NAS Drives, a quick and easy option for data growth on small networks

With burgeoning data requirements in even the smallest of businesses, simplifying access to it becomes a major headache. Obviously, dumping data on a PCs internal hard drive isn’t a viable option anymore. The complexity increases with the advent of devices like laptops, smart phones and PDAs, hooking up to the LAN and trying to access data conveniently through a central location.

A NAS (network attached storage) box is an acceptable option for small business networks. Not only are these devices small, but they are equipped with hard drives which can store up to 4TB of data, and connect through an ethernet cable into a network port or router. You can also plug in a USB device such as a printer, to NAS device and make it accessible over the network. These devices are ideal for small offices with 10 to 15 PCs for compact, centralized storage accessible from anywhere, including over the Internet.

_Sponsors_________________________________________

Nova Media

Strategic Online Marketing

_________________________________________________

Advanced Systems

Corporate Computer and Network Specialists

Trojans accounted for 70 percent of the new malware detected

Trojans accounted for 70 percent of all new malware between April and June 2009, according to data compiled in the latest PandaLabs Quarterly Report. Adware rose dramatically over this period, from 7.54 percent in the previous quarter to 16.37 percent. This is largely due to the increase in fake antivirus applications, a type of adware that passes itself off as a legitimate security solution.

Trojans were also responsible for more infections than any other type of malware over this period. This type of malware was behind 34.37 percent of all infections detected by PandaLabs, an increase of 2.86 percent with respect to the previous quarter. Adware infection levels remained stable, accounting for 19.62 percent of the total. Worms increased slightly (0.89%), staying in the picture due largely to the effectiveness with which they spread.

In terms of specific strains of malware, the number one ranked specimen between April and June 2009 was Downloader.MDW, a Trojan designed to download other malware on to computers. The Virtumonde spyware and Rebooter.J Trojan were also among the malicious codes that caused most infections.

_Sponsors_________________________________________

Nova Media

Strategic Online Marketing

_________________________________________________

Advanced Systems

Corporate Computer and Network Specialists

Top 5 easily preventable network vulnerabilities

Large enterprises and small companies have one thing in common when it comes to IT – vulnerable computer networks. Tests were applied to both small and large corporate networks using criteria based on industry best practices from CISCO Networks, the US National Security Agency and Payment Card Industry Data Security Standard (PCI DSS). They all failed with most of them failing a majority of the tests. As a result of not following basic configuration steps and best practices these networks were vulnerable and open to intrusion. Following is a short list made up of the most common errors.

If you are a small business owner and whether you have in-house IT staff or outsource, ask them about these five common mistakes. What’s really critical is that you ask them for proof that best practices are being followed. A penetration test and survey from a third party IT firm is not a bad idea either. Since they don’t know what they are looking at, they’re more likely to find vulnerabilities in systems that your own staff have overlooked.

1. Not changing the default passwords on all network devices.

It’s hard to believe that this happens but it does. A server, switch, router or network appliance with the default password – usually “password” or “admin” – still enabled usually happens when installation is performed by DIY users or unskilled IT techs but it also happens to pros. Why? Lack of familiarity with the equipment or lack of an installation checklist being in place or being followed. Things like, “I don’t have time to set it right now, so I’ll do it later”, but it never gets done since a lot of networks are a ’set and forget’ project. More than half of all the records that were compromised last year were the result of using a default password on a network device, according to a Verizon Business study.

2. Sharing a password across multiple network devices.

For convenience sake, people often use the same password across multiple servers, and several people know the password. It might be a good password but once it’s shared among several systems, these systems are all at risk. You need a process to make sure that server passwords are not shared among multiple systems, are changed regularly, not shared beyond those people who require direct access and are kept secure. If the password is discovered by a hacker, the hacker can get into many servers and cause more damage.

3. Misconfiguration of your access control lists.

Segmenting your network using access control lists is the simplest way to make sure that systems communicate only with the systems that they should. Having properly configured access control lists would have protected 66 per cent of the records that were compromised last year, according to the Verizon report.

