It is hard to believe that the Internet does not have very many decades behind it. As the 1960s became the 1970s, the dawn of new ideas for Internetworking emerged. Fast-forward to today, and the entire landscape through which we connect ideas together has been consumed by this digital space for thoughts.
Information Technology is inseparable from communication and collaboration because of the speed at which it operates, and its natural tendency to evolve faster than most of us are able to comprehend. As the whirlwind of dust from launching this new frontier settles, we are beginning to find proven methods for communication and collaboration that efficiently utilize the new technology available to us, and it is clear to see the improvements that Information Technology has afforded us through the manner in which we conduct our business.
Provide an Open line of Communication
Most services have been digitized into the Information Technology realm. Voice Over IP brings phone conversations to the realm of 1s and 0s along with email, chat, video streaming, file-sharing, etc. This provides a method to track all communications singularly instead of managing communications stored over multiple accounts and performed over multiple mediums that may not otherwise integrate. Services such as Office 365 provided by Microsoft supply an integrated email, chat and video conferencing experience hosted in the cloud, with a centralized method to index and store the communications for fast searching and reference.
Provide a Creative Space
The digital realm provides an effective method of controlling user work environments and keeping data
integrity secured using centralized policies and automated responses to conditional triggers. Maintaining a clean digital workspace supports creative focus and productivity. Imagine for a moment that you have a
home that is perfectly spotless. You are sitting at the couch in the living room, drinking a glass of water. When you finish the water, you put the cup down on a table - and forget the coaster. Immediately, a robot zooms out, picks up the empty glass, wipes the condensation from the table-top and takes the glass to the kitchen and puts it in the dishwasher, and then returns to his stand-by position in the closet. The environment is as if you had never disturbed it - that is the power of automation in Information Technology (and amazingly enough is very close to being a real-world robot scenario, as well. Roomba's are scurrying over hardwood floors throughout America, tormenting dogs and cats who are just trying to bask in the glory of their mess for a bit before returning to sterile modern living.)
Remembering things is hard, and I find that it only gets harder as I age. You know what doesn't have
trouble remembering things? Computer storage. Unless something happens to damage a device, computer storage is a precise memory system that cannot lie, and will remember whatever you tell it is important. This is extremely useful when collaborating between large groups of individuals. Whether you are using Microsoft SharePoint online to upload all of your documents and work on them simultaneously with your department, using Exchange and Lync online to send, store, consolidate and index all of your communication threads, or engaging Trigon Replay & Trigon Online Backup to store and maintain versions of documents from your local computer or server infrastructure, you can be sure that Information Technology is remembering all of the things that you have forgotten about.
How important is your website to your business? Does it just provide information on what your company does, or do you use it for the sale of products or services? If your website goes down how much money would be lost for the time frame that it’s down? If you’re website is an integral part of your business then you‘ll want to make sure you protect yourself against DoS
attacks. DoS stands for Denial of Service and it works by flooding your web server with junk data to the point that the web server is too busy processing the junk data to be able to process legitimate data and/or requests. In the case of a Distributed Denial of Service (DDoS) attack, your web server could crash due to the flood of data. While there are no sure fire ways of preventing a DoS attack, there are ways that you can help protect and mitigate potential attacks to your network.
1. The following registry entries in a Windows server can help protect against a SYN attack, which is a specific type of DoS attack. Keep in mind that modifying the registry can cause unexpected results so before making any changes backup your registry!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip\parameters\Create REG_DWORD named synattackprotect with a value of 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip\parameters\Create REG_DWORD named tcpmaxconnectresponsetransmissions with a value of 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip\parameters\Create REG_DWORD named tcpmaxdataretransmissions with a value of 3
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip\parameters\Create REG_DWORD named enablepmtudiscovery with a value of 0
2. Monitor network traffic going to and from your web server. By reviewing network traffic you can catch the attack as it starts. If you can’t catch the attack when it starts then you’ll at least be able to review the logs of the network monitor to determine what happened.
3. Purchase a Cisco Guard XT unit which is specifically designed to detect DDoS attacks and redirect the potential attack away from the targeted server.
