It's a delightful tune that we haven't heard for years.  The satisfying squawking that signified a modem connection attempt.  Relive those days of 56K again with the 56K Modem Emulator.

     

Bandwidth is usually a scarce commodity which needs careful managing to maintain.  However there is always a demand on that finite resource, and never more than when there's a major streaming event such as the Olympics.  There are many ways to block or throttle bandwidth to specified sites, but most of these are expensive and almost certainly overkill for occasional usage.

For a simpler, cheaper solution why not investigate OpenDNS.  OpenDNS provides a host of management features including content filtering and specific domain blocking.  Customization is provided so if a page is blocked, the user receives a page that can include a custom message and your own company logo.

However the benefit of education cannot be overstated.  If you explain to users the potential bandwidth costs of various activities, they will generally alter their usage to accomodate.  Very few users intentionally perform actions that harm network performance.

     

Everyone's on vacation and you can be too!

In a small organization, finding cover for any department can be problematic. Often there is no obvious cover for the IT department. Yet, as much as anyone else, you need a break too. So how can you turn a paranoia fraught, stressed out week into a cool, calm, relaxed, and carefree vacation. Our top tips will show you the way.

1. Take a laptop

   Normally, everyone says don't take your work on vacation with you, and broadly we'd agree. However taking a laptop doesn't mean using a laptop and in the unlikely event that there is a problem you'll have the tools, hopefully, to fix it without cutting your vacation short. This mental safety net should help you to feel more relaxed about breaking ties with the office. Although if you're going somewhere really remote, then it might be connectivity more than computing power that is the real stumbling block.

2. Leave Notes

   There are certain events that are so common that you don't even consider them problems. That print server that crashes occasionally or the fact that when the label printer is rebooted the PC host needs rebooting too. Now, doubtless if you really had that much spare time you'd have spent it diagnosing the root cause of these issues but like so many you don't. This is no bad thing, spend time where it counts most. It's not just the smaller stuff either. Leave details of the location of your disaster recovery plan and associated documentation. Hopefully they won't need this in your absence, but you never know!

3. Wind down early

   Most people tend to wind down a little before their vacation, but you have a very good reason to do so. Now we're not advocating sitting on your hands for the whole week before you leave, but we are saying now isn't a good time to make really large and sweeping changes. Obviously if your scheduling is tip-top you'll have planned around vacation, but sometimes they creep up on the most organized of us. Besides, if all your major IT projects run bang on schedule, perhaps you should be writing this guide rather than us!

4. Rearrange scheduled tasks

   Having scheduled tasks, auto-updating anti-virus tools, auto-patching applications are all intended to make our lives easier. However, what if the unexpected happens? We certainly don't advocate disabling anti-virus updates whilst you're out of the office but it couldn't hurt to consider what might reasonably be disabled. For instance you could probably disable some third-party application updating. If you are running WSUS and auto approve updates, it might be a good time to re-evaluate that policy. Really anything you can do to minimise the likelihood of non-urgent changes being made that could cause issues. However be aware that taking this rule to the extreme could be counter-productive.

5. Vacation Cover

   Finding good ad-hoc help is difficult, but well worth the investment in time to find. There are a plethora of small firms that provide cover and outsourced IT, but not all are created equal. Plan well ahead and meet the people you'd be employing first. Ask them the sort of questions you get asked, get references for other companies they've assisted and follow them up. Effectively you're interviewing them, treat it that way. But be realistic; explain what you're looking for. Also don't expect it to be cheap.

     

Until two factor authentication becomes the norm, character strings will continue to be the primary way in which we ensure security. Therefore having strict policies and procedures in-place to manage passwords is essential. The diagram below graphically illustrates the relative security "values" of Windows Active Directory account types from lowest but most common at the bottom to highest at the peak.

LM Insecurity and Passphrases

There is a caveat however, if you are in a mixed environment that requires LM or NTLM authentication there is very little you can do against password cracking, widely available tools such as rainbow tables and the inherent insecurity make passwords vunerable.  If you are limited to 14 characters, then by all means use them as they are at least prevention against "shoulder surfing" attacks, but be aware that a determined individual with the tools and knowledge and access to your network will likely be able to break passwords.

NTLMv2 brings with it an increase in available password length to 128 characters.  Essentially you should be aiming for above 15 characters.  Passphrases are the recommended way of securing systems, they are as they sound simply a number of words strung together to form what is basically a long password, but easier to remember.

User Accounts

While they man be languishing at the bottom of our pyramid, user account security should not be overlooked. They may be relatively tightly locked down, but an attacker is looking for any opening. However generally users are quite ingenious when it comes to finding shortcuts to make their lives easier and passwords are just such an area. Overly restrictive minimum password lengths or complexities will encourage users to write then down passwords which only opens a larger hole.  Microsoft currently recommend the following default password policy :

• Enforce password history : 24
• Maximum password age : 42 (days)
• Minimum password age : 2 (days)
• Passwords must meet complexity requirements :
  • Password at least 6 characters
  • Password contains at least 3 of the following 5 categories :
    • Uppercase characters (A-Z)
    • Lowercase characters (a-z)
    • Numeric characters (0-9)
    • Non-alphanumeric characters (!"£$%^&*<>?@#)
    • Unicode characters
  • Password does not contain 3 or more characters from user's account name

We'd be happy to see a longer minimum password length, but you have to know your users and find a happy medium between security and memorability for them. If you make it too difficult they'll resort to sharing passwords and keeping them on post-it notes which isn't good for security.

Local Administrator Accounts

Local Administrator accounts should, as a rule of thumb, be given a strong password and disabled.

