Time for Windows Server 2003 End-Of-Life Plan

Windows 2003In previous posts, we’ve described the necessity to upgrade your Windows XP PCs to either Windows 7 or Windows 8.  Today, we are going to discuss the server side of the house.

Microsoft will stop supporting Server 2003 R2 on July 14, 2015.  I know a year can sound far away and over the horizon, but it isn’t – especially when it comes to servers.  A migration from one server to another can either take a few days or several weeks – depending on your infrastructure.   For example, migrating a file server from 2003 to 2008 is fairly straight forward – especially with the help of  Backup/Restore software like Backup Exec.  Backup Exec remembers things like file permissions, so we can backup your data from your old server, and then restore it to the new server.

If you have shared printers on your network, this part of the migration can be a bit more involved.  Not every printer manufacturer will support installing their printers in a 2008 64-bit environment – but we would investigate this for you before we begin the migration.  If your printers are not supported on a 2008 server, it may be time to upgrade those as well.

Support for Exchange 2003 server ended back in January 2008.  Exchange 2007 ‘mainstream support’ ended  April 2012, with extended support ending April 2017.  If you are still using Exchange 2003 or 2007, you should move to a new server immediately.  Custom Systems has done several migrations from 2003 to 2007, and up to Exchange 2010, so we have a clear path to follow.  We have also migrated a few clients from an on-site Exchange Server to Office 365 hosted email, depending on client need.

If you are using your servers to host applications, like Quickbooks or other third-party vendors, a migration from your old server to a new server gets more complicated.  We may need to get the software vendor involved in the process.  Make sure you have access to the latest version of your Applications before trying to move to a new server.  In some cases, we may even need to migrate to a new software product if the older product is no longer supported.

As always, and we would be happy to provide you with a free Network Assessment. Call or click today!

 

AZS-4Chase Reitter
Network Consultant
Chase.Reitter@CustomSystemsCorp.com

 

Change my password?

Password securityRecently, the Heartbleed OpenSSL hack has been spotlighted in the news.  OpenSSL is one of the most widely used forms of security protection/encryption on Internet sites.  The hack takes advantage of a bug in the still widely used 2012 version of OpenSSL.  It has caused panic because it has potentially allowed hackers to steal information, passwords in particular, from many sites.  In fact, it has been estimated that two-thirds of web servers have used or still use OpenSSL.  The web sites providers themselves can neutralize the threat from this hack by implementing some patching or an upgrade.  However, this hole in security has been around for two years now.  There is no way that any site that has used the 2012 version of OpenSSL can honestly say they were not hacked.  To be safe, it has been recommended by security experts (the ones who exposed this problem and many more) that we change all of our passwords on Internet sites and also change the way we manage our passwords.

Whether you are the consummate computer professional or completely computer illiterate, managing passwords can be a major task.  While the typical user will only be required to remember their personal passwords, the computer professional will most likely need to manage passwords to accounts that are not their own (i.e. service accounts, admin accounts, etc.).  Let’s face it, we all find passwords annoying.  In this day and age, we have passwords or pins for just about everything and managing them all can be a nightmare. Some of the tasks involved in managing passwords include:

  • Creating a secure password that meets different requirements like at least one capital letter, one lower case letter, one number, and/or one extended symbol.
  • Creating security questions for either password reset or second factor identification.
  • Remembering multiple passwords.
  • Changing passwords.  This now involves creating new passwords that meet the requirements and then remembering them.

Why do we have to have passwords?  Because they are the cheapest form of protection for our information.  In order to implement protection schemes that require pass-cards or biometrics (fingerprints) the cost to implement goes up drastically.  Who do you think your bank will pass the cost onto?

Thanks to the Heartbleed hack and other factors, now we know we need to change our passwords.  Here are some suggestions on the proper and improper ways to create our passwords:

  • As mentioned above, there are usually requirements to creating our passwords.  As a best practice, use all the requirements and more.  Do all of the following:
    • Include at least one capital letter.
    • Include at least one lower case letter.
    • Include at least one number.
    • Include at least one extended character.
    • Sometimes, the system does not recognize extended characters or numbers.  For those instances, use more of the other suggestions.
    • Do not use words.  Words can be cracked using a dictionary crack.  This goes for foreign language words as well.  If there is a dictionary crack for one language, then why not include others?  Also, they have already thought of spelling the words backwards.
    • Do not use patterns or repeating characters.  123456, ABCDEF, 112233, etc.  All of them are very bad ideas.
    • Do not be lazy.  Password1, qwerty, letmein are not good passwords.  In fact, they are considered some of the most common ones used.  These are the passwords comedians make jokes about.
    • Do not use personal information.  Names and the things in life that are important to you can be observed and guessed.  Thanks to social media, we give away a lot of this information freely.
    • Use longer passwords.  The longer the password, the harder it is to crack.  Each digit you add to a password makes it exponentially more difficult to crack.
    • In order to make a complex password easier to remember, use a pass phrase.  For instance, the password ‘d0N7$tnDuP’ is actually the phrase “Don’t Stand Up”.  This is a 10 character password that makes no sense on its own, but is easier to remember because of the phrase.  No, this is not one of my passwords.  Which brings up the next suggestion:
    • Use a password or phrase that has meaning to you and no one else.  One that is not easily recognizable in your daily life.  Don’t copy someone else’s.  It may not make sense to you and someone else knows it as well. Be as original as you can.

