Support archives - IT Trenches

IT Trenches:

support

Oct 7 2009   6:38PM GMT

IT services and The Three Chinese Curses



Posted by: Troy Tate
IT, information technology, professional, career, network analysis, service level, support, information security, infosec, trojan, bot, botnet, Security

In America, October is the time when haunting, evil spirits and curses come to mind. Earlier today I posted a blog entry titled Can IT education bring an end to the recession? I used a quote that is attributed to a series of Chinese curses that go in ascending order of severity. After I used it, I pondered on the other two curses and their applicability to IT services.

According to Wikipedia, the three curses are:

  • May you live in interesting times.
  • May you come to the attention of those in authority (sometimes rendered May the government be aware of you)
  • May you find what you are looking for

Continued »

Sep 14 2009   1:49PM GMT

Microsoft does not patch vulnerability for supported version of Windows



Posted by: Troy Tate
Microsoft, information security, vulnerability, risk management, patches, tcp-ip, tcp, tcp/ip, Windows, windows 2000, support, Microsoft support, threat, risk

Last week was the September issue of Microsoft “patch Tuesday”. The September 2009 Microsoft Security Bulletin lists a number of vulnerabilities. Microsoft held the bulletin webcast on Wednesday, September 9, to discuss the vulnerabilities and customer concerns.

One particular bulletin is creating some concerns for Microsoft Windows 2000 users. MS09-048 is a bulletin for a vulnerability to the TCP/IP stack in all current supported versions of Windows. The bulletin describes the vulnerability:

Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)

This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

Even though the bulletin here describes it as potential remote code execution, the webcast focused more on the denial of service threat due to this vulnerability. Unfortunately, Microsoft has chosen to not issue a patch for Windows 2000, even though Windows 2000 is a supported version of Windows with regards to patches and security fixes. ComputerWorld gives a good amount of detail in the article: Microsoft: Patching Windows 2000 ‘infeasible’ Dark Reading published Microsoft, Cisco Issue Defenses For TCP Denial-Of-Service Attack and The Register published Microsoft, Cisco issue patches for newfangled DoS exploit.

I know that there is a reasonable population of Windows 2000 machines in operation at my organization. So, this choice by Microsoft to not issue a patch for this vulnerability raises some concerns. Fortunately the vulnerable population is not publicly exposed and does not have mobile users. The layered defenses we have in place should help mitigate the risks to our environment. However, the risk is still there and the threat needs to be addressed. What other vulnerability will come out that Microsoft chooses not to address in a supported operating system? Are you facing the same situation in your environment? How large is the risk to your environment? What are you doing to address these threats? Why are you doing what you are doing? Share your thoughts with other ITKE readers.

Thanks for reading & let’s continue to be good network citizens.


Jun 25 2009   3:37PM GMT

Tips for negotiating a managed services contract - the vendor selection process



Posted by: Troy Tate
managed services, contract negotiation, strategy, management, support, cost reduction, vendor management, vendor selection, sla, service level agreement, negotiation, rfp, proposal, request for proposal, project management, project work breakdown schedule, wbs, technical requirements, technical vendor management, evaluation, vendor evaluation

You have now received back the proposals from the vendors based on the RFP that you built according to the RFP anatomy described previously.

Maybe you forgot the steps before the RFP. You can go back and review:

The first post in this series covered two questions: Where are you? and Where do you want to go?

The second article in the series described the calendar of events or how many shopping days do we have?

This third article in the series covered the actual RFP (request for proposal) anatomy and contents.

This final posting will discuss the vendor selection process - planning for the wedding (or engagement).

Let’s get talking about vendor selection and awarding the contract! Continued »


Jun 24 2009   2:00PM GMT

Tips for negotiating a managed services contract - anatomy of an RFP



Posted by: Troy Tate
managed services, contract negotiation, strategy, management, support, cost reduction, vendor management, vendor selection, sla, service level agreement, negotiation, rfp, proposal, request for proposal, project management, project work breakdown schedule, wbs, technical requirements, technical vendor management

The first post in this series covered two questions: Where are you? and Where do you want to go?

The second article in the series described the calendar of events or how many shopping days do we have?

This third article in the series will cover the actual RFP (request for proposal) anatomy and contents.

The fourth article will discuss the vendor selection process - planning for the wedding.

Hopefully you are now ready to dive into the RFP itself. Continued »


Jun 15 2009   8:45PM GMT

Tips for negotiating a managed services contract - how many shopping days?



Posted by: Troy Tate
managed services, contract negotiation, strategy, management, support, cost reduction, vendor management, vendor selection, sla, service level agreement, negotiation, rfp, proposal, request for proposal

The first post in this series covered two questions: Where are you? and Where do you want to go?

This second article in the series will describe the calendar of events or how many shopping days do we have?

The third article in the series will cover the actual RFP (request for proposal) anatomy and contents.

Continued »


Jun 12 2009   2:29PM GMT

Tips for negotiating a managed services contract - where are you and where do you want to go?



Posted by: Troy Tate
managed services, contract negotiation, strategy, management, support, cost reduction

IT is not the first business of a manufacturing company. Nor is it very high on the list. Having said that, a lot of manufacturing (and other organizations) use various managed IT services. I will be writing a short series on how to negotiate managed IT services for your organization.

This first posting starts with two questions. Continued »


Jan 19 2009   8:13PM GMT

Skype users - does anyone use this on ITKE? - or is it overhyped?



Posted by: Troy Tate
Skype, VoIP, Security, Firewalls, support

Recently I posted a question about using Skype in a corporate environment. Based on the lack of any feedback, it really makes me wonder if Skype is an overhyped solution for corporate environments. I also posted the same questions to another professional mailing list I subscribe to and received only one (very good) response from that peer group.

So, to be redundant, I want to ask you blog readers the same questions. If there are no responses, then I will take this to mean that either your organizations do not use Skype or that you would rather not share poor experiences. I would appreciate feedback either positive or negative about using Skype in corporate environments.

As is true with most organizations today, we are under pressure to reduce costs where we can. Some users are coming and asking why we are not using Skype for international calling. I’m not sure if I fully understand the risks so I am posting this question here on ITKE.

Has anyone implemented Skype for their organization and is supporting it on company networks and equipment? If not, why not? If you have implemented Skype services, some additional information would be useful.

What precautions were required before implementing this service/application?
What has network usage been like since implementation?
What configuration changes at the firewall (both edge & client) were needed to support the application?

Please feel free to share any other advice you may have about this type of service/application.