technology related informational guides
Header

Data Recovery

November 27th, 2012 | Posted by TechnoGuides in Computer | General - (Comments Off)

An important and vital element of computer security is the ability to retrieve information that has been lost. Data recovery software solutions save a tremendous amount of time, money, headache and hassle. How many times have you been working on an important document only to have your computer quit or shut down before you can save your work? It happens from time to time, and it’s an enormous nuisance when it does. Fortunately, there are ways you can always protect and store your data. Backups are the most common, affordable and simplest way of ensuring your data is never permanently lost.

Data backups involve simply saving and storing your work or documents in a location other than on your computer’s desktop or hard drive. Let’s say you’re working on a very detailed, very extensive report. You can easily save it on your desktop. But what if for some reason your computer security fails, or what happens if it’s infiltrated by spyware, or if your antivirus software fails? Then you’re stuck with no report, and no way to enable data recovery.

By simply saving your report to other locations, you can save countless time, money and frustration in it comes to attempting to recover your data. Email the report to yourself – that way, you can work on it wherever there is a computer handy. Burn the report onto a CD, save it onto a disk, or even download it onto a jump drive. You can even print out a hard copy of the report from your computer. Security measures are only effective when every possible avenue of possibility has been exhausted. By saving your vital information onto a variety of different locations, it does not matter if your wireless security, or your laptop security has been breached – you have increased your possibility of total data recovery exponentially.

If however, you have not created any data backups and still require data recovery software and solutions; there are companies and firms who specialize in that particular area of computer security. These are skilled professionals who can locate and retrieve information that has been accidentally wiped out or deleted. They can also locate any documents or files that have been lost due to a failure in wireless security or laptop security. They also can target and sources of spyware, and suggest to you antivirus software that can prevent your data from being lost ever again.

It’s important to understand and realize that if your data has been lost because of faulty computer security, you should locate and fix the problem immediately. Hackers and crackers are becoming more and more sophisticated with their programs, worms and viruses, making data recovery that much more difficult to achieve. Data backups are the simplest, easiest and most affordable way to protect your vital documents and information. How many times have you seen that terrible message “the application word has unexpectedly quit”? It’s frustrating and annoying, because all that hard work you’ve done is lost and you need to start over. It’s also annoying when you lose your data because of spyware, viruses, or faulty laptop security or wireless security. These are issues that can be fixed so that you’ll minimize your needs of attempting data recovery in the future.

Regardless of how you use your computer, you are always saving information on it. Don’t allow your PC security to be compromised to the point where your files get lost and you require expert data recovery services. Make certain your computer is always protected from viruses, spam and spyware.

 

, , , , , ,

Test your backups!

November 27th, 2012 | Posted by TechnoGuides in Computer | Services - (Comments Off)

If you’re like most small business owners, your computer data backups are one of those things that you rarely pay attention to. Computer data backups are kind of like flossing your teeth and eating low-fat, high-fiber foods… everyone knows what they’re supposed to do… but how many REALLY do these things religiously?!?

Unfortunately when it comes to your computer data backups however, complacency can be very dangerous. Of course, it’s always a good idea to have a local computer service company that you can rely on for advice on selecting and maintaining your computer data backups. But, unless you’re prepared to put a full-time PC support person on your company’s payroll, it’s really important that you get some basic understanding of the major issues with computer data backups.

So here’s a compilation of some really crucial tips on computer data backups that I’ve put together, after nearly 15 years of helping small businesses protect their valuable computer data files.

Test your computer data backups regularly and monitor their log files.

To be effective, computer data backups must be highly automated to ensure that jobs are launched consistently and correctly, but your computer data backup system also needs to be watched over diligently to make sure it continues to function reliably.

Unfortunately, monitoring the computer data backup system generally isn’t a priority until something goes wrong. By then it’s too late…. Like the article title says, “Test Now or Cry Later!”

People have a strong tendency with a computer data backup system to set it and forget it. Automation clearly has many benefits, but a totally hands-off approach can be very dangerous if no one is overseeing your computer data backup process.

Test and Then Test Again: VERY Important with Computer Data Backup Systems

With any newly installed computer data backup system, don’t assume everything works correctly right out of the box. Even more important, don’t take for granted that your backup system will continue working indefinitely. You need periodically to restore some folders and files from your backup media to validate that your computer data backup system still works.

