4AERO.COM
IT support for Small Business in security sensitive fields.
Summary
Our Small business support services are for business without their own IT staff that may be operating out of their home office and are concerned about IT security and/or business continuity. Our services can range from a review of your current operations or consulting on specific needs.
Many consumer services such as sharing Internet access with the rest of the house is not secure for security sensitive operations in your business.
Our process
- Review
- Free initial Review of your current Cloud and local IT services for improvements in reliability or security or cost reduction
- Projects
- We have a number of tools and services that we may recommend to clients based on our past experience. Typically we do not sell hardware, our contracts are strictly for recommendations, setup, training, and support.
- The majority of consumer services are often not the best for small business use.
The three major issues are:
- Most consumer devices are rarely patched ( typically never )
- Most Internet providers don't isolate business devices from house devices or guests.
- Password managers and Two-factor authentication difficult for most people to setup.
Projects
Some of the past projects we can discuss with our clients include:
- Hybrid services ( Cloud / Appliance )
- What is the best location model for each IT service ( Cloud or local Appliance ). Many consumer IT services are cloud based and require monthly subscription fees, and may be less secure.
- Security Isolation
- The business network should enforce strict isolation of business computers from Home computers and guests. Many home business do not enforce this at all because home home network routers do not support isolation. Some routers have a "Guest" network but in practice this is a hack and does not offer true isolation.
- Many home Internet routers support uPnP to automatically open inbound router ports for each game or other application installed on the home network. This is completely insecure on a business network
- Most Internet Providers do not offer assistance in selecting alternative Routers or security.
- In general, it's best to avoid opening any Inbound ports to Appliances, and use a VPN for locking down all inbound access.
- Business Storage
- A business requires dedicated long-term storage. What are the options for cloud or home appliance for storage?
- Business storage must use rendundancy so that any single disk failure does not cause downtime or data loss.
- Password manager and two factor authentication
- Password managers vary in ease of use. Some now provide build-in support for Passkeys, and TOTP rotating keys. A good password manager can ease use of Passkeys and TOTP auth.
- FIDO2 is the latest 2nd factor auth. There are two types:
- shared Discoverable FIDO2 which is easier to use across all your devices
- Hardware locked FIDO2 stored on a physical key, which is MUCH more secure, but harder to understand and use. You must have the physical key in your possession, and it can't be copied.
Small Business Office Solutions
Some of the solutions we offer include ( but not limited to ) the following:
Networking
- Ubiquity Unifi
-
Traditional Internet service provider equipment are often unable provide isolation on your home office networking. We can upgrade your ISP router and equipment with professional small business equipment from Unifi. This typically includes professional design for optimum equipment and security improvements.
Networking Options
- Support multiple isolated networks (e.g Office, House, Guest )
- Generally support up to 4 WiFi SSID networks with each Access Point
- Optional bridging Office/home network to outbuildings, via wireless links.
- Support Intrusion Detection / Prevention
- Support VPN to your phone for remote to office connections
- Netbird
-
- Solution enables peer-2-peer tunnel even through ISP router on Dynamic IP, and even without opening any inbound ports.
- Free cloud based solution for small business, up to 100 devices
Peer-2-Peer VPN solution for allowing secure traffic between your remote computers and cell phone and on-prem services.
Local High-availability storage
Most business laptops or computers do not have redundant disks - so they are not appropriate for long term storage, move that content to a NAS A computer losing a disk may loose all files since the last backup, while a NAS losing a disk does not lose any info.
- Synology
-
Synology is the most popular home/Small business NAS with other features. Synology wins top place because of it's Operating software. Note that all small business NAS tend to be underpowered slightly in CPU/RAM, so keep those specs in mind. Synology features incliude:
- Business backup (of Windows PCs)
- Surveilance (supporting only a few cameras)
- Photo Archive
- File share server
For local storage we recommend the following solutions. All storage is tolerate to single disk failures without impacting current operations
Surveillance camera's
- Synology Surveillance Station
-
Synology includes Surveillance station
Surveillance Station includes licensing for only 1st two cameras. Each synololgy has a max limit of camera's ( about 4 ). Otherwise a dedicated DVR is recommended. Some features include
- Support for both Synology cameras, and many 3rd party cameras
- Motion Detection (Synology or Camera)
- Phone App for Apple or Andriod
- Unifi Protect
-
Unifi includes the Protect DVR application on some models
Each Unifi console has a limit of a few cameres, othrewise a dedicated DVR is available. Some features include:/p>
- Support ONLY for Unifi Camera's
- Motion Detection
- Phone App for iPhone or Android
- Very efficient storage of motion clips, but they are not easily exported.
For most video surveillance solutions we recommend local Digital Video Recorder (DVR) to minimize risk of videos being leaked, and to minimize monthly fees. Their are several entry level solutions with small DVR built in, or for more than 4 cameras or so a dedicated DVR solution may be needed.
Two factor authentication
Two factor authentication should now be used everywhere it is supported Passkeys are still somewhat of a mess since every site does things differently, but use them as they are supported.
Some Guidance:
- Two factor options include
- SMS code sent to phone ( AVOID USE )
- Email code sent to you ( AVOID USE )
- 30 second rotating code in APP such as Google Authenticator (TOTP)
- Passkey stored on device
- Passkey stored on Password manager ( usable on multiple devices )
- FIDO2 An enhancement of passkeys that work on
- Yubikey
-
Yubikey5 supports
- Yubikey OTP (legacy)
- FIDO2 discoverable credential ( Passkey) Must have physical key plugged in. Not possible to extract or copy key, so very secure.
- FIDO2 non-discoverable credential ( Most sites support this ) Passkey unlocked by Yubikey, not stored on Yubikey
Yubikey is the 1st and top of the line Hardware security key supporting many protocols.