The ‘Service level Agreement’

Sadly I don’t have a ‘Service level Agreement’ with anyone. The reason being my business model is so crazy diverse it’s nearly impossible to encompass. Quite literally I seem to support everything 24/7/365 and if I can’t support it I’ll find you someone that can. If nothing ever breaks in your office/company I consider that darn near perfect, I want all my clients to NOT have problems. I really don’t like the companies that thrive on IT misery by billing a fortune for constantly fixing ‘something’ but never any ‘smooth sailing’.

I know that sounds a little weird but IT infrastructure is now printers, cabling, servers (real & virtual), cloud, phones, watches, tablets, copiers, routers, WiFi, email, VPN, RDP and that doesn’t even cover security systems, cameras, cars (yup.. I’ve clients that get Email/Teams/Zoom in their car). A few of my 3 & 4 letter agency clients have me doing towers, encryption, forensics and the occasional ‘white hack’. I can’t fix your fridge remotely but if it needs to connect to the internet to order your milk for the morning coffee, that’s part of my job if you say it is.

Thus.. I will pretty much do anything and everything to the best of my ability as soon as I possibly can or find you someone that will/can. All this for $100/hour (honestly I really need to revisit my rates.. it hasn’t change in nearly 10 years when gas was $0.80/liter) plus one-way travel time (no mileage) if I’m not already planning on being in your area.

How’s that for a ‘Service Agreement’?

SBS 2011 goes bye-bye

Alas Microsoft is in the process of ending the 2008R2 server and Exchange 2010 from regular support and updates (limited support until 2020 but only critical security patches).  This means all those companies that have one of these awesome beasties will need an upgrade in 2017 or 2018 (or risk some serious problems).

So what’s the plan?  The plan is head to 2016 and opening your wallet.  There is no more cheap ride on SBS (it’s dead) so you need 2 servers and purchase a full Exchange.  At this point the best in-house option is a powerful CPU & loads of memory and run the Exchange on a VM.  It’ll cost about $4000 in software/licensing alone for 10 users including the base Server software.

If that makes you cringe you can host the Exchange with a partner of mine (HostedBizz) and get a Canada-only cloud at $10/month/user and I will still keep it running normally.  Unlimited mailbox size and good old Exchange so your phone will be happy and no SSL for you to mess with (saves $100/year).

If you need a quote on the hardware for this I’ll get you something current but your looking at an i7 hex-core with 32GB RAM, 2x SSD and 2x 2TB HDD.  Some extra cheap extra bits will help (like a network card for the VMs and some new 4TB USB backup drives).  The server is ‘cheap’ it’s the software that’ll hurt this time.  I have UNIX alternatives (like Zentyal) but the maintenance will eat your savings.

For the accountants out there the cloud services offer a better tax advantage @ $10/month/user the on-premises solution of Exchange 2016 with be $1500 & $150/user and about a 5 year lifespan making the ROI and easy calculation (remember software has a smaller/longer write off spread over time but is cheaper in real $).

Call/Email me if you have questions

‘BadTunnel’ a gateway to hell

PhoneMicrosoft has a bounty program, which pays if you find a bug and explain why it’s a bug (or exploit).  They pay upto $50,000 USD for the information.  Yang Yu, founder of Tencent’s Xuanwu Lab has made previous successful bounty claims as well but this one is a whopper.  It affects every version of Windows back to Windows 95 (no patches coming for those old OS either).

The flaw, which he’s called BadTunnel, exposes local area networks to cross-network NetBIOS Name Service spoofing. An attacker can remotely attack a firewall- or NAT-protected LAN and steal network traffic or spoof a network print or file server.

“In combination with other system mechanisms, it can hijack the network traffic, and even run any program,” Yang said.  The flaw was addressed recently by Microsoft in security bulletin MS16-077 and in CVE-2016-3213.

“To successfully implement a BadTunnel attack, [you] just need the victim to open a URL (with Internet Explorer or Edge), or open a file (an Office document), or plug in a USB memory stick,” Yang said. “[You] even may not need the victim to do anything when the victim is a web server.”

