Technology Made Simple
Thursday October 23rd 2014

Q&A Monday: Security Question Safety?

SecurityQuestionsQuestion:

With all the talk about making a password secure, I noticed that someone with enough knowledge of me would be able to reset my password using the security questions. These questions are similar across almost every site that I visit and a friend or determined enough hacker could easily guess the answers, any idea on a way to help keep my accounts secure with the security questions?

Joann Power
Portland, OR

 

Answer:

This is a great question, and I apologize for holding it a little while until National Cyber-security Awareness Month, but this was just too good to pass up.  I prefer a different method (when available) to secure my online account, but I’ll talk about that later in my response and answer your questions directly.  Now to help better secure your security answers, is easy, it’s something I call, answering a different question.  The best example I can give you:

Security Question:
“Name of your favorite book”

Answer:
Xbox

OR

Security Question:
“Name of your childhood friend”

Answer:
Purple

 

Now there is some pre-planning that needs to go into this, you’ll need to make sure the questions and answers are the same (or similar) across all the sites….I have about 8 questions that cover all the sites I visit….and you need to make sure you reset them on every site.  All this does, is keep someone from being able to gather enough information about me to guess correctly at my questions.  I’ll be honest, it took a little bit of time where I had to refer to a note to be able to correctly answer the questions, but eventually I was able to remember the question and answer combination without thought.

As I mentioned, there is an even better way to secure the account, and that’s with two-factor authentication, but unfortunately it’s not universal yet, and usually only major companies (Google, Dropbox, Microsoft, Twitter, Facebook, etc)have it. This send either a text to your cell phone with a code or some sites have a piece of software that is on your phone and generates a code that the website will ask you.  The reason I like these, because even if a hacker has your password and can guess your security questions they can’t get in without the second authentication piece your cell phone.  Admittedly this can be a little annoying when, before you can log in, you need to enter a code to get to your favorite websites, but in the end security is the best policy.

Click here to learn more!

Computer Download Saftey

Secure Computer  Technology has made strives to make the internet as cross platform as possible, meaning regardless if it a Windows, Apple or Mobile device most sites work across all these platforms with minimal or no downloads.  Yet, we still can’t get completely away from the downloads, whether it is games or specialized applications for watching videos or even site plugins and this is where malicious programs love to hide, in the areas where you still need to download file.
There are tons of bad sites out there that host legitimate looking files or just a link to a file that you may need (or think you need), and that’s when you download the program and it may or may not work, but unbeknownst to the user, malware or viruses have been installed on your device.  This is bad for several reason, mostly because you don’t want software on your computer doing anything you don’t want it to do.  So now that you are scared (hopefully) what can you do to protect yourself.

 

  1. Only Download files from trusted sites
    This sounds easy, but can really be difficult to sort out online.  The best recommendation I can give you, if in doubt google the site name with the word scam after it…you’ll get a good idea if the site is legitimate or not.
  2. Don’t download anything from emails, unless you are expecting it
    This is new twist on a common issue, I’ve gotten emails from people I know, with a convincing body to the email with a link to download a file.  We use to just not download from stangers but now, don’t download if you aren’t expecting and email from a person.  I email a lot of people back and ask if they really did send it.
  3.  Run a malware/adware software regularly
    While most virus scanners have malware or adware support built into them, I’ve never really found them that useful on their own.  I usually have atleast 1 other malware scanner on the computer, which I run regularly just to catch anything.

These are some simple tips that can help keep you safe while download.  It’s not foolproof, but every step you make to keep yourself safe makes the likelihood of having a computer infected with viruses and malware, and a chance of loosing private or sensitive information to hackers, down to as close to zero as possible.

 

Are there any tips or tricks you use to download files are keep yourself safe, let me know in the comments section below.

2014 National Cyber Security Awareness Month

National Cyber Sercutiy Awareness MonthI’ve been a fan of the Department of Homeland Security’s National Cyber Security Awareness Month for a little while now.  This year marks the 11th annual year of the month long event.  If you are not aware this month is designed to educate the public about cyber security issues and things you can do to protect yourself as our lives become more and more tangled online.

Over the next month, I’ll be tailoring my tweets and blog post on promoting and educating you on how to better protect yourself and businesses online.  If there are any questions that you have about protecting yourself (or your business) online, please e-mail me@jimguckin.com and I’ll answer them during the Monday’s Questions and Answers blog entries.

