awareness

Dec 19 2008   8:55PM GMT

Microsoft’s environmental campaign - XP goes green

Posted by: Troy Tate
administration, hardware, tools, Microsoft Windows, power management, Monitoring, DataCenter, Vista, design, environment, Performance, facility, awareness, XP, facility management

Microsoft has a special section of their website dedicated to fostering environmental sustainability. To that end, they have released a product called Edison PC Power Management software. The application will work on XP and Windows Vista. According to the Microsoft Environment website features include:

• Scheduling. Identify work and non-work schedules to optimize power schemes based on when your PC is in use or on standby.
• Settings. Choose from among several options for power savings and settings.
• Estimated Savings Reports. Find information that shows how PC power settings correlate to money, kWh and CO2 savings.
• Intuitive User Interface. Drag easy-to-use sliding bars to choose settings and instantly see the power and monetary savings. Clearly marked tabs make the interface easy to navigate.

So… if you want to reduce your carbon footprint in 2009, check this out. I know I will.

Dec 10 2008   2:41PM GMT

Did you see this? - Microsoft Infrastructure Planning & Design Guides

Posted by: Troy Tate
administration, planning, tools, Microsoft Windows, documentation, IT education, design, Microsoft, howto, awareness, education, toolkit

Microsoft has become much better offering documentation beyond just marketing materials about their products and systems. The Infrastructure Planning and Design (IPD) guides are the next version of Windows Server System Reference Architecture. The guides in this series help clarify and streamline design processes for Microsoft infrastructure technologies, with each guide addressing a unique infrastructure technology or scenario.

The guides available include:

• Exchange Online—Evaluating Software-plus-Services
• Microsoft System Center Configuration Manager 2007 SP1 with R2
• Microsoft Application Virtualization 4.5
• Windows Server 2008 File Services
• Windows Server 2008 Print Services
• Infrastructure Planning and Design Series Introduction
• Internet Information Services 7.0
• Selecting the Right NAP Architecture
• Selecting the Right Virtualization Technology
• System Center Operations Manager 2007
• System Center Virtual Machine Manager 2008
• Windows Deployment Services
• Windows Server 2008 Active Directory Domain Services
• Windows Server 2008 Terminal Services
• Windows Server Virtualization (for Windows Server 2008 Hyper-V and Virtual Server 2005 R2 SP1)

As you see, there is a lot of information here to absorb and make use of in your environment. I’m going to be checking out the Systems Center Operations Manager 2007 implementation guide. It’s gonna be an interesting ride but at least Microsoft is offering some free support assistance in the planning and design phase.

Try some of these guides out. Share with us your thoughts and how effective the guides were in helping your organization meet operational demands.

Dec 10 2008   1:19PM GMT

The larger world of free technical support - Craigslist computer forum

Posted by: Troy Tate
Networking, tools, documentation, patching, web, IT education, malware, website, anti-virus, troubleshooting, howto, online identity, risk, awareness, education, professional

I recently came across the computer forums on Craigslist. I had heard of Craigslist previously but was not aware of the significant scope of what it offers besides classified ads. I’m not suggesting that folks leave ITKE to the Craigslist computer forums for support - far from that.

I have been watching some of the exchanges between posters on the forums. It amazes me what people will post when the environment provides seeming anonymity. ITKE does offer this also, but the moderators do a great job of keeping the Trolls away. The Craigslist posters do not behave in the same professional manner that ITKE users do. There are many writers on Craigslist that belittle computer user skills for those asking “noob” questions. There are also those who attempt to discredit or otherwise tear down answers from those who have real computer skills and knowledge.

For example, there was a recent posting thread reminding people that the Microsoft Tuesday patches had been released. One feature that Craigslist offers similar to ITKE is the ability to rate postings. Someone rated the patch Tuesday reminder as a “thumbs down” posting. This is really unprofessional behavior. The thread went on to describe that exploits were sure to follow the patches since hackers use the patches to reverse-engineer the vulnerability. Someone asked if the exploits could already exist. Of course they might, but the exploits would become more likely after the patches are released.

