More retro home computing from our collective childhood. Manic Miner was without doubt one of the classic games for the ZX Spectrum. The joys of modern web browsers and Java allow you to relive your youth, for your lunch break at least.

     

Green computing is often be unhelpfully dismissed as the higher the cost, the greener the device. Now whilst that may sometimes be true, it fails to consider the wider implications of excess energy consumption and the likely short to medium term increasing cost of energy. Essentially the condensed version for your CEO is “saving energy = saving money!

Simple first steps

First and foremost, switch off devices that aren’t being used. Encourage users to switch off their local equipment when they leave the building.

Recycle isn’t always the answer

Recycling is a much vaunted tenet of the green movement; however for technology replacement may actually be greener than reuse. Always assuming, of course, that disposal is handled in an environmentally sensitive way.

Resist the urge to recycle that 3 year old workstation as a "cheap" server. Firstly the workstation will doubtless include a number of power consuming items that simply aren’t necessary for server usage. Secondly the video card will surely be very much over-spec for a server and a recent card could well be consuming over 100watts of power, whereas energy efficient Intel Xeon processors could be consuming as little as 50watts.

Consolidate Functionality

You’ve probably got a number of servers running with very low overall utilization. Run Performance Monitor to get a baseline for overall usage. If you’re seeing single digit percentage CPU usage, then the server is probably a prime candidate for virtualization. Putting several underused servers onto a single box with the magic of virtualization provides considerably more for each watt of power used. However do keep in mind that you’ve created a single point of hardware failure which should be carefully considered before proceeding.

Configure devices for efficiency

Ensure that you take advantage of any built-in power saving functionality. Most modern printers will enter a low power mode after a certain period of inactivity. Persuading users to only print where necessary will save even more power. Monitors can be configured to sleep when unused. While individually the savings from making these changes are quite small, they will quickly accumulate.

     

It might be back to school for the youngsters, but you're never to old to learn.  Give your users an educational shot in the arm with LunchBytes an ongoing series of tips and tricks to help them get the best out of the applications they use everyday.

     

It's a delightful tune that we haven't heard for years.  The satisfying squawking that signified a modem connection attempt.  Relive those days of 56K again with the 56K Modem Emulator.

     

Bandwidth is usually a scarce commodity which needs careful managing to maintain.  However there is always a demand on that finite resource, and never more than when there's a major streaming event such as the Olympics.  There are many ways to block or throttle bandwidth to specified sites, but most of these are expensive and almost certainly overkill for occasional usage.

For a simpler, cheaper solution why not investigate OpenDNS.  OpenDNS provides a host of management features including content filtering and specific domain blocking.  Customization is provided so if a page is blocked, the user receives a page that can include a custom message and your own company logo.

However the benefit of education cannot be overstated.  If you explain to users the potential bandwidth costs of various activities, they will generally alter their usage to accomodate.  Very few users intentionally perform actions that harm network performance.

     

Everyone's on vacation and you can be too!

In a small organization, finding cover for any department can be problematic. Often there is no obvious cover for the IT department. Yet, as much as anyone else, you need a break too. So how can you turn a paranoia fraught, stressed out week into a cool, calm, relaxed, and carefree vacation. Our top tips will show you the way.

1. Take a laptop

   Normally, everyone says don't take your work on vacation with you, and broadly we'd agree. However taking a laptop doesn't mean using a laptop and in the unlikely event that there is a problem you'll have the tools, hopefully, to fix it without cutting your vacation short. This mental safety net should help you to feel more relaxed about breaking ties with the office. Although if you're going somewhere really remote, then it might be connectivity more than computing power that is the real stumbling block.

2. Leave Notes

   There are certain events that are so common that you don't even consider them problems. That print server that crashes occasionally or the fact that when the label printer is rebooted the PC host needs rebooting too. Now, doubtless if you really had that much spare time you'd have spent it diagnosing the root cause of these issues but like so many you don't. This is no bad thing, spend time where it counts most. It's not just the smaller stuff either. Leave details of the location of your disaster recovery plan and associated documentation. Hopefully they won't need this in your absence, but you never know!

3. Wind down early

   Most people tend to wind down a little before their vacation, but you have a very good reason to do so. Now we're not advocating sitting on your hands for the whole week before you leave, but we are saying now isn't a good time to make really large and sweeping changes. Obviously if your scheduling is tip-top you'll have planned around vacation, but sometimes they creep up on the most organized of us. Besides, if all your major IT projects run bang on schedule, perhaps you should be writing this guide rather than us!

