2015-11: Out of Band Management

Posted on 1 November 2015 by Marc

Location:  The Working Centre 58 Queen Street South, Kitchener, ON (plan)
Date: 09 Nov 2015

Out of band management : how do you manage servers when the servers are not directly accessible?
What tools and technologies do you use?
Under what circumstances do you find these tools helpful?

Meeting Notes

– Kirk’s introduction

– Hard drives: SMART data (gsmartcontrol)
– How do you protect these tools from the Internet?
+ Devices have separate LAN connections should be cabled to separate VLANs
+ Remote connections: secured with certificates

– Intel vPRO is better supported than AMD Dash
– Other than DMTF it is not standardized

– What are the credentials?
+ Serial connections to public key crypto
– What happens if there is no connectivity?

Is this of use to us?
———————

– Some of the ground is covered by virtual machines
– None of us are planning to implement this?
+ A lot of it depends on hardware support

– Monitoring tools: Cacti (graphs), Nagios (alerts)
– pfSense firewall
– Mikrotik routers

Posted in Out of Band Management, Past Meetings | Leave a comment

2015-10: Data Migration

Posted on 1 October 2015 by Marc

Location:  The Working Centre 58 Queen Street South, Kitchener, ON (plan)
Date: 19 Oct 2016

We’ll meet to discuss different data migrations we have worked on. Some possibilities include: – Migrating between mail servers (eg upgrading Exchange, moving from GroupWise to Exchange)
– Migrating from Linux to Windows or vice versa
– Migrating from MS Office to LibreOffice

Bring examples of migration projects you have worked on, and upcoming migrations that you are planning (or procrastinating about…)

Meeting Notes

– What systems have you migrated?
– What lessons and best practices have you learned?
– What migrations are coming up? What are the challenges?

### Migrating from Exchange 2003

– The customers are in their 80s
– Marc is moving them to cloud-based email for simplicity
(business Outlook.com)
– What will they do for backups? (No)
– They were on older versions of Outlook
– Comparisons: https://products.offi…­
– Are there backdoors?
– Some companies transferred to outlook.com and lost emails, so it is easier to move mails one by one
– You need to look for PST files as the user
– Look for autocompletions : outlook.nk2 (also see nk2view)

### Dealing with people who leave

– Do you let them delete files off their machines?
– How do you separate personal and work stuff?

### Passwords

– ophCrack uses rainbow tables
– Passwords are easy to crack with Hashcat
– Are there ways to be clever with short passwords? (No)

### Everything is terrifying

– scam emails
– clickjacking
– phishing and spear phishing
– bootstrapping from small amounts of data to larger amounts
– Cryptolocker

### PST files

– Mail archive format for Outlook
– You should not keep them on network shares

### Migrating file shares

– It is important to have only one writeable copy at a time
– Migrating file shares to Linux. There are problems:
+ Shadow copies
+ Sometimes permission sets have issues

### Virus removal tools

– MalwareBytes
– Microsoft Security Essentials
– HijackThis (logging)
– CCleaner

For user education:

http://cr-handouts.dy…­
– ninite.com for getting software

### Other recommendations

– BlueGriffon website builder
– Zikula PHP framework/CMS (based on PostNuke)

Posted in Data Migration, Past Meetings | Leave a comment

2015-09: Backups

Posted on 1 September 2015 by Marc

Location:  The Working Centre 58 Queen Street South, Kitchener, ON (plan)
Date: 21 Sep 2016

What do you care about when doing your backups?
What backup products and workflows do you use?
What products do you use to synchronize backups? Bittorrent sync? Crashplan? Others?
How do you test your backups? Do you do disaster recovery simulations? How?

Meeting Notes

### Discussion Questions

– What do you care about backing up? What do you not care about?
– What backup products do you use?
– What backup workflows do you use?
– What products do you use? rsync? Backup Exec? Crashplan? Other?
– How do you test your backups?
– How do you test disaster recovery?

### Linux backups for publishing

Linux server backs up files from the last 45 days to a DVD (as much as would fit)

+ Back up once a month
+ Plus nightly backups with rdiff-backup (which includes history) on a 3-disk RAID array
+ Would restore files from DVD
+ Low strain of hardware, low attack surface from web
+ The DVD backup was in use for 15 years
+ Each book project is responsible for its own backups
+ Restructuring a full backup would be tedious
+ But the most recent files are accessible (and these are the most important)
+ System was designed when most files were smallish, but Adobe Indesign makes big files

### At the Working Centre

+ Symantec Backupexec for most file servers, mail server, Active Directory
+ Remote sites we use Windows Server Backup + backupexec once a week
+ Active Directory is important but remote domain controllers is a backup
+ My Documents are mapped and get backed up
+ Desktops, bookmarks, PST files do not get backed up on clients
+ Weekly full backups + daily differentials for Windows
+ Linux: tarballs of important files + rsync to a central server
+ Backup server in our server room + (maybe) remote sync
+ Copy most important files on encrypted USB keys

### Big Backups don’t sync!

– DFS doesn’t work!
– Syncthing doesn’t work!

