Vol. 22, #43 - October 23, 2017 - Issue #1154

WServerNews: Do I Really Need a Network Security Policy?

Free Tool: Permissions Analyzer for Active Directory 

Image

SolarWinds® Permissions Analyzer for Active Directory™ gives you instant visibility into user and group permissions and a complete hierarchical view of the effective permissions and access rights for a specific NTFS file folder or share drive – all from a user friendly desktop dashboard.  Browse permissions by group or individual user, and analyze user permissions based on group membership combined with specific permissions.  Unravel a tangled mess of file permissions: network share, folder, Active Directory, inherent, explicit, calculated and more.

Download the Free Permissions Analyzer Tool Today. 


Editor's Corner

  • SAVE THIS NEWSLETTER so you can refer back to it later for helpful tips, tools and resources!
  • SEND YOUR FEEDBACK to [email protected] if you have any comments or suggestions!

This week's newsletter is all about whether or not companies, even small businesses, should have a network security policy in place. To enlighten us about this subject we welcome Chris Brandow, a Partner and Founder of Invision, a company that provides IT solutions and support for businesses in the Kansas City metro area of the USA. We also have various tips, news items, and fun stuff as usual, including a HOT TIP from a reader about how you can deal with distractions in your workplace.

Anyways, life as usual, yeah, that's certainly what we try to be about here at the Editorial Desk of WServerNews. We know what our subscribers want so we keep on delivering it week in week out. A lot of companies can succeed in the long run by simply doing "business as usual" but as this Dilbert comic illustrates sometimes it can be a bit too much:

http://www.wservernews.com/go/0057a98t/

 

Coming up this week in FitITproNews

Should you focus on building muscle or losing weight? Is it best to do resistance training or cardio? In this week's issue of FitITproNews your Fit Editor talks about how you can get the best of both worlds by doing full-body resistance training 5 days a week and then either rest or do legs only for the remaining 2 days. Read it when it arrives in your inbox on Wednesday!

Ask Our Readers: WServerNews now has over 220,000 subscribers worldwide! That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at [email protected]

And now on to our guest editorial for this week's newsletter...

 

Do I Really Need a Network Security Policy?

What is a Network Security Policy (NSP)?

Generally, the NSP is a document or set of documents that explain the accepted use of, protection of and consequences for abusing the Information Technology assets at the organization. This set of evolving documents should be visited periodically and updated per technology changes and employee requirements. Sub-topics in this Top-Level policy might include Acceptable Use Policy, Computer Use Policy, Internal Access Policy, External Access Policy, Mobile Device Policy, etc.

Do I need a Network Security Policy?

Even a small company should have some guidelines of expectations for the network and resources. Those expectations are in regards to the managers, employees and even outside vendors that have access to those resources. They may not all have the same guidelines, but they should all be defined for what is and what is not acceptable use. What should be protected and how. It should define the consequences for ignoring the guidelines, and what to do in case of a data breach.

But we are a Small Company. Is it really necessary?

Every company has digital assets. Defining yours and then setting up a plan to protect those assets is in your best interest. Even if you don't have an internal IT department, consult with your outsourced IT management company to help you develop a policy. Trust this, someone somewhere wants what you have. What are you doing to prevent them from stealing it?

OK, you've convinced me, what should I do now?

Now that you realize you need a NSP, where do you begin? There are many guides online that can help you with a starting place. Determining what kind(s) of policies you might need is the first step. The AUP, Acceptable, or Appropriate Use Policy is generally a good cornerstone. This will spell out what the users of your network can and shouldn't do with the network resources. It should be as explicit as possible to prevent misinterpreted guidelines.

You mentioned enforcement?

As part of the guidelines, determining the appropriate level of disciplinary action against abusers is vital to the policy. It should be spelled out and enforced when abuse happens. After all, this is your company's data and infrastructure we are talking about. If it were gone, would your business survive? That's serious and should be enforced as such.

Additional resources

Check out these resources for more information on Network Security Policies

Network Security Concepts and Policies (Cisco Press)

http://www.wservernews.com/go/lxt8ig3q/

Seven elements of highly effective security policies (ZDNet)

http://www.wservernews.com/go/ven64emr/

How to develop a Network Security Policy (TechGenix)

http://www.wservernews.com/go/12ppaes9/

About Chris Brandow

Chris Brandow has been working with computers since 1987 and as a network administrator since 1993. From December 1993 to December 1996, he was the network administrator for the #1 communications software developer in the world, Datastorm Technologies, Inc. In December 1996, Chris began his consulting career in the Kansas City metro area serving a diversity of clients. In July of 2001, Chris, along with Tim Blakley and Keith Powell, created Invision.

You can find Invision on LinkedIn

http://www.wservernews.com/go/gcdibpsf/

on Facebook

http://www.wservernews.com/go/dz1o4e3p/

and on Google+

http://www.wservernews.com/go/duio3j1j/


Send us your feedback

Got feedback about anything in this issue of WServerNews? Email us at [email protected]


Recommended for Learning

VIDEO: New tools and aligned update model with Windows 10

Explore the streamline update model between Office and Windows 10. See the upcoming changes to Office 365 system requirements so that your Office desktop apps can benefit from the latest Office 365 capabilities. Also, take a look at the improvements that we're making to make it simpler to deploy and update Office 365 ProPlus on Windows 10.

http://www.wservernews.com/go/qpi5g31u/

 

Microsoft Virtual Academy

"Security for IT Pros" learning path

IT Pros everywhere are focused on security. And if you're one of those IT Pros, we can help. Microsoft Virtual Academy recently announced a NEW "Security for IT Pros" learning path—to help you skill up on the latest security concepts and technologies to protect your organization's servers, devices, data, and applications. The NEW "Security for IT Pros" learning path offers an in-depth look the Cybersecurity Reference Architecture, Credential Guard, Windows Security & Forensics, and much more. Get started today!

http://www.wservernews.com/go/j78gb1f0/


Factoid of the Week

Last week's factoid and questionwas this:

Apple computers were the general purpose computers to impose censorship over what programs the user can install. So why do we still use Apple products?

One of our readers named Don provided us with a good answer to this question as follows:

I personally think they drank the Apple cool aide :-)

But from what I see, limiting the choices for software means fewer decisions to make. So I can just run to the Apple store, grab the latest IPad, go to ITunes grab some apps and I'm ready to go.

Or get an Android download some apps, try them, download some more, try them. Spend 3 days deleting and defragging the apps I didn't like.

Now let's move on to this week's factoid:

Fact: Using an air freshener in you automobile can be dangerous!

Source: http://www.wservernews.com/go/glryrzhj/

Question: What do our readers think about using air fresheners in enclosed areas like offices? I personally find most of them irritating for my eyes so I've banned them around here--what about your home or organization?

Email your thoughts to me if you have any: [email protected]

Until next week, 

Mitch Tulloch

 

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

GOT ADMIN TOOLS or other software/hardware you'd like to recommend? Email us at [email protected]

Mailscape 365 - Your Key To Simplifying Office 365 - Gain real-time visibility into on-premises Exchange, Hybrid, & Office 365. It monitors your entire hybrid environment in real-time and provides 100+ reports to help you gain visibility into developing issues.

http://www.wservernews.com/go/xe951vpn/
 
Use this Excel Unlocker Software that securely performs to recover lost and forgotten Excel file password and also unlock Excel file:

http://www.wservernews.com/go/wmhqv78o/

TestDisk can help you recover lost partitions and/or make non-booting disks bootable again:

http://www.wservernews.com/go/mm9eisq2/

SQL Recovery Software allows to repairing SQL Database in safe and non-destructive way:

http://www.wservernews.com/go/vpqzptsa/

 

This Week's Tips

IT work - Dealing with workplace distractions

In the Factoid of the Week section of our last two issue of WServerNews myself and some readers speculated on whether mild autism might be a success indicator for the IT profession. I wasn't really serious in raising this issue but it did lead to an interesting discussion and also the following tip from a reader named Mark from the UK:

Hey Mitch, can't comment with any authority on autism - although I have wondered about myself when I feel over-stimulated by my environment, people knocking on doors while 2 phones ring simultaneously and obnoxious food odours from down the open plan office.

I am a fan however of Cal Newport and Deep Work:

http://www.wservernews.com/go/2o505x67/

Haven't convinced my boss to formalize a few hours of deep work per week yet but when I'm able - high quality noise cancelling headphones (as opposed to earphones) and the Noisli extension for Chrome - bliss and a sense of achievement:

http://www.wservernews.com/go/2u9whozz/

My 2c worth (cos I have no affiliation to any of the entities mentioned :-)

What do our readers think about this? Are distractions making your job harder as an IT professional? Do you sometimes use noise cancelling headphones when you perform certain tasks at work? Send us your comments: [email protected]


Deployment - Model Check task in ConfigMgr OSD task sequence

Brandon Linton has a helpful post on his System Center and OS Deployment Blog about a PowerShell one-liner that every SCCM OSD deployment job should include:

http://www.wservernews.com/go/cy5y8bn2/


Email - Script to find true read status of an email message

Santhosh Sethumadhavan shares a PowerShell script you can use either with Office 365 or an On-Perm mailbox that determines what the read status of an email message "really" is:

http://www.wservernews.com/go/6j68yufb/


Events Calendar

MS Exchange CON 2017 - Online conference on October 26, 2017
Registration is now open for the leading online conference discussing the latest strategies, new technologies and proven solutions to manage, enhance and support Microsoft Exchange Server, Office 365 and Hybrid environments.

