ComTech: IT Support Stirling
TwitterFacebookGoogle

Just how secure is secure?

Mention security these days and the response you will probably get is things take longer (getting through an airport for example). Everyone hates it but like it or not it has become part of our daily lives. But how secure can you actually make something?

This is the question I was asked by a client last week.  We were talking about possible upgrades to their network along with checking the measures they already had in place.  I did the usual – check password strength, permissions on the server, antivirus, firewalls etc and as is the norm they wanted security but not the hassle it brings.  “We need things to just work and not worry about these security things” to which I replied “You can have security or connivence but rarely can you have both”.

Lets start with good practice. Don’t use easy passwords and don’t write them on posit notes stuck to the PC either!!!! Use one vendor for antivirus on all the systems as this allows easier troubleshooting if something happens. I did read an article yesterday suggesting you use two as any holes found in one product is unlikely to be in the second.  I can understand this logic to a point but this makes troubleshooting a lot more difficult.  I try to explain to clients they are better to standardise their software across all their PC’s for this reason.  Finally only give users the permission they need not what they want.

Now onto Firewalls.  A good firewall will stop attackers getting onto your network in the first place (or at the very least telling you someone is trying) and there are endless vendors like SonicWall or Cisco who supply excellent products.  The problem is the cost, or more accurately the perception of cost. Most of the clients I deal with are small home businesses who can’t justify the cost of installing a third party firewall and instead rely on the BT Home HuB (or similar).  These type of routers contain a basic firewall which is robust for the most part (you can configure ssh access for example) but don’t have the feature set of the more expensive models from the likes of Cisco.

The biggest problem with security though is us.  Humans are well known for always being the weakest link in IT.  If we see security as getting in the way then we get annoyed and turn it off.  My antivirus is slowing down emails coming in – turn it off.  You want me to remember how many passwords – don’t think so!! You get the picture!!

So back to the the original question – how secure is secure? The answer is nothing is ever gong to be 100% secure (especially with humans involved) but we can get close.  The problem is where do you draw the line with regards to security affecting users ability to do their job?  Too much security and nothing gets done while too little and you will get serious issues.

I will leave answering that question upto you.

About the Author

P1020114

Hi I’m Chris Wakefield the owner of ComTech IT Support. I provide Cisco, Windows, OS X and Linux based IT Support to small businesses throughout Scotland.

Follow @Comtech247 on Twitter

 

I think it is time to get worried


I had an email from a fellow tech last week about a new threat doing the rounds called Cryptolocker.  I would suggest you take a look at the article as it does make for some scary reading.

The jist of the article is that once this trojan gets downloaded and installed onto your system it encrypts either the whole hard drive or just sections of it (Documents etc) and you have to pay a fee to get it unencrypted.  The problem is that even if you reset the system you can’t recover your documents beforehand as they are encrypted meaning you lose all the data stored on that system.  That however is not the worst part.  Any network drives that are mapped to the infected system are also encrypted!! If you have a central server that shares files across the network potentially this trojan could encrypt all your files.

So what is the best defence against this?

First things first make sure that your antivirus is fully updated and make sure you are running a paid version not free software.  The reason I say this is that recently I have seen a lot of viruses getting through free antivirus plus in a business environment you should have a paid antivirus anyway.

Educate your users and make sure they understand the consequences of what might happen and lastly take backups and get them offsite.  If you are backing up to another system on the network it could also get encrypted if the worst happens.  External hard drives would be a bonus here or alternatively use online storage.  Personally I would suggest something like Dropbox and there is one very good reason for this.  Dropbox allows you to recover seven versions of any file stored in your account and in this scenario that would be a lifesaver.  If your server that is linked to Dropbox did get compromised and the Dropbox folder encrypted you could still recover the files.

Either way make sure you have backups and keep monitoring your systems.

About the Author

P1020114

Hi I’m Chris Wakefield the owner of ComTech IT Support. I provide Windows and Linux based IT Support, laptop repairs and computer repairs to both business and personal clients in Stirling, Falkirk and Perth.

Follow @Comtech247 on Twitter

 

 

Tutorial – How to Subnet


Today I will show you a technique I learnt for my Cisco exams on how to subnet and choosing subnet masks.

The best way to explain subnetting is by showing some examples.

Question 1:

If a subnet mask of 255.255.0.0 were used with a Class A network how many subnets and hosts per subnet could exist?

