Wednesday, March 8, 2017

How Hardware Virtualization Works


Hardware virtualization is a rapidly growing practice among small and medium-sized businesses (SMBs). That's because business owners and managers are discovering the great benefits and cost savings hardware virtualization can provide.

For example, virtualization allows you to run multiple "virtual machines" on a single computer, instead of needing to have a separate physical machine for each workload. That saves your business money by reducing the number of computers you have to purchase and maintain to run all your applications and service all your users.

But how does hardware virtualization actually work? Here's a brief explanation.

Normally each physical server consists of the computer hardware (often referred to as "bare metal"), along with operating system (OS) software, such as Windows or Linux. Your application programs, like Microsoft Word or Excel, run on top of the OS. When the application needs a service, such as access to a disk file, it asks the OS to provide it. So, the OS is the intermediary between the application programs and the bare metal.

In this traditional environment, the operating system controls both the hardware and the application programs. For that reason, there can only be one OS running on a physical server at a time.

But by using hardware virtualization, multiple operating systems can run on a single physical machine. Here's how.

In a virtualized environment an additional layer of software, called a hypervisor, is inserted between the bare metal and the operating system(s). When an OS thinks it's interacting with the hardware in order to access a disk file that one of its applications needs, in reality, it's talking to the hypervisor. In fact, each OS on the machine thinks it's the only one because the hypervisor interacts with it exactly as the bare metal hardware would. The OS literally can't tell the difference.

The result is that the hypervisor can service several different operating systems, each with its own set of applications. And none of those operating systems is aware of the existence or the activities of the others. The hypervisor keeps them entirely separate from one another.


So, it's the hypervisor, always a very small and speedy piece of software, that unleashes the magic of hardware virtualization.

Bit by Bit can help with all of your technology needs. You can contact us at 877.860.5831

or our website.

Monday, March 6, 2017

Cyber threats are real!

Cyber Security

Face it folks, there are many people from many countries that want your money and or want your information.  These same people have all of the time in the world to become very talented at hacking into your computer.  We pay for varying services to protect us.  And the hackers spend their time working around the firewalls, spyware, malware and other pieces of software designed to protect our information and our money.

Recently I received an email from a long time customer.  The email came from his usual email address, therefore nothing seemed suspicious.  He requested an IRA distribution form.  This client is in his seventies and the request was not out of the ordinary.  I sent a blank IRA distribution form and it was returned promptly.  The form had his account number, address, and social security number.

First red flag was the distribution request was substantially more than what he had in his IRA.  The second red flag was the funds were to be wired to a bank in Virginia.  My client lives in Texas.  I promptly called my client and he carefully explained that he had not sent any emails nor any IRA distribution requests to me.

I contacted my I.T. company to have them him check out my server and my system to be sure we were not compromised on our end.  I also contacted my consultant, for compliance purposes since we are a broker dealer, to make sure I took appropriate steps to document and contact the proper authorities. 

We do have a written Cyber Security policy for our firm.  I quickly thumbed through it.  And proceeded to file a report with the F.B.I.  There is an online portal for such purposes. 
Later that evening my I.T. company had determined that our computer system had not been hacked.  And my client’s email must have been hacked.  Unfortunate for my client.  Very relieving for me. 

If our firm’s system is ever hacked, we must notify all of our clients of the breech.  That would be devastating for our firm.  I am sure you will agree security is of great importance when one is entrusting us with their investments.    

The following day I contacted one of my banking friends to find out what department of the bank I should call.  I wanted to make contact with the bank that was to receive the wire.  He told me the B.S.A. Compliance Department or Fraud Department.  B.S.A. stands for the Bank Secrecy Act. 

I did contact the bank and gave them the account number so they would know fraudulent activity was being operated through the account.

I could have contacted the local police, but after reading the website I determined the online report forms did not fit the occurrence and would create more questions than answers.

I also followed up with my client a number of times and he had his I.T. firm work on his end.  And at the end of the day we stopped the potential theft from ever happening.

A different occurrence.
A couple of years ago another client told me of an attempt at his firm.  The hackers had to have been observing and reading the firms emails for quite some time.  This attack was very well thought out.  The hackers knew the names of the correct executives and their job functions and the employees in accounts payable. 

One day a request for a wire of funds was sent to an employee in accounts payable.  The wire request was in excess of $300,000.  The amount was a little high but not completely out of the ordinary for this firm.

The employee was one keystroke from sending the wire and decided to ask the controller of the firm if it was legitimate.  My client, the controller, looked into the request further.  He made a phone call or two and verified the request was not valid.

They dodged a large bullet that day. 

Thereafter, the firm has instituted more layers of review before wires of such size are sent out.

Procedures, procedures, procedures.
After mine and my clients scare last week, we are instituting additional layers of procedures as well.  We cannot be careful enough.  There are many people out there who want our money and our information. 

Be careful out there.