Horse Sense #79

In this issue of Horse Sense:
  • Recycle Now, Find Out How and Where
  • Lost Your Cursor?
  • Super Powerful (and FREE) Security Measures
  • The Best Technologies You Still Aren't Using (4)
    -- Hard Disk Based Backups and Secondary Storage
    -- Remote Access
    -- Unified Threat Management Appliances
    -- Unified Secure Server Appliances

Recycle Now, Find Out How and Where

Reduce, reuse, recycle.  Once you've covered the first two, where do you go to recycle?  Electronics, especially older ones and batteries, often contain toxic metals that shouldn't end up in a landfill. can help you find a place to recycle your batteries and other electronic and non-electronic detritus.

Recycling may be easier than you think.  You can recycle many small electronic items with the help of your local post office  Fairfax County, where Iron Horse is based, offers no cost recycling of computers, televisions, and electronic peripherals.

Lost Your Cursor?
If you tend to lose your cursor in busy Windows XP or Vista screens, open control panel, select mouse, click on the pointer options tab, and select show location of pointer when I press the CTRL key.  Then when you hit CTRL, the mouse pointer will show up with rings around it.  This doesn't work with some types of "mice," like the touchpad on my laptop.

Super Powerful (and FREE) Security Measures
Do you want to keep your information safe?  There are many sophisticated ways to protect your information, but one of the most powerful ways is to make it unavailable to prying eyes.  The easiest way to do that is to turn off the equipment.  I don't care how good a cracker is.  If your computer is off and he doesn't have physical access to it, then he can't get your data.   Turning your computer off also saves electricity and cash, so it is a good idea for those reasons as well.  I know of some companies that disconnect their network from the Internet each night by throwing a power switch.  You can also increase your security by allowing computers to power down after a period of inactivity.  I also recommend that you set your computers to lock after a few minutes of inactivity as well, so that someone needs to log in to see your valuable data.  In the various versions of Windows, you can do this by right clicking on blank space on the desktop, selecting properties, and configuring the screen saver.  Banking web sites and other security conscious sites, network devices, and other devices have inactivity lockouts that will protect you with little effort on your part.

The Best Technologies You Still Aren't Using (4)
Previously discussed:
Horse Sense 76
--Gigabit Ethernet
--Redundant Arrays of Inexpensive Disks (RAID)
--Power over Ethernet (PoE)
--Xerox Phaser Solid Ink Printers
Horse Sense 77
--Ergonomically Correct Devices
--Pay Per Click Printing
Horse Sense 78
--Bandwidth Management
--E Mail Archiving

Hard Disk Based Backups and Secondary Storage
As hard disks have gotten larger, data loss is becoming a bigger issue.  Thankfully, they have also gotten less expensive as well, so we can now use other disks to safeguard our primary data.  We can do that either through some form of redundancy, like RAID or replication, or through disk to disk backup or archiving.  I've talked about different ways to protect your data in Horse Sense 65, and the benefits of hard disks over tapes in Horse Sense 60  Simply put, hard drives are a high performance, high capacity, inexpensive, durable, and, often portable way to safeguard your valuable information.  If you are still using tapes, you are costing yourself time and money.  Seagate and Western Digital have both announced 2TB drives with lower power consumptions that make storing data on disk even more attractive.

