Author: Samuel French

Samuel is the other founding member of Music City Technology. Although he shares many roles with Ryan, Samuel focuses mostly on technical planning and project execution. His attention to detail is often seen throughout Music City Technology’s technical documentation. Outside of his traditional IT responsibilities, Samuel also heads up any media or design tasks that trickle in from time to time. (like this website) When he’s not spending time with his wife and daughter, Samuel likes to catch up with friends over video games. He is the resident polymath. Although all his favorite and most consistent pastime is learning new skills, his wife would say, his hobbies change with the wind.

Categories
Job Openings

Help Desk Technician

Help Desk Technician

multiple positions available

We are seeking experienced Help Desk Technicians to be the frontline in supporting our diverse clientele. If you have a knack for problem-solving, a passion for technology, and a dedication to customer service, we’d love to hear from you.

Responsibilities:

  • Provide exceptional support for our clients’ IT needs
  • Troubleshoot various technology issues
  • Collaborate with a talented team to develop and implement solutions

Qualifications:

  • Previous experience in IT support or related field
  • Strong communication and interpersonal skills
  • Knowledge of current IT technologies and systems

How to Apply:

To apply for any of our current openings, please submit your resume and a cover letter detailing your relevant experience and why you want to work with MCT to [email protected] or use the form below.
Categories
Uncategorized

A Remote Access Alternative

A Remote Access Alternative

+ a guide for setting up Guacamole 1.5.1
In an age where data breaches and security oversights seem to be rampant, it’s becoming increasingly difficult to trust even the biggest cloud-based IT tools like TeamViewer and LastPass. Sure, these established names offer numerous benefits, but their very size also makes them prime targets for cyberattacks. As an alternative, self-hosted tools are available to help lower your threat surface. But a word of caution: diving into self-hosting isn’t for the faint of heart, and you should only pursue it if you have a solid IT background and understand the potential risks of misconfiguring such services, especially when it comes to remote access.
Now, I want to be clear – this isn’t something I plan to put into production for MCT clients unless we can allocate the resources needed to thoroughly test and assess from a security standpoint. In fact, our partnership with Keeper could provide the peace of mind that’s often hard to come by when dealing with open-source projects. More on that another time, perhaps.
The idea of exploring remote access alternatives to major cloud-based IT tools like TeamViewer, ConnectWise Control (formerly ScreenConnect), and Splashtop was sparked by two key factors. Firstly, the requirement of proprietary client software. With recent breaches like the 3CX client, we should be reminded that threats don’t always come from the outside, and we shouldn’t overlook the potential threats that start from a trusted source internally. Secondly, solutions like Keeper’s Connection Manager (built on Guacamole) enable secure credential handling and sensitive data auditing without the need for copying and pasting passwords or exposing them in plain text. This added layer of protection is invaluable for managers and employers, ensuring they know who is accessing what and offering a secure way for employees to work remotely.

Does your remote control tool have these options?

  • Disabling clipboard access: This prevents unauthorized copying and pasting of sensitive data, ensuring that confidential information remains secure.
  • Graphical session recording: This feature allows managers and employers to review sessions in detail, which can be crucial for accountability and resolving any disputes that may arise.
  • TOTP two-factor authentication: Enhancing login security by requiring an additional layer of authentication, such as a one-time password generated by a user’s mobile device, significantly reduces the risk of unauthorized access.
  • Account restrictions: Employers can set limits on user accounts, such as restricting access to specific resources or setting time-based access rules. This level of control helps maintain a secure remote work environment and prevents abuse.

if your existing remote access software doesn't have all the features listed above you're opening you and your company up to unnessary liability. Give us a call to discuss a solution that can increase security and convenience. (615) 200-8045.

Before diving into the setup instructions, I want to emphasize that these instructions are intended for IT admins and technical staff to help with their setups. My intention for providing these instructions is to offer a clear and up-to-date guide on getting Guacamole up and running, as many online tutorials are either outdated or require Docker. I strongly recommend that you only attempt this if you have experience with hosting, virtualization/hypervisors, and Linux. Proceeding without the necessary background and understanding could result in unintended consequences. Furthermore, once you have the Guacamole site up and running, you should look into hardening the security of the web app.

With this understanding, please note the following assumptions for this guide:

A fresh Debian 11 installation on a VM
Native installation, not Docker
Tomcat9 or earlier is required, as the latest version of Tomcat is not compatible
I will not be providing further instructions for security hardening the install, like forcing HTTPS and network restrictions
This guide is for the latest version of Guacamole, 1.5.1
With that said, let’s get started.

