CTO Tech Blog

Deciding who to call when you have a computer or network problem can be a very difficult task.  Labour rates are probably one of the biggest factors, but certainly not the only factor.  How do you know that the person you’re calling has the knowledge to correct the issue properly?  Many people admit to knowing very little about computers, so they can easily be impressed by anyone who knows more than they do.  So the question is: What criteria can an average person use to determine the skill level of a given company or technician?

The computer industry has many certification standards with varying levels of value to different types of clients and businesses.  The first widely received and respected certification in the industry was Novel’s Certified NetWare Engineer (CNE) certification.  Probably the most well known today is Microsoft’s Certified System Engineer (MCSE) certification which focuses on Microsoft server software.  Both of these certifications test knowledge on specific operating system functional knowledge and configuration techniques, but both lack the ability to test real world troubleshooting ability, communication skills, experience, and basic computer and network knowledge.  In the late 1990’s with the dot com boom and growth of IT, the industry became flooded with people who were referred to as “paper CNE’s”.  This term referred to people who were good at writing tests and absorbing book knowledge, but who ultimately did not have the necessary skills to support computer systems and networks.  As a result both of the above mentioned certifications lost a great deal of credibility.  In addition to this trend, many software and hardware manufacturers started to look at their certification programs as profit centers instead of break even service programs.  The Computer Technology Industry Association (CompTIA) saw the gap between  the manufacturer specific certifications and created the A+ certification to test basic knowledge, communication and troubleshooting skills, and has since added a number of other more focused certifications in areas such as networking, servers and security to name a few.

While certifications do have some value for someone looking to find assistance, there are better measures available.   Reputation is probably the best test of a person or company’s skills.  If someone is recommended by a trusted source with firsthand knowledge of someone’s abilities, then a foundation of trust has been offered.  Experience, while sometimes misleading, shows that a person has been able to stay relevant in a changing and challenging industry.   A company with a varied technical team and a culture that promotes collaboration will offer the combined experience of the team which enhances their ability to address a wider range of technology challenges.  Communication is also an important quality.  The most important step in troubleshooting a problem is understanding what the problem is.  You should feel comfortable that the person you are dealing with has taken the time to fully understand what the issue is that they have been asked to address.  Computers are complex devices with many variables that can affect how software, hardware, and humans interact.  Unforeseen problems will arise regardless of a technician’s skills and experience, so it is important to know how these problems will be addressed as well.

There are always exceptions and exceptional people so these are merely guidelines to help put you on the right path.  Everyone’s specific needs are also different so there is no one company or person that would be considered the best or “guru” in all cases.  Select someone who you feel will meet your needs, but don’t be afraid to change if they are not a good fit.

One of my earliest blogs was about security and I made a point of deterring people from going to web sites other than the big name, well known sites.  I was a little surprised that I didn’t get many emails telling me that I was being overcautious.  I did get one message pointing out that a large part of the value of surfing the net is finding new sites with new information.  I agree.  Is that contradictory?

I’m guilty of doing exactly what I said shouldn’t be done.  When I search for information I frequently click on links to sites that I’ve never been to belonging to companies I’ve never heard of.  I’m not immune to malware, but I do have a few tricks and tools up my sleeve to help make sure I’m protected.  The first and most important tool is education.  I’ve spent a great deal of time since I started this career learning about the methods that hackers use to attack computers.  This knowledge has helped me to develop habits that make me a less likely target for hackers.  While I believe that nothing will completely protect someone from malware and security breaches, I’ll share some tricks and tips that will certainly help.

First of all, any computer connected to the Internet should be fully patched and protected by firewalls.  Yes, that was plural.  Data travels between computers and the Internet in two directions.  Home and small business routers by default block all traffic coming in, but allow all traffic outbound.  They can typically be changed to block all but the necessary outbound traffic, but this requires quite a bit of knowledge and management to implement and maintain.  For outbound traffic I recommend a personal firewall such as the firewall built into recent versions of Microsoft Windows.  This firewall will typically prompt you if a port or program is blocked so that you can consent to allowing access.  If you don’t know what’s asking for access it’s best to say no.  My experience is mainly with Microsoft products, but patching applies to every operating system available today.  For Microsoft Windows, I recommend turning on automatic updates and checking to make sure that updates have been applied at least once a month.   Of course all computers should have up to date antivirus software installed as well.

