Vol. 22, #18 - May 01, 2017 - Issue #1129

Image

Reader feedback: Reconsidering biometric security

 

What is SQL Server? 

Image

This white paper is a FREE self-study guide for learning SQL Server fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions provided in this white paper will give you a solid foundation for your future DBA expertise. Learn about the most common SQL Server services running under your OS, database types and their specific roles, transaction logging and maintaining SQL Server security.

Read Now.


Editor's Corner


This week's newsletter takes another look at issues surrounding biometric security by hearing some of the feedback we've received from readers concerning Issue #1127 Reconsidering biometric security. And be sure to check out our This Week's Tips section for a couple of problems readers have encountered upgrading their PCs to Windows 10 Creators Update and how they resolved the problems. We also have some other tips, tools, and other stuff to fill the vacuum in your brain that results from staring at a computer screen all day long (which is not as bad though as the vacuum that fills the brains of smartphone addicts).

We know of course that "nature abhors a vacuum" but besides the dangers of the vacuum of outer space there are other even more sinister things that can happen when you encounter a vacuum as this Dilbert comic illustrates:

http://www.wservernews.com/go/likn6pmg/


Ask Our Readers - Support for HP Home Server?

From a reader named Jack came the following request:

I am probably one of many who invested in the HP Home Server/Microsoft Home Server a few years ago because it was very easy to understand and use (for us, computer illiterates). Then all of a sudden support became almost non-existent, the non-existent. Not even HP who manufactured the hardware supports it even though it is still on their website with no working links of course and no support even when you ask them about it. When mine no longer backs up anything completely, I tried to use another server system and NAS system but totally at a lost. Do you have any ideas on where or if there are any sites that still have forums or help on the Home Server?

Can any readers help Jack with his request? Email your suggestions to us at wsn@mtit.com

Ask Our Readers: WServerNews has almost 100,000 subscribers worldwide. That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at wsn@mtit.com

And now on to some of the feedback we've received concerning biometric security…

Reader feedback: Reconsidering biometric security

A number of our readers have voiced some concerns about the value and/or integrity of biometrics as an authentication platform. Here in no particular order is a sampling of the feedback we've received on this subject:

Biometrics do have a fundamental flaw for some security uses -- you cannot directly revoke them i.e. you can't chop my finger off and give me a new one. So systems have to be developed to deal with this in a different way. Many years ago (~30) I had a customer who did fingerprint recognition and proudly told me that they could tell whether it was a live finger or a dead finger. Various sorts of biometric recognition are used in passports in Europe. The first one they introduced is facial recognition using your passport photograph. The problem is that I wear glasses and some machines tell you to take them off. My experience is that the UK electronic passport gates recognize me less than 20% of the time; with other countries I only have a small sample size, but Barcelona seems not to recognize many people at all, and with only one manual agent it took an hour to get through, but Finland surprisingly has worked every time. I heard, but can't verify, that at one point the machines (I won't name where) were only actually recognizing about 30% of the people they were letting through so people had the impression they worked, but they didn't really. My own experience of the fingerprint recognition on my Android phone is that it doesn't work for a couple of minutes after I have washed my hands and when I had been stacking bricks for a few hours, it would not recognize my finger for a week. This latter problem could be solved by using the separate, different, sub-cutaneous fingerprint, but that would be a more expensive scanner. One of the problems with biometrics is that the fundamental premise is based on probabilities, unlike the certainty with say a password or code, which either matches or does not match. And with probabilities, no matter how small, what do you do about a false negative? How do you prove you are who you say you are when "the computer says no"? I suspect the answer is to use multiple biometrics e.g. facial recognition and fingerprints. Facial recognition could be improved in stages by first using both a face on picture and a profile picture, making it harder to fake, and then eventually going to a 3D scan of the face. Maybe we will end up with two factor authentication -- biometrics and an implanted coded chip; after all, we insist that dogs and some other animals have implanted chips to travel internationally. -- Tony from the UK

