WindowsNetworking.com - Monthly Newsletter - July 2015
Hi Security World,
Welcome to the WindowsNetworking.com newsletter by Debra Littlejohn Shinder <http://www.windowsnetworking.com/Deb_Shinder/>, MVP. Each month we will bring you interesting and helpful information on the world of Windows Networking. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to: email@example.com
1. Redundancy isnâ€™t always enough
One of the first things that I was taught in firearms training at the police academy was the importance of carrying a backup â€" a second gun that can be used if your primary weapon is taken from you or malfunctions. Not all officers do, and most go through their entire careers without ever needing to resort to that backup, but when you do need it, itâ€™s a life-or-death situation.
As an IT pro, youâ€™ve probably had a similar concept drilled into your head from the beginning: the importance of having failover equipment in case of a hardware failure or a software glitch that renders a critical system or device unusable. While the consequences might not be quite as dire, they can nevertheless be pretty serious, since a network outage can have a negative impact of thousands (or more) of dollars on the companyâ€™s bottom line due to lost productivity and damage to customer relations and reputation.
Thatâ€™s why we have server clusters, RAID arrays, data backups, VRRP (Virtual Router Redundancy Protocol) and HSRP (Hot Standby Router Protocol), and a plethora of other technologies that are dedicated to creating duplicates of critical information, systems and communications pathways. All organizations that need high availability or rely on their computers and network connectivity for essential operations must have a redundancy strategy of some kind.
When it comes to the network itself, redundancy requires a two-pronged approach; it involves creating multiple paths by which data can travel from one point to another within the internal network and multiple gateways to the Internet in case of an ISP outage. Large companies â€" and some small ones â€" pay for two separate Internet connections from different providers and configure them so that bandwidth can be aggregated for a faster overall connection and if one goes down, the other automatically takes over.
Even home users for whom an always-available connection is important, such as telecommuters and entrepreneurs with home businesses â€" often purchase, for example, Internet plans from both their phone companies and their cable companies, or fall back to sharing the 4G connections on their cell phones via tethering, in case of ISP down time.
Of course, once the data gets outside of your local network, you have little control but the Internet itself is also a highly redundant system. It was purposely designed that way, as a collection of internetworks connected through Internet Exchange Points (IXs or IXPs), which have replaced the original Network Access Points (NAPs). The Internet was original designed this way by ARPA to withstand nuclear or other attacks, so that if a part of the internetwork was taken out, messages could still get through by taking an alternate route.
And that brings us to routers and their vital role on networks large, small and in between, including the global Internet. Routers are the physical devices that connect two networks together. It is the job of the many routers on the Internet and those on local networks to see that the information being sent reaches its intended destination, and to determine the best route for getting it there, based on the routing protocols that itâ€™s using. Switches, often confused with routers, connect computers together within a network.
Both switches and routers are essential to the operation of a network that needs connectivity to the Internet (or another private network, for that matter). Thus any good business continuity plan would include backup switches and routers.
Redundancy can go a long way toward protecting your network from expensive down time if hardware fails, but unfortunately redundancy isnâ€™t always enough. This point was brought home by the United Airlines network failure â€" which the company said was due to a failed router â€" that resulted in the grounding of the airlineâ€™s entire fleet of planes for over an hour. The reservations system was inaccessible and the staff was unable to check in passengers or print boarding passes and luggage tags. This came on the heels of another â€œcomputer glitchâ€� that disrupted service in June, and a month before that American had a similar experience.
Why would the failure of a single router cause such a wide-reaching and lengthy impact on service? The problem is that a malfunction of one router can affect the performance of other routers and of servers and other systems since theyâ€™re all connected to one another by the network. The phenomenon of the cascading failure is well known in relation to the electrical grid, and itâ€™s just as applicable to routers and other computer systems. When one part of the system fails, if you have a redundancy plan then others will take over for the failed system. However, if this isnâ€™t discovered quickly, the extra workload on the secondary systems can cause them to fail, as well.
If a critical router fails, then traffic will be routed through an alternate node. Thatâ€™s how redundancy is supposed to work. But it can cause the alternate node to become overloaded and go down, too, which in turn puts an even bigger load on the remaining nodes, and you can see where this ends up: with all of your planes on the ground.
In general, protection against cascading failures involves better load management and added robustness and redundancy of systems. Early detection of a failure (or better yet, an imminent failure) is crucial to replace the failed system before it can affect other systems. The problem of cascading failure has been the subject of many studies and there are no magic bullets, but awareness is the first step toward building networks that are better able to withstand an isolated failure without major impact on an organizationâ€™s operations.
Some say the cloud is the answer. Others arenâ€™t convinced. What say you?
'Til next time,
My definition of redundancy is an air-bag in a politicianâ€™s car. â€" Larry Hagman
2. Windows Server 2012 Security from End to Edge and Beyond - Order Today!
Windows Server 2012 Security from End to Edge and Beyond
By Thomas Shinder, Debra Littlejohn Shinder and Yuri Diogenes
From architecture to deployment, this book takes you through the steps for securing a Windows Server 2012-based enterprise network in today's highly mobile, BYOD, cloud-centric computing world. Includes test lab guides for trying out solutions in a non-production environment.
Order your copy of Windows Server 2012 Security from End to Edge and Beyond. You'll be glad you did.
3. WindowsNetworking.com Articles of Interest
Hybrid Network Infrastructure in Microsoft Azure (Part 1)
In this first article in a multi-part series, I begin a discussion of the issues surrounding hybrid IT as it pertains to the on-premises Windows Server network and the Azure public cloud. This introductory piece focuses on understanding the hybrid IT infrastructure and the important features that are provided by Microsoft Azure for building your hybrid cloud.
