Walt's Tech Blog

On the 'net, it's OK to be Paranoid

2007-02-10T09:43:00.000-05:00

I've been doing computer and network tech support for over 20 years. As you can imagine, things have changed quite a bit over 2 decades. Back in the 80's, computer security for PC based systems consisted of good old Norton Antivirus. Yes, there were viruses back in those days usually spread by infected floppy disks. My favorite one was the "stoned virus". Upon booting your computer the message would come up "Your computer is now stoned!". Considering the fact that a "big hair" rock band may have been playing on the boom box at the time of receiving this message, it was totally apropos.

Fast forward to 2007 and every business owner must be aware of the security risks inherent to participating on the Internet. Even the most novice hacker can gain access to tools that make it embarrassingly easy to mess with your computers if Internet best practices are not followed. The term "security" entails many aspects of your computing environment including Anti-virus and Anti-malware, email SPAM control, Firewalls, and operating system patch management. In this post, I will deal with attacks that come in through the Internet into one or more of your business computers.

The latest buzz in the security world is all about "botnets". There are literally millions of computers all over the globe that have been breeched by these bots. Once the bot establishes a home on your computer, it begins to use it for a variety of dirty deeds (done dirt cheap). These include sending spam email from your computer or even worse logging your keystrokes to get credit card numbers, bank passwords etc. Since your computer is on the Internet, the bot then "phones home" and sends this information to the nerdowell scumbags who want your money. The worse thing about all of this is that you can easily be infected and not even know it. You may notice a slight slowdown of your machine, but this can be chalked up to many things.

OK, now you are saying "OK Walt, what do I do to make sure I am not a bot harborer?". First we have to make sure your computers are not currently compromised and then we have to put safeguards in place to make sure that these bots are denied access to your computer.

It can be tricky to tell if your computer is infected or not. One quick check is to see what connections to the Internet are open on your computer. If your computer is either being accessed by a hacker or is publishing information to a parent site, it will have a connection on a specific "port" open on your computer. Think of a port as a possible door into your system. A tool that you can download to test this is TCPVIEW. This program will show all active ports on your system along with which ones are listening for a connection and which connections are already present. Once this program is run, it will usually list several open connections. Keep in mind however, that many or all of these might be totally legit. There are many programs installed on your system that try to auto update over the Internet which will show up as established connections. If you see many that cannot be linked to legitimate programs, it is definitely worth investigating further.

It is also a good idea to run a few malware scanning programs such as Adaware and Spybot Search and Destroy. These programs will scour your hard drive and memory for nasty bits of code that may be in use on a compromised system. Be sure to use the software's updating process before you run the scans to make sure that the software is fully aware of the newer infections that are floating about the Internet. If these scans indicate a high level of malware on your hard drive, in most cases it is easier to reload your computer from scratch rather than try to scrub off the nasties. The malware gets it's hooks way too far into the internals of the system software to effectively scrub the system and be confident that you got everything.

While it may be impossible to make any Internet connected computer 100% secure, there are precautions that should be implemented to minimize your risk:

Make sure you have up to date Antivirus software installed. It is important to make sure that the software is set to update itself with the signatures of known viruses. In addition, it is important to not let your antivirus software get too out of date. A version of Norton Antivirus from 2003 for example, will not do a great job of protecting your systems in 2007 even if it is still getting the virus definition updates regularly.

In addition to anti-virus protection, it is also a good idea to have anti-spyware software as well. Some vendors bundle these two functions into one product while others offer a distinct product to handle the Anti-spyware function. The version and update recommendation for anti-virus programs also apply to their anti-spyware counterparts.

Even if you only have one computer connected to your cable or DSL modem, it should be behind a NAT router. NAT stands for network address translation and is a way of hiding your computer's IP address from the Internet. If your computer's IP address cannot be accessed from the Internet, it makes it more difficult for hackers to find it. Most NAT routers have rudimentary firewalls built in which offers still another layer of security. If you in a situational that requires higher security, more robust firewalls can be deployed. These are separate pieces of hardware that tightly monitor traffic coming into and out of your network.

It is also a good idea to at least keep the Windows XP firewall enabled. Most Internet Security Suites offer their own firewalls which are more feature rich than the standard Windows version. If you choose to implement a third party firewall on your computer, make sure that the Windows one is disabled.

Finally, it is VERY iportant to make sure that updates are regularly applied to your computer. Microsoft comes out with critical Windows updates every second Tuesday of the month. Windows XP will allow you to set up the update process to occur automatically every day at a specified time. I would prefer however, that you let Windows download the updates and then give you control as to when they get applied. These options can be found in Control Panel / Automatic Updates. Along with Windows, it is important to keep other programs on your system updated as well. Microsoft Office and Adobe Acrobat for example, have been exploited in the past to allow bots to gain control of computers.

