Category Archives: 890

Going to meet with Trend Micro next week

This is a copy of an email I sent to the Adelaide SBS User Group a few minutes ago and consider this worthwhile posting to the wider world.


 


“I’ve got a meeting with Trend Micro next week with one of the top people in the company who’s travelling out from the USA to meet with me and a few others to discuss Trend and the IT community moving forward. This will not be a technical discussion – it’s going to be more strategic.

 

So, I’d like some feedback to take with me to the meeting. Those of you currently using Trend products, can you please provide me with some feedback (offlist if you think it’s sensitive) about your working relationship with Trend. Some things to consider are:

 

·         Are Trend an important partner for your business and your customers?


·         How easy do you find it to get answers to questions you have for them?


·         Comments on the Trend web site – the good, bad and ugly


·         Do you use the partner portal and do you have comments on its usability, information etc


·         Anything else of relevance – remember this is not a technical discussion so it can’t be along the lines of “I’ve got this issue with CSM at a site where…..”

 

For those of you not using Trend products I guess it would be interesting to know why not and who you do work with – why you use other products and what are the great points about these products/companies that have got you using them.

 

I’m not a Trend evangelist by any means – I’m simply looking for feedback. We use Trend products (I make no secret of that) and we have our reasons for this as a company. Personally I’ve no issue with anyone not using Trend product but am seeking great feedback to take to Trend which will make working with them, and protecting the networks we maintain, better for the future.

 

My meeting is next Friday (May 16) so if you can please get me any feedback by midday Thursday next week that’d be great. I’m happy to keep your comments confidential too if you want that.”


 


So please let me know what you’d like Trend to hear. I can be reached at dean[cut this bit out] at calvert DOT net DOT au


 

SBS2003 SP1 was successful – ultimately

The days between Christmas and new year were going to be the days I caught up with a heap of things in the office that had not received the attention they deserved through the rest of the year. Instead I was busy by a few clients that simply refused to take some time off 🙂


Anyway, I did manage to get SP1 finally applied to our own server, in readiness for CRM 3.0 (see previous post). Overall the installation when fine, apart from the ISA2004 upgrade. Now don’t get me wrong, our SBS2003 server is not overly customised – we built our own server the same way we build them for our clients. Makes it easier to support overall.


So each time I went to install ISA2004 as an upgrade from ISA2000 it would complain and roll back the installation. I ended up manually uninstalling ISA2000 (remembering to export the self-signed certificates first) but still had problems. Evertime I went tp stop the IISADMIN service and its dependant services it would start up again.


To make a long story short, I had to change the recovery settings for the service. It was set to restart on first & second failures and on subsequent failures to run “iisreset”. I changed all of these to “no action” and tried again – this time I was successful. (I remembered to set the recovery options back afterward).


So if you’re rolling out SBS2003 SP1, or even just upgrading ISA2000 to ISA2004, watch for the service recovery options on IISADMIN. Hopefully this will serve to save you a little grief.

What’s your DRP?

Our office was broken into a week before Christmas 🙁 As it turned out we didn’t have anything stolen ourselves although other tenants did. There was damage to one of the doors though, but the most important thing is it got me seriously thinking about our disaster recovery plan (DRP).


The phone call I got from one of the other tenants was along the lines of “lots of stuff has been taken – laptops and more. They’ve been right through the office. You’d better get here quickly.” This was around 8am on a Saturday morning too.


The drive down to the office was, to say the least, one of major contemplation. I had no idea of what had really been taken or how extensive the damage was. Was my server gone? My Internet router? The main admin machine or sales machine? What about the printers and other peripherals? What was my strategy to recover if the worse had eventuated?


Well the good news is as I mentioned at the top – nothing had been removed from my office. But it certainly got me thinking more about what we really would do if things were removed from the office.


Fast forward a little – I spent quite some time from Christmas day (!!) to last Monday (Jan 2) digging up old clay pipes in the back yard and replacing them with PVC piping. Whilst working I was listening to the SBS Show (www.sbsshow.com) and lo-and-behold episodes 3 & 4 are about disaster recovery!! How very timely 😀 (In fact, I was also thinking our our home DRP in the event I couldn’t get the pipes replaced properly or in time for the next flush!! I was successful in getting everything sorted out though)


So, this is where you’ve got to look for the silver lining – the break in got me thinking seriously about improving our DRP which will be MUCH MUCH better from here on. Save yourself from the anquish I went through and get started on improving your DRP now before it’s too late. As I get things sorted out I’ll have to make sure I let you know. I’d be keen to hear about your own experiences too.


Oh yes, the police called me the next morning to let me know they’d caught the guy that broke in – 30yo heroin addict!

The Xware menace

(snip from one of our recent client communiques)…


Quite often we get asked about pop up screens when using Internet Explorer, alerting users that their systems are insecure or not performing correctly (for example). These messages typically have a button the user is prompted to press in order to take “apprioriate” action. Unfortunately, clicking on the button will more than likely install some malicious software onto the users compujter. But why does the anti-virus software not pick this up?


