recovery plan.

Scalability: When a disaster recovery plan is designed, organizations also take scalability into account. The recovery plan should be able to manage increased organizational resources resulting from business growth. Opting for DRaaS allows easy scalability as organizations are just required to convey increased requirements to the service provider and pay accordingly.

Centex Technologies offers an array of managed services to its clients. The services are aimed at ensuring smooth operations and security of clients. To know more about Disaster Recover As A Service (DRaaS), call Centex Technologies at (972) 375 - 9654.

DevOps methodology has significantly improved software development by breaking down the traditional barrier between development & IT teams. This collaboration of distributed teams helps in reducing the timeline of software development. However, the ultimate goal of DevOps – which is 100% automation across Software Development Lifecycle (SDLC) – remains unachieved. Some business organizations still seem to be struggling with how to integrate DevOps in overall business processes.

These challenges can be maneuvered by adopting AI. The highly distributed nature of AI toolsets helps in reducing operational complexities of DevOps methodology. AI also improves the accuracy, quality and reliability of DevOps by streamlining and accelerating different phases of software development.

Ways in which AI transforms DevoPS:

• Testing: DevOps includes a number of testing processes such as unit testing, regression testing, functional testing, and user acceptance testing. These testing processes generate a large amount of data and analyzing this data can be overwhelming for the DevOps team. AI implements pattern recognition to make it easier to analyze and categorize the data. After analyzing, it also provides insights on poor coding practices and errors to help code developers identify areas for better performance.
• Data Access: The productivity and efficiency of DevOps team is highly stalled by lack of adequate access to data. This hinders the team’s ability to leverage data for decision-making. AI-powered data mapping technologies integrate a myriad of data from different sources & streamline it for consistent & repeatable analysis. It helps teams uncover valuable insights for decision-making.
• Real-Time Alerts: Prompt alerts are helpful in promoting rapid response. However, when DevOps teams receive multiple alerts with same level of severity, it becomes difficult for them to react effectively. In such situations, AI helps in prioritizing most critical issues by collecting diagnostic information pertaining to every issue. In addition to prioritizing the issues, AI also suggests prospective solution based on magnitude of alert, past behavior, & source of alert. This facilitates faster remediation of the issue.
• Automation: Integration of AI with DevOps significantly improves the automation quotient by eliminating or reducing the need for human intervention across processes from code changes to deployment.
• Security: DevSecOps is an extension of DevOps that ingrains security into DevOps workflow. It automates core security tasks across software development lifecycle. AI based anomaly detection techniques help teams to accurately spot threats to their system and secure it proactively.
• Collaboration: AI plays an important role in improving collaboration between DevOps teams by facilitating a single, unified view into system issues across DevOps toolchain.
• Software Quality: AI improves the quality of software by auto-generating and auto-running test cases on the code. AI-based testing tools eliminate test coverage overlaps and fasten the process from bug detection to bug prevention.

Centex Technologies offers software development services for organizations. To discuss your software requirements, call Centex Technologies at (972) 375 - 9654.

View Full Image

In a dynamic cyber security environment, it is important to test the security protocols of your web application at regular intervals. An effective approach is to check how the security system will react if the application is actually attacked.

Web application penetration testing is a simulation technique that simulates attacks against the web application to help developers and cyber security teams identify any cyber security flaws, weaknesses and vulnerabilities for timely remediation. This type of testing can be used to identify vulnerabilities across web application components and APIs including backend network, database and source code.

Types Of Penetration Testing:

Depending upon the location of attack, web application penetration testing can be classified into two types:

• External Penetration Testing: In this type, the web application is attacked from outside. The penetration test simulates the way an external attacker would launch an attack against the web application. This type of testing helps in checking firewalls and server security protocols.
• Internal Penetration Testing: In this type of penetration testing, the attacks against the web application are launched from within the organization. The testing is usually performed through LAN connections. The goal off internal penetration testing is to identify vulnerabilities that might exist within the firewall. This type of testing helps in understanding the reaction of web application security system in case of a malicious insider attack.

Another important aspect of consideration when testing web application security is level of access. Following types of web application penetration testing can be performed to test the level of access and scope of knowledge:

• Black Box Penetration Testing: This type of web application penetration testing simulates cyber security attacks that may be launched by external attackers who have no prior knowledge of targeted system.
• Gray Box Penetration Testing: This type of web application penetration testing checks the response of security systems in case of an insider attack launched by internal threat actors having user level access to certain systems.
• White Box Penetration Testing: This is a comprehensive penetration testing that simulates cyber security attacks that may be launched by a threat actor having root level or administrator access to the web application servers and data.

How Is Penetration Test Executed?

Planning:

• Define the scope of test.
• Provide required information and documentation to the tester.
• Determine success criteria of the test.

Execution:

• Run the test several times.
• Follow pre-defined success and reporting criteria.
• Create a clear & detailed report.

Post-Execution:

• Provide recommendation for remediating vulnerabilities.
• Re-test to check if remediation was effective.
• Once all tests are concluded, revert the system to original configuration.

For more information on web application penetration testing, call Centex Technologies at (972) 375 - 9654.         

View Full Image