4. Block ICMP requests on the firewall
5. Lastly, contact your ISP and request assistance. As a last ditch effort your ISP can block traffic to your network until the attack stops.
This isn’t an exhaustive list, however if you follow these items you’ll stand a better chance of detecting an attack and protecting your network.
Efficient and effective troubleshooting is truly a learned and developed skill. There are many published methodologies and best practices to follow which certainly have their merit, however, like most things in life, the guidelines are great but experience is required to truly hone one's skills. Below are just a few of the rules I follow during my own troubleshooting processes. This list is by no means exhaustive, but it provides some good insight on a few of the most valuable steps I employ.
1. Be Methodical - Do not just start clicking around thinking you may quickly find the answer and resolution. It is important to first analyze the system and understand how it should function under normal operations, then track the sequence of tasks required in order to determine exactly where the fault lies. What is occurring that violates normal operations? Was a recent change made? What seems out of place? If possible, use properly functioning systems as a source of comparison.
2. Document - Take notes on your initial findings, test results and overall progress. This doesn't just help you to track your progress, but often times it can become valuable in the future, if a similar issue happens to arise.
3. Don't Make Assumptions - Sometimes it's very easy to make assumptions, based on what we believe to be the truth. However, we may not always have a full understanding of the situation, even though we think we do. We also like to give others the benefit of the doubt and assume the work they performed was done correctly. Ask questions and double check configurations. Also, don't skip the obvious. It's easy to assume that everything on the physical layer is working properly, but without any empirical evidence, it's simply not a safe assumption.
4. Use Advanced Logging - Often times a log may report a problem, but the event description is too vague. Complex systems and applications usually have an advanced diagnostic logging function built in, but not enabled. If you know what you're looking at, often times these logs can point you to the exact problem.
5. Use Process of Elimination - Develop testing criteria then run through the tests by only altering a single variable each time. Eliminate possible causes based on your test results, then move onto testing your next culprit.
6. Utilize Vendor Support - It is easy to burn time troubleshooting a third party application because we often hesitate to contact support, knowing what a cumbersome process it can be before actual assistance is obtain. I always perform an assessment early in the process, then make the initial contact with the proper support channels as I deem necessary. I also always ensure I provide the basics upfront; OS versions, software versions, any specific variables to considers, steps I've already tried, etc. If you don't provide this information you will just delay the time it takes to obtain assistance since the vendor needs to gather this information anyway. They may even end up advising you over email to try certain tasks which you have already performed. I try to be as clear and thorough as possible so my request goes exactly where I need it to go. I also do not stop troubleshooting once I contact the vendor for support, unless there is a specific reason to do. If you resolve the issue before they contact you, great, and if not, you’re already that much closer towards a resolution.
In order to improve your own skills, first work on developing the individual components of your overall system. Once you have specific processes in place, abstract them in order to create a system which is applicable to each situation you encounter. Be sure to consistently use this newly minted system while simultaneously gauging its efficacy, then tuning it where required. This general approach will ultimately lead to less frustration, a quicker time to resolution and most importantly, more satisfied customers.
In today’s business world, companies have become increasingly reliant on their IT systems for day to day functions. These systems serve as a link to their customer base and are vital to business operations. The primary impact from IT systems downtime is lost revenue. This can affect both present and future revenue.
As a result, companies of all sizes are now addressing the need for disaster recovery plans. Downtime or any interruption in business operations may result from natural disaster to
human error. No geographical area is safe and no amount of proactive hardware monitoring and user training can guarantee avoidance of potential downtime. In reality, the majority of business outages are due to something occurring within the organization and are statistically more disruptive to smaller businesses than larger corporations.
- Natural or man-made disaster – As previously noted, this may occur anywhere and would include earthquakes, tornadoes, hurricanes, floods, snowstorms, fires, and power failure. Companies in the mid-Atlantic region have all felt the effects of power outages due to snowstorms and hurricanes in recent years.
- Hardware Failure – Critical hardware failure may occur at any given time. Loss of data can cause irreparable damage to any business in the form of legal consequences or financial impact.
- Human Error – Whether it’s maintaining hardware improperly that causes an outage or performing a series of keystrokes and accidently deleting data, human error is a real point of consideration for disaster planning.
