2011 Technology Update
Mike Vanbuskirk, Tech Specialties
Business cat…
PC HARDWARE
Desktops, laptops, and printers… Oh My!
No!
Despite what the tablet/phone people want you to believe, they are not.
What do you think Apple uses to do its accounting?
Desktops, laptops, and servers are still integrals pieces of business infrastructure.
Is the PC Dead?
What’s important:
◦ CPU
◦ RAM
◦ Hard Drive
◦ Graphics
◦ Peripherals
State of Hardware: 2011
Intel and AMD are the two primary desktop/laptop CPU manufacturers
Intel currently holds the performance crown(since 2006)
Most OEMs (Dell, HP, Lenovo etc..) offer primarily Intel
CPU
For desktops: A quad-core of at least 2.0 GHz. Core i5/i7-2xxx
For laptops: A dual-core or quad-core of at least 2.0 GHz. Core i5/i7-2xxx
Modern software is relying more and more on multiple cores vs. raw speed to handle tasks quicker
Which CPU Should I Get?
RAM prices are extremely low right now.
Great time to upgrade older machines that could benefit from more RAM.
New machines: 4GB of DDR3 Dual-Channel RAM AT MINIMUM
Memory is cheap. It improves performance. You have no reason not to buy more.
RAM
Systems with 32-bit Operating Systems (99% of XP installs, some Vista/7) can only see or use ~4GB of RAM.
64-bit systems(Practically all new systems sold with Windows 7) can address up to 128TB of RAM.
Sweet spot? 8-16GB of RAM.
But wait…
Thailand Trouble: Massive monsoons/flooding in Thailand
In a brilliant display of supply chain management, practically entire hard drive industry manufacturing takes place in Thailand, including sub-components needed to build them.
Expected supply issues through Q1 2012
Hard Drives
That’s not good….
What does it mean?
$90 to $220 in about 2 weeks!
Data courtesy of: http://www.camelegg.com
OEMs like Dell and HP buy in large bulk, and are contractually guaranteed a certain number of units for sales and repair/maintenance.
Their pricing hasn’t changed much YET.
If you are looking to purchase a computer prior to end of FY, the sooner is certainly the better.
What does it mean for ME?
Solid State Drives. Imagine a drive comprised entirely of flash memory (like a really big thumbdrive).
NOT affected by Thailand issues (NAND industry based mostly in Taiwan).
Still high ratio of $ cost / GB. OEMs charge a LOT for them in new systems.
What about SSD?
Advantages:◦ FAST. No moving parts and flash memory make
for a VERY fast drive. That means faster boots and application opening.
◦ GREEN. No moving parts means reduced energy consumption. Especially at idle (important for laptops!)
◦ DURABLE. Not to beat a dead horse, but no moving parts means nothing sensitive to break i.e. spindles, heads etc…
SSD cont.
Disadvantages:◦ EXPENSIVE: The flooding issue has evened out prices at
online retailers, but expect to pay a hefty premium on a prebuilt system.
◦ NO BACKWARDS COMPATIBILITY: SSDs require certain functions only available in modern OS’es like Windows 7 to maintain their speed. Performance will degrade over time with XP.
◦ DEGRADE?: SSDs have a limited number of write cycles (5-7 years). Functions like TRiM and Wear Leveling can help this immensely, but requires OS support.
Not so fast!
NEVER, EVER, EVER, DEFRAG A SOLID STATE DRIVE
EVER
Remember, limited write cycles.
Defragmentation is basically a massive write/re-write festival.
Could destroy ability of drive to accept writes
Bet You Didn’t Know..
Like CPU’s, 2 players in desktop/laptop:◦ Nvidia
◦ AMD (formerly ATI)
The main point to remember is that most office work will NOT use the graphics card too heavily. They are most heavily tasked when used for CAD, Video/3D, Gaming, and Parallel number crunching.
Graphics
Yes!
Modern OS’es will use the Graphics card for some of the eye-candy (not all of which can be turned off)
If you want to utilize multiple monitors, graphics cards are a MUST.
256-512MB of Video RAM. Don’t spend too much
Do I Need a Graphics Card Then?
Peripherals….
“No, that probably won’t work with Windows 7…..”
You didn’t think you could just upgrade the computer and keep the original Gutenberg back there did you?
Windows 7 is a drastic improvement in terms of compatibility and what it will detect right out of the box.
