Lornet

OK everyone hates them (complex passwords), but there is a compelling story I want to tell about a client that decided not to do it.  Public servers, specifically mail servers are constantly being probed for logins.  Simple passwords are broken easily.  In this clients case one users account was broken into.  Without even knowing it that username and password was then spread around the world.  When we were alerted to the problem there was 58,000 spam emails in the outbound queues marked for sending.  All because complex passwords were not required.  This client will also be internet blacklisted for a while because of the volume of spam they were spewing just because of a simple password.  So the moral of the story is make yourself protected by using complex passwords.  The password should not look like a real word.  Complex passwords should have a minimum of 8 characters.  Those 8 characters should be random uper case, lower case, numbers and at least one symbol.  We use a tool called passutils from PC Tools to generate passwords.  It creates good secure complex passwords that would make breakins like described above very very rare.   Kind of makes me wonder about online banking services where maximum of 7 characters is mandated and complexity is not required.  How safe is your bank account

OK everyone hates them (complex passwords), but there is a compelling story I want to tell about a client that decided not to do it.  Public servers, specifically mail servers are constantly being probed for logins.  Simple passwords are broken easily.  In this clients case one users account was broken into.  Without even knowing it that username and password was then spread around the world.  When we were alerted to the problem there was 58,000 spam emails in the outbound queues marked for sending.  All because complex passwords were not required.  This client will also be internet blacklisted for a while because of the volume of spam they were spewing just because of a simple password.  So the moral of the story is make yourself protected by using complex passwords.  The password should not look like a real word.  Complex passwords should have a minimum of 8 characters.  Those 8 characters should be random uper case, lower case, numbers and at least one symbol.  We use a tool called passutils from PC Tools to generate passwords.  It creates good secure complex passwords that would make breakins like described above very very rare.

I think everyone in the worl is aware of the spam/uce problem on the internet.   The problem is growing and world governments are doing little together to stop it.  I have seen estimates as high as 92% of the internet traffic is spam.  So what can you do about it?  The answer is: very little.  Yes you can have spam filters on your desktops but what good is that?  Again, virtually nothing.  But why?  Because by the time you have downloaded that junk mail the bandwidth on the network has already been wasted.  Think about it.

So the next big question is where should the spam filtering point be?  I gurantee you it should not be your ISP.  That said it is the only place that can do it easily, more later.  The real filtering point needs to be on the internet backbone.  Hard place to do it but if we could block 60% of the spam or more before it gets on the backbone then imagine how much faster the internet would be.  So why should it not be your ISP or mail provider.  OK before I lay it out, yes it would be a good place to trap outbound spam, but most of the time this does not work as spammers avoid using ISP's mail servers.  So maybe on their gateway to the internet backbone.  What about Inbound?  Like your desktop if the mail has reached your mail provider it has already wasted the bandwidth on the internet.  It saves the bandwidth of downloading it to your computer.  OK so that is a plus.  The real issue is developing gateway antispam that can knock it down before it gets to the backbone.  I have yet to see such a device or router with such software.  I would recomend that it be cloud based.  I know many ISP's have locked down outbound SMTP, but it is easy to circumvent right now.

 OK that leaves ISP/Mail provider filtering.  There is some really good stuff out there right now to do it.  In Linux/UNIX spamassasin is hard to beat. on the Microsoft side there is only one tool we trust and that is Vamsoft's ORF.  Especially now that 4.3 is in Beta.  It provides DNSBL, HELO, SPF, Reverse DNS, DHA, Honeypot, Greylisting and a slew of other tools.  The best peice is the HELO, SPF, Revese DNS and Directory Harvesting with User Checking.  Ninty Percent of the spam we block fails these simple tests.  Unfortunately all but SPF and Reverse DNS can not be done on a gateway (yet).  Vamsoft continues to enhance ORF to be a really effective tool in combating spam at the MAIL Provider level and nothing we have tested has even come close.  Spamassasin likewise has very sophisticated tools to catch the junk before it gets to you, but most of those I have talked to are unwilling to implement the full scope of what it can do.   So talk to your Mail Provider if you are getting tons of spam a get them off the dime.  It is time SPAM and UCE just dies a horrible death and give us back our internet spead.

Managed Services so is it what small businesses need?  First what is this nebulous thing.  Well maybe lets look at it another way.  In larde companies most have full time IT staff.  In a small company you may or may not even have a server.  When something goes wrong you end up calling someone like us to come in and fix whatever broke.  THis may happen many times a month and you have to wait while an engineer is driving to you.  Then you get a bill for those services and it can be multiple hundreds of dollars for the accumulated visits.  This is really what Managed Services attempts to solve.  It is a peice of software that lives on your server or designated desktop.  It monitors and collects information about all the computers and network devices in your network.  This information is viewed at a provider such as us.  We can take proactive action to correct a problem or dispatch an engineer to fix a problem before it causes downtime.  It also provides us and the business owner a complete inventory both software and hardware.  It monitors disk space and many other key peices of information with each device.  Managed Services also generates reports which are sent to the business owner in laymans terms.  The whole concept is to reduce the number of calls you have to make to us the provider and less onsite visits which cost you money.  Plus give the owner and the company accountant a good accounting of all the equipment.  There is a lot of other things Managed Services buy for the small business and maybe can help lower your overall technology costs, which in todays economy just makes plain sense.  So in a nutshell here are the benefits:

1. proactive support of your technology with less onsite visits.
2. lower overall technology costs
3. higher uptime
4. inventory of all the technology equipment and software .

For more detail look at the attached document on our Managed Services offering.

MSPcustomer_brochure.pdf (285.61 kb)

A majority of our clients are small businesses.  most of those do not have a server.  OK terminology they have a workstation that is sharing files and that is what they call a server.  But does this really work and how can it be better.  To answer this one has to understand workgroup computing.  Yes there exists a machine in a workgroup or multiples that serve files.  If the file is changed by another user on another computer everything works.  THe same with printing.  The issue is that a user can create a file on their system in their My Documents directory that is only available to them and may never get backed up.  File sharing becomes interesting as user change their password on their local machine as the network share will then deny them access.  This is because in a workgroup environment user identical user accounts must be set up on each machine or you must disallow all security.  So we now have two issues security and backup.  One of the easiest solutions to this problem is Microsoft's Small Business Server line of products.  It solves the user security issue by creating all user accounts in one place and those accounts work on every computer.  With My Documents redirection, everyone's My Document folders are synced back to the server, which gives a single backup point.  Plus if you go to another workstation your My Documents folder from your other computer is accessible to you.  More important is now all the critical files can be backed up from one place.

Of course Microsoft SBS has a ton more features which include Sharepoint services for collabrative work, Exchange Mail Server, Windows Server Update Services (to ensure all the systems have the current security patches), Remote access to your network and desktops.  You can even do your own web site.  There is a lot more behind SBS than these items, but for most Small Businesses, print and file sharing and disaster recovery are critical and not really addressed in Workgroup computing.

We had a client email us today about a deal she was offered at a big box store.  She was concerned about the special addons they wanted to put on her new system.  Mainly she was concerned about a certain security software package.  She was right the offer was junk.  But she did not know.  Obviously the big box store employee did not know either, the boss said to and that was it.  The bottom line is consumer computers wether purchased online or through big box stores comes with more junk and trash than the local garbage dump this includes security software that belongs in the local garbage dump.  Needless to say the big box stores advertise they have techs on site that do all these marvelous things.  Well I doubt they have engineering degrees or computer science degrees (well with the economy the way it is they might).  The fact is before you let some salesperson or non-certified person install software on your new machine, check with a certified degreed IT consultant, most of us offer this kind of service for free.