Vint Cerf, known as the father of the Internet (sorry Al Gore), has stated that up to 25% of all computers are currently infected by botnets. Other experts have estimated this number to be much higher. Follow the suggestions above to help ensure that your computers do not become "owned" by these Internet preditors.

Please feel free to contact me at quandtster@gmail.com if you have any comments and or questions. My company, Enterprise Micro Solutions, has been assisting businesses with IT management for 10 years.

Thanks for reading!

Confessions of a Podcast Junkie

2007-01-27T17:22:00.000-05:00

Hi, my name is Walt Quandt and I'm addicted to podcasts. It's getting to a point where I am losing touch with current events because I never listen to the broadcast news anymore. Part of my morning routine is to update my MP3 player with any new updates to my podcast subscription list, and that is mostly what I listen to as I'm driving between client sites on a daily basis.

If you don't know what a podcast is, it is a recorded show of some sort that you load onto your iPod or other MP3 player so you can listen to it whenever you want. These podcasts are produced by a wide variety of people from media professionals with full production studios to 15 year old teenagers recording into his or her computer with a $5 microphone. These "shows" are usually themed and the producers of these things are usually just people who are passionate about what they are podcasting about. In my case, I focus on tech stuff (of course), cycling, triathlon and business related topics (go to the end of this post for links). Whatever you are into, there are bound to be several podcasts available that focus on your interests as well.

Most Podcasters come out with a new show on a weekly basis but some offer new shows daily. Other podcasters have a less frequent publishing schedule. Did I mention that these things are free? I have been amazed at the quality of information that some of these podcasts provide about the subjects that I am interested in. I say "some" because like anything else, you have to sort through many of these until you find the gems that you want to listen to on a regular basis.

If you want to experiment with these things, here is the general process on how to find them, and get them on your player, ready to listen to.

If you have some sort of flavor of Apple iPod, you are in luck. Launch iTunes, go to the Podcast link, and then you can search for some podcasts by name, subject, author etc. Once you find the one(s) that look interesting, you can click on their subscribe button. This will cause iTunes to load the most current podcast from that source and store the "feed" for that podcast so that whenever a new one is published, it will automatically load on your iPod when you sync it up to your computer.

If you have another type of player, it can be a little more work, but still fairly straightforward. You can still use iTunes to find and subscribe to the podcasts, but since you do not have an iPod, it will not automatically transfer to your player. If you decide to go with iTunes anyway, you will have to manually perform the last step of getting the MP3 to your player. You can usually just use Windows Explorer to drag and drop them to the drive that is assigned to your MP3 player.
By default, the MP3 files will reside in My Documents/My Music/Itunes/Itunes Music/Podcasts.

You can also experiment with other podcast software such as Juice or Doppler. I think that these podcatchers allow you to specify a path to automatically copy the downloaded podcasts to. This will allow you to get some of the automatic update functionality of iTunes. There are also other Web sites that are devoted to podcasts such as Podcast Alley. You can search for and subscribe to the podcasts that you might be interested in on these sites as well.

Here are just a few of my favorite podcasts:

Cranky Geeks (Tech)
Security Now (Tech)
This Week in Tech (yep!)
In the Trenches (Tech)
Simply Stu (Triathlon)
Zen and the Art of Triathlon (Triathlon duh!)
Get Your Geek On (Triathlon)
The Fredcast (Cycling)
The Spokesman (Cycling)
Phedippidations (Running)
Burning 20 (Running / Travel)
The Strengthcast (Fitness)

As always, if you have any questions or comments, please email me at quandtster@gmail.com.

Thanks for reading and happy podcast listening!

Disaster Recovery Planning

2007-01-20T17:46:00.000-05:00

Every company that uses any type of computer system absolutely must have a disaster recovery strategy. In other words, a plan must be in place to protect valuable data and get critical computers back in operation in the event of an operational mistake, system failure or building disaster such as fire, flood, tornado... You get the picture. It is fairly common for modern hard drives to fail due to the number of moving parts and tight tolerances inherent in their design. Before we talk about tape drives, backup sets, offline storage etc, I would like you to answer a few questions:

In the event of a system failure on the computer(s) that hold(s) your company's critical data, how many hours of data can you afford to lose?