- Business Availability – Ultimately, this is the primary point for disaster recovery planning. Business unavailability results in the loss of revenue. Customers now have many options with increased competition across all lines of business. If your business is disrupted and you can’t answer the phone or your website is down, your prospective new customer may take their business elsewhere. The same or worse applies to existing customers. They may be less forgiving about an outage that affects their business.
While putting a disaster recovery plan in place may be an intimidating task, Trigon has the expertise and experience to guide you through it. We service the Philadelphia and Central PA area. Contact us for an assessment and we’ll help you implement an effective and valuable disaster recovery plan.
Today, eDiscovery plays a much more important part in civil litigation than ever before. Email, Word and Excel documents, digital images, and even mobile phones are all examples of electronic data now being required as part of the discovery process. It is for these reasons that businesses need to have a sense of eDiscovery readiness and accept accountability for discovery obligations. Failing to produce this type of data in a timely manner puts businesses in a position where they are subject to monetary penalties as well as a loss in reputation. To assist in this process, vendors are developing platforms that can manage the entire lifecycle of the eDiscovery process. A combination of policies, procedures, and technology to manage corporate data creates a solid foundation for eDiscovery readiness. But what is a Small Business to do? The following are 5 things Small Businesses can do to make sure they are prepared for eDiscovery:
- First, understand what the rules are. The Federal Rules for Civil Procedure (FRCP) contains the requirements businesses must follow for the discovery process. At a minimum, knowing how email is being stored and whether it is stored in a compliant manner should be known.
- Create a compliance policy. Document what data needs to be retained to comply with regulatory and eDiscovery requirements and make sure employees are aware of these requirements.
- Backup solutions are no longer good enough. Backups create a point in time recovery point in the event of a hardware failure; it is not an archiving mechanism. Third party solutions as well as native solutions built into Microsoft Exchange provide mechanisms for archiving email and can save exorbitant amounts of time when searching for specific search terms.
- Understand how social media is being used for your business and how your employees are using social media. The bottom line is that courts are requiring companies to provide social media content. At a minimum, a social media policy should be distributed providing guidance on acceptable use. Examples of what could happen if the guidelines are not followed should be explained.
- Consider "The Cloud". Cloud based solutions such as hosted email or CRM can provide the means for archival and retention so that you are ready for eDiscovery when its requested. But be wary. You still need to have a plan. Moving data to the cloud usually means that data is likely to be located both locally and hosted, expanding the scope of discovery and ultimately making discovery costs go up.
Cloud migrations are among the latest trends in IT, and for good reason. With ever increasing security breaches and frequent patches, on premise systems are becoming more costly to run and keep secure. In these cases, it may be better to shift these services to a company that focuses on the security and uptime of that particular service, freeing up valuable time for other tasks.
But before migrating everything to the cloud, it’s a good idea to pay attention to these 7 best practices to avoid end user frustrations or outright failures.
- Plan – Don’t just assume the cloud will “fix everything”
Define the Business Case
- Make sure to understand what the cloud based service can and can’t do for your business. There may be particular options that your business currently relies on that cloud based services don’t offer.
Understand the Management Tools
- As with all new technologies, the business case must be defined first. This ensures that the technology is fitting the use, and not shoehorning the business to fit the technology.
Consider Complex Cloud Solutions
- Services in the cloud often have very different tools for management. Prepare for a learning curve and understanding how to leverage these tools.
Data Migration - Bandwidth vs. Rate of Change
- Complex solutions may require services from different cloud service providers. This can require significantly more planning to implement. For instance, consider how an Email Cloud provider will interact with an online Data storage service for automation.
- Also consider how cloud services will interaction with local applications (consider migrating all interacting applications to reduce latency).
Understand Changing Roles
- Ensure that the rate of change of your hosted data will be less than your available bandwidth.
- If a local application interacts with a lot of data which will be hosted in the cloud, this will require increased bandwidth. It may be advisable to host the application in the cloud along with the data in this case.
- System Administrators roles will shift to become from their current task to become Contract Negotiators who monitor SLAs instead of mail queues as more services are moved to the cloud.
