While scanning through some email newsletters, I came across this article . It looks like data security is still an afterthought to many organizations. I cannot stress enough that it is very important to secure your important data.

Even home users have Quicken, Money, or Quickbooks files. I have several clients that store a list of their passwords or other important information in Word documents on their computers. That's fine - I keep my entire business stored on my primary laptop. The difference is that my entire hard drive is encrypted. If someone steals my laptop, that will not be able to access my data.

As I've said before, the irony is that the software to do all of this is free and open source. It is easy to use and once you encrypt the drive, your computer acts normally. The only time you notice anything is when you restart the computer. You must enter the password at reboot or the operating system simply won't start.

One other point that  I'm going to state again - Windows and Microsoft and Security don't go in the same sentence. Just because you have a Windows login password doesn't mean anything. That is trivial to bypass.

Also remember the following:

• Rule #1: You are only as good as your last successful backup - from which you can recover.
  
• www.truecrypt.com - open source and free
  

Labels: backup, encryption, rule #1

=============
From Email to a client
=============

I've finally compiled my list of suggestions for helping to secure them and streamline the process of setup. This will help insure consistency of the laptops which will provide a much better classroom experience. Hopefully, the computers will be running XP, but these recommendations will work for Vista as well.

Implementing all of this will take quite a bit of time to get it setup. However, the long-term benefits greatly outweigh the short-term expense.

*Assumes all computers running the same (or very very similar hardware).

==============
Initial Preparation - before any use by a student or faculty
==============

Cost: FREE (except time & software licenses)

• All computers must have any "junk" software removed.
• Default applications must be installed - Firefox, MS Office, PDF Creator, OpenOffice.org, AVG, Adobe Reader, Picasa, Google Earth, Virtualbox, Thunderbird, etc.
• All class specific applications must be installed - typing software, etc
• TCP/IP set to OpenDNS.

===============
Imaging of Computers
===============

Cost: FREE or $100/computer

Imaging of the computers is very critical. This insures that you have a full and complete bit by bit backup of your systems. In a worst-case scenario, it can save tons of time. Also, after the class is over, the computer can be returned to "ready to go" state for the student.

The basic step is your setup 1 computer just how you want it (known as the master). It has all the software and drivers installed needed. Once you have this master setup, then you can image all the other computers (known as slaves) to the master.

The advantage is time. Rather than have to go to each computer and set them all up individually, you create them all at once by using a master/slave setup on your network. The master computer is running the server version of the imaging software and distributes its image to all the slaves on the network.

Free - There are free open source solutions out there that work really well although they aren't as intuitive as the proprietary options.

http://www.clonezilla.org  - best open source for networked imaging

http://ping.windowsdream.com - best for single machine imaging

$100 / computer - these are software that I've used in the past extensively and work well.

Acronis True Image Echo Workstation
http://www.acronis.com/enterprise/products/ATICW/

Norton Ghost
http://www.symantec.com/norton/ghost

===========
MS Steady State
===========

Cost: FREE (except setup time)

Note: Runs on 32-bit XP, Vista only

Microsoft has released a product called Steady State. Once installed, it uses imaging technology to return a computer to an exact state every time the computer is restarted. This means that after setting up a computer initially, the computer will be returned to that state after every reboot.

This software can be incredibly useful to make sure that a computer is always in a clean workable state for the classroom. Unlike relying totally on imaging (which requires the master/slave process each time), Steady State returns the computer to a proper state after reboot - automatically. The computer can much more easily be locked down for internet access, etc.

Windows SteadyState in the Classroom
http://www.microsoft.com/windows/products/winfamily/sharedaccess/seeit/classroom.mspx

Windows SteadyState Disk and System Protection
http://www.microsoft.com/windows/products/winfamily/sharedaccess/whatis/diskandsystemprotection.mspx

FAQs
http://download.microsoft.com/download/f/c/6/fc6955de-0765-46fc-b2a9-47b4d4bcd160/SteadyState_2.5_Technical%20FAQ_updated.pdf

==============
Network Access and Protection
==============

Cost: Service - FREE (except setup time), Router - $60

All computers should be using OpenDNS for security and robustness. This is easily setup in the tpc/ip settings; however, ideally the classroom computers should be running on a separate subnet from the main building network. They need to be behind their own router that we can control.

