Service Oriented Architecture (SOA)

A friend of mine pointed me to an interesting article on SOA called Service Oriented Architecture is your Ticket to Hell.

Its on a blog called "The War on Bullshit" It's a short, but good read on a few of the flaws of SOA

Bookmark this post:

Things I hate about Vista, and How I fixed them.

I've been using Windows Vista off and on since the first release years ago and have watched it grow and turn into a pretty good OS. (yes some of you hate it, I know, I know...but I don't care) Durring this time I have found that there are things I love about Vista, things I like about Vista, and things that just irritate me about Vista. So instead of just dealing with the problems, I decided to fix them.

1. The size of the icons on your desktop are freaking huge. Even at the smallest size they are way bigger than what I wanted. So I installed ObjectDock by Stardock and chose not to see desktop icons in my display settings. It's essentially a clone of the dock that the Mac OS comes with. I always liked that feature in OS X so now I have it on my PC and it got rid of the giant icons.


2. The Log-in screen. I hate the way it shows the user image when you try to log in. And for security reasons I prefer it not to show the last user who logged in, so I altered the local security policy so when the computer turns on, you need to press CTRL-ALT-DEL then enter your user name and password. No user image, no pre-filled user name. To do this go to control panels --> Administrative Tools --> Local Security Policy --> Local Policies --> Security Options and then set "Interactive Log on: Do not require CTRL+ALT+DEL" to disabled. Also set "Interactive Log on: Do not display last user name" to Enabled.


3. It's sluggish at times. Set page file to 2500MB (set, not variable or controlled by the computer. This prevents the drive from getting as fragmented) I also turned off the visual aspects I don't like (not all of them because I like Aero and Glass) and use ReadyBoost. Having 2Gb of RAM in my laptop doesn't hurt much either.


4. Vista User Account Control: From a security standpoint this is a great feature, it doesn't allow the user to do anything requiring Administrative level privileges without checking first. Its similar to how even if you are logged into a admin account in a *nix environment you still need to specify that you want to run a task as an admin. From a usability standpoint, it sucks. So I turned it off. Id explain it how, but My Digital Life does a nicer job and give 6 ways to turn it off.

Bookmark this post:

Product Review: LogonStudio Vista

Being that I'm on a computer most of the day, I like to make them my own. I like every aspect to be just right, and big part of that is how it looks. Changing color schemes and desktop wallpapers are nice (and I do both) biut one feature that is a bit more difficult for the average user is changing the log in screen. Today I came across a program for Windows Vista that makes it effortless. The product is called LogonStudio Vista by Stardock

LogonStudio Vista by Stardock is a very simple specialized piece of software that allows you to change the log in screen on a Windows Vista computer. You simply install the software, and via a very clean and clear GUI pick the photo you want (either from a few that come with it or from your hard drive) and it will set it as the background for you log in screen. In all it took me about a minute to download, install, and then change my log in screen.

Stardock also offers several other tools for modifying your Windows user interface so go check them out.

Bookmark this post:

The "fix it" Button and tips to prevent using it.

OK, we all know that there is no magic "fix it" button when it comes to computer. (Trust me, I've built tons of them and have fixed even more, if it was there, I'd have found it). So I'm going to try and do the next best thing and offer some advice to help you find out what is causing the problem with your computer.

Restart the computer:

The first thing I always ask my clients/users to do when they are having trouble with their computer is to just restart it. whether it is the computer just acting sluggishly, a program not opening properly, a web page not loading properly, just go ahead and give the computer a restart. Restarting computers fixes so many problems it is ridiculous. It is the closest thing to a magic button there is.

The reason restarting fixes so many problems is because while you are running programs and opening files on a computer, the computer is storing them into temporary memory. If for some reason, one of these files get written incorrectly to that temporary memory or conflicts with a file that is already there, it can cause problems. Restarting the computer clears out that temporary memory.

