Yesterday’s denial-of-service attack on Wikileaks got me thinking about computer security and what I should be doing differently. While that attack is of a different methodology (essentially too much traffic at once) most end-users, if attacked, will fall prey to a password attack, so let’s start there. The fact that even Wikileaks, an uber-secret place where security is tantamount and many bright minds work, was vulnerable to a known method underscores just how unsecured we may be online.
In a separate recent Apple Store fiasco, Gawker reported that many store users who had their iTunes linked to PayPal, which was then linked to their bank account, were defrauded out of their savings. It is reported that many accounts were cleared entirely. It’s not known right now where the actual security breach occurred; were the Apple servers actually compromised, or were only the low hanging fruit of users with bad passwords targeted? Either way it is a cause for concern, and net users should make sure to protect themselves out there.
See below for some tips that you may find helpful. Have one of your own? Share it in the comments section.
Your primary email needs a unique, robust, and secure password.
For scammers and phishers the key to the city (your city) is gaining access to your primary email account. From there they can simply click the “lost password” link on your favorite websites to reset your password. This makes the damage two-fold; not only is someone posing as you online, they have also locked you out of your accounts. It can take months, or even years, to fully recover from an email intrusion. A good email password should not be shared with any other accounts, not include “known” information such as birthdays, and include numbers and special characters such as $ or #.
I fail here in that while my password is very secure (something along the lines of L337h@x0r) I do share it with a few other accounts.
Always password-protect your computer.
Password protected computers aren’t just for Enron execs and cheating husbands anymore. Far from it, all computers should require a password to log-on, restart, or wake from sleep. This increases your online security in two manners. First, a password will protect you from “real world” snoops and prying eyes. Second, simply having a password will prevent most spyware, viruses, and other malware from harming or hijacking your computer. Almost all of these programs require administrator privileges to run, so if your computer requires a password prompt you should be in the clear.
Here I again fail, but this time I at least fail with an asterisk. I do not password protect my home computer, but since it is an Apple there are very few malicious programs targeting it. Still, I should do better.
Even the weakest part of the chain must be secured.
The credentials to your NetGear router are Admin/Password. If I had to guess the IP address is 192.168.0.1. Surprised? You shouldn’t be… why would NetGear make a default password and IP address especially for you? All areas of your network should be considered possible entry points for intruders and must be given secure passwords. Consider when you check your investment portfolio online: if your financial institution is like mine it requires you to have a robust password, unique username, and perhaps even a site key. Very secure. However, if you didn’t change that router password your neighbor could simply connect and learn these credentials as your data is passed through from your computer to the router to the modem. You didn’t even make it to cyberspace and already your personal information has been compromised.
And yes, my home router is still set to Admin/Password.
Stay safe out there friends!
The above article contains helpful hints that may work. It is not a substitute for one-on-one professional advice.
SDSol Technologies is South Florida's premier online solutions provider. We show businesses how to grow their revenue by using state of the art applications; custom designed by our award winning architects.
Search This Blog
Monday, November 29, 2010
Three Ps of Protecting Your IT Infrastructure against Hurricanes.
Hurricane shutters? Installed. Two weeks worth of food and water? In the pantry. Playing cards and Johnny Walker Blue? Locked and loaded.
It would be nice if the above items alone satisfied the hurricane preparedness checklist, but alas, they do not.
Businesses must prepare in advanced for unplanned outages, hurricanes, and tropical storms. As this year's hurricane season is drawing to a close consider yourself lucky and take the opportunity to prepare for next year. Spending time in the IT world, we see firsthand how severe weather can disrupt business continuity for weeks and even months on end; if not shuttering less cash healthy businesses entirely.
Any time this topic is raised I am reminded of an old light-manufacturing client of ours whose failure to back-up properly left them without invoices, receivables, and even the strategy on how to create their products. While it is easiest to simply blame Mother Nature, most weather-related business interruptions are, at least somewhat, caused by lack of preparation and planning. The saying “Plan, Prepare, Practice” will help small and medium size business owners ride out The Big One in case we see another Andrew-strength any time soon.
