Is your wireless still naked? #2

In my last wireless post I mentioned that Brian Posey was writing a series on wireless security and rather than duplicate effort I direct you to his latest blog postings on wireless security. Brian reiterates what we discussed in our article about simple security, i.e., most wireless appliances are configured through your web browser and the default user name and passwords are well known and used by everyone. Changing the default password is a simple security step which many techs either don’t configure or forget to configure. The excuses that access to the access point is infrequent and over time passwords may be forgotten only means that the network hasn’t been documented. As to default passwords, as Brian covers in his article,  the following chart is a case in point.

Common Wireless Device Browser Access Defaults
Device

Access Address

User-name

Password

Linksys

http://192.168.1.1/

“blank” or admin

admin

Netgear

http://192.168.0.1 or http://192.168.1

admin

password or 1234

Trendnet

http://192.168.1.1

admin

admin

DLink

http://192.168.0.1

admin

“blank” or admin

Now before you get upset that I’ve given up the farm, just think are you using the default passwords with your wireless access points; are you using the default IP address; did you know that this information is readily available from the manufacturers support site? Take a little time, read Brian’s article, and think about it. Are you going to make any changes?

Is your wireless naked?

Over the years I have always been reluctant to endorse or install wireless networks for clients, but who am I fooling as I set in my neighborhood coffee shop and begin this post? Wireless networking is fact of life for all of us, so let’s be clear that the primary issue with wireless networks is always security. Wireless network security has two major points of vulnerability: 1. Laptop vulnerability in open networks and 2. Securing wireless access points (wireless routers).

Whether your workstation is wired or wireless it can always be a target for hackers or malicious malware (viruses, Trojans, worms, etc.). All networks should have a physical/hardware firewall separating the network computers from the Internet. Depending on the level of sophistication, the firewall can not only provide separate private addresses for the local network, thus separating the local network from internet, but more sophisticated firewalls can also control or limit the type of inbound and outbound traffic. In many coffee shops and open networks there is no access control except network address translation (NAT) to provide private addresses for multiple machines which allows them to access the internet using one internet connection. This is done to accommodate all wireless users that may come in wanting to use the wireless internet.  Some “hot spots” require a web interface logon which may require an additional paid access or some kind of acknowledgment (room number or agreement) which may mean that remote access is better controlled with increased security. In addition, some of these locations may limit remote access Virtual Private Networking (VPN) or remote desktop access (RDP) allowing only web based email or Remote Web Workplace connections. In that case, however, the security is increased.

On the other hand, you are at the local neighborhood coffee shop and what do you do?

Install a personal firewall! The following links provide a list of current personal firewalls including several that are free: http://www.firewallguide.com/software.htm#Top_Picks and http://personal-firewall-software-review.toptenreviews.com/. I don’t make any recommendations because other than intrusion defense the various models work differently. Some are configured automatically (my favorite) while others are more technical; if you don’t know what SMB or ICMP means, work with the more easily managed applications.

As stated earlier, I believe all sites whether office or home should always have a physical firewall in place and wireless routers can also serve that purpose. Note that the range can be varied both in function and cost; recently one of the professional magazines to which I subscribe gave a list of 5 quality WLAN (Wireless Local Access Network) adapters: http://www.channelpro-digital.com/channelpro/201009?folio=20#pg22. Take time to do a little research about the appliance you want to buy; besides being rated for bandwidth speed, I recommend that the appliance have a web interface that you can understand and if you are using virtual private networking to access a site make sure that its firewall can be configurable and that it allows VPN pass through. When I encounter a router that I’m not familiar with, I go to the manufacturer site and look at the user manual and view not only technical specs but also how to configure the router for my clients.

