The 3-2-1 Backup Rule

As we all know, backups are important. But, all too often, when disaster strikes, a backup copy isn’t there. While I certainly didn’t invent the 3-2-1 backup rule, it’s a rule that I strongly believe in. Simply, the rule goes like this: For any critical data, you should have 3 copies on 2 media types with 1 offsite or online.

The rule is pretty simple to follow, yet it ensures that important data will always be available when something goes wrong. With the popularity of USB flash and hard drives, along with cloud storage, such as Dropbox or SkyDrive, it’s even easier to ensure data is recoverable.

The first step in this process is to first decide what’s critical data. While backing up everything is certainly a good idea, the reality is that it’s a long, boring process. As such, many people simply neglect to perform this critical task. So, a simpler method for critical files is more practical since these must be available.

To determine what data is critical, there are a variety of places to look on a computer system. Some important locations where documents and settings are stored in Windows are the My Documents folder, Favorites (bookmarks in IE), and the hidden Application Data folders. While there may be other places user data is stored, these are the first places to start.

The My Documents folder is one of the ideal items for backup since this is the default location for user documents. This should be copied to a removable USB drive or stored online via Dropbox or SkyDrive. The Favorites is used by Internet Explorer for bookmarks, so it’s really only important if that’s the browser used. Other browsers store bookmarks in different locations. Rather than try to back these up, I prefer the use of bookmark synchronization, such as XMarks.

The Application Data folder is a bit trickier since, by default, it’s hidden. To show this, select Tools, Folder Options in Windows Explorer or My Computer. Click the View tab and, in the list of Advanced Settings, select Show Hidden Files and Folders and uncheck Hide Protected Operating System Files. Then, the Application Data folder can be viewed. Again, if room is available, this entire folder can be copied to a USB drive or cloud storage.

The next step is to determine where those copies are going to be stored. The first copy is typically the working copy and will no doubt be stored on a local internal hard drive. The second copy should be on a removable device or network share. Since USB hard drives and flash drives are so cheap, it shouldn’t be too hard to find a cost-effective device to store these documents and files. If possible, try to get a USB 3.0 device since the transfer speeds are much faster.

The third copy should be offsite or online copy. With Dropbox offering 2 Gb of free storage, SkyDrive offering 25 Gb of free storage, and many other services offering free storage, it’s easier than ever to store data online. Online storage also offers the advantage of being able to access these documents anywhere on any device or system. The downside is that an Internet connection is required and a very strong password is required to protect the data. Even with a strong password, many may not be comfortable with storing data, such as financial records, online. For these items, it’s a good idea to burn them to CD-R or DVD-R and store them in a safe deposit box.

Personally, I’ve come to rely on this method for my important data. The process can often be automated as well, using free tools, such as SyncToy. While this method won’t completely restore a computer with all its applications, it does ensure that critical documents are recoverable. (For complete systems and applications it’s worthwhile to use an imaging tool, such as Acronis TrueImage or Clonezilla.) This method also provides a simpler way of transferring documents to a new system.

Advertisements
Posted in Computers and Internet | 1 Comment

Bookmark Syncing

One of the disadvantages of getting a new computer is copying over previous settings. Bookmarks you’ve saved on the previous machines are a good example. Fortunately, a free add-on to the major browsers helps to solve this problem. The name of this free add-on? Xmarks (http://www.xmarks.com/)

Xmarks was originally called Foxmarks, since it was originally designed as an add-on for the Firefox browser. However, Xmarks now supports Firefox, IE, Chrome, and Safari. What this program does is sync your bookmarks within your browser to your account at xmarks.com, making it available for any other browser you link to this account. If you add or delete a bookmark, it’s added and deleted for all the browsers that are linked to the account.

