G.I Computer Innovations | Sunbury PC Support and Maintenance | Server Install Tech Support | Web Design Hosting http://www.gici.com.au PC Maintenance Support | Website Creatation | G.I Computer Innovations Mon, 14 Dec 2015 01:43:58 +0000 en-AU hourly 1 THINK BEFORE YOU CLICK! http://www.gici.com.au/think-click/ Wed, 11 Feb 2015 02:57:06 +0000 http://www.gici.com.au/?p=1673 I wrote this post last week, but never actually posted it – work got busy and the blog is a low priority task. I wish I’d found time back then, because we just heard of another customer who has been hit by this extremely nasty malware – over 7,000 files encrypted before the user turned […]

The post THINK BEFORE YOU CLICK! appeared first on G.I Computer Innovations | Sunbury PC Support and Maintenance | Server Install Tech Support | Web Design Hosting.

]]>
I wrote this post last week, but never actually posted it – work got busy and the blog is a low priority task. I wish I’d found time back then, because we just heard of another customer who has been hit by this extremely nasty malware – over 7,000 files encrypted before the user turned off his computer. Fortunately there were recent backups of the affected files.

So, feeling like I’m shutting the stable door after the horse has bolted, here’s the post:

THINK BEFORE YOU CLICK!
You might have heard of “Ransomware”, but even if you haven’t you probably will at some point. Ransomware is the name given to an increasingly popular, and nasty form of software being spread around the Internet.

What is It?
As its name suggests, Ransomeware is software that finds a way to hold your computer, or at least your data up for ransom. If you don’t pay the hacker the ransom they’ve demanded, then you lose your data, or even access to your entire computer system.

How does it work?
Unlike viruses which usually find a way to get running on your computer without asking your permission, most Ransomware works by getting you to deliberately run the ‘’bad’ program.
It does this in a few ways, for example, a common scam is that you receive a call from someone who claims to be from Microsoft. They tell you that there is some problem with your computer, and that they need to have remote access to it. They ask you to go to some website and click a couple of buttons to install their software. And then you find out that you can’t logon to your computer anymore because the data on the hard drive has been encrypted using a secret code that you’ll have to pay the bad guys to get.
Another scenario – and this is becoming VERY COMMON IN AUSTRALIA – is that you get an email which looks it’s from Australia Post, or some other reputable source (even the NSW Office of State Treasury has been used.) In the email, you have to open a ZIP file in order to read a PDF that inside it. Instead what happens is a program runs which encrypts all kinds of files on your entire network. Then an ominous message appears on your screen:

 

CryptoLocker

They’re not kidding, your files ARE encrypted, the chances of recovering them is extremely small, and even if you paid the ransom, who’s to say they’ll actually recover the data for you once they’ve got your money? By the way – they’re frequently looking for payments north of $700 these days.
I think you get the message – you really do NOT want to invite this software to run on your computer.

What can you do?
Check the email sender is legitimate.
You must be very vigilant – in particular do NOT run software that arrives in emails unless you are very, very sure it’s OK. Even then, I probably wouldn’t do it.
Keep backups of your data – and make sure that the backup data isn’t just sitting unprotected on your network – Cryptolocker in particular will encrypt all the data it can see on network shares.
Make sure your anti-virus software is up-to-date (but be aware that may not protect you from programs you actually run deliberately)
If you’d like to test yourself, try this ‘Phishing IQ Test’: http://www.sonicwall.com/furl/phishing/
and see how good YOU are at spotting fake emails.

The post THINK BEFORE YOU CLICK! appeared first on G.I Computer Innovations | Sunbury PC Support and Maintenance | Server Install Tech Support | Web Design Hosting.

]]>
eBay Security Breach – What should I do? http://www.gici.com.au/ebay-security-breach/ Thu, 22 May 2014 02:39:06 +0000 http://www.gici.com.au/?p=1600 The popular online auctioneer eBay has suffered a very serious security breach, and as a result is recommending that users change their passwords. eBay have a blog post about the breach: https://blog.ebay.com/ebay-inc-ask-ebay-users-change-passwords/ Apparently hackers managed to gain access to eBay’s systems via a ‘small number’ of employee credentials. The data was hacked sometime between late February […]

The post eBay Security Breach – What should I do? appeared first on G.I Computer Innovations | Sunbury PC Support and Maintenance | Server Install Tech Support | Web Design Hosting.

]]>
The popular online auctioneer eBay has suffered a very serious security breach, and as a result is recommending that users change their passwords.

eBay have a blog post about the breach: https://blog.ebay.com/ebay-inc-ask-ebay-users-change-passwords/

Apparently hackers managed to gain access to eBay’s systems via a ‘small number’ of employee credentials. The data was hacked sometime between late February and early March, and the data stolen included “customers’ name, encrypted password, email address, physical address, phone number and date of birth.” According to the eBay blog post, no financial data was compromised, and there is no evidence that any PayPal data was accessed. PayPal runs on a separate network and all PayPal financial information is encrypted.

The eBay passwords that were compromised were encrypted, meaning that the hackers still have to find a way to crack the encryption before they can make use of the passwords. I have little doubt that the hackers are hard at work trying to crack the encryption, so I strongly advise you to immediately change your eBay and PayPal passwords. Also, if you use the same password for sites other than eBay, you should change the password for those sites too -preferably to something unique.

Finally, because the hackers got access to eBay user’s email addresses, it is very likely that there will be an increase in spoof or fake phishing emails asking you to click on a link. Be on the look out for such emails, and be extra cautious before you click on any links in any email you receive, unless you are ABSOLUTELY SURE of it’s origins. GICI support customers can always call us to check if an email is trustworthy or not – our friendly staff are always happy to help.

The post eBay Security Breach – What should I do? appeared first on G.I Computer Innovations | Sunbury PC Support and Maintenance | Server Install Tech Support | Web Design Hosting.