In other words, lets say that your main server crashed right now. It is determined that the main drive where your data "lives" is toast, totally unrecoverable. If your server is backing up at night and it's now 3:00 PM, you have at least 7 hours of data. This could represent Office document creation and edits as well as data entered into your accounting system. In some cases it could also mean unprocessed on-line orders and email. What does this mean to your company's ability to conduct business? For some of you, it might be simply an inconvenience and mean a few extra hours overtime for the receptionist/bookkeeper. For others, it could be disastrous.

The next question: Once your critical server has crashed, how many hours can you afford for it to be down?

Even if you have up to the minute backups, it still might take several hours to get the recovered server back to where it needs to be to function properly.

The answer to these 2 questions should pretty much shape your disaster recovery strategy. The most basic strategy that I employ for my small business customers is an automated backup to tape that occurs nightly. There is usually a 1-2 week rotation of tapes. The most recent backup is physically taken off-site by the person responsible for managing the backups. Under this scenario, the data loss exposure is up to a full day of data with a system rebuild cycle of about 4 hours.

For companies that cannot afford to lose up to a day's work, a more aggressive backup strategy can be employed. Software can be installed on critical servers that create a system "snapshot" several times during the day. These snapshots contain a complete image of everything on the server including OS, programs and data. In the event of system failure, once the server is ready from a hardware perspective, a "bare metal" restore can be performed from the latest image file. This process can get the server fully functional with a minimal loss of data in just a few hours. If a complete server is kept in reserve, ready to deploy when needed, the restore process can take a little as an hour. For organizations that simply cannot be down at all, a complete fail over server can be kept in a remote data center. Thus when the primary server fails, the backup server simply takes over.

In addition to server backups, some companies may want to look at what is stored on the computers that access the servers. If your company does not have a "all critical data belongs on the server" policy, it could be very possible that valuable data is being stored on some of the local C: drives that make up the network. In that case, part of the backup strategy must include the client workstations as well.

A final point (and this is a very important one) is that periodic confidence tests must be performed to make sure that the data on the backup media can indeed be restored. A flawless, well though out backup strategy is of no use if the data cannot be restored when needed. A confidence test is a kind of a dry run restore to make sure the data will be recoverable.

I tried to cover some of the most important considerations when it comes to a disaster recovery plan in this post. Since a whole book could be written on the subject, I have just scratched the surface. If you would like some assistance planning your strategy please contact me:

quandtster@gmail.com

Have you checked your UPS lately?

2007-01-15T14:24:00.000-05:00

I'm located in Michigan and last night we had a bit of an ice storm. There I was at 3:00 AM, working on my web site when the lights when out in an instant. My home office is in Suite B (the basement) so for a very short time, I felt what it was like to be sightless. I managed to stumble over some sort of large plastic toy and then trip over the couch before I stammered upstairs into at least enough light to find a flashlight. I was all geeked up on Red Bull, Monster and Coffee from the prior evening so I still could not sleep upon finding my bedroom. I fully expected that my phone would be going ballistic the next morning with client calls due to hard drive failures and other power related maladies.

This brings me to my topic. When I talk about a UPS, I don't mean United Parcel Service. As cool as those guys look in their dress browns, I'm talking about Uninterrubtable Power Supplies. These are basically battery units that your computer should be plugged into to protect against power "events" that could damage your computer equipment. These include power surges, brownouts and power failures.

All of my clients have UPS units that protect their servers. Some have units that protect the client workstations as well but many business owners balk at this extra expense. My recommendation is that every device that participates in the network should be plugged into a UPS. This includes servers, workstations, switches and Internet equipment. This also applies to both home based businesses and larger companies alike.

These units come with software that can monitor the power coming out of the socket and make sure it is clean power. If the UPS detects that utility power is absent and the battery is almost drained, it will shut down the operating system (Some flavor of Windows in most cases) and power the equipment down. This is so much better than a sudden "dirty" power failure that brings the machine down to it's knees before it has a chance to do proper housecleaning. Such an abrubt downage can cause data corruption because the machine never gets a chance to finalize open system and data files.

Make sure that the size of the UPS is suitable to the type of equipment that it is protecting. A file server with dual power supplies and a 6 disk RAID array will drain power faster than a small form factor windows workstation and should have a more powerful UPS protecting it.

A final work of advice is to replace the battery cartridges at least once every 2 years and be sure to run the self test diags at least quarterly. Most units have a warning light that will notify you that the battery is bad. If you see that light, you probably waited too long to replace the battery and it should be done post haste. UPS systems are kinda like an insurance policy. You don't want to spend all of that money only for the thing not to save you the one time you really need it!

Oh yea, about the client calls... the only related problem was a corrupt boot sector that I was able to fix by using XP recovery console. I guess all of those UPSs are doing their jobs!

Please direct all correspondence to quandtster@gmail.com

Thanks for reading!