rb|it : blog: March 2009

March 2009

March 24, 2009

The good, the bad and the ugly

More of a news round up this week than a monologue, three things that have caught my eye over the last seven days.

The Good
Earlier this month HP launched a babysitting service for SMB's called 'Insight Remote Support'. It's available to anyone with valid warranty or Carepaq on a Proliant Server (bar the ultra low end 100 series), BladeSystem chassis and Proliant Blade Servers, and the StorageWorks EVA midrange disk arrays. All you need to do is install the agent from the HP site and they will monitor your server for you, making sure it all works, warning you of impending failure, and even ordering spare parts to replace faulty components and dispatching them with an engineer to fit them. When 90% of of HP's SMB customer base is worried about unplanned downtime it will be a shot in the arm and potentially a huge money saver. For more info see http://h18006.www1.hp.com/products/servers/management/insight-remote-support/overview.html

The Bad
In October last year I blogged about using the 'inurl' switch in Google to exclude unwanted domains from your search results. Having recently reviewed this I found some interesting things I either missed last time, or have changed. Firstly, the Google page on Advanced Search Operators does not state that you can use the inurl switch with the minus operand to exclude words from a URL. Secondly, there is apparently a restriction on how many words you can enter into a query (32 words), which restricts the amount of domains you can exclude using this switch. Lastly, I have seen in some search results that addition of an inurl switch actually increased the result count! Whether this is an attempt to discourage use of this switch I can't say, but it certainly isn't encouraging. The switch still appears to have the desired result though.

The Ugly
A new(ish) development in network security is the compromise not of home PC's, but home routers. A worm called "psyb0t" has been detected in the wild by a research group DroneBL, and is estimated to have infected at least 80,000 hosts. Until now, 'botnets' have been made up of PC's with broadband connections that are infected with a virus or worm, the weakness of this method being that the malware is potentially detectable on the PC by the user. However, compromising the router (which the user knows almost nothing about) is a far more stealthy method of infection. This worm appears to have been deactivated by it's author, and possibly the result of a research exercise (though still illegal). However, now the concept has proven to be successful it no doubt adds another weapon to the arsenal of the bot herder. I would strongly advise all of those who can to check that their DSL or cable router has remote management (whether that be web interface, ssh or telnet) disabled on the internet interface. If you must allow remote mangement, at least restrict those IP's that can access it, and use strong passwords.

24 Mar 2009 14:24:53 | Manager, Security, Web/Tech

March 18, 2009

Open Source Issue Tracking

Customer Retention
Almost any company providing a product or service receives issues or problems from their customers. They might come in by email, by phone, or even by post, but those issues need to be addressed, and the process for doing that can be problematic. In many smaller companies there is no software system (or even process) for dealing with these issues, and customer satisfaction suffers as a result. Several articles recently have identified customer retention as a key survival tool in a recession. Those who provide good customer service will be seen as ‘high value’ providers, and those who fail to deal with customer issues will lose customers to their competitors.

You get what you pay for
In the past, ‘Helpdesk’ or ‘Issue Tracking’ systems have been very much a case of ‘you get what you pay for’. The lower priced systems were simple at best and lacked critical functionality (like automated issue logging from email), and the better systems were expensive, often beyond the budget of SME’s. There is an alternative though, and it looks very promising. rb|it-Consulting has recently been evaluating the latest version of OTRS (short for ‘Open-source Ticket Request System’), and is now adopting it as a Helpdesk and Issue Tracking System.

The good news
The software is entirely open source and free, runs on Microsoft Windows and UNIX/Linux and comes complete with all the required packages. The installation is simple and works on both Windows Server and Small Business Server 2003 (the latter requires a tweak to the installation to avoid clashing with IIS). The end result is a web based system which works in all browsers (including mobile devices), which can be integrated with your chosen email system (whatever that may be), and provides an effective and powerful tool for tracking issues from receipt to conclusion.

Features

Automated incident logging via email
Automatic email notification to customers and staff of changes to issue
Full function web based console for agents and customers
Built-in escalation of issues and other time based functions
Calendar support (to define working hours and days)
Service and SLA Support
Extensively customisable via the web interface

The default installation would require minimal configuration for a simple setup, but the benefits are potentially huge. Your customers would immediately know that their issue had been received and have a unique reference for their problem, and can log into a web interface to check or update their issue. Your staff can see all the outstanding issues, prioritise them, see which were overdue a response and can assign them to whoever in the organisation (or outside it) is responsible for fixing it. Take a look at the demo version (see http://www.otrs.org/demo/ for details) and try it out for yourself, I think you’ll find a free, powerful and easy to use system which will make your customers happy, and your Financial Director even happier.

Richard Bartlett offers IT consultancy services through his company rb|it-Consulting. Contact him by email richard@rbit-consulting.com or visit his website at http://www.rbit-consulting.com

18 Mar 2009 09:07:27 | Applications, Manager, Web/Tech

March 11, 2009

IT Support: money for old rope?

Paying for IT Support is like paying for garage services, or an electrician. It's magic, you don't understand it, and there is the potential for you to be charged for things you didn't need. So how do you make sure you're getting value for money?

Buying IT Support

Stabilise your network. Before investing in an IT Support service, get your network stabilised. A ‘one off’ network audit/health check and resolution of all current issues will pay back within a year.
Measure your demand. Monitor how many technical problems you have (whether user problems or actual system failures) over a fixed period of at least a month. Decide how important each system is, and what the impact of a system failure would be.
Fix your budget. At the moment this will be a ball park, and defined mostly by existing expenditure or cash flow restrictions.
Tender. Clearly state what service you are looking for, the number and type of systems and the necessary response/fix times as appropriate. Use your contacts to get recommendations, and Google to identify potential suppliers. Ask for and talk to reference customers, and check the contract thoroughly to make sure the service is clearly defined.
Monitor. Make sure any ‘SLA’ or response time in the contract is adhered to. Talk to your staff to see if they feel the supplier is responsive and helpful. If the company doesn’t perform, use the contract as leverage to make sure they do; and don’t be afraid to drop a poorly performing supplier.

Caveats

Avoid up-selling. Ideally, separate your IT Support supplier and IT Hardware/Software supplier to avoid the potential for ‘up-selling’ you hardware on the back of a system failure.
Buy hardware with a manufacturers 3 year warranty, fixing your hardware support costs for three years. All you should pay for now is small labour charges per fault.
Only pay once. If you are paying a charge per call (or per visit), and a problem recurs, say when you report it the second time that you’ve already paid for this to be fixed once, and you don’t expect to pay again unless you caused it to recur.
Charges for anti-virus definition and patch updates. Some things shouldn’t be charged for, and anti-virus definition updates and Microsoft patches are two examples. Both are built into the respective software, and designed to run without intervention, so don’t pay a company to do this for you every month.

Follow these steps, you should find your IT Support provider is a real asset to your company, rather than a drain on your budget!

11 Mar 2009 11:18:32 | Manager

March 03, 2009

The importance of Safe Hex

Computer security is a constant battle, and one which you can only fight, but never really expect to win. As one threat recedes, a new threat appears, like the new malicious applications using Facebook to attack users.

So how can the average user protect themselves against these attacks?

For the technically minded, the list is well known (anti-virus, intrusion detection, firewalls, acceptable use policies etc.)

For the average user it's a bit trickier though, how are you supposed to defend against hackers who know much more about your computer than you do? It's actually quite simple though, if you draw parallels with everyday life.

Files = Food for your computer
Think of anything you download or are sent via email as food, and your computer as you.
- Would you pickup food off the floor just because it was free? No, so imagine bittorrent downloads and other illegal download sites the same way.
- Would you drink an unidentified bottle of liquid sent to you through the post? No, so imagine unsolicited email attachments as that suspicious bottle and let your IT person deal with it.
- The basic rule, if you don't know what it is or where it came from, don't put it in your body!

Your computer = your house
People think of their computer as just a tool, like a screwdriver or a drill, and are often quite careless with it. Instead, imagine your computer as the 'home' of your data, and secure it accordingly.
- Make sure you have a good key to your house (a password) and look after that key.
- Don’t lose or give away your key, and if you think someone has your key, change the locks!
- Make sure you keep it locked (CTRL-ALT-DEL and ‘Lock this computer’ in Vista) when you’re away, so no-one can just wander in and look around.
- Don’t store stolen property in your house, or let anyone else do the same (keep illegal downloads off your computer).
- Have a secure fence around your house to secure it, and a burglar alarm to warn you if someone invades your house (run a good anti-virus application on your PC and a PC firewall).

If you remember these simple parallels, and treat your computer accordingly, you'll be protecting yourself from all the unpleasant things that can happen if your computer is compromised (loss of access to data, unexpected credit card transactions or complete identity theft).

3 Mar 2009 09:35:00 | Security

rb|it : blog

RG Bartlett IT Services techblog.