Doesn’t mean EVERYTHING will work. Check to see if the manufacturer has updated drivers. If not, it’s time to shop for a new one.
Realistic Expectations
Some manufacturers do not provide proper 64-bit support.
This seems to be a particular issue with scanners.
Do research before settling on a specific brand. Make sure you aren’t dead in the water after an expensive upgrade.
Driver Gotcha
Questions?
Operating Systems and Software
Or, “How I learned to stop worrying and love Windows”
Many have already upgraded to Windows 7.
Microsoft will be discontinuing support for XP April, 2014.
Some newer software/hardware not compatible with XP regardless.
Newer versions of Internet Explorer (9+) require Windows 7.
So what’s the story?
Security.
Newer software receives full development/dollars attention from the creator/s.
Less likely that a security hole/exploit will go un-noticed or un-patched for very long.
Older software no longer patched. HACKERS STILL ACTIVELY SEEK OUT OLD OSes!!!
But why should I upgrade?
Windows 7 Professional, 64-bit (might also be listed as x64)
ALWAYS PROFESSIONAL VERSION.
Home Versions CAN NOT be joined to a domain (VERY important for a server network)
What should I get?
Linux
Apple OSX
FreeBSD
Solaris
Other Operating Systems
We know the major players:◦ Microsoft
◦ Adobe
◦ Intuit
◦ Symantec
Important to keep them updated and be aware of vulnerabilities (ESPECIALLY ADOBE, more on this later)
Software
There are a lot of FREE options for software that are as good or better than the “big guys”◦ PDF: SumatraPDF for reading, Bullzip PDF for
printing
◦ DEFRAGMENTING: Auslogics Disk Defrag (faster)
◦ ZIP FILES: 7-Zip.
◦ UNINSTALL: Revo Uninstaller (PERMANENTLY gets rid of old programs)
Other Options
KeePass
LastPass
Secunia PSI
Malware Bytes Anti-Malware
This is security oriented software covered later in the presentation
Additional Apps –
Questions?
Security“The user’s going to pick dancing pigs over security every time” – Bruce Schneier
Security expert
Runs http://www.schneier.com/
Also said: “The mantra of any good security engineer is: 'Security is a not a product, but a process.' It's more than designing strong cryptography into a system; it's designing the entire system such that all security measures, including cryptography, work together.”
Schneier is a smart guy…
You should not view security as a “product”.
You’re not EVER going to be safe just because you have anti-virus installed, or any other piece of software/hardware.
Security means the whole picture, a “process”. User behavior, network security, password security, physical security etc…
The Process
Do you have a firewall? Is it set-up correctly?
Are your passwords 8 characters or longer? Can I guess them by looking at your Facebook profile?
If Auditors demanded a record of user activity on your network i.e. “did Bob access the GenCorp file?” RIGHT NOW, could you provide it to them?
When did you last update Windows? Adobe?
Is your WiFi Secured? (Hint: WEP is NOT secure)
Quick! Assess yourself!
Firewall? Most modern routers have a basic firewall.
Good, because hackers are likely probing your network RIGHT NOW for vulnerabilities/open ports.
Did you change the default username of “admin” and default password of “1234”?
How did you do?
Passwords: Modern Proof-Of-Concept attacks have shown that 7-character passwords can be broken in sub-5 minute range.
If the attacker can guess your password through readily available info, they don’t even need to crack it.
You didn’t use that same password for your online banking, medical insurance, stock fund, and PayPal account, did you?
How did you do? cont.
Auditing/File Access: Personally identifying(PID) documentation of a client has been stolen/deleted by a disgruntled employee.
Can you prove Who? How? When?
Were there controls already in place to prevent an incident?
How did you do? cont.
Updates: Did you update Windows 7 yesterday (11/8/11) to patch the 4 vulnerabilities, one marked “critical” ?
Is your Adobe up to date? (IMPORTANT) Java? Flash?
Have you stopped using older programs no longer supported/patched by companies?
How did you do? cont.
WiFi: Most Wireless routers are set up with default admin passwords.
Also set up with no wireless security or WEP.
WEP is no longer considered secure and can be broken with easily acquired software (I can show you where to legally download it right now)
Need at least WPA2
How did you do? cont.
