Home / Archive by category "Blog"

Blog posts updates

Montana Technical Solutions Computer Workstation Security Primer

Montana Technical Solutions Computer Workstation Security Primer

Montana Technical Solutions Computer Workstation Security Primer

Local Workstation Best Practices

Local workstations on a corporate LAN  represent an important attack vector for hackers.  They are attractive to attackers due to the fact that end users vary widely in their sophistication and  practices.  If enough end users are targeted, eventually some form of penetration will be achieved.  Fortunately, it is not difficult to significantly improve security of these network end-points.  Review the five points below to quickly and easily achieve improved security:

  1. Implement corporate policy requiring strong passwords on end user workstations and accounts.  Unsophisticated end users will complain, but most will actually comply.  This exercise is useful in identifying the truly vulnerable end users who are at most risk.  (HINT: they are the folks who struggle to create a strong password and need help entering it once it is implemented).  Work with them closely to further reduce your exposure.
  2. Review your backup and restore procedures.  Obviously backups need to be done regularly, normally daily, and stored securely, both on and offsite.  Have you tested your restoration procedures?  BE SURE your backup plan is working.  Even great vigilance can be undone via a single viral email or DNS-redirected web page.
  3. Review your anti-virus and safe browsing software from the workstation point of view.  We assume your end users are behind a firewall appliance, or, at the very least, some form of network firewall software.  Windows 10 offers the best workstation security for general purpose PCs, but be sure to review your Group Policy settings for Windows 10 configuration.  For Windows 7 Defender is competent, but not entirely reliable.  It requires extra effort, but using a combination of the best anti-virus solution with the best safe browsing solution is a ‘best of all worlds’ answer.  Not  only do your settings need to be complimentary, the extra burden on your workstations is also non-trivial.  So be it.  We recommend taking the time and effort required to optimize this aspect of your workstations => that is what Group Policy is for!
  4. End user procedures.  Are your end users adequately coached on ‘do’s and dont’s’?  Do they have reasonable access to help desk support if they have questions?  Be sure they do!  Don’t put them in a position of having to choose between not getting their work done and taking an unnecessary risk with, for example, a questionable email attachment, simply because they cannot timely reach tech support.  It is IT’s responsibility to assist!
  5. Finally, end user procedures.   Are your end users adequately coached on ‘do’s and dont’s’?  Yes we are repeating ourselves here, but this is a broad topic.  However, two main threat vectors exist for end users:  email and web browsing/social media.  Educate end users on both topics and insist that they do not surf non-SSL websites without explicit permission.  Lock down their browsers and refuse to do business with those websites.  If this is a new policy, set a deadline for implementation.  The time is long past for permitting corporate employees to interact with insecure web sites on the public internet.  Use the built-in browser security features of Edge, Chrome, Firefox, and/or Safari to assist in securing your network.  As for email, Gmail offers security and convenience.  If Gmail is not acceptable, use either a white label email hosting service setup by your internal IT staff or your IT consultants, or use a highly reputable third party email hosting service.  Use great care in selecting your vendor, cost, convenience, reliability, and security vary greatly  Admittedly, this is a non-trivial approach, but necessary => there is a reason Gmail is so popular.

Follow these steps to greatly enhance your network end user security, reducing significantly your exposure to external attacks.   We overlooked #6 => keep your software up to date, but hopefully, in 2017, this is self-evident.  If not, we repeat, KEEP YOUR SOFTWARE UP TO DATE!

Thanks for visiting!

Montana Technical Solutions Computer Workstation Security Primer


Website Design Versus Website Functionality

Website Design Versus Website Functionality

Design vs Function and Content

There are three areas to be addressed during the process of website implementation:  Design, content, and functionality.  Technically content and functionality are addressed by the Design Process.  In other words, in a perfect world, we begin with Website Design and all else follows in an orderly and happy way.  However, in the real world, we tend to be results-oriented and want to see concrete progress asap.

Functionality First Approach

This is a common approach and at Montana Technical Solutions Kalispell Website Design and Development Services we work with our clients, regardless.  This means that even in less than perfect situations we will strive to deliver a functional, usable, cost-effective site.  When the design process is sacrificed, as often happens, we know we can still deliver excellent results.  We also know the pitfalls of this approach and can help our clients mitigate the worst of the consequences – namely excessive costs.

