Replacing an LTE Antenna

Our customer installed a Poynting LPDA-92 antenna in the same location and orientation as her previous antenna, but she wasn’t getting better reception. We turned to Poynting in South Africa for an answer. Their engineer’s response is worth sharing. The original is filled with technical language and delightful but confusing British phrasing. We’ve translated it into American and condensed it.

When a new Poynting antenna is installed to replace another brand, it will have different characteristics than the previous one. We recommend treating the installation of an upgraded antenna as a new installation. There are several reasons. The most obvious is that two antennas from different manufacturers, even with similar specifications, will have different radiation patterns.

A Poynting antenna will deliver an even gain over its entire frequency range with a smooth radiation pattern. In contrast, a different antenna may have gain spikes in one segment of the frequency band, or at one point in the radiation pattern. If the old antenna is placed SSE 167° and receiving a good signal, it does not assure that the tower is at SSE 167°. One off-axis spike in the antenna’s pattern could be picking up a stray signal from the side. To quote the Poynting engineer, “with the previous installation they may have just been lucky to receive some spurious signal from an adjacent angle.” Installing a new antenna in the same location, without the flaws of the old antenna could result in no reception improvement, or even lower reception. The answer is to re-orientate the new Poynting antenna as part of its installation.

Locate the network cell towers before you install the antenna.

It is not always clear where cell signals originate. Locate nearby cellular sites by trying a combination of the following:

  • Check your cell provider’s web site. Sadly, this is a long shot because carriers don’t want to disclose this information, to either customers or competitors.
  • Ask your cell provider’s help desk or tech support. You are probably not going to get this information from the level 1 support people, but with persistence, you may find someone who can give you the locations of your nearest towers.
  • Use your eyes. Look for towers or rooftop sites (not all cellular sites are on towers). In Frontier’s home location, there is a cell tower disguised as very tall, oddly symmetrical pine tree.
  • Check antennasearch.com, which will show existing towers and antennas. Unfortunately, it will not always tell you which carriers are using which towers, but it is one of the best indicators of tower locations. Cellmapper.net will allow a search by carrier. With its interesting coverage and broadcast diagrams, Cell Mapper will sometimes show that the site closest is not the one broadcasting in your direction. Antenna Search, Cell Mapper, and a little deduction can help you figure it out. Sources on the Internet change often, so a Google search is probably worth a try.

Finding your carrier’s nearest broadcast sites best achieved by using several of these resources.

Setting up the Antenna

Once the nearest cellular sites are determined, begin installation by pointing the antenna toward them and testing to refine the orientation. The nearest site or site with best Line of Sight (LOS) is usually preferred. A nearby site completely blocked by tall buildings, dense trees, or terrain features may offer less signal than one farther away with a clear path. The only way to identify the ideal location is to test more than one antenna orientation toward different cellular sites (see below).

When Cellular site locations are unknown

In situations where the locations of the cellular mobile network sites are unknown, and where the known locations do not provide sufficient results, we recommend the more methodical and involved process of testing in all the directions.

Point the antenna towards a direction where coverage is expected, or you can start in a known direction. Test your reception in this starting orientation. After your first test, redirect the antenna clockwise and test again. Keep repeating this until you have tested a full 360 degrees. The angle you move for each test depends on the horizontal beam width of your antenna. Test at an angle slightly less than the horizontal pattern width of your antenna.

For example, the Poynting LPDA-92 antenna has a beam width of approximately 50 degrees, so a 45-degree angle will be sufficient. For the LPDA-92, you would take measurements in eight different directions, 0, 45, 90, 135, 180, 225, 270 and 315 degrees. For any antenna, the beam width is different for each specific frequency band. Using the published data for your antenna, choose a test interval slightly less than the antenna’s narrowest horizontal angle.

How to measure the antenna performance in each direction.

You can measure the values with most LTE enabled routers, which are capable of reporting the cellular network signal strength and quality as RSRP, RSRQ, or SINR. Nearly every cell phone has a signal meter built-in, although it is mostly hidden from the consumer. It’s pretty easy to find on Android, under ABOUT DEVICE: STATUS. You can find it on iPhones too, but it’s not so easy (search Field Test Mode). The meter will show the value in –dBm. There are apps on the market that will show this as well.

LTE Signal Strength

It is best to reboot the device before each measurement to ensure that it is not holding on to the previous cellular site. A cellular router or cell phone can ‘lock’ onto the previous cellular site even when the new cellular site is available with a much better signal level and quality.

Take note of the signal strengths measured in each direction. Finally, use the best performing direction as the baseline and install the antenna in that direction. Even with a known antenna location, fine tune and further optimize the placement by re-testing at +20 degrees and -20 degrees from the determined position. It is a slower process, but the only way to assure you are finding the best performing antenna orientation.

