|
|
December 5th, 2009
I am generally concerned with the use of very simple passwords that I come across regularly.
I recently ran a password cracking tool over all passwords in one workplace to get a feel for how secure their passwords were. The results were not ideal considering there were less than 70 staff.
- 19 passwords were found within 1 second;
- 40 within 30 seconds;
- 52 within 60 seconds;
- 55 within 3 minutes.
Passwords discovered (apart from the ones which were the users own name) included:
- abc123
- surfer
- thursday
- fuel01
- bulldogs
- password
- pink01
- gold65
- mushroom
And the list goes on. If you recognise any of these passwords as similar to your own, you should recognise why there is a need to make passwords a bit more secure. Sometimes the people with the extremely simple passwords have remote VPN access directly into the work network which is a massive security issue and puts the entire network at risk.
There are great security differences between a non-secure password (eg apple12) and a (more) secure password (ApP!e1@).
You need to make up a password you can remember. Use a pass-phrase to help, use a combination of upper and lower case, numbers and special characters. Use substitute characters, eg use 1 instead of i. If you normally have two numbers at the end of you password, randomly substitute the number’s special character, eg instead of 24, use @4 or 2$. I dont want to make this so hard you end up writing down your password and sticking it on your screen so you get it right as this kind of defeats the purpose.
An example of a strong complex password is M2dn@saR3x which could be remembered with the pass-phrase – “my two dogs names are spot and rex” or “M(y) 2 d(ogs) n(ames) @(re) s(pot) a(nd) R3x
Your password protects your IT, the longer and more complex the better. Security paranoid people recommend 20 characters or more but in reality, make sure they are a minimum of 8 characters long and as varied as possible and change them regularly (a few times per year or more often).
December 2nd, 2009
An alternative to expensive Microsoft server licences and higher hardware requirements is to use Linux as your server platform. Most server functions can easily be performed by free (yes free, really) Linux servers. This includes company firewalls, file and print servers, web servers, email servers, authentication, database servers, proxy servers, storage servers (such as Openfiler) etc. If it can be done on a server, more than likely, the function can be done for free with Linux. There are commercial Linux server releases such as Suse and Red Hat which are not free but these come with support etc. Most of the high end server manufacturers offer Linux out of the box (HP, IBM, Dell and others)
Most Linux servers have far smaller hardware requirements than Windows servers and will happily run on older hardware. Most of them also only have a terminal interface though rather than a nice graphical interface so configuration and maintenance can be difficult for staff familiar with Windows servers only. There are tools available to make configuration easier. Interaction with Windows PC’s is made possible with a system called SAMBA so the end user does not even realise their servers are not Windows.
If you find the idea of using something a bit unknown worries you, you may be interested to know that (according to a Wikipedia article), over 85% of the worlds super computers run Linux distribution of some description and the big movies studios all use Linux servers for movie production. A lot of web servers that serve you up your internet content (including this site) are also all hosted with Linux servers.
If you want to set up a free Linux server, stick with one of the main distributions such as OpenSuse, Ubuntu or Fedora to make sure you have a wide user base to draw support from. My development Linux server is Ubuntu running under VMWare.
December 2nd, 2009
Linux as an operating system is moving out of the server and IT geek arena into more mainstream user friendly graphical desktop versions. Ubuntu is one such Linux distribution that is more user focussed and comes ready to go with most office, internet, email and entertainment needs covered with pre-installed free software . Linux operating systems are free to use for either personal or commercial use and with only minimal training, most business PC users would be able to make the change without too many challenges. Ubuntu has a “release” every 6 months, usually in April and October of each year. Hardware support is generally good and with a little perseverance and web searching, a user can usually find that they can do anything on Linux that they could do on Windows. The real power of Linux though is not in its graphical environment but its underlying service power and ability to be controlled via a command line terminal session.
Usually though, MS Windows is supplied with most name brand PC’s so unless you have a compelling reason to buy white box generic PC’s with no software or you have a fundamental aversion to Microsoft, Windows will remain the operating system of choice for most small to medium enterprises.
Other commonly used Linux desktop releases include (but are certainly not limited to):
These are all based on one of the three distributions below:
If you want to give Linux a go, the best options are Ubuntu (Debian based), Fedora (Red Hat based) or OpenSuse (Slackware based). My personal preference is Ubuntu. These all come as easy to install and easy to use distributions packed with useful software. Once you get used to an underlying distribution, it is easier to stick with it, they each do some things differently. Most Linux installations are available as a “Live CD”which allows you to boot from a CD to try out Linux on your hardware without having to install it or you can dual boot with Windows if you have some unallocated space on your hard drive (you can make some with various boot CD disk partition tools if you dont have any).
November 25th, 2009
All computers require regular cleaning to maximise life and minimise problems. This is rarely done, often never in businesses.