### Sidebar: What is Active Directory?

– SMB is Samba storage and network (Windows File shares)
– Active Directory is an LDAP database:
+ User accounts and passwords
+ Security groups
+ Computer accounts
– On Linux: there are RedHat, SuSE LDAP solutions
– On Samba 4, you can mimic an Active Directory domain
+ Linux clients can (kind of) join a domain, and log in using Active Directory credentials
+ Active Directory implements a bunch of open standards, so you can connect to it from Linux clients

### What happens at REEP?

– Two servers at one location
– Everything is backed up there: file shares, Active Directory, …
– Image for Windows is what he uses
+ Does an image backup for the servers
+ Saved onto a separate internal drive
+ Full backups are once a month + differentials
– Puts the monthly full on an external drive
– Also uses shadow copy
+ This gives end users previous versions
– JungleDisk backs up file shares to their Amazon servers
+ $10-15/month for 200GB of storage
+ It has some historical information
+ Do you trust them? Yes
+ Information is not highly confidential
+ Backs up twice a day over a tunnel
– Incremental backups happen every day
– There is a RAID mirror in the server as the first level
– He uses Exchange online and so does not worry about backups

### Why backupexec?

– Wanted more granular restores of Exchange
– It thinks in terms of tapes

### Lessons

The cloud is convenient

Redundancy is important!

### Hardware confidence?

– We have spare parts for hardware servers
– We have virtual servers
– RAID hard disks in the servers
– Brendan wants servers that are under warranty
+ 5 year warranties built in
– TWC uses gamer-quality hardware with good reviews
– Custom-built servers: depends
+ Gamer-quality or low-end business quality
– We use Hyper-V for virtual servers
– Touch Machines bought in pairs
+ both machines run 24-7
+ AMD processors

### Backup Levels/options

– Encrypted USB keys
– DVD backups
– RAID arrays
– Previous versions/shadow copies
– Offsite backups
– Backups to internal drives
– Cloud backup

### How much should we trust encrypted backups?

– What if the company does the encryption?
– What if we did the encryption?
– Maybe it doesn’t matter: if we are on the Internet we are in the cloud
– There is consent vs non-consent
– Is Linux more secure?
– Should we throw up our hands and give up?
– FLOSS means that although people CAN examine source code it doesn’t mean that it WILL be

### Disaster recovery

– If you participated in disaster recovery other people would have to do this the next time
– They paid for another company to provide services for backups
– How do you set up disaster recovery environments?

Some people do not like backups because they can profit from the data recovery.

Posted in Backups, Past Meetings | Leave a comment

2015-08: All About VoIP

Posted on 1 August 2015 by Marc

Location:  The Working Centre 58 Queen Street South, Kitchener, ON (plan)
Date: 17 Aug 2015

During August’s meeting we will talk about Voice over IP for nonprofits. Who is using it? What solutions are we using? What providers do we like? What are the pros and cons of VoIP solutions vs digital PBXes vs landlines?

If you are using VoIP at your organizations, come and share your experiences.

Why does VoIP work better over real PSTN lines than over VoIP?

If you have been thinking about VoIP, please bring your questions.

Meeting Notes

Discussion Questions

——————–

– What are you using?
– What do you like about VoIP? What do you not like?
– What providers do you use?
– What works better with PSTN? With VoIP?
– What are the pros and cons?

