Vol. 20, #5 - February 2, 2015 - Issue #1015
- Editor's Corner
- Save These Electrons! - Hard drive reliability across different vendors
- From the Mailbag
- Soft protection
- Tip of the Week: Dealing with the coming leap second
- Recommended for Learning
- Microsoft Virtual Academy
- Quote of the Week
- Admin Toolbox
- Admin Tools We Think You Shouldn't Be Without
- Events Calendar
- Webcast Calendar
- Register for Webcasts
- Tech Briefing
- Enterprise IT
- Microsoft Azure
- SharePoint, Exchange and Office
- Recommended TechGenix Articles
- Recommended articles from websites in TechGenix Network
- Windows Server News
- Cloud's evolution opens a 'Pandora's Box' of new apps
- Advantages and limitations of hyperconverged products
- Which shops shouldn't do DaaS
- Mac activity Monitor is similar to Windows Task Manager
- WServerNews FAVE Links
- Amazing Rally Driving By Roger Kubica At Rallye Monte Carlo
- Infinity Paperplane
- How To Free Yourself From Duct Tape
- Funny Moments With Cats
- WServerNews - Product of the Week
- Deep Packet Inspection for Quality of Experience Monitoring
- SAVE THIS NEWSLETTER so you can refer back to it later for helpful tips, tools and resources!
- FORWARD THIS NEWSLETTER to a colleague who you think might find it useful!
- SEND YOUR FEEDBACK to [email protected] if you have any comments or suggestions!
This week's newsletter is all about the "soft" side of protecting your information systems and data. As IT professionals we're familiar with the "hard" side of information security--hardening your network against attack using firewalls and antivirus software, using Group Policy to lock things down, encrypting data, and so on. But what about the soft side? Your organization's written security policy is just as important as your firewall, and having cyber insurance in place may be just as necessary as encrypting your sensitive business data. So in this issue we'll point you to a few resources that might help you improve the soft part of your protection strategy, and hopefully you reading this issue will be able to suggest some other resources we can share with the worldwide community of readers of our newsletter.
Speaking of "soft" though, did you know rubbing the soft underbelly of a cat can help lower high blood pressure? Check it out in this classic Dilbert comic strip:
BONUS: Here's another Dilbert comic that follows along a similar theme as the one above but is a little more risqué so be forewarned:
Save These Electrons! - Hard drive reliability across different vendors
Here's some info you might want to bookmark for your next round of hard drive procurement:
What is the Best Hard Drive? (BackBlaze)
Check out the graph titled "Hard Drive Annual Failure Rate" in this article as it tells you which vendors and capacities you might want to avoid.
Ask Our Readers: WServerNews has almost 100,000 subscribers worldwide. That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at [email protected]
From the Mailbag
In Issue #1014 Key Considerations for Upgrades, we talked about some of the things you need to think about before you upgrade your server infrastructure to the latest version of Windows Server. Of course we didn't cover everything, and we expected some of our readers to weigh in with some suggestions about other things you need to consider before embarking on your upgrade. One reader named Quentin was particular helpful in his observations:
I forget when I first subscribed, but congratulations on over 1000 issues.
Anyway, it's a long time since I last wrote but I'm now writing about your 'Key considerations for upgrades' article. I believe you have omitted two fundamental related issues: the business case and the audit or asset management. A large-scale upgrade is seldom a technical decision; rather, the IT staff must make the business case - improved uptime, resilience, reduced headcount, reduced power usage through increased virtualization etc - and show that there is a business benefit to the proposed upgrade. You sort of touch on the audit and asset management issue but it is crucial: you need to know the hardware cost of the proposed upgrade, and to know that, you need to know what you are going to keep, upgrade, have to replace, and what you are going to consolidate. I remember one client where in 2007 they were only then upgrading from Windows NT 4 - server and client. There had been no business case for upgrading, so they didn't.
Something else to consider is the client-side impact of the impact. To think that you're only upgrading the infrastructure so there should be no impact is IME a big mistake. Yes, your business-critical servers may be clustered and you can upgrade each node in turn, and VMs can be moved from old hardware to new, etc, but what if the upgraded server software requires upgraded client software? Rolled out to thousands of desktops? This also applies to DNS / IP address updates. That said, I was involved in a project that had a 40% client failure rate at that site, each failure requiring the personal attention of a technician, and resulting in several days of severe disruption for the client, yet the client looked back on it as a great success.
Great points, thanks!
