2011 Technology Update
Download
Report
Transcript 2011 Technology Update
Mike Vanbuskirk, Tech Specialties
Desktops, laptops, and
printers… Oh My!
No!
Despite what the tablet/phone people want
you to believe, they are not.
What do you think Apple uses to do its
accounting?
Desktops, laptops, and servers are still
integrals pieces of business infrastructure.
What’s important:
◦ CPU
◦ RAM
◦ Hard Drive
◦ Graphics
◦ Peripherals
Intel and AMD are the two primary
desktop/laptop CPU manufacturers
Intel currently holds the performance
crown(since 2006)
Most OEMs (Dell, HP, Lenovo etc..) offer
primarily Intel
For desktops: A quad-core of at least 2.0
GHz. Core i5/i7-2xxx
For laptops: A dual-core or quad-core of at
least 2.0 GHz. Core i5/i7-2xxx
Modern software is relying more and more on
multiple cores vs. raw speed to handle tasks
quicker
RAM prices are extremely low right now.
Great time to upgrade older machines that
could benefit from more RAM.
New machines: 4GB of DDR3 Dual-Channel
RAM AT MINIMUM
Memory is cheap. It improves performance.
You have no reason not to buy more.
Systems with 32-bit Operating Systems (99%
of XP installs, some Vista/7) can only see or
use ~4GB of RAM.
64-bit systems(Practically all new systems
sold with Windows 7) can address up to
128TB of RAM.
Sweet spot? 8-16GB of RAM.
Thailand Trouble: Massive
monsoons/flooding in Thailand
In a brilliant display of supply chain
management, practically entire hard drive
industry manufacturing takes place in
Thailand, including sub-components needed
to build them.
Expected supply issues through Q1 2012
$90 to $220 in about 2 weeks!
Data courtesy of: http://www.camelegg.com
OEMs like Dell and HP buy in large bulk, and
are contractually guaranteed a certain
number of units for sales and
repair/maintenance.
Their pricing hasn’t changed much YET.
If you are looking to purchase a computer
prior to end of FY, the sooner is certainly the
better.
Solid State Drives. Imagine a drive comprised
entirely of flash memory (like a really big
thumbdrive).
NOT affected by Thailand issues (NAND
industry based mostly in Taiwan).
Still high ratio of $ cost / GB. OEMs charge a
LOT for them in new systems.
Advantages:
◦ FAST. No moving parts and flash memory make for
a VERY fast drive. That means faster boots and
application opening.
◦ GREEN. No moving parts means reduced energy
consumption. Especially at idle (important for
laptops!)
◦ DURABLE. Not to beat a dead horse, but no moving
parts means nothing sensitive to break i.e. spindles,
heads etc…
Disadvantages:
◦ EXPENSIVE: The flooding issue has evened out prices at
online retailers, but expect to pay a hefty premium on a
prebuilt system.
◦ NO BACKWARDS COMPATIBILITY: SSDs require certain
functions only available in modern OS’es like Windows 7
to maintain their speed. Performance will degrade over
time with XP.
◦ DEGRADE?: SSDs have a limited number of write cycles
(5-7 years). Functions like TRiM and Wear Leveling can
help this immensely, but requires OS support.
NEVER, EVER, EVER, DEFRAG A SOLID STATE
DRIVE
EVER
Remember, limited write cycles.
Defragmentation is basically a massive write/rewrite festival.
Could destroy ability of drive to accept writes
Like CPU’s, 2 players in desktop/laptop:
◦ Nvidia
◦ AMD (formerly ATI)
The main point to remember is that most office work
will NOT use the graphics card too heavily. They are
most heavily tasked when used for CAD, Video/3D,
Gaming, and Parallel number crunching.
Yes!
Modern OS’es will use the Graphics card for
some of the eye-candy (not all of which can
be turned off)
If you want to utilize multiple monitors,
graphics cards are a MUST.
256-512MB of Video RAM. Don’t spend too
much
“No, that probably won’t work with Windows
7…..”
You didn’t think you could just upgrade the
computer and keep the original Gutenberg
back there did you?