We should immediately purchase a WRT54GL, flash it with DD-WRT firmware, and install it on the building network. Then we setup the student laptops to connect to it only.

WRT54GL
http://www.newegg.com/Product/Product.aspx?Item=N82E16833124190

DD-WRT Firmware
http://www.dd-wrt.com/wiki/index.php/What_is_DD-WRT%3F

OpenDNS
http://www.opendns.com/smb/solutions

==================
Educating Users
==================

One of the most important steps in this process is educating the users/students on basic safety and security. Fortunately, I have a couple of blog posts that help address this. During the class itself we also spend quite a bit of time discussing simple security issues.

Layered Security Basics
http://www.smartergeek.com/blog/2008/03/layered-security-basics.asp

Simple Rules for Your Computing
http://www.smartergeek.com/blog/2008/01/simple-rules-for-your-computing.asp

Why did I get infected in the first place?
http://www.smartergeek.com/blog/2008/07/why-did-i-get-infected-in-first-place.asp

Myspace and Antivirus 2009
http://www.smartergeek.com/blog/2008/12/myspace-and-antivirus-2009.asp

Labels: acronis, backup, security, xp installation, xp software

Recently, I had a friend of an existing client call. His laptop had somehow corrupted (apparently) all of the drivers for XP. Unfortunately, time was short and I could not get it back to a working state, before he had to return to Arkansas.

To further complicate matters, the corrupted drivers included basically all of the core hardware. He could not even use his CD-ROM or USB ports. I'm surprised the thing would even boot.

Here is the email that I sent to him after a lengthy phone call. With as much time and effort as he already has in this, he has hit the "wall of diminishing return". That means it is more efficient time-wise and financially for him to completely redo his computer.

As you can see, I am following my policy of open-information sharing to help this guy. The following steps are my basic process for reinstalling Windows.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your Laptop:
Sony Vaio PCG-7A2L VGNFS640
Windows XP
Hard Drive Type: IDE

-------------------------------------
Recover/Backup your data
-------------------------------------
**Always remember rule #1: You are only as good as your last successful backup from which you can recover.

(1) Physically remove the hard drive from the pc. Purchase a USB enclosure, install the hdd, and connect it to a working Windows, Linux, or Mac. Copy your data from the drive.

Example Locations of Data
(driveletter):\documents and settings\(username)\my documents
(driveletter):\documents and settings\(username)\desktop

USB Enclosure Examples:
http://www.staples.com/office/supplies/p1_External-hard-Drives_220347_Business_Supplies_10051_SEARCH

http://www.newegg.com/Product/Product.aspx?Item=N82E16817145329

OR

(2) Download a Linux ISO such as Ubuntu onto a working pc. Create a bootable CD from the ISO, make sure your laptop BIOS is setup to boot to CD first, and boot to the Linux live CD (test it - do not install). Linux will see right into your HDD. Copy files to a removable flash drive, etc.

www.ubuntu.com


------------------
Wipe (nuke) the Drive - optional but recommended
------------------

*Backup or recover your data first!!!

**CAUTION**
Once you wipe the drive, your recovery files (if present) will be deleted as well. These recovery files are the Windows installation files that the manufacturer put in a hidden partition on your hard drive. In many cases, your recovery CD/DVD will only work with these recovery files. That means that the computer manufacturer effectively screwed you if your hard drives - you will have to buy a copy of Windows even though you paid for one with your computer purchase. Sony is bad about this.
****************

Because of the odd nature of what happened to your system, I would suggest wiping the drive. Basically you will create a "nuke" disk or CD, boot to that, and start the wiping (erasing) program. It typically will take a couple of hours depending on the size of your drive.

Darik's Boot and Nuke - use this for wiping the drive
http://www.dban.org/download

Download the one for CD and DVD media since you don't have a floppy drive.