Plan
A written natural disaster plan should be in place and shared with all staff members. Your plan should document important contact details (employees, insurers, vendors, and government agencies), system administrator passwords (in a safe place), and actual steps each employee should take during the time of crisis. Delegation is important, but redundancy is just as vital. Many employees will leave town, so be sure to adjust for this. Keep several paper copies on-hand both off-site and at the office as well as in everyone’s inbox.
Although geared toward nonprofits, I am a fan of the template and checklist found at www.npccny.org/info/Disaster_Planning.doc. The SBA also offers resources at http://www.sba.gov/services/disasterassistance/disasterpreparedness/index.html.
Prepare
Physical and electronic preparations are a must. Much of the physical preparation falls outside the scope of IT planning, but generally includes items such as using hurricane shutters, securing doors, and taking precautions against water damage. On the IT side of things all business should:
• Inventory hardware and software: Create a list that documents every single piece of hardware and software your organization owns along with serial numbers. Include copies of purchase receipts. Store these in a safe off-site location.
• Diagram your network structure: We can’t recreate your network without knowing what it looked like in the first place.
• Invest in a UPS. A UPS, or uninterruptible power supply, keeps your electronics alive for the minutes (or longer) after power is lost. This gives critical time to save your files and power down devices. If you anticipate conducting business in the immediate aftermath of a hurricane then consider a diesel generator as well.
• Forward your business numbers to cell phones or off-site numbers. Even during a disaster, that great sales lead may be calling.
• Back up your data: Important data should be backed up both locally and remotely. Run regularly scheduled backups and test to make sure your backup is working properly.
Practice
Test your plan to make sure it fits your business model and to ensure familiarity with it. Keep contact and vendor info updated. Every six months or less your system should be rebuilt from the backup (on a staging server) and your employees should practice disaster drills.
Hopefully you will never have to enact your IT recovery plan. In case you do, documenting your hardware and software, keeping contact information handy, and taking backups will save your business time, energy, and money in case disaster strikes.
---
The above article contains helpful hints that may work. It is not a substitute for one-on-one professional advice.
It would be nice if the above items alone satisfied the hurricane preparedness checklist, but alas, they do not.
Businesses must prepare in advanced for unplanned outages, hurricanes, and tropical storms. As this year's hurricane season is drawing to a close consider yourself lucky and take the opportunity to prepare for next year. Spending time in the IT world, we see firsthand how severe weather can disrupt business continuity for weeks and even months on end; if not shuttering less cash healthy businesses entirely.
Any time this topic is raised I am reminded of an old light-manufacturing client of ours whose failure to back-up properly left them without invoices, receivables, and even the strategy on how to create their products. While it is easiest to simply blame Mother Nature, most weather-related business interruptions are, at least somewhat, caused by lack of preparation and planning. The saying “Plan, Prepare, Practice” will help small and medium size business owners ride out The Big One in case we see another Andrew-strength any time soon.
Plan
A written natural disaster plan should be in place and shared with all staff members. Your plan should document important contact details (employees, insurers, vendors, and government agencies), system administrator passwords (in a safe place), and actual steps each employee should take during the time of crisis. Delegation is important, but redundancy is just as vital. Many employees will leave town, so be sure to adjust for this. Keep several paper copies on-hand both off-site and at the office as well as in everyone’s inbox.
Although geared toward nonprofits, I am a fan of the template and checklist found at www.npccny.org/info/Disaster_Planning.doc. The SBA also offers resources at http://www.sba.gov/services/disasterassistance/disasterpreparedness/index.html.
Prepare
Physical and electronic preparations are a must. Much of the physical preparation falls outside the scope of IT planning, but generally includes items such as using hurricane shutters, securing doors, and taking precautions against water damage. On the IT side of things all business should:
• Inventory hardware and software: Create a list that documents every single piece of hardware and software your organization owns along with serial numbers. Include copies of purchase receipts. Store these in a safe off-site location.
• Diagram your network structure: We can’t recreate your network without knowing what it looked like in the first place.
• Invest in a UPS. A UPS, or uninterruptible power supply, keeps your electronics alive for the minutes (or longer) after power is lost. This gives critical time to save your files and power down devices. If you anticipate conducting business in the immediate aftermath of a hurricane then consider a diesel generator as well.