PowerShell for Storage and File System Management (Part 1)
Brien Posey begins a new article series on how you can use Microsoft PowerShell to manage and monitor hardware and the file system by jumping right in with some how-to instructions for checking the health of your physical disks using PowerShell cmdlets and discusses how to put the returned data to work for you.
Simplify Enterprise Wi-fi Security and 802.1x on Small Networks
In this article, Eric Geier tackles the subject of deploying enterprise wi-fi security with 802.1x authentication with a focus on small businesses and organizations that lack a full-time IT staff and often overlook the importance. The article is written without the technical jargon and includes tips for making the process easier so that it will be more feasible for these small orgs.
IPv6 for Windows Admins (Part 4)
If youâ€™ve been following Mitch Tullochâ€™s series on everything you need to know about IPv6 in a nutshell, youâ€™ll want to catch this fourth and final installment. Parts 1 through 3 explained how nodes can be identified on an IPv6 network, different types of IPv6 addresses and their uses, and how IP addresses can be manually assigned to network nodes. This one wraps things up with a discussion of how to automate the IP address assignment.
Product Review: SolarWinds Server & Application Monitor
This review of the latest version (6.2) of the SolarWinds Server and Application Monitor and specifically its new AppInsight feature for IIS takes you through the installation process, shows you how to configure the product and how it is used to monitor IIS and discusses the pricing structure, then assigns a product rating based on the evaluation experience. If youâ€™re in the market for this type of software, the author rates this as one of the best.
4. Administrator KB Tip of the Month
Moving the INETPUB folder to a different volume
According to this blog post it's possible and supported for you to move the INETPUB folder and its content from its default location on C: drive to a different volume:
However this is somewhat misleading as you can only copy INETPUB and not move it. As the fine print in red at the end of this blog post indicates, you must leave the original INETPUB folder structure in place afterwards because deleting it may break Windows servicing when software updates are applied to your IIS web server. So after patches are applied you may need to copy any updated files from your original INETPUB folder structure to your mirror location on the other volume to ensure your web sites and web applications continue to function properly. But that means you're adding more administrative overhead, so a much better approach is to leave INETPUB where it is on C: drive and use virtual directories instead to relocate your web content to a different drive.
The above tip was excerpted from Mitch Tulloch's book Training Guide: Installing and Configuring Windows Server 2012 from Microsoft Press. For more admin tips, see
5. Windows Networking Links of the Month
Top 5 factors driving domestic IT outsourcing growth
What is Second Wave Wi-fi?
The hottest IT skills and salaries
Internet of Things is overhyped; should be called Internet with things
Network disruption: Just go with the flow
Five reasons why new hires are the companyâ€™s biggest data security risk
6. Ask Sgt. Deb
Iâ€™m the IT person (yes, the only one) for a small business with 12 employees (an interior design company). We upgraded the computers at our office to Windows 7 when Windows XP went out of support but didnâ€™t get new hardware. Now the systems are getting old and outdated and we donâ€™t know whether we should upgrade to Windows 8.1 or wait for Windows 10. Realistically what are the pros and cons? I should add weâ€™re really concerned about security. Thanks! â€" Rick K.
In the past, I would have generally advised anyone asking that question this close to the final release of a new operating system to just wait and go with the latest. That way if the new OS had features you really needed, you would be paying to upgrade twice in a short time period. However, Microsoft has announced that Windows 8.1 users (including business users) will be able to upgrade to Windows 10 free within the first year after release.
In the meantime, Windows 8.1 will offer some very real security advantages, which Nirmal Sharma explains in this article on Windows 8 and 8.1 Security at Different Operating System Layers:
If you were talking about a large enterprise with hundreds of computers, my advice might be different because an OS upgrade is a huge task, but with only 12 computers, you can fairly easily do a second upgrade to Windows 10 during the free period. A caveat: Since your users are used to working with the Windows 7 desktop environment, I would advise installing a third party applications such as Start8 from Stardock or Classic Shell on the Windows 8.1 computers so they will have the full and familiar Start menu to work with.
- Articles & Tutorials (http://www.windowsnetworking.com/articles-tutorials/)
- KBase Tips (http://www.windowsnetworking.com/kbase/WindowsTips/)
- Products (http://www.windowsnetworking.com/software/)
- Reviews (http://www.windowsnetworking.com/articles-tutorials/product-reviews/)
- Free Tools (http://www.windowsnetworking.com/software/Free-Tools/)
- Blogs (http://www.windowsnetworking.com/blogs/)
- Forums (http://forums.windowsnetworking.com/)
- White Papers (http://www.windowsnetworking.com/white-papers/)
- Contact Us (http://www.windowsnetworking.com/pages/contact-us.html)
- MSExchange.org (http://www.msexchange.org/)
- WindowSecurity.com (http://www.windowsecurity.com/)
- VirtualizationAdmin.com (http://www.virtualizationadmin.com/)
- ISAserver.org (http://www.isaserver.org/)
- CloudComputingAdmin.com (http://www.cloudcomputingadmin.com/)
- InsideAWS.com (http://www.insideaws.com/)
- WServerNews.com (http://www.wservernews.com/)
To unsubscribe: http://www.techgenix.com/newsletter/members.aspx?Task=OOS&SI=78504&E=security.world%40gmail.com&S=1&NL=33
To change your subscription settings: http://www.techgenix.com/newsletter/members.aspx?Task=US&SI=78504&E=security.world%40gmail.com&S=1
WindowsNetworking.com is in no way affiliated with Microsoft Corp.
For sponsorship information, contact us at advertising@WindowsNetworking.com
TechGenix Ltd. Mriehel Bypass, Mriehel BKR 3000, Malta
Copyright WindowsNetworking.com 2015. All rights reserved.