Answer:

The best way to answer this question is to break it down into individual sections.  The sections are:

1. No of Network bits

2. No of Host bits,

3. No of Subnet bits,

4. No of Subnets

5. Hosts per Subnet.

Lets take them one at a time.

No of Network bits = 8 (This is defined by Class A = 8, Class B = 16 and Class C = 24)

No of Host bits = 16 (This is defined by the number of zeros in the subnet mask)

No of Subnet bits = 8 (This is defined by 32 – No of network bits – No of Host bits)

No of Subnets =  256 (This is defined by  2ˆ No of subnet bits)

Hosts per Subnet = 65534 (This is defined by 2ˆNo of Host bits – 2)

So to answer the question  No of subnets = 256 with 65534 hosts per subnet.

Question 2:

Which of the following are valid subnet numbers in network 180.1.0.0 when using mask 255.255.248.0?

a) 180.1.8.0

b) 180.1.4.0

c) 180.1.40.0

Again the best approach is to break the question down into sections.  This time the sections are:

1. Find the Subnet Number

2. Calculate the First address in the range

3. Calculate the Broadcast address

4. Calculate the last address in the range

Lets take them one at a time.

Subnet Number = 180.1.0.0 (This is defined by 256 – 248 = 8 (Subnet Magic Number). 8 *0 = 0 (Interesting Octet) which is the closest multiple <=0 which is the 3rd octet in 180.1.0.0)

First number in the address range = 180.1.0.1 (This is defined by adding 1 to the subnet’s last octet)

Broadcast Address = 180.1.7.255 (This is defined by the Subnet Magic Number (8) + Interesting Octet (0) minus 1

Last address in the range = 180.1.7.254 (This is defined by the broadcast address -1)

So to answer the question the subnet numbers begin with 180.1.0.0 (zero subnet) and then 180.1.8.0, 180.1.16.0 and so on therefore a and c are the correct answers.

I hope that the steps outlined above help when it comes to subnetting your own networks.

About the Author

P1020114

Hi I’m Chris Wakefield the owner of ComTech IT Support. I provide Windows, Mac and Linux based IT Support to small businesses in Stirling, Alloa and Falkirk.

Follow @Comtech247 on Twitter

How do you manage virtual machines over a network using Oracle Virtualbox?


How do you manage virtual machines over a network using Oracle Virtualbox? I have been asked this a couple of times recently and today I will show you how.  Most of my tutorials on Virtualbox have been along the lines of installing the software onto a system and managing the virtual machines on that system in person.  This works well if you have a couple of virtual desktop machines but when you have quite a few servers involved going between each server to carry out maintenance becomes very tedious.

This is where you need a piece of software called phpvirtualbox.  Phpvirtualbox is an open source web based front end for Virtualbox which allows you to manage all of your virtual machines over the internet.

So lets take a look at how we set this up.  For the basis of this tutorial I will be using Linux Mint 12 and Virtualbox 4.1.4.

We first need to download and install the current version of Virtualbox from the Virtualbox website.

Once installed we need to add a user who will run Virtualbox.  Open up a terminal as root and type:

adduser vbox

When asked supply a user password.  Next we have to add the vbox user to the vboxusers group in the /etc/group file.  So type (as root):

gedit /etc/group

Add vboxusers:x:113:vbox to the file and save.

Once we have finished with Virtualbox it is time to set up our web server.  Since this is Linux we will be using Apache.  For details on how to set up a Linux web server follow this tutorial.

Now we need to download, install and configure phpvirtualbox.  The current release can be downloaded from the phpvirtualbox website.

I am assuming your downloads go to your Download folder.  If not replace Downloads with the location that the file was downloaded to.  Open up a terminal and type the following commands one at a time:

cd Downloads

cp -a phpvirtualbox-4.1.7 /var/www/phpvirtualbox

cd /var/www/phpvirtualbox

mv config.php-example config.php

It is now time to configure the config.php file so type:

sudo gedit config.php

——————————————————————————————————–

<?php
/**
* phpVirtualBox example configuration.
* @version $Id: config.php-example 366 2011-12-01 19:56:57Z imooreyahoo@gmail.com $
*
* rename to config.php and edit as needed.
*
*/
class phpVBoxConfig {

/* Username / Password for system user that runs VirtualBox */
var $username = ‘vbox’;
var $password = ‘*********’;

/* SOAP URL of vboxwebsrv (not phpVirtualBox’s URL) */
var $location = ‘http://127.0.0.1:18083/’;

/* Default language. See languages folder for more language options.
* Can also be changed in File -> Preferences -> Language in
* phpVirtualBox.
*/
var $language = ‘en’;

———————————————————————————————————-

Locate the username and password (BOLD above) and change the password to the one you created earlier.  Once done save and exit.

