Archive Monthly Archives: August 2015

Security Newsletter: The End for Server 2003

​Like Windows XP, Server 2003 was one of those ole' faithful systems that just ran great. Chances are you may even have a server in your office running Server 2003 and you don't even know it because you don't have to mess with it. But alas, the powers that be at Microsoft have decreed that July 2015 is the "End of Life" for Server 2003.


So what does End of Life mean?

It means that Microsoft will no longer provide support or security updates for Server 2003 starting in July. Your server will continue to run like it always has, just without the most recent updates.


So what does that have to do with you and your faithful server?

Really, two main things:

1.  Security.  As certain viruses and security vulnerabilities are discovered, Microsoft will release updates to it's Windows operating systems to protect them in the form of Windows Updates.  But starting in July, Server 2003 won't be getting those anymore.  For some, this is just a security risk.  For others, that are regulated by governing parties like HIPAA or ALTA, you could be in legal trouble for running Server 2003 after July.


2.  Scalability.  If you just use your Server 2003 server to share files, then after July it's going to keep on sharing files like it used to.  If you use your server to share a CRM database or Quickbooks and you want to update to the newest version, then you won't be able to put it on your old server.  New server software won't be compatible with Server 2003, mostly for the reasons listed above for security and these tech companies don't want to be liable


So what are my options then?


1.  Upgrade.  If you have a lot of specific needs that are being met by your server, then you probably just need to bite the bullet and get a Server 2012 server.  And that is going to be a full overhaul, new hardware and everything.  But if your business runs off this server, then it will be worth it


2.  Go to "the Cloud".  A lot of services are now available on the Cloud for a monthly subscription.  For cost purposes, it's usually very affordable until you get to a certain number of users.  Some people also understand that "the Cloud" is fancy terms for "my data on someone elses stuff" and have trust issues with that.  Both of those points are valid and worth considering which is why the Cloud isn't a good choice for everyone.


3.  Server alternatives.  I see a lot of folks get ready to throw down several thousand on a file server that's going to serve 5 people in an office and have only 20 GB of data on it.  I then recommend a network hard drive instead and save them a bundle.  There's tons of alternate solutions to a server, depending on your need and situation.


Should I be scared?

No, but you should be informed. And I love informing people. Let me know if I can help.

Continue reading

Security Newsletter: WordPress Sites

I’m not a web developer. Web sites are not my thing. But a common question I get asked is “Can I get a virus from a website”? And the answer is yes. A lot goes on in the background of a website to make it look pretty. And because of all those moving parts, hackers can sneak a virus in there and you and the owner of the website could never know. That’s why I encourage my customers to purchase an internet security suite that has some form of web agent that monitors web traffic.


That’s what the casual web surfer can do to protect themselves. The rest of this post is going out to the amateur web designers, specifically WordPress artists.


Why WordPress? Well, the numbers are in and WordPress takes up more then 23% of internet web sites. Now if you have a free wordpress.com site then you’re in the clear. For the same reason you can’t customize the html in a wordpress.com site, you’re also safe from getting a virus. Now if you have a hosted wordpress.org site then you could be at risk. If you believe your site has gotten a virus uploaded to it then try these steps:

  • Try a website antivirus. These guys have a great reputation if you’re willing to pay for it. https://sucuri.net/
  • Restore from a previous backup version of your website that you know is clean. If haven’t been backing up your website try this out… https://codex.wordpress.org/WordPress_Backups
  • Take a look at your files and their permissions. Download a fresh install of WordPress and extract it to another folder. Then compare those files and their permissions with your websites files and permissions. If you see anything that doesn’t add up then you might have found your virus.
  • Update your site to the latest version of WordPress. WordPress updates their software to be immune to known threats so you should be updating your site regularly to keep it secure.
  • Change your WordPress admin password and FTP password. Maybe you had a virus on your computer and that put your password in the hands of someone thats not you. Make sure you get your PC cleaned up first, but then go ahead and change those passwords.

I hope you found this helpful. If there are any true WordPress guru’s reading this feel free to post in the comments below any other tips or tricks you know of to keep WordPress secure. The safety of the internet is all of our responsibility.

Continue reading

Security Newsletter: People and Network Security

Let’s pretend for a second that in your office you have a network with computers and servers that your employees rely on to do their jobs. And it’s a secure network that runs like a swiss watch. You've got the latest expensive firewall, the best internet security suite, you always install the updates for your servers and workstations, you don't even use wireless, and you have a bunch of password and security policies built into your domain. You are the Great Wall of China to the hordes of hackers and viruses.


What could possibly go wrong?

A recent study showed that most cyber-attacks were made possible by the people who use the technology. A lot of consultants and engineers forget that the tightest network can be brought down by someone downloading music illegally from the office, or opening a personal email laced with a virus.


Here are a couple of the more common ways we can put a hole in the wall from the inside:


1. Password Management

A good password needs to be at least 8 characters and needs to be a mix of letters, numbers and characters. Password policies are great to enforce those standards and make sure the password is being changed every couple of months. But all of this does no good if the janitor can find your password under your keyboard!.


2. Going to Compromised Websites and Emails

 Going to sketchy websites and forums from the office can put things on the computer that are just as unsavory as the websites. Having content filtering in your firewall can block the websites you choose but it's never a sure bet. Better to have a talk with your people.


3. Music and Movie Downloads

Unless you’re downloading them from a very well-known site don’t do it. Those illegal music sites and video streaming sites where you can watch last night’s episode of “Arrow” without paying or watching ads could put something nasty on your computer.