• Forward your business numbers to cell phones or off-site numbers. Even during a disaster, that great sales lead may be calling.
• Back up your data: Important data should be backed up both locally and remotely. Run regularly scheduled backups and test to make sure your backup is working properly.
Practice
Test your plan to make sure it fits your business model and to ensure familiarity with it. Keep contact and vendor info updated. Every six months or less your system should be rebuilt from the backup (on a staging server) and your employees should practice disaster drills.
Hopefully you will never have to enact your IT recovery plan. In case you do, documenting your hardware and software, keeping contact information handy, and taking backups will save your business time, energy, and money in case disaster strikes.
---
The above article contains helpful hints that may work. It is not a substitute for one-on-one professional advice.
Thursday, November 18, 2010
3 tips for getting an effective website quote
Our experience in the Miami website design and development space has enabled us to offer these tips for getting your website project off the ground.
Typically a basically functionality requirement analysis will cost anywhere from $85 to $750 dollars. However, we love our readers, so mention the blog for a free basic analysis (up to 1 hour of system architect time.)
Looking for Miami website development? Contact us at SDSol Technologies. We look forward to hearing from you.
- Define a clear goal.
- Ask for examples.
- Define the functionality of your site.
Typically a basically functionality requirement analysis will cost anywhere from $85 to $750 dollars. However, we love our readers, so mention the blog for a free basic analysis (up to 1 hour of system architect time.)
Looking for Miami website development? Contact us at SDSol Technologies. We look forward to hearing from you.
Tuesday, November 16, 2010
Fight against prostate cancer & Happy Movember
We at SDSol Technologies support the fight against prostate cancer. After all, many of us are ourselves men. Each November, or Movember I should say, men and challenged to change their appearance and the face of men's health by growing a mustache for the entire month. In 2009 alone over $42 million was raised for Movember's beneficiary partners.That amount is sure to tickle your upper lip... like a mustache.
We support our reader, friend, and super-user extraordinaire Dan in his fight against prostate cancer. Click the link if you would like to donate for Movember through his page.
We support our reader, friend, and super-user extraordinaire Dan in his fight against prostate cancer. Click the link if you would like to donate for Movember through his page.
Not Dan, but pretty cool nonetheless |
Thursday, November 11, 2010
Database Migration Checklist
View our site for more about our Miami database migration services.
A new data migration project can be a seemingly challenging process. We put our experience into the below checklist in the hopes that it will help you with your next data move. Feel free to suggest your own tips in the comments.
Data migration checklist
Step 1: Pre-migration project plan
Pre-migration impact assessment: Enthusiasm is to be admired, but data migration should be carried out in as systematic a manner as possible. Here focus on answering questions such as:
By all means this is not a complete list or relevant to every project. Data migration requires a great deal of planning, experience, and expertise, some of which was covered here. For data migration solutions contact SDSol Technologies.
A new data migration project can be a seemingly challenging process. We put our experience into the below checklist in the hopes that it will help you with your next data move. Feel free to suggest your own tips in the comments.
Data migration checklist
Step 1: Pre-migration project plan
Pre-migration impact assessment: Enthusiasm is to be admired, but data migration should be carried out in as systematic a manner as possible. Here focus on answering questions such as:
- Is this project viable?
- What is the timeframe?
- What deadlines exist?
- What resources are required?
- What software is needed?
- What hardware is needed?
- How will this disrupt the business? Will there be downtime?
- What are the risks and costs?
- Initial Next Steps: Make stakeholders aware of the pending tasks.
- Are stakeholders aware of the benefits?
- Are stakeholders aware of key dates and activities?
- Have all decision makers signed off on the project?
- Have resources been effectively allocated? Are they aware of their roles?
- Is the optimal project delivery structure defined? Does it include highly focused milestones?
- Have you created a structured workflow with tasks, dates, and deliverables?
- Are documentation and the training plan in place?
- Is the collaborative environment/platform in place?
- Have you shared the stakeholder communication plan and directory with the team?
- Have well-defined project policies been shared?
- Does the high-level project plan exist?
- Have you begun to analyze the data?