If your automated computer data backup routine is configured to include a verify run with each backup job, testing a sample restore job monthly should be adequate. However, if you have an extremely low tolerance for risk, you may want to simulate a sample restore job once a week.

The Hazard of Moving Parts and Open Design with Computer Backup Systems

Why do you need to take these precautions if you’re purchasing a reliable, business-class computer data backup system to start with? Typically, a tape drive or other backup device is one of the few components in a PC or server that still have moving parts.

As a result, it’s more prone to mechanical failure. In addition, because a backup device generally is open, as opposed to the sealed design of a hard drive, it’s easy for the inside of the computer data backup system device to attract a significant dust buildup in a relatively short period of time.

Sample Restore Jobs and Cleaning Tape Heads of Computer Data Backup Systems

Testing a tape for a sample restore job is also a great time to clean the heads of the backup drive if your backup system requires this kind of maintenance.

Restoring a few hundred megabytes (MB) of data to a scratch directory and running a head-cleaning tape should take no more than 15 to 30 minutes.

When running a test restore job, always restore the data to an alternate server folder path, so as not to disrupt the use of any shared folders.

Building a Computer System Backup and Restore Procedure Checklist
In times of crisis, the most crucial issue becomes how quickly you can get the data back onto your system, undamaged. So, as you build your computer data backup system, be sure to document your test procedures into handy checklists.

This documentation also can be great for cross-training and crucial for avoiding panic during an emergency. Be sure you have a hard copy of this documentation next to your system and stored off-site with your backup media.

Watching the Log Files of Your Computer Data Backup System

In addition to running test restore jobs, you must inspect your computer data backup system log files daily. When the backup system is first installed, take time to get familiar with the way log files look when everything is working. This way, if something goes awry, you’ll be better prepared to pinpoint the nature of the problem immediately.

As network operating system (NOS) suites and backup software have become more sophisticated, it’s now possible to monitor backup system log files remotely and more proactively. In most cases, the backup system log files are just plain text (.txt) files.

Many third-party tools and utilities, as well as those included with Microsoft BackOffice Small Business Server (SBS) and Microsoft BackOffice Server, can automatically e-mail or fax a backup system log file at a preconfigured time.

Automatically and Remotely Monitoring Tape Backup Log Files

Many computer consultants have their small business clients’ log files automatically e-mailed to them daily, so the consultants proactively can watch out for potential problems with the computer data backup system.

However, don’t think this proactive monitoring is limited to professional consultants. If your company has one or more branch offices you support from a centralized location, you also can use a similar method to monitor backup system health in remote locations.

For greater flexibility, you can set up an e-mail alias so the computer data backup system log file automatically is sent to you, your second-in-command and perhaps an external computer consultant – so you are all kept in the loop. Also, this way, monitoring continues even when you’re out of the office or on vacation.

The Bottom Line

If your small business depends greatly on its computer systems, backing up your data is not optional… and it is not something that can be casually brushed to the back burner.

Use the computer data backup tips in the articles to help you become a more IT-aware small business owner.

 

 

, , ,

6 Ways to Secure your Web Site

November 27th, 2012 | Posted by TechnoGuides in Computer | General - (Comments Off)

Most people on the internet are good, honest people. However, there are some people browsing the internet who derive fun from poking around websites and finding security holes. A few simple tips can help you secure your website in the basic ways. Now, obviously, the subject of data security is a complicated one and way beyond the scope of this column. However, I will address the very basics one should do which will alleviate many potential problems that might allow people to see things they shouldn’t.

Password Protecting Directories

If you have a directory on your server which should remain private, do not depend on people to not guess the name of the directory. It is better to password protect the folder at the server level. Over 50% of websites out there are powered by Apache server, so let’s look at how to password protect a directory on Apache.

Apache takes configuration commands via a file called .htaccess which sits in the directory. The commands in .htaccess have effect on that folder and any sub-folder, unless a particular sub-folder has its own .htaccess file within. To password protect a folder, Apache also uses a file called .htpasswd . This file contains the names and passwords of users granted access. The password is encrypted, so you must use the htpasswd program to create the passwords. To access it, go to the command line of your server and type htpasswd. If you receive a “command not found” error then you need to contact your system admin. Also, bear in mind that many web hosts provide web-based ways to secure a directory, so they may have things set up for you to do it that way rather than on your own. Barring this, let’s continue.