Basically, these messages are not strictly viruses, or even worms. They represent software known as malware which can include spyware. Malware is basically malicious software that can be installed onto your computer, sometimes without your knowledge. Spyware is designed to “spy” on your web browsing activity and report this back to a server on the Internet which in turn can instruct the spyware to display advertising on your computer.


Rather than go into a long technical discussion about the different forms of malicious code (viruses, worms, trojans, malware, spyware, rootkits etc etc) at the end of the day malware & spyware is a relatively new menace. Whilst it’s been around for a few years, over the last 12 months or so it has become a lot more advanced such that it is not only very hard to keep up with the technological changes, but it’s more difficult to understand and hence detect and remove.


The answer? It’s a very long answer! In summary, the most important first step is education – educating users about how to safely use a computer, especially when using the Internet. Secondly, if you are using a Windows operating system on your PC other than Windows XP you are at risk, regardless of any firewall you may be using on your network. Having service pack 2 installed onto your Windows XP computer is extremely important as it provides many mechanisms for helping keep Internet browsing a safer experience. Thirdly, anti-virus software is still essential, and it is evolving to also detect, prevent and remove malware. Over the next few months we should expect to see vast improvements in the capabilities of this software.


Finally we need to remain vigilant. The Internet is a very different place compared to what it was a few years ago. Awareness is important, and thinking “it won’t happen to me” simply won’t keep you safe. I personally, and professionally, cannot stress enough the importance of taking this growing threat seriously.


==========================


So what’s your favourite anti-Xware tool?

Don’t get worms…

Viruses and worms are getting smarted and more complex. Some of the latest virus attacks involve new, combination viruses that are a mix of a virus and a worm. Typically these will infect a machine through either email attachments or malicious code downloaded from a web site. Not only can your computer be infected with a virus, which causes problems by using your computer to send out masses of email, but also keystroke logger utilities may be installed which monitor which keys are pressed when you are connected to secure web sites – including banking web sites, and the results reported back to the software originator.


Naturally these can cause serious problems not only by causing system instability and unnecessary Internet traffic, but also by stealing confidential information. Be very careful of any attachments you receive in email messages, and also take care of any web sites you visit. If you receive a suspicious looking email asking you to click on a link in the email in order to reset passwords, or download files, it is recommended you don’t click on the link but rather, manually type the shown address into a web browser if you feel this is a valid email. Some email messages can show one address on the screen but the link itself points to a different site – often hovering over the link in the email will show the address it is actually pointing to.


Security of your computer system is going to become more and more of an issue over the following months & years as hackers get smarter, more organised and use both technology and ignorance to gain more money and power. Security starts with the person sitting at the keyboard (you and me) and ends with us too. The rest comes down to proper system configuration that provides both a secure and useable environment.


What can you do? Well – that will be the subject of another posting soon, when I get time (it’s a BIG list).


Stay tuned…


 

Access control revisited

After playing with the fingerprint scanner for a while I’ve found it’s OK for keeping track of web site logins, but it’s no good for REAL network security – controlling who can log into the domain, and maintaining complex password (read PASSPHRASE) policies with 2-factor authentication.


So I’m looking at a few devices – tokens from RSA, Secure Computing and the like. I want something that can be used on the network, for VPN access, OWA and terminal services login.


Suggestions, experiences, ones to keep away from? Any feedback is good at this point.

Microsoft finger print scanner review

I bought, and started playing with, a Microsoft USB fingerprint scanner yesterday. I’ve only had a little play with it but so far it looks pretty cool.


I started by installing the software that shipped with it, following which you can plug in the device. Unfortunately I had a couple of BSODs which I’m guessing were related but to be honest I didn’t take the time to check the event logs – and the system automatically restarted anyway. After 2 of these it was fine so I soldiered on.


You start by scanning your fingerprint into it – selecting a few fingers from the wizard is ideal (I chose index and middle finger on right hand). There was no pain and certainly no blood, so I kept playing 🙂


When a web site with a login screen is displayed (both HTTP and HTTPS) you simply press your finger on the scanner, it then prompts you to enter your username and password, and you select the appropriate “login” button if it detects multiple buttons to choose from, and hit the OK button. You then place your finger on the scanner again and it logs you in – complete with a little noise as confirmation that it worked.


I’ve added several sites to its collection and am getting into the habit of reaching for the scanner rather than the keyboard when it’s time to log in.


The scanner itself is relatively small and unobtrusive. I guess my only real issue with it is the red light it uses to scan your finger is on all the time, so if you’re working in a dimly lit area it can be just a little distracting (perhaps incorporating a pressure switch that turns the light on when you place your finger on it would be good for version 2). The scanning surface is a soft plastic which gathers dust and finger prints quite easily – simply cleaned with a little sticky tape (the instructions say cello tape but I used scotch tape). At first I thought there was a protective covering on the scanning surface that needed to be removed before use – much like you get on the screen of a mobile phone when it’s new – but don’t be fooled, it’s not a protective coating so don’t go trying to remove it!