The advantages to Xmarks:

  • As mentioned previously, if you’re moving settings from an old computer to a new computer. This makes the process much easier. Granted, you could copy the Favorites folder for IE or export/import bookmarks from Firefox, etc. but this is a much easier process.
  • If you have multiple computers, such as a desktop and laptop. This helps to ensure what you bookmark on one computer finds its way to the other. For me, this is one of its biggest advantages, since I have that exact scenario. No more e-mailing links or remembering which computer I’ve bookmarked something.
  • If you use multiple browsers, even on the same computer. Most Web designers do this to test their sites. It’s also very useful since some sites won’t work, except in one particular browser. Granted, this is poor design by the site’s authors, but that’s of little consolation when you need a site to work, but it doesn’t with your favorite browser.
  • If you want access to your bookmarks away from your computer. Xmarks will allow you to login at the site and, from there, you can click the My Bookmarks link. This allows you to see all of your synced bookmarks, even in places where you can’t install the software or have a mobile device.

While Xmarks isn’t the only bookmark synchronization and sharing software available, it does support the 4 major browsers. (Most other synchronization software only supports just a single browser.) It’s extremely simple to use and set up. It also offers the ability to sync passwords as well, but I don’t personally use that feature. (I’m not a big fan of stored passwords for security reasons.) It also has a site ranking and review feature, which again, I don’t personally like nor use. However, the syncing of bookmarks makes Xmarks a very useful add-on for all the browsers I use.

Posted in Computers and Internet | Leave a comment

40 Most Popular SysAdmin Tools

Sunbelt Software recently compiled a list of 40 very useful tools (with links) to have in your toolkit. Many of these are portable apps, so they can be easily added to a USB drive and run without installation. A very good list of utilities!

The 40 Most Popular Tools For Your System Admin Bag

I use a lot of these myself, such as Notepad++, 7Zip, VirtualBox, etc. A list that everyone, even if there are some utilities you don’t find useful, should take a serious look at.

However, one of the utilities that stands out is the Ultimate Boot CD 4 Windows. This will create a bootable CD that starts the WindowsPE system and has many utilities that can be used to repair and fix problems on an existing Windows system. It also has some command line utilities, such as a password reset utility.

By having a USB drive with an assortment of tools along with this CD, you should have almost all the tools you need to fix or repair a system!

Posted in Computers and Internet | Leave a comment

HOSTS and DNS

Name resolution is a critical part of Internet access and Web browsing. Without it, we’d all have to remember IP addresses of all the sites we visit, instead of nice, easier-to-use http://www.somewhere.com names. In addition, we can also take advantage of name resolution methods to actually reduce malware and phishing, regardless of the browser used!

Let’s examine a bit of history. Before DNS (Domain Name System) was used, all computers connected to the Internet’s precursor, ARPANet, had to have a file with the names and IP addresses of all other computers. This file was a text file known as a HOSTS file. Even when DNS was implemented, HOSTS files were, and still are, available on every operating system that supports TCP/IP. What’s even more significant is that HOSTS files will be used to resolve a name before DNS, essentially meaning that a HOSTS file overrides DNS information.

This can work to both are advantage and disadvantage. Malware can “hijack” the system’s HOSTS file to redirect a legitimate URL, such as http://www.google.com and send the user to an attacker’s site. Not surprisingly, a lot of anti-virus/anti-malware software will try to protect the HOSTS file from changes.

Conversely, we can use the HOSTS file to block certain “bad” URLs by redirecting to the localhost address of 127.0.0.1. This can be any URL, such as a phishing site, known malicious site, or even ad sites. Since the HOSTS file is system-wide, it blocks these sites regardless of the Web browser, e-mail program, or any other program used.

The obvious problem is that manually entering the ever-growing list of sites into the HOSTS file can take a long time. Fortunately, there are HOSTS files that are maintained and updated with a list of such servers:

MVPHOSTS
HPHosts – Not associated with Hewlett-Packard

While downloading these updated HOSTS files is very useful, we can go one step further and use programs to keep them updated or even turn on/off the HOSTS file. Some good programs are:

Hostess
HostsXpert
HostsMan

One of the most powerful is Hosts Manager

Before modifying or downloading the HOSTS file, check your anti-virus/anti-malware settings. Some will try to protect against HOSTS file modification. Since you want to modify the file, you’ll probably need to disable the anti-virus/anti-malware protection of the file.