General Tips
  • Although installing an antenna as high as possible is generally recommended, it is possible that the highest position is a weak coverage spot. In other words, vertical placement can make a difference. Poynting has found that a lower installation height achieves better results in few cases.
  • Cellular network signals and quality can fluctuate as much as 6 to 12 dB. A measurement taken now and a few moments later can differ substantially even if nothing apparent has changed. Reflections, interference, and load capacity cause signal variations. Network throughput can also change significantly for the same reasons.
  • Network topology and usage change over time, even from one minute to the next. If a previously tested antenna position begins to yield poor performance over time, you may have to re-test, and reorient the antenna. It is possible for a cellular site to become over used, or taken out of service. As the network design and topology changes, so will the experience change.
  • Poynting has many informative webinars on YouTube. This video gives a detailed overview of the factors involved in cellular reception.
  • An antenna can only pick-up an existing signal. If the ambient cellular signal has an RSRP -110dBi or less, it is unlikely even the best antenna can improve reception.

Frontier Computer stocks Poynting and Axxess Marine Antennas, WilsonPro and weBoost cellular amplifiers, and the entire Peplink and Pepwave lines of SD-WAN communications.

Contact Frontier at 866.226.6344.

IBM: Part Number, FRU, or Feature Code?

IBM FRU

Way back in 2015 we published a similar article on the confusing world of IBM nomenclature. To this day, it is among our most searched posts. To make it easier to find, we are republishing this updated version.

Trying to navigate IBM hardware presents a seemingly endless array of numbers to describe processor speed, drive storage space, transfer rates, and a host of other characteristics. In the sea of IBM numbers, none are more confusing than part numbers, which are subdivided into marketing numbers, FRUs, and feature codes. In any IBM server installation there thousands of these numbers. Understanding the difference between a part (marketing) number, a FRU, and a feature code can save both time and money.

Part number

The Part Number, also called a Marketing Number, describes a specific part within a specific system among IBM’s various product lines. It is used to configure a new system or add features to an existing system. For example, if you want a dual port expansion card in an IBM Blade Center you would include 46M6140 when you build the system, or order it to add it later. These numbers tell IT infrastructure technicians exactly which parts are included in their servers, storage and networking equipment. The numbers are used in IBM marketing materials for technicians configuring new equipment. You can use a part/marketing number to find a replacement part, but it is not the primary reason that number exists. Some parts may not have a part number at all, if they are not for original purchase outside of a configured unit.

FRU

FRU stands for Field Replacement Unit. It is the number IBM uses to reference a part for repair. The FRU number may, or may not, be accompanied by a part number; some parts have a FRU only. Use FRU numbers to request spare or replacement parts. FRUs are the numbers IBM technicians will use when replacing a part. However, a FRU number may not be the only number associated with many parts, and the exact same part may have different FRU numbers in different countries or inside different systems. The FRU number indicates the IBM specified replacement part, but sometimes two identical parts can have different FRU numbers.

Feature Code

Inside IBM, they use the Feature Code to process orders. Finding a replacement part can be easier and cheaper if you know the Feature Code. IBM uses the feature code because any one IBM item can have twenty or more FRU or part numbers. For example, 36.4GB 10K SCSI drive with the feature code 3129 can have the part numbers 00P1519, 00P2676, 07N3774, 07N4803, and many others. While a you may be holding a faulty drive with IBM Part number 00P1519, that isn’t the only number indicating an exact replacement. To save time and money, try to find the feature code when replacing a part.

It is important to know the correct feature code for an IBM part, or to have a partner you can trust to provide the information. At Frontier, we have had customers come to us requesting a specific part number that may have the same feature code as many other part numbers. To go back to our 36.4GB SCSI drive with the feature code 3129, a customer may ask for part 00P2676. If they only have this specific part number and search the internet, they may find a reseller advertising that part number for $150, hoping their buyer doesn’t know the 00P2676 part number is a feature code 3129 drive, worth maybe $50. We will share the correct feature codes to assure our customers pay a competitive price for the IBM parts they need. If you are not well versed in features codes, it is important to have a vendor like Frontier that will reference the correct feature code when you ask for a specific part number.

If you have any questions about part numbers, FRUs or feature codes, give Frontier’s IBM team a call. We will tell you exactly what part you need, and which FRUs and feature codes will work as replacements.

Contact Frontier at
Your Contact Information

Maximum size 10MB

CAPTCHA
Please wait...
866.226.6344.

photo: Bruce Mars/Unsplash

Ignore Email from the CEO

CEO Fraud Email

Maybe you shouldn’t ignore it, but at least wait a few minutes before responding to any urgent request. Nothing makes employees snap into action like a message from the CEO. Which is why CEO Fraud has become such a problem. No, Chief Executive Officers are not engaging in dirty deeds at any higher rate than they have before. Hackers, posing as CEOs, are using employee’s immediate deference to their top leader as a way to get sensitive company information and even bank accounts. Even if you and your staff are just hearing about it, CEO Fraud — better described as CEO Impersonation — is not new. In 2016, the FBI reported a one-year, 270% increase in CEO Fraud, or as they characterize it BEC (Business Email Compromise). The FBI reported 17,000+ victims and 2.3 billion in losses in a three-year period. Is your organization at risk?

As with most Social Engineering attacks, CEO Fraud is not a spam email from Nigeria written in broken English. These planned attacks start by learning about a company’s top executive. Using LinkedIn and Facebook profiles, as well as any information and interviews available in a Google search, thieves will build profiles of both the CEO and other employees. Using those profiles, they will find mid-level employees with access to accounts or records and find a weakness or distraction to exploit. Email imitating the CEO will be targeted to a specific employee. The request will be specific and urgent, but within the target employee’s authority. Because there is a natural reaction to please the boss, workers will put aside other tasks to complete the requests quickly. That sense of urgency is often all it takes to distract an otherwise cautious person into careless action.