Q&A Monday: How DHCP Works

questionmark.jpgQuestion:

Please don’t laugh at me, but I’ve wondered how my computer gets an IP address from my router?

Renee Newcomb
Ferndale, WA

Answer:

I love questions like these, every computer, tablet, phone or laptop gets an IP address when connected to the internet, but rarely do we think of the process that takes place. So to go over the basic way a new laptop at your house gets a computer.

  1. When a new devices connects to your network (either plugged in or via WiFi), it send a broadcast message on the network. This broadcast message is open for anything to respond to, since it doesn’t know the network settings.
  2. A DHCP Server (or a router acting as one), will hear the broadcast message and reply to the device with the information that is needed to connect. This would contain the IP address, DNS, how long it can use the IP before needing to check back in.
  3. The device then responds back to the DHCP server saying that it wants to use the IP it was offered
  4. The DHCP server, then lets the device know it can use them.
  5. Now with an IP address, you can see the other devices on the network that are on the network subnet.

I hope that helps you understand the process of DHCP when a devices connects to the network, I tried to make it as simple as possible, and it can get more complicated in a larger network.

 

——————————————————————————————–

If you have any questions that you want Jim to answer, from business servers to home computers, drop him a line at me@jimguckin.com, and he’ll try to answer your question. Check back every Monday for a new Question and Answer session, and also during the rest of the week for other technical insights.

ESET Cyber Security Pro for Mac - Save 25%

Q&A Monday: Data Center Teirs

ServerRoom.jpg

Question:

I am a small business owner looking to go with a cloud provider for our IT services.  Each of the vendors mentions their data center level, and I’ve tried doing research to figure out what these levels mean, but I can’t find anything describing them in plain English, can you help?

Vickie Downs
Watertown, NY

 

Answer:

I will try my best to break the Data Center Tiers down into plain English for you.  The first thing you need to know when looking, is how mission critical are your servers, this will help you decide what data center is right for you.  Also it should be know that the higher the data center tier is, the more you are going to pay.
    OK, now to the explanation.  When you hear the term Data Center Tier (1 to 4) this is just a standardized methodology used to define availability (“uptime”) of data center. 

Tier Level Requirements
1
  • Single network infrastructure and connection to the internet
  • Non-redundant servers and power
  • Basic site infrastructure with expected availability of 99.671%
2
  • Meets or exceeds all Tier 1 requirements
  • Redundant site network, power or server with expected availability of 99.741%
3
  • Meets or exceeds all Tier 2 requirements
  • Multiple independent infrastructure serving the IT equipment
  • All IT equipment must be dual-powered and fully compatible with the topology of a site’s architecture
  • Concurrently maintainable site infrastructure with expected availability of 99.982%
4
  • Meets or exceeds all Tier 3 requirements
  • All cooling equipment is independently dual-powered
  • Fault-tolerant site infrastructure that includes generators and/or UPS and power outlets/breakers with expected availability of 99.995%

    As we can see from the chart above, Tier 4 data centers  are considered to be the most robust and less prone to failures.  Generally Tier 4 Data Centers are designed to host mission critical servers and computer systems, and they include fully redundant subsystems (cooling, power, network links, storage and servers) and have separated security zones controlled by bio-metric access controls methods. On the opposite end of this chart naturally is a Tier 1 data center used by small business or shops that don’t need or can’t afford the higher levels.

*Important Note*

Now people tend to brush off those availability numbers since they are only  .324% off from each other, but those number can add up to significant changes in downtime.  Below is the chart of allowed downtime in a given year at each tier level:

Tier Level Minutes of Downtime
1 1729.224 minutes
2 1361.304 minutes
3 94.608 minutes
4 26.28 minutes


——————————————————————————————–
If  you have any questions that you want Jim to answer, from business servers to home computers, drop him a line at me@jimguckin.com, and he’ll try to answer your question.  Check back every Monday for a new Question and Answer session, and also during the rest of the week for other technical insights.

TASER® StrikeLight™

Q&A Monday: requested session access is denied

Remote Desktop

Question:

I have a user who is trying to connect to a RDS host (2008 R2 ), They are getting the error message “requested session access is denied”. I checked and made sure the user is member of the local remote desktop user group and they have the permission “Allow logon via Remote desktop services” is granted.  What am I missing?

 

Jordan B. Washington
Okeechobee, FL

Answer:

I’ve seen this problem happen a couple of times, this is usually cleared up by removing the /admin command when connecting to the server.  The user may be typing that command via command line, or if using the Remote Desktops feature in Windows 7 make sure that the admin switch is turned off.

