Vol. 23, #17 - April 30, 2018 - Issue #1179

WServerNews: IT security blunders

Free Tool for Monitoring Exchange Server Status & Performance 

Image

SolarWinds® Exchange Monitor is a free tool that allows users to monitor Microsoft® Exchange™ Server 2013 and 2016. Get basic information about the server’s metrics, services, and database availability group (DAG) status. Add as many Exchange Servers as you wish. Simply click the “Add Server” button and fill IP address/domain name and credentials.

Download Free Tool


Editor's Corner

What's the worst (or just dumbest) blunder you've ever seen someone make with regard to IT security? This could be a client or customer, or a colleague, or even yourself. I'll share one story recently told to me by one of my colleagues that made me shake my head when I heard it. 

Which reminds me of this comic by Mike Baldwin:

http://www.wservernews.com/go/kppfdvt1/

Anyways, we also have some suggestions from readers regarding the Ask Our Readers request in last week's newsletter about using MSFT RDP client with 4k display, so be sure to check this out. And we have the usual other stuff -- tips, tools, links and fun videos from Flixxy. Enjoy!

 

Ask Our Readers!  - Need help from the IT pro community?

WServerNews goes out each week to more than 500,000 subscribers worldwide! That's a lot of expertise to tap into. Do you need help with some issue or need advice on something IT-related? Got a question you'd like us to toss out to our readers to try and answer? Email us at [email protected]

 

Ask Our Readers - Using MSFT RDP client with 4k display (some responses)

Last week a reader named Ian sent us the following question:

I have a question for the folks that replied about RDP clients. Have they used them on a newer machine with a 4K display? My new laptop has a 4k display. The MSFT RDP clients connect fine to the remote machines. However, I have issues with the mouse pointer in the remote session. The remote session is not 4K, so the mouse pointer ends up being super tiny on the screen, and hard to find at times. Wondering if any of these tools fix that issue?

So far we've received several responses on this matter:

I have that same problem. I go into the Mouse properties and under Pointers change the scheme to Windows Black Extra Large. You have to do it on each instance but at least you can see the pointer. --Kevin

Try using Mouse Tails in the pointer settings. Makes visibility a lot easier. --Logan

Use bigger mouse pointers. This archived page has links where you still can download larger than MS mouse pointers:

http://www.wservernews.com/go/hmgjxru5/

I use the red "chunky" pointer on my 4K setup. And if you want to get silly, try EnourMouse.

[EDITOR'S NOTE: You can download the executable for this assistive utility from Archive.org here:]

http://www.wservernews.com/go/o9h9lyov/

Or try Settings > Mouse > Additional mouse options > Pointer Options tab > Show location of Mouse when I press <CTL> . This setting enables a "radar scope" display of shrinking rings to point out mouse pointer location. --Ron

If any other readers have any suggestions for Ian please send them to me at [email protected]

Thanks!

And now on to the main topic of this week's newsletter…

 

IT security blunders

Dave who provides IT support mostly for smaller businesses told me a story recently about one of his clients who was a sole proprietor working from home. The customer ran a successful business that brought him a decent living, but to do so he had to constantly keep a sharp eye on his expenses. This meant of course that the customer was still running Windows 7 on the computer he used for running his business.

The customer (we'll call him Bob) called up Dave one day with a sound of anxiety in his voice.

"Dave, buddy! I need your help! I think my work computer may have a virus!"

"What makes you think that?" replied Dave.

"Well, several strange things have been happening lately," answered Bob, who explained among other things that his machine kept dropping its network connection, the mouse and keyboard froze occasionally, and the machine seemed generally sluggish.

Dave replied that unfortunately he was busy with a big customer for the next few days so he suggested that Bob try running Windows Defender Offline and see whether it discovers any malware running on the system. He pointed Bob to this article on the HowToGeek website for instructions on how to download and run Windows Defender Offline on his computer:

http://www.wservernews.com/go/nphjka2b/

"Thanks, buddy!" said Bob who from the tone of his voice was happy again.

Two days later Dave decided to give Bob a call and find out how things were going.

"Hi Bob, did you try doing what I suggested you do to check for viruses?"

"You bet! I went to the site you pointed me to and downloaded Defender Offline, then I burned it to a blank DVD like it said. Then I rebooted and pressed ESC and booted from DVD and ran the program. It didn't find any viruses, so I guess my machine is clean, right? Anyways, big relief, but still got those problems so maybe it's time for me to buy a new machine. But times are tight though, so maybe I'll just keep driving it till the wheels fall off, right?"

Dave thought a moment and then said, "Which machine did you use to download Defender Offline and burn the DVD?"

"My main machine," replied Bob.

"You're work computer?"

"Right."

"Hmm…" thought Ian.

What's wrong here? A simple analogy might be someone who thought that a burglar had somehow gotten hold of his housekey, and instead of calling a locksmith to re-key the entrance, the homeowner instead dug around in his basement and found a spare doorknob which he then used to replace the existing one on his front door. But if a burglar has gained access to your door then you should consider everything in your house to be compromised. 

In other words, don't use untrusted tools to try to increase the level of trust of a system.

Worst It security blunders

Dave's story amused me but it also got me wondering what other similar "blunders" we should be on the watch for as IT pros as we work with customers and within our own companies. A quick search brought up some articles and blog posts that those of you who are interested may want to browse through. Most of these deal with blunders that had a huge impact, both on the companies involved and on their customers, but some also deal with more common blunders made by smaller businesses. A few are also older articles that we can still learn some important lessons from.

http://www.wservernews.com/go/3gvohrll/

http://www.wservernews.com/go/el2aznrl/

http://www.wservernews.com/go/zepcnftd/

http://www.wservernews.com/go/pgqthx47/

http://www.wservernews.com/go/2nq10uqe/

http://www.wservernews.com/go/log9nu31/

http://www.wservernews.com/go/5aeazntu/

http://www.wservernews.com/go/197y4znc/

http://www.wservernews.com/go/z9nlaz7g/

http://www.wservernews.com/go/mg0hvo52/

What about you? What's the worst IT security gaff you've ever seen or heard about or (eek!) been guilty yourself of doing? Share your stories with us so other readers can benefit by emailing me at [email protected]

 

Send us your feedback

Got feedback about anything in this issue of WServerNews? Email us at [email protected]


Recommended for Learning

VIDEO: Updates to server management with the Windows Admin Center (formerly Honolulu) & PowerShell Core

In this episode, we take a look at updates to the Windows Admin Center (formerly Project Honolulu) and PowerShell Core to manage your server infrastructure. Jeff Woolsey explains the updates IT pros will want to know about and demonstrates what's new in Project Honolulu - including Remote Desktop Protocol, Windows client management and PowerShell support. Speaking of PowerShell, Jeff also shows how everything has evolved to PowerShell Core, so you can manage your Windows and Linux workloads from one unified scripting place. You'll even see how with a single cmdlet, you can talk to both Windows and Linux machines and get cross-platform joined outputs.

http://www.wservernews.com/go/7g1hv5sw/


Factoid of the Week - The sweet sound of a line printer

Last week's factoid and question  was this:

There are still about 100,000 payphones remaining across the USA. When was the last time you saw a phone? And when did you last use one?

Don Hill takes the cake on this one for sending along a photo with his response:

The one in Kelly Iowa. I was there few years ago. I used it just to take pictures.

Image


Another reader named Doug who works as a System Administrator (also in Iowa) said:

Believe it or not, we have one in our building at work. It is for our mandatory guests staying in our residential center. So I see one often. The last time I remember using one was in an airport in the early 90s. Pay phones long ago became part of the folk lore I would use to scare my kids with when sitting around the campfire - along with rotary dials, party lines, collect calls, answering machines and live operators.

Guess I'll have to visit Iowa if I ever need to make a phone call to someone ;-)

For more payphone nostalgia be sure to check out the worldwide payphone photo album of 2600 Magazine, the Hacker Quarterly:

http://www.wservernews.com/go/e0ppgav3/

For even more nostalgia let's move on to this week's factoid:

Fact: In the opening scene of the movie Three Days of the Condor starring Robert Redford and Faye Dunaway you can hear the distinctive sound of a line printer as it prints out stuff in a clandestine CIA office while those who work in the office are killed off one by one by an assassin dressed as a mail delivery person.

Watch on Amazon: http://www.wservernews.com/go/z7o4el6w/

Question: When was the last time you heard the sound of a line printer or it's smaller cousin the dot matrix printer? 

P.S. For those young'uns among you who don't know what a line printer is, it's a type of printer popular in mainframe era that printed out one line at a time like this:

http://www.wservernews.com/go/sjv3c9cj/

I still remember fondly waiting in line in the printout room at my university when I was taking Fortran programming in my last year of high school for the printed output from running the stack of punch cards I handed to the printer operator. I also remember the time I hid a card with an /xoff in my stack and it shut down the line printer leaving everybody wondering whether there had been a power failure or something. My one attempt at hacking a mainframe…

Email your answer to us at [email protected]

Until next week, 

Mitch Tulloch

 

Admin Toolbox

Admin Tools We Think You Shouldn't Be Without

GOT ADMIN TOOLS or other software/hardware you'd like to recommend? Email us at [email protected]

SEO Browser lets you see your website like a search engine sees it:

http://www.wservernews.com/go/k74fkxio/

Software Work Simple transforms and optimizes business applications with the objective to create individual apps and allows workflows for all mobile devices to be created easily and quickly:

http://www.wservernews.com/go/10qnqt24/

YUI Compressor is a JavaScript minifier designed to be 100% safe and is also able to compress CSS files:

http://www.wservernews.com/go/swosah1e/



This Week's Tips

Windows 10 - Upgrade tools

Rod Trent's myITforum has ab article about a great alternative developed by Johan Schrewelius for deploying Windows 10 if you're not using SCCM task sequences to do so:

http://www.wservernews.com/go/9jvugfal/


PowerShell - View network adapter

Also on Rod's site is this tip on how to retrieve information about the network adapters available to the current Windows session:

http://www.wservernews.com/go/az0be6jo/

This works for all physical, virtual, and hidden network adapters.


Windows 10 - Create new keyboard shortcuts

LapTopMag, part of Tom's Guide, has an old but useful video on how to set hot keys for your most-used Windows 10 apps:

http://www.wservernews.com/go/s3ghj2hj/

 

Events Calendar


Citrix Synergy in Anaheim, California May 8 - 10:

http://www.wservernews.com/go/hxc5zlp7/

VeeamON 2018 in Chicago May 14 - 16:

http://www.wservernews.com/go/9v92x6g8/

Gartner CIO & IT Executive Summit in Toronto, Canada May 15-17:

http://www.wservernews.com/go/3x31n99x/

Infosecurity Europe in London, England on June 5-9

http://www.wservernews.com/go/0wtaq3b9/

Computex in Taipei, Taiwan on June 5-9

http://www.wservernews.com/go/0vmj4j14/

Cloud & DevOps World in London, England on June 12-14

http://www.wservernews.com/go/gh39ou0o/

OfficeCamp in Gelsenkirchen, Germany on June 18-20

http://www.wservernews.com/go/ezp5a63x/

HPE Discover in Las Vegas, Nevada on June 18-21

http://www.wservernews.com/go/w472an1x/

Microsoft Inspire in Las Vegas, Nevada on July 15-19

http://www.wservernews.com/go/w1b2n1ak/

Microsoft Ignite 2018 on September 24-28, 2018 in Orlando, Florida USA

http://www.wservernews.com/go/js7uh2jc/


Add Your Event

PLANNING A CONFERENCE OR OTHER EVENT you'd like to tell our 100,000 subscribers about? Contact [email protected]


New on TechGenix.com

Review of SolarWinds Traceroute NG

SolarWinds has released their own version of Tracert, which they call Traceroute NG. Check out this review of the product by Brien Posey:

http://www.wservernews.com/go/sq5krmtb/


Step-by-step: Using Visual Studio Team Services to deploy ARM templates

This step-by-step guide will walk you through the process of deploying ARM templates using Visual Studio Team Services, Microsoft's cloud-based developers' tool.

http://www.wservernews.com/go/xgxd9bdp/


Keep the customer satisfied: Key components of a successful customer self-service platform

A customer self-service platform can drive your business to new heights — but only if you get it right. How do you ensure this? Take care of these essentials.

http://www.wservernews.com/go/js65go0o/


The future of mobile app development -- reshaped by IoT

The impact of mobile app development can already be felt in many organizations. With IoT integration, what these apps can do is limited only by a developer's imagination.