- Have timelines been refined after data analysis?
- Have standard project docs and templates been shared with the team?
- Have 3rd party agreements and requirements been formalized?
- Have future hardware and software requirements been shared with the team?
- Has the data dictionary or project wiki been created?
- Has the high-level source to target mapping been specified?
- Has the data been sufficiently pruned, and the scope defined, to result in a fast-loading database?
- Has risk discovery and analysis been revised?
- Are users aware the old system is being retired? Is a strategy in place?
- Have all modeling layers being created and revised?
- Have estimates been adjusted for new information?
- Has the detailed mapping design document been completed, reviewed, and understood?
- Have all sources and targets, down to the attribute level, been defined?
- Have interfaces for data extraction and loading been designed and prototyped?
- Have the data quality management routines been specified?
- Is the plan ready to go to the developers?
- Has hardware been specified?
- Are all service level agreements in place?
- Has the migration logic been documented?
- Has the migration been tested on a cloned staging set-up?
- Is the data validation routine or engine ready to go?
- Will data quality be monitored in an ongoing fashion? It should be!
- Is there a migration fallback system in place?
- At this point all strategies should be defined.
- Are you keeping an accurate log for compliance?
- Has the migration been independently verified?
- Have all system retirement validations been completed?
- Once all preconditions have been met terminate the legacy system.
- Have responsibilities been fully transferred over to the client/user?
By all means this is not a complete list or relevant to every project. Data migration requires a great deal of planning, experience, and expertise, some of which was covered here. For data migration solutions contact SDSol Technologies.
Wednesday, November 10, 2010
Facebook thought police in action
As online spendthrifts know LimeWire was shut down this week by court order. As usual, when you poke a hornets' nest there are consequences. In response, on the way out the door, "somebody" released "LimeWire Pirate Edition," which is actually a better version than LimeWire Pro (faster and no advertisements.) I figured I would spread the news via facebook, but was unable to. Instead I received:
That bothered me, but when I received the same message while sending a PM my mood went from "that sucks" to "deeply troubled." Facebook is now censoring my thoughts!
As a technology company we support the free exchange of information. This is the opposite.
That bothered me, but when I received the same message while sending a PM my mood went from "that sucks" to "deeply troubled." Facebook is now censoring my thoughts!
As a technology company we support the free exchange of information. This is the opposite.
Monday, November 8, 2010
SDSol Mentioned in Newsweek
SDSol Technologies is proud and privileged to be mentioned in R. M. Schneiderman's article, "The Stars of the Recession." Excellent article covering opportunities in times of crisis and the flattening/globalization of the business landscape.
Mobile Telecom Network News
Some interesting items on the web regarding mobile the past few days:
Dead-on roundup of Smartphone users and their perceptions from the folks at C-Section Comics
According to CNet, Netflix is responsible for a full 20% of fixed downstream traffic during peak time. This 8 P.M. to 10 P.M. prime-time number not only shows just how much consumers are adopting mobile technology, but also the threat facing the traditional broadcast/advertising revenue model.Why the networks don't simply break away from the cable providers and shift to a streaming-advertising model is still unanswered...
Chetan Sharma, whose knowledge of the telecom industry rivals that of Alexander Graham Bell, states that mobile data traffic will top one billion gigabytes (an exabyte!) by the end of 2010. The folks at Phandroid saved me the fast math and determined that this is equal to 50,000 years of DVD video. Further, Sharma predicts that in 2013 the carriers should be looking at a 50%/50% split of data and voice in their revenue pie. I'm personally very interested to see how the carriers adjust to this changing model-- reminds me of the old "are rail companies in the business of rails or transportation?" debate from 75 years ago.
Finally, I am told that we Samsung Galaxy S users will be receiving the Froyo update by the end of this month (November.) Finally indeed...
Stay tuned...
Dead-on roundup of Smartphone users and their perceptions from the folks at C-Section Comics
According to CNet, Netflix is responsible for a full 20% of fixed downstream traffic during peak time. This 8 P.M. to 10 P.M. prime-time number not only shows just how much consumers are adopting mobile technology, but also the threat facing the traditional broadcast/advertising revenue model.Why the networks don't simply break away from the cable providers and shift to a streaming-advertising model is still unanswered...