Type “htpasswd -c .htpasswd myusername” where “myusername” is the username you want. You will then be asked for a password. Confirm it and the file will be created. You can double check this via FTP. Also, if the file is inside your web folder, you should move it so that it is not accessible to the public. Now, open or create your .htaccess file. Inside, include the following:

AuthUserFile /home/www/passwd/.htpasswd
AuthGroupFile /dev/null
AuthName “Secure Folder”
AuthType Basic

require valid-user
On the first line, adjust the directory path to wherever your .htpasswd file is. Once this is set up, you will get a popup dialog when visiting that folder on your website. You will be required to log in to view it.

Turn Off Directory Listings

By default, any directory on your website which does not have a recognized homepage file (index.htm, index.php, default.htm, etc.) is going to instead display a listing of all the files in that folder. You might not want people to see everything you have on there. The simplest way to protect against this is to simply create a blank file, name it index.htm and then upload it to that folder. Your second option is to, again, use the .htaccess file to disable directory listing. To do so, just include the line “Options -Indexes” in the file. Now, users will get a 403 error rather than a list of files.

Remove Install Files

If you install software and scripts to your website, many times they come with installation and/or upgrade scripts. Leaving these on your server opens up a huge security problem because if somebody else is familiar with that software, they can find and run your install/upgrade scripts and thus reset your entire database, config files, etc. A well written software package will warn you to remove these items before allowing you to use the software. However, make sure this has been done. Just delete the files from your server.

Keep Up with Security Updates

Those who run software packages on their website need to keep in touch with updates and security alerts relating to that software. Not doing so can leave you wide open to hackers. In fact, many times a glaring security hole is discovered and reported and there is a lag before the creator of the software can release a patch for it. Anybody so inclined can find your site running the software and exploit the vulnerability if you do not upgrade. I myself have been burned by this a few times, having whole forums get destroyed and having to restore from backup. It happens.

Reduce Your Error Reporting Level

Speaking mainly for PHP here because that’s what I work in, errors and warnings generated by PHP are, by default, printed with full information to your browser. The problem is that these errors usually contain full directory paths to the scripts in question. It gives away too much information. To alleviate this, reduce the error reporting level of PHP. You can do this in two ways. One is to adjust your php.ini file. This is the main configuration for PHP on your server. Look for the error_reporting and display_errors directives. However, if you do not have access to this file (many on shared hosting do not), you can also reduce the error reporting level using the error_reporting() function of PHP. Include this in a global file of your scripts that way it will work across the board.

Secure Your Forms

Forms open up a wide hole to your server for hackers if you do not properly code them. Since these forms are usually submitted to some script on your server, sometimes with access to your database, a form which does not provide some protection can offer a hacker direct access to all kinds of things. Keep in mind…just because you have an address field and it says “Address” in front of it does not mean you can trust people to enter their address in that field. Imagine your form is not properly coded and the script it submits to is not either. What’s to stop a hacker from entering an SQL query or scripting code into that address field? With that in mind, here are a few things to do and look for:

Use MaxLength. Input fields in form can use the maxlength attribute in the HTML to limit the length of input on forms. Use this to keep people from entering WAY too much data. This will stop most people. A hacker can bypass it, so you must protect against information overrun at the script level as well.

Hide Emails If using a form-to-mail script, do not include the email address into the form itself. It defeats the point and spam spiders can still find your email address.

Use Form Validation. I won’t get into a lesson on programming here, but any script which a form submits to should validate the input received. Ensure that the fields received are the fields expected. Check that the incoming data is of reasonable and expected length and of the proper format (in the case of emails, phones, zips, etc.).

Avoid SQL Injection. A full lesson on SQL injection can be reserved for another article, however the basics is that form input is allowed to be inserted directly into an SQL query without validation and, thus, giving a hacker the ability to execute SQL queries via your web form. To avoid this, always check the data type of incoming data (numbers, strings, etc.), run adequate form validation per above, and write queries in such a way that a hacker cannot insert anything into the form which would make the query do something other than you intend.

Conclusion

Website security is a rather involved subject and it get a LOT more technical than this. However, I have given you a basic primer on some of the easier things you can do on your website to alleviate the majority of threats to your website.

