Technology Meeting Place

Types of Disasters to Plan For

Webmaster — Wed, 25 Aug 2010 15:59:32 -0600

Functional disaster recovery and business continuity plans are created based on best practices and standards. The complete disaster recovery and business continuity planning process is based on a risk assessment which address the three types of disasters that IT functions face:

Weather
Facility
Technology
Political (terrorist)
Enviromental (pandemic)

Disaster Planning for Datacenters

Webmaster — Wed, 18 Aug 2010 09:33:05 -0600

Business continuity is vital to business success. It can no longer remain the concern of the IT department alone. How do you determine the continuity and recovery requirements of your business to protect against a disaster? How do you identify and integrate critical business and IT priorities into a comprehensive continuity program? Where do you start?

Janco's data center disaster recovery plan for business continuity includes:

Identification of the business units and operational objectives.
Identify & inventory and rank assets based on criticality to the business objectives.
Rank the threats that pose risks to the critical assets.
Identify the severity of vulnerabilities in the critical assets.
Prioritize risks by focusing on assets affected by credible disaster threats and existing vulnerabilities.
Develop strategies that minimize risk of disaster and maximize ROI.

Janco's Disaster Recovery Business Continuity Template directs you in creating data center disaster recovery plans and providing cost estimates to adapt your facility and technology resources for continuous availability:

Backup and recovery options for your multi-vendor information technology.
Internal and external disaster recovery site options.
Recoverability of your critical infrastructure.
Protection of your critical business processes.

IE 9 to be released soon

Webmaster — Wed, 18 Aug 2010 09:32:44 -0600

Microsoft announced that it will release a public beta of Internet Explorer 9 on Sept. 15, a little less than five weeks from now.

Only a minority of Windows users will be able to try the beta, however. IE9 will not work on Windows XP, the aged operating system that powers nearly 68% of all PCs running Windows. The new browser requires either Windows Vista or Windows 7.

Thursday's announcement followed a comment made late last month by Kevin Turner, the company's chief operations officer, that the IE9 beta would show up in September. Until today, Microsoft had declined to set a date or even confirm Turner's statement.

Microsoft first announced IE9 in March, and it has released four developer preview builds since then. The most recent one appeared on Aug. 5, and at that time the company said the fourth such preview would be the last.

Windows 7 offers more security features

Webmaster — Thu, 05 Aug 2010 14:35:52 -0600

New Windows 7 security features are intended for businesses concerned with protecting not just one computer but an entire network. Among the most important new features are DirectAccess, a VPN replacement for computers on Windows networks; the Windows Biometric Framework, which standardizes the way fingerprints are used by scanners and biometric applications; and AppLocker, which improves on previous Windows versions' Software Restriction Policies to limit which software can be run on a machine.

Also key are BitLocker To Go, which extends the full-disk encryption of BitLocker to external hard drives, and a refined procedure for handling multiple firewall profiles so that the level of protection better matches the location from which a user connects to the Internet.

Multiple active firewall profiles

Windows 7 offers a small but incredibly important improvement in its handling of firewall profiles. All versions of Windows 7 allow computers to keep several firewall profiles active at the same time, maintaining the access and functionality of the more trusted network while blocking access via the less trusted network. Since many remote access functions require less restrictive firewall settings, users can now work securely while remaining protected from threats outside of the corporate network.

Windows Biometric Framework

With fingerprint readers becoming more and more common on laptops, establishing a standard for the handling of biometric data has become important. Windows Biometric Framework is a standardized method for storing fingerprint data and accessing it through a common API. Although most of the features of this subsystem are of interest only to developers, there are two important things that businesses should know.

First, while fingerprint scanners could formerly be used to log onto a computer but not to log onto a corporate domain (a corporate network or network subsection), the Windows Biometric Framework allows domain log-in.

Second, users can store up to 10 unique fingerprints, one for each finger. While most of us probably don't expect to lose a finger anytime soon, having all 10 fingers enrolled in the system is a good precaution in case of lesser injuries. A cooking accident or a hand caught in a door can easily modify a finger enough that it won't register correctly with a fingerprint reader, and you don't want a user to be barred access to his computer while he heals.

BitLocker To Go

BitLocker To Go extends the same protection to even more easily lost external drives, including pocket-size hard drives and tiny flash drives. Encrypt removable drives, such as external hard drives and USB thumb drives, with Windows 7's new BitLocker To Go.

Available in Windows 7 Enterprise and Ultimate editions, BitLocker To Go is simple to use: Right-click an external drive in Explorer and select "Turn on BitLocker" to open a wizard that will walk you through encrypting the drive, wait a while for the process to run, and you're done. The wait depends on the speed of your computer and drives, but expect the initial encryption to take 20 minutes for a 2GB flash drive and up to a full workday for 500GB and larger external hard drives.