Screenshots of DBaN
http://sourceforge.net/project/screenshots.php?group_id=61951

How do I make a bootable CD or bootable DVD with the ISO file?
http://www.dban.org/faq/burning

------------------
Reinstall Windows XP
-----------------

*SATA drives will typically require drivers and a floppy disk drive (CD won't work) to install WinXP. IDE drives will not.

(1) Purchase a copy of  Windows XP Home Edition (full copy - not the upgrade). Put the CD in your drive and boot the computer from the CD. Follow the instructions in the installer. You can use a "quick format" when asked.

WinXP Home Edition
http://www.newegg.com/Product/Product.aspx?Item=N82E16832116511

WinXP Professional
http://www.newegg.com/Product/Product.aspx?Item=N82E16832116513

OR

(2) Purchase a copy of your recovery CD's from the manufacturer. See the warning about nuking/wiping first!

Sony - How to purchase recovery CD/DVDs for computer products.
http://www.kb.sony.com/selfservice/viewContent.do?externalId=C61643&sliceId=2&mdl=null#

-----------------------
Download and Install Drivers
-----------------------

*Sometimes your manufacturer will have the wrong drivers posted or none at all. That is when you find out that Google is your friend.

You will need to visit the support/drivers section of your computer manufacturers website. There you will locate the drivers for your model of computer. Normally you will need to download them using a working computer as Windows will typically not have built-in drivers for your LAN, video, audio, etc.

Copy the driver files to a USB drive, CD, etc, and install them on the fresh installation of XP.

------------------------
Reinstall Software
------------------------

You will need to reinstall any software that you typically use - Firefox, Adobe Reader, MS Office, PDA software, etc.

----------------------
Copy your data back
----------------------

Plug in your USB drive (or whatever) and copy your data back to your nice shiny installation of WinXP!

---------------
Review the Following Blog Posts
---------------
Backup and Imaging
http://www.smartergeek.com/blog/2008/07/backup-and-imaging.asp

The Importance of Backups
http://www.smartergeek.com/blog/2008/07/importance-of-backups.asp

Labels: backup, imaging, rule #1, xp installation

This "white paper" was created to present to several clients of mine. I'm posting it to my blog so that it can be reviewed and maybe raise some questions as to how you handle your home and business information.

PDF Copy Here

Company policy concerning safety and security of data

• How important is your data?
• What is the company policy about sharing data?
• What workers / contractors have access to what data?
• What would you do if that data were leaked to a competitor?
• Do you allow users to surf MySpace, FaceBook, or similar sites? How do you know?

“Over 90 percent of the Webpages that are spreading Trojan horses and spyware are legitimate sites, some belonging to household brands and Fortune 500 companies, Sophos reports. Most have been hacked through SQL injection.” - source: Sophos.com

“Cross-site scripting

AJAX also increases the possibility of so-called cross-site scripting flaws, which occur when the site developer doesn't properly code pages, experts said. An attacker can exploit this type of vulnerability to hijack user accounts, launch information-stealing phishing scams or even download malicious code onto users' computers, experts have said. Big-name Web companies such as Microsoft, eBay, Yahoo and Google have all experienced cross-site scripting flaws on their Web sites.” - source: Cnet.com

"Certification" method to insure all outside pc's (ex: laptops) are clean and malware free

• How do you know if the pc's are infected or not?

• What is the policy on maintaining anti-virus and safe surfing habits?

Secure Backup Method

• What is your backup method?

• Have you practiced recovery from disaster?

• Do you use imaging software to recover the OS and applications?

• Are your backup files secure?

Data Encryption on Laptops and Remote Devices

• Are your laptops and remote devices utilizing data encryption?

• How much is your data worth if it gets into the hands of a competitor or criminal?

There is some evidence that cyber criminals are now specifically targeting laptop users, encouraged to do so by the finding that corporate laptops hold an average $525,000 worth of sensitive data. - source: Bahn, October 2007

Company Email and Consistency

• Do your workers use their personal Yahoo or AOL accounts for email?