In an ideal world, you would turn over 1/3 of your desktop and laptop fleet every year and with proper business grade hardware having a three year warranty, if it dies, it gets replaced. Some people are lucky enough to live in this technology nirvana however the rest of us are not so fortunate. Small businesses often hold on to computer hardware for at least 5-6 years before it dies and they are forced to replace it.
If you want to get the most from your IT investment, why would you not look after it? You have your car serviced, your lawns mowed, your windows cleaned but not your computers (well not the insides anyway). Regular cleaning can greatly improve the life and performance of IT equipment. Due to their nature and a high level of static electricity, computers attract dust which collects inside the cases. Fans and heat sinks are very likely to collect dust. Dust buildup reduces airflow through the case and acts as a blanket for the sensitive electronic components. Hotter equipment will use more electricity as fans will run faster to try to keep components cool and the combination of heat and dust can and will cause premature failure of PC equipment.
The biggest issue with this is successfully cleaning computers in offices. Vaccuum cleaners cannot be used due to static discharge being more risky than the dust. The only really good way to clean computers out internally is with compressed air (proper compressed air from a compressor, not a little can of aerosol “air”). This should be done every 6-12 months to keep systems cool but needs to be a dust free solution in an office. It is not practical to carry every computer outside to clean them, especially from the 21st floor of an office building so I am currently developing a portable cleaning system that can properly clean computer internals onsite without releasing the dust back into the surrounding office. If you are doing this yourself, make sure you dont spin up fans with the compressed air. The high speed air flow can destroy fans in seconds from spinning too fast. They need to be prevented from spinning while being cleaned.
If I am coming to your home to help with your home PC or home theatre systems, let me know if you would like your PC cleaned at the same time at no extra charge.
Call me if this service is of interest on (+61) 0438534016 (Melbourne CBD and metro only, A/H or weekends if required, $15/Desktop PC, minimum 6 for dedicated visit)
October 18th, 2009
Most organisations should have an Intranet. I say most because a two person business running out of homes probably doesnt ‘need’ one but if you are employing people, especially in different locations, an Intranet can (and should) become an integral part of your internal business communications.
What is an Intranet? Think of it simply as a private website for your staff. You can have one just for you if you are just starting out, it can be a central repository of what defines your business and can grow with you. A Wiki is an excellent place to start as it is simple and quick to learn and use. Once the limitations of the Wiki are reached, the Wiki can still have a place in your business process documentation while the Intranet itself can be moved to a Web Content Management System
WordPress or Joomla make great platforms to build your Intranet (see the link above), they are free and very flexible and there are many free add-on/plugins for them to add functionality with no need to know any coding. Joomla has a steeper learning curve but ultimately is more powerful. If you have Windows servers, you could build your Intranet on Windows Sharepoint Services but the initial setup will be the hardest and the learning curve the steepest but the end result may be far more powerful. If you want the full Microsoft Office Sharepoint Server (MOSS), expect to pay for it, it is not at all cheap to buy, customise or maintain.
What can your Intranet do? An Intranet can do anything you want it to do. If you treat it like a consistent homepage only, then that is what it will become. If you limit yourself to not spending any money on it, you will reach a different level of usage, if you see it as the basis for all your company’s internal operations, then that is also what it will become. It is only limted by your imagination. Anything that can be done online can be done in an Intranet, often more as you have a more defined/controlled environment to work with. The Internet’s communications systems are very well designed to be efficient and therefore any remote users or remote offices will often benefit from improved performance with an Intranet based system as opposed to a traditional application. You can use your intranet for company news, internal blogs, documentation, centralised forms and documents, events calendars, discussion forums, training, managing projects, sharing internet links, Client Relationship Management (CRM), process automation (eg Leave applications), testing future web sites etc. (and more).
Your Intranet can be as flashy or as understated as you like but it should reflect your businesses culture and values honestly. Often an Intranet is modelled on the company web site but this is not always a good thing, your staff (internal customers) have very different needs than your external clients. Your staff should be able to contribute easily, either directly or through a few known content Editors. If you make it an integral part your busines, something that has to be used by everyone everyday, it will then be able to become even more. There is nothing more demoralising for staff than a static intranet that is not useful or used for anything that is forced on staff as their browser homepage that has not been updated since it was created, often many years ago where a fresh, relevant and changing Intranet gives a feeling that things are happening in the business.
October 18th, 2009
Regular backups are very important for anyone, especially businesses. While a home user may lose some music or photos if their backups are not up to date, a business may lose invoices, orders, emails etc which cannot be replaced and may have a long term effect on the business.
You really cannot go too far with backups, depending on your risk profile and budget, your backups may be a simple file copy once per day or real time backups pushed to multiple locations. Obviously the more you do the more it will cost but the lower the risk of data loss if something happens.