Finding the right wireless adapter/access point is only part of the issue when setting up a wireless network. Almost all of the consumer grade products come ready to go, just plug it in and you can reach the internet. Although this can make life simple, an open network is an invitation to trouble; therefore the next step, configure encrypted wireless access. Did you look at how to configure wireless security when you reviewed the user manual? Use WPA (Wi-Fi Protected Access) encrypted security. We aren’t a how to site but take a look at Brian Posey’s evolving discussion regarding Wi-Fi vulnerabilities and how to secure your home or office network: http://www.windowsnetworking.com/articles_tutorials/Securing-Wireless-Network-Traffic-Part1.html. Wireless networks are a fact of all of our lives but there are risks; please play heads up ball.

Online Backup Vendors: Major Players Lists

In preparation for my last article on online backup, I asked some of my peers what online backup tools they preferred; my intent was to compile a list of most favored by local small business IT support professionals. In true tech fashion I got two suggestions: a reference to other lists and a question regarding capabilities. As I reviewed the lists I was well aware that I was looking for options other than iBackup, which I directly resell, and BackupRX, which I like but thought was priced higher than I thought reasonable for my client base. For you, the consumer, it’s more than likely relevant that I note why IT pros support/partner/resell for a particular vendor(s):

  1. Establishing a secondary source of income is self-evident: It’s simply a good business practice to offer additional value above and beyond IT support.
  2. Familiarity with utilities that a service provider deploys from site to site simplifies and standardizes the support process: using familiar tools eases installation and support maintenance, thus saving time and costs to the client. Further, this standardization makes troubleshooting more efficient site to site over time.
  3. The more familiar a vendor becomes with a reseller the better the vendor technical support when needed.

With that in mind, here is the current online backup matrix I give to clients: (Please note entries marked in red are noted to be most popular for home use.)

Company Service Link Cost: $/Gb/Mo Contact Comment
Ibackup* Online Backup and Storage https://www.ibackup.com/p=briscoe_network_solutions $9.95/10GB 1-800-949-355/Reseller Includes server, PC’s, Linux, Exchange, SQL and Mac’s
Carbonite* Online Backup for Your Small Business http://www.carbonitepro.com/ $10/20GB 1-866-596-7988 SQL and Exchange? No Mac or Linux support
Mozy Pro* Mozy Home and Business backup http://mozy.com/pro
•Desktop Licenses: $3.95 + $0.50/GB
•Server Licenses: $6.95 + $0.50/GB
877.669.9776/Reseller Includes server, PC’s, Exchange, SQL and Mac’s
BackupRx* Online Backup Manager http://www.backuprx.com/ $98/20 GB/Annual Reseller Total backup and storage solutions for business offices
Intronis* Online Backup and Recovery http://www.intronis.com/download/index.php Reseller Online/reseller I’m currently testing
Most popular for home computer use
* Offer free trial.

I don’t mean to imply that my list is the best or most exclusive, but merely that these are the products that I will install or set up trials for my customers. There are other lists which you may find more to your liking:

My take is online backup is a good resource for easy backups, quick file recovery, and disaster recovery. That said, I still like to have physical backups for full or bare metal restores. Take your time, do a little research, and you’ll be sure to find a backup that fits both your needs and your budget.

Are online backups a maintenance solution?

Recently, I had a new client inquire about using online backup as an additional level of redundancy to protect their data.  My quick response was I’d compile a list for them to review and make an informed decision. Later, I thought about what considerations go into an informed decision: Storage space? Ease of configuration? Cost per MB/GB? Level of tech support?  Below is a list of criteria that I use when reviewing not just backup providers but all software purchases and deployment.

Why online backups?