Better to have a dedicated firewall/router, separate from your modem and WiFi Access Point
Eliminates Single-Point-Of-Failure
More features/more powerful
Network Security
Example
ModemInternet/WAN
Firewall
RouterSwitch
Server
Workstations
WiFi
Notice this “wall” that protects your internal network
Establish a security policy. Detail preventative and reactive measures.
Have your network checked for vulnerabilities. Also known as “Pentesting”.
Have a TESTED and VALID backup and restore procedure if your data is either compromised or in jeopardy (more on this later).
Other considerations
I consider this security!
Is your data REGULARLY backed up to 3 different locations?
Have you run a “disaster drill”? How quickly can you be up and running again?
How much is your data worth?
RAID IS NOT A BACKUP STRATEGY!!!!
Disaster Recovery
Often overlooked security consideration.
Extremely important to have strong passwords
Difficult to accomplish. How do I keep my passwords secure without writing them down?
Password Security
Visit http://howsecureismypassword.net to try it yourself.
Password “abc123” not including quotes.
◦ One of the 20 most common passwords. Would be hacked almost instantly
Examples:
A birthday!
Password “10/11/80” not including quotes.
◦ It would take a desktop PCabout 33 minutes to hack your password
◦ Would be done before lunch is over
Try a different one…
Add some initials
Password “10/11/80gj” not including quotes
◦ It would take a desktop PCabout 32 years to hack your password
◦ Now we’re talking! Once you get over 8 characters, time required to crack grows exponentially
◦ Remember though, I said “crack”. That password is still EASY to figure out with practically no effort.
We’ll show them!
Multiple words, numbers, and symbols
Password “Refer@11myc@ll$” not including quotes.
◦ It would take a desktop PCabout 2 trillion years to hack your password
◦ Probably not many hackers capable of waiting longer than the lifespan of the known universe
◦ The password uses multiple words, numbers, and symbols, and would not be easily figured out using online information i.e. Facebook
Best Case
That site only simulates a Desktop CPU.
Does not account for GPU based cracking.
GPU’s(graphics cards) can run many millions of operations in parallel, much better than a CPU.
Means it can take many more guesses over the same period of time than a CPU.
Further case for strong passwords
Figure out 50 more, and don’t write them down.
Easier said than done.
Your Windows account, your online banking, PayPal etc…
ALL NEED SECURE PASSWORDS
Now you’ve got a good password
There’s an app(s) for that!
Lastpass◦ https://lastpass.com/
Keepass◦ http://keepass.info/
NOTE: Storing your passwords in your browser is almost NEVER secure. IE/Firefox/Chrome prompt you when entering passwords. They often store this information in unprotected/un-encrypted plain-text.
HOW?
They can generate secure/randomized passwords.
You do not have to write them down(which is NOT secure).
You can have them automatically remind you to change the password at specific intervals(good security practice).
Benefits of a Password Manager
Originally started life as a browser extension.
Installs as an Application.
Still integrates heavily with web browser.
Syncs your passwords to their “cloud” for backup and sharing on multiple computers.
Lastpass
Installs as an application.
Somewhat less user friendly, but more powerful.
Better option for those who are nervous about LastPass cloud storage.
KeePass stores passwords in 256-bit encrypted file.
KeePass
Not just about passwords and networks.
Keeping your applications up to date and patched is a key piece of the security puzzle
Programs like Secunia PSI/CSI can monitor the applications installed on your system and notify you when they need patching
Application Security
Remember I said how important it was to keep Adobe Reader/Flash patched:
http://www.f-secure.com/weblog/archives/00001903.html
61% of targeted/specific exploits in 2010 went after Adobe Reader.
Examples
Having it installed(most everyone does) is NOT ENOUGH.
Is it updated? Does it have an active scanner?
Is it even effective? ◦ Virus Bulletin: http://www.virusbtn.com/index
◦ Runs tests on different AV suites/software throughout the year. Check the “VB100”.
Antivirus/Anti-Malware
There are a variety of paid and free options.
Just because you paid for it does not mean it’s good. McAfee failed a VB100 test recently.
Check the license on your “free” A/V. Many of them explicitly state they are NOT for commercial use of any kind.
Microsoft Security Essentials is a good “free” option and the license allows for up to 10 commercial machines.
What should I use?
As your network grows, probably time to consider a paid, centralized option.
Kaspersky, ESET both offer packages that include workstation AND server monitoring.
Can be managed centrally.
What should I use? cont.
Questions?