]]>
Which SSL certificate should I buy? http://www.gici.com.au/ssl-certificate-buy/ Fri, 02 May 2014 04:54:39 +0000 http://www.gici.com.au/?p=1565 This is the second of 2 posts I wanted to make about SSL and Certificates. The first post described, in general terms, what SSL is, the role it plays in HTTPS connections, and how certificates are used to bring these parts together. In this post, I’ll describe the different type of SSL certificates that are […]

The post Which SSL certificate should I buy? appeared first on G.I Computer Innovations | Sunbury PC Support and Maintenance | Server Install Tech Support | Web Design Hosting.

]]>
This is the second of 2 posts I wanted to make about SSL and Certificates. The first post described, in general terms, what SSL is, the role it plays in HTTPS connections, and how certificates are used to bring these parts together.

In this post, I’ll describe the different type of SSL certificates that are used by websites, what the key differences are between them, and how to decide which certificate (if any) you need for your own website.

As mentioned in my earlier post, SSL certificates serve two major functions:

  • Certificates allow two computers to have a ‘private’ conversation, using data encryption to make sure that the data shared between them cannot be understood by a third party. This is important for many reasons, one of the most common being for online commerce, where sensitive financial information is being passed between two computers.
  • Certificates are used to allow servers to ‘prove’ that they are trustworthy (that they are who they say they are) to other computers. For example, when you have an SSL protected session with your bank, you can inspect the bank’s website’s certificate to decide if you have actually connected to your bank’s server, and not to a bogus one. My first blog post on this topic describes how you can do this.

SSL Certificate Vendors

The main intent of this blog post is to help you decide the type of certificate you should get for your website. So I am going to avoid a lot of technicalities and simply describe the certificate type that are most commonly offered by the major certifying authorities, like Symantec, Commodo and GlobalSign.

When you first start looking around for an SSL, the first impression is that there are a lot of companies offering a wide range of SSL products.

In reality there is a fairly small number of companies in the SSL market. This is largely because it’s not an easy business to start up in – with required annual security audits which must be passed for a firm’s certificates to be trusted by the major web browsers. For example, Symantec – which owns Verisign, Thawte and Geotrust has about 38% market share, with Commodo, Go Daddy and GlobalSign holding more that 50% between them. Although these are all selling what are essentially the same product, there can be some pretty startling price differences. So it’s worth shopping around – once you know what you’re looking for.

SSL Certificate Types

There are actually a relatively small number of SSL ‘types’ although the names given to them vary a bit from one vendor to another. One thing they all have in common is that they provide encrypted connections between two computers. The minimum encryption level is 40-bits, although that low level only happens on a small and outdated set of systems (see the discussion of SGC Certificates below.) In all other cases you’ll get a minimum of 128-bit encryption – and that is very secure.

Domain Validated (DV) SSL Certificates

These certificates are the least vetted of SSL certificates. Before issuing a certificate of this type, the CA verifies that some with control of the domain in question approves the certificate request. This is often done by sending an email to the organization contact for the domain. If the CA receives a positive response (also via email) the certificate is issued. This process is usually automated, and consequently makes these the cheapest of all SSL certificates.

Because the validation is so weak and easily circumvented, this kind of SSL doesn’t really offer much of a guarantee that the website using it is legitimate. Digicert won’t even issue this kind of certificate (http://www.digicert.com/dv-ssl-certificate.htm)

On the other hand, if all you are interested in is having an encrypted connection, then a cheap DV certificate offer just the same level of encryption as the others (with the exception of the SGC certificates.)

Extended Validation (EV) SSL Certificates

In terms of server validation, these are the polar opposite of the DV certificates. In fact, EV certificates came about, in large part, from the ease with which DV certificates can be obtained.

Given that one of the key features of an SSL is to identify the server that’s using it, it’s not very helpful if someone can obtain an SSL with minimal verification or vetting. Fraudulent websites started using DV SSL’s to add the impression of credibility to their websites. Therefore the CA/Browser Forum (an industry group made up of the major SSL and web browser vendors) created a very strict set of guidelines for a much more ‘secure’ SSL (https://cabforum.org/extended-validation/). This is the Extended Validation SSL certificate. An EV SSL is only issued after some thorough vetting and verification of the requesting organisation has been completed.

In order to make servers using EV SSL’s standout, the CA/Browser Forum guidelines include some unique display elements (in supporting browsers) when an EV SSL is in use. Generally speaking, this boils down to some green text in the address bar of the browser:

ev_address_bar

This makes it easy for users to recognise that they are dealing with a trustworthy server. EV certificates are fast becoming the standard for websites supporting online commerce, such as shopping and banking sites. Because of the high level of trust that these certificates represent, these certificates are increasingly popular.

Wildcard SSL Certificates

Use a wildcard SSL certificate if you want to secure multiple subdomains with a single certificate.

For example, if you own the domain “mybiz.com.au”, a wildcard SSL can secure “www.mybix.com.au”, “support.mybiz.com.au” and “shopping.mybiz.com.au.” However, a wildcard SSL cannot be used to secure different domain, for example “www.mybiz.com.au” and “www.mybiz.net.au.” For that you need to use a SAN certificate (see below.)

Also, wildcard SSL’s cannot be issued under the rules for Extended Validation (EV) certificates, so to protect multiple domains with an EV SSL, you will also need to use SAN.

SAN Certificates

SAN is an acronym for “Subject Alternative Name.” In the digital certificate world, this boils down to ‘extra’ domain names covered by a single certificate. You might remember that in my description of Wildcard SSLs, I mentioned that “www.mybiz.com.au” and “www.mybiz.net.au” could not be covered by a single wildcard SSL. This is where SAN can help, as it allows both these domains (and many more) to be covered by a single SSL certificate.

EV certificates also support SAN, so this is often the way to go if you want several domains secured by a single EV SSL certificate.

Server Gated Cryptography (SGC) SSL Certificates

Some very old versions of browsers and the Windows operating system can only support 40-bit encryption. A now-repealed US law prevented US companies from exporting software which used encryption higher than 40 bits. All-in-all, this means that there are some old systems out there that support encryption using no more than 40 bits, which isn’t necessarily very secure.

SGC certificates were created to overcome this 40-bit limitation. If a server has an SGC certificate, then it can connect to these old systems using 128-bit encryption. This is great, but in reality the systems in question are very few and far between, and simply using such and old browser (or operation system) is a bigger security risk in itself than the low levels of encryption.