Participation is free but is limited to the first 1000 registrants, so sign up here to reserve your spot today!

http://www.wservernews.com/go/66wczn0z/

DEVintersection on October 31 - November 2, 2017 in Las Vegas, Nevada

http://www.wservernews.com/go/3n8az1b2/

European SharePoint, Office 365 & Azure Conference on November 13-16, 2017 in Dublin, Ireland

http://www.wservernews.com/go/kn5y9asn/

SharePoint Fest on December 609, 2017 in Chicago, Illinois

http://www.wservernews.com/go/btaxr5lh/

Add Your Event

PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 100,000 subscribers about? Contact [email protected]


New on TechGenix.com

RVtools for VMware: In-depth guide to this essential utility

RVTools is a VMware utility that gives information about your virtual environment. You can learn all about its installation and use in this guide.

http://www.wservernews.com/go/euopw5ls/


AWS cost optimization guide: Don't pay too much

AWS provides several pricing models based on various types of IT needs. Here's a few tips that will help you control and optimize your AWS costs.

http://www.wservernews.com/go/hg7fjj9y/


SQL Server 2017 generally available, first version to run on Linux and Docker

Microsoft's SQL Server 2017 is generally available, and it brings to clients more options, including the ability to use SQL Server with Linux and Docker.

http://www.wservernews.com/go/dl204xr5/


How to stop cyberattacks before they start or control them when they happen

Cyberattacks can cripple a business, making it essential that companies plan to stop attacks before they start and be ready to handle them if they happen.

http://www.wservernews.com/go/adjpj4sh/


Trench tale: Hey Microsoft, don't tell us to RTFM when it has documentation errors!

In this latest tale from the IT trenches, here's a nightmare scenario every IT pro has faced: Getting stymied because of documentation errors.

http://www.wservernews.com/go/3v0mmnzn/

 

Tech Briefing

WSUS reporting with PowerShell  

From 4sysops

http://www.wservernews.com/go/enujop2e/


Performance Tuning Windows Server 2016

From Ben Armstrong's Virtualization Blog

http://www.wservernews.com/go/gax7aao2/

Delete inbound cookies in IIS using URL Rewrite

From the French IIS/Azure Support Team Blog

http://www.wservernews.com/go/v38rduup/

Failover Cluster File Share Storage Access Status is "Questionable"

From the Ask Premier Field Engineering (PFE) Platforms blog

http://www.wservernews.com/go/d2ebm7dg/


Welcome to the domain. Just kidding.

From Lee Stevens Technical Blogs

http://www.wservernews.com/go/erxcu465/



Other Articles of Interest

The DevOps concept: NoOps, DataOps and what comes next

Innovation and velocity run through the DevOps concept, and organizations that adopted DevOps years ago are reaping the benefits – for now. But DevOps can't be the future forever.

http://www.wservernews.com/go/gshfqvfg/

 
Build better apps with these AWS hybrid cloud development tools

Hybrid cloud often is a goal for many enterprises, but getting there is a challenge. AWS has a host of hybrid cloud tools to build applications on and off premises.

http://www.wservernews.com/go/p2k9rcas/


A 77-page recap of VMworld 2017

Explore the top product announcements, news stories, exclusive interviews and more, inside this VMWorld 2017 conference coverage guide.

http://www.wservernews.com/go/38lbvxv2/


Enterprise identity management tools keep cloud hackers at bay

Bringing new application types and integration points into the enterprise, cloud can complicate user identity management. So, how can you be sure your data is secure?

http://www.wservernews.com/go/hac7kwul/

 

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]t.com

Amazing Teeterboard

David Rimmer and Stéphane Beauregard training teeterboard for their performance at 'Corteo' by Cirque du Soleil:

http://www.wservernews.com/go/no3miucd/


Fixing A Stuck Landing Gear From A Speeding Car

Fixing a stuck landing gear from a speeding car while the plane is flying 8 feet above the runway at St. Augustine airport in 1985

http://www.wservernews.com/go/bszkf202/


New Discovery: First-Ever 'Kilonova'

For the first time, scientists have detected the gravitational waves that formed during the collision of two neutron stars 130 million light years away:

http://www.wservernews.com/go/tdqiwwx6/


Real Life Tortoise Vs Hare

'The Tortoise and the Hare' is a fable by Aesop - a slave and storyteller who lived in ancient Greece between 620 and 564 BC:

http://www.wservernews.com/go/qx7ylaku/


WServerNews - Product of the Week

Free Tool: Permissions Analyzer for Active Directory 

Image

SolarWinds® Permissions Analyzer for Active Directory™ gives you instant visibility into user and group permissions and a complete hierarchical view of the effective permissions and access rights for a specific NTFS file folder or share drive – all from a user friendly desktop dashboard.  Browse permissions by group or individual user, and analyze user permissions based on group membership combined with specific permissions.  Unravel a tangled mess of file permissions: network share, folder, Active Directory, inherent, explicit, calculated and more.

Download the Free Permissions Analyzer Tool Today. 

WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his  outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.

Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.