• Do you want your clients to have an image of your company with potentially suggestive email addresses? (ex: cutiegirl69@yahoo.com)

• What will you do if a lawsuit and discovery injunction requires that you are able to provide all communications?

Further Resources:

The Growing Importance of E-Discovery on Your Business

http://www.google.com/a/help/intl/en/security/pdf/importance_e_Discovery.pdf

Business Guide to Compliance

http://www.google.com/a/help/intl/en/security/pdf/WP44-BMGuide.pdf

The Impact of the new FRCP Amendments on your Business

http://www.google.com/a/help/intl/en/security/pdf/WP42-FRCP_0107.pdf

Protecting Off-Network/Laptop Users

http://www.google.com/a/help/intl/en/security/pdf/off_network_workers.pdf

2007 Annual Study: Cost of a Data Breach

http://www.ponemon.org/press/PR_Ponemon_2007-COB_071126_F.pdf

Labels: backup, email, encryption

As taken from a recent email conversation with a customer:

There are several issues that can cause internet connectivity issues. If Verizon says that their service is running smoothly, then typically they are correct - although I have seen cases where the ISP states that nothing is wrong with their service and there really is an issue.

As I'm sure you are aware, any downtime in your ability to use the Internet leads to productivity loss and costs you money. It would be well worth your time to contract with me to straighten out your network. For instance, when we first met you were having issues with Outlook Express - and the problem was that you had well over 13,000 emails in your inbox causing OE to choke.

One other very important point to remember is that you really should have a backup system in place. If your pc's go down, you risk losing your data which is far more important than the hardware itself.

http://www.smartergeek.com/blog/2008/07/importance-of-backups.asp

Here are some possible things causing your issue:


SPAMMers don't have warehouses full of computers. They use exploited PC's - zombies - to send out the spam. That is part of why it is so profitable.

Problem: Zombies are uploading/downloading on your network consuming your bandwidth and causing you to think your Internet service is down.

Resolution: All pc's on your network should be thoroughly checked out, possibly re-imaged, and practices put in place to avoid the problem in the future.

------------------
Email and Spam
------------------

This issue is closely related to "Zombies". Your users receive an inordinate amount of email and much of it is spam. This consumes bandwidth and can cause what appear to be "temporary outages" in your Internet connection.

Problem: Too much inbound spam.

Resolution: Migrate to Google's email service as recommended several times.

-----------------
Users abusing Network
-----------------

This happens much more frequently now. Users tend to want to view MySpace.com or Youtube.com on company time and using up company resources. Video and audio consumes a lot of bandwidth, which can cripple your legitimate traffic.

Resolution: Setup a system to restrict certain domains and websites plus enforce a company policy that prohibits such usage.

--------------------
Hardware Issues
--------------------

Hardware can begin to intermittently fail. There is always a possibility that your router or modem is occasionally having an issue.

Resolution: Replace faulty hardware.

-------------
Additional Resources
-------------

http://www.smartergeek.com/blog/2008/07/why-did-i-get-infected-in-first-place.asp

http://www.smartergeek.com/blog/2008/03/layered-security-basics.asp

http://www.smartergeek.com/blog/2008/02/spam-and-phising-example.asp

http://www.smartergeek.com/blog/2008/06/backing-up-your-system.asp

http://www.smartergeek.com/blog/2008/01/simple-rules-for-your-computing.asp

http://www.smartergeek.com/blog/2008/01/virus-lessons-101-revisted.asp

http://www.smartergeek.com/blog/2008/01/smartergeek-newsletter-1-5-2008.asp

Labels: backup, google apps, rule #1, spam, zombies

Obviously, backing up your data is the most important since you can always replace failed hardware. However, recovering from a system crash can be very time-consuming. Installing XP, Vista, or Linux plus all your applications and then tweaking your system can be a pain.