I have been hospitalized in the last month with pulmonary embolus, doing well, but the close call with the "Grim Reaper" has made my manager at work ask the question "What if something happens to you?" As the lone IT guy, I have a password protected Word document of passwords for each website or application I access, but what if they could not get into my computer? Biometrics, especially voice recognition, would paralyze the organization due to lack of access to the "stuff" I find important. Not a great idea. I also noted that my health insurer is going the same way with biometric voice recognition. How would my survivors access my records? As it stands now, as long as they can get into my email account (or some web browser), they can access my information via my Norton Vault account, which fills in my account information and in you go. I understand the need to secure your devices, network, data, etc., but there has to be a workaround for some of this stuff. P.S. I have discovered that even within the same health organization, with massive amounts of information generated among many different health care providers, when I go to a different office my insurance card is requested (even if scanned into the system three times in fourteen days) and asked all kinds of questions that should be visible to the person looking at the computer screen. What happened to the "portability" promised when we went to electronic records for patients? They appear to be so secure as to be unusable! --David 

Hacking biometrics has been around since the advent of the solutions, and as with all authentication, hacks with varying degrees of complexity and rates of success have been spawned. My biggest concern with biometric authentication is a legal problem, not a technical one. If you use biometric technology to lock or unlock something, US law enforcement can legally force you to present your credential because it is something you are. They cannot force you to divulge a password/passcode/passphrase because it is protected by the Fourth and Fifth amendments. For this reason alone, something you know should be a foundational part of authenticating yourself to any system capable of accessing high worth assets without regard for what those assets might be. I attended a card issuer convention once where Bruce Schneier was speaking, and he had drawn the ire of many vendors at this conference by stating their card systems don't solve the authentication problem. Moreover, Bruce said authentication is the most challenging subject in all of security. How do I know you are who you claim to be? Impersonation is as old as humanity, and despite the best efforts of bright minds over millions of years, it remains the most difficult security problem to address. Even if we could test DNA directly in real time, someone would find a way to cause Type 1 and Type 2 errors in the system or create a "sample in the middle" attack, or... Build a system of rules, and those who do not wish to follow them will immediately focus on finding a way to subvert them. It is truly fundamentally human. --Lance, CISSP, PCIP

I am no expert, but to my view (I do have graduate degrees in biz, engineering and CS…), it boils down to this simple fact: Biometric datasets are NOT changeable like am ID/PW pair. They are forever (until the plastic surgeons develop the methods)….. Re-codable, yes, encryptable (god, I hope so), yes, hashable, yes, but unlike passwords and other even multifactor techniques, they are not resettable. So once "in the open" there is an intractable violation of personal data. Where does this leave us for the future of the ultimate security (and convenience) of Bio-signatures as we are clearly not able to, as a society, government or corporation, preserving personal security and data. My iris (or you name the bio-marker) may be unique, but will it remain UNKNOWN to the scam-o-sphere? Will it go for the same $1 that my VISA account info goes for on the Eastern European markets? I will tell you, as a special employee of the US Treasury Department, my entire personnel file was hacked about two years ago. ….And in it were my fingerprints (and a number of incredibly private things) -- in whatever hashed format they used (probably none, knowing the government). And for that violation I didn't even get a classic cheap Disneyland T-shirt…. Just a cold, anonymous apology from my government. Nice. So now my "unresetable" fingerprints are out there. My conclusion: you simply have to be nuts to give up any (ANY!) discretionary bio-ID info to any entity today. -- Erik from Seattle, USA