  1. Hardware and media fail: (external drives, tape, CD’s, flash drives, etc.). If not now, they will sometime in the future. Or you will outgrow the capacity of your media.
  2. Set it and forget it!: No matter what people tell me, as I talk to “solo-preneurs” and small business owners about backup, remembering to schedule backups or change backup media can be a problem.  Online backup resolves both of those issues.  With online backups scheduled and no media (tapes, CD’s, external hard drives, etc.), the computer needs only to be turned on.  Let me repeat that, “With online backups scheduled and no media, the computer needs only to be turned on”!  If this is still a problem, some online backup programs will do real-time backups.
  3. Disaster recovery: One of the primary business concerns after hurricane Katrina was how fast a business could get back in action after so much devastation and loss.  We know that with a total loss of all business data, customer lists, inventories, etc., many businesses are unable to recover and rebuild.  They don’t fail; they die. Data stored in the “cloud”, i.e. online, ensures that business records are not lost, giving businesses a running start to resume.  A disaster plan combining either cloud-based applications or backup images for bare metal restore, can mean the difference for a business in a crisis situation being back in operation within days or in some cases hours.
  4. Redundancy: I like using both physical backups, images, and online backups to provide continuous updating of business data because business disasters can come quickly and in many forms, ranging from server failures, fires, floods, or theft.  With imaging, a server now can be physically rebuilt in a matter of hours as opposed to days with online restores providing additional data as needed.

Considerations

  1. Internet Failure: In my most paranoid moments I fear that the Internet will be inaccessible, in which case all Internet-based computing solutions will be unavailable.  Many assure me that in this day and age the Internet back bone is most stable and secure.  Most disaster preparation plans call for three days self-sufficiency while local and governmental disaster response teams evaluate the overall situation.  I suggest that telephone, electrical, water, waste, and Internet services could be affected during that time period as well.
  2. Availability and Security: There are two issues concerning database storage: What level of redundancy has the vendor built into their system and where are the data stored? Online backup requires data storage centers that house servers; there must be a system for duplicating the same data between centers and facilitate seamless user access from one or more centers at the same time.Consideration needs to be given as to where those data centers are located and whose data is stored next to yours.  On an international scale, various countries have grave concerns if their data are stored in or near an enemy nation and there has been some concern about the physical security of storage facilities located at sea.  You might be concerned if your competitor’s data is stored next to yours or whether the storage facility’s level of encryption complies with HIPPA, Sarbanes-Oxley, or other security requirements.
  3. Latency: The time needed to upload large amounts of data can actually take days for a complete backup.  This latency is adequate for disaster recovery to ensure no data is lost but the time delay is not suitable for the complete rebuilding of a physical server.  To compensate some vendors will allow users to send physical copies of data to resolve the time needed for a complete backup or some vendors will send (next day express) a physical copy of backup data if a complete rebuild of a server is needed.

BNS Online backup criteria:

  1. Simplicity/User interface: My primary concerns are
    • How easy is the backup agent (program) to install?
    • How much space does it takes up on the hard drive?
    • How easy is it to configure and schedule a backup?
    • What is the performance impact on computer (Does it slow down your computer?); this is particularly true for real time backups?
    • Many online backup services have a risk free trial period which I recommend as a way to answer these initial questions.
  2. Storage capacity and cost: Online backup/storage services operate on a subscription basis with a monthly charge based on the amount of storage, usually with a base minimum of 5 -10 GB.  The introductory minimum is always quite inviting from a cost point of view but be clear about how much data needs to be backed up. The more data you store, the more expensive; not to mention the amount of time to complete the initial backup.
  3. What needs to be backed up?: SQL? Exchange? Laptop? For businesses that need to back up database files, the mail server, specialty business applications, Linux files, or Mac computers: make sure that the vendor’s software for backup and data restore is adequate for your use.
  4. Vendor reliability: comes in two forms:  Does the company have a good reputation? Find out not only how long they have been in business, but also look at their list awards and articles related to their success.  Read those articles not just for accolades! Quite often those articles will also provide a comparison with other service providers as well as “pros” and “cons”.The second level of provider reliability is availability or up time:  Do they make a statement or offer a “service level” guarantee of availability, i.e. 99.5% up time?  Do they have a plan for up time following a natural disaster?
  5. Technical support: There are many players in the online backup/storage business. Besides the mentioned criteria, I make a pre-sales call to technical support to see how responsive, friendly, and helpful the company is.  As Americans we make jokes about talking to tech support from India or the Philippines.  Putting our prejudices aside, if you can’t understand the person, the response time is slow, or the tech support person doesn’t have a clue about the product (reading from a script); what is your first impression?  The bottom line is: no matter what the price, can you depend on this company to protect the storage of your data?