4. Allowing non-secure remote access and management software.

One of the most popular ways for hackers to get into your network is to use a remote access and management software package, such as PCAnywhere, Virtual Network Computing (VNC) or Secure Shell (SSH). Often, these software applications are lacking the most basic security measures, such as good passwords. This problem accounted for 27 per cent of the compromised records in the Verizon Business report

5. Not adequately protecting your servers from malware.

Most malware is installed by a remote attacker and is used to capture data. Typically, malware is customized, so it can’t be discovered by antivirus software. Lock down servers so that no new applications can run on them. Malware on servers accounts for 38 per cent of all security breaches, Verizon Business says.

If you accept credit cards as payment for products or services, here is a bonus mistake.

6. Not following the Payment Card Industry Data Security Standards.

Dubbed PCI DSS, this set of 12 controls for protecting cardholder information work but most companies don’t even try to meet the strict but basic PCI standards. Even though 98 per cent of all compromised records involve payment card data, only 19 per cent of organizations with security breaches followed the PCI standards, according to the Verizon Business report.

_Sponsors_________________________________________

Nova Media

Strategic Online Marketing

_________________________________________________

Advanced Systems

Corporate Computer and Network Specialists

Repair & replace your computers – a blended approach

Intel released a report on the costs associated with extending the life of old computers versus refreshing with new models.  This report is more than an attempt to sell more computers. The fact is, they are right on target in their evaluation of Total Cost of Ownership (TCO). Computers have a limited life cycle both from a physical and use perspective. An old computer is like an old car, it can nickel and dime you to death and eventually leave you stranded when you need it the most. But with today’s tough economic climate many small and medium enterprises are delaying the refresh in an attempt to save cash. Deferring any refreshing of equipment is a false economy and will cost you big time later on. There are other options available though.

The best strategy is a blend of replace and repair.

• Evaluate your current computer inventory based on age and the role it plays in your operation, critical or non-critical;
• Refresh critical equipment with new purchases;
• Replace what is at the end of its life with new equipment;
• Upgrade the rest to a minimum performance standard;
• Assign some budget money to cover the cost  of repairs, current and future.

An important trap to avoid is the creation of ‘Frankenstein’ computers. This is when parts from a variety of PCs are thrown together to create a working unit. A drive from this one, a power supply from another, an HP system board in a DELL case, etc. This is a creative approach for the geeks but doesn’t make good sense from a business perspective.

It’s pretty simple really. If your computers need to work to support your business, make sure they are in working condition.

Dean

_Sponsors_________________________________________

Nova Media

Strategic Online Marketing

 

_________________________________________________

Advanced Systems

Corporate Computer and Network Specialists

_________________________________________________

Alberta Health Services IT breach – vigilance urged

Taken from a news release posted on the Alberta Government website:

July 8, 2009
Commissioner urges vigilance in wake of computer virus outbreak at Alberta Health Services

The Office of the Information and Privacy Commissioner has been notified by Alberta Health Services that a virus was present on the Alberta Health Services network in Edmonton. The virus impacted the network and Netcare, Alberta’s electronic health record, before it was discovered and removed.

You can read more about it here . . . Google Links. This follows the theft of two computers from a UofA medical lab a few months ago which contained un-encrypted patient information. The laptops were chained to a desk in a locked room!

Vigilance is the key word here and should apply to any and all businesses that value their data and want to keep it private. These were computer based breaches but we need to apply vigilance across our organizations which include any form of access to data and confidential information. You need to review, evaluate and enforce any policies and procedures regarding how you and your people manage and handle confidential data whether it’s computer based or paper based. Let’s not forget the two recent incidents where Federal officials mishandled confidential and top secret paper documents.

How important is securing your data? Ask yourself this: would you want to do business with an organization who were slack in securing your personal information?

Dean

_Sponsors_________________________________________

Nova Media

Strategic Online Marketing

 

_________________________________________________

Advanced Systems

Corporate Computer and Network Specialists

_________________________________________________

Desktop PCs losing out to mobile computing, but not dead yet

According to a recent report, sales of new desktop computers are dropping compared to mobile computers such as notebooks and net-books. Not surprising considering we are all more mobile and need to be connected where ever we are. According to one report desktop computers still capture 47% of the new computer sales market.

Desktop computers still offer great value for money. Most are well spec’d for the price when compared to portables. Easier to upgrade when you want to extend their life or improve performance. A 24″ monitor connected to a desktop PC is easy to look at. Large laptops (17″-18″) are nice but extremely heavy and hard on battery life. There’s also the long-term maintenance issues to consider. Desktop cases have better ventilation when compared to laptops. As a result they are less likely to overheat the internal components and suffer from premature failure. Replacing internal components in a desktop box is cheaper and offers more options when compared to a laptop.