(tech secret: having a user restart a computer does more than just clear the temporary memory on their computer. It also clears that mental block a user creates that makes them think "this computer is broken!" Once the computer reboots, the computer has done something so it changes the users mind state to again think the computer has the chance of working, and usually it does. This works especially well when users are mis-typing their passwords and refuse to believe that is the problem)

Think Back:

"But it was working earlier!" is one of the worst arguments ever made. Everything was working before it was broken, so your goal is to find out what happened at the point where the computer went from "working" to "not working". So think back. What were you doing the last time the computer was working? Did you install a new piece of software? Did you install a new piece of hardware? Did you attach any new peripheral (printers, scanners, mp3 Players, Digital Camera, etc).

If you did, uninstall them. There is a good chance that whatever you installed is causing the problem. Yes, even plugging in a simple peripheral can cause problems, because when you plug it in, your computer needs to install drivers (basically the set of instructions for your computer to use a device). These drivers sometimes can cause conflicts with other software/hardware on your computer. So the easiest way to test if this is the problem is to remove them (contact the manufacturer of the product for instruction on how to remove hardware drivers from your computer)

Tips to prevent problems:

• Always follow the instructions that come with products you are installing. Some computer components are finicky about how you install them and doing steps out of order can cause unexpected results (and they usually aren't for the better)
• Get some anti-virus software (especially if you use the Windows Operating System). It's not that expensive (or go with a free product like AVG) and it will help keep you computer running smoothly.
• Make sure your software is up to date. All operating systems come with an updater, use them. (For windows users is called "windows update" or "Microsoft Update" and is located in the programs section of your start menu.) Software updates fix small bugs that you might not even notice are there but that can increase the performance of the software, they also fix critical issues that can affect the security of your computer.
• In addition to software updates, be sure to occasionally check for Driver updates for your hardware as well. Using Microsoft Update will show most of these as well. Drivers are essentially instructions for your computer on how to use a piece of hardware. If better instructions are available, you should use them. Typically they increase stability, reliability, and occasionally will add more functionality.
• Be smart. If you are surfing the internet and a window pops up that says "you just won a car!" don't click it. If something seems too good to be true, it typically isn't. Clicking on pop ups like this all but guarantee that you will start seeing more and more pop ups.
• Don't download anything unless you know it is from a trusted source.
• Be careful with Email. If you get a message from someone you have never heard of offering you something, delete it. Remember, if it sounds too good to be true, then it probably isn't. Also, don't download attachments from people you don't know, and NEVER give out personal information about yourself. A bank or credit card company, heck NO well run company will EVER ask you for personal info (i.e. social security number, password, address, etc) via email. The reason for this is because e-mail is not a secure form of data transfer. If you get an email requesting this information (even if it looks legitimate) call the company who is requesting the info and verify with them over the phone the information they want.
• Do basic system maintenance. Operating systems come with tools for this. Use your disk defragmenter and disk clean up utilities. These tools will help your computer run smoothly and last longer.
• Let a professional help you if you aren't sure how to do something. Stores like Best Buy and CompUSA get a really bad rep. and personally, I don't like either of them for various reasons (there are tons of complaint boards on the net about both if you need reasons) but look for a local computer repair shop, ask friends where they have had a good experience, and take your computer there.

Bookmark this post:

Balancing Security and Usability: The Human Factor

Social Engineering: n. the act of obtaining or attempting to obtain otherwise secure data by conning an individual into revealing secure information

One element of digital security that is typically over looked is the human element. People, for the most part, are trusting and want to help others in need. While this may be good for the human race in general, its not good for security, and thats what we are talking about.

Training staff members to recognize and protect sensitive data is imperative to keeping it a secret. In addition to recognizing what should be considered sensitive, a staff member must also recognize an attempt from a non authorized person to obtain that data.

For instance, most companies post the names of their executives or other prominent members of their organizations on their website. If a person were to call in to one of your smaller offices, or call someone low in the company answers the phone (we'll call her "Jen") and says they are the VP of sales, most employees probably wouldn't challenge that fact unless they happen to know the VP personally or have at least met enough times to recognize the difference in voice etc. Because of this Jen is probably going to be on her best behavior and want to help as much as possible. If the person calling says they are on a business trip and cant seem to find the number for the IT department or Help desk and needs his password reset, I'm sure Jen would happily turn over that information, because what harm could that do? Now the caller can call that inside phone number, but instead of saying they are the VP of some department, they say they are a new employee (with another phone call a person can obtain the name of an employee) and Jen told them to call here to get their password reset. This gives the caller some perceived credibility since they seem to know a person in the company and also because they are new, people want to help them. So the person taking the call, if not properly trained, or if no checks are put in place will reset their password for them and the intruder now has a user name and password to access company info.

