Haven’t registered yet? Please do so now. www.thirdtier.net/registration Your registration fee includes a full day of training, lunch and an evening with Third Tier at the local pub. Space is limited so register today.

What do your wireless access point, a cable / DSL modem, and a VPN connection have in common? They can all be authenticated against a central user database such as Active Directory using RADIUS.  RADIUS is one of the least known / utilized methods of authentication available in Windows, but one of the most useful. The most common use for RADIUS in small business is to authenticate external users who want to connect to a company’s VPN appliance, enabling them to use the same username and password for their remote access as their AD logon, because everything, including their password, is tied back to their Active Directory account. Ever wonder how an ISP tracks who is connected to their network, or what speed internet service you purchased? In this session we will answer that question and more as we explore some of the various uses of RADIUS, ways you probably already interact with it (probably unknowingly),  and how you can take advantage of this very useful protocol to provide your clients with a simpler, more streamlined connection process, while actually making things easier to manage.

Remember, register to reserve your space. Last year we sold out. www.thirdtier.net/registration

—–
So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals.
Get Support Blog Twitter Facebook LinkedIN

There is a new Internet group making news for itself called LulzSec. The self proclaimed merry pranksters have brought forth a new level of hacking (PBS, Infragaurd) and lower targets such as websites aimed at “adult entertainment”. What makes these hackers different than other groups out there? They are in it for the “lulz”. They don’t care about who or what they do, as long as they find it funny.

Today they release a list of 25,000 email and password combinations from an adult website. Then using the power of Twitter, they convinced internet users worldwide to create havoc with the list. Many people are now logging into Hotmail, Gmail, and Facebook accounts with the username and passwords provided by LulzSec.

What does this mean to us as IT professionals? This is a good time to remind our clients and users of the importance of password policies. Not only password policies, but also “good password habits”. We too often focus on the basic IT mainline of password complexity, change your password ever X number of days, don’t use your relatives’ names. What are we forgetting when we educate our users on passwords and password polices?

As demonstrated today, password security goes beyond just having a complex password and changing it at a predetermined time. Password security is not using the same password on your work computer as your Facebook account. Use a different password for the different things you do in life. Internet banking, social networking, and your work accounts should all have passwords that are complex, and different from each other. Password reset questions should be carefully chosen, as demonstrated on how Sarah Palins Yahoo account was compromised. If it ask where you went to school, perhaps a nickname, or a street address would be a better choice instead of the name of the school.

Password security is a complex subject. If the CEO of the company uses the same password on Gmail as his work password, and Gmail is compromised, his companies network is now suspect. If the accountant uses their work email address for their Facebook account, and the password is the same as the Facebook password, the whole world could potentially have the accountants OWA password. This is the new age of social engineering. As IT professionals, we need to help educate our clients that they need to protect their networks from attacks like this. Remind them of the acceptable use agreements and that work email accounts should not be used for social networking sites. Inform them of the potential consequences of having the same password for ITunes, Facebook, and the work account.

The responsibility of password security is also on our hands. The ability of these email address and password being released was because the database was stored in clear text. Review your line of business applications. Make sure that you understand the database model and how it stores users and password. Make sure it is SSL secured. Disable SSL 2.0 on your public facing web servers. Verify that all security patches are applied to all applications, especially Internet facing applications. Sony’s database was compromised by a very simple SQL injection script.

This breech was done “for the LULZ”. Password security is not a funny thing. This hacking group has shown that they don’t care about anyone, and no site seems to be immune to their brand of hacking. What site will they hit next? Could it be Gmail of Facebook? Or some smaller site like your local Chamber Of Commerce? Do you use the same password when you registered at the local Chamber of Commerce site? If you did, do you know if they store that user/pass combination in clear text? Is their site secure against cross site scripting? Protect yourself, and your clients. Use strong, complex passwords that are different from each other. Don’t put yourself in a position where if your Twitter account is compromised, that now your Domain Admin password is published on the Internet for all to see.

Jeremy Anderson

__________

So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals like you.

www.thirdtier.net/support

Priceline works like most travel websites except that you name a price that you are willing to pay, the neighborhood you want to be in, the rating of the hotel and then you let Priceline select the hotel for you. It is a way for hotels to fill rooms, even if it’s at a discounted rate.