Now we need to make sure that Virtualbox can start at boot time and that means configuring init scripts.  Open up a terminal and type:

cd /etc/init.d

and then:

sudo touch /etc/init.d/vbox.start

Now we need to configure the file so type:

sudo gedit /etc/init.d/vbox.start

Copy /usr/bin/vboxwebsrv -b into the file.  Save and exit.

 

That is Virtualbox configured to start at boot time but we now have to enable it so type:

chmod +x /etc/init.d/vbox.start

followed by:

update-rc.d vbox.start defaults

Now it is time to reboot the server.  Once it has rebooted go to a web browser and point it to http://your_server_address/phpvirtualbox

You will now be able to manage all the virtual machines on the network from the comfort of your own chair.

About the Author

Hi I am Chris Wakefield the owner of ComTech IT Support. I provide Windows, Mac and Linux based IT Support to small businesses in and around Stirling.

 

How to connect FreeNAS to Active Directory


Today I will show you how to connect your FreeNAS server to Active Directory.  For the basis of this tutorial I will use Small Business Server 2011 as my primary DNS server on the network and a NAS box running FreeNAS 8.

First thing we need to do is configure the appropriate DNS record in Active Directory so on your primary DNS server (SBS2011 in my case) open up the DNS Management Console.  To do this go to:

Start – Administrative Tools – DNS (shown below)

Now we need to expand the dns zone (shown below) and then right click to add A New Host (A or AAAA) record.

Enter the hostname and ip address of your FreeNAS server (as shown below)

Then click add host and your FreeNAS server should now have an A record in DNS.

Now we need to access your FreeNAS server via the web interface so open up a browser and type the ip address of your FreeNAS server (as shown below).

We now have to add the ip address of the primary DNS server to the FreeNAS network configuration.  To do this go to:

Network – Global Configuration (shown below)

Enter the ip address of the primary DNS server (in my case 10.0.0.199) into the Nameserver 1 row and then click ok.

Next we need to configure the Active Directory settings so go to:

Services – Active Directory Settings (as shown below)

This should bring up the next box.

You need to enter your specific details which are relevant to your domain.  When you have finished click ok.  This will take you back to the Services screen where you need to turn the Active Directory Service ON.  Now restart the system.

Once restarted your FreeNAS server will be connected to your Active Directory domain and a computer account will be set up in Active Directory Users and Computers.

About the Author

P1020114

Hi I’m Chris Wakefield the owner of ComTech IT Support. I provide Windows, Mac and Linux based IT Support to small businesses in Stirling, Alloa and Falkirk.

Follow @Comtech247 on Twitter

 

Setting up a Print Server on Windows 7

Today we are going to share a printer on your network by turning a Windows 7 system into a print server.  For the basis of this tutorial I will assume that all the systems on your network are running Windows 7, that your network is called NETWORK1 and the Windows 7 print server is called WPS1.

On WPS1

The first thing to do is connect the system to the network and change the workgroup name to NETWORK1.  To do this go to:

Start – Right click on Computer – Properties


You will then get the following screen.

Click on change settings in the bottom right hand corner and change the Workgroup to NETWORK1.  You will have to restart your system for the changes to take effect.

Once restarted it is then time to share the printer.  Go to:

Start – Devices and Printers and locate your printer.

Once located right click and go to Printer Properties.  This will bring up the properties box for your printer.  Locate the Sharing tab and click on Change Sharing Options.

Now make sure the Share this printer box is ticked and add a name for the printer in the Share name box.  Once completed click on apply.  Your printer is now shared.

Only thing left to do now is to check that everyone on your network has the correct credentials to access this printer so click on the Security tab.  Once opened check that the Everyone group has the Allow permission to print.  Again once completed click on Apply.

Your print server is now fully functional.

Client PC’s

Go to Start – Devices and Printers and click on Add a printer.

When presented with the box shown above click Add a network, wireless or Bluetooth printer.  Windows 7 will now attempt to locate the networked printer.

When the networked printer is located click on next.  Windows 7 will now install the printer with the correct driver.  And that is it.

Word of warning here.  For your printer to be shared across the network your print server must be switched on.  If not the client computers will be unable to find it.  You can share your printer a different way by purchasing a dedicated print server (a little box which connects to your router) if you don’t want to have a computer on all the time.