The Trade Off

How we do this is simple –  incorporate certain design elements into the development process. The trade-off here will be some limitations in modifying the appearance of the site. Many clients are more focused on the content and functionality of the site and are happy to forego minor changes in appearance.  It is worth mentioning here that  those clients who cannot accept these limitations definitely cannot afford to skip the initial site design process where all elements of the site are defined:  colors, fonts, images, artwork, graphics, page layouts, menu  and navigation functionality, site applications, security considerations, and all infrastructure parameters.  If complete control over the appearance, functionality, and content of your site cannot be sacrificed, DO NOT SKIP THE DESIGN PROCESS.

Design First?

As mentioned, the trade off in deploying a site with little or no design documentation is limited control over its appearance.  As with all things software, we know it can be changed, the problem is that every design change on an established site with no design documentation, will have unpredictable consequences.  Sometimes we are fortunate and the simple change doesn’t have a domino effect.  But much of the time unexpected changes are introduced – columns are broken, text disappears, images are cropped or distorted, non-conforming colors appear, vertical alignment breaks. This is a slippery slope – as we attempt to fix each broken element, other elements break.  There is no quick fix so we have three choices:  accept the existing design, implement an entirely new design, or deconstruct the existing design so that we fully understand it.  It is important here to re-iterate:  If 100% control over site design is important, begin the process with a thorough design document that completely defines site appearance, and functionality including a complete css implementation.  The effort will be well worth it in the long run.


MTS Infrastructure Safe After Attacks

MTS Infrastructure Safe After Attacks

Montana Technical Solutions Website Design and Development Computer SecurityRemember This?

This is a screen shot of a compromised website after WordPress websites were attached worldwide two months ago.  At that time we reported that no websites managed by MTS were compromised by the attacks.

These cyber attacks continue unabated, making the news regularly.  This past weekend’s headlines indicate that hundreds of locations worldwide were struck by crypto-attacks where data is encrypted and held for ransom.  Here’s how the extortionists break the news to their victims:

Montana Technical Solutions Safe From Cryptolocker AttacksThis is not an actual screenshot, but closely resembles those we have seen in the course of our duties.  It is no joke to be attacked in this way, because if the data in question has really been encrypted it will be essentially impossible to unencrypt, necessitating a restoration from the most recent set of backups.  MTS has helped several clients in this fashion.  Note that, in the absence of a secure, uninfected set of backups, data will be permanently lost.

MTS Clients So Far Safe

We are pleased to report our clients continue to be operational and not reporting any serious issues from the most recent round of crypto-attacks, thanks to greater vigilance as well as in-place measures.

DIY IT – Is It For You?

DIY IT – Is It For You?

‘Your IT infrastructure and the data it supports are Mission Critical assets’

MTS is in the business of supporting small, medium, and large scale network infrastructure for clients from the public, private, and NGO sectors.  We support our client base as they deploy scores of  applications across thousands of end-user devices, in dozens of physical locations.  Every day of the week, we respond to numerous support requests most of which can be handled quickly and easily.  To the casual observer and/or daily computer user, we do our best to make it look simple and easy.  After all, end users and administrators have work to do, and that usually doesn’t involve adjusting the IT infrastructure, ensuring the security and integrity of the network, or deploying applications to dozens of desktops.  In short, we do our job quickly and effectively so our clients can do theirs.

2500 PB of Data Move Over the Internet Daily…More Data Than Even Existed 30 Years Ago

Sometimes the apparent ease with which things get done can be deceptive.  How often are we inspired to hop up on the stage and emulate the performer after witnessing a great performance?  The performance seems so effortless it is as if it requires no skill at all.  However, whether the skill is a theatrical performance, or tuning a network of computers, the ease with which it appears to get done belies the underlying complexity and the specificity of the procedures that need to be followed to make it work in the first place and keep working well moving forward.

So it is with IT services.  Today’s networked environment has evolved over decades and now has the capacity to move as much data every single day as was even in existence 30 years ago.  The internet moves 2500 PB of data each day.  The sheer scale is incomprehensible in terms of quantity of data, let alone the sophisticated equipment and software protocols required to route that much data efficiently.

Our Goal Is Invisibility…Transparency to the End User

Further, today’s networks are under constant attack.  As of 2013, the volume of automated internet traffic exceeded that of live traffic and this trend continues.  In addition, directed attacks such as spoofing, phishing, man-in-the-middle, DDOS, and social engineering are routine.  Monitoring networks for penetration, enacting defenses, and responding to threats and/or actual attacks are round the clock activities for MTS technicians.  Any activity on the network that compromises security is potentially an existential threat to the operation of the network and the underlying data it supports.