Why do you need a server?
Details inside!
A server is essentially a centralized computer that houses critical applications and/or data.
At the most basic level, think of it as an electronic file cabinet.
Can fill many more roles: Print server, directory server, application server, web server, file server, monitoring server, access control etc..
What is a server?
Not quite.
1-3 users, no critical need for centralized files/data/printing or access control.
More cost effective to have a shared external drive or Network Attached Storage(NAS).
Everyone should get a server!
Small business, 5+ users.
Has a need for centralized files/databases
Needs shared/centralized printing
Access control. Dictate who can access what and when. Be able to KNOW who accessed what and when.
Who can benefit the most?
Centralized files.
Is the most recent copy of the 2010 financial spreadsheet on Becky’s laptop? Or Don’s desktop?
A lot easier to say “It’s on the ‘S:’ drive in the ‘financials’ folder”.
Makes backups much easier. Backups that are easier to manage are more likely to be successful.
Why should I get one?
Centralized databases
Quickbooks, Lacerte, Sage MAS90/200 etc…
“Can” be stored on a workstation.
“Can” means it is workable with 3-5 users, but much beyond that and you will start to see problems
Why should I get one? cont.
Workstation OSes like XP and 7 were designed for a single user accessing the computer directly.
75%+ of system resources are dedicated to that user.
Only 25% left for network users. Not good.
Workstation OSes will start dropping connections after a certain number (10 half-open for XP). This could be VERY bad.
What problems?
Centralized printing.
Quickly becomes un-manageable to share printers individually from each workstation.
Can install a print server.
All printers connected to network. Can set queues, priorities, page quotas etc..
Why should I get one? cont.
Access Control
In the “Workgroup” model, each computer audits its own users/access/security
Convoluted and difficult to manage with multiple systems
Active Directory allows for centralized management of users and their permissions.
Why should I get one? cont.
CPU: Intel Xeon Quad Core. At least 2.4GHz.
RAM: At least 8GB RAM, DDR3, ECC if possible.
Hard Drives: Ideal is RAID10. Performance is overkill for most but allows for 2 drive failures before data is lost. RAID5 or RAID1 if budget is an issue. 7.2k RPM SATA drives are sufficient.
Operating System: Windows Server 2008 R2 Standard/Enterprise Edition
Recommended Specs
NOT A BACKUP STRATEGY!!!
Simply insurance against mechanical failure of a hard drive.
If your office burns down, the RAID array does you no good if the data wasn’t backed up elsewhere.
A note on RAID
Questions?
VirtualizationGet ready to play “Buzzword Bingo”!
What is virtualization?
Any questions? Good, I’ll be handing out a test now.
Virtualization is a technology that allows the same hardware to be used for multiple operating systems.
A company can go from needing 4-6 servers to 2. Less power consumption = $$$.
Hardware is more utilized, more return on investment.
What is virtualization
“Client” virtualization has many possible applications.
Citrix, VMWare, VirtualBox, KVM, and Microsoft all have client technologies.
Have an old program that only runs on XP i.e. Quickbooks 2006? Install it into your Windows XP Virtual Machine on your Windows 7 desktop.
Not just for servers
Since it is essentially a separate computer, requires a separate license.
Very resource intensive.
Not quite the same performance as native.
Licensing can become expensive for paid solutions i.e. VMWare.
Caveats
Questions?
courtesy of:xkcd.com
Mobile Not just a city in Alabama
More and more workers are remote/out of the office.
Laptops
Smartphones
Tablets
Mobile Workforce
Security.
Outright physical theft is a major concern.
Constant news stories about laptops containing PID records of 100’s-1000’s-10000’s of people being stolen.
Most public WiFi is NOT secure in any way, traffic is passed “in the clear”.
New IT considerations
For smartphones/tablets: Make sure the device is enabled with a numeric “lock”.
May want to have a remote-wipe feature set up. IT can disable/wipe the device if reported stolen.
For laptops: encrypt the hard drive using TrueCrypt. Higher battery usage, but thieves will not be able to access data.
Solutions
Probably not.
Tablets are good to “view” content.
Not so good for “creating” content.
Be honest about what you would need/use a mobile device for. More than likely a laptop will still be the better fit.
Should I get a tablet instead of a laptop?
Mike Vanbuskirk
Tech Specialties
405-385-9462
My contact info
Thanks for watching!