About the Author

Hi I am Chris Wakefield the owner of ComTech IT Support. I provide Windows and Linux based IT Support, laptop repairs and computer repairs to both business and personal clients in and around Stirling.

For a list of what I can offer you why not visit my website www.comtech247.net where you will find a list of my services, testimonials, blog and much more.

 

 

 

How to set up a VPN Server on Windows Server 2008 R2


Today we are going to have a look at setting up a VPN server on Windows Server 2008 R2.  For anyone who would rather set one up on Windows 7 instead you can find the relevant tutorial by reading this blog.

For the purposes of this tutorial I will be using Windows Server 2008 R2 Standard with 2Gb of RAM and tw0 network cards hosted within Virtualbox.  I will assume that you have already installed Windows Server 2008 R2 within your existing network.

The first thing you need to do is add the Network Policy and Access role in Server Manager (as shown below).

On the next screen make sure that Routing and Remote Access Services, Remote Access Service and Routing are all ticked (shown below).

On the final page click install.

Once installed expand Network Policy and Access Services in Server Manager and right click on Routing and Remote Access to start the wizard.

On the Configuration page click on Remote Access.  On the Remote Access page which follows click on VPN.

On the VPN Connection page choose the network adapter which connects to the internet and click on next (for the purpose of this tutorial I will leave the ip address as dhcp but in real life you would set this as a static ip address).

On the following page you will be asked to specify how your vpn server will assign ip addresses to clients.  Unless you have some specific need for certain addresses then I would suggest you leave this as automatic.

Once your ip address assignment has been taken care of you will then be asked if you want to set up the vpn server to work with a Radius Server.  If you don’t have one on your network then choose no.

On the final page click finish and your vpn server will then be installed.  Don’t forget to set up port forwarding on your router or you will not be able to access your vpn server.

Only thing left to do is to check the configuration by trying to access your server by vpn. For guidance on how to set up a vpn connection on Windows 7 please refer to this blog.

About the Author

Hi I am Chris Wakefield the owner of ComTech IT Support. I provide Windows and Linux based IT Support, laptop repairs and computer repairs to both business and personal clients in and around Stirling.

For a list of what I can offer you why not visit my website www.comtech247.net where you will find a list of my services, testimonials, blog and much more.

 

How to transfer files over wi-fi to a Blackberry Playbook

I have been playing around with a Blackberry Playbook (no pun intended) recently to see what is the best way to access network shares and transfer files.  Today I will show you how to mount your Playbook as a network share on a Windows 7 system and transfer files to it.  This works for Workgroups only as I have not yet tried connecting a Playbook to Active Directory.

On the Playbook

  1. On the home screen tap on Settings (this is the grey cog on the top right hand corner of the screen).
  2. We need to jot down the ip address of the Playbook so tap on About – Network.  You should see the IPv4, IPv6 and MAC Address.  Write down the IPv4 address as we will need this later.
  3. Now in Settings scroll down the menu on the left until you come to Storage and Sharing and tap on it.  Locate Network Identification and tap on Properties.  This is where you enter details for the network so choose a name for your Playbook, enter the name of your Workgroup and a User name to access the Playbook when it is mounted.  Once done tap Back.
  4. Back on the Storage and Sharing screen make sure that File Sharing, Wi-Fi Sharing and Password Protect options are all set to on.
  5. Tap on Change Password to set a password to access the files when the Playbook is mounted.

Your Playbook is now correctly configured.  Now onto Windows 7.


On Windows 7

  1. Go to Start – Run and in the Open box type file://10.0.0.172 where 10.0.0.172 is the address of the Playbook on the network.
  2. A box should appear asking for network credentials.  Enter the username and password you set up earlier on the Playbook.
  3. Once accepted you will see two shared folders on the screen – certs and media.  All of your files will be in media.  You can now happily transfer files back and forth between your PC and your Playbook.

Update 22/03/12

If you just want to get data off the Playbook an easier way is to download an app called Wifi File Explorer.  Once downloaded and installed you can access the data through a web page!!

About the Author

Hi I am Chris Wakefield the owner of ComTech IT Support. I provide Windows and Linux based IT Support, laptop repairs and computer repairs to both business and personal clients in and around Stirling.

For a list of what I can offer you why not visit my website www.comtech247.net where you will find a list of my services, testimonials, blog and much more.