http://www.wservernews.com/go/4835qy7b/


Worried about email security? Here's what you can do

Your inbox overflowing with spam is an annoyance, but a carelessly opened malware-laden message can be a catastrophe. These email security practices can keep you safe.

http://www.wservernews.com/go/qogfl3ib/

 

Tech Briefing - Security

Insider Threats: Red Flags and Best Practices

Dark Reading

http://www.wservernews.com/go/lf3rqaqg/


Keep Calm and Carry On Hacking

David Gristwood

http://www.wservernews.com/go/kpcy457n/


Cipher Suite Breakdown

Ask PFE Platforms

http://www.wservernews.com/go/5lpdf3nd/


Demystify PKI - Act II: Certificate Logging

Lee Stevens

http://www.wservernews.com/go/bulkl2wl/


Huge Intel chip bug - some advices

ELVIS'S technical blog

http://www.wservernews.com/go/vkgmuygp/

 

Other Articles of Interest

Avoid AWS access control mistakes to keep your cloud safe

If you get clumsy with AWS security, you can put your whole business at risk. Be wary of these common errors, and implement best practices to secure your workloads.

http://www.wservernews.com/go/kkklrr1a/


User self-service challenges mount in multi-cloud computing

Self-service provisioning presents challenges with a single cloud provider, and a multi-cloud strategy only magnifies those issues, as IT seeks to integrate multiple interfaces.

http://www.wservernews.com/go/p5z7zmjg/


VMware acquisition continues move toward cloud security

VMware cloud security tools will get a boost from the company's acquisition of CloudCoreo, a security and management startup focused on cloud deployments.

http://www.wservernews.com/go/m5dn8anv/


Why this quantum computing breakthrough is a security risk

Quantum computing will void pretty much all security encryption techniques and open the door to hackers. Here's how to protect your data when it does.

http://www.wservernews.com/go/kdf9e4yp/

 

WServerNews FAVE Links

This Week's Links We Like. Tips, Hints And Fun Stuff

GOT FUN VIDEOS or other fun links to suggest you'd like to recommend? Email us at [email protected]

Magician Winner - Tomer Dudai - Israel's Got Talent 2018

Watch illusionist and magician winner Tomer Dudai as he performs his amazing magic on Israel's Got Talent 2018:

http://www.wservernews.com/go/h4qtq3q1/


Magician Makes History On Penn And Teller Fool Us

Magician Simon Coronel from Australia amazes, surprises and fools Penn and Teller with an incredible magic performance:

http://www.wservernews.com/go/6w2rq3bg/


Giang Brothers' Extraordinary Strength - Britains Got Talent 2018

The Giang Brothers left the Britain's Got Talent judges speechless with their 'you have to see it to believe it' audition:

http://www.wservernews.com/go/zslnr0qh/


Funny Dogs

Man's best friend many times is also man's best entertainer:

http://www.wservernews.com/go/qrrvs6nx/


Have any other readers found similar content they'd like to recommend for our Fave Links section? Email us at [email protected]

 

WServerNews - Product of the Week

Free Tool for Monitoring Exchange Server Status & Performance 

Image

SolarWinds® Exchange Monitor is a free tool that allows users to monitor Microsoft® Exchange™ Server 2013 and 2016. Get basic information about the server’s metrics, services, and database availability group (DAG) status. Add as many Exchange Servers as you wish. Simply click the “Add Server” button and fill IP address/domain name and credentials.

Download Free Tool

WServerNews - Editors

Mitch Tulloch is Senior Editor of WServerNews and is a widely recognized expert on Windows administration, deployment and virtualization. Mitch was lead author of the bestselling Windows 7 Resource Kit and has been author or series editor for almost fifty books mostly published by Microsoft Press. Mitch is also a ten-time recipient of Microsoft's Most Valuable Professional (MVP) award for his  outstanding contributions in support of the global IT pro community. Mitch owns and runs an information technology content development business based in Winnipeg, Canada. For more information see www.mtit.com.

Ingrid Tulloch is Associate Editor of WServerNews and was co-author of the Microsoft Encyclopedia of Networking from Microsoft Press. Ingrid is also manages research and marketing for our content development business and has co-developed university-level courses in Information Security Management for a Masters of Business Administration program.