- And how it relates to regulations affecting your business
- HIPPA regulated business may need to encrypt data before sending to the cloud
- Ensure that communications between local resrouces and cloud data is encrypted
Trigon Technology has the expertise and experience to smooth Central PA and Philadelphia area businesses through the transition to the cloud.
On June 14, 2013, Apple released a new app in to their store: Microsoft Office. The app’s formal name is Office Mobile for Office 365 Subscribers. This has been a long awaited release for Apple, as the app has already been on the market for Windows tablets and phones. Although Microsoft is branching out to iPhones, the Office Mobile app is getting mixed reviews from the mobile app user community.
For an iPhone user to be able to use this app, you will need to have an existing Office 365 subscription. A basic subscription of Office 365 provides you access to Word, Excel, PowerPoint, and other Microsoft Office programs through the cloud. Many users are upset about the Office 365 requirement and the limited features that come along with the app. Users are only able to make small edits in the documents, create new documents, review comments made in Word and Excel, and share documents through email. More advanced functions like tracking changes and creating PowerPoint documents is not supported.
The iPhone app has close to 800 ratings on the iTunes app page, with a relatively low cumulative rating of 2.5 out of 5. There is a common sentiment amongst the negative comments are related to the lack of editing options and the Office 365 fee that is required. Many believe that Microsoft is doing this by design to drive up the sales of Windows products because the mobile Office app is more advanced on their Surface tablet.
Most users do not have a pressing need to use the advanced Office suite on their iPhone or iPad. However, if you do require more advanced Office functionality while remote, you may want to consider a traditional laptop with the complete Office suite of products or a Windows Surface device. If you have any questions, please contact Trigon and we’re glad to assist as always!
Is the NSA Harvesting Your Personal Information???
The National Security Agency (NSA) is an agency within the United States Department of Defense that oversees digital intelligence. The agency is responsible for not only for protecting the safety of the United States, but also analyzing and decrypting communication intelligence all across the globe. As you probably know by now, the NSA has come under fire for leaked information by one of their private contractors. On June 10th, 2013, an NSA contractor named Edward Snowden posted highly confidential documents online that displayed two of the company’s surveillance programs; one that collects phone records and one that records online data. The two programs revealed that the NSA is able to collect all Internet usage domestically to prevent any terroristic events from happening, primarily in the United States. Snowden said he felt compelled to inform the United States population of what our government is allegedly doing behind our back.
Should we be worried? Are we being watched every time we do a search on the Internet or make a phone call? Snowden seems to think so, but the NSA has a different side to the story. President Barack Obama gave a statement informing the public that the NSA is not spying on you, rather looking for terrorist plots to ensure the safety of the country. Snowden disagreed with Obama’s statement and replied, “I’m willing to sacrifice all of that (his luxurious lifestyle in Hawaii) because I can’t in good conscience allow the U.S. government to destroy privacy, Internet freedom and basic liberties for people around the world with this massive surveillance machine they’re secretly building.”
The idea of the government listening to my phone calls and monitoring my computer usage is unnerving. Although, in this day and age, there is so much data flowing through the Internet that a very small percentage of it may be fueling a cyber-attack or an actual terrorist act. But, if there is no probable cause and public acceptance of this data harvesting, it sure seems like an invasion of privacy. It seems highly likely the NSA is tracking our calls and emails, even though they emphatically deny it. This is evidenced when filming the movie Eagle Eye; famous actor Shia LaBeouf stated that the FBI consultant helping with the movie showed Shia a phone conversation he (Shia) had two years ago. Check out the video clip here: http://www.youtube.com/watch?v=3ux1hpLvqMw .
What do you think about this story? If the accusations are true, do you feel that you have been violated by our government, or is it just a necessary precaution that they need to keep to protect the nation’s safety? Is Edward Snowden a hero or a traitor? While Trigon cannot protect all of your personal transmissions on the public Internet, we are experts in protecting your corporate data and ensuring that you are secure at all times. Let us know in the comments below!
CNN recently ran articles on the increasing number, sophistication, and severity of cyber-attacks occurring in the United States. After reading the articles, you quickly realize how this threat has evolved from impacting individual users to now our national corporations and the government.