Naturally the website wants me to create an account and they also want me to select a secret question to which only I will know the answer. Here’s the first question in the list:

I simply laughed. Here is a legitimate website phishing. Were anyone to give them this information then it is very likely that who ever has access to it could log in all over the web as them. Raise of hands…how many of you use the same password on multiple websites? That’s right, almost everyone.

I sent it my findings to a couple of people. Steve Riley (Microsoft speaker, author, noted security guru and now Amazon Web Services employee) picked up the story for his blog. Gotta love the title.

http://stvrly.wordpress.com/2010/06/30/a-rant-in-which-i-heap-scorn-upon-priceline/

Be careful out there.

—
So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals.
Get Support Blog Twitter Facebook LinkedIN

Third Tier welcomes Team Bradley to our webinar series. Back in the day, smaller businesses were exempt from most regulation, but not in the new era of information security. Are you making the right recommendations to your clients? Do you need to get up to speed on the new regulations and laws that effect nearly every business? This webinar is for all of us that need to educate our clients on security and information privacy.

Join Team Bradley – Susan Bradley and Bradley Dinerman – from the hotbed states of California and Massachusetts, as they discuss the impact to small firms of recent privacy, security and disclosure legislation.  From PCI data security standards (DSS) to the Massachusetts data security law to the upcoming FCC "red flag" rules, they will discuss and answer your questions regarding security and compliance issues.  Come listen to what you need to do to be compliant, including taking steps such as the development of a written information security policy (WISP), implementation of encryption systems, firewalls, antimalware, employee training and much more.  We will even touch on the security of social networking sites and how they can affect your organization, for better or for worse.

Brad Dinerman is the founder and president of the National Information Security Group (NAISG, www.naisg.org) and the president of Fieldbrook Solutions LLC (www.fieldbrook.net), an IT, MIS and security consulting firm based in Ashland, MA.  He is a Certified Information Systems Security Professional (CISSP), a Microsoft MVP in Enterprise Security as well as a Microsoft Certified Systems Engineer (MCSE) and a Certified SonicWall Security Administrator.  He also earned a Ph.D. in physics from Boston College to help him calculate how long it would take to launch his frozen computer across the local highway.  Brad is a frequent contributor to various online TechTips sites and gives user group/conference presentations on topics ranging from spam and security solutions to Internet development techniques. He also published numerous articles in international physics journals in his earlier, scientific career.

Susan Bradley is frequent speaker at SMB conferences, most recently SMBnation East.  She writes the Patch Watch column for Brian Livingston’s Windows Secrets, and was one of the authors of Windows Server 2008 Security Resource kit, and Small Business Server 2008 Unleashed. In real life she’s the IT wrangler at her firm, Tamiyasu, Smith, Horn and Braun, where she manages a fleet of Windows Servers, an Exchange Server, desktops, a few Macs, several Windows mobile and iPhones and tries to keep patches up to date on all of them. In addition, she provides forensic computer investigations for the litigation consulting arm of the firm. She blogs at www.sbsdiva.com on the topics of small business server, tech topics and whatever she stumbled over that day.

Third Tier has invited you to attend an online meeting using
Microsoft Office Live Meeting.

https://www.livemeeting.com/cc/harborcomputerservices/join?id=968BJF&role=attend&pw=N%60%2Fm%3E_z6K

Meeting time: May 13, 2010 12:00 PM (EDT) 

Add to my Outlook Calendar:
https://www.livemeeting.com/cc/harborcomputerservices/meetingICS?id=968BJF&role=attend&pw=N%60%2Fm%3E_z6K&i=i.ics

The default Software Update settings in Snow Leopard will check in with the Apple update servers on a weekly basis, so within the next 5-7 days any Mac running Snow Leopard should notify its operator that new updates are available for download and installation. Users can check for this and other updates manually by selecting Software Updates from the Apple Menu on any Mac running OS 10.x.

A security update for Mac OS 10.5 was also released on Monday, and while it is not as large of an update as 10.6.3, it still addresses several significant security issues and should be installed on any 10.5 Macintosh as soon as possible.

Question: Disclaimer: When running image based backup solution and/or utilizing online backup services, be sure to either create a seperate volumn for WSUS content or exclude it from off-site backup if possible.