This is a really simplified example, but unfortunately its not unrealistic. Without proper training, staff wont challenge someone the perceive to be their superior. So staff need to both know they should do this and also feel comfortable doing it. In the military soldiers are trained to challenge those who approach an area they are guarding, they are taught that they should respectfully demand proof of identification if one claims they are a superior. This is the thought process staff should be trained with. No one wants to inconvenience another person, especially one who is their superior, but for the sake of security and confidentiality, it is sometimes necessary.

So how do we prevent things like this from happening? There are a few things that can be done.

* Teach staff to identify sensitive information. And properly label items as "internal use only" or "confidential" to prevent any confusion.
* Be sure staff know never to share their password, not with anyone, not even the IT staff. Your IT department can reset the password if they need access to your account, its rare they will actually need your password.
* Put policies and procedures into effect that control how user names/passwords are controlled. Who can do password resets? Who can authorize them? and how do you verify the identity of the person who is requesting it?

But primarily what you need to do is educate you staff and have them understand the reason these things are considered sensitive. Saying "this is bad" doesn't mean much to a lot of people, explain why its bad, explain what can happen if that data is released to the wrong people, and be sure they understand it. Have consequences for when data is mistakenly released, but do not rely solely on the fear of consequences to get staff to follow these rules. And of course treat you staff well. People who feel appreciated, who are happy at their jobs, and who feel they are a part of the company will protect it's interests. A guy you yell at, who hates where he works, and doesn't really give a damn will probably give up what ever info is asked for just because it makes no difference to him.

Bookmark this post:

False Security

Many believe that having "false security" or having the perception of a secure environment is more dangerous than having no security at all because at least when you realize you have no security, you are on the look out for strange behavior.

An example of false security that I have seen were the door guards at a retail store I worked at. When employees left for the day, the door guard was instructed to check the employees bag to be sure they haven't taken anything. In addition to that, if the employee owned a product that the store sold (it was an electronics store so it was very common) we had to log them into a book and include make/model/serial number. It sounds like a good idea right? well here are the flaws.

1. Security never checked the serial number/make/model against the log book.


2. Security often would look in just one pocket of a bag, and just glance so it looks like they did their job.


3. Employees could easily add the make/model/serial number of something they stole to the log book so it looks like it was theres.

These were the three biggest flaws. This is false security. At most it is a deterrent to employees who want to steal because there is a slight chance they could get caught. In addition to this it wasted my time as an employee because I would have to stop, wait behind customers who were also leaving, just so the door guard can pretend he gives a crap and checks my bag.

What this does is gives the company the feeling that they are protecting them selves, but in reality they are paying staff to not do anything. Then they wonder why things get stolen so often.

A way to prevent false security is to be honest with your self. Do an audit on your security practices, and be honest with the results. DO NOT make excuses for why things didnt go the way you had hoped. "well, it was an only an audit...that wouldn't happen if it were real" is a bunch of crap. To get a real feel of how things are going, pay an outside company to do the audit, and don't tell your staff. If you say "we are being audited on security on Tuesday" they will be on their best behavior on Tuesday, this will give you a false reading of what really happens. This is the same reason large retail companies pay "secret shoppers" its an audit of their performance. The same should be done for security.

Bookmark this post:

Debunking the Myths

Mac Myths Debunked:

* Macs are More Expensive: There are a few reasons Apples are perceived as more expensive than PCs.
o The first is because there are a limited number of models of Macs available at any time. If you actually compare a PC with the identical hardware as that of the Mac you are looking at instead of comparing a Mac Pro with some bottom of the line eMachine you will see the actual price difference isn't nearly as severe as you thought.
o Apples do not come preloaded with trial software from 3rd parties. A PC will come loaded with a trail of some ant-virus a trial of MS Office, a trial of some DVD making software, etc. Each 3rd party who wants their software on the computer pays a little to the maker of it and that helps subsidies the cost of your computer.
o Apple spends a lot more time on the design of their product than a PC so in most cases you will have a much cleaner looking computer.
o Apple includes more full versions of software than the typical PC (iPhoto, iMovie, iTunes, etc.) this is not to say you can't get similar software for free on a PC, but they don't usually come preloaded. (although some do)
* You can't find good business software for a Mac:
o This is outdated. Not only are there great business apps available on the Mac of, but with things like Parallels, Bootcamp, and Virtual PC you can run Windows on your Mac, which means if its on your PC...its on your Mac.
* Macs can't get viruses:
o This is false. Although the Mac OS has no viruses that I'm aware of, the software that is running on your Mac can still be exploited.
o It is true that there are a lot less viruses for the Mac. The most common argument is that the reason for this is because Mac has way less users, now while this is true, it is not the complete reason. Part of the reason is not the number of people who use the product, but the target audience of the product. Microsoft has the business world locked into their products (for now). Many viruses are made to target businesses, so that's the software you want to exploit. Also Microsoft Windows is less secure out of the box than the Apple OS, it can be secured very well, but most people don't know how to do it, and because of that, they are more vulnerable. So yes, there are more viruses.

PC Myths Debunked:

* You can't do audio/video/photo editing on a PC:
o This is not true. There is professional grade software for the PC is ready available.
o No, this software will not run well on that 400 dollar PC you just picked up, but if you buy a good machine, they will run very well.
* PCs are not secure:
o This is false. PCs are only insecure if you do not take the time to patch/update and secure them. A good windows administrator can make his Windows server just as secure as a Good *nix admin and a good Mac admin.
o There are TONS of software available to assist with this if you aren't capable of doing it yourself, and Microsoft includes some of it for free (windows defenders helps with ad ware...although its definitely not the greatest. Windows Firewall does a decent job) and there is a lot of free software that is even better than that. The problem is the average user does not take the time to learn this, so PCs are perceived as more insecure because out of the box they are and its rare that a user will make the appropriate fixes.

So which computer is "better"? The answer is which ever fits your need. Do you feel more comfortable using the windows operating system than you do Mac OS? Do you really need all the power that is included in even the bottom of the line iMac? In reality, if all you are doing and all you are planning on doing is writing word documents and checking your email, than any computer you buy (or have bought in the last 5 years) is powerful enough. But if you want to do photo editing, or movie editing, even if just for fun, then you need to look for something that fits that need.

PCs are great if you are looking for something cheap, if your budget is around 600 dollars then yea, you can definitely find a computer for that much, but it will include a bunch of demo software that you will need to remove. If you want something that takes up a little space, looks good, and runs well and will take little upkeep, buy an iMac. There is a reason stores have these all on display, it's so you can look at and play with the different features of them. Use the tool you are comfortable with, not the one that you read was better for reason xyz..

Me? I use Windows primarily. It fits my needs perfectly, I am very familiar with them and because of that, I can secure and control a network full of them. I also have a desktop running Ubuntu on it so I can get even move familiar with the *nix operating systems, the more I use it the more I love it, its great, but I still haven't been able to say that I am confident in my ability to secure it, and then deploy 100 of them and manage and secure them properly. I have used Macs in the past and they are great. Their interface is clean; they come with great user friendly software. The hardware is good and high quality. But for me, they aren't the right fit. I like to build my own computer; I can't do that with an Apple, not yet anyway. And at the end of the day, I just can't justify spending the money on one since it doesn't fill any specific need for me. Do I recommend Apples to other people? Of course, if they are a good fit for that person. But not because of the Myths mentioned above.




Digg!

Bookmark this post:

Balancing Security and Usability: Biometrics

Biometrics: n. The measurement of physical characteristics, such as fingerprints, DNA, or retinal patterns, for use in verifying the identity of individuals.

In recent years the use of biometrics as a way to authenticate users has become more and more popular. Fingerprint scanners are now readily available at electronics stores and are becoming standard on laptops. The reason for this is because using fingerprint recognition is an easy and fairly accurate way of identifying a person without the need for them to remember a password. In addition to fingerprint recognition some building have begun using palm scanning and retinal scanner (to a much lesser extent) as a way to identify the person who is trying to get in.