 

, , , ,

Computer Security Ethics and Privacy

November 27th, 2012 | Posted by TechnoGuides in Computer | General | Internet - (Comments Off)

Today, many people rely on computers to do homework, work, and create or store useful information. Therefore, it is important for the information on the computer to be stored and kept properly. It is also extremely important for people on computers to protect their computer from data loss, misuse, and abuse.  For example, it is crucial for businesses to keep information they have secure so that hackers can’t access the information. Home users also need to take means to make sure that their credit card numbers are secure when they are participating in online transactions.

A computer security risk is any action that could cause lost of information, software, data, processing incompatibilities, or cause damage to computer hardware,   a lot of these are planned to do damage. An intentional breach in computer security is known as a computer crime which is slightly different from a cypercrime. A cybercrime is known as illegal acts based on the internet and is one of the FBI’s top priorities.  There are several distinct categories for people that cause cybercrimes, and they are refereed as hacker, cracker, cyberterrorist, cyberextortionist, unethical employee, script kiddie and corporate spy.  The term hacker was actually known as a good word but now it has a very negative view. A hacker is defined as someone who accesses a computer or computer network unlawfully.  They often claim that they do this to find leaks in the security of a network. The term cracker has never been associated with something positive this refers to someone how intentionally access a computer or computer network for evil reasons. It’s basically an evil hacker.  They access it with the intent of destroying, or stealing information. Both crackers and hackers are very advanced with network skills.  A cyberterrorist is someone who uses a computer network or the internet to destroy computers for political reasons.  It’s just like a regular terrorist attack because it requires highly skilled individuals, millions of dollars to implement, and years of planning. The term cyperextortionist is someone who uses emails as an offensive force. They would usually send a company a very threatening email stating that they will release some confidential information, exploit a security leak, or launch an attack that will harm a company’s network. They will request a paid amount to not proceed sort of like black mailing in a since.

An unethical employee is an employee that illegally accesses their company’s network for numerous reasons. One could be the money they can get from selling top secret information, or some may be bitter and want revenge.

A script kiddie is someone who is like a cracker because they may have the intentions of doing harm, but they usually lack the technical skills. They are usually silly teenagers that use prewritten hacking and cracking programs. A corporate spy has extremely high computer and network skills and is hired to break into a specific computer or computer network to steal or delete data and information. Shady companies hire these type people in a practice known as corporate espionage. They do this to gain an advantage over their competition an illegal practice. Business and home users must do their best to protect or safeguard their computers from security risks.

The next part of this article will give some pointers to help protect your computer. However, one must remember that there is no one hundred percent guarantee way to protect your computer so becoming more knowledgeable about them is a must during these days. When you transfer information over a network it has a high security risk compared to information transmitted in a business network because the administrators usually take some extreme measures to help protect against security risks. Over the internet there is no powerful administrator which makes the risk a lot higher. If your not sure if your computer is vulnerable to a computer risk than you can always use some-type of online security service which is a website that checks your computer for email and Internet vulnerabilities. The company will then give some pointers on how to correct these vulnerabilities.  The Computer Emergency Response Team Coordination Center is a place that can do this. The typical network attacks that puts computers at risk includes viruses, worms, spoofing, Trojan horses, and denial of service attacks.  Every unprotected computer is vulnerable to a computer virus which is a potentially harming computer program that infects a computer negatively and altering the way the computer operates without the user’s consent. Once the virus is in the computer it can spread throughout infecting other files and potentially damaging the operating system itself. It’s similar to a bacteria virus that infects humans because it gets into the body through small openings and can spread to other parts of the body and can cause some damage. The similarity is, the best way to avoid is preparation.  A computer worm is a program that repeatedly copies itself and is very similar to a computer virus. However the difference is that a virus needs o attach itself to an executable file and become a part of it. A computer worm doesn’t need to do that I seems copies to itself and to other networks and eats up a lot of bandwidth. A Trojan Horse named after the famous Greek myth and is used to describe a program that secretly hides and actually looks like a legitimate program but is a fake.  A certain action usually triggers the Trojan horse, and unlike viruses and worms they don’t replicate itself. Computer viruses, worms, and Trojan horses are all classifies as malicious-logic programs which are just programs that deliberately harms a computer.  Although these are the common three there are many more variations and it would be almost impossible to list them. You know when a computer is infected by a virus, worm, or Trojan horse if one or more of these acts happen:

  • Screen shots of weird messages or pictures appear.
  • You have less available memory then you expected
  • Music or sounds plays randomly.
  • Files get corrupted
  • Programs are files don’t work properly
  • Unknown files or programs randomly appear
  • System properties fluctuate