While common sense is still the first defense against cyber fraud, there are additional red flags that should trigger extreme caution:

  • Any email or phone request with a short deadline or high level of URGENCY.
  • Any unfamiliar email signature.
  • Tone or language that doesn’t fit what is known about the alleged sender.
  • Any name or greeting using unfamiliar nicknames.
  • Unfamiliar email addresses or phone numbers.
  • Any requests that suggest or would require bypassing policies or standard procedures.

Even absent these indicators, a message can be fraud. Criminals are sophisticated, and the bigger the potential reward the greater care they will take in constructing the con.
Follow these steps to avoid CEO Fraud attacks:

  • Never answer requests for sensitive data or money transfers by replying.
  • Respond with a new email to the correct address you know from the company directory.
  • Respond to requests in a different form entirely. Confirm important requests with an instant message, text, or phone call, to numbers already known.
  • Never respond using contact information included in the original email.

One of the critical factors in cyber-attacks against humans is that it only takes one distracted person to succeed. You are reading this, so for now, you are not that weak link. What about the people in the next office? Every company needs a culture of security awareness, with constant reinforcement. Share this post. Start the conversation and keep your organization from being the next victim of CEO Fraud, Spear Phishing, or any of several other staff based cyber security attacks.

— ♦ —

Frontier security experts can schedule a security check-up and train your full staff to be alert to every cyber security threat.

Contact Frontier at

Contact Frontier to discuss your cyber security profile or schedule a security audit for your business.

CAPTCHA
Please wait...
866.226.6344.

Specifying the Right Antenna

Whether you are trying to connect to WiFi or cellular the right antenna is a primary factor determining success. Bundled antennas often deliver minimum performance required for ideal installations, but many factors can interfere with, or attenuate signal transmission. The following chart shows the relative obstacles to radio wave transmission.

The frequency of a signal also effects how well waves transmit through obstacles and how well signals travel. Low frequency signals like the original 900 MHz bands for cellular are less susceptible to attenuation and travel well over longer distances. Higher frequency signals, like the newer channels used for LTE in the 1700-2500 MHz bands, are more prone to interference and don’t spread as far from the towers. T-Mobile is now using some channels in the 5.2 GHz and 5.7 GHz bands for LTEA Aggregation. These high frequency signals do not move well through barriers and require high tower density because the signal spread is shorter. For example, in dual band WiFi the 2.4 GHz signal will spread better through walls for a whole house installation; the 5 GHz signal, while stronger near the router, may only penetrate a single wall before attenuation makes the transmission unusable. As more bands are used with varying characteristics, mobile, remote, and M2M communications depend more on proper antennas.

Choose the Frequency Band, not the application

It is important to remember that antennas are agnostic to technology. An antenna tuned for 1.7 to 2.7 GHz will work equally well for Cellular, WiFi, or any other transmission within that range. When specifying an antenna upgrade, matching the correct frequency range is more important than the use specified for the antenna or even the stated gain. Since the frequency range is such an important factor, it is critical that an antenna actually delivers the full range advertised, often more important than higher gain.

Poynting antennas deliver level performance over their full frequency range, which is not the case for many other antennas. An antenna listed as having 5-dBi gain may have the 5-dBi gain at only one frequency within the range. The numerical gain is not as important as how widely the gain occurs in the radiation pattern. What distinguishes Poynting Antennas is that they deliver a flat gain across the full-specified frequency bands, a direct function of proper engineering and manufacture.


Example: the radiation pattern for the Poynting LPDA-0092 shows the directional gain pattern for each frequency segment in the specified range. While the off-axis transmission is different for each segment, the directional transmission both horizontally and vertically are nearly identical at all frequencies within the 60° beam width.

Often two antennas will have similar frequency and gain designations, while their results can be significantly different. A thin wire Omni antenna may be within a given frequency band, but the pattern response will be markedly uneven. A more substantial Omni pole antenna will have properly tuned elements inside, engineered to deliver an even pattern response. Poynting only sells careful engineered antennas designed for maximum performance.

Poynting Now Available

Earlier this year Frontier Computer became the US Distributor for Poynting Antenna. Poynting is a leader worldwide but has had limited availability in the United States.
Poynting is a unique company because is was founded by an electrical engineer. André Fourie, Ph.D. was a professor at University of Witwatersrand, South Africa, and an electromagnetic and antenna consultant when he started Poynting in 2001. Dr. Fourie is listed on over 30 patents, has published more than 50 scholarly papers, and 4 books. He started Poynting to manufacture the antennas he wanted to see in the market. His expertise in antenna technology means Poynting Antennas are designed, from the concept through production to deliver the performance they specify.

Frontier has added Poynting to give our partners a high-quality antenna for their customers at a very competitive price. When integrators, providers, and VARs select Poynting antennas, they can be certain the products will deliver the performance their customers expect, which is why Frontier is stocking several Poynting models. Visit here for more information on specific Poynting antennas. Frontier Partners can add Poynting antennas to their product lines today. Apply here to become a Frontier Partner.