Also last week in the Tip of the Week section we talked about RMAing defective hardware. Of course, before you RMA something defective you need to weigh the cost of the time involved in the process. Here's a comment from a reader named Kevin:
It would be nice if companies looked at the cost of their product before deciding how to RMA their products and after how much support. A couple of months ago I spent several hours with tech support to replace a dead Google Chromecast. A $35 part. I spent less time with support replacing a dead Google search server. A $65,000 part. Same thing with a roku sick I bought. The remote didn't work. I spent at least 5 hours working with support before they sent me a new one.
And now on to the main topic of this week's issue...
The nice thing about soft protection is that you don't need to keep constantly learning new stuff the way you need to do with hard protection. The not nice thing about soft protection though is whether it's worth the time and cost you invest in it.
Take an intrusion detection device (IDS) for example. Network appliances typically have a lifetime of 5-10 years before they become obsolete and need upgrading or replacement. They also need some deep technical learning to be able to use effectively. As IPv6 becomes more widely adopted in enterprise environments, legacy IDS appliances with limited or no support for IPv6 scanning will need to be replaced soon. That's going to cost money, and you also need to cost out the training your network engineers will need to become as familiar with IPv6 as they are knowledgeable about IPv4. But in the end you should be able to easily justify the costs involved since you know an IDS can provide real value in safeguarding your network.
On the other hand, once you've created a written information security policy for your organization, you can pretty much leave it alone. It's a good idea of course to review your policy periodically--say once a year--to ensure the processes and practices outlined in it are still applicable and relevant for your organization. But when you examine all the many hours of assessments, proposals, meetings, drafts, re-drafts, and so on that typically go into crafting a security policy, you might ask yourself was the cost and effort really worth it? Does the document we produce have any real value? After all, an IDS keeps monitoring your network while everyone is asleep, but a security policy is only effective when everyone in your organization is awake and fully alert and deeply aware of the possible consequences of violating the company security policy.
Soft protection is nonetheless just as important as the hard protection your company uses to protect its information assets. It may even be more important since a key way that breaches occur is by social engineering attacks. Let's look at some resources you can use to help understand the importance of two areas of soft protection--security policies and cyber insurance--and how to implement them effectively.
Resources on security policies
First here are some helpful resources on crafting security policies:
How to Write a Security Policy (ISACA)
Information Security Policy - Sample (PDF) (ISACA)
Writing an Effective Security Policy (WindowSecurity.com)
Building and Implementing a Successful Information Security Policy (PDF) (WindowSecurity.com)
Information Security Policy Templates (SANS Institute)
How to write a security policy your users will read (and follow) (ITWorld)
VIDEO: How to Write an Information Security Policy in 5 Minutes (YouTube)
Resources on cyber insurance
Next let's look at some resources on the need for cyber insurance, which is somewhat timely given what recently happened to Sony Corporation:
Sony Hack Reveals Need for Business, Government to Collaborate on Cyber Issues (Insurance Journal)
Sony Hack Shows Need For Cyber Coverage On Many Fronts (Law360)
Sony hack serves as wake-up call, boosts interest in cyber security protocol (Business Insurance)
Here's how insurance will respond to the Sony cyber hack (Insurance Business America)
Early observations concerning the Sony hack and cyberliability insurance (Cyber Risk Network)
5 Reasons You Should Have Cyber Liability Insurance (Inc)
An introduction to cyber liability insurance cover (ComputerWeekly)
Cybersecurity Insurance (US Homeland Security)
Demand for cyber insurance in Europe increases (GR)
Incentives and barriers of the cyber insurance market in Europe (ENISA)
Send us feedback
Email us at [email protected] if you have any more resources to suggest in either of these two areas and we'll include your suggestions in the Mailbag of a future issue of this newsletter. And don't forget to SAVE THIS NEWSLETTER so you can refer back to it later for helpful tips, tools and resources!
Tip of the Week - Dealing with the coming leap second
A leap second will be added at 23:59:60 at the end of June 30, 2015.
Should Windows Server admins be concerned?
The answer can be found in this blog post:
So probably no worries for most of us--whew!