How old are these system we’re talking about?

  • Internet Explorer V3.02 up to (but not including) V5.5
  • Netscape from V4.02 up to V4.72
  • Windows 2000 systems shipped before March 2001, using Internet Explorer and which have not had the High Encryption Service Pack installed.

Given that they are among the most expensive of certificates, I can’t imagine many GI Computer Innovations customers, or anyone else for that matter, who needs an SGC SSL.

The post Which SSL certificate should I buy? appeared first on G.I Computer Innovations | Sunbury PC Support and Maintenance | Server Install Tech Support | Web Design Hosting.

]]>
SSL and Certificates – A Rough Guide http://www.gici.com.au/ssl-and-certificates/ Fri, 11 Apr 2014 01:35:05 +0000 http://www.gici.com.au/?p=1532 A few weeks ago I decided that I’d write a blog post about SSL and certificates (in particular in terms of websites.) As luck would have it, the recent media outburst caused by the recently revealed Heartbleed bug in OpenSSL makes the post more relevant that I could ever have hoped it would be. What […]

The post SSL and Certificates – A Rough Guide appeared first on G.I Computer Innovations | Sunbury PC Support and Maintenance | Server Install Tech Support | Web Design Hosting.

]]>
A few weeks ago I decided that I’d write a blog post about SSL and certificates (in particular in terms of websites.) As luck would have it, the recent media outburst caused by the recently revealed Heartbleed bug in OpenSSL makes the post more relevant that I could ever have hoped it would be.

What is SSL?

SSL is an acronym for “Secure Sockets Layer” and is a computer protocol that can be used by 2 systems to communicate with each other securely. This means that no-one else can read the messages passed between the two. This is achieved by encrypting (scrambling) the messages between the two computers. When reading about SSL, you might also see the acronym ‘TLS.’ TLS stand for “Transport Layer Security” and this is essentially a new name for SSL, and you will often see them referred to together as “SSL/TLS” in computer literature.

What is HTTPS?

HTTPS is “HTTP within SSL/TLS.” This means that the web browser communications with the server are using an SSL/TLS connection, which in turn means that the data transmitted between the two systems is encrypted and cannot be read by anyone else. If you have an HTTPS connection, you will usually see a padlock (or some other icon) in the browser address bar to indicate that you’re using a secure connection.

Here’s an example:

https_example

What are ‘certificates’?

In the context of website security, a certificate is a way for a website to ‘prove’ that it is legitimate and that it is what it claims to be. How does this work?

Certificates rely on the concept of trust. Any certificate used by any site on the web has been ‘issued’ (created) by someone, and that someone is identified in the certificate itself. The issuer has, in turn, been issued a certificate by some higher authority, and this continues, creating a ‘chain’ of certificates until it ends at a ‘root certificate.’ So as long as you ‘trust’ all the issuers in the certificate chain, you can trust the owner of the certificate you are dealing with.

This all sounds a bit complicated, but you can easily see the certificate chain by using your web browser. For example, using Chrome, you can right-click on the padlock icon in the browser bar, to see a pop up like this:

Certificate_Popup_1

If you then click on “Connection”, you will see technical information about the SSL/TLS connection with that website:

Connection_Tab

Click on the “Certificate Information” link and can see some information about this certificate:

Certificate_Information

Finally, by selecting the “Certification Path” tab, I can see all the certificates in the chain for this particular certificate:

Certification_Path

In this case, NAB got their certificate issued by Verisign, who issued their own certificate as they are a ‘root’ Certifying Authority (CA.) So as long as you trust VeriSign, (and you probably should –they are a highly trustworthy CA), then you can believe that the server you are connected to is, in fact “ib.nab.com.au”, and not some rogue site that wants to steal your banking information.

You might have noticed that the certificate status is “This certificate is OK.” There are several mechanisms built into the certificates that allow your browser to ensure that the certificates have not been tampered with, and that they are current. If a certificate (or set of them)is deemed to have fallen into the wrong hands, they can be ‘revoked’ – and then you’ll get a warning from your browser that something is wrong with the certificate. Here’s an example of the kind of screen you might see if there is a problem with a certificate:

Certificate_Warning

If you encounter a warning like this, you should only continue on to the site if you are SURE that it’s OK.

As an aside, certificates can be used for certifying other things than just websites. If you are a Microsoft Windows user, you might encounter a warning message like this:

windows-security-dialog

What has happened here it that Windows has tried to verify the certificate chain for the piece of software, and it cannot follow an unbroken chain of ‘trusted’ certificates to a trusted CA. This means that Windows (and therefore you) cannot be sure of who wrote the software. In today’s increasingly insecure internet, you should be very wary of installing software if you cannot be sure of where it originated.

Putting it all together

So, you’re surfed to an “https://” website, the browser deems the site’s certificate to be good. What happens next?

Using information contained in the certificate, the browser and the remote server can create and share a set of mathematical ‘keys’ which they can use to create an encrypted connection between each other. This, in a nutshell is how your browser creates an “SSL/TLS” connection to the remote server.

In my next blog post, I’ll discuss the different type of certificates which web servers use, what the difference is between them, and why you would choose one kind over another.

 

The post SSL and Certificates – A Rough Guide appeared first on G.I Computer Innovations | Sunbury PC Support and Maintenance | Server Install Tech Support | Web Design Hosting.

]]>
The Heartbleed Bug http://www.gici.com.au/heartbleed-bug-2/ Thu, 10 Apr 2014 05:06:18 +0000 http://www.gici.com.au/?p=1530 As you might have read or heard in the media, a serious vulnerability has been discovered in the OpenSSL library used by many servers on the internet. As part of our service to our customers, I am writing to explain what this means, and what impact it might have on your business. Before I explain […]

The post The Heartbleed Bug appeared first on G.I Computer Innovations | Sunbury PC Support and Maintenance | Server Install Tech Support | Web Design Hosting.

]]>
As you might have read or heard in the media, a serious vulnerability has been discovered in the OpenSSL library used by many servers on the internet. As part of our service to our customers, I am writing to explain what this means, and what impact it might have on your business.