Frontier Computer stocks Poynting and Axxess Marine Antennas, WilsonPro and weBoost cellular amplifiers, and the entire Peplink and Pepwave lines of SD-WAN communications.

Contact Frontier at
Your Contact Information

Maximum size 10MB

CAPTCHA
Please wait...
866.226.6344.

Keep your RV Connected

In the Northern Hemisphere, the Summer travel season is here. Soon hundreds of thousands of couples, families, and adventurers will hit the road. From luxury travel coaches to towable RVs they will all have one thing in common. They will be traveling to new and unfamiliar places. Many of those places will be remote and tree covered. As a result, the familiar cellular connections of home will be gone. Staying connected is always a challenge when traveling, and even more so for RVers heading to the woods.

“The weBoost Drive 4G-X has been a game changer for our connectivity on the road.”

The weBoost Drive 4G-X RV is designed specifically to give RV travelers stronger cell signals in difficult conditions. Built by Wilson Electronics, with the same technology used in WilsonPro professional cellular amplifiers. The 4G-X RV is a complete, easy to install system. The entire system with all components, cables, and fasteners comes in one box for under $500.

“It has worked flawlessly and boosted cell signals in remote areas where we have never had a signal before!”

It starts with a high quality outdoor omnidirectional antenna. The antenna can be permanently mounted on the roof of an RV for maximum line-of-sight clearance. The outdoor antenna brings the signal inside to the booster unit which amplifies the signal up +50 dB, the maximum allowed by the FCC. The booster broadcasts the signal to users through a desktop antenna inside the vehicle. The desktop antenna can be moved anywhere, even outside, to create a cellular signal space that can accessed by up to four users at the same time.

“We were camped where there was no AT&T service and Verizon had 1 bar. With the booster AT&T could make calls and Verizon had 4G LTE.”

The Drive 4G-X RV system works in all Recreational Vehicles: Class A, Class C and all towables. It can be used parked or while on the road. The 4G-X RV is compatible with all phone brands and all North American cell carriers. It can boost a Verizon signal to an iPhone, an AT&T signal to a Samsung Galaxy, and a T-Mobile signal to a pay-as-you-go phone simultaneously.

“We are currently parked in an area of northern Idaho, and had to drive 3 to 4 miles to use our “hot spot”. After installing the weBoost 4G-X RV we get a consistent 4G signal throughout our coach”

The weBoost system can extend 4GLTE signals up to 32x for clear, uninterrupted calls and fast, reliable data connections. In the case of marginal or faint signals the weBoost can hold a call where even a text message would be have been impossible. If there is any signal at all, a Drive 4G-X RV can make it a usable connection.

Full Drive 4G-X RV Specs can be found here.

Frontier Computer stocks WilsonPro and weBoost cellular amplifiers.

Contact Frontier at
Your Contact Information

Maximum size 10MB

CAPTCHA
Please wait...
866.226.6344.

Drop-in Mode for Easy Multi-WAN

Multi-WAN networking has significantly changed the connectivity options for both small and large businesses. As little as 10 years ago, the only way to assure a fast, always-on connection to the Internet was with an expensive dedicated line to an ISP. Even then, the single connection was an eggs-in-one-basket solution. It was a good, solid basket, but businesses were dependent on their single ISP never going down. Multi-WAN technology allows a business to combine inexpensive local connections like cable, DSL, and even cellular to create a reliable, fast connection without the expense of dedicated lines. Despite the significant advantages of Multi-WAN connections, many businesses have avoided the technology because of the network reconfiguration required. If it ain’t broke, they don’t want to fix it.

Drop-In to the Rescue

Reacting to that concern, Peplink introduced Drop-in mode with several of their more advanced balance and cellular routers. Drop-In mode adds a Peplink router — and Multi-WAN connections — to an existing network without reconfiguration. Using Drop-in mode, a Peplink router can be installed between an existing ISP and the network firewall (Between the WAN and LAN) without any modification of the established network. There is no need to change network IP addressing or duplicate configurations from another router. Only a straightforward 30-minute set-up of the Peplink router is required. The existing network is unchanged. Once the Peplink router has been “dropped-into”, the network additional WAN connections can be added.

Many businesses have used Multi-WAN technology to add an inexpensive cellular back-up WAN connection to existing single WAN networks. As the benefits of cellular fail-over have become more widely understood, there has been a call for an affordable way to add cellular back up without changing existing network topology. To meet this demand, Peplink has introduced a $99 Drop-in mode license for their popular and affordable Pepwave BR Series. Drop-in mode is now available for all Peplink and Pepwave routers.

For well under $1,000 in hardware and an inexpensive monthly cellular data plan, the confidence and reliability of Multi-WAN failover is available to any business wanting to assure their internet connection never goes down. When a main connection slows or goes down, Peplink, using Multi-WAN technology, seamlessly switches to the high-speed cellular backup on the fly. The addition of the $99 drop-in mode has removed another obstacle to the certainty of an always-on connection; no modification of the existing network is required.

Contact Frontier Computer to find a Peplink reseller who can show you how easily your business can have a Multi-WAN network.

Contact Frontier at
Your Contact Information

Maximum size 10MB

CAPTCHA
Please wait...
866.226.6344.