After playing with the USB scanner for a day, I decided to bite the bullet and get the full kit – the keyboard with finger print scanner built in and wireless mouse (comes as a bundle). It was a simple matter of unplugging the USB scanner, installing the keyboard and mouse software, then plugging in the new devices.


Since the scanner is on the left side of the keyboard I had to cut the fingers off my hands and switch them around … no wait, that wasn’t necessary. After switching my fingers back to their correct sides (lucky I had some scotch tape left over) I simply scanned some fingers on my left hand using the wizard and that was it.


I’ll be playing with it a little more over the next days and weeks and will post back my thoughts as I learn more.


I must say one disappointing thing I found is it’s really only good for logging into web sites or using the fast user switching for Windows XP. Now this means it can’t be used on a machine that’s part of a DOMAIN (which puts us SBSers out of action for simple logins). I was hoping it could be used for logging into my computer but alas it’s not to be. In fact the instructions (yes I did RTFM) do say the scanner cannot be used for logins to a domain.


I guess I should clarify why I bought the scanner in the first place. I’d heard about the scanner and had been talking with a client who currently have a workgroup and will be moving up to an SBS network over the next few months. The users of this network are, how should I put it, not really technical when it comes to IT, so the thought was to use the scanners to help them adjust to logging into a network – a way of avoiding having to remember their username and password. I bought the scanner to do some testing for them but alas it’s not the solution they need.


In addition, I have a LOT of web sites I log into on a daily basis and this will help save me a little time each day – every bit helps. (in fact I used it to log into my blog and submit this post)


So, what’s the verdict so far? If you have a computer with mulitple accounts, which is in a WORKGROUP environment (ie can use fast user switching) then this is a great product for you. If you log into a lot of web sites during your working day then this is a great product for you.


If your computer lives in a DOMAIN environment, and you basically process email and use a few applications, with limited web site logins, then save your money and give these devices a miss – until they can handle domain logins. I guess it’s early days yet and newer versions may provide the domain login capability – or perhaps there are already products around that can do this. If there are and you know about them, please let me know – gives me an excuse to do some more playing…err…testing.

Secure That Login

So I got a call from a client “we can’t send email to company XYZ – the say we’re sending SPAM or something, can you please find out what’s going on?” (well, they didn’t quite say it like that but I figured I should paraphrase a little for clarity).


OK – I knew they weren’t an open relay but checked anyway (you know, telnet to port 25 and try to send mail through it hoping to get the “unable to relay for…” message. Whew – no fingers had been meddling.


They’d been listed with SpamCop as a source of SPAM so I kept digging. The anti-virus was up to date and functioning correctly so there was little chance of the server and PCs being infected (we check the network every week to make sure too). No flames please about bugs that bypass A/V too – I’m summarising here for the masses.


Looking in the Exchange mail queues I could see HEAPS of messages waiting for delivery to domains I just knew they didn’t really want to be talking to, so figured there was something nasty going on. The SMTP virtual server settings were also correct in not allowing relaying through the server from any IPs which confirmed my “not an open relay” check. Ahhh – there’s that checkbox a little lower down that allows authenticated users to relay through the server.


Knowing this client as I do, and their fear of passwords, I guessed an spammer had managed to guess a valid domain username and password and was using this authenticated account to relay mail through – slippery little suckers these guys are.


I removed the tick, cleared out the mail queues and voila – spam stopped. Now I just need to get them de-listed from the spammer list.


So, what’s the moral here? First, it’s not really the fault of the checkbox on the virtual server that caused them to become a source of spam – it’s the users who don’t want to use proper passwords (aka passphrases) to protect their login accounts and hence the network. Most mortals don’t realise how easy it is to crack a users login through guesswork or even using a list of common passwords (see a page full of common passwords here).


Removing the check from the box solves the problem for the moment though, as we go through the process of educating the users about why they really need to use passphrases instead of just passwords which are far too easily cracked.


And “what’s a passphrase?” I hear you ask? Instead of using a word for your “security” – like your dog’s name, or your birthdate or similar, use a phrase that combines both upper & lower case letters, numbers and even punctuation, to make your login much more secure but still easy to remember. If your dog’s name is Spike and you got him in 2001 then perhaps you could use something like “I got Spike in 2001 and hes really cool :)”. Simple to remember, very hard to guess and if someone happens to be “shoulder surfing” whilst you type it in (which I really don’t like and is very bad etiquette) they’ll find it difficult to follow and remember.


Simple isn’t it. Don’t wait until you get hacked to start practising safe logins – start today, right now in fact. It can be as easy as Ctrl-Alt-Del, Change Password and away you go. Go on, give it a go – you’ll be glad you did.


If you can come up with a reason to not start employing the use of passphrases please let me know – I can’t think of any!!