Before I explain a little bit more about the Heartbleed bug, let me reassure you that no servers administered by GI Computer Innovations are affected by this bug. This means (for those of our clients whose websites use SSL certificates), that none of your company data on those servers, nor any of the encrypted connections to those servers were ever at risk from this bug.

Why is this bug such a big deal?

Each day, millions of connections are made to internet server using the SSL protocol. SSL is an acronym for “Secure Sockets Layer’, and it is a system that (among other things), ensures that data transferred between a server and a client is safe from being intercepted and ‘snooped’ by a third party. In tomorrow’s blog post to the GICI website I will explain in more detail how SSL works, and the reasons that you might want to use an SSL certificate for your website.

The Heartbleed bug is a bug in the software used by some (but not all) servers to handle SSL connections. If a server is using a vulnerable version of OpenSSL, it is possible for a hacker to intercept and read the data in the SSL connection. This is bad news in itself, but it gets worse. The bug also allows a hacker to ‘see’ into the memory on the affected server. This, in turn might allow the hacker to snoop the data in EVERY SSL connection made to that server, or to steal usernames and password from the server. That’s very bad news indeed.

How widespread is this bug?

Initial estimates are that more than 500,000 websites were vulnerable when this first came to light. Affected sites included sites such as Yahoo.com and Flickr.com. Conversely, Google.com, facebook.com, and you tube.com were among those site unaffected. Nonetheless, this is affecting a very large number of sites, and it will be a while before everyone upgrades to ‘safe’ version of OpenSSL.

What should I do?

As I mentioned above, we have checked those servers which we administrator websites on, and which use OpenSSL, and have confirmed that none of them is vulnerable. In wider terms, keep your eye on the media for updates, watch out for communications from other website that you personally use. It is quite likely that some organisations will be advising their customer to change their passwords once they have updated software in place. For more information about “The Heartbleed Bug” see http://heartbleed.com/

Finally, as your IT Support company, we at GICI are always ready to answer any questions you may have. Please contact us if you have further concerns or questions.

The post The Heartbleed Bug appeared first on G.I Computer Innovations | Sunbury PC Support and Maintenance | Server Install Tech Support | Web Design Hosting.

]]>
Windows XP End of Support http://www.gici.com.au/windows-xp-support/ Thu, 03 Apr 2014 00:11:01 +0000 http://www.gici.com.au/?p=1518 If you are still using computers that run Windows XP, the information in this blog very important to you and your business. Please take a few minutes to read it. You may or may not be aware of this, but Microsoft is ending support for Windows XP on 8th April this year – less than […]

The post Windows XP End of Support appeared first on G.I Computer Innovations | Sunbury PC Support and Maintenance | Server Install Tech Support | Web Design Hosting.

]]>
If you are still using computers that run Windows XP, the information in this blog very important to you and your business. Please take a few minutes to read it.

You may or may not be aware of this, but Microsoft is ending support for Windows XP on 8th April this year – less than a week from now!

What does this really mean? And what effect will it have on your business?

Windows XP will continue to work

Some people think that Windows XP system are just going to stop working on April 8th – that’s not true. All your existing software will continue to work just as it did before. Your Windows XP computers won’t be disabled or stop booting up. So there ‘s no need to worry on that score.

Serious Security Issues

Microsoft will no longer look for, or  fix security problems in Windows XP. This means that hackers will have a free-reign to exploit Windows XP security bugs. Because the hackers (the folks who write viruses and malware) have known for some time that Microsoft will no longer fix security bugs, it is very likely that the hackers have been ‘saving up’ new, unknown security holes and are just waiting to unleash them, knowing that Microsoft will never fix them. Many security experts expect to see an increase in new security attacks on Windows XP systems soon after the 8th April deadline passes.

All this means that ANY system you have that is running Windows XP is very vulnerable to attack, and once a hacker has got access to one system in your network, it is much easier for them to infiltrate your other systems.

What about anti-virus and anti-malware software?

There is some good news on this front: most anti-virus/security software providers will continue to support their products on Windows XP for the time being. For details take a look at this article: http://www.av-test.org/en/news/news-single-view/artikel/the-end-is-nigh-for-windows-xp-these-anti-virus-software-products-will-continue-to-protect-xp-after/

However, even with security software like firewalls, anti-virus and anti-malware software, your Windows XP systems are exposed and vulnerable. There can be no guarantee that the security software providers can protect against bug in the operating system itself. In other words, your Windows XP systems are a serious exposure of your business, and your business’s and clients’ data.

What should I do?

The course of action you take varies depending on your particular circumstances and requirements. At a bare minimum you should make sure you:

  • Apply all available updates (from Microsoft and your other software providers) to your XP systems
  • Remove Java (unless you absolutely need to use it)
  • Do not use Internet Explorer as your web browser – instead use Google Chrome or Mozilla Firefox. The most recent version of Internet Explorer that works on Windows XP is Internet Explorer 8 – and that is already very old and will no longer receive security patches

If you still have Windows XP systems, please contact us to discuss your options. As an IT Support company we are always here to help our customers, and in this particular case we really cannot overstate how important it is to either migrate away from Windows XP, or take some serious steps to ensure the integrity of your remaining Windows XP systems.

Call us and we will be happy to discuss options with you, and give you advice on what you can do to minimise the impact of the Windows XP end-of-life deadline.

The post Windows XP End of Support appeared first on G.I Computer Innovations | Sunbury PC Support and Maintenance | Server Install Tech Support | Web Design Hosting.

]]>
PC Service Promotion http://www.gici.com.au/pc-service-promotion/ Fri, 24 Jan 2014 00:31:56 +0000 http://www.gici.com.au/?p=1480 We are giving FREE HP ALL-IN-ONE printers to the first 5 customers to purchase PC Service! Contact Us today for more detail!

The post PC Service Promotion appeared first on G.I Computer Innovations | Sunbury PC Support and Maintenance | Server Install Tech Support | Web Design Hosting.

]]>
PC-service-melbourne

We are giving FREE HP ALL-IN-ONE printers to the first 5 customers to purchase PC Service!