Answer: Excellent recommendation. Thanks!

Question: Are there any problems with XP SP3? Thanks.

Answer: Globally, I”m not aware of any. Have almost all of our customers up on XP SP3. There may be individual application issues, but not that I”m aware of.

Question: XP SP3 causes problems by switching off the TS ActiveX used for RWW but that has been blogged to death!

Answer: Correct, I don”t consciously think about that because it”s just automatic to fix. Thanks for the reminder.

Question: What is the best way to “Disable” WSUS?

Answer: Services – disable the WSUS service

Question: Is the specific service just the “Windows Update” service on the server? Are there any other ones?

Answer: That”s the one.

Question: Is the method used to relocate WSUS content on sbs 08 the same as prior versions?

Answer: No, There is a wizard in the SBS 2008 Console to move the WSUS data to different partitions.

Question: I called some of my LOB vendors and found out that one of them does not support downloading their program”s updates through IE8 yet. I”ve gotten into the habit of calling my main vendors or checking their FAQ before I roll anything out.

Answer: That”s an excellent suggestion. Thanks for sharing.

Question: WSUS 3.0 SP2 needs the new reportviewer. but… the viewer needs .net 3.5. How ugly is the .net install?

Answer: Test it first, but I haven”t had too many problems when doing the 3.5 install for my sites.

Question: Do you recommend partitioning SBS08.

Answer: yes minimum 2

Question: Is there going to be a WSUS 4.0 someday?

Answer: Someday, we don”t know when

Question: Because I have installed WSUS manually I have the Not Available in the Updates. I can go to the WSUS server via 8530 and I can go to the updates page but it does not show any updates. I do have all the products checked in the list and I am not downloading drivers but I still have problems not getting the green check mark. Good point about not unistalling. I did that and it messed it up a lot

Answer: susan provided a list of items that you need to include and point to the green check/blue check SBS blog post for the answer

Question: Can you speak to the relative importance of patching Microsoft products vs. third party products like Java, Adobe, Firefox, QuickTime, etc.? The focus seems always to be on Microsoft products, but many of the threats are coming from third-party products as well. How do you handle those?

Answer: VERY important to patch the 3rd party stuff. The bad guys are choosing to come in via 3rd party becasue MS is generally updated these days.

Question: Not a question, but a praise, I highly recommend SBS08 Unleashed; and I just posted a review on Amazon.

Answer: Thanks!

Question: is there a way we can submit our WSUS policy/procedures for a slap on the back or a slap on the head?Kevin royalty warned me about the 2×4.

Answer: you can contact Susan via her blog, or submit a ticket a Third Tier

Question: Is there a place that a new MSP can go to see historically what patches have caused problems? We are developing our patch management policy and have basically an enormous amount of patches to approve or deny to “catch up”. It would be great to have a publish list of patches that a low or high risk. Any resource available that you know of to help us out?

Answer: www.patchmanagement.org, but nobody keeps a “master database” of this information

—–

So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals.
Get Support Blog Twitter Facebook LinkedIN

Susan is world renown for her mastery of patching and the issues that occur. You won’t want to miss this session on how to manage WSUS and All The Gory Details.

So click the link below to block off next Thursday September 17th (Noon eastern) and we’ll see you then.

When: Thursday, Sep 17, 2009 12:00 PM (EDT)

Duration: 1:30 (presentation 1 hour, then Q&A)

Third Tier has invited you to attend an online meeting using

Microsoft Office Live Meeting.

https://www.livemeeting.com/cc/mvp/join?id=7R5BRQ&role=attend&pw=M%289zFMf48

Meeting time: Sep 17, 2009 12:00 PM (EDT) 

Add to my Outlook Calendar:

https://www.livemeeting.com/cc/mvp/meetingICS?id=7R5BRQ&role=attend&pw=M%289zFMf48&i=i.ics

—–

So who wrote this blog and what do they do for a living anyway?
We’re Third Tier. We provide advanced Third Tier support for IT Professionals.
Get Support Blog Twitter Facebook LinkedIN

5 Reasons to not Ignore Security

—
So who wrote this blog and what do they do for a living anyway?

We’re Third Tier. We provide advanced Third Tier support for IT Professionals.
Get Support Blog Twitter Facebook LinkedIN