Windows 7 is a drastic improvement in terms
of compatibility and what it will detect right
out of the box.
Doesn’t mean EVERYTHING will work. Check
to see if the manufacturer has updated
drivers. If not, it’s time to shop for a new one.
Some manufacturers do not provide proper
64-bit support.
This seems to be a particular issue with
scanners.
Do research before settling on a specific
brand. Make sure you aren’t dead in the water
after an expensive upgrade.
Or, “How I learned to stop
worrying and love Windows”
Many have already upgraded to Windows 7.
Microsoft will be discontinuing support for XP
April, 2014.
Some newer software/hardware not
compatible with XP regardless.
Newer versions of Internet Explorer (9+)
require Windows 7.
Security.
Newer software receives full
development/dollars attention from the
creator/s.
Less likely that a security hole/exploit will go
un-noticed or un-patched for very long.
Older software no longer patched. HACKERS
STILL ACTIVELY SEEK OUT OLD OSes!!!
Windows 7 Professional, 64-bit (might also
be listed as x64)
ALWAYS PROFESSIONAL VERSION.
Home Versions CAN NOT be joined to a
domain (VERY important for a server network)
Linux
Apple OSX
FreeBSD
Solaris
We know the major players:
◦ Microsoft
◦ Adobe
◦ Intuit
◦ Symantec
Important to keep them updated and be aware of
vulnerabilities (ESPECIALLY ADOBE, more on this
later)
There are a lot of FREE options for software
that are as good or better than the “big guys”
◦ PDF: SumatraPDF for reading, Bullzip PDF for
printing
◦ DEFRAGMENTING: Auslogics Disk Defrag (faster)
◦ ZIP FILES: 7-Zip.
◦ UNINSTALL: Revo Uninstaller (PERMANENTLY gets
rid of old programs)
KeePass
LastPass
Secunia PSI
Malware Bytes Anti-Malware
This is security oriented software covered later
in the presentation
“The user’s going to pick
dancing pigs over security
every time” – Bruce Schneier
Security expert
Runs http://www.schneier.com/
Also said: “The mantra of any good security
engineer is: 'Security is a not a product, but a
process.' It's more than designing strong
cryptography into a system; it's designing the
entire system such that all security measures,
including cryptography, work together.”
You should not view security as a “product”.
You’re not EVER going to be safe just because
you have anti-virus installed, or any other
piece of software/hardware.
Security means the whole picture, a “process”.
User behavior, network security, password
security, physical security etc…
Do you have a firewall? Is it set-up correctly?
Are your passwords 8 characters or longer? Can I
guess them by looking at your Facebook profile?
If Auditors demanded a record of user activity on
your network i.e. “did Bob access the GenCorp
file?” RIGHT NOW, could you provide it to them?
When did you last update Windows? Adobe?
Is your WiFi Secured? (Hint: WEP is NOT secure)
Firewall? Most modern routers have a basic
firewall.
Good, because hackers are likely probing
your network RIGHT NOW for
vulnerabilities/open ports.
Did you change the default username of
“admin” and default password of “1234”?
Passwords: Modern Proof-Of-Concept attacks
have shown that 7-character passwords can
be broken in sub-5 minute range.
If the attacker can guess your password
through readily available info, they don’t even
need to crack it.
You didn’t use that same password for your
online banking, medical insurance, stock
fund, and PayPal account, did you?
Auditing/File Access: Personally
identifying(PID) documentation of a client has
been stolen/deleted by a disgruntled
employee.
Can you prove Who? How? When?
Were there controls already in place to
prevent an incident?
Updates: Did you update Windows 7
yesterday (11/8/11) to patch the 4
vulnerabilities, one marked “critical” ?
Is your Adobe up to date? (IMPORTANT) Java?
Flash?
Have you stopped using older programs no
longer supported/patched by companies?
WiFi: Most Wireless routers are set up with
default admin passwords.
Also set up with no wireless security or WEP.