At its basic level, personal identity theft and financial loss are the primary concerns of a cyber-attack. This threat has existed for years. More recently, US corporations are now facing cyber-attacks, where loss of client data and intellectual property are the main concerns. In addition to the corporate world, US government agencies are experiencing attacks aimed at various components of US infrastructure and institutions. Because many of the attacks are initiated by not only criminals, but also nation states, the US government views these actions as “cyber warfare” and a threat to national security. The goal of these attacks is to steal business knowledge and negatively impact US infrastructure such as telecommunications, power, and water. They have increased exponentially in number and severity and have the US government very concerned.
The Obama administration has taken steps to address these growing concerns to national and business security by signing an executive order initiated to stop or slow cyber-attacks. US government agencies are being tasked with assisting more in the defense and prosecution of attacks, providing corporations with information to enhance their own security, and enlisting the help of foreign countries in controlling attacks.
Corporations who were once slow to accept the government’s advice and offers of partnering in the cyber warfare fight, are now realizing its impact and importance. They are applying more resources and effort toward developing strategies to minimize their exposure.
In light of this rapid evolution, everyone should consider and question how safe they are as an individual or business entity.
Image this: You are at an office of a potential buyer of your products. The meeting is to begin in 30 minutes. You are getting prepped and discover that your presentation on your laptop is corrupted! Do you panic? Maybe, but you also realize your data is backed up to the cloud.
You call your backup provider. I answer. I listen to your frantic whispering over the cell phone, and then I remotely restore your file to your laptop that was backed up the night before. You present your presentation minutes later and win the day!
We at Trigon provide a backup solution leveraging cloud resources to back up your data be it at the office or on the road. The Trigon Online Backup can be used to backup critical data from servers, laptops, and workstations. The service backs up data and restores data, it isn’t designed for bare metal restoring, though Trigon does have service for this as well.
Why backup to the cloud?
- One advantage of the cloud backup was highlighted in the scenario above. The remote backup of offsite resources. The travelling staff members can have their laptops backed up and restored out in the field. They do not have to come back to the office to upload and download data, no VPN needed, just a network connection. The restore can be initiated by the user or remotely by Trigon.
- The backups can be set up with bandwidth throttling to have minimum impact on the computer performance. The users will not notice it is running and their changes are being saved. This bandwidth control also limits the impact on your office network as well if there are multiple machines backing up to the Trigon Online Backup at the same time.
- The data stream to and from the cloud resources are all protected with a military grade encryption. 256-bit AES security. So if you are on a public or guest network, the data passed back and forth is protected if someone is nearby wearing the black hat and nefarious moustache. The encryption is maintained while the data is at rest as well.
- The very nature of cloud backups means that your data is stored offsite. No need to remember to bring home tapes, external USB drives, or send them to be secured in offsite storage. The data is stored at two secure data centers located in different parts of the country. So the backup service has redundancy built into it as well.
- For those who do use tapes, a major quality of life improvement is you don’t have to switch out tapes. How many times did you remember to switch out the tape at the last minute or when you got home? How many times did you get the tape rotation messed up? Not with a cloud backup!
- The Trigon Online Backup solution has the ability to back up critical production data from virtual servers, Exchange servers, and SQL servers. The backups can be set up to be rather specific. For example you can set the mailbox backup to exclude messages on the subject level.
- The Trigon Online Backup utilizes bit level backups, so it reduces bandwidth and storage needed. Only backing up what has changed since last time the job was run.
- Backup jobs are monitored and reviewed for failures and warnings. We monitor the jobs for issues and address them to make sure your data is being captured and saved.
- Cost savings. By having the backups move to the cloud you no longer have to pay for utilities to run the backup tape drive or other devices. No service costs for the hardware No need to purchase new tapes every year. Reduction of staff time transporting the backup media offsite. You will no longer have to pay for the offsite storage. The price point for the Trigon Online Backup is minimum compared to what is spent each year maintaining the onsite backup solution.
There are a lot of reasons to participate in a cloud based backup solution: convenience, accessibility, cost, and security. Add in the granular level backups that can be done, and the built in redundancy, then the Trigon Online Backup is even more appealing. Best of all, NO MORE TAPES!