Why Biometrics are gaining popularity:

• Each person has unique characteristics (finger prints, palm prints, retinal patterns, etc) even identical twins. So both duplication and imitation are difficult


• It is more convenient for a person to place their hand or finger on a scanner for 1 or 2 seconds than it is for them to type in a password


• A person cant give out their fingerprint like they can a password, and it is much more difficult to steal a fingerprint than it is to intercept a password.


• The cost of implementations is dropping


• They are a relatively easy way to add another layer of security to your environment.

Biometrics, as well as most other forms of security, are best used in layers. So in many cases (especially those involving access to buildings, offices, or vaults) your fingerprint or palm scan is only part of the equation. Many times you must use your fingerprint, and once that is accepted enter a password or PIN. This type of set up is more secure than having a person use a username/password combination because it requires the person to both know something (their password) and physically have something (their fingerprint) so for an intruder to gain access it becomes very difficult.

There are downsides to using biometrics however. One major downfall of using finger prints or palm prints would be the fact that they can change with age or even with weather. if your hand are cold your skin will shrink some and change your finger print slightly, or if you have lotion on your hands, or your hands are damp in general the scanner will get an inaccurate reading. Or if you are in an environment where employees hand are prone to calluses or cuts (construction work for instance) the finger and palm prints may be altered temporarily because of it. The quality of both the equipment and software that you are using come into play here. Most software for fingerprint recognition can accommodate for the slight changes that occur due to weather or dampness, but none will identify the fingerprint if there is a large cut or callus over it.

Using retina scanners is also very expensive and many people are hesitant to let a laser shine into their eye. Also, contact lenses can cause the scanner to get an inaccurate reading and will cause problems.

However, the use of biometrics is not full proof. As any form of security becomes popular, there are people looking for way to get around it. Many people have found some simple ways to trick fingerprint readers into allowing them access. For instance, some were able to lift a previous fingerprint off of the reader using standard fingerprinting techniques used by police (i.e. dust to stick to the oils left behind and removal with tape) and then were able to replicate that print using latex and in a few cases using a gummy bear to hold the print temporarily. So, stealing a finger print may be harder, but its not impossible. Steal a palm print is even harder to do since palm shape is also taken into consideration so a simple glove wouldn't do the trick, but still they have been beaten.

Because of these flaws having a staff aware of the danger of intruders is crucial and will be the topic for the next part of the "Balancing Security and Usability" series.

Bookmark this post:

"local security authority could not be found"

This error message has been popping up a lot at work and took me a while to figure out 1. what is causing it and 2. how to fix it.

Here is what I have gathered so far:

1. The error is caused by a incorrect password be cached into memory somewhere then trying to be submitted to a server requesting authentication via web page


2. I Have experienced it while trying to access pages on a Microsoft Sharepoint server


3. It usually occurs if you either have your browser to authenticate you to the page automatically either with the credentials you use to log in, or with credentials previously saved or if you have previously saved credentials and click ok when the pre-filled authentication window pops up.


4. The only resolution I have found for this is to force the website to ask for authentication. You can do this by going into your internet security properties and under the custom settings select the option that forces a prompt for authentication rather than using saved credentials. Be sure to do this for all zones, since if you do it just for the internet zone, and this is on an intranet, it wont effect it.

Comment if you find out anything else. For now we have just set the group policy to force everyone to always authenticate, it seems to be working.

Bookmark this post:

Balancing Security and Usability: Passwords

For this portion of the Balancing Security and Usability Series we will discuss the following things:

• Using Passwords effectively


• "Weak" v. "Strong" Passwords


• How passwords get cracked


• Password Complexity Policies

Passwords:

One of the most well known, effective and easily implemented forms of security for a computer is a password. Passwords are a string of letters, numbers, or special characters (!,@,#,$, etc) that individuals can set in order to prevent unauthorized people from accessing data. Passwords can be set for individual files/folders and then be shared among authorized users or be set for individual user accounts which each have permission to access particular files/folders.

All passwords are not created equally, and some types of passwords are better than others, but in general, any password is better than no password. What differentiates a "strong" password from a "weak" password is the length and complexity of it. For example: Using the password "password" is not as good as using "Pa$$Word!" the reason for this is because the first is very simple in terms of guess ability and crack ability.