The thread also described how the patches are to protect users from themselves. Most users are tempted into doing something (downloading software, answering yes to some popup window, visiting that interesting website) that causes malicious software to do something on their system that is totally unintended by the users… so the patch is there to fix some things that might be otherwise used by these malware writers. Really patching is the only preventive mechanism. Antivirus is a detective method that detects when something is trying to do something it shouldn’t. Patching won’t let those things happen - unless the user makes a poor judgement call… we all do! I have even opened an infected PDF file thinking it was a legitimate document. Fortunately, AV was able to clean up after my mistake.

For some reason, some troll thought they would say that these postings were by a “know-it-all n00b”. It seems like this Craigslist forum user may be one of those miscreants who want people to remain ignorant and cannot handle someone else teaching others about safe computing and answering other users’ questions.

I would like to encourage ITKE readers and IT professionals to help make IT support forums professional and user-friendly. If you have time, watch the Craigslist computer forums, offer support to the users  who don’t have the same professional support available we have on ITKE. Make the trolls look even worse by treating the users with some respect. By sharing our knowledge and skills, we can help users use the computer in a productive manner. Thanks for reading this and hope you join me in sharing knowledge either here on ITKE and/or Craigslist.

Dec 3 2008   3:50PM GMT

Holiday greeting cards, holiday shopping and computer security awareness

Posted by: Troy Tate
administration, Firewalls, Security, Microsoft Windows, Browsers, IT education, spam, antivirus, homeland security, Data security, malware, SSL, phishing, Firefox, Microsoft, anti-virus, online identity, risk, awareness, vulnerability, education, data loss

I just sent this email reminder to all users in my organization. I would recommend you do something similar if you are not already ensuring users are aware of these issues. Feel free to use my content and add your own.

 It is that time of year again when folks send electronic holiday greeting cards to one another. Some of the greetings may also be games that bear holiday messages. It is also a time when malicious software spreads using these same types of messages and software. You should also be cautious when doing any holiday shopping online or at stores. It is important that you and those you communicate with understand these risks. Your finances and identity are always at risk in today’s technology environment, but you may be less attentive during the holiday season. The following 10 tips are meant to remind you of some important security precautions.

 

1.    Do NOT use your company email address for personal holiday greetings or shopping activities. Merchants may sell your email address to other non-reputable sources and this puts your company identity at risk.

 

2.    If you receive personal holiday greetings or “cute” games at your company email address, ask the sender to not send those to you at work. Use a personal email account for those communications.

 

3.    If you do receive holiday greetings or games at your personal email address, check with the sender before opening to be sure they sent the message. Spammers and malicious software writers can easily deceive you through social engineering. They will do everything possible to get you to open their message and potentially damage your computer and/or harvest your email address as a valid address.

 

4.    Don’t trust everything you see online. Finding something on the internet does not guarantee that it is true. Anyone can publish information online, so before accepting a statement as fact or taking action, verify that the source is reliable.

 

5.    If it looks too good to be true, it probably is. You have probably seen many emails promising fantastic rewards or monetary gifts. However, regardless of what the email claims, there are not any wealthy strangers desperate to send you money. Beware of grand promises—they are most likely spam, hoaxes, or phishing schemes. Also be wary of pop-up windows and advertisements for free downloadable software—they may be disguising spyware. Close the pop-up windows by clicking the X in the top right corner. Do not click the YES, NO, or CANCEL buttons in the window. It may cause unwanted computer issues if you do. Do not trust what you see in these pop-up windows. Contact IT support if you have any questions or issues.

 

6.    Avoid phishing schemes. Banks and other institutions will not actively solicit personal information by email. When you click a link in an email asking for this type of information, your choice may risk your finances and personal identity. The link may take you to a website hosted by someone with malicious intentions. If you enter your personal information on the website, you have just had your identity taken by a social engineering attack and may have incurred a financial loss.

 

7.    If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a web site connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org/phishing_archive.html).

 

8.    If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account. Consider reporting the attack to the police, and file a report with the Federal Trade Commission (http://www.ftc.gov/).