Scamville – The Pitfalls of Social Networking

While Facebook can be an excellent tool for networking and expanding business, there’s also a dark side to the many applications offered via the social networking site. Michael Arrington of Tech Crunch explains the possible pitfalls while using applications via Facebook, and details some ways companies use the information garnered from games and quizzes to sell your information: Scamville.

Create a Password You Can Remember

Say you have the most secure system in the world. How do you keep it that way? Passwords not only keep your system secure, but can limit access to certain people, be it employees, technical support, or a specific member of your team, such as the accountant. Do you remember the passwords to your server, Quickbooks, etc? Do you change them regularly with secure passwords? While we all can relate to dreading the 30-60 day password change, there are techniques out there to help make the burden lighter. Wikihow gives helpful techniques on not only creating a secure password, but one you can remember too:

Wikihow – Create a Password you can Remember

Are you really backing up?

Backup and Disaster Recovery

For the last several weeks as I prepared for this article I’ve been thinking how to make computer maintenance sexy.  Maintenance isn’t as sexy as your new iPhone application or ordering your pizza through Twitter or the cute pictures of my grandson.  But computer maintenance is crucial in business because without a strong stable and secure network there is no foundation for the business.  In a network where everything works right; emails come in without being swamped by spam, websites are accessible, intranets and extranets communicate without interruption.  A smooth running, low humming network of hardworking computers, terminals, printers and devices…. Now that’s a sexy thing!

After reviewing my last article my wife asks, “Who’s going to read this, isn’t it awfully long?”  Good question! Often when I introduce myself at meetings I conclude with the tag, “When was the last time you backed up your computer”?  My responses are either a confident smile or a nervous twitter.

Backups can be as simple or as complicated as you want and there are many ways to save your data… from copy and pasting to a flash drive or a CD to push button devices that backup everything at one time.  As a network administrator I look at it from a need basis and ask the following questions:

  • Why backup?
  • What to backup?
  • When to backup?
  • How to backup?
  • And Where to backup?

In short, do you have a backup plan?

Why backup?

Whether we like it or not hard drives fail or run out of space; therefore, the first reason you backup is to make a record of the data on your existing hard drive or computer in order to move that information to your new hard drive or computer.  More specifically, how many copies do you have of that new business plan you worked out with your attorney?  How long did it take you to work out your new inventory pricing list with your sales manager and now where is that laptop?  In short, how do you replace lost information whether it’s a stolen laptop or an earthquake collapsed building which crushed your server and destroyed all of you office?

What to backup?

USB External drives have been a boon to many of us because they are simple to install, drive capacity has skyrocketed, and small drives can now fit in your skirt pocket.  Most of these external drives have backup software built into them which makes backup easy… you just push the button.

Although this is simple, it isn’t practical because you backup more information than you need. Specifically, you will need to reinstall programs on the new computer and the same goes for the operating system.  Ok, ok, rather than get into a technical discussion, what do you backup?  What have you created?  Do you run QuickBooks, Microsoft Accounting, PeachTree, or other accounting software?

Most of these programs have either an automatic or manual backup procedure; you should backup that folder.  Further, are you working with inventories, menus, presentations, manuscripts, client marketing lists, marketing graphics or literature, client or donor marketing lists/databases, calendars, web site designs, building designs, customer letters, letters of recommendation, letters of credit, project time lines, my grandsons’ pictures, art portfolio…?  Did you forget your “My Documents / Documents” folder?  What about the “users” folder on the server? Have I missed anything?  Make a list and select everything that is on your computer and server which has value for you business history, progression, and good will.

How?

