Basics | Briscoe Network Solutions

Simple Security

September 8, 2010 By Phill Briscoe 1 Comment

Last month, shortly after finishing a telephone call with my friend “Lucy” I got an email from her saying that she was stranded in London, her suit cases and passport had been stolen and although she had found refuge at the US consulate she needed some money to tide her over until problems could be resolved there. I know spam when I see it so I deleted the message.

Later that day I got a panicked call from Lucy relating how her Hotmail account had been hacked, her account password had been changed, and the problems she encountered with Hotmail trying to regain control of her account to change her password and eventually delete the account. Lucy uses this account as one of her business email accounts and she was much chagrined when a spam/solicitation email was sent to all of the addresses in her email address book. Besides of the embarrassment, Lucy had to contact all of the people on her list to explain and apologize for some criminal’s actions.

I tell this story not to point a finger at Lucy but to illustrate that crooks and thieves use any method possible to gain control of your personal information though hacking, viruses, spam, and other malware. My message is to be careful. I’m often angered when I talk with clients who don’t get that point. Although nothing is fool proof, may I make the following suggestions?

Change your user passwords several times a year (ideally change passwords every 90 days). More often than I’d like I’m confronted by a client who finds that passwords are too much of an inconvenience. Even if you only have one computer at least put a password on it to keep the kids out.
Not using your computer? Log out or shut it down. Before we became so environmentally conscious it was customary to always leave business computers on to allow for operating system updates and remote access but in today’s world if your aren’t going to remote into your workstation over the weekend shut it down. If you are going to use the machine at least log out to break the direct link to the server and your user profile.
When was the last time you updated and ran your antivirus or antimalware software? Yes I know that these applications are automated but other than just a maintenance check are they running properly?
Do you have a personal software firewall installed on your computer? Many of us laptop users are at home sitting at the neighborhood coffee shop. Although the major coffee vendors include some sort of authentication and have monitored systems most local coffee houses do not; which gives rise to a concern for added hacking security. Most major personal antivirus and personal firewall vendors now offer Internet security products which include anti-virus, anti-spam, and firewall protection. I like the additional firewall protection but it requires that you learn how to use it as to not block you favorite programs. I’ll discuss this more next month.

With the convenience of the Internet comes added responsibility; quite often the most secure thing you can do is turn off your computer or change your passwords every several months.

Share and Enjoy:

Filed Under: Blog, CyberCrime, Maintenance, Network Security Tagged With: Basics, computer maintenance, cyber crime, IT support, Network Security, small business

The Excitement of Uninterrupted Power Supplies: UPS

June 30, 2010 By Phill Briscoe Leave a Comment

Summer is a time for lots of construction and road maintenance and my neighborhood is no exception. We were notified that there would be occasional power outages during the times they work on our street and initially, I blew this notice off and quipped, “No problem as long as they give advanced notice of specified times.”

Later a client called and wanted to know what to do when the power in their building was shut off briefly during a construction phase. My answer: Shut down the server, computers, and other related devices during the power outage. I also noted that if this was to be for an extended period time it is a good idea to inform regular clients of the situation. Last weekend I received UPS, or uninterrupted power supply, failure notices via alerting software from a client with a notice that the server was to be shut down; the server stayed down the rest of the weekend. I informed my client and he went in early Monday morning and restarted the server with no problem and we continued business with no further incidents. Power outages and surges can play havoc with your server, computers and other office devices. This is why I always insist on a UPS (uninterrupted power supply) to provide surge protection and an orderly shutdown of the machine if needed.

Power outages, buildings with inadequate wiring, and lightning can result in significant power surges which can not only damage machines but can cause loss of data. Some people assume that a surge protector with a lot of Joules will suffice. There could be a discussion of how many Joules is adequate but the true advantage of surge protectors is that they are inexpensive. A UPS not only provides surge protection but in the event of a power loss it also shuts down the computer in an orderly fashion, preventing damage not only to the machine but also the operating system. Many people forget to install the UPS software and connect the UPS to the computer, which doesn’t allow the UPS to perform its alerting or shutdown functions. The significance is to use the UPS for more than just surge protection.

APC, Tripp-Lite and Belkin (surge protection wizard) are major manufacturers of UPS batteries and surge protectors with a variety of 800+ Joules surge protectors for less than $50+. APC also offers a UPS selection tool to assist in determining the right backup battery for your office. APC will also take used batteries as a trade-in toward the purchase of a new battery or UPS.