To understand why some passwords are better, it helps to know how the tools used to crack passwords work. There are 2 basic types of passwords cracking tools. The first uses what is called a "dictionary attack". Essentially what it does is enters words that it pulls from a list that is pre-defined by the attacker in hopes that one of them will be correct. So using "password" which is a word that is found in the dictionary would probably be cracked in seconds. Where as "Pa$$Word!" is not a real word, and would have to be entered in that exact format on the list for it to be able to be cracked. The second is called a "Brute Force" attack. And the way it works is it just strings together random characters in hopes of eventually hitting the correct combination. This attack is very effective, and if given enough time, will eventually get your password. This is why longer more complex "strong" passwords are much more effective.

In addition to having a good, strong password, it is helpful to change it at periodic intervals. (6 weeks - 3 months is a typical time frame) the reason for this is just in case someone does get a hold of your password, they wont be able to use it forever, because it will eventually change, so they have to go through the cracking process again, and they again risk getting caught.

One way many companies prevent passwords from being cracked is by "locking" accounts that have too many failed log in attempts. So for instance if the incorrect password is entered 5 times in a row, within an hour the account get locked and the user must contact the administrator. Or Companies may place a limit to how many times you can attempt to log in a given time so a person may only attempt to log in 5 times within 15 minutes before his account is temporarily locked. After the 15 minutes, the account is unlocked and the user can try again. (This slows the attack process and increases the risk for the attacker)

So now you must be thinking "good, Ill make it so my users have to have a password that is at least 15 characters long, include letters, numbers and special characters, and they have to change it every month" unfortunately its not that easy. What ends up happening a lot of the time is if it is too hard for an end-user to keep their passwords straight, they end up writing them down on a post-it note and stick them to their monitor. This sort of defeats the purpose. Or what also happens is your IT staff will start getting a lot of calls to unlock accounts and reset passwords, which takes time and wastes resources. So you need to find a balance that works with your organization.

A typical mid-level security password policy might include the following standards

• Passwords must be at least 8 characters long


• Password must contain 3 of the following types of characters: Uppercase letters (A, B, C, etc.), Lowercase letters (a, b, c, etc.), Numbers (1, 2, 3, etc.) and Special Characters ($, %, &, etc.)


• Password cannot contain your username or your real name


• Password must be changed every 90 days (password cannot be reused for 3 rotations)


• Password must be in place for at least 7 days before it can be changed again

Again, this is just an example, and may not work for your organization. Maybe you don't need to have so much complexity, or you are ok with users never changing their password. Do what is right for your company.

Bookmark this post:

ThinkSmarter: Using folders to organize your email

To work smarter, you really need to keep well organized, and one way to do that is to use folders to keep your email inbox nice and clean.
When you use folders you really want to stick with a standard on how you want to organize your messages. You can organize by recipient, by topic of the email, by project, etc. but when you start to use too many forms of organization you will run in to problems finding the emails again because you won't know how you sorted that particular one.

Personally, I use folders based on Topic. So I have one folder for Current Projects, one for Completed Projects, one for Purchases, etc. Within those folders I use sub-folders to keep even more organized. So for instance; within my "Purchases" folder I will have a folder for each vendor I work with. And within the vendors folder I have a folder for "pending orders" "received orders" and one for "un-purchased quotes" This way I can look up any invoice from any vendor I have dealt with very quickly since I know where they are.

But to use folders effectively you need to actually get the mail from your inbox to its appropriate folders. Now if you only receive a few emails a day, reading them then manually putting them into their designated folders is ok. However if you are like me and receive over a hundred emails a day, this can get tedious. How do we solve this problem? Well, we can set up rules (the process for creating rules for your email varies depending on the software you are using to manage email).

The rules you create will obviously vary depending on how you decide to organize emails. If you are organizing email by sender, it's easy, you just create a rule that says "if sender = X, then move to folder X" It's simple you can also create rules that are based on the subject of emails. For instance it could be "If email subject contains "company party" than move to folder "company part". However this can become tricky since new events occur all the time and you would spend a lot of time just creating new rules, manual entry might be best for this.