  1. For small amounts of data dragging and dropping to a flash drive or small external drive. Many accounting programs sets this is the default and prompts you for the location and device.
  2. Automated backups again simplify the backup process.  Windows XP, Vista, and Windows server products have built in backup applications which can backup to external drives or tape.
  3. Servers are quite often are purchased with backup devices (tape or cartridge) which include third party software for selecting files and automating the backup.  If you have SQL or and Exchange database on your server make sure your backup software will backup those databases.
  4. Online backup is a new player to the game which can not only simplify the backup process (set it and forget it) but because backup is over the internet there is no external device to loose or to fail. 

When?

Customarily I think of backup happening at the end of the work day or in the evening when no one else is using the information. Besides time of day there are several other considerations need to be taken into account when developing a backup plan:

  1. How much data do you need to backup?
  2. How large is your backup and how long does it take to backup?
  3. How often does pertinent data change?
  4. Do Line of Business applications or accounting program need separate or special backup?

Offices that have a high volume of daily changing data should backup daily.  Keep in mind that full backups can take up much space; not only should the backup device have plenty of space but using full backups in conjunction with partial (incremental or differential; which we won’t go into here) copies changing data but also saves space by only copying the information that changed.  On the other hand, offices that don’t have lots of data changes can backup weekly or if the accounting or inventory software is the only change, backup that application daily.  The key is to develop a plan and stick to it.

Where?

At one point, tape backup was considered the only backup solutions but with the numerous forms of storage devices now available you can easily take your pick of what type of media to use for backing up.  As an old school guy, my first preference for servers is still tape but tape drives and tapes are expensive not to mention somewhat limited in storage capacity.  On the other hand the increasing size of USB hard drives and the flexibility of solid state storage, and the low cost of these devices, have made them a first choice for small businesses and home offices.

I heard a story today about a small company that installed a new server with new high speed USB drives for backup that was broken into and had all of their new equipment stolen including the new external hard drives with their backup.  I can’t stress how important it is to keep a copy of the most recent backup off site.  Tape, CD Rom, or external hard drive rotation off the premises has to be part of the backup plan.  Online backup is a good option for maintaining off site backup and many vendors promote a ‘set it and forget it’ approach to backups.  I like the logical simplicity of online backups but there are several things that need to be considered:

  1. There are many consumer grade backup systems available but may not have the capacity to store a large amounts of data, which may be needed by a commercial venture.
  2. Along with storage capacity different backup systems backup and restore at different speeds; a large amount of data may take days before all of the file are backed up.  This also applies to restores; restoring a missing file from online may be just what you needed but not practical if you need to fully restore a lost or damaged hard drive.  I deal with a vendor who guarantees that in the event of a total hard drive failure he will overnight the data on an external drive.
  3. Also, if you host an email server or SQL database, it is imperative that the backup software can backup these types of files.  Most consumer grade services are geared for home backups not the sophistication needed for commercial purposes.

Disaster Recovery

I heard a distressing story yesterday, about an organization that moved into a new location and a thief stole not only their new server and several new desktops but they also took the new external drives with all of the backups.

Murphy’s Law states that if it can happen, it will happen so be prepared.  Disasters do happen: hard drives fail in fires, with water damage, hurricanes, earthquakes and floods.

So:

  1. Keep a copy of the latest backup off premises, in a safe secure place.
  2. Use a competent online backup system.
  3. Use imaging software to speed up recovery to new servers or replaced hard drives.

Conclusion

Backing up is something people know they should do but leave it because ‘it’ll never happen to them’.  When it does happen, it can be a total disaster.  Backup up is an insurance policy that will protect one of your business’s most valuable assets, your data, your records, and your business essence.  Many businesses that suffer a crash (or get hacked), never recover.  It doesn’t take a lot to prepare a plan and there are advisors aplenty if you look for them.

Sophos Anti Virus Review

Can Sophos protect your small business from malware? Watch and find out!  Click here for  a FREE TRIAL!

Computer and Network Backup

Phill Briscoe discusses backup systems in this video blog.