June 18th, 2009 by Al

An interesting article in the Kitsap Peninsula Journal (http://www.kpbj.com) this month about this. I fled the PC world in ‘06, trading my Dell for a MacBook Pro. Three years later I’ve no regrets. Upgrading to MacOS Leopard was the most seamless Operating system upgrade I’ve ever done. I’ve used it to provide after-hour support for the corporation I previously worked for and use it now to support my present clients.

Here’s an excerpt of the  article:

Is it time for IT department to learn the Mac?
Could embracing Mac skills propel your career forward if more corporate IT departments decide they need to support this platform?
By Deb Perelman
From eWeek Online Mac skills have long been seen as superfluous for IT professionals; Apple platforms are rarely used in medium and large enterprises, and not even the release of the OS X operating system chipped away at Windows’ claim on the IT department. Yet some observers feel that this is set to change. Between October 2007 and January 2008, two dozen researchers at IBM participated in an internal pilot program designed to investigate the possibility of migrating employees to the Mac platform. At the end of the trial, 86 percent of the testers asked to continue using their Macs, leading IBM to plan to expand the pilot to 100 users by the end of 2008.   <<More Here>>

June 16th, 2009 by Al

For more information, contact:
Al Ardon
Al Ardon IT Strategies, Inc.
Phone: (360) 881-0546
Email: al@alfredgardonconsulting.com

Al Ardon IT Strategies Opens in Kingston
New firm offers innovative technology and risk management solutions

Kingston, WA  (June 15, 2009) Al Ardon, an IT expert and professional consultant is pleased to announce the founding of Al Ardon IT Strategies, Inc., an innovative new IT support and risk management company. IT Strategies offers solutions to challenges faced by both businesses and individuals, including services related to server management, security and risk management, risk analysis and assessment based on sound practice and standards. We work with technologies that best fit the specific need of your business.

Al Ardon, principal and founder, has nearly 2 decades of experience within the Information Technology industry and was formerly a Staff Systems Engineer at Fluke Electronics in Everett, specializing in support and maintenance of enterprise database servers and storage area networked arrays. Ardon is an active member with Poulsbo’s Little Norway Toastmasters and Chambers of Commerce for both Silverdale and Bremerton.

For more information, contact Al Ardon at (360) 881-0546; (360) 881-0547 (fax); or by email: al@alfredgardonconsulting.com. Please also visit my website at http://www.alardon.com or my blog at http://alfredgardonconsulting.com.

###

June 16th, 2009 by Al

July to be the “Month of Twitter Bugs”

Security specialist Aviv Raff has nominated this July as the “Month of Twitter Bugs” (MoTB), during which he plans to publish details of one Twitter API-related vulnerability per day. The API allows users to configure, manage and query the status of their own account using http requests. Raff has already reported that it’s possible to exploit the API query to the twitpic.com Twitter image service to spread worms. Strictly speaking, these are not vulnerabilities in the Twitter API, but rather careless or error-strewn implementations of API queries by third parties.

<More here>

Wow, interesting. He claims to have a month’s worth of material. We’ll have to keep an eye on this, since Twitter is so popular..

June 16th, 2009 by Al

System Security Tip #4

Increase the security of your server: Understanding Servers and Administration – Best Practices

Before we talk about this, lets get an understanding of what a server is, what types there are and how this affects you, the business owner.

In a peer topology, a group of workstations are connected via a common network (i.e. wireless or Ethernet) and may interact with each other with productivity applications such as email clients, chat clients or web interfaces. Another common interaction within an office would be file sharing. But, this interaction would yield many copies of the same file, risk corruption, accidental deletion and other headaches. So, a file server may be employed, that controls access rights, modify writes and version control. It acts as a central repository, easily secured and backed up.

This is only one type of server. A server is a special computer designed to serve up applications or other services as well. Some of these are critical to business. Like perhaps accounting software, booking software or customer relationship databases, all which has some impact on your business. When you have a server like this, it is critical you have some plan for it’s security. After all, the data contained represents a multitude of labor, hours that you paid for.

You have to ask yourself, “How would my bottom-line be affected if this server went down and what affect would there be on the people I employ?”

Large enterprise computing architects design with this in mind and plan as well for their ongoing support, maintenance and security. They design a safe, clean environment complete with alternate power and cooling. Also taking into account, their physical security by monitoring who has physical access to the server. This is important. As soon as you have at least 2 people working on a server, that work represents time and effort bought and paid for by the company. It should be protected and that protection begins with employing good physical security and a good Server Administrator.

A good Administrator knows their system and is proficient with the specific techniques necessary to protecting your IT investment. They are self-starters, wary and on the lookout for threats and should be looked at as “advisors” but they in turn should be well versed in your business operations, not only diligently spending your money. They should take into account your business goals and objectives while making suggestions on future technology investments.

Absolutely critical in server security is having a checklist to ensure your security goals are being met.

For Example:

√ Verify the Administrator account has a strong password

√ Disable unnecessary services

√ Disable the Guest account

√ Enact an account lock-out policy

These are only a few of the many a good System Administrator employs. They are your first line of defense and aid in reducing serious risk to your data. They should be viewed as advisors that will aid in helping you understand the risk and threats, while possessing strong traits that helps them understand your business goals and objectives.