Remote Desktops Admin Switch

 

In some cases this is turned on by default, and it’s something the user would never even notice when setting it up, but it’s tripped me up a couple of times.

——————————————————————————————–
If you have any questions that you want Jim to answer, from business servers to home computers, drop him a line at me@jimguckin.com, and he’ll try to answer your question. Check back every Monday for a new Question and Answer session, and during the rest of the week for his other technical insights.

Q&A Monday: Making a new employee feel at home

questionmark.jpg

Question:

I recently started a new position at a company and one of the first major responsibilities of this position was hiring two new helpdesk analysts.  I made it through the interview and selection processes, but I want to make them feel as welcomed and at home as possible.  Do you have any advice?

Ramon Allen
Stratford, TX

Answer:

Anyone knows that starting a new job in IT can be a bit overwhelming, usually because there IT is naturally a quick high-pressure environment working with people who may not be all that forgiving.  Making someone feel at home

 

Starting a job can be stressful and a bit overwhelming for your new recruits — especially in a high-pressure IT environment. Here are a few things you can do to help them feel at ease and learn the ropes more quickly.  I generally feel more at home, when I understand the rules of where I’m working at…and how things get processed.

1) Lunch/Dinner/Happy Hour

Every single job that I’ve had, I have had one of the above done for me.  Even now when starting a new job (and the employee count allows it), is I go out to lunch with them.  This gives you the ability to get to know someone outside of the office environment and helps build a bond between co-workers.  In the IT world, every job I’ve had…my co-workers became a family to me, because in the end I had to rely upon them.  That bond for me, usually took place over a friendly lunch.

2) delaying full administrative rights

This idea may seem at first as if you don’t trust them, but that’s not the case at all.  Anyone who’s worked in IT can tell you every system is different and different policy and procedures exists.  Making a change that they may of done 1000 time on other systems may cause a problem with the current one.  Taking the admin permissions away, gives them a safety net, time to learn the ropes and understand your policy and procedures, all which will lower stress in the end.

3) Provide Network documentation

Understanding the environment they are working on has two benefits, the first being makes them more comfortable working and two helps them understand the environment.  Give them a copy, even if only part of it falls under their support, encourage them to ask questions or make note…and if you feel like it, tell them there will be a quiz.  (I’ve said this many times…but never have actually quizzed anyone).  Take time to explain your naming conventions…like LA-File is the Los Angels File Server where Det-VMHost is the VM Host in Detroit.  Knowing the naming scheme can make identifying and locating servers or computers easier.

4) Give them the full tour

When I started out at my first helpdesk support, I was given a full tour of the office in which I was working, even introduced to the people, so that I would kinda put a face with a name (with so many people I only remembered a couple).  When situations made themselves available my boss would take me out to our satellite office and do the same things there.  It took a couple of months, but I did see every office and it’s setup.  This helped me later when I’d visit these office for work.

5) Identify demanding users

In almost every job that I’ve had, I’ve had that user, whose phone calls you didn’t want to answer, but you know you had to.  When someone new comes it, it’s nice to let them know who the users are going to be.  I’ve picked up the phone a couple of time, unaware of the anger the other person had brewed for months, and my first week I was their outlet.  Just be careful how you talk about your end users.
Plus they can hopefully take a different approach knowing these users are more demanding than the rest.  In my case when I run along these users, I was always a kill them with kindness and go the extra mile to help solve their problems…though it never made them any less demanding, sometimes they were just happy with seeing people try.

6) Keep them informed

IT moves at an insane pace sometimes, and it’s easy to fall behind.  I like to keep my staff as informed as possible, even if it doesn’t involve them.  Why?  Because it keeps everyone on the same page, and where we are with projects and that way if something does move to their plate they know.  Plus you never know what insight they might have.

7) Just Remember the first couple weeks suck

Starting a new job is always rough, and depending on the travel distance or the route they take…they might be adjusting their schedule to this new environment… and be a little laggy.  I went from a job that was a 5 minute drive from my house, to one that was 2 hours…I had to adjust my whole life around it, getting up and ready earlier than I had before.  It took me a bit to be on my game after that kind of adjustment, and then add the stress of a new job and everyone looking at me for answers.

——————————————————————————————–
If you have any questions that you want Jim to answer, from business servers to home computers, drop him a line at me@jimguckin.com, and he’ll try to answer your question. Check back every Monday for a new Question and Answer session, and during the rest of the week for his other technical insights.

