Look through these Windows! It’s Memory Lane…

What a straightforward reminder that things change… The History of Windows Versions.  Start with teeny pockets of memory manipulating literal bits of data, and yet that basic input-output system led to SnapChat promising to wipe data from recipient’s memory and 4chan proving they can’t (Tweet that!).  There is plenty of history before and beyond Windows but Microsoft built the bridge to the individual users and by doing so changed the world.  It isn’t a miracle because somebody was going to do it.. like “inventing” the gramophone or flying the first plane.  Microsoft delivered home computing which we then shaped to share stupid ass selfies.

kathleenkettner_it_manager_network_administrator_windows

The rough tools of introductory Windows

Slate offers us this perspective.

Go ahead and bash Microsoft’s operating system all you want (ironically using its technology to do so), but first note that Windows works and has worked for a long long time.  You likely are interacting with some form of a PC-based computer service right now.  We accelerated from ASCII-based Notepad files to our monstrously tangled GIF-ilicious .wild.wicked.web in thirty quick years.

Can I get an OLE?

There is a coherency in the long-haul on Windows that is familiar to those of us who spent our careers adapting to its evolution which was driven in part by our own consumer lobbying for features and functions.  This isn’t ancient history, lots of us pre-PC tech-vets are still here; we have a grasp on the “new” technology that comes from a generational-iterational complexity you cannot duplicate unless you proceed sequentially through it.

Conversely, experience can be a burden of sorts and that point goes to the newbies who think they just invented everything.

Tech units who too closely mirror each other’s training and experience fall prey to group think.  Recognize the value of an “iterational” mix, blend old school practicality with new school ingenuity.  Don’t let the echo of a dominant position drown out the sharp insights from other perspectives.  Your development team should be able to both mirror and cloak your consumers to get a resilient product.

______________
* Debate:  Every war is different, but all wars are the same.

Advertisements

Security Group Efficiencies and How To Exploit Them

Security groups are used to simplify data and resource access in a complex environment like Windows Server with Active Directory.

kathleen_kettner_ACL_security_groupsData access rights are specified at the individual file level, then back “up” through the folder system using a mix of inherited rights and declared rights.  Keep it simple, these really ARE just digitized piles of paper and folders.

If you have 10,000 files in 1,500 folders then changes in individually-based permissions force access to each affected folder/file.  This is a real-time index update of each files’ properties.  More likely you have hundreds of thousands of files in tens of thousands of folders.

Access is further subdivided by type:  can you read it, change it, delete it?  You should establish access permissions with client privacy and competitive advantage in mind.

Groups of users can be granted file and folder permissions.  Any updating to group membership is done once at the group membership index level (Jan is in, Jim is out), and does not have to re-assert these new access permissions over and over at the file level.

Adding UserX to “Admin” group makes one change at net admin level; granting UserX individual access forces thousands of changes at file level.

Groups of Groups works too. The “Company” group might contain the “Staff”, “Admin”, “Principal” and “Board” groups but not the “Contractor” group.  An “All User” group could then contain the “Company” and “Contractor” groups.

Groups allow rapid change to data and resource access status as individuals move in and out of groups.

Complication:  “Most restrictive wins” is the idea that any limitation of access rights cancels any expansion of rights.  If UserX is granted access to a file by group rights, but is individually denied rights at the file level then UserX cannot access the file.

Complication:  Inherited permissions are supposed to leverage folder structure so that, for instance, all subfolders under Budget could mimic permissions of the Budget folder.  You can, however, stop and start this inheritance so a mish-mash of rights may result.

Best Practice:  Keep an updated inventory of users and group membership including the purpose of any group.  Perform and log random access attempts to spot gaps and lapses.

UNSOLICITED BUSINESS RECOMMENDATION:  Microsoft has never given any meaningful data-file organizational tools to its Windows Server admins… their approach is mechanical and clumsy.  A third-party vendor Varonis re-processes this folder-centric system into a database that allows you to query dynamically, and visualize the actual permissions associated with a file and/or folder.  They then provide tools to analyze and manage the data file collection.

Biggest security threat to your network: the users

Who has the keys to your information?

kathleen_ketter_O365_security_office_tradecraft_keys

Any cyber security plans you make have to assess the mix of risks:  gaps in the programming, errors in deployment and maintenance, insufficient operational controls, and then there are the users!