Computer viruses, worms, and Trojan horses deliver their payload or instructions through four common ways. One, when an individual runs an infected program so if you download a lot of things you should always scan the files before executing, especially executable files. Second, is when an individual runs an infected program. Third, is when an individual bots a computer with an infected drive, so that’s why it’s important to not leave media files in your computer when you shut it down.  Fourth is when it connects an unprotected computer to a network. Today, a very common way that people get a computer virus, worm, or Trojan horse is when they open up an infected file through an email attachment. There are literally thousands of computer malicious logic programs and new one comes out by the numbers so that’s why it’s important to keep up to date with new ones that come out each day. Many websites keep track of this. There is no known method for completely protecting a computer or computer network from computer viruses, worms, and Trojan horses, but people can take several precautions to significantly reduce their chances of being infected by one of those malicious programs.  Whenever you start a computer you should have no removable media in he drives. This goes for CD, DVD, and floppy disks. When the computer starts up it tries to execute a bot sector on the drives and even if it’s unsuccessful any given various on the bot sector can infect the computer’s hard disk. If you must start the computer for a particular reason, such as the hard disk fails and you are trying to reformat the drive make sure that the disk is not infected.

, , , , , , , ,

Computer Security

November 27th, 2012 | Posted by TechnoGuides in Computer | General - (Comments Off)

Advances in computer technology is a double-edged sword. On one hand, it affords us quick and easy access to numerous conveniences such as bank statements, favorite shopping centers, school and health records, and more. On the other hand, it can also grant the same access to those who aren’t supposed to get it. Although it’s a rare occurrence, hacking has become the biggest criminal nuisance in computer history.

Make no bones about it. There’s nothing innocent or cute about the hacker. Today’s hackers aren’t the pimply-faced teen rebels that you might be thinking of. Instead, this generation of hackers are grown individuals who are more than likely earning a living by stealing the identities of innocent, law abiding individuals and then selling those identities to others who want to slip by the system. And the only protection against these seedy people is prevention.

Computer security couldn’t be more important than it is today and that’s why we’ve taken the time to introduce it to you.  You can reduce the probability of experiencing identity theft by making your computer as hacker-proof as possible. All that’s needed is a little software and a lot of common sense.

  1. Install an anti-virus/anti-spyware program. Anti-virus/anti-spyware software will stop malicious code from downloading and installing onto your computer while you peruse the Internet. Known as viruses, worms, or spyware, this malicious code can destroy important files and render your computer good for only one thing: sending sensitive data back to the server of an identity thief.
  2. Don’t store sensitive data on your computer in the first place. Should your computer get infected with a virus, worm, or piece of spyware, you can thwart the individuals responsible by not storing your personal information on your PC so that when and if your computer does send back data – it won’t be anything valuable. Hackers look for things like full names, social security numbers, phone numbers, home addresses, work-related information, and credit card numbers. If these things aren’t saved onto a computer, there’s nothing critical to worry about other than restoring your computer to a non-virus condition.
  3. Don’t open files without scanning them with an anti-virus/anti-spyware program. In the past, the warning was to avoid opening files from people that you don’t know. Today it’s really not safe to open files from anyone (without scanning the files) because that’s how viruses get spread – through files – even by mistake. So even though your co-worker may have emailed a funny video, it’s no more safe to open than a video downloaded from a complete stranger. Be safe and scan each and every file you download from the Internet or receive through email regardless of where it came from.
  4. Create a barrier between your computer and prying eyes. Anti-virus/anti-spyware programs are only effective after the effect. But you can prevent identity theft from occurring by installing a firewall. A firewall is software that checks all data entering and exiting a computer and it then blocks that which doesn’t meet specified security criteria (user-defined rules).
  5. Don’t click on website links in spam messages. In an effort to obtain personal information, some spammers will send email that asks you to click on a link. The email messages are often disguised as important messages from well-known online establishments, and they often try to scare their readers into clicking links with threats of closing an account of some sort. Sometimes the links are harmless and attempt to con the reader into volunteering personal information (credit card number), but other times the links attempt to download harmful software onto a computer.

Your best protection against computer crimes is your own knowledge. Hopefully the suggestions above will prompt you into taking appropriate action and into protecting your computer with the suggested tools. In doing so, you’ll not only protect yourself, you’ll prevent the spread of these malicious activities and protect others at the same time.

, , , ,