I think the wrong question is being asked. They question being asked is if we TRUST biometric systems and would we use them. I think the better question is: how do you authenticate users today and do you trust that? If today you are using simple username and password combinations. I would think that is a VERY circumventable mechanism, especially in a non-technical user group with low education where password are often on sticky under the keyboard. I doubt there is a perfect mechanism but biometrics is an option on the table. I wish that this technology was available, inexpensively to many more organizations. I am on the board of a local non-profit community association. Many years ago, they did some fund-raising to replace all the interior building door locks with pin-pad activated door handles. However, without good documentation and processes, the situation has degraded into a state where 3 codes are shared freely with whomever needs them. The idea was to eliminate the need to manage physical keys but I think we have a worse situation today. Frankly, I love TouchID, it allows me easy, quick, painless access to my technology without complexity and gives me a "better" level of security than a 4-digit pin lock. Yes, this email has jumped about from physical door locks to mobility and again, proof that authentication is MORE than something to protect a network or server. -- Eldon

Many years ago I worked for a company that was considering a wide array of biometrics for secured access, etc. Facilities and IT received tons of pushback from HR as there can be certain privacy and HIPAA requirements for some of the more intrusive biometric devices. For example, retina scans. You can learn a lot about a person from scanning his/her retina. And if you have a union workplace. Woah boy! Watch out for the pushback. -- Peter, IT Availability & Production Manager for a company in Maryland, USA

The question "Do I really want an absolute biometric identification of me?" Once you have such an ID it is unchangeable and valid till you die; remember it was developed to be that way! And once this basically analog reading is in digital form on a computer it can go anywhere without the holders or your knowledge or permission. -- Stuart


Send us your feedback

Got feedback about anything in this issue of WServerNews? Email us at wsn@mtit.com

Recommended for Learning

VIDEO: An overview of Windows Defender Advanced Threat Protection for Windows 10

Senior Windows Product Manager, Heike Ritter offers a cohesive overview of Windows Defender Advanced Threat Protection for Windows 10. This includes new capabilities with the Windows Creators Update for detecting, investigating and containing breaches such as in-memory attacks and Kernel exploits. See how Windows Defender Advanced Threat Protection works at scale to expose otherwise undetected threats; investigate and understand the scope of breaches and contain and respond to threats.

http://www.wservernews.com/go/g6mhfygi/

 

Microsoft Virtual Academy

Planning for a Security Incident

Are you ready for a security incident? Would you like to explore real-world enterprise security threats, from the perspective of the Microsoft Global Enterprise Incident Response and Recovery team? Join senior team members Chris Ard and Lesley Kipling for an in-depth look, based on actual experience, with examples and stories from the field. Learn what customers need to be doing now to prepare for an incident. Get an in-depth look at the paradigm shift from "Are we secure?" to "Are we ready?" Modules focus on the three pillars that make up the Microsoft Security Framework: "Protect," "Detect," and "Respond." Consider the best approach for response—before an incident occurs. Find out how to improve detection, use threat modeling to understand the risks, and much more.

http://www.wservernews.com/go/2qbr02rf/
  

Factoid of the Week

Before we examine the feedback we received from last week's factoid let's visit a couple of earlier factoids from our newsletter.

In Issue #1126 we asked "When was the last time you saw a phonebooth? And when was the last time you *used* a phonebooth?" Craig, a Business Manager from Australia, replied:

A few years ago I went on a charity motorbike ride through the south west corner of Australia. Being a large country with a small population, there are significant areas that don't have decent mobile -- sorry, cell coverage. One tiny little town that consisted of a hotel and about 10 houses was one such place. Not getting reception I asked the publican if there was somewhere in town where reception was better and he said yes. He pointed me to a landmark a few hundred metres -- sorry, yards, to the top of the hill and you can get reception from the towers in the next town. What was the landmark? A public telephone box. That's right -- the only place in town you can use your mobile phone was just outside the public phone box. Either somebody has a delicious sense of irony or they simply don't get the point of a mobile phone.