4. Social Engineering

If someone calls you and starts asking for your passwords or other sensitive information, you should be paranoid. If you don’t know that person, don’t be afraid to make them confirm their identity. Make sure they are who they say they are and make sure they have a right to that information. That also goes for those guys who cold-call saying they’re Microsoft support and that you have a virus. If you didn’t request IT support, they shouldn’t be calling you out of the blue.


Having good security is great, and I highly encourage it. But nothing can replace educating and empowering people about the internet and technology. If you have any questions feel free to contact me, there are plenty of opportunities in the area to get educated for free.

Continue reading

Dell PC Security Alert

If you own a Dell PC or laptop you might want to keep reading. Dell offers a nifty tool called Dell System Detect from their support website. You install it and it scans your computer to tell you what drivers and software you need for your computer. Great right?


Well it was discovered not long ago that once you've installed that program and used it, it keeps running in the background even though it doesn't need to be for everyday use. And if you go to a website with "dell" anywhere in the name, hackers can remotely run scripts and programs on your computer to gather personal information or damage your computer. A group of tech's tested this and went to "notreallydell.com" and were able to open several programs on a computer with Dell System Detect on it.


Now within the last couple of months Dell has released a newer version of the program that fixes this issue. But if you have an older version of the software you're going to want to remove it.


If you want to see if you have it installed and then remove it, follow one of the links below for your version of Windows on how to uninstall a program:


Windows XP:

https://support.microsoft.com/en-us/kb/307895


Windows 7:

 http://windows.microsoft.com/en-us/windows/uninstall-change-program#uninstall-change-program=windows-7


Windows 8:

 http://windows.microsoft.com/en-us/windows-8/uninstall-change-program


Once you're at the list of programs you have installed, just look for Dell System Detect. If you see it click remove or uninstall. It won't impact the everyday use of your computer. If you're confused or have any questions feel free to get in touch with me at my contact page.

Continue reading

Security Newsletter: Email Edition

Email has become part of our lives, as much as morning coffee and putting down the toilet seat when you use the bathroom. Email has become the backbone of business communication and the favorite method of sharing stories with out of town family and pictures of your last vacation with friends. It's a convenient and instant method of communication.

Because of the prevelance of email, most people never consider that emails present a large risk that we need to navigate around. To someone who knows how to read network and internet traffic, sending an email is like sending a post card. Anyone can take a look inside.

That's why you should never send sensitve information(like financial information, passwords, or social security numbers) over email.

For situations that require secure email, there are options for encrypted email. But they are not free and they are not convenient. Which means that secure email is not available for everyone. And in my opinion email, as a system, will not be a success until secure email is free and easy enough for the general public.

That's why I've been following the guys over at ProtonMail. They're a group of people who feel the same way and are working to be the Gmail of secure email. You can go here to learn more and sign up for an account:

https://protonmail.ch/

They are still beta testing so you might need to wait for a little bit for an account of your own. But learn more about them and if you feel moved to do so, support them financially. People like this are making the internet a friendlier place, and like citizens who work to make their state or country better. We're all citizens of the internet and we all share that responsibility.

Continue reading

The Broken Manifesto

Technology breaks. Yeah, proper planning and good management helps your technology break less. But as long as technology is made by man, it's going to break.

But as I get older, I learn that broken things are just a part of life. Network connections break, car door handles break, and people break...to name a few. But I've also learned there are two types of brokenness, the kind that ruins you and the kind that makes you stronger. The funny thing is that regardless of what kind of situation you're in, you won't know until it's over what kind of brokenness you ended up with. So I thought since most IT professionals will end up having a critical emergency they need to fix at some point, I would give some pointers I've learned on how to fix things well.

This isn't a step by step instruction on how to troubleshoot, it's more like a manifesto for broken situations (which I'm sure applies to car door handles and people as well).


1. Be Empathetic

 Whether it's a quick fix by restarting the server, or it takes a day or two of running network diagnostics and wading through pages of errors in the Event Viewer. Remember, if it's important to your client then they expect it to be important to you.


2. Be Calm

Not only are you there to fix whatever is wrong, but you're there to ensure everyone that everything is going to be alright. Maybe they're just anxious, and maybe they're red hot mad but you can't afford to be. Because it's hard to have a cool head to troubleshoot with, when your emotions are all over the place.


3. Be Humble

 This is important. Because this shows that you understand that you were called to fix a problem, not show how awesome you are. Humility means that you get the problem fixed, no matter what! Even if it means admitting that you need to bring someone else in who's more knowledgeable in a certain area then you. Which leads me to...


4. Be Teachable

You can't be teachable if you're not humble. But as much as this whole process might have sucked, the take away might be that you learned something. Maybe you learned that a process you were using was wrong or outdated. Maybe you learned something about your customer's system you wouldn't have known otherwise.


5. Communicate

Part of why people get so freaked out when their technology breaks is because they feel out of control. While you're working, if you take a little time to keep them informed on what you've found and where you are. Then that can help them feel like they've regained a little control and strengthen their trust in you.


No one likes it when things don't go according to plan. Especially when that involves time and data loss for your customer. But it is possible to redeem those situations. If, at the end of it all, you can emerge a better technician and you prove yourself more trustworthy to your customer. Then you both have won. Broken things are a part of the job, heck they're a part of life. Might as well embrace it now...

Continue reading