 

9.    Do not participate in forwarding chain letters or perpetuating hoaxes or urban legends. Hoaxes attempt to trick or defraud users. A hoax could be malicious, instructing users to delete a file necessary to the operating system by claiming it is a virus. It could also be a scam that convinces users to send money or personal information. Phishing attacks could fall into this category. Urban legends are designed to be redistributed and usually warn users of a threat or claim to be notifying them of important or urgent information. Another common form are the emails that promise users monetary rewards for forwarding the message or suggest that they are signing something that will be submitted to a particular group. Urban legends usually have no negative effect aside from wasted network bandwidth, server resources and time. If you want to check the validity of an email, there are some web sites that provide information about hoaxes and urban legends: Urban Legends and Folklore - http://urbanlegends.about.com/;  Urban Legends Reference Pages - http://www.snopes.com/; Hoaxbusters - http://hoaxbusters.ciac.org/; TruthOrFiction.com - http://www.truthorfiction.com/; Symantec Security Response Hoaxes - http://www.symantec.com/avcenter/hoax.html; McAfee Security Virus Hoaxes - http://vil.mcafee.com/hoax.asp

 

10. Protect yourself while shopping online. Use and maintain anti-virus software, a firewall, and anti-spyware software. Keep software, particularly your web browser, up to date. Do business with reputable vendors. Take advantage of security features like secure passwords and encrypting information between your computer and the vendor’s website (look for the “lock” symbol in the browser or the website address beginning with “https” rather than “http”. Use a credit card rather than a debit card. Check your statements for any unusual or unauthorized activity.

 

Hopefully these tips will help you and those around you to have a happy holiday and reduce the risk of an unwelcome holiday event due to being uninformed. Please feel free to share these tips with your friends and family to help increase awareness and reduce risky behavior.

 

See the CERT Cyber Security Tips website for more information like this.

Nov 11 2008   4:07PM GMT

Did you see this? - Microsoft SharePoint Toolkit

Posted by: Troy Tate
administration, Networking, tools, Microsoft Windows, Monitoring, Development, reporting, internet, WAN, LAN, debugging, performance monitoring, SharePoint, design, MOSS, troubleshooting, Performance, howto, network analysis, Metrics, awareness, diagnostics, toolkit, analysis

Many organizations are finding value in the Microsoft SharePoint technologies. Whether you use the free Windows SharePoint Services or the Microsoft Office SharePoint Server, your organization will gain a lot of value from using these services. To enhance your ability to manage these technologies, there is a project on Codeplex called the SharePoint Toolbox. Per the website, the purpose of this project is as follows:

This project includes powerful and useful tools and add-ons for SharePoint that help developers and IT pros implement SharePoint based solutions more quickly and managed them more effectively. Contributions will come from the Microsoft SharePoint Product Group, Microsoft SharePoint Online Services Group, Microsoft Information Technology Group, and Microsoft Consulting Services Group.

I have personally used the CopyTimer utility  to measure throughput from remote sites to a SharePoint server. It worked well and helped gather some excellent data about the site and global network performance.

Enjoy using these tools and give me some feedback on what you find useful and how SharePoint provides value to your organization.

Nov 11 2008   3:58PM GMT

Did you see this? - Microsoft Windows Virtualization team blog

Posted by: Troy Tate
administration, Microsoft Windows, Virtualization, Development, RSS, blogging, design, server, awareness, blog

For those of you who are fans of Microsoft Windows Virtualization, this blog from the Microsoft Windows Virtualization Products Group might be of interest to you. Keep informed and provide feedback to the team as this useful technology becomes more widespread.

Nov 11 2008   3:51PM GMT

Did you see this? - MS08-067 and the Security Development Lifecycle

Posted by: Troy Tate
administration, Security, Microsoft Windows, patching, Development, debugging, Data security, malware, design, Microsoft, server, risk, awareness, blog, vulnerability, analysis

As you probably already know, Microsoft issued an urgent out of cycle security patch recently for a Vulnerability in Server service could allow remote code execution. Look here for additional Microsoft Security Vulnerability Research and Defense information about this bulletin. If you have not already applied this patch, I urge you to do so as there are reports of MS08-067 exploits in the wild for this vulnerability. For those of you who are developers and QA testers out there and wonder about how this vulnerability slipped through testing at Microsoft. Look at this article about MS08-067 and the Security Development Lifecycle. Like many of the responses to this blog posting say: keep code as simple as possible. Automated testing is not a panacea and keeping things simple may head off signficant problems later for all users and administrators.