Besides from creating passwords, you need to properly manage them:

  • Do not use the same password for everything.  One suggestion for making it easier to remember many different passwords is to base them on a pattern only familiar to you.  For instance, using the passphrase above, we could make something like AMAd0N7ZON$tnDuP, FACEd0N7BOOK$tnDuP, TUMd0N7BLR$tnDuP, etc.  Again, be your own form of creative.
  • Change your passwords every once in a while.  Annoying, but more secure.  If a password was captured, you may change it before something bad happens.
  • There are applications that help you store passwords.  I am not saying whether you should or should not use them.  Just make sure you keep their functionality in mind.  If it is only on your phone, what happens if you lose your phone?  Is the application itself encrypted?  Is the application a piece of junk?
  • Is your password storage location easily accessible to others?  Yes, I have found peoples passwords under their keyboard.  In fact I have been to locations where people post their passwords on sticky notes on their monitors for everyone to see.

If you search the Internet, you will find many suggestions on the proper creation and managing of passwords.  Now is an important time to take them to heart.  One last thing: Do not leave the password blank!
AZS-3

 

 

Craig R. Kalty (CCIA, CCEE, CCA, MCITP:EA, MCITP:SA, VCP)
Sr. Network Consultant
Craig.Kalty@CustomSystemsCorp.com

 

 

 

© 2014 Custom Systems Corporation

Safety First in WordPress.org Blog

wordpresslogo

 

In my last blog, I eluded to a little mistake I made when I accidentally deleted an important page on our site. When I realized what I’d done I panicked a little… okay, maybe a little more than a little.  Of course panic wouldn’t help restore my page so I retraced my steps. My first stop was the Dashboard where I could click through to the page menu and review all of my pages. And there it was, right at the top of my page list – “deleted pages”. I clicked, restored, done. Whew!  Until that moment, I hadn’t even realized that WordPress.org kept this list of published, draft and deleted pages. Good to know.

In hindsight, I realize that was a pretty simple fix. And I think it’s reasonable to expect to have a few missteps and maybe a few accidentally deleted pages as you create your site. The point is, it’s not the end of the world.  There are a few safeguards built in to a WordPress.org site to help protect your site… and you.

One of those safeguards includes “versions”. Each time you update a page, the version before is kept as a backup.  Should you decide to return to a previous version of a page, all page revisions are saved. By looking back over the timeline, just click back to where you want to restore or view the html version of the previous revisions. Either way, you click the link to the associated page, click restore and save. Done.

Recently, I had to make changes to a new page on our site that involved an image linked to a downloadable PDF. No matter what I did, the image kept popping up above the page header, rather than below. I clicked back and forth, through my revisions and made some changes, until I found my mistake. I’ve only had to use this safety net a few times but was grateful for the time it saved.

What happens when there’s a more serious issue to your company’s site? I think it’s always best to be prepared. When you register your domain or website address and establish hosting, be sure your web hosting company will provide regular site back up. Do not assume it’s included in your package. Periodically, WordPress.org will provide software updates. If you’re using a customized template, it’s always a good idea to be sure a backup has been done prior to updating the software.  This is also true when updating any plug-ins you might be using on your site.

I want to be very clear that this discussion relates to a simple business site and not an Ecommerce site. No money or private information is shared on our site and so security risks and requirements are quite different.

LynnLynn McGinnis
Marketing Specialist
Lynn.McGinnis@CustomSystemsCorp.com

 

 

 

© Copyright Custom Systems Corporation 2014

Protecting Your Business from ne’er-do-wells

hackerIn the IT world, everything changes very rapidly.  Two of the fastest changing and hardest to keep up with are viruses and hackers.  Hackers are always out there, trying to find a new way to make you have a bad day.  Why?  I don’t know.  I’ve never understood it.  You work hard, trying to grow your business – improving your products every day, reaching out to new customers – while some jerk with nothing better to do is trying to tear it down.  Maybe it’s an Ethos thing, or maybe just jealousy; they can’t build anything productive, so they have to break something that someone else worked hard to create.  But I digress…

What We Can Do About It

Protecting your network starts with a firewall.  It is your first line of defense against attackers.  A firewall is most often a piece of hardware (like a Cisco ASA) that sits at the edge of your network, and is configured to only allow specific types of communication into your network.  It also separates the good traffic from the bad traffic.  Next is a web filter, like a Barracuda.  The web filter monitors internet traffic going in and out of your network. It can be configured to block hazardous websites, and known types of dangerous programs.  It can even be setup to only allow specific users access to the internet.  Next is your anti-virus.  Anti-virus is a program that runs on your PC and servers.  It has to be manually installed on every device on your network, and is usually centrally controlled by a server.  The anti-virus server can be setup on- or off-site, depending on your needs and the size of your network.

Do I really need all three?

Yes.  Think of it this way: If a hacker is like an arsonist, the firewall is the security guard outside the door, the web filter is a locked door, and anti-virus programs are the fire suppression and mop-up crew.  Although you may have anti-virus already, you are just putting out fires after they have already been started.   To really protect your network, you need the security guard – and the locked door.

 

AZS-4Chase Reitter
Network Consultant
Chase.Reitter@CustomSystemsCorp.com

 

 

 

© Copyright 2014 Custom Systems Corporation