In addition to the HOSTS file, it’s worthwhile to examine DNS servers too. Most people who connect to the Internet simply use the DNS servers provided by their ISP. While there is nothing wrong with this, you don’t have to use them! You can use any DNS server for name resolution. This is especially useful of you are setting up a system and don’t recall the IP address of a valid DNS server. Fortunately, there is a root DNS server, 4.2.2.2 that has an easy-to-remember IP address.

Another useful DNS service is OpenDNS. This service provides many things:

  • It blocks known phishing sites.
  • It helps correct mistyped URLs, such as og instead of .org.
  • If you create an account, it provides the ability to create parental controls or site blocking.
  • Other useful features for those with an account.


Here’s a button that determines if you’re using OpenDNS or not. If not, you can click the button to learn more. Or, you can simply visit www.opendns.com to find this information. OpenDNS server IP addresses are: 208.67.222.222 and 208.67.220.220. You would need to provide that information to either a static IP address on a system or for the router’s DHCP information.

By using both of these methods, a custom HOSTS file and OpenDNS, you can thwart a lot of malicious sites. Again, it doesn’t matter which browser or program being used, since these are system-wide settings. Additionally, the OS isn’t important since all TCP/IP-based systems, Linux, Windows, Mac OS X can use HOSTS files and OpenDNS.

For those that have to support family members who “get in trouble” by browsing sites they aren’t supposed to, these techniques should help solve that problem. Obviously, good anti-virus software should be used even with these methods. (For those that have family members who are unwilling to pay for AV software, both AVG and Avast! have free versions.)

Posted in Computers and Internet | Leave a comment

Using the netsh command

One of the more powerful command-line networking commands since the release of Windows 2000 is the netsh command. With the Windows 2000 version of the command, it is very useful to configure network settings from the command line, or better yet, to export/import configurations with a script.

Why would you want to do this? Let’s examine a scenario: You work in as a consultant that travels between offices. Some use DHCP, some don’t. One method that’s used in modern versions of Windows is the Alternate Configuration tab in the TCP/IP properties when DHCP addressing is selected. While that works well, it essentially limits the static address to a single address if a DHCP server isn’t found on the network. If you travel to networks with different static address schemes, that can be problematic.

Fortunately, the netsh command comes to the rescue! What needs to be done first is to create a file with the appropriate adapter, IP address, subnet mask, DNS server, etc. While you could create a file manually, you can also use the netsh command itself to export the configuration by using the following command:

netsh -c interface dump > c:\location1.netsh

This creates a file on the C: drive called location1.netsh. This is simply a text file with the current IP address information. You’d probably want to change location1 to something more appropriate. Also, since this is a text file, you can use the standard .txt extension, but by using .netsh instead, it makes it more obvious what that file actually is. (But, that’s really up to you.)

You can then manually modify this file in Notepad for each of the other locations. Or, you can make those changes manually in the TCP/IP properties of the network adapter and run the command again. The text file is pretty self-explanatory and shouldn’t be too hard to edit.

Once you have all the files for each of the locations, you can quickly import those settings via the –f parameter. An example of this command syntax is as follows:

netsh -f c:\location1.netsh

To go one step further, it wouldn’t be hard to simply copy and paste these commands into a batch file. So, you could create a file called ConnectLocation1.bat with the above command. Then, copy this to your desktop, Start Menu, or wherever you could readily access it. Now, a simple double-click would allow you to switch to that network.