Oct 10 2008   7:58PM GMT

Counterfeit Metrics - Type II Reverse Engineering

Posted by: Troy Tate
Security, Monitoring, reporting, IT education, Data security, malware, performance monitoring, botnet, Metrics, risk, research, awareness, vulnerability, dhs, analysis

If you are into metrics, you might find this article rather interesting. For Good Measure: Type II Reverse Engineering

A couple of the security metrics I find interesting:

Counterfeit hosts (zombied/botted): 30% (estimated)
Odds that neither end of a P2P session is øwned: 50–50
Bytes required to counterfeit a presidential candidate: 1

Dollar value of counterfeit Cuban
cigars: $100 million
Dollar value of counterfeit whisky: $700 million
Dollar value of counterfeit IT: $100 billion

Information like this really helps you understand why hackers and criminals do the things they do. I’m not endorsing it by any means.

Oct 8 2008   2:00PM GMT

Enterprise VOIP at CampIT Conference - Chicago 10/14/08

Posted by: Troy Tate
administration, Networking, tools, VoIP, unified communications, IP telephony, DataCenter, IT education, design, howto, awareness, education

Update: I will not be a panel member at the CampIT Conference on Enterprise VOIP being held in Chicago (Rosemont) on Tuesday, October 14. However, please try to attend this event if you are in the area and support the CampIT conferences group.

Per the CampIT Conference website:

 

According to leading industry analysts, 99% of enterprises have implemented IP Telephony.  Many made the decision to do so based on projected long term savings and increased efficiencies.  But what are the best ways to capitalize on your existing investment and prepare for the future?  How can you leverage your investments to provide new services that your business is asking for?

 

In this one day conference attendees will learn:

 

• How to leverage IP telephony and unified communications (UC) to improve business processes
• How to determine which UC services are the best fit for your organization
• How to troubleshoot converged networks
• How to determine if your IP converged network is vulnerable and what you can do about it
• How to integrate mobility with UC
• Advice from the experienced enterprise IT User: How IP telephony/UC users are maximizing their investment

The panel discussion will be at the end of the day so hopefully you will stick around for that part of the event. Even if you do not, the event will hopefully help you and your organization understand what VOIP or unified communications can do for sustained business value.

Oct 1 2008   8:03PM GMT

Financial Crisis & Technology Accelerators

Posted by: Troy Tate
administration, homeland security, financial analysis, government, website, Metrics, threshold, risk, awareness, blog, Wall Street, analysis

We all know that things in the US economy are bad right now. Looking back we wonder if anyone was thinking ahead and thinking “what-if” and managing the risk. Apparently no one was doing that and here we are today with the government working on a $700 billion bailout for some critical financial organizations to ensure the world credit market does not collapse.

Speaking of looking back, I was recently reading the book Good to Great by Jim Collins. This is a easy to read business management book with some very good nuggets. It was written in 2001 and focuses on several companies and what it took for them to exceed the general market and become what the researchers considered great companies. Some of the companies mentioned include Abbott, Circuit City, Fannie Mae, Kimberly-Clark…

Wait, did I just say Fannie Mae? Isn’t that one of the companies that is being bailed out by the US government? Why yes it is! Interesting… before 2001 Fannie Mae was considered a great company according to Mr. Collins and team. You are wondering how I am relating this to IT or technology. Well, one of the chapters in the book is titled “Technology Accelerators”. This chapter focuses on how do “good-to-great organizations think differently about technology?” The book says that Fannie Mae:

“Pioneered application of sophisticated algorithms and computer analysis to more accurately assess mortgage risk, thereby increasing economic denominator of profit per risk level. “Smarter” system of risk analysis increases access to home mortgages for lower-income groups, linking to passion for democratizing home ownership”

As we have seen, something must have changed since 2001. Fannie Mae is no longer considered a great company since it is in need of so much taxpayer help due to poor risk management. What did the company do with the technology that made them so great before 2001? Did they just modify some Excel spreadsheet and change the threshold so some cells that were red are now yellow or even green? Did they ignore the idea of managing mortgage risk to ensure that people could have the “dream come true” of home ownership?

I cannot answer that since I am not part of Fannie Mae or any financial institution. I just ponder what if they had continued to use technology effectively in addition to making less risky decisions if they would still be considered a great company.

One thought I want to leave you with is one of the unexpected findings by Mr. Collins and his research team about technology accelerators:

“The idea that technological change is the principle cause in the decline of once-great companies (or the perpetual mediocrity of others) is not supported by the evidence. Certainly, a company can’t remain a laggard and hope to be great, but technology by itself is never a primary root cause of either greatness or decline.”