Domain Administrator accounts

We recommend a 14 character minimum (15 or more if NTLMv2 is available) password length, and maximum complexity.  Consider also locking out multiple login attempts.

Service Accounts

Service accounts are somewhat different in that you'll almost certainly never actually login using them. Because of the potential for problem, we'd recommend disabling any requirement to change these passwords. Simply set them up with a very long, 30 character is not unreasonable, password containing mixed case alpha-numeric and many non-alphanumeric characters. Make a note somewhere very secure, as it isn't a password you'll want to try and keep in your head. Although you would rely on the ability to use a domain or enterprise admin account to change it, knowing the password will certainly save you time in the event of a problem occuring.

Enterprise Administrator Account

In a well designed forest/domain this account will get used fairly infrequently after the initial setup has been completed. However given it's overarching power it should be treated carefully.   You should create a password with the maximum complexity possible and as long as you are comfortable with, certainly in excess of 15 characters and 30 or more would not be unreasonable.  Certainly it won't matter if you can't type it too quickly, as you'll never be doing so in the presence of prying eyes hopefully!

     

While pruning excess bookmarks might be deemed good housekeeping and therefore a productive activity.  However if that task uncovers the massive, but nonetheless enjoyable, timesink that is Desktop Tower Defense productivity might drop drastically.

     

With the recent charging of 11 individuals in a multinational case involving the theft of credit card information, now would be an excellent time to review your wireless security stategy.

No Wifi means no wireless security hole

The easiest way to ensure wireless security is simply to have no wifi.  Ask the question, do you need it?  Many wireless access points are used where a cable would be just as effective, almost certainly cheaper and definitely more secure.  However access points aren't the only source of wifi insecurity.  Any wifi enabled device can create an ad-hoc network, ensure your users are aware that they shouldn't connect to one.  If you can, ensure laptops are configured only to connect to access points only.

Also just because you believe you don't have any wifi, check your network carefully.  Far too often well meaning, but technically underinformed, users think they're doing you a favour by not bothering you and putting their own access point in the office.  Resist the urge to read them the riot act, but do take the opportunity to calmly explain why such an action isn't a good idea.

Minimize Leakage

If you must have wifi, then ensure you minimize signal leakage.  Many access points have omni-directional antennas, thankfully however many are removable.  Wherever possible, a directional antenna is preferable as you can maximize wifi coverage whilst minmizing signal leakage.  The best way to test signal coverage, other than wandering around with a laptop, is to use a handheld wifi detector.  Ensure the detector is capable of detecting the variety of 802.11x that your network utilizes.

Appropriate location within infrastructure

If the primary requirement for wifi usage is in communal areas, such as meeting rooms or conference rooms you many have the option to minmize the security risks by placing access points outside your internal LAN.  This will mean users can gain internet access, and visitors may be permitted to use the network with minimal fear of compromising network security.  Users wishing to access internal applications should use the connection as if it were any other unknown network, that is to use a VPN client.

Hardening Access Points

While not providing any security guarantees, best practise dicates their are several things you can do to minimise the potential for attacking wireless access points.

1. Disable SSID broadcasting
2. If possible, limit device access by MAC address
3. Require WPA as a minimum (Pre-Shared Keys are easy to setup, RADIUS provides more flexibility)

Some, usually SOHO type access points, have issues with combining MAC address blocking and hiding the device SSID.  If your device falls into this category, we'd say it's worth considering replacing it.

     

Photo Credit : Matt McGee

Cloud Computing or Software As A Service (SAAS)

We are always skeptical when new buzzwords appear in the IT lexicon, but to be fair these two have been around for some time now. We can reasonably consider them broadly as synonyms. There are real world solutions implemented and used by customer based on this theory. But are they the all conquering new world than some analysts would have us believe? Or is SAAS a one-trick pony that's far from maturity?

Salesforce.com

It often seems that any discussion of SAAS will enevitably use Salesforce.com as a case study. Could this be because they're the only effective SAAS show in town? Well they're certainly the highest profile player in the space, but not the only provider out there. We feel that although the market is relatively small and immature now, the potential upsides in terms of cost savings will drive other vendors into the field.

Management Anxiety

Moving to the cloud is not a pancea to cure all ills.  Management is often reluctant to give up their perceived control of systems.  They believe their ability to shout at the IT department because the CRM system is down gives them control, in reality it gives them only imagined piece of mind.  They can no more affect the outcome of a server outage onsite by pressuring internal employees than they can shouting down the phone at a vendor.  Either should be keen to resolve the problem as quickly as possible.  The temptation is to think that as a small customer, the vendor will be less concerned about you.  However any such downtime will doubtless be a problem for others too, so you gain safety in numbers. 

Persuasion by stealth

Concern about moving to the cloud can often be rationalized by examining the current level of usage. Do you use a webmail service? That's in the cloud. Do you use image hosting services? That's in the cloud too. These examples certainly aren't sufficient to allay all fears but it proves the theory at least. It will likely take many more years before some businesses are convinced that the cloud is sufficiently mature that they're willing to give up their core business data. Some simply may never.

Mark 2010 in your diary

With both Microsoft and SAP making moves into the SAAS space and many other large vendors following suit, we think you'll see the first fruits of their labour in 2010.

If you want to be ready, now is the time to look at what data you hold and how you use it.

De-couple early and de-couple often to be ready if the revolution comes your way.

     

If you have a problem, if no one else can help, and if you can find them, maybe you could try... USENET.

While there are many, many sources of information available today; Usenet remains one of the broadest. 

Try the USENET trivia challenge, if like us you got 100% then you've been around a long while (in internet years!)