Friday, November 16, 2007

The importance of a good password

How important is a good password? Very. Just think about all the information that is important to you that is protected by a password. Your bank account, your email, and your access to the company network. You would think that people would have very secure passwords right? Wrong. A surprising amount of computer users do not have a GOOD password. What makes up a GOOD password? One that uses letters, numbers, upper and lowercase, symbols (#@%+=), and is longer then 8 characters. At the same time being easy enough for the user to remember to where they don't have to write it down and stick it on their monitor (what's the point of a password at that point?)

For example: 1Hundred+200=300

That is a very secure and GOOD password. It is long. It is very easy to remember. Who can't remember that 100 + 200 = 300 ? The password also has numbers, letters, upper and lowercase, and symbols. Contrary to some people's belief a random password like 1kli883h is not as secure as the example above. For one because it is hard to remember and most users would have to write it down somewhere. Second it is only 8 characters long. An important factor in a password is length. The longer the password the harder it is to crack either with a program or by guessing. If you are the type of person who HAS to put it on a sticky at their desk just put "100 plus 200 equals" and set your password to 1Hundred+200=299. No one is going to guess the wrong answer!

Never ever use your birthday, children's names, your own name, or social security number. All are easy to guess and the last one would be a nightmare if someone was to get ahold of it.

If your company currently does not have a password policy in place then one needs to be put in. There is too much sensitive data for any business small or large to have it out in the open because Danny has a blank password or it is 'danny2007'. If you are a Microsoft shop you can use Group Policy to force complex passwords. Or you can just explain the importance of a GOOD password to users. They need a good password both in the office and for personal computer use.

Tomorrow's blog entry is going to be about the Softchoice LA Roadshow that I attended yesterday. What an awesome event. I wanted to go in a bit of detail about it and outline some product I personally found interesting so I wanted to do it when I had a while to think.

Tuesday, November 13, 2007

Let YouTube help your business

YouTube is very useful and productive if used for the right purposes. Keyword in that sentence is "right". YouTube has become a notorious time waster in every office from California to New York. Plenty of companies have down right blocked it. I say take this service and use it to your businesses advantage. YouTube is more then just something friends and family use to show you goofy clips via email pulling you away from work. There is plenty of quality and FREE content that any role in a small business could use.

For example if you are a small business owner or in charge of marketing you can use YouTube to find segments giving you information about things such as Search Engine Marketing.



Another excellent use of YouTube is if you have access to a laptop and projector you can setup very easy and CHEAP way of keeping your employees up to date on information in your industry. If you provide a free lunch people are willing to stay in to watch streaming video discussing topics that impact their work. Buying a few pizza's or sandwiches to get employees to do a bit of training on their lunch break is a heck of a trade off in the long run. Educated, well trained, and informed employees do better work regardless of where they are at in the company or what industry they are in.

This is a part of YouTube many people forget. A lot of great information can be pulled from it for free. As long as you have speakers and have a decent Internet connection it is like having lectures, keynotes, reviews, and opinions directly in front of you with a few clicks.

Friday, November 9, 2007

What is a rootkit and why you should care to find out

The term 'root kit' to be put simply is used to describe the techniques that spyware and viruses try to hide themselves from programs you would use to remove them (ie Anti Virus software, Adaware, Spybot, etc). There are different types of root kits but not to confuse people too much that is the basic way of explaining it.

Why should you care to find out what a root kit is? If you run a small business with servers or workstations that carry very sensitive information then it is critical. You could have a virus damaging files or keyloggers sending your information out to some person on the Internet without you even knowing it. Even if your anti-virus software and anti spyware is saying your systems are A-OK.

Just to be on the safe side there is a tool you can download along with instructions on how to use it from Microsoft's TechNet community.

RootkitRevealer v1.71

Sunday, November 4, 2007

Spiceworks: Ad-supported asset management, help desk, network monitoring software and much more

Spiceworks is a company based in Austin, Texas that builds management tools for IT professionals.

As described by their own website:

"Your network may be complicated and expensive but your IT management tools don't need to be. Spiceworks IT Desktop is the only application that combines Network Inventory, Help Desk, Reporting, Monitoring and Troubleshooting in a single, easy-to-use interface designed for IT teams in small and medium businesses. Plus, Spiceworks lets you collaborate with IT pros around the world to solve problems, share ideas and decide what additional features you need in Spiceworks."

Obviously that is a little FLUFFY but I do have to agree that it is the only application I have seen that does all this. I have installed, used, and managed hardware in a small sized office using Spiceworks. The software is free to use if you don't mind seeing ads pop up on the right hand side of the browser when you log into the system. Personally I do not mind the ads and have actually found a few good deals for equipment from those ads. For people who do not want to see ads at all you can grab a paid-for version which also allows you to brand Spiceworks with your company logo. This is a great piece of software. I'd recommend it to any information technology consultant or even a full IT department for a larger company. Being able to run reports ranging from who has less then 25% of their HD free to who has what software installed to who has the latest windows updates installed (and everything inbetween). You can even make your own custom reports. I'll go as far to say it is a must have. That does not even include the help desk ticketing, the asset management, and all the customization you can add to it. Or how great the Spiceworks community is when it comes to support issues and asking for new features in the future. The only thing you need is a computer with Windows XP on it, the ability to click next on the installer, and an Internet browser (Internet Explorer or Firefox is what I know it works on). Once it is installed you can connect up to the Spiceworks management system from any machine in the local area network using a web browser. Very handy if Spiceworks is not installed on the machine you sit at.

With all that said there are a few things I have problems with. The first being the scanenr of the network that pulls out the information you want. You can set it to scan the entire network on a set schedule or manually . I recomend to chose the earlier as things change on machines/networks constantly. Spiceworks uses WMI to connect up to machines remotely to query it for information. Which works great about half of the time. Sometimes firewalls and other security settings get in the way, not exactly Spiceworks fault but still a bit of a headache. In their defense if a machine cannot be connected to it will give you a link to troubleshoot how to fix the issue. The second issue has to do with the help desk ticketing. While there is nothing wrong with it technically I do not like the way it is setup and there are many other ticketing systems that work better. In fact when I worked for an engineering firm in IT I did not use any ticketing system for over 200 users in my region. Sometimes it takes more time to fill in and manage the tickets then it does to just walk over to fix the issue. Some companies like this to really see who the problem users are and manage IT hours but to me it is not really worth it. Pretty much the Spiceworks ticketing system is more like an email system. Anyone can open up an internet browser and fill out a ticket then an email will be generated to the person who set it up.

Overall this is a heck of a piece of software especially for free. If you don't want ads but do not want to pay the small price they ask for you can always block Doubleclick at your firewall, neat little trick I figured out. It doesn't block all ads but 80% of them in Spiceworks.

Spiceworks official website