I know talking about surge protectors and backup batteries is not as exciting as your new 4G smart phone but your computer/server should last longer than your smart phone.

Share and Enjoy:

Filed Under: Maintenance, Network Maintenance Tagged With: Basics, Busines networking, computer maintenance, IT support, Maintenance Plans

Has your antivirus subscription expired?

June 26, 2010 By Phill Briscoe Leave a Comment

Security for computer networks comes in many forms.Often the most troublesome and frequently encountered are malware infections (viruses, worms, Trojans, spyware, etc.). Unfortunately, during my initial meetings with prospective clients I still find workstations with expired antivirus software or no protection at all. Malware, like hard drive failures, can make workstations inoperable but all data can also be lost. Many techs will only work so long on resolving infections before they suggest reformatting the hard drive and reinstalling the operating system. Maybe they are just giving up but if you are being paid by the hour, it is the better part of valor to start from scratch rather than keep charging your customer for a server when you don’t have or know the solution. On the other hand, there are technology firms that focus solely on virus eradication (at all costs) and data recovery, but be prepared to pay the price if you absolutely need your workstation and data intact. This might be a time to lecture about hard drive backups or imaging but that is not a good method for establishing a good working relationship.

In this day and age of growing security needs, the list of old and new malware removal companies is never ending so there is never a reason for a person to be without virus protection. Professionally, I don’t recommend free antivirus solutions (I don’t scold my mother-in-law for using AVG Free Edition) because most free versions of software offer no support or are only limited (restricted) versions. The most popular free antivirus programs are AVG Free Edition, Comodo Internet Security, and Avast Free AntiVirus. One exception to the premise, that free software provides no support or is a restricted version of the paid client, is Microsoft’s Security Essentials, http://www.microsoft.com/security_essentials/. Microsoft offers this antivirus client for standalone computers with support and the promise of offering a good stable product; if you are looking for an antivirus client this might be worth a try. If you are looking for these and other free or trial antivirus and other downloadable utilities, I suggest becoming familiar with CNET’s Download.com which offers a vast array of spyware free/trial utilities to try. In addition, CNET offers several good spyware removal tools including: Malwarebytes Anti-Malware, Spybot Search & Destroy, Ad-Aware Free Anti-Malware, and SuperAntispyware Free Edition.

Last note: Often, I’m asked to define the difference from viruses, spyware, Trojans, and other malware. I don’t always make a true distinction between the various types of malware other than, “Do I have a tool to remove it quickly to minimize client down time?” Sophos has published a paper, “A to Z of Computer Security Threats”, which gives a good definition of the various malware types which you may find interesting. For your convenience, we have posted the PDF file on our SkyDrive site for you to download. In addition, I’ve also included Trend Micro’s white paper on understanding and protecting against Fake (hoax) Antivirus infections.

Share and Enjoy:

Filed Under: Anti Virus, Maintenance, Network Maintenance Tagged With: anti Virus, Basics, Busines networking, computer maintenance, Network Maintenance, Network Security

Are online backups a maintenance solution?

February 20, 2010 By Phill Briscoe 1 Comment

Recently, I had a new client inquire about using online backup as an additional level of redundancy to protect their data. My quick response was I’d compile a list for them to review and make an informed decision. Later, I thought about what considerations go into an informed decision: Storage space? Ease of configuration? Cost per MB/GB? Level of tech support? Below is a list of criteria that I use when reviewing not just backup providers but all software purchases and deployment.

Why online backups?

Hardware and media fail: (external drives, tape, CD’s, flash drives, etc.). If not now, they will sometime in the future. Or you will outgrow the capacity of your media.
Set it and forget it!: No matter what people tell me, as I talk to “solo-preneurs” and small business owners about backup, remembering to schedule backups or change backup media can be a problem. Online backup resolves both of those issues. With online backups scheduled and no media (tapes, CD’s, external hard drives, etc.), the computer needs only to be turned on. Let me repeat that, “With online backups scheduled and no media, the computer needs only to be turned on”! If this is still a problem, some online backup programs will do real-time backups.
Disaster recovery: One of the primary business concerns after hurricane Katrina was how fast a business could get back in action after so much devastation and loss. We know that with a total loss of all business data, customer lists, inventories, etc., many businesses are unable to recover and rebuild. They don’t fail; they die. Data stored in the “cloud”, i.e. online, ensures that business records are not lost, giving businesses a running start to resume. A disaster plan combining either cloud-based applications or backup images for bare metal restore, can mean the difference for a business in a crisis situation being back in operation within days or in some cases hours.
Redundancy: I like using both physical backups, images, and online backups to provide continuous updating of business data because business disasters can come quickly and in many forms, ranging from server failures, fires, floods, or theft. With imaging, a server now can be physically rebuilt in a matter of hours as opposed to days with online restores providing additional data as needed.