In Issue #1127 we asked "How do you usually respond when someone asks, How are you? Why do you respond that way?" A reader named Michael analyzed this as follows:

The response is culturally-biased. In the American South, this is social butter -- that is, it is meant to smooth the interactions between individuals. This isn't any different than the (truthful) cliché about southern waitresses calling their customers darling and honey and sweetie. It makes someone feel comfortable and at home. In the American South, if I go to a fast food restaurant where the order-taker is not polite -- I will either complain to the manager or walk out. However -- we don't really want to know how you are. It's just social butter. The cultural bias.

In the American North-East, no one cares. A waitress walks up and says "what you want?". In a fast food restaurant, the order-taker just stands there until you blurt your order. As someone from North Carolina, I think this is just rude. They obviously don't give a crap about the customer, except for their money. The cultural bias.

In center and eastern Europe, if you ask someone "how are you?" -- they will tell you. In detail. That is their cultural bias.

Generally speaking, I have found that, for all the countries I have visited, that saying "hi" or "hello" is far better than saying "hi, how are you?" or "howdy?".

Now let's move on. Last week's factoid and question was this: 

What was the most embarrassing thing you've ever seen yourself on a live TV show you were watching?

Some of the responses we received included the following:

On Fox9 Minneapolis/St Paul, weatherman Steve Fraizer was on air when he suddenly reached over his shoulder into the back of his suit and pulled out the hanger that his suit coat had been on. Another time, Steve Frazier was warning viewers how cold it was going to be and told everyone to be sure to cover their "cracks and crevices". This caused the anchors to absolutely lose control of their laughter. Steve had no clue and repeated the warning several times. -- Don

News coverage of the plane crash, Asiana Flight 214. When they announced the pilots: "Sum Ting Wong, Wi Tu Lo, Ho Lee Fuk, Bang Ding Ow…" -- another Don

Warren Beatty & Faye Dunaway at the 2017 Oscars -- Butch

Now let's move on to this week's factoid:

Fact: Canadians like myself have a reputation for being nice and polite. But just try saying something to us using a fake "Canadian accent" and you'll quickly raise our ire! Grrr…

Source: http://www.wservernews.com/go/89suyo4r/

Question: What might arouse a similar hostile response if someone from another country came to your own country and spoke with you? In other words, what word, phrase, or style of speaking would get an American / Brit / German / Aussie / etc VERY angry? :-)

Email your answer to us at: wsn@mtit.com

Until next week, 

Mitch Tulloch

 

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

GOT ADMIN TOOLS or other software/hardware you'd like to recommend? Email us at wsn@mtit.com

Free webinar course: Learn PowerShell, a FREE guide through PowerShell basics. Find out about specific PowerShell extensions for different platforms and get an overview of cmdlets.

http://www.wservernews.com/go/extn1tcd/

AquaSnap is a tiling windows manager for Windows that can make you more productive:

http://www.wservernews.com/go/cfbpm34j/

SPDocKit is a SharePoint administration tool that helps you create SharePoint documentation and analyze it according to best practices as well as manage permissions, enforce governance policies, monitor farm health, and more:

http://www.wservernews.com/go/9xsra2bs/

TidyTabs is a terrific tabbed windows manager for Windows that lets you tabbify everything:

http://www.wservernews.com/go/czldkug9/

 

This Week's Tips

GOT TIPS you'd like to share with other readers? Email us at wsn@mtit.com

Windows 10 Creators Update - Problem upgrading over wireless network

Sam Garcia emailed us a week ago describing problems he was having upgrading some Windows 10 computers to the Creators Update version:

[The upgrade] seems to disable the network card and/or wireless connection also. So far 10 computers are victims, 60 are good. The oldest ( 2012) are really hurting, Thanks for the rollback function, but not easy to use.

A week later I asked Sam for an update on his situation and he replied:

Upgrading using cable not wireless solved the problem. How about that?