The key is the apparent predictability of a NetBios Name Service transaction ID, which an attacker can abuse by getting the victim to visit a URL hosting an exploit or open an exploited document. The victim’s machine will trust the attacker and they will be able to hijack traffic or force the victim to visit malicious sites.

Windows admins are advised to patch at once, or block UDP port 137.

Microsoft rolls out Skype?

On June 27th 2012 Microsoft accidentally put Skype into thier ‘Important’ updates for the WSUS.  What happened was that millions of users got Skype installed on thier desktop without consent and let’s face.. not really needing it.

The update was ‘expired’ once the error was discovered but the fact it happened at all is rather disconcerting.  Not only was the program installed without user approval (being it was misclassified) but it makes this vector of program installation much more suspect.

The long and short is; if you suddenly have Skype on your desktop you can uninstall it.  It was a Microsoft error that put it there and with luck it will not happen again.

Virus hits 600,000 Macs (so far)

For a couple of months Apple has been aware of some malware called ‘Mac Flashback’ and a resounding failure to do anything about it has cause and estimated (so far) 600,000 viral infections on Mac.  Thus the arguement finally ends, and rest assured this isn’t the first virus it’s just the first that cannot be swept under the rug.

So the time has come and you’ll need to check your computer for a bug, and unlike the well versed PC market it won’t be easy.  Then you’ll have to get a some real protection because what comes with the computer isn’t sufficient (obviously).  Steve Jobs is dead, Mac can get viruses and solution isn’t easy or pretty; welcome to the real world.

Read more: http://www.foxnews.com/scitech/2012/04/06/how-to-protect-your-mac-against-malware/#ixzz1rHktiW5X

Server Migration

The web server (and backup mail) is moving from the old DDS (fractional dedicated server) to a newer ‘virutal’ server located in the ‘cloud’.  The advantages are it’s a little more reliable but mostly it cleans up years of alterations and upgrades and it’s far more expandable.

Dec 14th – The old server dies tonight at 9pm, everything I could find to move I moved and it’s been off for a few days and no complaints, one can only hope it all migrated properly.  The new server is faster and MUCH cleaner.  If you have any issues or problem don’t hesitate to call.

Upgrading on the Cheap

As you may remember the system requirement from XP to Vista meant you had to buy a new machine and be prepared for it to actually perform worse than your older XP computer.  Luckily Windows 7 gained some performance back but with the 64bit version you can upgrade easily and efficiently for less than $400 (not including software).

Windows 7 likes more memory and 4GB will fit in most older machines also with the 64bit version the old memory limit disappears.  Thanks to dropping prices, $100 will buy you 4GB of memory and if your motherboard can handle it 8GB is less than $200. For example: NCIX 4GB DDR2 Memory

The next big performance jump is an SSD (Solid State Drive).  For about $250 you have a very fast 120GB drive (use as the OS Drive) and can use your old drive as the data drive (makes migration really easy).  SSD read much faster than the older mechanical drives but write speeds are about the same, this makes booting and loading programs very quick.  Here’s a few examples of SSD: NCIX Solid State Drives

Lastly you need the new operating system, Windows 7 Professional 64bit.  If you are buying a drive I suggest you get the OEM version and save a good deal of money ($160 vs. $325 but you need a storage device purchase to qualify).  The ‘Home’ version lacks the domain abilities, no point in getting 32bit and Ultimate is over priced.  Some examples: NCIX Microsoft Operating Systems

The actual upgrade process is about 2 hours and you’ll have a dual-booting system (BIOS selectable) and be mildly stunned how much faster it is.  Consider getting MS Office 2010 Home & Business if you’re still using a 2003 version of Office, it’s worth the upgrade and you get 2 license for about $300.

Windows 7 Service Pack 1 (SP1) Released

Microsoft released the first official service pack for Windows 7 today. This is an important update that includes previously released security, performance, and stability updates for Windows 7. SP1 also includes new improvements to features and services in Windows 7, such as improved reliability when connecting to HDMI audio devices, printing using the XPS Viewer, and restoring previous folders in Windows Explorer after restarting.

What will this update bring?  No idea at this time as the realease information from Microsoft is at best sketchy.  I’ll post an update later when the votes are in and the re-formats have begun (let’s hope not).