BitLocker To Go drives can be decrypted using a user-selected password and/or, in businesses that use them, a smart card for multifactor authentication.

Encrypted removable drives can be created only on Enterprise and Ultimate editions of Windows 7, but once you've created one, you can read from and write to it from any Windows 7 computer. You can also install a reader application on the encrypted drive that allows read-only access from Vista and XP computers.

AppLocker

AppLocker, available for Windows 7 Enterprise and Ultimate (as well as Windows Server 2008 R2), adds a new, more flexible method of controlling software: publisher rules. Publisher rules rely on information in a program's signature certificate, which more and more applications have today.

This information is far more detailed than the file path or hash data, which lets admins create complex rules such as allowing software only from a particular publisher, with a particular name, with a specific file name and/or of a particular version to be run. For example, a rule could be created to allow anything from Adobe to be run, or only Photoshop, or only the current and future versions of Photoshop.

AppLocker rules can be applied to any executable, script, installer or system library, giving users enough latitude to, say, install needed software or updates without an administrative override, while still preventing them from using unauthorized software.

DirectAccess

Billed by Microsoft as a "next-generation" replacement for VPNs, DirectAccess allows Windows 7 Enterprise and Ultimate users to connect directly to Windows 2008 R2 and future servers. Whereas users generally have to initiate VPN connections, DirectAccess is completely transparent for end users: When the computer connects to the Internet, DirectAccess automatically creates a secure connection to the corporate network without any action on the user's part, and automatically routes requests to the internal network through that connection.

DirectAccess offers improvements over traditional VPNs beyond the automatic connection. First of all, it uses IPsec and IPv6 Internet protocols to encrypt and route the connection from end to end. Where VPN encryption is stripped at the VPN server, DirectAccess can remain encrypted all the way to and from the application server inside the corporate network. (DirectAccess supports a number of other protocols to create tunnels for this traffic across networks that do not support IPv6 or IPsec yet.)

For businesses, Windows 7 allows a partnership of sorts to be established between the security-savvy IT department and the end user, letting employees get to work while security policies are applied and updated from the network. What all of these entire features share is a commitment to ease of use that does not come at the expense of real security, showing a Microsoft that seems to have finally recognized that the two are not necessarily incompatible.

Disaster Recovery Plan versus Business Continuity Plan

Webmaster — Sat, 24 Jul 2010 13:44:19 -0600

Both the disaster recovery and the business continuity plan covers how employees will communicate, where they will go and how they will keep doing their jobs. The details can vary greatly, depending on the size and scope of a company and the way it does business. For some businesses, issues such as supply chain logistics are most crucial and are the focus on the plan. For others, information technology may play a more pivotal role, and the BC/DR plan may have more of a focus on systems recovery.

The critical point is that neither disaster recovery nor business continuity issues can be ignored. These IT and human resources plans cannot be developed in isolation from each other. The core of disaster recovery and business continuity is about constant communication. Business leaders and IT leaders should work together to determine what kind of plan is necessary and which systems and business units are most crucial to the company. Together, they should decide which people are responsible for declaring a disruptive event and mitigating its effects. Most importantly, the plan should establish a process for locating and communicating with employees after such an event. In a catastrophic event (Hurricane Katrina being a relatively recent example), the plan will also need to take into account that many of those employees will have more pressing concerns than getting back to work.

Microsoft improves security

Webmaster — Wed, 21 Jul 2010 11:45:12 -0600

Microsoft Corp. released an automated tool to stymie exploits of a critical unpatched Windows vulnerability that experts fear will soon be used by hackers against the general PC population. This will improve security for many users.

However, the tool, like a manual procedure that Microsoft recommended last week, is only a makeshift defense, one that many users may resist applying, since it makes much of the Windows system, including the desktop, taskbar and Start menu, almost unusable.

The company posted a "Fix It" tool on its support site that automatically disables the displaying of all Windows shortcut files. Microsoft stepped users through the same technique last week in its initial security advisory, but at that time it told them that they had to edit the Windows registry. Most Windows users are reluctant to monkey with the registry, since a single error can cripple a computer.

Microsoft's single-click Fix It tool simply automates that process. Users must reboot their machines after applying the work-around, but IT administrators can configure the tool to install it while users are out of the office or not at their PCs.

The company admitted that applying the Fix It or the registry-editing work-around would "impact usability" of the machine, since both transform the usual graphical icons on the desktop and elsewhere into generic white icons, making it impossible to tell at a glance which represents say, Internet Explorer, and which stands for Microsoft Word.

