Greater Lafayette Information Technology Society

Join the mailing list!

by Bob Verplank, Computer Visions

Security/Communication/Cloud: September 2010

Guys and Gals, you really missed a really great meeting. This is my rendition of what took place. Errors expected.
There is a surprising amount of really good thought in these talks.

The meeting was opened by our new president, Scott Charles of Roeing Corporation. A round of applause was delivered for Wally Hubbard and the fine work that he has done on our new website. Thanks Wally.

The opening quotation was
"The user will pick dancing pigs over security every time.”

Physical security

Anthony Newman
Roeing Corporation

Our first speaker was Anthony Newman. To start thinking about security one must have all of their programs and operating systems with all current updates. Passwords need to be safe, secure, and strong. One must observe physical security as well, considering locks, keys, doors, server rooms, and computers. There are differences between small businesses and very large businesses. Never give out your personal password to anybody. Keep your computer secure at all times, and if you walk away from it, lock it down. Never leave it unprotected. He queried the room as to how many people kept their firewall on. The answer was about half.

Windows 7 firewall has some new features. Bit locker would be one of those to encrypt individual files. As an IT person you would probably have the automatic Windows updates shut off. That is because some updates will not work with some programs until they have their updates. It is better to know that the updates and the programs are compatible before installing the updates. Most users will leave the virus protection on and malware detection on. But some users will elect to have neither running because they slow the system down. In Windows 7 you can right-click and use bit locker to encrypt the whole.

There was some discussion about encrypting the entire hard drive and preventing someone from wholesale copying an unprotected system by copying it all to an external hard drive. External hard drives need also to be considered in a security profile.

The second quotation was
"I don't have to worry about identity theft, because no one wants to be me".
Ascribed to J London.

Identity theft

Anthony Neuman

In laying out the building use heavy safes. It is absurd to store customer names, classified data, passwords, client data, or money in lightweight safes that may easily be carried away. The same is true of records storage. It should be safe and secure and even more so if the data is proprietary or belongs to another party. If you ever make a note of customer data or password, and before the day is through, destroy the paper. Do not give out your username and password to anyone.

In his company, we do not pass out cell phone numbers, because we believe that is a loss of security. Windows defender, Malwarebytes, antivirus programs may all be a help to prevent identity theft. One should limit all customer information passed out everywhere. When you give your customer number at Best Buy, the amount of information that is available to the next five customers, in-line, can be surprising. Steve Belter said that a local business had decided to speed up their computer operation and had stopped using virus protection and someone got into the system and followed it for several months copying bank passwords, server passwords and then one fine day wire transferred $216,000 to several east coast bank where they had some friends who retransferred it to the Russian Republic never to be seen again and untraceable as well.

"Regularly test your backups to make sure that they will get you back up. Because your backup in failing is just as bad as failing to back up."
Attributed to T. E. Randenberger

Backups

Jason Rubsam
Lafayette PC

Backup devices and media Make sure your backups work. All of us have horror stories of the backup that's on the flash drive that is empty. We found tape drives with 12 empty backup tapes because the tape drive was broken or dirty. This becomes incredibly important when we have an emergency like a raid drive that malfunctions, or the water from the plugged up air-conditioning drain on the roof runs through the server and may totally wipe out all of the data. Sometimes the customer is lucky and is able to rebuild from the platters on the destroyed hard drive and get most of the data back at a cost of $3,000 or more. Restore often, use the backed up data, test it, store it on site and off-site. Learn what it means to shadow copy and have a shadow copy of your system. On raid it is good to have at least one extra hot share hard drive. That way if one drive fails, the data is still being backed up.

Fourth quotation.
"The biggest problem in communication is the illusion that it has taken place."
George Bernard Shaw.

Communication

Jason Rubsam

We should have just as much communication as possible. Between customers, users, tech support people, and owners. Communication should be complete and both parties should have a thorough understanding of the words used and the meaning.

Quote:
"It is estimated that in the United States today social networks account for 20% of all online display, communication, and impression."

Social networking

Corey Willis
Tipmont REMC

Some conclusions about social networking. You should ask yourself why you want to do it. You need to define the types of messages you plan to paint. You need to determine the appropriate channel Facebook, LinkedIn, Twitter etc.

How frequently do you plan to update these networks? Who will be involved in creating and monitoring this data? Who will monitor and watch your online presence? Who responds to posts and responds to others in answer to their queries?

You should decide in advance to what you will respond. The person who manages the social networking for your company should have enough content to post for the next three months before they start. Before you create a social media plan you should know who, why, where, what, and when.

Software as a hosted service/hosted solution

Andy Milam
City of Lafayette

It is nonsensical in today's economy to do anything other than a hosted solution. The group was queried as to what sort of service providers were being used for open hosted services. One was OpenDNS, Ssolo, and Google Apps. Hosted services can include content management, spam and virus filtering by others, point-of-sale including an open network and a cash drawer. This service is offered by Active Network.

Some exchange servers are now operating on the cloud. With using this kind of service one should be concerned about outages at both ends of the service. These outages may be electrical, or an Internet outage. If one is doing a large enough business as a hosted service, he should have to or more Internet providers. He should also consider backup electrical power.

Hosted services can lower expenditures, the burden on IT resources, but care should be given to make sure that all applicable codes and laws are met. One such example would include HIPPA and its application to the security of medical records in your custody. Mobile access to these records further clouds security.

Quote.
"As a metaphor for the Internet, the cloud is a familiar but when combined with computing the meeting is bigger and fuzzier."

Cloud computing

Scott Charles
Roeing Corporation

Scott Charles is in the orange shirt Cloud computing is nothing more than using the existing power of the Internet to host applications and store data. It can save you money, it can reduce hardware, and software requirements. It can reduce capital expenditures. It can make you more agile. The most powerful and innovative technology is no longer to be found within the enterprise. It is outside the walls.

There are concerns about security and privacy and those concerns may increase if the program is free. Be very wary of any cloud solution that is free. Stay away from generic computer products and go with offerings designed for your business or enterprise. Read the fine print very carefully to ensure that the hosting company is not allowed to sell, mine, or use the data that is stored on the cloud by them. Make sure everything is password protected

iPad, iTouch, and iPhone

Scott Charles

These devices are being used for more and more applications. They were pioneered by Apple and are now marketed by Droid and BlackBerry. If you want a list of applications, there is an app for that. Daily they are being used for more and more complicated functions including project management and engineering. But one of the big problems is security.

Think how much data you have lost when you lose your phone. Your contact list, perhaps your password list, your phone numbers, and who knows how many applications and data connected with your customers. You should definitely have a password on your cell phone. Some server programs may be capable of wiping all of the data off on a casual user who has lost his phone. That may not be available to everyone. Also who knows what data can be reconstructed even after it has been wiped. Purdue University will not send a damaged iPad back to the manufacturer for repair because of the possible data loss.

Earl Nay says that he can program a smart phone to monitor or control any audiovisual application. This may be useful to some managers but can be dangerous if in the wrong hands.

Johnson Controls can now program an iPad to to change or monitor the airflow, temperature, humidity, in an individual room and not have to return to the main computer. They can tell all of the energy consumption in that room as well. But one of the problems of the iPad is that there is no security.

Next meeting: Virtualization on the server, storage, desktop, network, and applications on October 19, 2010 at Puccini's. Be there or we will have to virtualize your presence. It might hurt.