Controlling Our Data

In an April 6, 2018 article on National Public Radio’s website, the writer, Vanessa Romo never references the soon to be implemented GDPR in Europe. She believes Facebook COO Sanberg’s promise that if they find more examples of data collected by Facebook getting into the wrong hands, they will notify the public. She accepts Sandberg’s apology that Facebook “didn’t do enough” to protect their user’s privacy. The writer seems comfortable with Facebook holding “a massive trove of user data.” With all due respect, Ms. Romo is asking all the wrong questions.

Amid all the political noise about Cambridge Analytica, and the horse-race coverage of Facebook’s stock price, Big Data Collectors have managed to keep the narrative, the press and the politicians away from the real question:

Should Facebook, Google, Amazon, or any other entity be allowed to collect and store extensive personal information about private individuals for the sole purpose of leveraging that information for wealth and power?

In Europe, the General Data Protection Regulation (GDPR) has at least partly answered this question. For more information on GDPR, you can read our November 3, 2017 blog, but in short, the answer in the EU is that they cannot collect data without the specific consent of each individual whose records are being stored. The GDPR goes into effect in May, and with the current attention on Facebook, it is the perfect time for the United States to get proactive about data privacy.

The GDPR has set the groundwork that could be a roadmap for the US. The political gears turn slowly, but two of the six GDPR requirements would be overwhelmingly embraced by Americas, and if proposed would quickly gain public support. If Americans thought they could get the data protections going into effect in Europe, they would demand them.

First, we need to adopt the GDPR’s simple, explicit consent requirement. Before any entity could collect or store personal data, the owner of the data, the individual, would be required to give consent. Legal agreements in the US have become so long and cryptic that they retain little or none of their original intent, unless that intent is deception. Long legal disclaimers that require scrolling and then clicking “OKAY” would not suffice. Instead, we need clear yes/no statements, each that must be answered individually. Imagine these queries before Facebook could add your data to the stockpile:

Can Facebook collect and store the personal data you enter? Y/N

Does Facebook have permission to sell or use your personal data? Y/N

Can Facebook share your data with companies and political organizations? Y/N

Next, we need to require a personal right to have data forgotten or corrected. This again comes directly from Europe’s GDPR. The option to remove data must be clear and easy to find, not hidden behind pages and pages of menus clearly designed to camouflage the relief users are seeking. Currently to change any privacy setting on Facebook you are required to find the hidden settings link at the bottom of a long menu secreted away behind a tiny triangle on the right side of the menu bar. Once in Settings, privacy is in yet another menu. Even then, your privacy choices are significantly limited. When Facebook asks for your phone number, they say it is to “keep your account safe,” but once they have it, your phone number becomes publicly searchable. You can restrict who can search for your phone number and address to only friends, but you cannot make it private. Under “Who can look you up using the phone number you provided?” “No One” is not an option. You cannot delete your phone number. We need easy to find, simple ways to edit or delete our data, a link in a top-level menu clearly labeled “Edit Personal Data.” The choices need to be concise, like, delete my data, correct my data, and restrict my data. Companies like Google, Yahoo, and Apple have your data stored as well, but unlike Facebook, there isn’t an entry page. Google and Apple collect data every time you use your browser or phone.

It is easy to be discouraged that these simple privacy changes might never happen. The deck is certainly stacked against unaffiliated users. The UK Daily Mail reported that Google staff had 427 meetings in the Obama Whitehouse. There are many photos of Facebook’s Mark Zuckerberg with Barack Obama, and there are reports that Facebook staffers met with Cambridge Analytica employees attached to the Trump campaign in Trump Campaign offices. Amazon’s Jeff Bezos owns the Washington Post. Facebook has donated to 46 of the 55 members of the House Energy and Commerce Committee before whom Mark Zuckerberg will testify. The cards are not in the favor of our privacy. Still, it happened in the European Union. It could happen here, but only if the attention on Facebook moves away from the stock price and who will give the most sincere apologies. The question is not who had access to what. The question is do we want all of our personal information stockpiled by private companies that have no repercussions when they misuse it?

On April 9, 2018 TechCrunch reported that Trans-Atlantic Consumer Dialogue (a privacy watchdog), along with the Center for Digital Democracy in the US, and the Norwegian Consumer Council have sent a public letter to Facebook CEO Mark Zuckerberg urging him adopt the GDPR worldwide. The letter asks for GDPR guidelines as the “baseline standard for all Facebook services.” TechCrunch writer Natasha Lomas asserts, “These are protections that all users should be entitled to no matter where they are located.” Momentum is moving in the right direction, but we need something stronger than a request to one of several companies that trade in our data.

— ♦ —

From our offices in the USA and the Netherlands, Frontier Computer provides IT hardware, enterprise computing support, Peplink SD-WAN routers, and IP communications to the world.

Contact Frontier at
Your Contact Information

Maximum size 10MB

CAPTCHA
Please wait...
866.226.6344.

Your Greatest Security Risk

Social Engineering Exploits Human Trust and Courtesy to Gain Unauthorized Access

When we talk about security everyone thinks about firewalls and brute force attacks, but most IT administrators have things pretty well locked down on the server side. Some of the recent headline attacks were because of people, not systems. Investigators traced the now famous Hilary Clinton email leak to a hack of John Podesta’s Gmail account, a result of him clicking on a fake Google security alert in a spear-phishing attack. Back-end security will not help when an employee at a work computer clicks a fraudulent link in Facebook, bringing ransomware in the virtual front door. The easiest way into your private information is probably through your employees.

