Nothing beats free, or in this case: freemium. I’ve put together a list of a few free SaaS services that will make your lives easier, and don’t have huge hurdles to implement.
All of my recommendations have enhanced paid-for plans, but what good is spending money on stuff if you’re not getting even the most basic value first? Start small, realize success quickly, then build upon that.
Without further interruption…..
Cisco’s Duo Security offers 10 free 2FA users, and UNLIMITED protected devices. How many IT departments are more than ten people? For the low, low cost of FREE, you should make it your New Years resolution to enable 2FA on EVERY. SINGLE. SERVICE. that is accessible via the Internet or has a privileged login.
Duo is brain-dead simple. To protect a Windows machine, double-click on an MSI file. To protect a Linux box, load the Duo PAM module. Have a Cisco/Palo Alto/Checkpoint VPN, or any infrastructure that uses RADIUS for authentication? Install the Duo authentication proxy and those devices are 2FA secured. Protection in a matter of minutes.
I can’t stress this enough — there is NO REASON that EVERY organization shouldn’t have two-factor authentication protecting everything that has a privileged administrative login or external network access.
On a final note, if you’re an Office 365 customer with an assigned license, did you know that you get Microsoft’s Authenticator two-factor application at no charge? If you don’t do anything else…
I have two freemium platforms for you. The first is one of my longtime favorites: Uptime Robot. Uptime Robot lets you monitor up to 50 devices with a 5-minute polling interval from multiple Internet points for free.
If it’s Internet-reachable, Uptime Robot can monitor it. Websites, SD-WAN devices, SaaS services, and services running on custom ports. Get a notification if your stuff that you depend on is down before your users let you know.
If you’re running a Meraki firewall, you’ll automatically get a dynamic DNS hostname for each ISP on your SD-WAN firewall. Put each hostname into Uptime Robot so if an ISP drops you know about it without having to rely on managing a spreadsheet of static IP addresses. In your dashboard, you’re looking for something like this:
Finally, my other recommendation for a free tool is BGPmon. BGP is the protocol that makes up the backbone of the Internet, by ensuring that networks are routed properly to their intended destination. Sometimes this delicate trust breaks, and you’re left wondering why you can’t get to where you need to go.
Create a free BGPmon account, and add up to five IP address prefixes into it. If Uptime Robot says that if all of your stuff is offline, you can cross-reference it against what BGPmon reports, ensuring that a larger backbone outage isn’t the culprit.
This one is a bit more off the map, but I’m a big fan of JumpCloud. Odds are, your organization has a Microsoft Active Directory and all of the “things” that go along with that (upgrades, patching, servers, licensing, etc).
JumpCloud provides that directory service completely in the cloud. Their free plan allows 10 users and 10 machines. You can do practically everything that you can do with Active Directory, but you’re not managing any of the back-end infrastructure.
With their free plan, you get:
While I don’t use this for my office, I do use it for my home. I get full enterprise-grade security for my Wifi and computers that I do from an enterprise-grade corporate network, and it’s really easy to lock out my kids from the network when they’re not doing their homework!
Seriously, think about how many SMB companies could get an enterprise security and management stack for their 10 or less people for the low, low cost of FREE. For small companies, this should be a no-brainer.
Phishing emails and websites are out there. It’s just a matter of time before you (or someone like you) accidentally clicks on a link and gives up your password. For a fighting chance against them, use a DNS provider that filters results.
DNS is what turns easy-to-remember hostnames (like medium.com) into IP addresses (like 184.108.40.206). A DNS provider that filters blocks bad domains (like mysupersecretmalwaredomain.com) from resolving to the infected IP address.
To get basic protection, you simply need to enable your clients to use the provider’s DNS.
Cisco Umbrella offers two sets of DNS servers usable at no charge:
Comodo Secure DNS is an alternative:
Ensure your guest Wifi has some sort of filtered DNS servers configured, to keep guests from looking at content that wouldn’t be appropriate in the workplace. It’s not going to stop a determined user, but it’s better than nothing.
That’s it, folks. May you have a secure, reliable and protected 2020!