Maybe that’s not exciting enough for you? In that case, let’s examine another feature of netsh: the diag ping feature. Yes, you can use the ping command by itself, but what netsh diag ping does is allow you to ping various IP options for an address, such as the default gateway or DNS servers. For example:

netsh diag ping dns

This pings the IP address of the DNS servers that have been configured, either manually or dynamically for all adapters. You can also specify a specific adapter by using the adapter parameter. For example:

netsh diag ping adapter 2

This command would ping all the IP addresses listed in the configuration for network adapter 2. Specifically, the default gateway, DNS servers, WINS servers (if configured) and the adapter’s own IP address. There are other items, such as the mail servers configured in a mail profile that can be pinged as well.

Still not impressed? There is one more very nice netsh diag command parameter:

netsh diag gui

This starts a GUI-based report of IP configuration settings.

Using Windows Vista? If so, the netsh has expanded its set of options. For example, most people who have used NetStumbler have noticed it doesn’t work under Vista. While programs like Vistumbler (http://www.techidiots.net/project-pages/vistumbler) provide the same functionality, the netsh command also has that ability. In a Windows Vista command prompt type:

netsh wlan show networks mode=bssid

This shows any SSID networks out there, including encryption used. It’s a command-line version of Netstumbler or Vistumbler. Not surprisingly, netsh wlan also allows for configuration of wireless network adapters.

One more netsh feature is the ability to configure the Windows firewall. Rather than try to list all of the firewall options, I’ll simply point to the very good WindowsNetworking.com article:

http://www.windowsnetworking.com/articles_tutorials/Using-Netsh-Windows-Firew…

Hopefully, with this information, you can see just how useful this command can be! And we’ve just scratched the surface of what this command can do.

Posted in Computers and Internet | Leave a comment

Password Security

Since they are the only method typically used to identify a legitimate user, passwords security is extremely important! Unfortunately, many sites and recommendations focus on what not to do, such as don’t write the password down, don’t use dictionary words, etc. While these tips are useful, they don’t really train the user on what they should do.

So, let’s examine one way to come up with a good password. (And later, some sites to check the strength of the password.)

One method is to take a phrase, such as, "Mary had a little lamb" Then, take the first or first two letters of that phrase to compose the password. In this case, I’ll choose the first two letters. This creates a password of:

Mahaalila

This can be strengthened even further with character substitution. Some Web sites don’t allow for symbols in the password, but fortunately, even without symbols this is a stronger password than most users will come up with on their own. Yet, this should still be easy for the user to remember.

Adding character substitution with the character "a" substituted with "@" and "i" with "1" gives:

M@h@@l1l@

This creates a pretty strong password. But, many organizations require the user to change passwords periodically. In these environments, most users will simply add a "1", "2", "3" until they can use the original password. Not surprisingly, this isn’t very secure.

To deal with periodic password changes in a secure way, an easy way is to simply add the date the password was change to the end of the password (or before, depending on preference.) So, if the password was changed on November 2008, then "1108" would be added to the password.

This gives:
M@h@@l1l@1108

This password should meet most organization’s password security requirements, yet still allow for the password to be easily remembered by most users.

But, how does one know how secure their password is? Here are some sites that check how strong a password is:
Microsoft’s password checker site:
http://www.microsoft.com/protect/yourself/password/checker.mspx

Password Strength Checker:
http://www.passwordmeter.com

Posted in Computers and Internet | Leave a comment

Using Notepad as a Log

A cool little known feature of Windows Notepad is that it can be used as a log with the time and date of entries. When Notepad is opened, the time and date will be placed at the end of the file. Then you can add information at the bottom of the file. This can be a useful thing when recording items over a span of time, such as a changelog in a server environment.

To do this, simply put .LOG at the top of the text file in Notepad. Note that the word "LOG" has to be in all caps. Then, save and close the file. When it’s opened again, then Notepad will automatically add the date and time at the end of the file. You can then start typing any entries.

What’s also very nice is if you need to add the date/time to a file when it’s open, simply hit the F5 key. This will put the date and time at the current cursor position.

Microsoft has a KB article here: http://support.microsoft.com/kb/260563

Posted in Computers and Internet | Leave a comment