Security Awareness Must be Taught

Social Engineering against human vulnerability is one of the most prevalent attack strategies used today by criminals and other malicious entities. Phishing, fake phone calls, attachments with malware, and even physical access are Social Engineering techniques used to get into your business. Since firewalls and other technical security countermeasures are difficult to bypass, criminals have moved their attacks to the easier, more vulnerable targets: Humans.

Common Social Engineering Attacks

Phishing scams seek to obtain personal or company information with embed links that redirect to fraudulent websites, which appear legitimate. They often use threats, fear, and a sense of urgency to encourage prompt action before thorough consideration. Many Phishing attempts are crude and obvious to spot, which lowers alertness to more sophisticated and refined attacks. Spear Phishing uses similar techniques but the attacks are targeted to a specific individual, often with one or two personal details from the recipient that add to the scam’s legitimacy and likelihood for success.

Pretexting: Attackers focus on creating a pretext, or a fabricated scenario, that they can use to try to steal their victims’ personal information. These attacks commonly take the form of a scammer who pretends that they need certain bits of information from their target in order to confirm identity. Pretexting attacks rely on building a sense of trust with the victim. This requires the attacker to build a credible story that leaves little room for doubt on the part of their target. Pretexting attacks will rely on entry and mid-level employees’ desire to appear courteous and helpful to gain information in small pieces.

Baiting / Quid Pro Quo offers the promise of information, goods, or service as a reward to entice victims. Baiters may offer users free downloads, links to prurient content, gifts, or deals just for logging in. The scams usually have the goal of capturing login information. One famous baiting swindle left USB sticks in a company parking lot. Curious employees picked up the USBs and plugged them into their computers, activating a key logger that captured login credentials. Quid pro quo attacks promise a benefit, usually in the form of a service, in exchange for information. For example, a quid pro quo attack will call random numbers inside a business posing as tech support. If they happen to find someone expecting or even desiring support they will develop a relationship to gain remote access or passwords.

Tailgating: Not all Social Engineering attacks happen on computers. Tailgating or “piggybacking.” is used to gain access to an otherwise secure facility. Tailgaters follow an employee into a restricted area by exploiting employee courtesy. An attacker, in a delivery driver costume, will arrive at the door with an arm full of packages and ask someone entering a secure portal to hold the door. In one case, a security consultant tailgated access to several floors, a data room, and eventually established a base in a third floor meeting room, out of which he worked for several days.

Water Holing: Like animals at a familiar watering hole, people let their guard down on sites they regularly visit. Water holing can be as simple as hiding a fraudulent link in a Facebook post, or on other social media sites, or any well-trusted, popular website. It can get much more complicated as well, exploiting any web location outside a company where that company’s employees regularly interact.

Find Your Social Vulnerabilities

Frontier’s Social Engineering Testing assesses the state of your staff by attacking them with the same methods used by social engineering hackers: e-mail phishing, phone calls and other methods. We then follow up with Security Awareness education to disclose how we were able to gain access and educate the staff on how to protect themselves at work and at home.

Contact Frontier

Contact Frontier to discuss your cyber security profile and schedule a security audit for your business.

CAPTCHA
Please wait...
for more information on securing your business from increasingly creative attacks.

 

Frontier Computer provides enterprise IT hardware, software, and security.

A Glossary of IIoT Terms

IIoT Alphabet Soup

This post is Part 2, please see: Industrial Internet of Things for Part 1.

The infusion of Internet protocol professionals into Industrial Machine communications has presented a new alphabet soup of acronyms and terms. Even some seasoned IT professionals are left scratching their heads when presented with the closed systems that have existed for years in industrial machine to machine communications.

Below are a few key acronyms for newcomers to industrial automation. While this list is far from exhaustive, and the explanations are basic, these common terms are a good starting place when diving into IIoT. These terms and acronyms are intertwined, and while this information is presented as a glossary, any chance at understanding requires reading through the entire list rather than expecting to fully understand any one definition in isolation.

ICS – Industrial Control System
ICS a general term for different types of control systems and their components used to manage industrial processes. They can range from a few modular panel-mounted controllers to large interconnected Distributed Control Systems with thousands of connections to process sensors and monitors. The systems receive data from remote sensors measuring process variables (PVs). The measured values are compared to benchmarks or set points (SPs) and commands are sent back to the controllers or Final Control Element FCEs, like valves and switches, to make adjustments. A Distributed Control System is an ICS, but not all ICSs are distributed.

DCS – Distributed Control System
A DCS is distinguished by autonomous control loops, where the remote control is decentralized and distributed throughout the system. The system still has central operator supervisory control, but individual processes have localized control. This is in contrast to non-distributed control systems where all control happens at the top levels. The DCS concept increases efficiency by localizing control functions near the processes themselves, with only monitoring and supervision centralized.