Readers who are planning on performing the upgrade might want to take note of Sam's experience. Have any readers out there experienced something similar? Email us at wsn@mtit.com


Windows 10 Creators Update - Problem upgrading due to installed device drivers

Tom Philo emailed us two weeks ago about his experiences upgrading to Creators Update: 

Installed, via ISO, onto 3 year old Gateway with no issues. Cannot install on main desktop -- tried 3 times after removing peripherals, cleaning registry etc -- on my AMD system with it going into a hard wait at 14% install - requires hard reset then the resulting (after restore to prior Windows version) with the error message after logging back into my system "The installation failed in the SAFE_OS phase during APPLY_IMAGE operation" . Error logs give no clue what really was going on during that phase or what caused it to hang."

I pinged Tom a week later to see whether he had resolved his problem and he replied:

Windows 10 Creator's Upgrade success - on 4th try! I figured out what they really meant by driver updates in that error message and went through all 167 devices in my device driver list within the system, one at a time, right clicked on it and told it to update driver by searching online.

Nine devices had updates - one (or more) of which was preventing W10CE to be installed. The longest driver update was for the Logitech W310 Web camera -- took a minute. The others only took 20 seconds, including search time, or so to update. I am on FIOS 25 megabytes down per second, so real fast.

Only one driver update stated that the system required a reboot, I did the reboot, went through the final set of devices to check, rebooted and then it finally installed from the ISO I had already downloaded onto one of my drives.


Their suggestion of disconnecting devices is bogus -- since the drivers for any device is still in the system even if the external item is not connected -- it still exists. Reading that made me think of the system devise list and do check each driver one at a time to check for updates via that method.

Readers who are planning on performing the upgrade might want to take note of Tom's experience. Have any readers out there experienced something similar? Email us at wsn@mtit.com


Non-profit organizations (NPOs) - Get a donation of $5000 towards an Azure subscription

From a reader named Bob comes news that Microsoft has a $5000 donation to qualifying non-profits towards their annual Azure subscription. There's a link on the below page to TechSoup for a validation token so an NPO has to be registered on that site:

http://www.wservernews.com/go/jkgn6l1i/



Events Calendar

Microsoft Build in May 10-12, 2017 in Seattle, Washington.

http://www.wservernews.com/go/qb9opurg/

Microsoft Worldwide Partner Conference (WPC) on July 9-13, 2017 in Washington, D.C.

http://www.wservernews.com/go/rumh37uq/

Microsoft Ignite on September 25-29, 2017 in Orlando, Florida

http://www.wservernews.com/go/rw1hxlnp/

Add Your Event

PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 100,000 subscribers about? Contact info@techgenix.com

New on TechGenix.com

Keep those backdoors closed!

Whether you're dealing with hardware or software, as an administrator you need to be aware of potential backdoors and be sure you keep them firmly closed!

http://www.wservernews.com/go/wrj7tqr7/

Everything you need to know about Azure Search

Azure Search is a managed search feature from Microsoft that gives you complete control over what you want to display to users. Here's how to use it.

http://www.wservernews.com/go/bz64mlar/


Moving On to Hosted Exchange? Keep this Checklist Handy

Before the Exchange 2010 era, enterprises were not entirely convinced with the idea of Hosted Exchange.

http://www.wservernews.com/go/gxwa239a/


Citrix XenDesktop Essentials and XenApp Essentials now available in Azure marketplace

The Azure marketplace has welcomed two new Citrix products, XenApp Essentials and XenDesktop Essentials.

http://www.wservernews.com/go/oguh9zxz/


Top enterprise tech trends that should be on every CIO's radar

CIOs must identify the innovations that can help their origination achieve its IT goals. Here's a guide to the hottest strategic technology trends.

http://www.wservernews.com/go/hjv677u0/

 