4. Rearrange scheduled tasks

   Having scheduled tasks, auto-updating anti-virus tools, auto-patching applications are all intended to make our lives easier. However, what if the unexpected happens? We certainly don't advocate disabling anti-virus updates whilst you're out of the office but it couldn't hurt to consider what might reasonably be disabled. For instance you could probably disable some third-party application updating. If you are running WSUS and auto approve updates, it might be a good time to re-evaluate that policy. Really anything you can do to minimise the likelihood of non-urgent changes being made that could cause issues. However be aware that taking this rule to the extreme could be counter-productive.

5. Vacation Cover

   Finding good ad-hoc help is difficult, but well worth the investment in time to find. There are a plethora of small firms that provide cover and outsourced IT, but not all are created equal. Plan well ahead and meet the people you'd be employing first. Ask them the sort of questions you get asked, get references for other companies they've assisted and follow them up. Effectively you're interviewing them, treat it that way. But be realistic; explain what you're looking for. Also don't expect it to be cheap.

     

Until two factor authentication becomes the norm, character strings will continue to be the primary way in which we ensure security. Therefore having strict policies and procedures in-place to manage passwords is essential. The diagram below graphically illustrates the relative security "values" of Windows Active Directory account types from lowest but most common at the bottom to highest at the peak.

LM Insecurity and Passphrases

There is a caveat however, if you are in a mixed environment that requires LM or NTLM authentication there is very little you can do against password cracking, widely available tools such as rainbow tables and the inherent insecurity make passwords vunerable.  If you are limited to 14 characters, then by all means use them as they are at least prevention against "shoulder surfing" attacks, but be aware that a determined individual with the tools and knowledge and access to your network will likely be able to break passwords.

NTLMv2 brings with it an increase in available password length to 128 characters.  Essentially you should be aiming for above 15 characters.  Passphrases are the recommended way of securing systems, they are as they sound simply a number of words strung together to form what is basically a long password, but easier to remember.

User Accounts

While they man be languishing at the bottom of our pyramid, user account security should not be overlooked. They may be relatively tightly locked down, but an attacker is looking for any opening. However generally users are quite ingenious when it comes to finding shortcuts to make their lives easier and passwords are just such an area. Overly restrictive minimum password lengths or complexities will encourage users to write then down passwords which only opens a larger hole.  Microsoft currently recommend the following default password policy :

• Enforce password history : 24
• Maximum password age : 42 (days)
• Minimum password age : 2 (days)
• Passwords must meet complexity requirements :
  • Password at least 6 characters
  • Password contains at least 3 of the following 5 categories :
    • Uppercase characters (A-Z)
    • Lowercase characters (a-z)
    • Numeric characters (0-9)
    • Non-alphanumeric characters (!"£$%^&*<>?@#)
    • Unicode characters
  • Password does not contain 3 or more characters from user's account name

We'd be happy to see a longer minimum password length, but you have to know your users and find a happy medium between security and memorability for them. If you make it too difficult they'll resort to sharing passwords and keeping them on post-it notes which isn't good for security.

Local Administrator Accounts

Local Administrator accounts should, as a rule of thumb, be given a strong password and disabled.

Domain Administrator accounts

We recommend a 14 character minimum (15 or more if NTLMv2 is available) password length, and maximum complexity.  Consider also locking out multiple login attempts.

Service Accounts

Service accounts are somewhat different in that you'll almost certainly never actually login using them. Because of the potential for problem, we'd recommend disabling any requirement to change these passwords. Simply set them up with a very long, 30 character is not unreasonable, password containing mixed case alpha-numeric and many non-alphanumeric characters. Make a note somewhere very secure, as it isn't a password you'll want to try and keep in your head. Although you would rely on the ability to use a domain or enterprise admin account to change it, knowing the password will certainly save you time in the event of a problem occuring.

Enterprise Administrator Account

In a well designed forest/domain this account will get used fairly infrequently after the initial setup has been completed. However given it's overarching power it should be treated carefully.   You should create a password with the maximum complexity possible and as long as you are comfortable with, certainly in excess of 15 characters and 30 or more would not be unreasonable.  Certainly it won't matter if you can't type it too quickly, as you'll never be doing so in the presence of prying eyes hopefully!

     

While pruning excess bookmarks might be deemed good housekeeping and therefore a productive activity.  However if that task uncovers the massive, but nonetheless enjoyable, timesink that is Desktop Tower Defense productivity might drop drastically.