Distributed control systems were used first in applications with critical processes where interruption isn’t acceptable. DCSs allowed task level controllers to continue to function even if central control was interrupted. The manufacturers of Distributed Control Systems sold all the equipment as a package, with central control and task specific modules included, significantly reducing integration risk. Today the functionality of SCADA and DCS systems are very similar.

PLC – Programmable Logic Controller
A PLC is a ruggedized, industrial computer adapted for the control of a manufacturing process, such as assembly lines, or robotic devices, or any activity that requires high reliability control, site level programming, and problem or fault diagnosis. They were first developed for the automobile industry to replace mechanical devices like relays, timers, and sequencers. A PLC reports to a SCADA supervisor, but is still not the unit that completes a task. PLCs are usually used localy, where control is wired. They usually communicate with the Modbus protocol. There is significant functional overlap between PLCs and RTUs.

RTU – Remote Terminal Unit
RTUs are programmable, microprocessor-controlled electronic devices that interface sensors and other input objects in the physical world to a distributed control system or SCADA. Like a PLC, the RTU doesn’t do the work, but translates data to the SCADA supervisor. An RTU is usually capable of running programs and processing data before it reports to supervisory control. RTUs are more suitable to remote monitoring and wireless communications. RTU also may have proprietary tools for programming but will use common protocols, like Modbus, for communications. There is significant functional overlap between PLCs and RTUs.

FCE – Final Control Elements
An industrial process has several components, and the FCE is the part that actually does the work at the end of the line. FCEs include valves, dampers, couplings, gates and many others that are adjusted by the system to achieve or maintain a Set Point (SP).

PV – Process Variable

An FCE will have a process variable, an end value that is monitored or measured in an industrial system. For example, temperature or pressure could be Process Variables that are monitored. Each PV will have a Set Point or SP.

SP – Set Point
A sensor measuring a Process Variable (PV) will have a Set Point. The SP is a goal for the value. A process may have a temperature range with a Set Point of 38°C. The FCE will report the Process Variable to the PLC or RTU which will make adjustments to the FCE to achieve the Set Point.

HMI – Human Machine Interface
also MMI (man–machine interface) or HCI (human–computer interface)
While strictly speaking, a keyboard and mouse on any computer is an HMI, the term is generally used for the human control panel of an Industrial Control System. It is usually the human input panel at the local level for the PLC or the RTU, but it could be the control at supervisor level, although some would reserve the term Operator Interface Terminal for the main control. An HMI can be buttons, touch screens or a keyboard and monitor. Plain old computer keyboards and monitors are called UIs (User Interfaces) or GUI (Graphical User Interfaces) even if they are human-machine interfaces.

SCADA – Supervisory Control And Data Acquisition

To over simplify, a SCADA system is like a DCS but in a more modular form. The SCADA Control system architecture is above PLCs or RTUs (both local controllers) and the FCE, the things that do the work. The PLC/RTU will run the operation, but the SCADA sets the control points and levels for the PLC/RTU. Pretty much anywhere you look you will find a SCADA system. Even the multiple refrigerators at your local supermarket are probably SCADA controlled.

Modbus
Modbus is a serial communications protocol for use with programmable logic controllers (PLCs). While there is no document proclaiming it such, Modbus has become the go-to protocol for connecting SCADA systems. It is the common language for connecting industrial electronic devices. It has taken this role because it was developed for industrial applications, it is openly published, and it is royalty-free. Modbus is easy to deploy and maintain, and moves raw bits or words without placing many restrictions on vendors. Modbus allows mixing of sensors, RTUs, PLC, and FCEs from various sources.

DNP3 – Distributed Network Protocol
DNP3 is a communications protocol. It is more complex than Modbus. According to Wikipedia, it is used almost exclusively in utilities management, which is confirmed by the DNP3 Users Group, which has taken ownership of the protocol and assumes responsibility for its evolution. DNP3 was originally developed for the electric utility industry but is being used in water, wastewater, and oil and gas. Like Modbus, DNP3 is an open and public protocol.

In summary: A SCADA system is like a DCS (which is an ICS) that connects PCLs and/or RTUs and their corresponding FCEs to monitor PVs in order to maintain the SPs. The systems mostly use the Modbus protocols except in the utility sector where DNP3 is favored.

If the previous two sentences made any sense to you at all, take a bow. You are ready for the Industrial Internet of Things.

Frontier Computer provides IT hardware and enterprise computing support. As the World’s largest Distributor for Peplink and Pepwave, Frontier has solutions for M2M Data, IoT, and IIoT.

Contact Frontier at
Your Contact Information

Maximum size 10MB

CAPTCHA
Please wait...
866.226.6344.

Industrial Internet of Things

Factory
Part 1: OT versus IT

At a recent Peplink Summit, Josh Varghese of Traceroute gave a presentation on IIoT, the Industrial Internet of Things. His talk included a basic description of Industrial IoT, a simple but essential clarification of Operational Technology—the core of IIoT, and an important glossary of terms. For the sake of this blog, I will split Mr. Varghese’s detailed talk into two parts. This first part will focus on the difference between IT (Information Technology) and OT (Operational Technology.) Part 2, next week, will be the glossary of terms that are essential for anyone stepping into IIoT. What follows is a summary of his explanation. Any oversimplifications, misinformation or plain old errors are in this retelling.