Contact Us today for more detail!

The post PC Service Promotion appeared first on G.I Computer Innovations | Sunbury PC Support and Maintenance | Server Install Tech Support | Web Design Hosting.

]]>
The State of Networking Market Roundtable http://www.gici.com.au/state-networking-market-roundtable/ Fri, 10 Aug 2012 03:31:44 +0000 http://www.gici.com.au/?p=857 Networking vendor ZyXEL caught up with their Australian and New Zealand distributor SMS eTechnologies and channel partners over lunch at SMS eTechnologies’ Etihad Stadium Corporate Suite to discuss the current state of Networking Market and how ZyXEL can enables partners to profitably grow their business. To view the full article Click Here. L-R: Greg Ibbotson & Mitchell Haden of GI Computer Innovations L-R: Annie Deng of SMS eTechnologies & Mitchell Haden of GI Computer Innovations

The post The State of Networking Market Roundtable appeared first on G.I Computer Innovations | Sunbury PC Support and Maintenance | Server Install Tech Support | Web Design Hosting.

]]>
Networking vendor ZyXEL caught up with their Australian and New Zealand distributor SMS eTechnologies and channel partners over lunch at SMS eTechnologies’ Etihad Stadium Corporate Suite to discuss the current state of Networking Market and how ZyXEL can enables partners to profitably grow their business.

To view the full article Click Here.

L-R: Greg Ibbotson & Mitchell Haden of GI Computer Innovations

L-R: Annie Deng of SMS eTechnologies & Mitchell Haden of GI Computer Innovations

The post The State of Networking Market Roundtable appeared first on G.I Computer Innovations | Sunbury PC Support and Maintenance | Server Install Tech Support | Web Design Hosting.

]]>
SBS Guide Setup Guide v1.9.5 http://www.gici.com.au/sbs-guide-setup-guide-v1-9-5/ Wed, 19 Oct 2011 02:24:32 +0000 http://www.gici.com.au/?p=848 The following has been taken from:http://blog.mpecsinc.ca/2010/12/sbs-2011-setup-guide-v100.html SBS 2011 Setup Guide v1.9.5 This list is the guide that we use to set up our SBS 2011 boxes or VMs in a consistent manner. As with earlier versions of SBS, this version too will require a number of post OS install tweaks and configuration steps. TechNet: SBS 2011 Release Notes Microsoft Support: KB2483007 Windows SBS 2011 Standard Known Post Installation […]

The post SBS Guide Setup Guide v1.9.5 appeared first on G.I Computer Innovations | Sunbury PC Support and Maintenance | Server Install Tech Support | Web Design Hosting.

]]>
The following has been taken from:http://blog.mpecsinc.ca/2010/12/sbs-2011-setup-guide-v100.html

SBS 2011 Setup Guide v1.9.5

This list is the guide that we use to set up our SBS 2011 boxes or VMs in a consistent manner. As with earlier versions of SBS, this version too will require a number of post OS install tweaks and configuration steps.

The following assumes that the server manufacturer’s prep disk was used to update the BIOS, motherboard firmware, RAID controller firmware, backplane firmware, and any other device’s onboard firmware prior to installing the SBS 2008 OS. The firmware update step is an absolutely critical one for the stability of the server.

Note that we do not input the Product Key into the OS until we are ready to put the server into production or are on the edge of finishing up a migration.

