guide

Big picture guides including for implementation, understanding system flows etc

Measures to Address Cyber Attack

by

A cyber attack is a malicious attempt to breach or damage networks and digital devices, often with the intent of stealing data, causing harm, or compromising the security and privacy of the organisations. Cyber attacks can take various forms, and they continue to evolve as technology advances. However, we are well aware of these issues and we have accumulated a lot of experience hosting cloud-based services since 2003. We have a number of measures in place to address this.

1. This includes firewalls, getting the latest security patches and limiting access to our front-end servers. The main risk (if you have been following as to why these happened), more often than not the risk comes from compromised passwords and internal security breaches. It’s generally a careless or disgruntled employee that is the biggest risk (for both us and for the organisation). We have very limited server access and people that do have access are long-standing, loyal and happy employees.

2. Also, please note that most hackers are after fame or fortune (or both) and both our organisations are generally not on the hacker’s radar. They go for big names as that helps to ensure headlines as well as the potential for blackmail. In our case, if we were breached or infected with ransomware, we would simply go and activate our backup servers and shut down and format the infected (virtual) machines.

3. We have recently (in the last few months) introduced 2FA authentication as well as strict password complexity and password change requirements at the client’s end. These measures also ensure greater security and reduce risk.

4. We are introducing further measures shortly including having mirror servers in Brisbane as well as already having this in place with our existing hosting provider in Melbourne. We also backup all data and files and maintain multiple copies of them (for up to two weeks) to ensure easy restoration in the event of a breach or server failure.

We will also start keeping data backups for 3-6 months as well as keeping it in multiple locations (including AWS cloud) Please rest assured, in the unlikely event of a breach, we will notify you and keep you updated.

Some steps you can also take at your end to ensure greater security

1. Please check all your current user accounts in TEAMS and remove any old and unused accounts.

2. If you have a fixed IP address (or a set of addresses) that you use to access the internet please inform us and we can show you how to limit access from those IPs only.

3. Make sure that you regularly audit your users as well as their access and permissions so they are not allowed into parts of the system that they don’t need to.

4. If you can please advise on the above points and we will keep you informed from our side.

Email Deliverability Issues?

by

Having difficulty with your emails being delivered to your students?

The fix is easy, you need a SPF record for your college’s domain (website)

What is SPF?

Sender Policy Framework (SPF) is used to authenticate the sender of an email. With an SPF record in place, Internet Service Providers can verify that a mail server is authorized to send email for a specific domain. An SPF record is a DNS TXT record containing a list of the IP addresses that are allowed to send email on behalf of your domain.

https://dmarcian.com/what-is-spf/

Still confused about SPF?

Please find below an excellent video explainer from YouTube
(if you would like a deep dive on the subject)

So what do you have to do?
Add an SPF record with our IP Addresses for your college’s website.

What are the steps to do that?

Please get in touch with your domain host.
Contact them via their ticketing system or email them.
Simply ask them to add a TXT entry below to your website’s DNS records. 

v=spf1 ip4:221.121.139.60 ip4:27.50.74.67 ip4:27.50.74.68 ip4:118.127.57.139 ip4:118.127.57.141 ip4:43.250.204.60 ip4:43.242.69.134 ip4:43.242.69.132 ip4:43.242.69.131 -all

Important: If you already have an SPF record entry on your domain, you will have to add our IP addresses to the end of your existing TXT entry and make sure there is only one -all at the end of the entry.

VERY IMPORTANT: You MUST ONLY have one SPF entry per domain. Do not make a second entry as this will fail and will not be validated by the external email handlers.

Still having issues?

Have you already added an SPF record and it is still not working?!

the devil is in the detail… Please check the following –
  1. Double check the list of IP Addresses above. Make sure that all the IP addresses above are included. We have a number of servers that host our software and if you do not have all of them added, it could still fail.


  2. Very important: Notice in the SPF entry above the last bit of text in the entry is -all.
    It needs to be -all not ~all. If you have a ~ (tilde) instead of – (hyphen) your emails will still fail to be delivered and quite possibly go into SPAM.

    Why? Using a hyphen means you are specifying a hard fail SPF record and using a tilde means a soft fail SPF record. Here’s a great article on the subject (if you are nerdy or curious enough to read it).

    I will repeat: If your email is still not being delivered and going to the SPAM folder (which is as good as not being delivered), you need to use a hyphen instead of a tilde. Please get your old / existing SPF record edited to make sure that you are using a hyphen in the last part.

    We used to recommend using tilde many years ago (sorry about that!) but times have changed on the internet and only a hard fail SPF record is the best way to go nowadays.

  3. Only one SPF entry per domain. This has already been mentioned in this post but it cannot be reiterated enough. It is crucial that you DO NOT add a new SPF entry if you already have an existing one. Edit the existing one to include all our IP Addresses that have been listed in our entry example above.

Ok it’s done! We got the SPF record entered in our domain, now what? (I hear you ask)

Once it is done, you can check and make sure that the entry is visible on the internet by using this SPF validator tool.

example SPF record check entry

Just type your college’s domain name and click on SPF record lookup button.
If you see an entry with all our IP Addresses added in the SPF record then you are good to go.
All going well, your emails should now start getting delivered to your students and not bounce back nor go into SPAM. Hooray! Happy days!!!

Final Note: When you have the SPF entry done by your domain hosting provider, it may still take at least 8 to 48 hours for these entries to take effect and propagate across the Internet. If you want it done sooner, you can request your ISP to reduce the TTL (time to live) value temporarily to something ridiculous like 600 (which means 10 minutes) instead of the default of 28800 (which is 8 hours in seconds). After about a day or so, it wouldn’t matter what your TTL value is and it can be made as high as 86400 (which is how many seconds there are in a day). Sorry if this is too much information but we have encountered clients at times who need to get this done in an emergency and don’t have the luxury to wait 8 to 24 hours. This is an emergency workaround which may help in that situation.

Hope this helps and you are able to resolve your email sending issues.
Please feel free to contact our support team if you require further assistance and the issue is still not resolved.
Thank you and all the best!