The following video was recorded from a Windows XP laptop. This short lesson demonstrates how to connect to a FTP server using Windows Explorer and transfer a file from your PC to a FTP server.
Today’s message from DVD host Omar Wasow is titled “Windows Vista IS for Dummies, buy a MAC if you really want to get some work done.”
Fox News ran a short segment today titled Picking a PC. The guest of the segment was Omar Wasow whose claim to fame comes from being the host of the Windows Vista for Dummies DVD
The Fox News hosts along with their guest (Mr. Windows Vista for Dummies) actually give MAC the big endorsement. The most interesting part of this HOWTO pick a PC story is that when Wasow is asked which machine he uses, his answer leads him to admit that he is a MAC user. He does slip in there that he uses Windows too, but his reaction shows a clear preference for the MAC “Road Warrior ” machine. The Dell laptop shown in the clip gets the worst press of all as being the cheap choice for the college kid.
When ranking the security status of a PC on a scale from 1 to 5, with 5 being the most vulnerable, this PC ranks an 87.
This is a screen capture from the Windows Update site for one of my laptops shortly after installing Windows XP Professional and adding Service Pack 2. Choosing to ignore these updates leaves a PC very open to attacks especially if the machine has not anti-virus software and a firewall is not running.
Visiting the Windows Update site is a good first step to securing a PC. There are a few other things that I would highly recommend when building or buying a new PC.
I can not impress upon you bloggers how important number three is for those of you who frequently log onto your blog software via http (tcp port 80) over a public wireless access point from a hotel, coffee shop, or your favorite lunch location. The software to enable a hacker with the capability to capture your user ID and passwords over a public access point is widely available and very easy to use. The same from utilities can be used to capture unencrypted passwords used when accessing email, ftp servers, and web site control panels.
This is a fairly common question in small IT shops. I have faced this question a couple of times in my IT career and I will share some details from my experiences. I posted a lengthy comment on the subject of DHCP vs static IP addresses on my friend Trace’s new blog. Trace started a brand new blog a few weeks ago titled Trace Pupke:another church IT blog. Trace is the IT Director of Seacoast Church. Here is what I had to say on the question of “DHCP or Static IPs?“.
I recommend that you consider DHCP reservations as a middle ground between the static addresses and your current DHCP configuration. There are several reasons for this, but the main reason is for centralized control of changes to DNS, Default Gateways, and Subnet Mask. I would definitely continue to use DHCP for laptops since they are frequently moved between your network and other networks. If you feel that static addresses are the only way for you then you might offer your users the ability to change their own IP settings on the laptops for when they travel. Here are a couple of scripts you can user in two separate BAT files to easily switch between static and DHCP without having to open the TCP/IP settings of their NIC.
Put the following two lines in a file called office.bat. netsh interface ip set address name=”Local Area Connection” static 192.168.0.2 255.255.255.0 192.168.0.1 1 netsh interface ip set dns “Local Area Connection” static 4.2.2.1 primary Put these next two lines in file named away.bat. netsh interface ip set address name=”Local Area Connection” source=dhcp netsh interface ip set dns name=”Local Area Connection” source=dhcp Note: The “name” variable must match the Name shown for that NIC in the Control Panel/Network Connections. If you are wondering how I ssh from the command line of Windows you should check out my post titled SSH from Windows CMD line.
Since my job most often requires me to interface with network devices via telnet or ssh I like not having to use the mouse when in a tight network closet. I am often working on IP segments that do not have DHCP configured so I put several of these types of files with short easy to remember names in my system directory. You can use any other folder found in your path statement. That way I can run them from any folder on the command line without having to use the mouse. One way to stop the rouge clients is by implementing port security on your switches where you match a port to a specific MAC address. Most IOS versions from Cisco support this as a standard these days. I am not sure about 3Com. This can be difficult to manage in an area where you have a lot of visiting network users. In that case you should consider putting those non-secured drops in a DMZ off your firewall to keep them off of your trusted/inside network IP segment.
I have traveled down the path of answering this very same question for myself as a system administrator with two previous employers. One employer was Piedmont Technical College where I had about 350 user nodes. Not all of these were IP based clients. Many were on Local Area Transport (LAT) using VT terminals to access our VAX. All of my clients were scattered across 9 locations in seven different counties of South Carolina.
The other employer where I faced this DHCP vs Static decision was at Cambar Software now called Cambar Solutions. Back in the day when I started with Cambar, we had about 100 PCs with a majority of them running OS/2 Boot Manager to allow for booting to one of three separate operating systems (OS/2, Windows 95, and Windows 3.1). Later we added NT 4.0 as an option on some of the multi-boot systems. These were the operating systems that different clients were running at the time. The developers, testers, and help desk folks could boot into the OS that was needed to support the particular client they were currently working with at the time. The trick to static addesses was to keep the same address on all three operating systems. They were not running and internal DNS or WINS server when I started, but were using hosts and lmhost files to provide friendly names for accessing the dozens of servers (uh hotrod PCs) that they were running DB2, Oracle, and MS SQL databases on. This setup was an administrative nightmare when trying to add a new host to the hosts file of three different operating systems of 100 PCs.
Both of these previous employers were running static IP addresses when I started. They both ended up on DHCP before I left. Today I am no longer supporting end users directly as I was back then, but I do support dozens government customers with 5,000 plus users on the LANs. They all use DHCP as you might expect.
What this question boils down to is this. How easy will it be for you to manage static IP addresses. If you are a very small IT shop, say less than 50 users with yourself as the only IT support person, then static IP addresses will probably be pretty easy to manage. If you have more than one IT support staff member, then things get a little more complicated. Who will control the list of IP addresses and how will it be accessed? If you are installing a new PC and do not currently have access to the list (online spreadsheet or notebook in another IT guy’s pocket), then how do you know what is available? These circumstances become much more common as your network grows and the number of support staff members increases. I submit that wireless access to online versions of these IP list spreadsheets via PDA’s does make the static address management a little less cumbersome than in my desktop support days.
No matter the size of your IT shop, if you want better control over your IP addresses, then the reservations is a good way to go. You will still want to keep a few non-reserved addresses available in your DHCP pool in the event you need to quickly add a printer or PC, but you can easily restrict what those IPs can do with a good firewall strategy. You can free up their network access via the firewall a little later.
My comments on Trace’s blog were echoed by another Church IT director Travis Kensil. Travis touched on the wireless factor which I did not have to deal with back when I was answering this DHCP vs Static IP question.
Which one is the real cool toy? Is it the airplane he’s leaning on or the cool software for your PC that allows you to interact with your Treo 650 on the desktop using your mouse and keyboard?
I had no idea this PDAReach tool or the PDANet application was on the market. The folks over at June Fabrics have done a fantastic job with these two applications.
The PDAReach application ($24) as shown in the above image lets you display and control your PDA on the desktop. This is especially helpful for me since one of my favorite Bible study resources is my Palm Bible Reader software from OliveTree. The specific functionality found in Bible Reader is only available on PDAs. I can access the bookmarks notes and search feature using my PC mouse and keyboard using PDAReach. You can read more about my experiences with Bible Reader on The Land of Ozz. The PDAReach application works with just about any Palm OS device on the market.
The PDANet application ($34) allows for me to connect to the Internet via the unlimited data plan that I already have with Verizon Wireless using the USB cable that shipped with my Treo 650. Basically you can use your Treo 650 as a modem that can reach connection speeds up to 144 kps. I have done a little research and found a couple of other applications that help you use your Treo 650 as a modem, but I have not tried them.
These two applications from June Fabrics get high marks for affordability and functionality. Both products have trial versions available and can be downloaded from June Fabrics.
Today we feature a case of making a mountain out of a mole hill. The Washington Post released a story about how a Windows Wireless Flaw a Danger to Laptops. I have a news flash for you WaPo. This is a functionality of hard wired Windows based laptops and computers anywhere. Yes, you can gain access in more unsuspecting places like on airplanes via wireless, but this is not a new idea. The types of additional tools required to hack a laptop via a wireless connection as described in this article can also be used to hack a hard wired computer over a dial-up, cable modem, LAN, or DSL. Simply having an IP address on the same IP segment does not constitute hacking a computer as this article suggests. The meat of the story was skipped to satisfy the fear of the general population. In order to gain access to the target Windows computer remotely you must also gain user rights on that computer which requires using software that is not included on Windows computers. Computers plugged in via a standard network cable to a hotel, office, or home network are susceptible to the same kinds of attacks if they are not taking measures to “try” to stop hackers. This news story is not really that big of a story after all. The most interesting portion of the article found below was where they are talking about hacking a laptop while on a plane over international waters.
Loveless said he believes that since the attacks were mostly carried while the plane was over international waters that U.S. law enforcement might have a hard time making the case that he was violating any laws. The real answer to that very interesting question, he said, would probably not be evident until someone gets sued in court for it.
Law enforcement authorities don’t seem to have a problem prosecuting a person for other offences over international waters. What makes computer crime over international waters any different than computer crimes committed on the ground? The bottom line is that your data is only safe when it is on a computer that is turned off, unplugged from power and network, locked in a safe, and guarded by the US Marines.