Remote Access
There are two basic ways to access a computer remotely.  A computer that accesses a network as a remote node does the equivalent of extending the network cable through the Internet.  This is usually done by forming an encrypted connection through the public Internet to create a Virtual Private Network (VPN).  Remote nodes behave pretty much like any other node on your network once you have made the connection.  Compared to a computer on the network, though, this cable is very long and tends to have a small amount of bandwidth.  So, instead of being able to contact a server in less than a millisecond, it may take hundreds of times as long to get to the server.  And, when it does, instead of a gigabit Ethernet connection at 1000Mbps, you may be limited to 1.5Mbps T1 speeds.  Obviously, you can't afford to deal with large files or with applications that require a lot of talking back and forth.
You can "beat" the high latency and low bandwidth characteristics of a remote connection by using remote control.  With remote control you use software on your end of the link that uses software on the other end of the link to take over another computer, or something that looks like a computer, like a virtual machine running on a computer or a Citrix or Windows Terminal Services session.  What you have basically done is to extend the keyboard, monitor and mouse over the Internet.  Typically all that passes between the two end points are screen changes, keystrokes, and mouse movements.  Remote control doesn't require a lot of bandwidth and can deal well with fairly high latencies between the end points. Applications that require a lot of back and forth chatter or that deal with a lot of data aren't a problem because everything is happening on the local network, not on the Internet.  Security improves as well because the real data isn't traversing the Internet; just screen updates, keystrokes, and mouse movements.  Remote control isn't as transparent as remote node.  There are two key "costs" of using remote control.  First, you have to have session(s) to control on the target LAN and these sessions use the resources of the host machine.  Second, you have to have the control software at the remote end as well.
Remote control is often used to control servers that are either far away or locked in closets.  IP KVMs are devices that connect to one or more servers via a keyboard/video/mouse (KVM) connection.  You connect to them via remote control software and control machines just as if you were sitting in front of them.  You can even reboot or power cycle equipment and watch as it comes up.
Over the years, remote control has gotten easier.  Setting up encryption for a VPN can require significant effort.  So, since most people have web browsers on their computers and smart phones, and these browsers have the ability to call on encryption routines to talk to secure web sites, programmers decided they could use these browsers (and software that could be easily configured within them) as the client end of the connection.  On the other end, there is typically a device or some software that allows connection to a PC or session that can be controlled.  These so-called SSL VPNs provide easy and secure connections from most web enabled devices, including smart phones or someone else's PC.
Another interesting twist is that remote control sessions don't have to be remote.  They can be in the same office.  So a windows terminal that has no hard disk, a Mac, or a slow PC with an old version of Windows could all run the most recent software.  They just take over a session on a machine that has the capability to run that application.  20 years ago, "personal" computers ran bulletin board software to allow many people to simultaneously use the same computer and hard disk.  Today, computers are even more powerful and it is possible for many people to share the same computer.  Using remote control technology correctly can enhance security, compatibility, and performance, ease upgrades, and lower costs.
Remote control has changed the way Iron Horse works with its customers.  Now we can manage and troubleshoot routers, servers, firewalls, and PCs remotely.  This allows us to extend our service range.  Not long ago, I troubleshot firewall and connection problems between a customer's offices in Utah and the United Kingdom from my Virginia office.  Remote control technologies allow us to eliminate travel time and expense and allow us to resolve problems more quickly.  With the terrible traffic in the Washington, DC metro area, this is a big deal.  We can even set up remote monitoring and management so we can tell if there is a problem and fix it.  In fact, with desktop and server management tools, it is possible to look at a fleet of client machines and perform needed remote updates all at once, automatically.  IT staffing is expensive and smaller companies often can't afford to hire their own IT staff.  With remote control technologies, our help is now only a phone call away and the cost/benefit ratio for that professional service keeps getting better.
Remote connectivity allows employees to work from home which has been shown to improve productivity, boost morale, eliminate commutes, save energy, save space, save money....  In other words, if you don't have the ability to access your work (or even your home) computer easily, you need to put this technology in place.  For example, if you don't have remote control technology for your servers and your network technicians aren't in the office, you could have an extended period of down time.

Unified Threat Management Appliances
If you haven't upgraded your firewall in over 3 years, you need to take a close look at what it is doing for you.  The firewall vendors certainly have.  Business class firewalls now routinely offer other functions and have become Unified Threat Management (UTM) devices.  They combine firewalls (only let traffic that is invited in), with intrusion detection and protection systems (see if something slipped in), anti-virus/spam/malware technologies (keep bad things like "vampires" out, even if they are invited in), content filtering (keep people from going where they shouldn't), virtual private networks (keep conversations with people across the Internet safe from prying eyes), and other functions.  At the same time, their performance has improved.  Gigabit UTMs are now common.  Who needs a gigabit firewall?  You may if you want to access your web server on the other side of the firewall but still within the building.  And, more powerful UTMs mean you can use all those fancy new features without compromising your speed.  You can also take advantage of higher bandwidth links that are becoming more common as the phone and cable companies make these connections more available.  The firewall market has matured.  The new UTMs are faster, better, cheaper, easier to use, and more flexible than the firewalls, and even older UTMs, they replace.  Maybe you deserve more than your old firewall.

Unified Secure Server Appliances
I am coining a new term here.  UTMs are mostly about the data flowing through the device.  They aren't an endpoint.  However, Unified Secure Servers provide high levels of security while also serving as a destination point for your data.  For example, the server from which you just received this e mail is the focal point of our small network.  It uses DHCP to provide IP addresses to our workstations.  It serves as the gateway firewall and router for our production and customer networks. It sends, receives, and stores e mail as an e mail server.  It performs antivirus and antispam functions.  It provides DNS (changing into an IP address computers can read) resolution for our internal machines and resolves requests for our domains from machines out on the Internet.  It runs the list server that sent you this mail.  It serves web pages.  It serves as a file repository for our network using both Windows SMB/CIFS and FTP.  It does rudimentary traffic shaping.  It synchronizes time for our network....  It has a lot of other capabilities, but most people only use a fraction of them.  It does all of these things not only for us, but for corporations and Internet Service Providers across the globe serving millions of clients.  While it has been continually updated over the years, we have used the same product since the mid 90s.  The cost/benefit ratio of this unified secure server is outstanding.  Could you use one in your business?

©2009 Tony Stirk, Iron Horse