  • A fresh Debian 11 installation on a VM
  • Native installation, not Docker
  • Tomcat9 or earlier is required, as the latest version of Tomcat is not compatible
  • I will not be providing further instructions for security hardening the installation, like forcing HTTPS and network restrictions
  • This guide is for the latest version of Guacamole, 1.5.1

With That Said, Let's Get Started!

				
					# Update all the things
sudo apt update
sudo apt upgrade
				
			
				
					#If you run into permissions or sudoer problems you can either login as root using "su -" or temporarily add your user to the sudoers group. (which is what I did)

su -
apt-get install adduser
apt-get install sudo
sudo apt install passwd
sudo usermod -aG sudo Yourusername





				
			
				
					#After adding the user to the sudo group, you can switch back to the mct user with the following command:

su - Yourusername

				
			
				
					#You can confirm if the permissions to the user were applied correctly by running the following:

sudo -l -U Yourusername
				
			
				
					#Install the required packages

sudo apt install default-jdk maven libjpeg-dev libpng-dev libtool-bin autoconf automake make libcairo2-dev libjpeg62-turbo-dev libpng-dev libossp-uuid-dev freerdp2-dev ghostscript libavcodec-dev libavutil-dev libswscale-dev libtelnet-dev libvncserver-dev libpulse-dev libssl-dev libwebsockets-dev libtool-bin tomcat9 tomcat9-admin tomcat9-common tomcat9-docs tomcat9-examples

				
			
				
					# Download Guacamole 1.5.1

wget https://downloads.apache.org/guacamole/1.5.1/source/guacamole-server-1.5.1.tar.gz
tar -xzf guacamole-server-1.5.1.tar.gz

#Change directory into the extracted folder
cd guacamole-server-1.5.1

				
			
				
					#Build and install Guacamole Server:

autoreconf -fi
./configure --with-init-dir=/etc/init.d
make
sudo make install
sudo ldconfig

				
			
				
					#Download Guacamole Client source code:

cd ~
wget https://downloads.apache.org/guacamole/1.5.1/source/guacamole-client-1.5.1.tar.gz
tar -xzf guacamole-client-1.5.1.tar.gz
cd guacamole-client-1.5.1

				
			
				
					#Build Guacamole Client:

mvn package

If the build fails due to a Java issue you’ll need to verify the path of the java environment 

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-javadoc-plugin:3.2.0:jar (attach-javadocs) on project guacamole-common: MavenReportException: Error while generating Javadoc: Unable to find javadoc command: The environment variable JAVA_HOME is not correctly set. -> 
				
					$ export JAVA_HOME=/path/to/java

then set the JAVA_HOME variable appropriately. For me, it was /usr

				
					export JAVA_HOME=/usr

Now when you run “mvn package” the build should be successful.

				
					#Move up a folder:

cd ..
				
			
				
					#Deploy Guacamole, this puts the web app into the directory tomcat will serve:

cd ..
sudo cp guacamole-client-1.5.1/guacamole/target/guacamole-1.5.1.war /var/lib/tomcat9/webapps/guacamole.war
sudo systemctl restart tomcat9
sudo systemctl start guacd

That should do it! Now to access Guacamole you’ll just need to open a browser and navigate to the IP or Hostname address of your server using the default port 8080. By default the guacmole app is not in the root of the tomcat folder so make sure to add the /guacamole after the port as well.

http://SERVER_IP_ADDRESS:8080/guacamole/

Samuel French
Samuel French
Categories
News

3CX VoIP Breach

3CX VoIP Breach

The Risks and What You Need to Know to Protect Your Business

At Music City Technology, we understand the importance of cyber security and protecting valuable company data. That’s why we take a proactive approach to managed endpoints and strive to ensure that our clients’ networks are protected against potential threats. Recently, a cyber security breach occurred in the VoIP software 3CX, highlighting the importance of staying vigilant in the fight against cyber attacks.

What is 3CX?

3CX is a popular VoIP IPBX software development company that offers a range of services and solutions for businesses around the world. Their 3CX Phone System is used by over 600,000 companies and has over 12 million daily users. The platform is known for its ease of use and affordability, making it a popular choice for small to medium-sized businesses.

Who uses 3CX?

3CX is used by a long list of high-profile companies and organizations, including American Express, Coca-Cola, McDonald’s, BMW, Honda, Air France, Toyota, Mercedes-Benz, IKEA, and the UK’s National Health Service. Unfortunately, this also makes 3CX a prime target for cyber attacks and highlights the importance of having robust security measures in place.

What are the risks?