Acronis® True Image Echo Workstation
http://www.acronis.com/enterprise/products/ATICW/

Add-ons / Acronis® Universal Restore
http://www.acronis.com/enterprise/products/ATICW/universal-restore.html
*This allows you to recover to an image if the hardware changes. It basically resets the HAL in Windows, and can be very useful.

Acronis is nice because it will image while the system is running under XP. I've used it for several years now and had great luck with it.

Here is the method that I suggest you do for a complete backup of your computers.

1. Backup all important data "bulk data" (movie files, word docs, spreadsheets, pictures, email files, etc) to removable drive, DVD, etc. A great utility to find a lot of extra data is JDisk Report.
   
2. Delete the "bulk data" from each machine after backup and before imaging. This keeps the image file(s) from being too bloated.
3. Run a temp file cleanup utility, Diskeeper Pro, and Registry Mechanic.
   
4. Image the PC and store the image to a removable drive, DVD, online storage, etc. Use the "archive splitting" option in the imaging software so break the images into 4.7 GB chunks so they will fit on a DVD.
   
5. Copy the "bulk data" back to the pc once imaging is completed.
   

Now you have a "clean" image of the pc that can be recovered relatively quickly and easily. If you have a computer that you use a lot and add software too, you can do an incremental image with Acronis also, which can be set to run automatically.

Additional Resources:

Technology Report 1-8-2008
http://www.smartergeek.com/blog/2008/01/technology-report-1-8-2008.asp

Firefox and Google Bookmarks
http://www.smartergeek.com/blog/2008/07/firefox-and-google-bookmarks.asp

Trusting Google with your Email
http://www.smartergeek.com/blog/2008/07/trusting-google-with-your-email.asp

Backing up your System
http://www.smartergeek.com/blog/2008/06/backing-up-your-system.asp

Labels: acronis, backup, imaging

When Gmail first came out I started using it as an address for message board registrations and things like that. Since I've owned my own domains since about 1999, I've always used them for my primary email. My old method of backup was to use Outlook or Outlook Express and finally Thunderbird for POP3. Periodically, I would backup the appropriate files for those applications.

The problems with that were several. First, I have a LOT of email. As the Outlook .pst file or the Thunderbird files began to grow in size, performance suffered. If I "archived" email to a CD/DVD and then removed old ones from Outlook or Thunderbird, searching archives meant restoring them, searching, then cleaning up again.

A couple of years ago, Google released a service called Google Apps for your Domain. Among other things, it allows you to use Google's GMail "engine" to handle the email for your domains. You have the advantage of basically unlimited storage, alternate port usage (SSL and TLS) which comes in handy for ISP port 25 filtering, web access, POP3 access, and more recently IMAP support. One of the cool things is that even if you use POP3 access, Google Apps archives a copy of your received and sent email. This means you can access all of your email from your browser, its very searchable through your browser, and it provides a great backup solution!

The Trust Issue

Several people have commented about "trusting Google" with your email. Well, here is the reality check. Trust is a relative thing. We trust that MS's software (Windows, Outlook, OE, etc) is not doing anything behind our back. We trust that our ISP handles our information correctly, but that has proven to be a shaky deal lately.

Most of those same people "trust their ISP" with their email or another 3rd party email service. In my opinion, I trust Gooogle far more than anyone else.

ATT/Bellsouth, Verizon, and a host of other service providers have given me far more reasons to distrust them than Google.

One other thing to mention about "trust" is that at least Google gives you all the mechanisms to move your email away from Google should you choose. By providing contact import/export, POP3 access, and IMAP support, you have full control of your mail. In contrast, Yahoo requires a premium subscription for export and POP3 access, most of the major ISP's such as ATT/Bellsouth don't provide any contact export, and POP3 access only helps retrives your received email - not your sent email.

I migrated my email service over a year ago and have been very pleased with it. I have email dating back to 2004 stored online and have plans to push email archives dating back to 2002. Many of my clients are now migrated to the service and love it.

Web Access or Local Application

As the line continues to blur between web-based applications and local applications (software on your computer), it gets more difficult to recommend which is best. About 2 months ago, I made the decision to go 99% web-based email. This means I use my browser (Firefox) for my email. The advantages are many, but mainly it gives me access to my email anywhere I have a connection. Plus I don't have to worry about contact synchronization.