In addition to the folders I mention above, I also have a few special folders. I have one that any emails with large (bigger than .5 MB) attachments on them will go to. I do this because my email also goes to my phone, and I don't want my phone to get bogged down with attachments, although I could configure my phone to do this filters, I like to keep all filters in the same place so when I need to change something I know where to look. I also have a folder called "non-urgent - non-problems" this is where I dump emails that people send me that are article they find interesting, or have a question that really is just general and not really urgent or a problem (like they want an opinion on a product). This lets me focus on the emails that need attention now and look at the others when I have some downtime, or just need a break from the problems.

Like everything else, one solution doesn't fit all, so find one that does fit. Folders can be a great help if used properly. They can also mess you up some if you over organize them (i.e. sort by different things)

Bookmark this post:

Help the IT department help you.

Some of the comments from my previous post "10 things your IT guy wish you knew" inspired me to write this post. These are some things that can help us help you. Simple things that allow us to fix the things that are irritating you as fast as possible.

1. When you email/call us please give us as much detail as possible about the problem. We don't expect you to be technical or know what actually caused the problem, but knowing what you were doing when it happened can help us.

2. Let us know as soon as you realize there is a problem. If you mistakenly delete something, stop working and call. Usually deleted files can be recovered, but the sooner you let us know the easier it is to do.

3. Most times we prefer receiving emails if the problem isn't urgent, or if your company has a trouble ticket system in place where you can submit the ticket, please do so. This helps us keep track of the problems and what we have done to resolve them, and it also helps us keep tack of who asked first. But if the issue needs to be addressed or you can't email (which happens if that's the nature of the problem) by all means give us a call.

4. Don't Lie. Just don't. If it was a mistake, I'll fix it and unless someone asks me about it no one else will know it happened. If I do get asked by your supervisor, ill most likely say it was a "glitch in the system" because people deserver a break if they made a mistake. If you make that mistake 10 more time or lie to me about it...I won't be covering for you.

5. If you are having a problem with getting on the internet/getting email/etc. basically anything directly related to your computer, please call when you are at your computer so we can do some quick troubleshooting over the phone with you. Another option is to send us an email explaining the problem and asking if we can call you at a later time when you will be available to do the troubleshooting.

6. If I'm working on something else on site and I'm away from my desk, or you catch me in the hall and ask me for something, I'll probably ask you to email me so I don't forget. If I don't ask, go ahead and email me anyway. Something simple like "per our conversation..." short and sweet. Include your contact info and I'll get back to you for details ASAP.

7. If you want new equipment I'm usually the wrong person to ask. In most cases its up to your department head to get the new stuff, we just install it. If you need some help convincing your boss that a new toy you want will benefit the company and make you more productive, shoot me an email and Ill make some time to help you out, I'm a tech, new toys make me happy, even if I only get to play with them while setting them up for you.

8. If I'm asking you to do some troubleshooting with me, please just do it. I have to check certain things before I come to your location and fix it. The more cooperative you are, the faster I can get those things off my list and the faster we get your problem solved. If you have done some troubleshooting on your own, let me know, it will probably save us time.

9. I don't know everything, as much as I wish I did. So sometimes I need to research a problem, when I get to this point Ill let you know that I just don't know the answer and need to go research it and ill be back. Sorry but those are the breaks.

10. Please don't tell me that you do inappropriate things on your work computer, if you do, I then have to investigate it (or advice my supervisor of the issue just to cover my ass) and then it will be investigated. And don't ask me how to get around the security I put in place. I'm not going to tell you, then I'm going to assume you will try and again, I need to investigate it. Save it for when you are at home.

Bookmark this post:

Balancing Security and Usability: Introduction

Computer security is a balancing act. Too little security and you are at risk of lost or stolen data, data that gets mistakenly altered or just read by people who shouldn't be reading it. Too much security and people who really do need the information can't get to it, or getting to the data is just so hard, it's not worth having. These lines are not drawn clearly, and a good SysAdmin must be able to work with those who use the data and with the management of the company to find where these lines should be.

Over the next few weeks I hope to address some of the challenges new System Administrators face when trying to establish a good security policy for their organization. I also hope to provide a little insight on these challenges for those who are not in the IT profession, or not in that part of the profession. The way I see it, the more me know about each others jobs, the more understanding we can be when their are problems. So I hope you enjoy, and feel free to leave comments with your thoughts or recommendations.