Before I go into the options, don’t think that it wont happen. It will. Hardware fails, computers die, laptops get dropped or stolen, power spikes occur etc. If you go into this expecting the worst, you are usually in better shape when it happens than those who are not ready for it. Once you have had a significant failure and your backups are not good enough, you tend to take it more seriously in the future.
* Hard Drive Backups
As a bare minimum, and I mean bare minimum, a portable hard drive is a cheap and convenient option to back up your data from one or more locations. It can be a bit manual and does require some discipline but is much easier than burning to CD/DVD. Many come with backup tools but having seen some of them in action, I recommend using a simple backup script to maintain full control over the backup process. Windows (from Vista onwards) ships with a utility called Robocopy which, while small, is one of the best free applications ever to come out of Microsoft. Older versions of Windows can also use it but it needs to be downloaded as part of the Windows 2000 or Windows XP “Resource Kit”. To use it, simply create a folder (call it “scripts”) and create a blank text file, call it “backup.bat”. If you have Windows XP or earlier, you need to put the robocopy.exe file into the same folder. You need to edit backup.bat (right click and edit or it will try to run it). The way you use it is to call robocopy, give it a source location and a destination location and tell it what you want it to do, one command per line. eg robocopy “c:\email” “f:\email” /MIR will use robocopy to “MIRror” the c:\email folder to f:\email assuming that your portable hard drive is allocated drive F:. The /MIR or “mirror” option will delete target files if they no longer exist in the source. This is useful to ensure your backup drive doesnt grow bigger than your data drive but you run the risk of data being lost if the source file get accidently deleted then a backup is run. A better option for a portable hard drive is to have two backups pushed to it, one with the /MIR switch to mirror it and one without which will copy changed files and new files but will not delete anything.
Other Robocopy options can make your backups work better or be a bit more flexible. eg
- robocopy “source folder” “destination folder” /MIR /w:2 /r:2 will wait for two seconds (/w:2) and retry twice (/r:1) if a file is in use and cannot be copied. The defaults are wait 30 seconds and retry 1,000,000 times which will not always be useful.
- robocopy “source folder” “destination folder” /S /log:logfile.txt will copy from the source to the destination including subdirectories (/S) (but not empty subdirectories use “/E” if you want empty subdirectories as well) and will log everything it does to logfile.txt
- robocopy “source folder” “destination folder” /S /XF *.txt *.tmp will copy but will exclude files (/XF) that end with “txt” or “tmp”
Other useful switches are /XD (eXclude Directory), /MOVE (MOVE files and folders, ie delete from source after copying) and /PURGE (delete destination files that no longer exist in the source – used with /E has same effect as /MIR)
A full list of Robocopy options can be found by opening a command prompt and typing “robocopy /?”
The next step up from a USB/eSATA hard drive for disk based backups is a NAS (Network Attached Storage) device. This can be a single drive like the USB connected on or can be a RAID array connecting via NAS, FTP, iSCSI etc depending on your needs and budget. Openfiler can convert pretty much any hardware to a NAS device that Robocopy or another backup system can access for backup storage.
* CD/DVD backups
If you need or want archives of your data for long term storage, DVD backups are cheap and relatively reliable (CD’s as well but since DVD burners and blank DVD’s are so cheap, there is little point persevering with CD’s). A standard blank DVD holds 4.3GB of data which should cover most of your important stuff (documents and emails) for some time. They take up very little space and are readily readable. They do, however, require more work to create, the process cannot be as automated. DVD burning software like Infrarecorder is required (most DVD burners and PC’s will come with some form of burning software which will usually suffice). You will need to know where your data is stored and how much space it takes up.
* Tape Backups
If you have a lot of data and need archiving, the most cost effective solution is a tape backup unit. They are relatively expensive to buy but in Dollars per Megabyte, they are very cheap. The tapes are also very portable which makes it easy for you to transport your data if required (having the most recent tape in your bag each night is better than leaving your tapes onsite if there is a fire!). Tape drives run from a few hundred dollars for slow DAT format tape drives which will do 20GB or so, up to a few thousand for a high speed LTO 4 format tape drive that can hold over 1000GB of data on a single tape (the tapes are more expensive too). They also go much, much higher than this if you decide to opt for a tape library where the backups can span multiple tapes and tape changes are done automatically but I am not going to go into Enterprise class tape libraries here. My rule of thumb is to calculate the storage space you need now, at least triple it and buy a tape system accordingly. While it is possible, I strongly recommend ensuring that your backups dont run longer than a single tape over the lifespan of the tape unit and tapes (you should be able to assume that a DAT drive will last at least 3 years and LTO 4-5 years, the tapes will last longer than this).