OT Versus ITHome and office IoT require new sensors and controllers for functions that previously did not exist. In the industrial world, Sensors and remote controls are nothing new. Since before the new millennium, industry has used the sorts of process controllers that are just now finding their way into the IoT world. However, industrial sensors have their own communications protocols and networks. The challenge for IIoT is the Internet part, moving all of those sensors from a closed, sometimes proprietary system to the common, more open protocols of the Internet. Security was rarely an issue for industrial control systems because they were closed, wired systems. If you couldn’t get into the room, or plant, or complex, you couldn’t touch the systems. The core of IIoT is Operational Technology, which is different in many ways from the Information Technology many communications engineers know.

OT – Operational Technology

IT is about data, its storage, and manipulation. OT does things, controls things, and runs things. Operational technology has different priorities than traditional IT. Primary IT concerns like security and bandwidth have been secondary to OT’s primary needs of 100% reliability and redundancy. IT worries about data security. OT worries about human and property safety. OT is a different world and IT professionals heading into the OT world need to make some readjustment in their thinking. The chart above explains more than several paragraphs.

To approach the Industrial Internet of Things, engineers must understand how the primary goals of Operational Technology have to be merged with the inherent risks of Information Technology. None of the security concerns or performance goals of either discipline can be abandoned.

In Part 2 we will define and clarify the alphabet soup of new protocols and connections of the Industrial Internet of Things.

Frontier Computer provides IT hardware and enterprise computing support. As the World’s largest Distributor for Peplink and Pepwave, Frontier has solutions for M2M Data, IoT, and IIoT.

Contact Frontier at
Your Contact Information

Maximum size 10MB

CAPTCHA
Please wait...
866.226.6344.

Peplink Partners meet in Texas

On January 22, 2018, Frontier and Peplink hosted the first North American Partner Summit in San Antonio, Texas. The event was an opportunity for Peplink resellers from Canada, Mexico, and the United States to meet and discuss future technology with Peplink Engineers and staff.

The event kicked-off with Peplink CEO Keith Chau outlining the expected growth in the SD-WAN marketplace and continued throughout the day with new product introductions, technical explanations and significant feedback from the partners. In addition to Mr. Chau, Travis Durick, Erik deBie, Tim Simdorn, Kody Krier, and Adam Hasbargen represented Peplink. Josh Varghese of Traceroute presented an in-depth look at using Peplink in IoT. Later in the day, Niko Bradway of Google showed how Google is using Pepwave hardware to establish robust, temporary WiFi access for events around the world. In addition to the formal presentations, there were hands-on demonstrations of several new products ranging from the massive Pepwave EPX to the diminutive SpeedFusion engine.

Perhaps the most valuable portion of the summit was the opportunity for resellers to talk directly with Peplink about the innovations and changes their clients are requesting. Several new software and firmware updates will come from ideas directly generated at the summit.

As it has since 1976, Frontier Computer can provide IT hardware, enterprise computing support, and the best solutions for M2M Data, IoT, and International Data Roaming. Frontier is the World’s largest Distributor for Peplink and Pepwave.

Contact Frontier at
Your Contact Information

Maximum size 10MB

CAPTCHA
Please wait...
866.226.6344.

The Solution for International Data

We.Stream Launch

In the digital age, it is particularly easy to travel in the USA. We can go from one side of the country to the other oblivious to the flexibility we have in our mobile phone and cellular data connections. Verizon is Verizon in New York, the same as it is in LA. You can stream The Marvelous Mrs. Maisel from Texas to Minnesota. You’ll run out of episodes before you run out of network. Things are not so simple in Europe. Although Europe is only slightly larger than the US, there are places you cannot go 60 miles without going through three countries.

Europe may have one currency, but they do not have unified data networks. Still, compared to other places in the world, Europe isn’t bad at all. Trying to stay connected while traveling the world is a challenge, and even when you can navigate the various network connections, you are going to pay for it either financially or with security risks.

International roaming from major carriers is expensive, even if you arrange it in advance. If you want to use a computer, you will need a separate data plan for your laptop. The alternative for most travelers is to rely on public Wi-Fi. There are security risks with public Wi-Fi anywhere, even in the US, but if you happen to be in Estonia or Belarus and login to public Wi-Fi, you may as well invite hackers into your home. It’s a risk you might take to contact family on a vacation, but for business travelers the risks are too high.

Many seasoned travelers have resorted to SIM card bingo, using a different pay as you go plans in each country. The SIM card shuffle can be both a hassle and expensive. Until now, there was just no good cellular data option for international travel, particularly for business.

Things are about to change, and Frontier is proud to be part of it. European mobile data experts Mondicon are launching We.Stream, a remote data connection device that will revolutionize Internet connectivity for travelers. We.Stream will launch at CES in Las Vegas January 9, 2018. Frontier will be the first US distributor for We.Stream.
The teaser is here and Frontier will have more details about We.Stream after January 10.

As it has since 1976, Frontier Computer can provide IT hardware, enterprise computing support, Peplink SD-WAN routers, and the best solutions for M2M Data, IoT, and now International Data Roaming.

Contact Frontier at
Your Contact Information

Maximum size 10MB

CAPTCHA
Please wait...
866.226.6344.

This website uses cookies to give you the best experience. Agree by clicking the 'Accept' button.