Do It Yourself IT is not recommended by Montana Technical Solutions Kalispell Montana Website Design and Development

Add into the mix the end user.  In a perfect world, the inner workings of the IT infrastructure is  transparent to the end user – they neither know nor care how network engineers make things work.  In more practical terms, we strive to offer end users a highly available, very secure, and easy to use network infrastructure.  90% of what we do is done ‘behind the scenes’, either in  the local IT ‘datacenter’ or remotely from our offices.  End users see approximately 10% of what MTS IT technicians do on a daily basis  and sometimes may draw inaccurate conclusions about what it is we do and how we get it done.

This leads to a common request – elevated access privileges for the purposes of ‘minor’ tasks such as installing printers and software.

Did you know there is a right way and a wrong to perform installation tasks?

Yes, it’s true, just like any routine maintenance task, installing applications, printers, and other  software and hardware on your network needs to be done a certain way.  Whether we like it or not, printers and printer drivers continue to be noticeable points of failure on all networks. It is common for improperly installed printer drives to essentially disable one or more workstations on a network and possibly the printer itself.

Software installation is now a high-risk activity – applications must have execute permission in order to run an improperly installed software package can expose the network to direct attack.  End users are certainly capable of running a software installation program, but most do not have the IT background to ensure a secure installation, which also works correctly in a network environment.

Don’t become a casualty

Over the past few years it has become a regular occurrence – news of a network intrusion and massive amounts of user data being compromised.  This is a serious problem with numerous consequences.  Often overlooked are the ground level personnel involved.  They are direct victims of the criminal activity, but unlike many crime victims, because of their professional position they are held accountable as responsible parties, not victims.  In other cases, there is no criminal activity, rather a problem has arisen with an organization’s IT infrastructure and we are called to assist.  Naturally, when the problem is serious enough, executives and administrators investigate and as part of this process they seek our opinion on ‘how it happened’.  There are always multiple contributing factors, but one we prefer not to identify is unnecessary elevated privileges.

In the IT world, there is a fundamental tenant of security known as ‘least privilege’.  You can view the Wikipedia entry here.  Put simply, each person, application, or process is given only the minimum level of access required to perform their necessary and approved function on the network.  If any doubt exists we err on the side of caution.  Naturally, this leads to the occasional circumstance where an end user is unable to complete a task without our assistance, but fortunately, this is not the norm.

Nevertheless, we field our share of requests for elevated privileges i.e. administrator level access, on the part of end users and administrators.  Consider carefully, when asking for this level of access.  Ultimately, that decision is made by the network owners, not by MTS, but do keep in mind that true Administrator-level access on today’s networks implies the ability to do virtually unlimited damage to the network and its assets, up to and including complete and irreversible data loss. 

Consider carefully if the need for Administrator access truly outweighs the associated risks.  There are a number of alternatives available and we are happy to explore them with our clients.

Contact Us for help with your IT needs:




Kalispell Website Design and Development – Content Considerations

Kalispell Website Design and Development – Content Considerations

The Process of Content Creation

As we move through the process of designing and developing our clients websites, there are common steps that get us from concept to finished and effective website.  Today, I am preparing a Montana Technical Solutions Website Design and Developmentprototype site for review by our client before we finalize and deploy it to the public internet.  As with the production of most professional media projects, there is a known and effective process for identifying, planning, creating, and deploying the content.  Each platform (website, audio, video, print) requires different preparatory steps, but the concept is the same:  plan from the beginning to design and acquire usable content that is as close to its final form as possible, through each stage of the process.

For websites, this means identifying the required artwork, images, graphics, fonts, colors, audio and/or video content, and copy as well as the means by which it will be acquired or created. Today’s digital content is differentiated from traditional media (radio, television, print, etc.) by its interactivity, meaning, that the content must be created and acquired, but also that during this process consideration must be given to the functionality of the site.

A Checklist for Your Site Content

This can be a complex process and, if it is not guided, can get expensive. At MTS, we begin our website projects with as much of this process already complete.  Because our web technology is current, we offer our clients the best and most comprehensive site functionality available, essentially ‘out of the box’.  We also direct the process of creating and acquiring the required content with a high degree of efficiency, using tools such as our comprehensive checklist of required assets.  This checklist, identifies up front, all of the required content for a given website, with specifications, and accurate estimates of associated cost, if our client does not already have the necessary assets.  This allows for a predictable and efficient website development process.

Kalispell Website Design and Development
Montana Technical Solutions

Why not talk to us today about your website design,  development, and maintenance needs?