What we are seeing now is a turn around from previous years. Where laptops where niche and special purpose only five years ago they are now becoming standard computers for most of us. Desktops still have a role to play in the corporate environment but they are becoming the new niche technology.

Security flaw in Microsoft Internet Explorer – what’s the risk?

Microsoft has issued a new security advisory for a critical security issue that could potentially enable an attacker to take control of a users PC by way of Internet Explorer (IE) through the Microsoft Video ActiveX Control on Windows XP and Server 2003 platforms. Microsoft offers a work-around in its advisory to let users disable the ActiveX Control in question. According to the advisory Microsoft is currently working on a security update to fix the flaw as well.

This time around Microsoft Vista users are not at risk. Thanks to the way that Vista provides permissions to IE, this particular flaw doesn’t pose a risk to Vista users – only XP users. Considering that there are so many Windows XP clients and Server 2003 hosts running out there – this could be a risky flaw for most of us.

Check out the workarounds as provided in the MS security advisory and take appropriate action.

New relationships and exciting times

There hasn’t been much coming out of this blog of late. Busy, busy, busy with other things. Such as BRASSmedia and bobbing like a cork on the sea of Web 2.0. The original intent of this blog was to voice my thoughts on IT management and put forth new ways of doing business. That won’t change much but there will now be other topics of discussion. We (meaning me) have just taken on a new role in a new relationship and we’re quite excited.

Direct sales for Nova Media, a strategic online marketing consultant and developer based out of Lacombe Alberta. Peter DeWit, Nova Media’s CEO and I have worked together on a fusion marketing project and when we sat down to discuss this new relationship it seemed like a natural fit. My role is a simple one – develop new relationships with businesses and organizations in need our services.

One of the things I always strive for is quality and integrity in business and my personal life. What excites me about representing Nova Media in the market place is that Peter and his team do more than just develop web sites. Peter’s experience in traditional marketing gives him a great overall view of a clients place in the world of the web. An end to end online marketing solution. Web sites based on a content management system, graphic design, branding, search engine optimization, email marketing campaigns, ecommerce and ongoing measurement of the impact and effectiveness of your web precence.

We’ll still use this blog to talk about IT’s role in small and medium business but we’ll now broaden our scope to include our work in the world of the web and how it impacts an orgainizations day to day operations.

Dean

False economies – PC refresh delays can cost in the long run

ZDNet has posted an article commenting on a report from Intel regarding the total costs of ownership of PCs and how small and medium businesses delay in refreshing PCs to save money now can cost in the long run. So true. Deferred maintenance is an easy and immediate cost savings when faced with decreased revenues. Having been their myself I can attest to the ultimate lash-back when PCs past their prime start to fail.

Before you slash your PC budget or burn it to the ground entirely, consider a blend of new PCs and a maintenance plan for the ones you plan to keep. There’s a cost to keeping your computers up to date but a price to pay if you don’t.

Dean

Does bribery result in bad IT?

Big news in IT a few months ago was the announcement of the arrest and charging of an IT professional who had links to US President Obama’s top pick as CIO/CTO for the US federal government. He (not Obama’s man) is charged with allegedly taking bribes from a vendor to influence his purchasing decisions, pay for products never delivered and paying for ghost staff. There was a news item a few months ago which identified a group of Canadian IT staffing companies as being in collusion with a federal government office to fix prices and inflate contracts. All of this got me wondering about how much bad IT out there is the result of bribery, collusion and other forms of illegal business practices. When you’re faced with poorly performing IT systems at work – how much of it is the result of someone in the decision making food-chain taking bribes. Not all bad IT is the result of bribery. But the next time you get told that there’s no money to buy you that new and sorely needed piece of computer equipment you might want to wonder where the money went. Questionable purchasing decisions aren’t made just within the IT department. There are many others in the decision making food-chain who can take part. Are decisions for technology based on sound reasoning or questionable  influence from vendors?

Dean

P.S. – This just in (04/15/09):

7 Ottawa tech firms charged with bid-rigging – and the plot thickens . . . and gets deeper and deeper!