Considerations

Internet Failure: In my most paranoid moments I fear that the Internet will be inaccessible, in which case all Internet-based computing solutions will be unavailable. Many assure me that in this day and age the Internet back bone is most stable and secure. Most disaster preparation plans call for three days self-sufficiency while local and governmental disaster response teams evaluate the overall situation. I suggest that telephone, electrical, water, waste, and Internet services could be affected during that time period as well.
Availability and Security: There are two issues concerning database storage: What level of redundancy has the vendor built into their system and where are the data stored? Online backup requires data storage centers that house servers; there must be a system for duplicating the same data between centers and facilitate seamless user access from one or more centers at the same time.Consideration needs to be given as to where those data centers are located and whose data is stored next to yours. On an international scale, various countries have grave concerns if their data are stored in or near an enemy nation and there has been some concern about the physical security of storage facilities located at sea. You might be concerned if your competitor’s data is stored next to yours or whether the storage facility’s level of encryption complies with HIPPA, Sarbanes-Oxley, or other security requirements.
Latency: The time needed to upload large amounts of data can actually take days for a complete backup. This latency is adequate for disaster recovery to ensure no data is lost but the time delay is not suitable for the complete rebuilding of a physical server. To compensate some vendors will allow users to send physical copies of data to resolve the time needed for a complete backup or some vendors will send (next day express) a physical copy of backup data if a complete rebuild of a server is needed.

BNS Online backup criteria:

Simplicity/User interface: My primary concerns are
- How easy is the backup agent (program) to install?
- How much space does it takes up on the hard drive?
- How easy is it to configure and schedule a backup?
- What is the performance impact on computer (Does it slow down your computer?); this is particularly true for real time backups?
- Many online backup services have a risk free trial period which I recommend as a way to answer these initial questions.
Storage capacity and cost: Online backup/storage services operate on a subscription basis with a monthly charge based on the amount of storage, usually with a base minimum of 5 -10 GB. The introductory minimum is always quite inviting from a cost point of view but be clear about how much data needs to be backed up. The more data you store, the more expensive; not to mention the amount of time to complete the initial backup.
What needs to be backed up?: SQL? Exchange? Laptop? For businesses that need to back up database files, the mail server, specialty business applications, Linux files, or Mac computers: make sure that the vendor’s software for backup and data restore is adequate for your use.
Vendor reliability: comes in two forms: Does the company have a good reputation? Find out not only how long they have been in business, but also look at their list awards and articles related to their success. Read those articles not just for accolades! Quite often those articles will also provide a comparison with other service providers as well as “pros” and “cons”.The second level of provider reliability is availability or up time: Do they make a statement or offer a “service level” guarantee of availability, i.e. 99.5% up time? Do they have a plan for up time following a natural disaster?
Technical support: There are many players in the online backup/storage business. Besides the mentioned criteria, I make a pre-sales call to technical support to see how responsive, friendly, and helpful the company is. As Americans we make jokes about talking to tech support from India or the Philippines. Putting our prejudices aside, if you can’t understand the person, the response time is slow, or the tech support person doesn’t have a clue about the product (reading from a script); what is your first impression? The bottom line is: no matter what the price, can you depend on this company to protect the storage of your data?

Share and Enjoy:

Filed Under: Backup and Security, Backup Software, Maintenance Plans Tagged With: backup, Basics, BNS Services, Busines networking, computer maintenance, data backup, Disaster Recovery, IT support, Maintenance Plans, Network Maintenance, small business

Whose Network is it anyway? Notes for business owners.

January 7, 2010 By Phill Briscoe

It is a good practice for business owners to outsource technical support to keep their minds focused on their primary responsibilities. Outsourcing saves not only time and money but also provides valuable expertise not necessarily available in-house… so good technology support should be your trusted technology advisor.

Every business owner should take the time to understand the fundamentals of his/her computer network; after all, whose network is it anyway?