Once you have this basic protection in place you’re ready to open a web browser.  If you’re searching for information there are many search engines available.  I like Google, but feel that it’s a personal preference, not because of any technological advantage.  When you get your results, look at the URL that is linked.  Most North American domains have a .com, .net, .org or .ca although there are some other new ones gaining popularity.  Phishing and hacking sites are often hosted in countries where law enforcement is not as likely to catch them, so unless you’re looking for something specifically in China, avoid domains ending with .cn for example.  Once you’ve clicked the link, if you see a lot of pop-ups or the page is not what you expected; leave.  Close your browser and any pop-ups.  It may already be too late, but there is a chance you’ve been quick enough to avoid a “drive by download”.

The Internet is a wonderful tool, but like anything popular it attracts people who hope to profit from people who don’t know how to protect themselves.  If you leave your purse on your car seat and your windows down, chances are that it will be stolen.  Basic protection will help avoid the majority of threats.

Basic Business Systems entered the internet backup market about four years ago.  At that time most companies relied on magnetic tape to backup their data and home users either didn’t backup at all or just burned important files to CDs on a regular basis.  Our experience has been that tape backups can be very unreliable for a number of reasons.  Probably the biggest problem with tapes is that someone has to put them in the tape drive every day.  We found that in some cases people didn’t realize they should be doing that or just became complacent and eventually forgot about it.  The other big issue was reliability.  Tapes have a finite life and because they have to move to work they and the tape drives are subject to wear and contamination.  Backups should be checked every day to ensure that they were successful and they really should be tested regularly to verify that the data can actually be restored.  On more than one occasion we were called in to help a company that had a drive fail only to find out that their backups were either very old or non-existent.

Internet backups have helped address most of the challenges we faced, but also presented a few new ones of their own.  The first step to simplifying and increasing the reliability of backups was to remove the human factor for our clients.  Internet backups, or remote backups, store the data on a remote server that is always available eliminating the need to change something such as a tape.  By hosting a number of clients on a single server we were able to build in redundancy that would not have been cost effective for any one client.  This meant that there was clearly a need to encrypt the data to protect it from being accessed by someone other than the owner.  Even transporting the data across the Internet would require encryption to protect it from being read while in transit.  Our approach was to set everything up then allow our clients to set their own password to generate the encryption key.  The encryption key was then used at the source to modify the data to an undecipherable state to be transported and stored on the remote server.  In the event that they needed to restore data, the encrypted files would be copied back to the client’s server and unencrypted using the same key.  Although remote backups are substantially more reliable than tape, they are not infallible.  They do have an advantage over many backup solutions in that they can notify someone if there is a problem.  This could be anything from a corrupt file to an internet connection failure.

For most people, the speed of their Internet connection has increased substantially over the past few years.  Even with the new technologies and lower costs it can still take many days to backup an entire file server to the Internet.  It is not difficult to backup the server to a portable hard disk and ship it to the backup host in many cases, but you would still be faced with getting all of that data back locally in the event of a major failure.  My recommendation would be to keep a copy of the server backup in a safe location which can be restored as needed, then updated with current data from the online backup.  For home users, it may make more sense to keep important files like family photos on CDs or DVDs in a safe deposit box and only backup current data to the Internet.  This makes sure that your backup is as current as possible while keeping the cost more manageable.

Even if you feel that Internet backup is not for you, please check your tapes!

When I started working in the computer industry the term “crash” had a very specific meaning that has now come to encompass just about any computer related problem.  Early computer hard disks were large units about the size of a filing cabinet.  Data was stored on 16 inch diameter aluminum platters coated with iron oxide that could be magnetized by spinning them under a recording head.  This head floated on a cushion of air while in use, but a certain amount of vibration or contamination in the air would cause them to touch the platter or “crash”.  Since the outward effect of a head crash is the same as many other computer failures from a user’s point of view the term “crash” has become the defacto standard of description.  There are many other terms that are not as familiar that I’d like to try to shed some light on.