Contact MTS





Troubleshooting Network Errors – Why a Quality ISP Matters

Troubleshooting Network Errors – Why a Quality ISP Matters

Montana Technical Solutions Website Design and Development Kalispell Your ISP MattersAs IT guys people sometimes think we are immune to the random routine problems that plague our workstations daily.  Not so.  Recently I brought a new workstation on board for my website development work.  This requires a fairly sophisticated software stack and, because I’m working on websites, a reliable network connection.  The workstation initially appeared to be working fine – I was developing a site on my local machine and everything was as expected.

However, when I began to work on my ‘live’ sites i.e. on the internet, I noticed significant problems loading certain sites. I began routine troubleshooting – check DNS and DHCP settings, perform network speed testing, observe which sites are failing to load and any specific URLs that are causing pauses.  I launched task manager and discovered Microsoft Security Essentials using inordinate amounts of system resources, so I decided to uninstall MSE and download ESETNod32.MTS Kalispell Official ESET Security Reseller for the State of Montana

Ditching MSE resulted in performance improvements, but certain sites were still loading slowly or not at all. I uninstalled ESET and, to my surprise, this seemed to fix the problem.

Meanwhile, our wireless phones had been getting noisier.  A little investigating turned up that I had unplugged my handset when installing my new workstation, causing the battery to begin to die.  I plugged it back in and moved on, assuming the problem was solved.

Two problems solved and time to get back to work.  But no such luck.  My network connection continued to be spotty  and our phones remained noisy long after the battery should have recharged.  No amount of local or network troubleshooting had improved matters, in part because some of the diagnostics I would ordinarily use to troubleshoot my system were failing due to my network connection.

Time to call our ISP.  After four calls over four days (our problems were disguised by the fact that our  ISP was in ‘bandwidth exhaust’ – they had literally signed up more subscribers than they had bandwidth for), we finally had a tech arrive onsite and determine that our DSL filter connection was bad.  This fixed the noisy phone line, but still I had internet connectivity issues on my one workstation.

Time for more troubleshooting. My speed testing had turned up an interesting failure on the upload test, which failed with the following error message:  “testing cannot continue, bad socket.”  I launched Wireshark and examined the related TCP packets. Winsock protocol on my local computer was throwing an unknown error.  At least now I had narrowed the problem down.  I suspected either my network card or network driver were bad.

Sales and Service - Dell Computers Kalispell MontanaMy tool of choice in these situations is Dell’s System Detect and Diagnostics, which are specific to each machine’s Service Tag.  Unfortunately, my network problem was interfering with their functionality.  I still wasn’t sure our ISPs problems weren’t at the root of my problem (although other local workstations weren’t so problematic), so I took my machine to my personal office, which is served by a different ISP.

There I was able to download and install Dell Diagnostics and identify part of my problem.  I had a corrupt network driver.  This completely repaired the problem on my local workstation and when I returned the workstation to our MTS store, it worked fine there as well.

However, we are still left with a potential problem. Our ISPs bandwidth exhaust situation leaves us vulnerable to packet loss and, apparently, this may interact with other issues to make life more complex for us.  Given that we are in the business of repairing broken hardware and software, this is hardly convenient.  In fact, it’s a serious problem.

We are told our ISP will be implementing system upgrades in May of 2017 to remedy the situation.  Hopefully, we don’t burn too much more time troubleshooting problems made worse by this situation.

RFraser, MTS


Website Intrusion Threat Averted – MTS Websites Secure

Website Intrusion Threat Averted – MTS Websites Secure

MTS Websites Secure.  Recently sensational news stories have been published describing widespread ‘hacks’ of WordPress-based websites world-wide.  Reports suggest that tens of thousands of sites have been compromised. Unfortunately, our preliminary review indicates the threat is credible and the third-party intrusions are verifiable.

In most cases, it appears the intruders have simply left a visible record of their having penetrated the site.  Search engine results seem to confirm the intruder(s) have updated numerous sites with their signature posting.

Fortunately, sites managed by MTS appear to have been safe from the hackers.  This would be expected, as our sites are securely hosted and we strive to implement best security practices, including prompt installation of software updates to all our websites.  In this case, WordPress core developers gave web developers and hosting companies one weeks’ grace before announcing the vulnerability publicly, which allowed us sufficient lead time to be prepared.

Naturally, we remain vigilant for threats such as these at all times, so that our clients have maximum assurance of the uninterrupted operations of their websites and IT infrastructure.


MTS Facebook Page Update

MTS Facebook Page Update

Thanks for visiting our Facebook page! You can check out our website at any time:  For updates on our products and services and special offers please check back often!