Disaster recovery plans depend on working backups

Webmaster — Tue, 13 Jul 2010 01:32:08 -0600

Disaster recovery plans are impacted by data encryption. Encryption continues to be the topic on every CIO and IT person's lips nowadays. No one wants to end up in the news as the next victim of a privacy breach or the next company that did not protect its customers' information. If you conduct a news search using the words personal data breach, you will be alarmed at the number of instances where personal information such as social security and credit-card numbers have been exposed to possible theft. In a recent breach, a state government site allowed access to hundreds of thousands of records, including names, addresses, social security numbers and documents with signatures.

Whether it is government agencies, research facilities, banking institutions, credit card processing companies, hospitalsor your company's computers the risk of compromising private information is very high. The relationship business has with technology. -- business relies so heavily on technology today, business risk becomes technology dependent. The possibility of litigation is part of business. It has always been a risk of doing business, but because technology and today's business are so intertwined, business risk has a higher threat level. This has prompted many to encrypt workstations and mobile computers in order to protect critical business data.

If you have rolled out encryption, how do you maintain your IT service quality when the hard disk drive fails? How do you plan and prepare for a data loss when the users computer is encrypted? These are all issues that should be considered when putting together a data disaster plan. In addition, data recovery, one of the more common missing elements of a disaster recovery plan, should also be factored in because it can serve as the "Hail Mary" attempt when all other options have been exhausted.

IT organizations of all sizes contend with a growing data footprint with more data to manage, protect, and preserve for longer periods of time. Online primary storage, has focus a on fast low latency, reliable access to data while near-line secondary storage has a focus on low cost and high capacity. Long-term data retention requires a combination of ultra-low cost, good performance during storage and retrieval, and reduced footprint in terms of power, cooling, floor-space and economics (PCFE) - also known as a small green footprint - for inactive data.

Firefox market share at IE expense

Webmaster — Thu, 08 Jul 2010 09:58:26 -0600

During the past five years Mozilla Firefox has quietly carved out a nice little niche as an alternative to Microsoft's Internet Explorer, but Google Chrome is starting to steal some of its thunder.

Firefox's share of usage in the Web browser market peaked at 24.7% in November 2009. Since then it has dropped back. It was at 23.8% in June, according to NetApplications and reported by The Wall Street Journal.

The primary culprit behind the Firefox dip is the other alternative browser - Google Chrome. The Internet search giant launched its Chrome at the end of 2008 and it has been on a steady climb ever since. Chrome reached global market share of 7.24% in June, and it has taken that market share at the expense of both IE and Firefox.

Improving productivity with your PC

Webmaster — Sat, 19 Jun 2010 08:15:28 -0600

Improving your productivity with a PC requires that you know the following short cuts.

CTRL + C will copy text after it has been highlighted.
CTRL + V will paste text that you have copied.
CRTL + Z will undo any change that you have done.
CTRL + ESC will bring up the Start Menu.
SHIFT + F3 will turn all capitalized text into lowercase.
SHIFT + DELETE will delete an item immediately without placing it in the Recycle Bin.
ALT + TAB will bring up a Window with a list of icons representing programs which are currently running on your computer. While holding the
ALT key, press and depress the TAB button to cycle between each icon task.
ALT + ESC will switch to the next task running on your computer. Hold down the ALT before pressing and depressing the ESC key to cycle to the next task.
CTRL + ALT + DELETE will bring up Task Manager and allow you to end a process (terminate a program) if it has crashed or has stopped responding. Select the process which has stopped responding, and then press "END PROCESS''.
SHIFT + INSERT will paste any text that is in your clipboard.
Your cursor must also be placed in an area that will accept keyboard input for this to work.

Disaster plans need to be reviewed

Webmaster — Fri, 18 Jun 2010 11:51:55 -0600

In response to the growing scope and complexity of crisis situations, communication and emergency notifi cation technology has evolved to meet the changing needs of emergency response. Emergency notification technology has become more sophisticated, moving from simple, one-way broadcast notifi cation capabilities to automated intelligent notifi cations and true bi-directional communication across multiple channels and devices. Most recently, emergency notification/communication technologies have broadened their focus to include tools that accelerate the resolution of events and enable better collaboration and coordination among crisis response teams.

In order to provide the best protection and safety for employees, constituents and communities, organizations should revisit and update their Disaster Recovery plans to include risk scenarios for new threats. In addition, organizations should seek to automate their disaster recovery plans with the latest technology that enables organizations, schools, local government, as well as multinational corporations to respond quickly and effectively when disaster strikes. Organizations should take advantage of advances in emergency notifi cation and crisis communication tools to ensure that they can locate their people and then move rapidly into managing and resolving the crisis. Preplanning combined with automated, immediate communication capabilities can help ensure that people are safe, informed, engaged and mobilized when an emergency situation arises.