WEP is no longer considered secure and can
be broken with easily acquired software (I can
show you where to legally download it right
now)
Need at least WPA2
Better to have a dedicated firewall/router,
separate from your modem and WiFi Access
Point
Eliminates Single-Point-Of-Failure
More features/more powerful
Notice this “wall”
that protects
your internal
network
Workstations
WiFi
Internet/
WAN
Modem
Router
Switch
Firewall
Server
Establish a security policy. Detail preventative
and reactive measures.
Have your network checked for
vulnerabilities. Also known as “Pentesting”.
Have a TESTED and VALID backup and restore
procedure if your data is either compromised
or in jeopardy (more on this later).
I consider this security!
Is your data REGULARLY backed up to 3 different
locations?
Have you run a “disaster drill”? How quickly can
you be up and running again?
How much is your data worth?
RAID IS NOT A BACKUP STRATEGY!!!!
Often overlooked security consideration.
Extremely important to have strong
passwords
Difficult to accomplish. How do I keep my
passwords secure without writing them
down?
Visit http://howsecureismypassword.net to
try it yourself.
Password “abc123” not including quotes.
◦ One of the 20 most common passwords. Would be
hacked almost instantly
A birthday!
Password “10/11/80” not including quotes.
◦ It would take a desktop PC
about 33 minutes to hack your password
◦ Would be done before lunch is over
Add some initials
Password “10/11/80gj” not including quotes
◦ It would take a desktop PC
about 32 years to hack your password
◦ Now we’re talking! Once you get over 8 characters,
time required to crack grows exponentially
◦ Remember though, I said “crack”. That password is
still EASY to figure out with practically no effort.
Multiple words, numbers, and symbols
Password “Refer@11myc@ll$” not including
quotes.
◦ It would take a desktop PC
about 2 trillion years to hack your password
◦ Probably not many hackers capable of waiting longer
than the lifespan of the known universe
◦ The password uses multiple words, numbers, and
symbols, and would not be easily figured out using
online information i.e. Facebook
That site only simulates a Desktop CPU.
Does not account for GPU based cracking.
GPU’s(graphics cards) can run many millions
of operations in parallel, much better than a
CPU.
Means it can take many more guesses over
the same period of time than a CPU.
Figure out 50 more, and don’t write them
down.
Easier said than done.
Your Windows account, your online banking,
PayPal etc…
ALL NEED SECURE PASSWORDS
There’s an app(s) for that!
Lastpass
◦ https://lastpass.com/
Keepass
◦ http://keepass.info/
NOTE: Storing your passwords in your browser is almost
NEVER secure. IE/Firefox/Chrome prompt you when
entering passwords. They often store this information in
unprotected/un-encrypted plain-text.
They can generate secure/randomized
passwords.
You do not have to write them down(which is
NOT secure).
You can have them automatically remind you
to change the password at specific
intervals(good security practice).
Originally started life as a browser extension.
Installs as an Application.
Still integrates heavily with web browser.
Syncs your passwords to their “cloud” for
backup and sharing on multiple computers.
Installs as an application.
Somewhat less user friendly, but more
powerful.
Better option for those who are nervous
about LastPass cloud storage.
KeePass stores passwords in 256-bit
encrypted file.
Not just about passwords and networks.
Keeping your applications up to date and
patched is a key piece of the security puzzle
Programs like Secunia PSI/CSI can monitor the
applications installed on your system and
notify you when they need patching
Remember I said how important it was to
keep Adobe Reader/Flash patched:
http://www.fsecure.com/weblog/archives/00001903.html
61% of targeted/specific exploits in 2010
went after Adobe Reader.
Having it installed(most everyone does) is
NOT ENOUGH.
Is it updated? Does it have an active scanner?
Is it even effective?
◦ Virus Bulletin: http://www.virusbtn.com/index
◦ Runs tests on different AV suites/software
throughout the year. Check the “VB100”.
There are a variety of paid and free options.
Just because you paid for it does not mean it’s
good. McAfee failed a VB100 test recently.
Check the license on your “free” A/V. Many of
them explicitly state they are NOT for commercial
use of any kind.
Microsoft Security Essentials is a good “free”
option and the license allows for up to 10
commercial machines.
As your network grows, probably time to
consider a paid, centralized option.