1. Know your passwords: Passwords are the first line of defense against external and internal intrusion into your computers or network, and a lot has been written regarding the security aspects of using passwords. Passwords to computers, servers, and network devices are the keys to your critical business information and the security of your network but if your office manager becomes sick or leaves, do you still have access to your QuickBooks database, client list, inventory list, pending projects, etc? Who knows this information? Your office manager? Your tech support? Do you? The time spent discovering the password to the accountant’s workstation or finding device information for a new technical support person is money wasted. You should make it your business to know all of the passwords to access critical information and devices on your network.

2. How to properly start and restart your server: I received a call several weeks ago from a client requesting the password to restart a server that had shut down after the building lost power. I gave him the password but suggested that to turn on the server he needed only to push the button. A lot of network administrators don’t like the idea of someone on site having administrative access to the server but they can’t be available all of the time, sometimes starting or restarting a server or workstation is the solution to a problem. Do you know how to safely shutdown, restart, or start your server? This can save you time and money.

3. Add or disable a user: When that disgruntled employee walks off the job, how quickly can you disable that person’s user account and deny him/her access to your network? If you have to call your tech support person to do this task, you are not only wasting money but you’re compromising the security of your network. The same holds true for new employees. Add them as you hire them to allow access to your network. Your tech support can make sure they have the correct security permissions after you make your call.

4. How to change a password: As that disgruntled worker walks out the door, how quickly can you change the password to your server? Computer passwords should be changed frequently to increase the security of your network. When was the last time you changed your password? Do you know how to change your password?

5. How to check to make sure your backup is running: You bought a new external hard drive and pushed the button to backup your computer and/or server. Now you can rest. How do you know that your backup is running properly? Is there a backup log or report? Are you checking that report daily to make sure that backups are running as scheduled? Is there a pattern of repeatedly missed backups?

6. How to restore a file from backup: OK, so now your backups are running daily but what happens if you need to restore a file? Being able to quickly restore an accidentally deleted file or folder saves you time and money; plus ‘test restores’ should be a standard part of network maintenance to ensure that the backup is working beyond reviewing log files.

7. How to check if your antivirus is up to date: Not only should virus scans run on a regular schedule but business owners should know more than when the subscription is due. They should also know if the virus definitions are up to date.

8. How to run a virus scan: In addition, business owners and staff should know how to run a virus scan. This is particularly true for laptops. Increased mobility also means increased responsibility. If scans are scheduled to run at 3 am, it does no good if your laptop is shut down or asleep. Worse still is only running a scan when you suspect a file might be infected.

9. Is your system security up to date? Are you only relying on MS updates?: Updates are at the core of the security for your system (computer); antivirus and other applications build on this core. At first, many complained about Windows needing update patches, so Microsoft automated the critical level of this process; then people assumed that this would take care of the process. Although critical updates are automatically installed, there are other updates, including Office 2003/2007 application updates, driver updates, and other options that are not part of the critical update process. I have a policy of manually updating servers to control what and when updates are installed.

10. Could you start over again if you had to?:
Starting again is a little more than just having a plan; it is also an attitude. There are at least three components in planning that help with this attitude:

Do you have up to date network documentation for your existing site?
Does your tech planning for the future and/or disasters include a budget?
Does your recovery plan include where to start first? Who to call?

As business owners, we are always working to maintain our foothold while looking for that next step up. I don’t expect small business owners to be technology mavens but I do think that they should have a good functional understanding of their network.

Outsourced IT support may be the solution for your continued maintenance and growth but the final decisions are yours. With that in mind you should always keep your hand in maintaining a functional understanding of how your investment is protected. Because, as we come full circle, whose network is it anyway?

Share and Enjoy:

Filed Under: Network Maintenance Tagged With: Article, Basics, computer maintenance, Network Assessment, Network Maintenance, small business

Create a Password You Can Remember

December 21, 2009 By CoreyY Leave a Comment

Say you have the most secure system in the world. How do you keep it that way? Passwords not only keep your system secure, but can limit access to certain people, be it employees, technical support, or a specific member of your team, such as the accountant. Do you remember the passwords to your server, Quickbooks, etc? Do you change them regularly with secure passwords? While we all can relate to dreading the 30-60 day password change, there are techniques out there to help make the burden lighter. Wikihow gives helpful techniques on not only creating a secure password, but one you can remember too:

Wikihow – Create a Password you can Remember

Share and Enjoy: