How to Be Secure When Using Free-Wi-Fi

beach laptopMany of us who travel from time to time for work or with family, will want to connect to a free public Wi-Fi while waiting for a plane or train or even having a cup of coffee. When connecting to these open networks you need to make sure to keep your data secure. Here are a few tips to help do that.

 

 

  • Make sure the network you are connecting to is real. Ask a staff member at your location if the Wi-Fi name you see is correct. It is very easy for a hacker to create a fake network and intercept all of your data and key strokes.
  • You should also make sure to choose Public as the type of connection on your computer. Turn file and print sharing to off and to have your firewall turned on.
  • My favorite trick, which is not possible for everyone, is to connect to a VPN. This trick used to be much more prevalent but with the introduction and rise of split DNS, this trick does not work as well. Depending on your VPN connection, this works because a secure tunnel is created between you and your home office. All data that is sent and received is done so though your corporate firewall to help make your browsing safer. This of course will not be true if your company is using split DNS.
  • A simple trick to help protect you is to make sure you keep your computer updated with the latest security patches. This is something that should be done regularly anyway and is just one of many steps that should be taken to protect your data.
  • Another great trick is to use HTTPS to make sure your browsing is secured. Since not all sites use this protocol, you can download a simple extension to Chrome or Firefox called HTTPS Everywhere that will force all web pages to become secure.
  • One final way to help protect yourself, is to enable two-factor authentication. Most web sites that require logins have this feature. There are many programs that can be used to accomplish this as well.

Just remember to stay safe when browsing and to never check bank accounts or credit cards over insecure networks. As always, please post your comments and questions below or email me directly.

 

Ryan Ash

 

Ryan Ash
Network Consultant
ryan.ash@customsystems.com

 

 

 

©Custom Systems Corporation 2015

 

Intermediate Certificates: Installing Certs on a NetScaler Part 2

In part 1, we went over the installation process for a certificate. Now that we have our base certificate installed, we need to get the Intermediate certificate installed. Some certificate providers offer the ability to download your certificate, any Root certificate, and the Intermediate certificate in one bundle. For those providers, you will need to look up their instructions on how to utilize a bundle such as that. The NetScaler will work with certificate bundles and the results may be quicker. However, we are going to continue on as if you did not have the option for a certificate bundle and now need to install the Intermediate certificate.

The very first thing you will need to do is to download the correct Intermediate certificate from you provider. Most certificate providers keep their Intermediate certificate download links in their support site. Because there are many different types of certificates (basic, wildcard, multi-domain, etc.), you need to download the Intermediate certificate that matches your certificate type. Once you have the Intermediate certificate, here are the steps to installing it:

  1. Install the certificate received from the provider (Configuration → Traffic Management → SSL → Certificates → Install):
    Netscaler B1
  2. Still on the certificates page, select the original certificate (the one you are getting the Intermediate for). Under the ‘Action’ options, choose ‘Link’:
    Netscaler B3
  3. From the list of certificates shown, select the Intermediate certificate.

That is all it takes. You can now check your certificate status with a certificate checker tool (the cert provider usually has one to utilize). You should not see any issues pertaining to an Intermediate certificate. Going back to the example given in a previous blog, you can now try to connect the devices that had issue connecting to the provided certificate alone.

The example given in the blogs for installing a certificate and Intermediate certificate were shown through the GUI. The GUI is translated to command line syntax when it is executed. Therefore, if you would like, you can install certificates from a commend line. We will not go into detail on this procedure, but the basic command lines for it are ‘add ssl certkey’ and ‘link ssl certkey’. Look up those commands should you wish to do everything from command line.

Please post your comments or questions below. You can also reach me directly by email.

AZS-3

 

 

Craig R. Kalty (CCIA, CCEE, CCA, MCITP:EA, MCITP:SA, VCP)|
Sr. Network Consultant
craig.kalty@customsystems.com

 

 

 

©2015 Custom Systems Corporation

End-of-Year IT Tasks

time to plan Ivelin RadkovIn a previous blog, we discussed how the calendar end-of-the year can be different for IT than the rest of the year. Because of a possible fiscal year-end, possible higher resource utilization, less staff due to holiday vacations and other factors, IT operations and procedures shift or change. So, let’s discuss some of the tasks IT people need to do to prepare for the end-of-year and the start of the next:

  • Backup – We all knew this would be on the list and should probably hold a very high priority, so it is first on the list. We need to have a backup of the data at the year’s end. Unless you want one, you probably do not need a systems backup, only data. Our daily and weekly backups will take care of system state backups. What we do want is a complete backup of all data as it looked at the end-of-year. This backup will go somewhere safe. Odds are we will never need it, but we will have it just in case. In some cases, accounting and finance may need to utilize that backup to make sure they only have the previous year’s data without any from the current year.
  • Lock Production – For all the reasons mentioned earlier and other reasons that drive company policy, production systems usually get locked until the end of the year. Only emergency alterations are allowed to production.
  • Increase Support – Many companies are busiest during the holiday season. They are most likely the ones that have production locks. Being busier will increase IT support needs.
  • Increase Operations – Those busy organizations may need an increase in operations to support the increase in business. IT will have to pay closer attention to utilization and daily operations.
  • Staff Alterations – Due to higher vacation utilization at end-of-year, we may also be running on a smaller staff. There will be changes in support coverage and shift operations.
  • Enhance Development – If production is locked, that does not mean we can’t touch the development environment (unless doing so will affect production). This could be a good time to update, clean, or just plain continue work in the development environment.
  • Update Applications – Wait… Didn’t we say production was going to be locked? Well this may be one of those cases where we have no choice. There are software packages that require year-end updates or they will not have the functionality needed to operate properly. For example, accounting and payroll may need updates to tax tables for the next year.
  • Budget – At this point, the previous year’s budget should be gone or close to it. In these last few weeks, you can finalize the budget estimates for the next year. If you had not started on this yet, now may be a good time to start.
  • Reporting – Many business units are going to look for reports on the previous year to perform their required close-outs. So, reporting volume and support will most likely increase.
  • Inventory – if production is locked, now would be a good time to inventory our software and hardware. This includes servers, workstations, laptops, printers and peripherals.
  • Resource Review – This may sound like inventory, but it is a little different. This refers to utilization and consumption. We need to know how much power and computing resources we are currently utilizing and how that will affect the next year. This could occur during or after taking inventory. We should evaluate how much power our systems draw and whether we have ample power and power protection into the next year. We need to know how much of our server (and other hardware) resources we are utilizing to know what we will need for future endeavors.
  • Nothing – We may not need to do anything different. Some organizations see no difference in activity in year-end from the rest of the year.

If you think of any other end-of-year tasks to add to the list or have other points of view, please note them in out comments section.
AZS-3

 

Craig R. Kalty (CCIA, CCEE, CCA, MCITP:EA, MCITP:SA, VCP)|
Sr. Network Consultant
Craig.Kalty@CustomSystems.com

 

 

 

© 2014 Custom Systems Corporation

Windows 8 File History and Backup Security

Windows 8 File History and Your Existing Backup Plan.

In one of my recent posts, I discussed backups and best methods. One of the rules I mentioned, was the “3 + 2 + 1 Rule of Backups”. This post was geared towards making sure you have multiple copies of important data in case of a hard drive crash or loss of your computer. But what happens when you are working on a document and for some reason, wish you could back up a few iterations? Or the times you deleted a file or folder and also emptied your trash can on your desktop prior to a backup running? That is where (in Windows 8) File History can come into play.

First, you’ll need an external drive or NAS for this to work. If you are backing up your computers using the 3 + 2 + 1, rule then you will already have an external drive of some sort. Let me quickly explain what File History is and how it works. Then I will explain how simple it is to turn this feature on as well as how to restore files that were backed up using this method.

What exactly is File History?

I would be willing to bet that many of you may have heard of it before. It was once called Previous Versions in the last two flavors of Microsoft’s operating system. The reason for the name change is that it has been revamped with a much easier to use, more backup-focused interface. File History does not take the place of Windows Backup. Windows Backup will allow you to back up specific folders or even your entire computer. File History instead only backs up the files in your libraries – essentially, your personal documents, files and media. You can add any folders you want to a library, of course, but it won’t back up your entire computer the way Windows Backup (now called Windows 7 File Recovery in Windows 8) does. Also, instead of running large backups every week or month, it will simply take a snapshot of your files every hour, so you can restore your files in a much easier and more fine-grained manner.

To turn on File History in Windows 8, you’ll need to have an external hard drive plugged in or have a NAS available that you can connect to. Once you have that completed you just head to Control Panel > File History. Once there all you need to do, is turn on File history and you are all set. There is one other way to turn this on and that is to simply plug in an external hard drive and when asked choose to use it for a backup. If you would like to use a NAS for this, all you need to do is to choose “Change Drive” on the left had side when in File History in Control Panel. Once you have chosen the location you will then be able to turn on the File History backup.

Restoring Files from File History

To restore a file that you accidentally deleted or changed and now want to revert back, you will open up Windows Explorer and head to the folder where that file used to reside, You than then click the “Home” button and click the File History icon on the right side of the Ribbon. Alternatively, you can head back to Control Panel > File History and click “Restore Personal Files” on the left hand side.

Next, a new window will pop up that looks a whole lot like Apple’s Time Machine, but without all the fancy animations. You can search through your documents using the search at the top, or navigate to the file you want to restore. To search an older snapshot, click the Previous button at the bottom of the window. When you find the file you want to restore, click on it, then press the big green Restore button at the bottom of the window. It will restore the file to its original location. If you’re restoring an old version of a file that already exists, Windows will ask you if you want to overwrite the file, which in most cases you will.

That is all it takes to setup, use, and restore files using Windows 8 File History. Of course not a full backup plan, but simply something that can be added to a full backup plan to make retrieving of lost or needed files and or folders much easier.

Ryan Ash

 

Ryan Ash
Network Consultant
ryan.ash@customsystems.com
©Custom Systems Corporation 2014

When RAID is not equal to High Availability

Know your storage devices before buying something “just as good”.

An SMB experience using low-cost iSCSI storage devices

One objection we typically hear from potential clients is why vendor X costs more than vendor Y for the same features and specifications. Today, it is not uncommon in the storage market (SANs and NAS) to know that that you are buying more than specs and need to look more in-depth when you find a low-cost alternative for a technology that previously was considered too expensive for your organization.

My recent client experience exemplifies this problem. The storage needs have grown over the past several years and exceeded their file server capacity. Their business requires the long-term retention of image files for every device they manufacture and the repository is approaching 25 years-old. Many of these image files may never be retrieved unless a customer requests them or engineering is researching a design or manufacturing defect. Their daily requirement is to capture high-resolution images of their products and continuously store them as they are prepared for final shipment.

The annual IT budget planning always includes a small SAN for the long term storage and daily storage of these important image files. However, the first item to typically be removed from the budget is the SAN due to what is considered the high cost of the product. Last year this changed, with the introduction of a low-cost, high-value storage device from Buffalo Technology. Who would not want an 8TB rack mount iSCSI RAID5 storage device for $2500 that is “just as good” as small iSCSI SAN for $15,000? The IT budget could surely accommodate such a low-cost, high-value item.

The first year was uneventful and the device performed as advertised. Recently, the device configured with four 2TB SATA drives indicated a drive failure in Slot1. This should not be a problem, as we all know RAID5 will keep running with a single failed drive. A call to Buffalo Technology and the completion of some basic troubleshooting confirmed the problem. A new hard drive replaced under warranty would solve the problem. After jumping through several hoops, chasing confirmation emails, faxing in receipts and paying $100 for an advance replacement my new drive showed up six days later. Yes, I could have paid more for next-day shipping, after the receipt was faxed in, validated by customer service, and payment was submitted to their website. I suspect next-day shipping would still require at least three to four days for the drive to show up.

The instructions delivered with the drive were minimal at best. Update firmware on the device, and insert the new drive. Why would I want to update firmware on an iSCSI storage device that already has a failed hard drive is not something I want to risk and potentially lose all the data? Things happen in IT we all can attest to.

The new drive was inserted, the red LED started to blink and I waited, and waited, and it appeared to be rebuilding the array. I came back after a weekend and it was still blinking. I could not see progress on the rebuild and the product manual gave no indication of the actual process, but being an IT professional I have worked with many RAID5 storage devices that when a failed drive is detected and removed, and a new drive is inserted it just starts rebuilding and your done after several hours.

Not this device, a call to support confirms that you need to go into the web interface, detect the new drive, and then select some menu items to initiate the rebuild.That did not go as planned, and support had to check with a more knowledgeable resource. After a brief wait on the phone I was told to dismount the iSCSI storage device and start the rebuild again. I responded that dismounting the iSCSI device would take my storage offline and make in unavailable to my network of users. Why would this be a requirement for a RAID5 iSCSI storage device used by business? I followed their recommendations and then discovered it would be 33 hours for the array to rebuild with the new drive. I now had a client that was not happy that their RAID5 iSCSI storage device that was “just as good” as a more expensive iSCSI SAN would require them to stop using it for 33 hours while the array was rebuilt. The final outcome was that the unit was restored and all data stayed intact, however, the experience with a product that was “just as good” was much less than expected.

Paul R. Cook
Paul R. Cook
Vice President, Network Services Group
Paul.Cook@CustomSystems.com

 

 

© Copyright 2014 Custom Systems Corporation

Time to backup your backup

Don’t lose what’s important

scyther5Everyone has files that are important to them and it would be a disaster if they were lost.  Years’ worth of pictures from graduations, kids growing up, and even items like tax returns or import documents that have been scanned for digital file storage.  Keeping digital files can make it easier to store, as well as search for later.  The problem is, what happens if your hard drive crashes and you lose everything?  A good backup plan is something that most people tend to forget about.  Many people will backup pictures and documents to one main hard drive and believe that is good enough.  What happens if that drive dies?  I had a colleague bring me the external hard drive where she had kept all the pictures of her children growing up.  The drive had crashed and after looking at it, I had to let her know there was nothing I could do to retrieve the files.  The drive was dead.  She lost years of pictures.  She was under the impression that it was on an external drive and that was good enough.  The truth of the matter is, you can never have too many backups.

Don’t be fooled by cloud storage options

Cloud storage programs such as Drop Box, One Drive and Google Drive are great places to store files, but you need to keep them stored somewhere else as well.  For me , I keep my son’s pictures on my laptop and backed up to my Microsoft One Drive account.  Then from time-to-time I will run a backup of those photos to my external hard drive that I keep connected to my wireless router.  This way the pictures and important files are kept on my laptop, in my One Drive cloud storage and also on an external hard drive.  These pictures are so important to me, I will probably even back them up a fourth time to something like DVD.

Do follow the Backup 3-2-1 Rule

This rule states:

3 – Copies of anything you care about – Two isn’t enough if it’s important

2 – Different formats at least (more is always better in this case) – examples of this would be Dropbox (or other cloud storage) + DVD, or hard drive + USB stick

1 – Off-site backup – This means using a cloud storage option such as Carbonite or Crash Plan.

Crash Plan and Carbonite are topics in of themselves, but these are great programs to back up larger amounts of data.  With programs like One Drive and Drop Box, you tend to get one folder that is backed up.  With Crash Plan and Carbonite, you can back up your entire computer if necessary.  Look for upcoming posts about Crash Plan and Carbonite where I will explain exactly how they work and why they are a good choice.  In the meantime make sure you backup your important data by no less than the Backup 3-2-1- Rule.

As always, we welcome your opinion and questions. Do you have a data backup plan in place? How are you keeping your files and precious memories safe?

Ryan Ash
Network Consultant
ryan.ash@customsystems.com
©Custom Systems Corporation 2014

Change my password?

Password securityRecently, the Heartbleed OpenSSL hack has been spotlighted in the news.  OpenSSL is one of the most widely used forms of security protection/encryption on Internet sites.  The hack takes advantage of a bug in the still widely used 2012 version of OpenSSL.  It has caused panic because it has potentially allowed hackers to steal information, passwords in particular, from many sites.  In fact, it has been estimated that two-thirds of web servers have used or still use OpenSSL.  The web sites providers themselves can neutralize the threat from this hack by implementing some patching or an upgrade.  However, this hole in security has been around for two years now.  There is no way that any site that has used the 2012 version of OpenSSL can honestly say they were not hacked.  To be safe, it has been recommended by security experts (the ones who exposed this problem and many more) that we change all of our passwords on Internet sites and also change the way we manage our passwords.

Whether you are the consummate computer professional or completely computer illiterate, managing passwords can be a major task.  While the typical user will only be required to remember their personal passwords, the computer professional will most likely need to manage passwords to accounts that are not their own (i.e. service accounts, admin accounts, etc.).  Let’s face it, we all find passwords annoying.  In this day and age, we have passwords or pins for just about everything and managing them all can be a nightmare. Some of the tasks involved in managing passwords include:

  • Creating a secure password that meets different requirements like at least one capital letter, one lower case letter, one number, and/or one extended symbol.
  • Creating security questions for either password reset or second factor identification.
  • Remembering multiple passwords.
  • Changing passwords.  This now involves creating new passwords that meet the requirements and then remembering them.

Why do we have to have passwords?  Because they are the cheapest form of protection for our information.  In order to implement protection schemes that require pass-cards or biometrics (fingerprints) the cost to implement goes up drastically.  Who do you think your bank will pass the cost onto?

Thanks to the Heartbleed hack and other factors, now we know we need to change our passwords.  Here are some suggestions on the proper and improper ways to create our passwords:

  • As mentioned above, there are usually requirements to creating our passwords.  As a best practice, use all the requirements and more.  Do all of the following:
    • Include at least one capital letter.
    • Include at least one lower case letter.
    • Include at least one number.
    • Include at least one extended character.
    • Sometimes, the system does not recognize extended characters or numbers.  For those instances, use more of the other suggestions.
    • Do not use words.  Words can be cracked using a dictionary crack.  This goes for foreign language words as well.  If there is a dictionary crack for one language, then why not include others?  Also, they have already thought of spelling the words backwards.
    • Do not use patterns or repeating characters.  123456, ABCDEF, 112233, etc.  All of them are very bad ideas.
    • Do not be lazy.  Password1, qwerty, letmein are not good passwords.  In fact, they are considered some of the most common ones used.  These are the passwords comedians make jokes about.
    • Do not use personal information.  Names and the things in life that are important to you can be observed and guessed.  Thanks to social media, we give away a lot of this information freely.
    • Use longer passwords.  The longer the password, the harder it is to crack.  Each digit you add to a password makes it exponentially more difficult to crack.
    • In order to make a complex password easier to remember, use a pass phrase.  For instance, the password ‘d0N7$tnDuP’ is actually the phrase “Don’t Stand Up”.  This is a 10 character password that makes no sense on its own, but is easier to remember because of the phrase.  No, this is not one of my passwords.  Which brings up the next suggestion:
    • Use a password or phrase that has meaning to you and no one else.  One that is not easily recognizable in your daily life.  Don’t copy someone else’s.  It may not make sense to you and someone else knows it as well. Be as original as you can.

Besides from creating passwords, you need to properly manage them:

  • Do not use the same password for everything.  One suggestion for making it easier to remember many different passwords is to base them on a pattern only familiar to you.  For instance, using the passphrase above, we could make something like AMAd0N7ZON$tnDuP, FACEd0N7BOOK$tnDuP, TUMd0N7BLR$tnDuP, etc.  Again, be your own form of creative.
  • Change your passwords every once in a while.  Annoying, but more secure.  If a password was captured, you may change it before something bad happens.
  • There are applications that help you store passwords.  I am not saying whether you should or should not use them.  Just make sure you keep their functionality in mind.  If it is only on your phone, what happens if you lose your phone?  Is the application itself encrypted?  Is the application a piece of junk?
  • Is your password storage location easily accessible to others?  Yes, I have found peoples passwords under their keyboard.  In fact I have been to locations where people post their passwords on sticky notes on their monitors for everyone to see.

If you search the Internet, you will find many suggestions on the proper creation and managing of passwords.  Now is an important time to take them to heart.  One last thing: Do not leave the password blank!
AZS-3

 

 

Craig R. Kalty (CCIA, CCEE, CCA, MCITP:EA, MCITP:SA, VCP)
Sr. Network Consultant
Craig.Kalty@CustomSystemsCorp.com

 

 

 

© 2014 Custom Systems Corporation

Protecting Your Business from ne’er-do-wells

hackerIn the IT world, everything changes very rapidly.  Two of the fastest changing and hardest to keep up with are viruses and hackers.  Hackers are always out there, trying to find a new way to make you have a bad day.  Why?  I don’t know.  I’ve never understood it.  You work hard, trying to grow your business – improving your products every day, reaching out to new customers – while some jerk with nothing better to do is trying to tear it down.  Maybe it’s an Ethos thing, or maybe just jealousy; they can’t build anything productive, so they have to break something that someone else worked hard to create.  But I digress…

What We Can Do About It

Protecting your network starts with a firewall.  It is your first line of defense against attackers.  A firewall is most often a piece of hardware (like a Cisco ASA) that sits at the edge of your network, and is configured to only allow specific types of communication into your network.  It also separates the good traffic from the bad traffic.  Next is a web filter, like a Barracuda.  The web filter monitors internet traffic going in and out of your network. It can be configured to block hazardous websites, and known types of dangerous programs.  It can even be setup to only allow specific users access to the internet.  Next is your anti-virus.  Anti-virus is a program that runs on your PC and servers.  It has to be manually installed on every device on your network, and is usually centrally controlled by a server.  The anti-virus server can be setup on- or off-site, depending on your needs and the size of your network.

Do I really need all three?

Yes.  Think of it this way: If a hacker is like an arsonist, the firewall is the security guard outside the door, the web filter is a locked door, and anti-virus programs are the fire suppression and mop-up crew.  Although you may have anti-virus already, you are just putting out fires after they have already been started.   To really protect your network, you need the security guard – and the locked door.

 

AZS-4Chase Reitter
Network Consultant
Chase.Reitter@CustomSystemsCorp.com

 

 

 

© Copyright 2014 Custom Systems Corporation