* Offsite Backups
There are a number of backup services which, for a fee, provide a quantity of space on the internet where you can upload your files to keep a copy offiste where you can access them as you need them. While they are generally considered reasonably secure, if you are uploading sensitive information, your data should be secured before uploading. Zip archives can be secured with powerful encryption, 7Zip has this functionality built in, simply select the encryption option and put in a secure password and the file will be both compressed (for easier upload) and securely password protected.
October 18th, 2009
While most people have heard of Winzip compression software, many don’t realise that you are supposed to pay for it.
Compression software allows you to a number of things:
- package multiple files into a single file to make it easier to send to someone (via email, the web or disc).
- Chop up a single large file into multiple smaller files for easier transport that can be easily put back together again
- Compress files so they take up less space (for emailing or archiving)
- Secure files when used with encryption (most compression software supports some level of encryption)
7Zip is a free open source alternative to commercial compression tools that can read and open most archive formats as well as create “.zip” files and also use its own native open protocol compression format, “.7z” which is more efficient than “.zip”. It supports virtually uncrackable 256bit AES encyption. 7zip can be downloaded from http://www.7-zip.org/ in both 32bit and native 64bit versions. It integrates into the “right click” menu in Windows allowing files to be compressed and uncompressed easily. It can also be accessed programmatically allowing scripts to compress or decompress files automatically (I often use it from a VBScript to compress web server logs and SQL Server backup files to minimise space)
September 18th, 2009
GIMP is an acronym for GNU Image Manipulation Program and is a free open source alternative to most photo or image manipulation software, eg Adobe Photoshop. While it is not quite as full featured as Photoshop, it is close. It is not as polished either but as Photoshop costs over $1000 and some places end up with pirated copies. The fact that GIMP is free and powerful enough for pretty much any business need makes it very worthwhile.
There is a large online user community who maintain tutorials and provide tips and support and extensive documentation.
GIMP is available for any platform.
GIMP can be downloaded from http://www.gimp.org/. Please note that the GIMP project does not officially release Windows or Mac versions, these are managed separately (and updated just as fast). Windows here, Mac here.
September 18th, 2009
A Wiki is something no business should be without.
Wikis (best known in reference to Wikipedia.org) are a simple and fast solution for storing knowledge. The idea is that anyone can edit the information using a set of simple commands to mark up the content rather than needing to know HTML. Mediawiki is the engine behind Wikipedia and is a free and open source web content management system. The code is PHP with a MySQL database so can be set up on any platform (I have set up wiki’s on Windows and Linux without any issues).
A Wiki makes a very good Intranet platform but is better suited to documentation (or a documentation component to enhance an existing intranet) as its layout options are limited (to pretty much one option). Version control is easy (any changes can be rolled back) and users are tracked. A Wiki makes is so easy to quickly add notes, edit, update and create pages that it is no longer an inconvenience (as many people are probably aware, the first thing to fall behind when things get busy is documentation) to keep important documentation current.
To get a feel for how easy it is to “mark up” content for a Wiki, the MediaWiki help:formatiing page is a good place to start.
A Wiki is a centralised repository and can be easily backed up using the built in options in MySQL ensuring that you can keep it safe. By having it in one place that is well known and is also searchable (by its nature), new documentation is less likely to be put somewhere else (which makes it less useful). If this sounds like a strange thing to say, you have obviously not worked in SME IT where the documentation (that I have experienced personally) could be as little as 1 piece of A4 paper printed on both sides, may not have been updated on over 3 years, or may be in 5-6 different locations (electronic and physical or a combination) as each new IT manager moves in and decides to do it their own way.
September 10th, 2009
No user can be without VLC, the Video Lan Client, an open source free media player (yes, completely free).
Unlike pretty much any other media player, VLC can play almost any audio or video format (yes even Real, Quicktime and Flash FLV) straight away including DVD’s without requiring third party or commercial codec’s (to read various non-standard compression formats). Its interface is not quite as slick as the latest Windows Media Player, PowerDVD, Plex or iTunes but it is not trying to be, it just works. It will happily play direct from disc or file as well as digital streaming media (including DVB-T television). It can play VOB files (from ripped DVD’s), as well as the newer high definition formats such as M2TS and MKV files.
A useful side effect of installing VLC is the installation of an MPEG2 codec which will then allow Windows Media Player to play DVD’s.
Unfortunately the version for the iPad (still free) is not as stable as the version for normal PC’s. I have found that it crashes (locks up) quite regularly (every 6-8 minutes), far to often to be a useful media player when offline. Development for the iPad may not continue due to the iTunes store licencing requirements conflicting with the Open source GNU licence VLC is developed under.
It is available for Windows, Mac and Linux from http://www.videolan.org/
|
|