Kaspersky, ESET both offer packages that
include workstation AND server monitoring.
Can be managed centrally.
Details inside!
A server is essentially a centralized computer
that houses critical applications and/or data.
At the most basic level, think of it as an
electronic file cabinet.
Can fill many more roles: Print server,
directory server, application server, web
server, file server, monitoring server, access
control etc..
Not quite.
1-3 users, no critical need for centralized
files/data/printing or access control.
More cost effective to have a shared external
drive or Network Attached Storage(NAS).
Small business, 5+ users.
Has a need for centralized files/databases
Needs shared/centralized printing
Access control. Dictate who can access what
and when. Be able to KNOW who accessed
what and when.
Centralized files.
Is the most recent copy of the 2010 financial
spreadsheet on Becky’s laptop? Or Don’s
desktop?
A lot easier to say “It’s on the ‘S:’ drive in the
‘financials’ folder”.
Makes backups much easier. Backups that are
easier to manage are more likely to be
successful.
Centralized databases
Quickbooks, Lacerte, Sage MAS90/200 etc…
“Can” be stored on a workstation.
“Can” means it is workable with 3-5 users,
but much beyond that and you will start to
see problems
Workstation OSes like XP and 7 were designed for
a single user accessing the computer directly.
75%+ of system resources are dedicated to that
user.
Only 25% left for network users. Not good.
Workstation OSes will start dropping connections
after a certain number (10 half-open for XP). This
could be VERY bad.
Centralized printing.
Quickly becomes un-manageable to share
printers individually from each workstation.
Can install a print server.
All printers connected to network. Can set
queues, priorities, page quotas etc..
Access Control
In the “Workgroup” model, each computer
audits its own users/access/security
Convoluted and difficult to manage with
multiple systems
Active Directory allows for centralized
management of users and their permissions.
CPU: Intel Xeon Quad Core. At least 2.4GHz.
RAM: At least 8GB RAM, DDR3, ECC if possible.
Hard Drives: Ideal is RAID10. Performance is
overkill for most but allows for 2 drive failures
before data is lost. RAID5 or RAID1 if budget is
an issue. 7.2k RPM SATA drives are sufficient.
Operating System: Windows Server 2008 R2
Standard/Enterprise Edition
NOT A BACKUP STRATEGY!!!
Simply insurance against mechanical failure
of a hard drive.
If your office burns down, the RAID array
does you no good if the data wasn’t backed
up elsewhere.
Get ready to play “Buzzword
Bingo”!
Any questions? Good, I’ll be
handing out a test now.
Virtualization is a technology that allows the
same hardware to be used for multiple
operating systems.
A company can go from needing 4-6 servers
to 2. Less power consumption = $$$.
Hardware is more utilized, more return on
investment.
“Client” virtualization has many possible
applications.
Citrix, VMWare, VirtualBox, KVM, and
Microsoft all have client technologies.
Have an old program that only runs on XP i.e.
Quickbooks 2006? Install it into your
Windows XP Virtual Machine on your Windows
7 desktop.
Since it is essentially a separate computer,
requires a separate license.
Very resource intensive.
Not quite the same performance as native.
Licensing can become expensive for paid
solutions i.e. VMWare.
courtesy of:
xkcd.com
Not just a city in Alabama
More and more workers are remote/out of
the office.
Laptops
Smartphones
Tablets
Security.
Outright physical theft is a major concern.
Constant news stories about laptops
containing PID records of 100’s-1000’s10000’s of people being stolen.
Most public WiFi is NOT secure in any way,
traffic is passed “in the clear”.
For smartphones/tablets: Make sure the
device is enabled with a numeric “lock”.
May want to have a remote-wipe feature set
up. IT can disable/wipe the device if reported
stolen.
For laptops: encrypt the hard drive using
TrueCrypt. Higher battery usage, but thieves
will not be able to access data.
Probably not.
Tablets are good to “view” content.
Not so good for “creating” content.
Be honest about what you would need/use a
mobile device for. More than likely a laptop
will still be the better fit.
Mike Vanbuskirk
Tech Specialties
[email protected]
405-385-9462