Posts Tagged ‘password’

Instructions from the I.T. Department

1. When you call us to have your com­pu­ter moved, be sure to leave it buried under half a ton of post­cards, baby pic­tu­res, stuf­fed ani­mals, dried flo­wers, bow­ling trophies and children’s art.
2. Don’t ever write anything down, espe­cially the error mes­sage that was on your screen.
3. If we ask what the last thing you did was, always res­pond with, “I didn’t do anything.”
4. When we say we’ll be right over, imme­dia­tely find a rea­son to leave so you won’t have to ans­wer silly ques­tions from us, like “what’s your screen saver password?”
6. When desc­ri­bing your pro­blem, just tell us what you were ulti­ma­tely trying to do. For exam­ple, just say, “I can’t get my email”. We don’t need to know that the com­pu­ter won’t even turn on.
7. Feel free to ignore any email sent from us, espe­cially those mar­ked with high impor­tance. You don’t really need to know about the latest virus that wiped out your neigh­bors hard drive.
8. Always send impor­tant and urgent emails in all uppercase.
9. When the copier, or anything else remo­tely elec­tro­nic, doesn’t work, call us. Heck, if we can fix com­pu­ters, we must know all about copiers too.
10. If the docu­ment you sent to the prin­ter didn’t print, send it at least 20 more times. One of them is bound to work.
11. Don’t ever learn the pro­per name for anything tech­ni­cal. We know exactly what you mean by “my thingy blew up”.
12. Don’t waste your time using the built in help files. We already had to learn the hard way, why should you?
13. If any of the com­pu­ter cables are in your way or keep moving, be sure to route them across the top of your por­ta­ble hea­ter or set something big and heavy on them to hold them in place.
14. Never bother rea­ding any mes­sage that pops up on your screen. Just click the X to close it or the first but­ton your mouse gets to.
15. Don’t ever try reboo­ting the com­pu­ter your­self. Call us imme­dia­tely. Only expe­rien­ced, highly-trained pro­fes­sio­nals should attempt that.
16. Feel per­fectly free to say things like “I don’t know anything about this com­pu­ter crap”. We love hea­ring our area of pro­fes­sio­nal exper­tise refe­rred to as crap.
17. When you receive a huge movie file that’s really funny, be sure to for­ward it to all your friends. We have plenty of disk space and bandwidth.
18. Don’t bother brin­ging a radio to work, just lis­ten to music over the inter­net. Like I said, we have plenty of bandwidth.
19. Don’t even think of brea­king large print jobs down into sma­ller chunks. Some­body else might squeeze their one-page docu­ment into the queue.
20. When an I.T. per­son is carr­ying heavy equip­ment, worth thou­sands of dollars, that’s the best time to ask why your screen saver quit working.
21. Don’t bother to tell us when you move com­pu­ter equip­ment around on your own. We cer­tainly don’t need to keep track of those things.
22. Your com­pu­ter case makes a great flat sur­face for sit­ting drinks or pot­ted plants on.
23. Do wha­te­ver you can to cover up those ugly open air slots in the com­pu­ter and monitor.

Must Have Application for Thumb Drives

It’s a sign of the time, you can buy a thumb drive almost anywhere.  I have even seen them in Gas Sta­tions in the Omaha area.

There are many rea­sons to use these dri­ves: size, por­ta­bi­lity con­ve­nience, and sto­rage space, all come to mind quickly.  A lot of my exter­nal users do not even take their lap­tops to mee­tings any­more because they can keep all their pre­sen­ta­tions and such on a thumb drive and just plug into any machines.

On the other side of the coin, there are some inhe­rent risks to the trans­por­ta­tion of these devi­ces.  You may for­get them on site, lose them while get­ting something from your poc­ket, so on and so forth.  No mat­ter the rea­son, if you lose your drive, all of that data is now avai­la­ble to the per­son that finds it.

Here are some exam­ples of the type of data that can be lost by anyone:

Firm ‘broke rules’ over data loss

Home Sec­re­tary Jac­qui Smith has bla­med a pri­vate con­trac­tor for losing the details of thou­sands of cri­mi­nals, held on a com­pu­ter memory stick.

Tax web­site shut down as memory stick with sec­ret per­so­nal data of 12million is found in a pub car park

Minis­ters have been for­ced to order an emer­gency shut­down of a key Govern­ment com­pu­ter sys­tem to pro­tect millions of people’s pri­vate details.

The action was taken after a memory stick was found in a pub car park con­tai­ning con­fi­den­tial pass­co­des to the online Govern­ment Gate­way sys­tem, which covers everything from tax returns to par­king tickets.

Two exam­ples may not seem like a large amount, but if you look at the amount of data that was lost in these two exam­ples you will rea­lize how much data is at stake.

With that being said, I have found a free appli­ca­tion that will help with this.  Rohos Mini Drive Encryp­tion.  This app has a very small foot­print and once your drive is setup, you don’t have to ins­tall soft­ware on any other com­pu­ter to access that encryp­ted file.

Accor­ding to the deve­lo­pers web­site they list the fea­tu­res as:

• Crea­tes a vir­tual encryp­ted par­ti­tion volume (disk) within a USB flash drive free space
• Auto­ma­ti­cally detects your USB stick con­fig and crea­tes encryp­ted partition
• Pro­gram does not require ins­ta­lla­tion to work with encryp­ted par­ti­ton on a guest com­pu­ter. You can start it right from USB drive
• Encryp­ted par­ti­tion is pro­tec­ted by password
• Encryp­tion is auto­ma­tic and on-the-fly
• Encryp­tion algo­rithm: AES 256 bit key length. NIST approved.
• Rohos Disk Brow­ser to open encryp­ted par­ti­tion without having Admin rights
• Vir­tual Key­board — to pro­tect your encryp­ted disk pass­word from a key logger
• Auto­run Fol­der. Saved program’s/file’s short­cut will auto­ma­ti­cally start/open up upon disk connection
• The limit of encryp­ted par­ti­tion size is 2 GB

I find the soft­ware very easy to use and intui­tive.  In no time, I had car­ved 500 megs on one of my dri­ves and was moving files over to the encryp­ted por­tion.  To try out the func­tio­na­lity I han­ded the disk to my co-worker and watched as they put it in and sure enough none of the data sho­wed.  Just an exe­cu­ta­ble.  When run, the pass­word cha­llenge screen comes up.  I really do like the idea of a vir­tual key­board, par­ti­cu­larly if you are on a com­pu­ter that you do not know.  Bet­ter safe then sorry in this world.  Once the correct pass­word is ente­red and accep­ted an explo­rer win­dow is ope­ned and all your files are acces­si­ble.  It did take a few moments for me to see how to add new files to the encryp­ted volume.  Just so you know, in the explo­rer win­dow you can right click and import file.

As I said before, in this world, encrypt everything.  I highly recom­mend this pro­gram to anyone with a thumb drive.

The System Administrator from Hell

Some days I get emails that just have to be sha­red.  This is one of them.  All cre­dit to the ori­gi­nal author, though I don’t know who it is.

Recently someone called me from one of the “Out on the Floor Offi­ces”, an ethe­real place rumo­red to exist only in hypers­pace, popu­la­ted by mys­te­rious beings called Users.

She was quite fran­tic. She was having trou­ble run­ning a pro­gram through the com­pu­ter, and her mes­sage was clear enough, although rather ill-conceived: “My files are full!”

I furro­wed my brow, lit a smoke, and explai­ned to her, “Really now, Miss Rus­sell, I don’t have time for this.” I slowly exha­led the menthol vapors as I stop­ped her pro­cess, crushing any hopes she may have had of ever again seeing that docu­ment she had spent three hours sla­ving over.

“I was typing this really impor­tant let­ter, and it has to be ready in an hour… there’s all this stuff on my screen that I didn’t type… it says something about an error, should I read it to you?”

“No point. Just press return.”

“Oh my, it wants my user­name. Can I res­tart that where I left off?”

“Not a chance.”

I drew another puff and tos­sed the phone aside. It occu­rred to me that if I had to hear one more of those whi­ning com­plaint ses­sions, heads were going to roll. Where do you peo­ple get this stuff? I’m going to tell you what’s really going on here. Now lis­ten up. I’m not going over this a second time:

Com­pu­ter

The black box that does your work for you. That’s all you need to know.

Res­ponse Time

Usually mea­su­red in nano­se­conds; some­ti­mes mea­su­red in calen­dar months. The gene­ral rule is: Shut up your com­plai­ning about res­ponse time.

Hard­ware

See “Com­pu­ter.” Again, not your concern.

Soft­ware

If we want you to know, we’ll tell you about it, other­wise, leave us alone.

Net­work

Don’t worry about it, we’ll take care of it. Use it to send mail among your half-wit sel­ves, and don’t think we won’t read it all. What do you think we do all day? By the way , Rus­sell… shame about your mother’s Pancreas.

Data

The gene­ral rule is: Don’t use any data files and if you find any, delete them before I find out about them. In fact, just stay off the com­pu­ter. (See “Res­ponse Time”)

Sys­tem Crash

Don’t ever call the sys­tem mana­ger to tell him you think the com­pu­ter is down. Don’t call him to ask him when it will be up again. The more you bother him, the lon­ger it takes.

Down­time

Like I said, don’t ask.

Uptime

Be thank­ful for it, use it wisely, and get out of my face.

Over­time

Don’t be ridiculous.

Vaca­tion

A time during which I don’t have to put up with your sni­ve­ling. Don’t try calling. There’s no point.

Com­pu­ter Room

Keep out, you’re not invi­ted. Don’t knock on the door — don’t even think about it. I broke the phone last time one of you jerks called me, and I’m not about to replace it. And keep your greasy fin­gers off the windows.

My Office

The name says it all… it’s mine; stay out.

Your Pro­blems

The name says it all…

Dead­li­nes

The gene­ral rule is: Dead­li­nes are not ack­now­led­ged by me; they’re not my res­pon­si­bi­lity. Go tell someone who cares.

Main­te­nance

1. A valid rea­son for shut­ting down the sys­tem at any time.
2. Much more impor­tant than anything any of you bozos do.
3. Anything I choose to call “main­te­nance” is maintenance.

Soft­ware Upgrades

Far too com­plex for you to com­prehend. If I tell you I’m upgra­ding the sys­tem, just be quietly thank­ful. It’s for your own good, even if it does mean exten­sive down­time during peak hours.

Elec­tro­nic Mail

I delete it before it’s read, so don’t bother sen­ding any to me.

Defaults

We like them just like they are; we chose them for a rea­son. Don’t mess with them; con­si­der them mandatory.

Error Mes­sa­ges

I’m not inte­res­ted. I’m going to kill your pro­cess any­way, so keep them to yourself.

Killing your Process

1. Don’t ever ask why
2. Beyond your control
3. No war­nings are given
4. The high­light of my day
5. If you call, it’s going to hap­pen. No exceptions.

Pass­words

I reserve the right to change them without notice at any time. I choose them, and the more you bother me, the more degra­ding yours will be. (Exam­ple: jrus­sell: SNOTFACE)

Users

1. They slow down the computer
2. They waste my time
3. A gene­ral nuisance
4. Worse than that, actually

Soft­ware Modifications

You don’t know what you want — we’ll tell you what you want. It stays like it is. Period.

Pri­vi­le­ges

I’ve got them, you don’t need them. Enough said.

Prio­rity

Mine is higher than yours, accept it. That’s the rea­son my games run fas­ter than your lousy accoun­ting pac­kage. (See “Res­ponse Time”)

Ter­mi­nals

Before calling me with a ter­mi­nal pro­blem, con­si­der this:

1. Are you pre­pa­red to do without one for weeks?
2. Do you REALLY want your pro­cess killed?
3. Did you just trip over the cord again?
4. Of course you did.

Disk Space

I set the quo­tas, you live with them. If you need more space, check “Data Files”.

Ope­ra­tor

I hired him and I trai­ned him. He does what I tell him to. Usually armed; always dangerous.

Bac­kups

A good idea if I gave a shit, which of course I don’t.

Lunch

The only time that calling my office won’t result in the killing of your process.

Data Secu­rity

That’s your pro­blem. I’m cer­tainly not going to lose any sleep over it. My files are loc­ked up tight. I feel secure.

Jiffy

Length of time it takes me to resolve your pro­blem by killing your process.

Eter­nity

Length of time it takes me to give a shit about any pro­blem that can’t be resol­ved by killing your process.

Impos­si­ble

1. It can’t be done (as far as you know)
2. I can’t be bothered
3. You’re star­ting to annoy me

Ine­vi­ta­ble

1. Couldn’t have been avoided
2. Not my fault (as far as you know)
3. The result of anno­ying me

Menus

If it’s not on the menu, don’t ask for it. It’s not avai­la­ble. If it is on the menu, it’s pro­bably of no use or it doesn’t work. We’re wor­king on it (See “Eternity”).

Uti­li­ties

I find them quite use­ful, you’ll find them quite inac­ces­si­ble. Besi­des, they’re not on your menu, are they. What did I tell you about that?

Nui­sance

You.

Of course, I reserve the right to add, change, or remove anything from the above list. I’m not asking you to accept these mat­ters without ques­tion, I’m telling you.

Now that we all know where we stand, I’m sure there’ll be no future pro­blems. If you have any ques­tions or com­ments please feel free to keep them to your­self. If you feel the need for more infor­ma­tion, I highly recom­mend that you ask someone else.

Sin­ce­rely,
The Sys­tem Manager

P.S. The new disk quota of 30 blocks per user became effec­tive yes­ter­day. Anyone caught excee­ding the quota will lose their accounts (this means you, Russell!)

New Computer Security Mistakes

I wan­ted to pass on what I see as some of the top com­pu­ter secu­rity mis­ta­kes that most casual com­pu­ters users make when first set­ting up a new computer:

1. Set­ting an non pro­tec­ted newly ima­ged com­pu­ter on the inter­net.  Before ins­ta­lling any com­pu­ter on the inter­net, you will want to ins­tall at least an anti­vi­rus and make sure that the built in fire­wall for Win­dows is ope­ned.  I per­so­nally have a DVD with a lot of first ins­tall appli­ca­tions on it.  This inc­lu­des Comodo Anti­vi­rus, Comodo Fire­wall, Win­dows XP Ser­vice Pack 3 (Net­work Admin Ins­ta­ller), and Vista Ser­vice Pack 2 (Net­work Admin Ins­ta­ller).  As well as a few other odds and ends.  I run these ins­talls before I ever con­nect my machine to the wire­less net­work.  I know the virus defi­ni­tion files for the Anti­vi­rus will be out­da­ted, but that is correc­ted shortly.
2. Not run­ning upda­tes as soon as online. After ins­ta­lling all the appli­ca­tions men­tio­ned above, I get my sys­tem on the net­work and run upda­tes on my anti­vi­rus soft­ware and then run­ning the Win­dows Update.  This is a very impor­tant step.  Just because an anti­vi­rus is ins­ta­lled or the latest Ser­vice Pack applied, it does not mean you are pro­tec­ted.  With more and more vul­ne­ra­bi­li­ties and viru­ses being relea­sed daily, it is a never ending battle to keep your­self pro­tec­ted.  Not only should you worry about the secu­rity soft­ware, but any appli­ca­tion you ins­tall, please run all the updates.
3. Set­ting your pri­mary login ID as an admi­nis­tra­tor.  I know this one is hard, but it has been brought to my atten­tion, and right­fully so, it is not recom­men­ded.  An admi­nis­tra­tor account has unli­mi­ted rights and power on a com­pu­ter.  You can create a sepa­rate user and make is a power user.  For the Admi­nis­tra­tor account, you should rename it from Admi­nis­tra­tor and put a secure pass­word on it.  Also, disa­ble the guest account on your sys­tem for safety measures.