Recently, a digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client was used in an ongoing supply chain attack, targeting both Windows and macOS users. The attack involves beaconing to actor-controlled infrastructure, deployment of second-stage payloads, and hands-on-keyboard activity. The most common post-exploitation activity observed to date is the spawning of an interactive command shell. The attackers are suspected to be a North Korean state-backed hacking group known as Labyrinth Collima, which overlaps with other threat actors tracked as Lazarus Group by Kaspersky, Covellite by Dragos, UNC4034 by Mandiant, Zinc by Microsoft, and Nickel Academy by Secureworks.

What needs to be done?

To protect against potential cyber attacks, it’s important to have robust security measures in place. This includes keeping software up to date, using anti-virus software, and implementing multi-factor authentication. Additionally, it’s important to conduct regular security audits and penetration testing to identify vulnerabilities and address them before they can be exploited.

If you’re concerned about your cyber security posture or would like more information on how to protect your business from potential threats, contact us today here or call us at (615) 200-8045 and ask to speak with me. We can also assist with VoIP phone system solutions if you’re looking to upgrade or save money. Don’t wait until it’s too late – take proactive steps to protect your business today.

Samuel French
Samuel French
Categories
Uncategorized

A Virtual IT Department for your Business

A Virtual IT Department for your Business

Don't worry, we've got it covered!
As a business owner, you know just how crucial it is to have a dependable and efficient tech infrastructure. Whether you’re a small startup or a big corporation, the proper functioning of your hardware and software is key to your success. But managing the tech side of things can be a real headache, especially if you don’t have much IT expertise or resources.

That’s where Music City Technology (MCT) comes in. We’re here to make it easy for you to keep your tech running smoothly, so you can focus on your business. 

We start by getting to know your operations and the equipment you use. Then, our team of expert IT pros will work with you to make sure your Information Technology environment is working optimally.

At MCT, we believe in being proactive, not reactive. That’s why we’ll monitor your hardware and software constantly, updating and maintaining everything so you don’t have to. By catching potential problems early, we can save you time and money in the long run.

And the best part? Our solutions are completely customizable to meet your specific needs. Whether you need help with cloud computing, virtualization, or network security, we’ve got you covered. We want your tech to work for you, not against you.

So if you’re tired of dealing with tech headaches and want to simplify your infrastructure, consider partnering with Music City Technology. Our team is here to make sure your business runs smoothly and stress-free. Get in touch with us today to learn more about what we can do for you!”
Samuel French
Samuel French

Tired of Reading and want to speak with someone?

Give us a call or enter your contact information here

Address: 13085 Lebanon Rd. Mt. Juliet, TN 37122

Hours: Mon-Fri 8:00AM – 5:00PM CST

Phone: 615-200-8045

Email: [email protected]

Categories
Services

Websites

Websites need love too. We are now taking on website management and maintenance head-on. Although we have managed websites for years, this has been a largely unadvertised service. We are constantly asked if we can take care of websites so we are putting this front and center. Like many other technology assets, security and performance will degrade over time if not properly maintained. This is why we maintain and manage websites with the same level of security and backups as your critical infrastructure.

Categories
Services

User Management

Centrally manage all user accounts for all computers (Windows & MacOS) without the need for a traditional onsite server. Directory services, Asset management, and Hardware policies all lumped into one; this allows us to set policies for computers, usernames, and passwords. On the hardware side, we can lock down USB ports and even remotely wipe computers that go missing.

Categories
Services

Support

Our ticket-based IT support is handled in-house with no annoying phone menus. We aim to partner with our customers so that you actually know who you talking to. We pride ourselves on our bedside manner and place importance on the soft skills that often get missed by “computer guys”.

Categories
Services

Patch Management

Between operating system updates and 3rd party apps like Adobe there are frequent security updates that need to be applied quickly. Our patch management solution not only deploys updates selectively, we also fine tune these updates to apply when you’re away from your computer so updates don’t interfere with your day. Plainly put, this keeps all servers and computers up-to-date.

Categories
Services

Maintenance Plans

24/7 network monitoring with scheduled after-hours maintenance to ensure the latest patches and best performance. We review, update, reboot, and verify any critical production devices on your network.

Categories
Services

Endpoint Security

We consistently check for ways to improve security and reduce the attack surface that hackers use for cyber-attacks. We feel that Antivirus alone is no longer sufficient for protecting companies against hackers. Similar to a lock on your front door, Antivirus is still important, but the front door is only one of many entry points. This leaves openings for other attack methods such as social engineering like phishing emails and zero-day exploits to name a few.

In 2022 we are decommissioning our “Managed Antivirus” service and replacing it with a broader-reaching solution we are calling “Endpoint Security”. This endpoint detection & response solution still includes fully managed antivirus software, but also includes, Persistent Footholds, Ransomware Canaries, and External Recon.

 

615-200-8045

13085 Lebanon Rd, Mt. Juliet, TN 37122

Copyright © 2022

Website by Music City Technology