Before we get started, there are a couple things. you need to realize when dealing with security, otherwise you will drive yourself crazy.

1. There is no such thing as 100% secure. If someone wants something bad enough, they can get it.


2. Your goal is not to make things impossible for unauthorized users to get to, its to make getting to it more work than it's worth.


3. Security is best used in layers. The reasons for this are because:

• There is always a way around an obstacle, having several in front of you makes it both much harder and much more discouraging to attempt.


• It will give you, the administrator, more time to find out what is happening, and hopefully notify you of a problem before there is a total breach.


• It leaves a better trail to follow. It is much harder to cover your tracks when you have to take a dozen routes to get to a location.

When trying to determine the security needs of your organization several things must be considered. Some of them are:

• Who will need to access the data?


• Where will they need to access it from? (Just the office? should users be allowed to work from home?)


• How important is the data? (Can your business function if it is lost?)


• What are the repercussions if the data is seen by the wrong people? (If a competitor gets it, will it cost you lots of money? if the wrong staff see it, will it cause a drop in performance or moral?)

These types of questions need to be answered before you can implement any real security. For instance, if the data you are working with can cause the downfall of your company if it got into the wrong hands, you probably don't want to make it too easily available from outside your office (or inside for that matter), but if the data is something like a general telephone listing for your company, you may want to make that easily obtainable.

Once you determine the level of security you need, you can look at the kind of security you want to use. There are several ways to protect data, and chances are, you will be using more than one. In the next installment of this series, we will discuss the effective use of password.

Bookmark this post:

10 things your IT guy wants you to know

1. If you ask me technical questions please don't argue with me because you don't like my answer. If you think you know more about the topic, why ask? And if I'm arguing with you...it's because I am positive that I am correct, otherwise I'd just say "I don't know" or give you some tips on where to look it up, I don't have the time to just argue for the sake of it.


2. Starting a conversation by insulting yourself (i.e. "I'm such an idiot") will not make me laugh, or feel sorry for you; all it will do is remind me that yes, you are an idiot and that I am going to hate having to talk to you. Trust me; you don't want to start a call that way.


3. I am ok with you making mistakes, fixing them is my job. I am not ok with you lying to me about a mistake you made. It makes it much harder to resolve and thus makes my job more difficult. Be honest and we can get the problem resolved and continue on with our business.


4. There is no magic "Fix it" button. Everything takes some amount of work to fix, and not everything is worth fixing or even possible to fix. If I say that you just need to re-do a document that you accidentally deleted 2 months ago, please don't get mad at me. I'm not ignoring your problem, and it's not that I don't like you, I just cant always fix everything.


5. Not everything you ask me to do is "urgent". In fact, by marking things as "urgent" every time, you almost ensure that I treat none of it as a priority.


6. You are not the only one who needs help, and you usually don't have the most urgent issue. Give me some time to get to your problem, it will get fixed.


7. Emailing me several times about the same issue in the same day is not only unnecessary, it's highly annoying. Emails will stay until I delete them, I won't delete them until I'm done with them. I will typically respond as soon as I have a useful update. If it is an urgent issue, let me know (see number 5).


8. Yes, I prefer email over telephone calls. It has nothing to do with being friendly, it's about efficiency. It is much faster and easier for me to list out a set of questions that I need you to answer than it is for me to call and ask you them one by one. You can find the answers at your leisure and while I'm waiting I can work on other problems.


9. Yes, I seem blunt and rude. It's not that I mean to, I just don't have the time to sugar coat things for you. I assume we are both adults and can handle the reality of a problem. If you did something wrong, I will tell you. I don't care that it was a mistake, because it really makes no difference to me. Don't take it personal, I just don't want it to happen again.


10. And finally, yes, I can read your email, I can see what web pages you look at while you are at work, yes, I can access every file on your work computer, and I can tell if you are chatting with people on an instant messenger or chat room (and can also read what you are typing). But no, I don't do it. It's unethical, I'm busy, and in all reality you aren't all that interesting. So unless I am instructed to specifically monitor or investigate your actions, I don't. There really are much more interesting things on the internet than you.

Bookmark this post: