Category: Uncategorized

Where Did 2019 Go?!

It’s been a busy few (many) months at my consultancy job handling the influx of work that has come in. This is thanks to the retirement of Windows Server 2008 & 2008 R2 and also Windows 7. All of those releases were really solid ones (for Windows 7 perhaps the last great Microsoft desktop OS?) and even though they have been surpassed they were very capable OSes for their time.

In saying that it’s most definitely time to move away from them now that extended support has run out. A lot of my time recently has been an effort to get clients from the legacy OS based builds onto something newer. For some clients that means upgrades of the business applications as well as new server builds, for others patching their current applications before moving it to a new server and for the fortunate few just a patch to install. Things like this exemplify the reasons why it’s important in IT to maintain systems and plan for end of support. There is arguably more cost incurred by doing nothing then having to do essentially a project in order to end up with a supported set of OS and applications versus constant planned maintenance.

For the next few months we are concentrating on implementing a new version of the business intelligence tool we resell. It has moved from a direct database connected Excel add-in to one that communicates to a server over HTTP/S. There are many pros and cons to this change and we continue to explore these as we implement with our clients. This will surely keep us busy for a while.

This week in SQL Server largely was the release of Cumulative Update 19 for SQL Server 2017 which I am sure will find its way to a UAT or support server near me soon.

Let’s Review WiFi Security

I recently decided to update my wireless keys and I wanted to share some notes to help others understand what needs to be done to not only have a secure network but also one that performs well.

Tip 1: Choose WPA2.

WEP and WPA are both done for. In addition the 802.11n spec states that you must use WPA2 or else your WiFi won’t set a rate of any higher than 54Mbps. You also need WMM APSD enabled so don’t forget that either. Is there any counter argument left here?

If you are in an enterprise environment you should deploy WPA2-Enterprise which relies on an accounting method such as RADIUIS instead of shared paraphrases to authenticate. This makes it much easier to manage who or what gains access to the network.

Tip 2: choose a sensible length key with a mix of letters, cases, numbers and symbols.

Whilst you’re unlikely to have an issue with someone sat outside in a white van cracking your WiFi keys it’s no harm to choose a password that is something other than a word you might find in a dictionary.

Balance your passphrase complexity and length with user friendliness. A 32 digit key that looks like your cat had a rampage on your keyboard only infuriates your family and tires poor little fingers.

A passphrase 12 digits long with uppercase, lowercase, some numbers and a few symbols thrown in should suffice. Don’t write it down on a scrap of paper either!

Tip 3: Don’t rely on MAC filtering or hiding your SSID. They aren’t security settings. They’re actually management functions.

MAC filtering can be very cumbersome to maintain not to mention someone in that infamous white van mentioned above can sniff out what MAC adresses are transmitting on WiFi which can then be spoofed very easily.

Hiding your SSID in effect sets a flag to the device OS “do not display me”. Imagine of someone wrote software that just ignored such a flag? I’m sure someone hasn’t done that. Surely…

Tip 4: Segregate guest traffic and don’t hand out connection details to your core network.

If you want to offer guess access do it right. Even in a SOHO environment you should avoid the risk of someone introducing a malware bitten device into your network.

For best results your guest access needs to separate the guest traffic by using a VLAN. Consult your router’s documentation for specific details here.