There are a few disadvantages though:

• Must have a connection to read any of your email.
• Adding attachments is not as easy as drag/drop for multiple attachments.

This is one of those things that you just have to try both and see which works best for your situation and tastes. Now I said "99%" of my email. If I have an email that I need to attach several files, then I will use Thunderbird with IMAP. This gives me an easy way to attach multiple files quickly and easily.

Following Rule #1

Rule #1: You are only as good as the last successful backup from which you can recover.

As much as I trust Google, ultimately I trust myself more than anyone. Periodically (about once every 2 months), I POP3 down all of my received email and IMAP a copy of all of my sent email to local Thunderbird files. Then I export a copy of my contacts to CSV. Then I backup email adn contacts to DVD.

If something does happen to Google's service, at least I have a local copy.

References:

What is EFF's Lawsuit Against AT&T About?
http://w2.eff.org/legal/cases/att/faq.php#1

Google Apps for your Domain
http://www.google.com/a

Backing up your System
http://www.smartergeek.com/blog/2008/06/backing-up-your-system.asp

You like Yellow Dots from your Printer?
http://www.smartergeek.com/blog/2008/02/you-like-yellow-dots-from-your-printer.asp

AT&T and Other ISPs May Be Getting Ready to Filter - Bits - Technology - New York Times Blog
http://www.smartergeek.com/blog/2008/01/at-and-other-isps-may-be-getting-ready.asp

Labels: backup, gmail, google apps

All too often, I have clients whose computers crash. Fortunately, I can recover the data most of the time, but there are times when the hard drive physically fails. In those cases recovering the data becomes nearly impossible and very very expensive.

Recently, I created a document for my clients on "The Importance of Backups". Here is copy/paste of that document and a PDF copy. Spread the word.

The Importance of Backups

Rule #1: You are only as good as your last successful backup from which you can recover!

The most important thing on your computer (PC or Mac) is not the hardware nor really the software. These can be replaced relatively easily. The most important thing is your data. Period.

Backing up your data can be very simple and painless. For most people, it should not take that much time either. Here are some simple ideas:

• Purchase a “thumb drive” and simply copy any important data to your drive.

• Use blank DVD-R's and your DVD burner – blanks cost less than $0.20 each.

• Purchase a removable hard drive – you can get 320GB of storage for about $100 now.

• Most of your data will be located in your “My Documents” folder on an XP machine.

• Certain programs, such as older versions of Quicken or Quickbooks, like to store the data file in the program directory. Always check those programs and move the data file to your My Documents.

• You may not want to backup all your music each time if you have an iPod – that will serve as your backup.

• Pictures, music, and videos take up the most storage space. You may not want to back them up every time depending on your storage capacity.

Off-site backup is very important. It won't do you any good if you backup your data, but your house burns down.

Also, thieves steal computers, removable drives, etc. I have had several clients this year who have suffered business and home theft, including their computers. You need to periodically store a backup at a trusted family member or friends house or safety deposit box.

You also need to consider the safety and security of your backups. This means that your backup data should be treated as securely as your live data. With JungleDisk you can encrypt your data so that neither JungleDisk nor Amazon employees have access to your data. If you are using DVD's or a removable drive, then I recommend using TrueCrypt containers to keep the data safe.

My Recommendations:

Primary Backup: JungleDisk which uses Amazon's S3 service. This gives you encrypted off-site backups that is a no-brainer to use and very cost effective. Typically you can have 30+GB stored for less than $10/month.

Secondary Backup: Every 2 weeks, I copy my TrueCrypt container to a removable USB drive.

Tertiary Backup: Once a month I copy everything to removable DVD's. The files on the DVD's are stored in an encrypted TrueCrypt container, and the DVDs are locked in a fireproof safe.

Printable PDF Copy

Backups-Importance.pdf

Labels: acronis, amazon s3, backup, jungledisk, rule #1