Tech Briefing

Azure

Azure Template to deploy a forest with two domains, Part 3 - visualizing the template (Online memory of an Active Directory PFE)

http://www.wservernews.com/go/5tpd38bh/


Reduce running costs for your RDS Deployment in Azure using Auto-Scaling (Tip of the Day)

http://www.wservernews.com/go/t4cekhdo/

Citrix

Citrix to Help Move Windows 10 to the Cloud (myITforum)

http://www.wservernews.com/go/q05bbspn/

How to install and configure Citrix XenDesktop 7.12 with Windows Server 2016 hosts running on Microsoft Azure (RobinHobo)

http://www.wservernews.com/go/jfai9c9s/

DevOps

Automatically build and deploy ASP.NET Core projects to Azure App Services (The Visual Studio Blog)

http://www.wservernews.com/go/lw9wof0b/

Documentation in a DevOps World (Premier Developer)

http://www.wservernews.com/go/wmo7dy00/


Office 365

From Office 365 To Azure Machine Learning, These Five MVPs Share Their Insights (Microsoft MVP Award Program Blog) 

http://www.wservernews.com/go/pizei4cg/

10 time saving, productivity boosting Office tips for staff and students (Microsoft UK Schools blog)

http://www.wservernews.com/go/ynqaioxw/

PowerShell

PowerShell on Linux and Mac (Luís Henrique Demetrio)

http://www.wservernews.com/go/30jx2lv6/

PowerShell: How to add enhanced detection methods to deployment types (1705 TP) (Adam Meltzer's Configuration Manager Blog)

http://www.wservernews.com/go/59qyjhlh/

Other Articles of Interest

New tool translates Windows 10 Group Policy Objects into MDM policies

Windows 10 has a new migration tool that aims to provide organizations with a way to manage PCs more like mobile devices. Microsoft's new MDM Migration Analysis Tool (MMAT) can save IT admins a lot of work by inspecting an organization's Windows 10 GPOs and finding MDM policies that match. Learn more about this tool and what it has to offer.

http://www.wservernews.com/go/lgj74yjw/


NVIDIA, AMD, and Intel: How they do their GPU virtualization

With several companies now competing in the GPU market, use this resource to help compare vendors by taking a closer look at the features they offer, use cases for each and the approach they take to GPU virtualization.

http://www.wservernews.com/go/632nwh28/


How to craft the best mobile strategies for business

In today's mobile centric world, employees expect anytime, anywhere access to data and applications -from any device. Enterprises are faced with crafting EMM strategies that meet the flexibility needs of their workforce, while also keeping security and cost under control. Access this tip, for a few guidelines to optimize mobility for specific settings.

http://www.wservernews.com/go/iylh9prr/


Four questions to ask before choosing virtual or web-based apps

When it comes to delivering applications to end users, it can be difficult to choose between virtual or web-based apps. IT admins should be asking these 4 important questions about their networks, users, and applications before making a decision.

http://www.wservernews.com/go/n7r1zpq5/

 

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at wsn@mtit.com

Image

Personal Electric Seaplane By Google Co-Founder Larry Page

The Kitty Hawk Flyer, which is backed by Google co-founder Larry Page, does not require a pilot's license.  You can learn to fly it in minutes:

http://www.wservernews.com/go/xr7kne5m/


Extremely Low Flying Su-37 Jet

An extremely low flying Russian Su-37 jet - with an ending that will surprise you:

http://www.wservernews.com/go/wam1ky6g/


World's First Electric Vertical Takeoff And Landing Jet Completes Maiden Flight

Lilium Aviation from Munich, Germany successfully completed the first test flight of its all-electric, two-seater, vertical take-off and landing (VTOL) aircraft prototype:

http://www.wservernews.com/go/fn1fkohq/


Climbing A Dam In A Land Rover

Richard Hammond has to climb Claerwen dam in a sixty four year old Land Rover. Can he do it?

http://www.wservernews.com/go/emtycghx/

 

WServerNews - Product of the Week

What is SQL Server? 

Image

This white paper is a FREE self-study guide for learning SQL Server fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions provided in this white paper will give you a solid foundation for your future DBA expertise. Learn about the most common SQL Server services running under your OS, database types and their specific roles, transaction logging and maintaining SQL Server security.

Read Now.

WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his  outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.

Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.