Like home security systems that are not armed, the failure of users to protect themselves mocks the efforts made on other fronts to secure the data environment.

Users underestimate how important they are in the defense of information.  Their disregard for the underlying aims of the company regarding privacy and market-advantage should be a big red flag to management about their own effectiveness.  It shouldn’t be “cool” to disdain the tech-tools provided to do your job.

Look at your company’s security issues and identify those that stem from poor enforcement of the basics.  Then, police yourself.

I suggest you surrender to the idea of complex passwords and then put on your thinking cap and come up with a system that works for you.  As an authorized user, you represent someone who crosses the proverbial moat and enters the kingdom of data.  Don’t be blasé about that!

1) Quit being so literal.  On security questions you do not (and should not) include actual information like your mother’s maiden name (say it is Jezebel) or your place of birth (try Hickinpickin) or provide any other verifiable factoid.

2) Keep it simpleI.luv.2.dogs? incorporates upper and lower case letters, a number and a symbol.

3) Do not cross-contaminate passwords by using a public-forum password like Hotmail with a secure forum like banking.

4) The more characters in a password, the better.  Going from the standard 8-character to a 12-character password slows down auto-hackers*.  Don’t always go for the minimum, sprinkle in a few extra taps because it’s well worth it.

* If there are approximately 80 alpha-numeric-symbol characters available, then the complexity comes from the additional choices in the 9th, 10th, 11th and 12th characters (80*80*80*80).  This compounds the 80*80*80*80*80*80*80*80 possibilities of the basic eight-character minimum.

Experience and Background

  Extensive experience with current skill set implementing technology in legal and financial enterprises by providing network administration, workstation configuration, application support, documentation, and training.   Upgrade-conversion specialty.   Seeking opportunities in computer deployment and operations using Office 365 with Exchange, Avaya IP Office VOIP phones and Salesforce.                                                                                                                                  

EXPERIENCE:

Name Withheld (wealth management)
February 2009 – August 2014

IT Manager for thirty-five user Windows network providing server and workstation administration, Office 365 Plan1 and E3 subscription management for multi-domain Exchange services with compliance vaulting; CRM administration including conversion to Salesforce.com; data file management, archive, backup and replication; virtual private networking for remote access. Avaya VOIP telecomm.

Name Withheld (family office)
March 2001 – July 2008

MIS Administrator for twenty-five users on Windows 2003 five-server network with XP workstations serving private wealth management company and stock-trading hedge funds. Reorganize then rebuild all services to achieve operating standards including server administration, workstation configuration and end–user support, inventory control, license and support tracking, and on-going action notes. Maintained sterling “uptime” record. Testing Vista/Office 2007 options.

Establish network security, stabilize remote access, articulate data security-retention policies; enable virtual private networking with SSL VPN, and Outlook Web Access. Sole tech resource for principal, exec, accounting and admin users. Exchange and BlackBerry Servers. Symantec AntiVirus and Mail Security. Bloomberg Professional with quad-panel displays. Email and Instant Message archival for SEC compliance. SQL application server-side support. DNS and web-site management. Avaya Definity G3si phone system. Lenel/Entrance Controls automated suite security.

Hiatus Year: 2000

Name Withheld (law offices)
January 1992–August 1999

Network Systems Coordinator for Seattle domain LAN Man/Windows NT network administration for 30+ users including workstation roll-outs. Compaq servers and workstations; HP printers and scanners. Backup/archive server data. Dial-up Internet.

Design and deliver technical training services for 160+ users in two sites. Produce in-print and on-line procedural documentation for users and technical staff. Support then assist in the redesign of advanced SQL-based document management system including template creation and fill-in form customization.

Establish Tacoma office Technical Services department staffing, standards, work flow and advanced techniques; technical interviewing and recruitment of supervisor. Train and monitor Help Desk staff.

Independent Solution Provider

Design and deliver automation proposals, computerization plans, knowledge transfer and user manuals. Procedure analysis to deploy office automation for legal firms and similar businesses. Technical interviewing.

Reliable and repeatable procedures

The key to organizational success is to establish reliable and repeatable procedures that cover the tasks required, including the one-off variations.

HOW TO procedures are specific stepped-out actions to complete a stated purpose.

The purpose should be distinct.  Do not have a multi-purpose purpose.  Don’t create one complicated procedure called Handling Accounts but focus on three procedures:  Open Account, Change Account, Close Account.