It should be noted, that assessments are an ongoing process. Because threats to your computing environment exist and persist unceasingly, having a strategy that deals with this is in your best interest. A strategy that includes “Monitors and Alerts” will help your Administrator focus on the greatest threats and is why strong support services are vital to your server security.

June 15th, 2009 by Al

Firefox 3.0.11 closes critical holes

The release of Firefox 3.0.11 has eliminated eleven vulnerabilities in 3.0.10, with four of the vulnerabilities classified as critical out of the nine problems listed in the security advisory. One of the critical issues in the advisory actually covers three issues which can at least crash the browser and could allow for arbitrary code to be executed. The developers, to be on the safe side in such cases, classify the set as a critical vulnerability.  ~ The H Security

If you’re running this version, you should get updated as soon as possible. Anytime an exploit allows arbitrary code execution it’s a very bad situation. It allows others to use your PC for a variety of reasons, perhaps as an agent, or worse, to harvest your sensitive data.

For example:

The example listed in the Bugzilla report shows how PayPal cookies could be stolen.  ~ The H Security

<You can read more here>

June 14th, 2009 by Al

System Security Tip #3

Increase the security of your computer’s Information: Understanding Cyber Threats

Cyber threats to a control system refer to persons who attempt unauthorized access to a control system device and/or network using a data communications pathway. This access can be directed from within an organization by trusted users or from remote locations by unknown persons using the Internet. ~ US – Cert

Connectivity has become a way of life for most of us, and I must admit I am just as guilty of complacency in recognizing the reality cyber threats. Most of us are mobile, taking our laptops everywhere we go. This presents some risk to our computer security when operating in the field, most especially on wireless networks where you can’t control the security.

But some may say, “But I don’t have anything of value on my PC..” True perhaps, but that won’t stop someone from exploiting a vulnerability in order to use your PC as an agent for some other ill-manner use, often illegal.

Today, I ran some checks using utilities that test the system for known exploits and was surprised to learn that there were some issues to address. It’s true, contrary to what Apple has boasted on TV, Mac OSX has some security issues. Luckily, my system is up-to-date with it’s patches so the issues were small and easy to fix.

The Tip here is that you should be familiar with your operating system and utilities enough that it allows you to close connections you don’t need or use. I know Windows includes firewall software as does Mac OSX in the operating system. Get to know it, make sure it’s configured correctly and if you don’t know or want to know, hire someone to help you. It’s that important.

Stay tuned for the next installment of my System Security Tips.

June 14th, 2009 by Al

System Security Tip #2

Increase the security of your computer’s Information: File Encryption

An increasingly popular security measure now is file based encryption. Depending on the OS, it can be simple to set up. My MacBook Pro is equipped with “FileVault” and it works by encrypting the home directory and does so on the fly.

A couple of things to remember:

•    The files are encrypted using your login password
•    If you forget your login password and don’t know the master password, your data is history.

I bring these to mind because most often, the user is also the administrator.

File based encryption is viable option for protecting your data, so it’s worth looking into. Adding this to the 3 Steps in the previous blog will greatly improve computer data security.

June 13th, 2009 by Al

System Security Tip #1

Increase the security of your computer’s data: 3 Easy Steps

• Require any user of your computer to log in. It will persuade them to log in to use the computer and prevents tampering in your personal account. Always a good practice.
• Use strong, secure passwords. Avoid using simplistic passwords. They are easily guessed. A good practice is 7 characters minimum, mixing upper/lower case and numerals.
• Secure your computer when idle. 2 common ways are locking screen savers and having your computer logs you out automatically.

These aren’t exactly rocket science but serve as a basis for good practical system security, especially when the system is not in a physically secure environment.

Bonus Step!

• Reduce the use of the Administrator accounts and the Root user. Make sure to create a basic user not the adminstrator or containing those privileges. Limit the number of accounts with administrator or superuser privileges.

You can see here that it doesn’t take much to get a good start on your systems security. But it does require diligence on your part. By getting to know your computer’s operating system you can certainly improve your condition and progress towards securing your data.

June 13th, 2009 by Al

I’ve been spending some time making changes to the color scheme for my blog. I was able to bring over the colors used on my website. Here’s how I did it:

1. Printed the stylesheet.css file – All the colors are listed in this file in hexidecimal values. <Tip #1 to find the color the value represents, go to: <hyper>gURL for a handy lookup tool.
2. In the stylesheet, carefully locate the variable that holds the hex value for the color. For a non-web programmer like me, I associate the colors I looked up with the colors on the site. It’s slow but it works.

After that, I worked on my eNewsletter that will be going out next week. The color theme flows to that as well.

I think what I like the most, is that this stuff is fun. It’s suppose to be. To see the comparison, check out my website here.

June 10th, 2009 by Al

Here’s a larger picture of my logo designed by Jennergy. I’m very pleased with it.

They also designed the splash page for me and you can see it at:  Al Ardon’s IT Strategies

Appreciate any feedback you can give me.

Thanks,