TASER® StrikeLight™

Q&A Monday: Removing the Windows.old directory

Microsoft Windows Logo

Question:

I was having some issue with my computer, so I went to reinstall the Windows 7 , onto my computer.  After the installation was complete, I noticed I have a C:\windows.old that takes up a large amount on my computer.  I’ve tried highlighting and hitting delete, but it’s not letting me remove it.

Jeanne Cundiff

Benton Harbor, MI

Answer:

I’ve seen this happen, when people install Windows on a drive without formatting the disk.  Luckily there is a very simple way that you can remove this directory.

  1. Click the Start button. In the search box, type Disk Cleanup and the click Disk Cleanup program.
    Note: If prompted to choose a drive, select the drive you just installed Windows.
  2. In the Disk Cleanup dialog box, on the Disk Cleanup tab, click Clean up system files.
  3. Select the Previous Windows installation check box.
    Note: plus any other check boxes you want to delete, and then click OK.
  4. In the message that appears, click Delete Files.

That should remove the files for you.  Just make sure you really want it gone before going through these steps.

——————————————————————————————–
If you have any questions that you want Jim to answer, from business servers to home computers, drop him a line at me@jimguckin.com, and he’ll try to answer your question. Check back every Monday for a new Question and Answer session, and during the rest of the week for his other technical insights.

Q&A Monday: How to create a Windows Defender right click context menu

Windows DefenderQuestion:

How can I make a right click option to scan a file with windows defender?

David A. Morrison
Bellerose, NY

Answers:

Just as a reminder, that Windows Defender in Windows 8 is always running, but if you still wanted to scan individual files you can do it with the steps below:

  1. Press the Windows key to access the Start screen, type regedit at the Start screen, and press Enter to launch the Registry Editor.
  2. Navigate to the following key: HKEY_CLASSES_ROOT\Folder\shell

  3. Right-click the shell key in the left pane, point to New, and create a new Key. Name it WindowsDefender.

  4. With the WindowsDefender key selected in the left pane, right-click in the right pane and create a new String value. Name it Icon, then double-click it and enter the following value:

    %ProgramFiles%\\Windows Defender\\EppManifest.dll

  5. Right-click in the right pane again and create another new String value. Name it MUIVerb, then double-click it and enter the following value:

    Scan with Windows Defender

  6. Right-click the WindowsDefender key in the left pane, point to new, and create a new key. Name it Command.

  7. Double-click the (Default) value in the right pane with the Command key selected and give it the following value:

    “C:\Program Files\Windows Defender\MpCmdRun.exe” -scan -scantype 3 -SignatureUpdate -file


Note:  When you set this up, the scan happen in a Command Prompt window. You will only be alerted if there is a problem found. The scan is very quick, you will see a Command Prompt window flash (appear and disappear quickly), but If a problem is found, the window will stay up and alert you instead of closing

If you don’t feel like doing on the registry editing, you can always Download this Zip.

Click here to learn more!

Simple Tips to a Secure Password

Password Security

For many of us out there creating a secure password isn’t always easy, it’s hard to memorize one of those complex passwords (i.e. @<6v’)T[~5).   I want to give you some good tips (and things to avoid) in order to make your password more secure.  The most common thing people do, and I was once guilty of that myself, is make the password for every website the same.  While this makes things easy on you, it also makes it easy for hacker to gain access to those accounts.  Last year the website Gawker had a data breach and had username and passwords stolen from them, well some of those same username and password accounts worked on other sites, hackers know this so make sure you choose unique passwords for each site using these tips:

  • Using a remember-able paraphrase create a strong password for the site.
    For example (on a photo site) the passphrase you remember could be: i use my iPhone 5 and we make that secure by 1U5eMy1P0N35 (Now that password is more secure)
  • Passwords should be more than 10 characters (recommend more than 15 if possible)
  • Use Capitals Letters, Lower Case Letters, Numbers and Symbols

Thins to Avoid in Passwords:

  • It should not be like your previous passwords
  • It should not be your name (or login name)
  • It should not be your friend’s, pet’s, family’s name
  • It should not be a dictionary word
  • is not a keyboard pattern (qwerty, or 12345678)
  • It should not be less than 10 characters
  • It should not be written down where people can see it
  • It should not be dates, zip codes or phone numbers

While these tricks may seems trivial, the extra security your new passwords may make it a less interesting target for hackers.

TASER® StrikeLight™
 Page 1 of 18  1  2  3  4  5 » ...  Last »