The SBS 2011 Setup Steps

  1. When installing into a VM set the time.
    • MPECS Inc. Blog: Hyper-V- Preparing A High Load VM For Time Skew
    • Standalone: When virtualizing SBS on a standalone server set the host to poll pool.ntp.org for the correct time. Configure the host’s firewall to allow NTP polling on the local subnet. Then set theSBS VM to poll the host’s IP or hostname for time using the above settings.
    • Clustered: Have the standalone DC polling pool.ntp.org and set as the authoritative time source for the domain. Have SBS and other VMs poll the standalone DC for their time using the above settings.
  2. Install the manufacturer’s drivers.
    1. RAID including RAID monitoring/status software.
    2. Chipset.
    3. Video.
    4. NIC (Do not team). Unplug or disable any extra NICs for now.
    5. Management suites from the hardware manufacturers will be installed later on in this process.
    6. We do not install System Center Essentials that is provided by Intel on our Intel based SBS 2008 servers.
  3. Desktop
    1. Set the desktop resolution for the monitor attached.
      • Keep in mind that some remote management modules such as Dell’s DRAC may not work if the monitor’s resolution is set too high.
    2. Enable desktop icons:
      1. Click Start –> type: Desktop Icons [Enter].
        • image
  4. GUI Customization
    1. Windows Explorer.
      • Extensions, Show hidden . . .
      • image
      • image
    2. Start Menu.
    3. Notification Area.
    4. Add a Desktop Toolbar to the Task Bar .
      • image
    5. Internet Explorer.
      1. Add http://download.microsoft.com to Trusted Sites.
    6. Task Manager Process Column Customization.
      • PID, memory usage, maximum memory usage, I/O Bytes (3)
  5. PartitioningMove the optical drive letter to Z:.
    • NEW: RAID 5 with 4x 15K SAS Spindles (four drives) is now our default RAID setup for small clients.
      • For our 8-15 seat clients we will configure 5 15K SAS spindles in RAID 5 plus a hot spare depending on their I/O requirements.
      • With the advent of the 300GB and 600GB Intel 320 Series SSDs we are looking to SSDgoing forward for those clients that require ultra-high performing storage systems.
      • For clients with around 15 seats or more we are starting to configure a standalone 1Userver for virtualization or Hyper-V Cluster directly attached to a Promise VTrak RAID Subsystem (VTE310sD or VTE610sD) for maximum storage flexibility.
    • Name after the amount of storage is the drive label.
      • ~900GB Usable (4x 300GB 15K SAS)
      • C: 150GB SS-SBS (Rename to SBS server name)
      • S: 1.5x RAM xxGB SwapFile (Min. 10GB RAM * 1.5 with wiggle room)
        • 32GB SwapFile
        • SBS 2011 swap file configuration out of the box:
          •  image
      • L: 718GB WorkingStorage
    • Note: Exchange 2010 has been designed from the ground up to utilize more RAM. Adding more RAM for Exchange performance would be our priority before adding more spindles to the RAID 10 set.
    • Also, we do not install SATA hard drives of any kind into server settings anymore. In our experience they are too problematic in RAID arrays no matter which manufacturer made them.
    • MPECS Inc. Blog: SAS versus SATA and Hardware RAID versus Software RAID.
  6. Move the Swap File (Reboot).
  7. SBS 2011: Do _notCopy and paste this services shutdown batch file onto the desktop (previous blog post).
    • The Exchange 2010 team has addressed the issues of having Exchange installed on a DC with this version. Exchange 2007 had shutdown timing issues thus the long shutdown times.
  8. Install and configure Print Services Role: SBS 2008 Terminal Services and HP Printer Drivers(previous blog post).
    • image
  9. Windows Native Tools Management Console modifications
    1. Add the Group Policy Management Console
    2. Add the Print Management snap-In (after adding the Print Server Role).
    3. Add the Share and Storage Management snap-in.
    4. Add the File Server Resource Manager snap-in.
    5. Add the Remote Desktop Services Manager snap-in.
    6. Add the Windows Server Backup snap-in.
      • image
  10. Configure an authoritative time source for the SBS OS.
    1. Blog Post: Hyper-V- Preparing A High Load VM For Time Skew
      • This is the best methodology to date for setting up a VM’s Windows Time Service.
    2. Blog Post: SBS 2008 Physical And Hyper-V – Set Up the Domain Time Structure.
      • The default time.windows.com is not a reliable source.
    3. TechNet: Synchronize the Source Server time with an external time source for Windows SBS2008 migration.
    4. Once the commands have run, an error message or two may show in the Event Logs soon to be replaced by a successful connection to the authoritative time source.
    5. Note Oliver Sommer’s comments in the above article.
  11. Enable ShadowCopies on the WorkingStorage partition and set a schedule. We use before hours, coffee, lunch, coffee, and after hours for the schedule.
  12. DHCP IPv4 Properties (DNS updates & credentials)DHCP additional exclusions for printers (x.1-10 if not present) and servers (x.250-254).
    • image
    • Enable Name Protection and set the credentials.
  13. DNS Settings for Scavenging at 7 days and AD integrated zones.
  14. Create a 10GB Soft Quota (File Server Resource Manager).
  15. Enable firewall logging and pop-ups: SBS 2008 Windows Firewall with Advanced Security troubleshooting (previous blog post).
    1. Customize the firewall setup for QuickBooks.
      1. QuickBooks Connection Diagnostic Tool Post (Previous blog post).
    2. Customize the firewall setup for Simply Accounting (Previous blog post).
  16. Create the default Company Shared Folder with required NTFS and share permissions on the L: WorkingStorage partition.
    • Share Name: Company.
    • Quota: 10GB Soft.
    • Enable Access-based Enumeration.
    • NTFS Permissions:
      • Domain Admins = FULL.
      • Domain Users = Modify.
      • Leave default machine based permissions.
    • Share Permissions:
      • Everyone = FULL.
  17. Create the ClientApps (previous blog post on GP and the ClientApps folder) on the L: WorkingStorage partition.
    • Share Name: ClientApps.
    • Quota: None.
    • Enable Access-based Enumeration. Subfolders can have custom permissions at a later date to exclude users or groups and thus hide those subfolders at a later date.
    • NTFS Permissions:
      • Domain Admins = FULL
      • Domain Users = FULL
      • Domain Controllers = FULL
      • Domain Computers = FULL
    • Share Permissions:
      • Everyone = FULL
  18. Make changes to the WSUS Setup:
    • WSUS Classifications: Enable all.
    • WSUS Sync Schedule: Increase synchronization frequency schedule depending on what products are installed on the server.
  19. Getting Started Tasks – Out of Order
    1. Configure and take a backup now.
    2. Times: 12:30, 17:30, 23:30.
      • Make sure that the backup times and the Volume Shadow Copy snapshots do not happen at the same time.
    3. Backup Now by right clicking on the configured backup and running it.
    4. Backup in between each batch of updates.
  20. Windows Server 2008 R2 Service Packs
    1. Download and install the latest Windows Server 2008 R2 Service Pack (Bing Search)
      1. Be aware that the install process may take a while.
      2. image
  21. Exchange 2010 Updates
  22. Server Updates via WSUS/MU.
    • Update to the latest SBS Update Rollup first.
    • Run updates according to the following product groups:
    • Windows Server 2008 Standard R2
      • Run OS Updates at around 10-15 per reboot cycle.
      • Run OS Security Updates at around 5-10 per reboot cycle.
    • Exchange SP1/2/3 or Exchange Rollup RU1/2/3/etc
    • .NET
      • If .NET v1 is present update first.
      • Do .NET v2 and v2.x updates one at a time.
      • Do .NET v3 and v3.x updates one at a time.
      • Do .NET v4 and v4.x updates one at a time.
      • Reboot between each cycle as requested.
    • SQL
      • Start with 2005 versions.
      • Next to 2008 versions.
      • Next to 2008 R2 versions.
    • SharePoint Foundation, WSUS, and others.
  23. Create a new User Role in the SBS Console.
    • Name: Standard User – Restricted.
    • Remove all Group Memberships.
    • Add the Domain Users security group only.
    • Remove OWA permission.
    • No RWW or VPN.
    • Verify permissions in the User Role after it is created.
    • This role is used for the local admin account deployed via Group Policy later in this guide.
  24. Create and configure the Group Policy Central Store (Previous blog post).
  25. OPTION: Raise both Domain and Forest Functional level to 2008 R2
    • This is accomplished in AD Domains and Trusts.
    • image
  26. Group Policy Configurations (previous blog post):Install the server hardware manufacturer’s management software suite.
    1. Windows Computer Policy:
      1. Enable Remote Event Log Management (previous blog post).
      2. Set limits to the RDP setup on the server and clients (previous blog post).
      3. Local Policies: User Rights Assignment.
      4. Local Policies: Security Options.
        • Enable UAC by default in Group Policy (previous blog post).
        • NOTE: The UAC structure can be split up between Computers, SBSComputers, and SBSServers GPOs so that domain admin accounts only get prompted on servers.
      5. Remote Connectivity: Restrict certain RDP related settings (previous blog post).
    2. Windows SBSUsers Policy:
      1. Configure Screensaver Management. Our default is 45 minutes with logon.scr as the default SS. Password is always required.
        • 2010-10-18: For Windows 7 we now use scrnsave.scr as the basis for all screensavers which is a blank screen.
      2. Mapped Network Drive (M: = \\SS-SBS\Company) via Group Policy Preferences
      3. Set the Companyweb as the default site in IE.
      4. Add the RWW and OWA URLs to IE’s Favourites.
    3. Windows SBSComputers Policy:
      1. Deploy a restricted domain user to _all_ system’s Local Admin Group.
        1. Create a new user using the Standard User – Restricted Role.
        2. Deploy to workstation’s Local Admin Group via Group Policy Preferences.
        3. Remove the user’s mailbox (previous blog post).
    4. Windows Printer Deployment Policy:
      1. Deploy printers to XP Professional x86 (previous blog post).
      2. Deploy printers to Windows Vista using the Printer Management snap-in.
    5. Windows SBSComputers XP Pro Policy:
      1. Deploy Windows Defender to Windows XP Professional (Optional).
  27. Set the SBS Domain Password Polices (60-75 days, 10-12 characters minimum with complexity).
    • Note that all user’s passwords will reset to request a new password!
  28. Enable Folder Redirection to SBS.OR: Enable Folder Redirection to an separate server (previous blog post).
    • Changing the security settings in the default GPO for redirection will show FR as not enabled in the SBS Console.
    • We remove the Exclusive Access setting on any folders redirected to remove complications when it comes time to migrate the client to a new server.
  29. Remove the Public share in the SBS Console.
  30. Self-issued certificate: copy the package to the Network Admin\SBS folder in the Company shared drive. (We create a Network Admin folder in the Company Shared Folder at all client sites).
  31. If using a GoDaddy certificate, make sure to install the GoDaddy Intermediate certificates (download page) into the Intermediate Certification Authorities store individually to avoid any issues later.
    1. Install the gd_cross_intermediate.crt first
    2. Install the gd_intermediate.crt second
    3. Disable All Uses for GoDaddy Class 2 root certificate in Trusted Root Certification Authorities if present.
      • Check for this one after installing the actual certificate at step 5.
    4. Restart the IISAdmin service.
    5. Install the GoDaddy certificate using the wizard.
  32. Move the relevant data folders to the L: partition. We move all but the Exchange databases.
    1. WSS (SharePoint) Data.
    2. Users’ Shared Folders.
      1. Re-enable Access-based Enumeration
    3. Users’ Redirected Folders Data.
      1. Re-enable Access-based Enumeration
    4. WSUS Update Repository Data.
  33. SBS Console Getting Started Tasks.Configure the Reports e-mail addresses.
    1. Connect to the Internet.
    2. Customer Feedback options.
    3. Set up your Internet address.
    4. Configure a Smart Host for Internet e-mail.
    5. Add a trusted certificate.
    6. Configure server backup: Earlier in this checklist.
    7. Add new users (use the multiple wizard under users if there are a lot of users to add).
    8. Connect computers: http://connect.
    9. Share Printers via Group Policy for Windows Vista and PushPrinterConnections.exe for Windows XP Pro SP3 (both links are previous blog posts).
  34. Configure Workstations on the domain.
  35. Official SBS Blog: How to Configure SBS 2011 Standard to Accept E-mail for Multiple Authoritative Domains
  36. E-mail Enable the SharePoint Foundation Companyweb site (Official SBS Blog Post).  Then:
  37. Enable an MFP or Copier to Scan To E-mail Destined To A Companyweb SharePoint Library(previous blog post).
  38. Enable Single Item Recovery in Exchange Server 2010 – Exchange Team Blog.
  39. Enable and configure Windows Search Services on SBS 2008 or a Windows Server 2008 RTM/R2 file server and Libraries on Windows 7 (Official SBS Blog post).
    1. Install the Search Service (On SBS 2011 it may already be installed).
      1. If so: Click Start –> type Search.
      2. Click Indexing Options in the results.
        • imageimage
      3. Verify that all company shared folders are being indexed.
    2. Add the Company folder share (or Public folder share) to Windows 7 Libraries.
    3. Click start and start typing and watch those network files results flow!
  40. Fix the networking settings for Add-On Congestion Control Provider, Receive Window Auto-Tuning Level, Receive-Side Scaling State, Task Offload (previous blog post).
    • SBS 2008 related … tentative at this point.
  41. Download, install, and run the SBS 2011 Best Practices Analyzer.
    • The BPA will pick up a lot of the little things that need to be configured such as advanced OS networking features that should be disabled and others.
    • The SBS 2011 BPA requires the Microsoft Baseline Configuration Analyzer 2.0.
  42. Change the initial domain administrator’s password if using an Answer File (remember to reset the DHCP credentials, and any Event Log event fired Task too).
    • Note that if the admin account has not been logged off since changing the Password Policies, a log off and log on again will require a password change anyway.
  43. Input the PID and Activate.
  44. Control the Microsoft##SSEE WSUS Database’s memory Usage
  45. Configure Custom Views and e-mail Task triggers for Event IDs (SBS Native Tools Management):
  46. OPTIONS:
  47. Customize the SBS Console Reports.
  48. Run a backup. Crash the server. Restore the Backup. Deliver.