Chetan Sharma, whose knowledge of the telecom industry rivals that of Alexander Graham Bell, states that mobile data traffic will top one billion gigabytes (an exabyte!) by the end of 2010. The folks at Phandroid saved me the fast math and determined that this is equal to 50,000 years of DVD video. Further, Sharma predicts that in 2013 the carriers should be looking at a 50%/50% split of data and voice in their revenue pie. I'm personally very interested to see how the carriers adjust to this changing model-- reminds me of the old "are rail companies in the business of rails or transportation?" debate from 75 years ago.
Finally, I am told that we Samsung Galaxy S users will be receiving the Froyo update by the end of this month (November.) Finally indeed...
Stay tuned...
Friday, November 5, 2010
What is Kik Messenger, besides popular all of a sudden?
My Facebook is being inundated with strange updates from friends such as “kik: Miamigurl.” As I laced up the Timberlands and set out to find her, I realized my friends are referring to a new(er) messaging platform and not the art of putting rubber to behind. Kik Messenger is rapidly growing, taking in 150,000 new users in a single day. From 30,000 to 450,000 users in a week is very impressive indeed. The re-branding of 2009’s “Unsynced” has worked out very well for the Waterloo, Ontario development team.
Being the sucker for early adoption that I am I quickly downloaded it on my Samsung Fascinate, registered, settled on a user-name, and was up and running within 30 seconds. My initial impressions and thoughts:
• BBM functionality – kinda creepy really.
The big feature of Kik is that users can see when contacts have opened and read their messages. This is a very popular feature of BlackBerry’s messaging service as people appreciate confirming delivery. However, to me it just seems like a great method to get into trouble with an overbearing spouse or girlfriend. I can hear the “I know you received my message, so where is the dry-cleaning?” argument now.
• Who doesn’t have unlimited text these days?
Kik uses your data plan, as opposed to your SMS/text plan, to send messages. This is a great way to stay within your text messaging plan. However, I am not sure who exactly would be using this application that doesn’t have unlimited text in the first place.
• Who are these people?
I’m not sure where Kik is pulling my suggested contacts from, but I do know that I don’t know over 75% of them. Weird.
Kik provides a very user-friendly interface, more functionality than traditional texting (platform independent smilies!), and a great way for iPhone, Droid, and BlackBerry users to stay connected with each other. I think it will stick around and be heavily used, just not by me. Kik gets a 5/5 for young adults who constantly text each other, but not very useful for everyone else.
Kik is a great example of just how explosive adaptation of simple, custom software programs can be. Want to develop your own idea? Contact SDSol Technologies, Miami’s custom programming experts.
Being the sucker for early adoption that I am I quickly downloaded it on my Samsung Fascinate, registered, settled on a user-name, and was up and running within 30 seconds. My initial impressions and thoughts:
• BBM functionality – kinda creepy really.
The big feature of Kik is that users can see when contacts have opened and read their messages. This is a very popular feature of BlackBerry’s messaging service as people appreciate confirming delivery. However, to me it just seems like a great method to get into trouble with an overbearing spouse or girlfriend. I can hear the “I know you received my message, so where is the dry-cleaning?” argument now.
• Who doesn’t have unlimited text these days?
Kik uses your data plan, as opposed to your SMS/text plan, to send messages. This is a great way to stay within your text messaging plan. However, I am not sure who exactly would be using this application that doesn’t have unlimited text in the first place.
• Who are these people?
I’m not sure where Kik is pulling my suggested contacts from, but I do know that I don’t know over 75% of them. Weird.
Kik provides a very user-friendly interface, more functionality than traditional texting (platform independent smilies!), and a great way for iPhone, Droid, and BlackBerry users to stay connected with each other. I think it will stick around and be heavily used, just not by me. Kik gets a 5/5 for young adults who constantly text each other, but not very useful for everyone else.
Kik is a great example of just how explosive adaptation of simple, custom software programs can be. Want to develop your own idea? Contact SDSol Technologies, Miami’s custom programming experts.
Subscribe to:
Posts (Atom)