1. Pass­word, Pass­word, Pass­word, and did I men­tion pass­word?  I know this is your home com­pu­ter and you won­der who would get into it.  Well, since the com­pu­ter has become so inte­gra­ted in our lives, we store everything on there.  From bank infor­ma­tion, impor­tant docu­ments, Tax infor­ma­tion, fami­lies infor­ma­tion, on and on.  If your com­pu­ter gets sto­len, someone else now has all of that infor­ma­tion.  If you do not have a secure pass­word (see ear­lier pos­ting) then it’s easy for them to get in.
2. Disk Encryp­tion.This is a topic I will dis­cuss more in depth in the next few days.  There are many free drive encryp­tion appli­ca­tions avai­la­ble that are very very good.  The rea­son for this encryp­tion is so that if someone comes in and just grabs your drive out of your com­pu­ter (less then 3 minu­tes for the most part) your data is secu­red.  See item 4.
3. Wire­less Net­work Secu­rity. Again another topic I will get into later, but for the most part I can sum it up quickly.  If you get a brand new wire­less rou­ter, the defaults are the same.  The same IP address, the same root pass­word, the same SSID (Net­work name).  With this infor­ma­tion anyone in your area can get into your net­work.  There are some things you can do to pro­tect your­self and I plan on dis­cus­sing it later, inc­lu­ding what some recom­men­ded set­tings are.  So please check back.

I hope that you found this use­ful infor­ma­tion.  Ques­tions, com­ments and feed­back is always welcome.

A Guide to Strong passwords

To con­ti­nue on a bit about the pass­words I men­tio­ned yes­ter­day, I deci­ded to give some poin­ters on what makes a strong pass­word.  Also, a few uti­li­ties to help with the crea­tion, besi­des the last­pass I refe­rred to yesterday.

The role that pass­words play in secu­ring your infor­ma­tion is often unde­res­ti­ma­ted and over­loo­ked. Weak pass­words pro­vide attac­kers with easy access to your com­pu­ters and other infor­ma­tion on the net while strong pass­words are con­si­de­rably har­der to crack, even with the password-cracking soft­ware that is avai­la­ble today. Password-cracking tools con­ti­nue to improve, and the com­pu­ters that are used to crack pass­words are more power­ful than ever. Password-cracking soft­ware uses one of three approaches: inte­lli­gent gues­sing, dic­tio­nary attacks, and brute-force auto­ma­ted attacks that try every pos­si­ble com­bi­na­tion of cha­rac­ters. Given enough time, the auto­ma­ted method can crack any pass­word. Howe­ver, strong pass­words are much har­der to crack than weak pass­words. A secure com­pu­ter has strong pass­words for all user accounts.

What makes a weak password:

• No pass­word.
• Con­tains your user name or real name.
• Con­tains a com­plete dic­tio­nary word.
• Is used for mul­ti­ple web­si­tes or locations

A strong password:

• Is at least seven cha­rac­ters long.
• Does not con­tain your user name, real name, or com­pany name.
• Does not con­tain a com­plete dic­tio­nary word.
• Is sig­ni­fi­cantly dif­fe­rent from pre­vious pass­words. Pass­words that inc­re­ment (Password1, Password2, Password3 …) are not strong.
• Con­tains cha­rac­ters from each of the follo­wing four groups:

An exam­ple of a strong pass­word is u+6^}*$X.

If making them up on your own is not your forte, there are uti­li­ties and web­si­tes out there.  A few are listed:

• http://www.pctools.com/guides/password/
• http://www.goodpassword.com/
• http://strongpasswordgenerator.com/ – Even gives a mne­mo­nic (Memory Aid)