GOT TIPS you'd like to share with other readers? Email us at [email protected]
Recommended for Learning
Do you work with Microsoft Exchange Server? Have you deployed it in your environment? Or are you planning on doing so? Check out the Exchange Server books and ebooks lineup from Microsoft Press:
Microsoft Virtual Academy
Some announcements from the Microsoft Virtual Academy:
On-demand: Windows 10 Technical Preview Fundamentals for IT Pros
If you want a sneak peak at Windows 10, you'll want to watch this on-demand course. Leading experts Simon May and Michael Niehaus, along with lead Product Managers, explore improvements to help you meet your enterprise IT and security challenges. View the course here:
Get a free Second Shot on your MCP exam
Welcome to 2015! Have you set your sights on achieving a new Microsoft certification this year? Here's some good news. The very popular "Second Shot" offer is back! Between January 5 and May 31, 2015, take any Microsoft Certified Professional (MCP) or Microsoft Dynamics exam, and get a free Second Shot if you fail the first take. Find out how you can take advantage of this offer here:
Quote of the Week"Get your VCRs ready cuz we got what you need!!" --Ice-T, from the movie Johnny Mnemonic
Until next week,
Note to subscribers: If for some reason you don’t receive your weekly issue of this newsletter, please notify us at [email protected] and we’ll try to troubleshoot things from our end.
Automate Office 365 message tracking log generation for free with Promodag StoreLog v4. Archive the logs and easily use the data to analyze email traffic for reporting whenever you want.
Need to mount a tablet under a cabinet or shelf? Try this from Belkin:
AutoAdministrator is a free tool that allows you to automate all kinds of system administration tasks with an easy-to-use GUI:
Format Factory is a multifunctional media converter:
AmericasConvergence 2014 on March 16-19 in Atlanta, Georgia, USA
Microsoft Ignite on May 4-8, 2015 in Chicago, Illinois, USA
Add your event
PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 95,000 subscribers about? Contact [email protected]
Register for Webcasts
Add your Webcast
PLANNING A WEBCAST you'd like to tell our subscribers about? Contact [email protected]
Group Policy: Creating a New Policy Linked Directly To Its OU (CanITPro)
Addressing Shadow IT Via Enabling Azure Active Directory Services (CanITPro)
How to Successfully Create a Hyper-V Cluster Using Virtual Machine Manager (Part 1) (WindowsNetworking.com)
Deep Dive into Hyper-V Network Virtualization (Part 5) (VirtualizationAdmin.com)
Persisting connections to Microsoft Azure Files (Microsoft Azure Storage Team Blog)
Azure Virtual Networks and Cloud Services (Part 1) (CloudComputingAdmin.com)
Windows Server 2012 IP Address Management (WindowsNetworking.com)
Tips and Tricks for Network Users (WindowsNetworking.com)
SharePoint, Exchange and Office16 Tips to Optimize Exchange 2013 (Part 1) (MSExchange.org)
Product Review: UnitySync
Cloud Security: You Can Never Stand Still
Getting Started with AWS (Part 3)
Installing and Configuring Citrix XenApp/XenDesktop 7.6 (Part 1)
Tips to Maintain Your Wi-Fi network
Exchange Online Protection Conditional Mail Routing
Cloud's evolution opens a 'Pandora's Box' of new apps
More and more applications are coming into play as the cloud continues to evolve and change. Discover what new apps, such as Big Data analytics and HPC, mean for the cloud's future and performance, and learn how these advancements will impact your cloud initiatives.
Advantages and limitations of hyperconverged products
While a hyperconverged infrastructure has undeniable advantages and benefits for virtual data centers, it still may not work cohesively with every business. Using this in-depth resource, uncover these advantages, as well as the limitations, of hyperconverged products, and determine if they are the right fit for your business.
Which shops shouldn't do DaaS
For all of its advantages, DaaS still isn't right for every business due to numerous factors, such as potential bandwidth limitations and performance challenges in certain circumstances. Discover if your business meets the criteria for a successful DaaS strategy today.
Mac activity Monitor is similar to Windows Task Manager
Windows users head straight to the Task Manager when problems arise, but where do Mac users go? Apple's operating system has something comparable to the Windows Task Manager called the Mac Activity Monitor utility. Learn how to utilize Mac Activity Monitor today to easily filter views of system activity and diagnose performance problems.
This Week's Links We Like. Tips, Hints And Fun Stuff
GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]
Amazing Rally Driving By Roger Kubica At Rallye Monte Carlo
Former Formula 1 driver Robert Kubica testing out the damper setup on his Ford Fiesta WRC car before the upcoming Monte Carlo Rally:
Something you can do when you are bored. Click Replay to see how it is done:
How To Free Yourself From Duct Tape
Learn the simple CIA trick for escaping duct tape bonds around your wrists:
Funny Moments With Cats
Funny moments with cats - featuring some of the most famous YouTube felines:
WServerNews - Editors
Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.
Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.