Check out the latest news in IT, and see what CAPEMS is up to!
This seems to be the week for phone troubles. We’ve had a cable provide screw up rollover configurations on two sets of lines (two small firms moved from one suite to another) that took about 5 tries to get them to fix, Verizon outages on a small hotel for 2 days, and now an issue with an asterisk/lync setup. Hopefully this helps someone save some time if they face a similar situation!
So, we’re fans of Vitelity for SIP trunk service, and love Asterisk as Key/PBX replacement. In this case we have Vitelity -> Asterisk -> lync 2013 (single server, all roles collocated). We had PIAF <-> Lync working wonderfully for inbound/outbound but running apt-get upgrade recently messed up GRUB with the newer kernels. After trying to repair I got fed up and just fell back to the older kernel on boot until I had more time to work on the issue, which really meant creating a new VM with the newer versions of everything. However, after this brilliant plan, using the same settings as before (or so I thought) didn’t work.
The problem lies is the fact that I chose to try using PJSIP for the Vitelity trunk, and SIP for the Lync trunk. The default configuration binds 5060 to PJSIP, but then 5061 for SIP. So, if we go into the Lync Topology Editor we must change the Listening Port of the IP/PSTN gateway to match this.
Then “all that’s left” is tweaking your inbound/outbound routing. Which probably meaning dealing more with the people than the machines…
In our case, I also made the embarrassing mistake of not paying attention to cert expirations (which of course was around 30 mins after this first part was completed).
We have a few of these guys deployed and are quite happy with them, even though they use mechanical laptop drives. We’re also starting to see speed issues related to hard drive performance, making them excellent candidates for solid-state drives. As expected, post upgrade performance is excellent.
Despite extensive googling, I couldn’t find any information on disassembly, so while upgrading one I took a few photos. Hopefully this will help someone else out there dealing with this model!
Most of our clients are small/medium sized businesses on a Managed IT Service program. Often, end users will ask: “Why can’t I install X by myself?”. This isn’t so much a result of the user being a problem as it is a result of years of big name vendors selling cheap systems and not bothering with security. Until Apple’s big comeback somehow made a locked-in ecosystem acceptable to the average consumer(to the dismay of the founders and creators of the technology it’s built on), users got confortable being able to do anything they wanted to their system. While we’re hackers at heart and always want the option to tinker, it’s not really appropriate in a business environment.
Limited User Accounts
While this isn’t such a concern with the newer OS X and Windows 7/8, I dug up this Washington Post article from 2006 on one of the simplest things you can do to secure your PC. The first account you configure on a PC is generally a full administrator. This means you can do anything you want, good or bad.
While Windows Vista and OS X introduced us to things like User Account Control, creating a “buffer” when taking actions that modified the system, it’s still too easy for unintended consequences that cost you time and money later on.
Limited User accounts prevent
Changing computer configuration
Accidental deletion or modification of data and programs
Malware from installation, especially when surfing
Kids and corporate users from installing software of any kind;
Using the computer for other purposes;
Theft of information or intellectual property;
For a long time, this simple change that provided huge improvements in security ended up creating problems for users, thanks to poor design by Microsoft and lazy third-party developers. Even Intuit took years to update their Quickbooks packages to become compatible with the LUA methodology (I think they got around to it in their 2010 version).
The cost of free software
There’s plenty of great free software out there (often better than paid stuff!), but you need to know what you’re installing. But popular packages like VLC or OpenOffice are frequently viewed as attack vectors for malware or bloatware(those stupid toolbars and popups).
If you don’t know where to download the original files, its easy enough to click the wrong link in a Google search and download a copy with something bundled it. If they’re nice, there’s probably a tiny check box buried in the install screen you can un-check, but its probably very easy to miss.
At the end of the day, our arguement is simply that it costs less to have an IT pro handle it while you sit back and relax (or more likely just work on something else). Does it really pay for you to spend time tracking down the right program or cleaning up junk from your PC later? (Our secondary arguement: exactly why is a user constantly installing programs? Is that part of their job description?)
A more delicate problem is the question of who gets admin rights (of course assuming we’ve set up a separate admin accounts for such purposes).
The problem here isn’t that we’re trying to single out an individual; we rather like most of our clients. The purpose is to prepare for the unknown. For example, if a policy is in place and followed, then it’s less likely you’ll
- find out the hard way that your new hire isn’t such a nice person after all (at least not at the expense of your data)
- realize you just spent two hours looking for a program to open some obscure video format
- click the wrong download link and end up with a threat from the “FBI” that will “go away if you pay $50″
We hope this helps sway business owners to err on the side of caution when it comes to users and admin rights. This isn’t my position or even just our company’s position, it is considered standard practice in responsibly securing a network.
We’re often asked about Search Engine Optimization (or why a site isn’t #1 in Google).
What it is, and what it isn’t
Let’s start off by saying (to calm the salespeople) that there are two kinds of analytics. Web analytics gives you insight on your website visitors, marketing analytics gives you data on your marketing initiatives (e.g. social media, blogging, email newsletters, etc) in order to determine the true ROI of those activities, and understand how well they’re meeting your business goals.
This is NOT Search Engine Optomization (SEO).
What we’re trying to accomplish in SEO has to do with structuring your news content for Google/Bing/Yahoo to put it in front of more people. Analytics allow CAPEMS to track and measure how effectively we’re doing this, and can give guidance on how to do it better. If SEO is a blueprint, Analytics is the ruler. (more…)
From the Google Online Security Blog:
…we believe that more urgent action — within 7 days — is appropriate for critical vulnerabilities under active exploitation. The reason for this special designation is that each day an actively exploited vulnerability remains undisclosed to the public and unpatched, more computers will be compromised.
Google has always been pretty good about advocating for improved security, so while it’s no surprise, we’re still very glad to hear this. Many software vendors we have to deal with tend to drag their feet with bugs/patches and could use a swift kick from someone as big as Google.Read More
Readdle has added border detection to their already useful app. If you’re using an iPhone or iPad, this is a great investment that turns it into a universal scanner on the go.
You’ve probably already considered social media and email as forms of communication for your business, so here’s a quick overview of our preferred approach: (more…)
From the National Republican Congressional Committee to Washington State’s Courts and LivingSocial, we’re seeing increasing cyberattacks on websites in the news, so we thought it’d be a good time to go over some common problems and potential solutions. While there are always going to be internal threats and 0-day attacks, the following are some standard techniques to help keep you ahead of the curve.
If you’ve already been hacked, contact us immediately! It’s going to take much more than these pointers to fix.
- A recent study showed that using the 10000 most common passwords would have cracked >98% of 6 million user accounts. All of these problems have the potential for a huge security hazard.
Passwords aren’t enough
We’ve been urging our clients to transition to use of complex passwords (or better, passphrases) for a the past year. Still skeptical about the need to improve log-in security? Perhaps the following articles would be helpful:
- 2011: The Password is Dead. Time for Better Online Security [Forbes]
- 2012: The Password Fallacy: Why Our Security System Is Broken, and How to Fix It [TheAtlantic]
- 2013: P@$$1234: the end of strong password-only security [Deloitte]
- 2013: PayPal security boss: OBLITERATE passwords from THE PLANET [TheRegister]
There are many similar news pieces that argue for greater security, but hopefully we’ve made our point.