Mounting network shares in Linux

Today we are going to learn how to mount network shares using Linux.  There are two ways to do this, either manually or using the fstab file, and we shall cover both.  For this tutorial we will use the following:

Network share at 192.168.1.3/mnt/MyDisk1 which is mounted on a FreeNAS system (nfs)

Network share at 192.168.1.2/share which is on a Linux Mint 16 file server (samba)

Both shares will be accessed from a laptop running Linux Mint 16.


Manually

Lets take the FreeNAS nfs share first.  First thing to do is install the nfs package nfs-common.  Open up a terminal and type:

sudo apt-get install nfs-common

Enter your password when required.  Next thing type:

mount 192.168.1.3:/mnt/MyDisk1 /media/dev/MyDisk1

where:

192.168.1.3 is the ip address of the system where the share is mounted

/media/dev/MyDisk1 is the mount point where you want the share to be mounted

Now lets take a look at the Linux Mint 16 samba share.  Again we need to install the required samba packages so open up a terminal and type:

sudo apt-get install samba

Next type:

mount -t cifs //192.168.1.2/share /mnt -o username=user,password=pass

where:

user and pass are your login details

/mnt is the mount point on the local system

Using FStab

In a terminal type:

sudo nano /etc/fstab 

Add one of the following lines to the file depending on if you are using samba or nfs.

192.168.1.3:/mnt/MyDisk1 /media/dev/MyDisk1 nfs hard,intr 0 0 (NFS)

//192.168.1.2/share /media/dev2/Share cifs username=user,password=pass,user,rw,noatime 0 0 (SAMBA)

About the Author

P1020114

Hi I’m Chris Wakefield the owner of ComTech IT Support. I provide Windows, Mac and Linux based IT Support to small businesses in Stirling, Alloa and Falkirk.

Follow @Comtech247 on Twitter

 

 

How to set up a Windows network


Today we are going to learn how to set up a simple network using different versions of Windows.  This tutorial will use Windows 7 Home Premium and Windows XP Home Edition but works just as well on Vista.  We will share a folder from Windows XP to the Windows 7 machine but it works well the other way too.

On the XP Machine

Click on Start and locate My Computer.  Right click on My Computer and go to Properties.  Click on the Computer Name tab and find the change button which is situated next to “To rename this computer or join a workgroup, click Change”.  Click the button.  In Workgroup pick a name for your new network and click OK.

Next we want to share some files.  Best way to do this is to run the network wizard.  Locate the folder you want to share, for example My Documents, and right click.  Go to the sharing tab and locate Network sharing and Security.  Under Network Sharing and Security you will see the new network wizard.  Click on this and follow the instructions.  When completed restart the system.

Once restarted again locate the folder you want to share and right click.  Go to the sharing tab and you will see a box titled “Share this folder on the network”.  Check the box and give it a shared name.  If you want other users to change files in your folder check the box “Allow network users to change my files”.  That’s it for XP now onto Windows 7.

On The Windows 7 Machine

Go to Start and then right click on Computer.  Click on Properties and when the “View Basic Information about your Computer” screen appears click on change settings, which is located on the bottom right.  Locate “To rename this computer, click Change” and click change.  Add the network name you chose for the Windows XP machine under Workgroup and click OK.

Windows 7 will now attempt to find the network and when it does it will ask you if the network is Public, Home or Work.  If this is home network click Home and so forth.

Now to accessing the shared files.  Go to Start and right click on Computer.  Click on map network drive.  Browse for the shared folder on your XP machine and when located click finish.  The shared folder will come up as a network drive and can be accessed from going into Computer.

Word here about firewalls.  If you are using the inbuilt Windows firewalls you should have no problems as these open up the required ports to allow the computers to communicate.  If you are using a different firewall then either turn it off (not recommended unless you have a another firewall between the computers and your router) or manually open up the required ports. And that is it.

To share the files the other way round name your Windows 7 workgroup the same way you did in XP and then right click on the folder you want to share.  Click on share with and then go to specific people.  The operation for mapping the drive is exactly the same in XP.

About the Author

Hi I am Chris the owner of ComTech. I provide IT Support, Laptop repairs and Computer repairs to both personal and business clients in and around Stirling. For a list of what I can offer you why not visit my website www.comtech247.net where you will find my blog, testimonials, services and much more.  Start supporting a local business today so I can start supporting you.

If you found this blog useful then why not sign up to my RSS Feed for news, tutorials, views and general techie stuff!!

 

CyberChimps
Follow

Get every new post delivered to your Inbox

Join other followers

WordPress SEO fine-tune by Meta SEO Pack from Poradnik Webmastera
WP Like Button Plugin by Free WordPress Templates