One thing to keep in mind when it comes to checklists is that they are never meant to be a replacement for the materials they summarize!

It is very important to understand why the various steps need to be accomplished, how those steps can change over time due to changes in the operating system, the hardware configurations underneath the OS, and the technician’s own growth in experience and understanding.

The “why” leads to an ability to understand how things are going wrong when they do. Note that we are saying, “when” and not “if” things go wrong.

Troubleshooting

Post OS Setup

Philip Elder

MPECS Inc.

Microsoft Small Business Specialists

Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

The post SBS Guide Setup Guide v1.9.5 appeared first on G.I Computer Innovations | Sunbury PC Support and Maintenance | Server Install Tech Support | Web Design Hosting.

]]>
SQL Server 2008 ports to open on Windows 2008 R2 Firewall http://www.gici.com.au/sql-server-2008-ports-open-windows-2008-r2-firewall/ Wed, 19 Oct 2011 02:11:47 +0000 http://www.gici.com.au/?p=841 The following has been take from: http://social.technet.microsoft.com/Forums/en-US/operationsmanagerdeployment/thread/53fa9a6b-b9db-473f-8564-2ac4c62c3365/ AndreThompson – Friday, October 30, 2009 2:52 AM Hi I installed SQL Server 2008 w/ SP1 on Windows Server 2008 R2. In order to keep the firewall up and have the SCOM Server connect to the SQL Server, I need to configure the firewall on the SQL Server server to allow the SCOM server to communicate […]

The post SQL Server 2008 ports to open on Windows 2008 R2 Firewall appeared first on G.I Computer Innovations | Sunbury PC Support and Maintenance | Server Install Tech Support | Web Design Hosting.

]]>
The following has been take from:

http://social.technet.microsoft.com/Forums/en-US/operationsmanagerdeployment/thread/53fa9a6b-b9db-473f-8564-2ac4c62c3365/

AndreThompson – Friday, October 30, 2009 2:52 AM

Hi

I installed SQL Server 2008 w/ SP1 on Windows Server 2008 R2.

In order to keep the firewall up and have the SCOM Server connect to the SQL Server, I need to configure the firewall on the SQL Server server to allow the SCOM server to communicate with it.

Is there a standard procedure for configuring the firewall for the SCOM severs?

Thanks.

– Andre


Marnix Wolf – Friday, October 30, 2009 6:38 AM

Hi Andre

It is pretty straight forward actually.

Type in the searchbox firewall and select Windows Firewall with advanced security. Go to Inbound Rules and add the ports one by one:

New Rule > TCP > Specific Local Ports > Next > Domain > Next > Finish

Use these Ports:

135– Transact SQL Debugger

1433– SQL Traffic

1434– SQL Browser Traffic

2383– SQL Analytics Traffic

4022– SQL Broker Traffic

Also, do not forget to enable SQL tgraffic. See this posting of mine:http://thoughtsonopsmgr.blogspot.com/2009/09/while-installing-management-server-this.html


Graham Davies – Friday, October 30, 2009 10:23 AM

This assumes that you are using a default instance of SQL .. if you are using a named instance then that by default uses a dynamic port rather than 1433. Best practice would be to configure to use a static port … and open that.

Cheers

Graham


AndreThompson – Friday, October 30, 2009 1:24 PM

Thanks Gentlemen.


Marnix Wolf – Friday, October 30, 2009 1:44 PM

Thanks Graham. You are totally right here.


Filip J – Monday, November 30, 2009 5:35 PM

1434 – SQL Browser Traffic must be on UDP port

barkingdog – Tuesday, April 13, 2010 11:41 PM

Marnix,

You wrote

>>>>

“Type in the searchbox firewall and select Windows Firewall with advanced security. Go to Inbound Rules and add the ports one by one:..”

>>>>

Don’t we also need to open the firewall on the same ports for outbound traffic as well as inbound?

TIA,

Barkingdog


LayneR – Wednesday, April 14, 2010 3:31 PM

By default all outbound traffic is allowed.


barkingdog – Wednesday, April 14, 2010 8:08 PM

LayneR,

>>>> By default all outbound traffic is allowed.

Wow! I presumed that most outbound ports would be closed to prevent servers from being natural cadidatesto send spam and broadcasts, etc out to other servers. Learn something new every .001 second.

Thandk,

Barkingdog


mcsri – Saturday, October 02, 2010 11:09 AM

Grham Devies,

I need  help regarding database mirror,  I have two instance in server A and two instance in server B, i am configuring mirror between this two, I have successfully configured for named instance through GUI, while doing the same lister port automaticaly came (5022,5023) and while configuring default instance mirrorlister port is pointing 5023 (for mirror server)again, hence mirroring failed, because already 5023 is allocated for named instance, how to change listener port for default instance while configuring mirro


Vik Singh – Saturday, October 02, 2010 2:06 PM

This is SCOM discussion group. Please post your questions to SQL group.
Regards,
Vik Singh

Grham Devies,

I need  help regarding database mirror,  I have two instance in server A and two instance in server B, i am configuring mirror between this two, I have successfully configured for named instance through GUI, while doing the same lister port automaticaly came (5022,5023) and while configuring default instance mirror lister port is pointing 5023 (for mirror server)again, hence mirroring failed, because already 5023 is allocated for named instance, how to change listener port for default instance while configuring mirro

Marnix Wolf – Sunday, October 31, 2010 2:42 PM

Hi

This forum is all about SCOM and this thread is marked as answered. For questuons like yours you should go to another Forum: http://social.technet.microsoft.com/Forums/en-us/smallbusinessserver/threads

Crakdkorn – Sunday, October 31, 2010 2:46 PM

Appreciate the help with the ports… added them to both Enterprise SQL 2008 servers (one is R2).  Does not work.

Error:

TITLE: Connect to Server

——————————

Cannot connect to R2 Server.

——————————

ADDITIONAL INFORMATION:

A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server) (Microsoft SQL Server, Error: 5)

For help, click:http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=5&LinkId=20476


NOC VASU – Friday, March 04, 2011 1:14 PM

Thanks Marnix,  This is an excellant answer.  through this you have made me hero.  Thanks dude…


SEME – Tuesday, April 05, 2011 6:42 PM

The following KB addressed by SQL connection issues…

http://support.microsoft.com/kb/968872

The post SQL Server 2008 ports to open on Windows 2008 R2 Firewall appeared first on G.I Computer Innovations | Sunbury PC Support and Maintenance | Server Install Tech Support | Web Design Hosting.

]]>