Malware, mentioned in a previous post, is a term that encompasses a group of malicious or unwanted software.  I would think of malware as anything you didn’t mean to install on your computer, but got there anyway.  Malware rarely performs any function that is to the benefit of the user and includes the following:

·         Virus – Describes software that, when run, replicates itself to other locations

·         Worm – Describes software that actively replicates itself over a network

·         Mass mailer – Is software that sends email to large distribution lists often taken from a user’s email program

·         Trojan – Can be found in many forms, but will always entice the user to run it by misleading them.  For example; a user could receive an email with an executable program that is supposed to be a Christmas greeting, but in fact contains a virus

·         Rootkit – Is a set of tools which is installed on a compromised computer and is used by hackers to control it without the permission on the user

·         Back door – Describes a program that allows a hacker to bypass the security on a compromised computer

·         Spyware – Describes any software that collects and transmits information about a user, something a user has typed or their computer usage habits.

·         Hacker – A person who uses malware

In the world of email there are a number of terms used, many of which I spoke of in my blog on spam.  Here are a few common ones:

·         Relaying – Sending mail to someone through a third party to disguise the source

·         Spoofing – The use of someone else’s email address as the “reply to” address

·         Directory harvesting – Many email messages are sent to random addresses to see which ones go through (are valid) and which don’t for the purpose of creating valid email address lists

 These are but a few of the common terms used in computing.  If you’ve heard a term and wonder about its meaning or origin please post a comment.

Have you ever tried to connect to a wireless network and noticed how often you see a network called Linksys or netgear?  Businesses and homes are connecting to the Internet with many devices in addition to computers.  In homes we often see game systems, security systems, and even appliances connecting to transmit grocery lists.  While some newer homes are wired for computer connections throughout, older homes are not which leaves you restricted to where and what you can connect.  The most common solution to this problem is the addition of a wireless access point (WAP) or wireless router.  These devices are easy to install and can be up and running with default settings in a matter of a few minutes.  Unfortunately the default settings on these devices are well known and have no security.  Without security on a WAP any user can connect and use your network.  This is commonly referred to as hijacking.  While you may not see any immediate harm in this, there are risks.  At the very least the hijacker could use your connection do download from the Internet, possibly causing excess usage charges being levied against the owner.  At the more extreme end of the spectrum, the hijacker could possibly access personal information stored on other computers in the network or use the connection for illegal activity that could leave the network owner liable in some manner.

All of these devices do have a number of security features available that simply need to be turned on and configured.  With a little understanding of some of the features and terminology anyone can close the security holes to help thwart would be hijackers.  The first step in securing a wireless device is to set a password on the admin account that is difficult to guess without being so complex that the owner can’t access it.  Now that only the owner of the device can access the configuration you can change some settings for how devices can connect and even restrict what devices can connect.  When you first try to connect to a wireless network you see a name (or in many cases a list of network names in your area) which is called the service set identifier or SSID.  Typically you would set this to something more descriptive of the network so that it is clear to people looking for it.  Changing the SSID is similar to painting your house.  It personalizes it, but doesn’t effectively change its function.  To add security you can actually tell the WAP not to broadcast the SSID, which means that people looking for wireless networks will not see this one.  The next step is to add wireless security in the form of an access password and/or encryption.  You will probably see a number of security options such as WEP and WPA listed in your device and a number of options within each of these.  Wired equivalent privacy (WEP) was the original standard for wireless security and may have to be used if there are older devices connecting that don’t support newer standards.  A better option, if it is supported by all devices that you want to use wireless, is Wi-fi protected access (WPA or WPA2).  This newer standard is more secure without adding complexity.  Detailed explanations of each of the options within the encryption families is beyond the scope of this blog, but suffice it to say that any setting on the WAP must match a setting on the device that is connecting.  One further layer of security is MAC authentication.  Media access control (MAC) addresses are distinct numbers assigned to any device that can connect to a network.  MAC authentication allows a WAP to keep a list of MAC addresses that it will allow to connect to itself.  You typically need to manually enter the address of each device that connects on the WAP in addition to any other security settings you have implemented.

The best security settings for wireless networks would mean that a potential hijacker would have to know your SSID, your encryption scheme, the security passphrase or key, and have the ability to determine and spoof (the computer term for forgery) an authorized MAC address.