Arbitrary Comments
——————

– What can we do with Teksavvy
– Vonage vs ITSP? (Unlimitel, VoIP.ms) vs ISP (Teksavvy, Rogers) vs MagicJack
– MagicJack is an ATA? You need internet
+ You can get a USB dongle as well (don’t work under Linux)
+ It is reliable enough for faxing
+ $10 extra per year for a Canadian number
+ $50/year + tax ($70 for the device)
+ Berleine spends $32/year for a US number and service
+ Unlimited minutes
+ Call quality can suffer if the internet is busy

– Magicjack and Vonage are in the same space

– VoiP.ms and Unlimitel
+ $1/month for the DID, $1.50 for Emergency 911
+ Unlimited minutes

– Magicjack and Vonage are in the same space

– VoIP.ms: $1 + $1.50 for Emergency 911 + 1c/minute per calls
+ You can buy a home package for $3.50 per month
+ You can have subaccounts
+ You can have many calls running simultaneously

– Fongo
+ Free phone number, free calls, free voicemail, pay to send texts
+ Freephoneline.ca is the same but for desktops
+ How far can you get on a wifi phone?
+ Sometimes quality is an issue

– SIP phones

– TWC
+ One PSTN line + voip lines + Norstar systems
+ Use an ATA to convert VoIP.ms to analogue
+ This does not work perfectly all the time (eg long tones)

– Brendan has tried to switch to all VoIP
+ How do you trunk calls between buildings that use different systems?
+ Idea: just map lines to phones so you can use Norstar handsets
+ How can you receive calls in multiple locations?
* Voip.ms makes this easy
* You can use follow-me settings in Asterisk

– Faxing and virtual faxing
+ Doesn’t work so well on VoIP
+ VoIP wants to break up packets, but faxes want a continuous

– Cheapest SIP phone: Grandstream GXP1400 (similar: GXP1405)

– Why VoIP?
+ Cost: $40 for a PSTN line. VoIP can be cheaper
+ Can use the same phone number for many calls
+ We trust everything that goes over the internet
+ Very configurable for free

– Why not VoIP?
+ Depends on power to work. Don’t have blackouts!
+ Can’t run faxing (reliably), DSL modems
+ Can’t use analog modems
+ Can be reliability problems
+ Security concerns
+ Should have quality of service to ensure good performance
+ Need upload bandwidth (16k-64kbps up per call depending on codec)
+ Rollovers can be an issue between POTS and VoIP, depending on provider
+ Costs more in terms of IT time

– You can do voip via internet addresses

– Older ADSL lines provide 700kbps up

– Bell VDSL is broken? Fibernetics does it right?

– Execulink is a provider that does PSTN rollovers right

– Can you do anything more with commercial VoIP than with regular Bell?
+ Maybe. It depends on what the provider provides.

– Hiding callerID : easy

– Is this obsolete because of cellphones?
+ The numbers are different
+ Not as configurable
+ But your cellphone works in a blackout (modulo batteries)

– You can’t run your own cellphone service (in Canada)
+ Compare to radio, community cable

– SIP clients for cellphones?
+ SIPSimple?
+ You can register to a local asterisk account
+ Ring groups on VoIP.ms
+ How can you make phones ring in certain locations only?
* Put a sip client on their phones
* Put Asterisk

– What Asterisk systems can be configured by Thursday?
+ PBX in a Flash
+ Elastix

– Cheap analog phones?
+

Acronym Fun
———–

– ATA : Turns VoIP into PSTN lines.
– VoIP : Voice over internet. The trendy thing.
– PSTN/POTS : “Real” phone line
– SIP : VoIP protocol. There are others (eg IAX)
– FXO : Port that is on the phone. In asterisk, you use a port of this
type when you want to integrate a PSTN line.
– FXS : Provides a dialtone. This can be from the wall,
or the ports on an ATA
– DID : A phone number
– VoIP registration: What phone will ring when you make a call to the number?
– Hunt groups: Choose which order phones will ring
– QoS: Quality of service: prefer sending packets to phones rather than Bittorrents
– Rollovers: First call a POTS line, then call a VoIP line with a different provider
– MWI: Message waiting light when you have voicemail

Posted in Past Meetings, VOIP | Leave a comment

2015-07: Keeping Remote Sites up to Date

Posted on 1 July 2015 by Marc

Location:  The Working Centre 58 Queen Street South, Kitchener, ON (plan)
Date: 13 Jul 2016

This month we will be talking about how to deal with multiple locations within an organization.  We will be discussing things like file sharing setups for more than one location, communications between locations, different router types for VPN and such, etc….

Multiple locations may mean more than one office building, or other situations like employees who work from home or other remote locations.

Meeting Notes

What kinds of remote sites do you need to support/connect?

————————————–­——————–

– Second location
+ public facing location at one site

– People working remotely without having an office

What things do remote users need to do?
————————————–­-

– File sharing: spreadsheets, word documents, PDFs
– Database use

What tools do you do to enable them?
————————————

– Sharepoint site for sharing documents
+ Brendan uses an older version
– Syncing files between file shares
– Windows Server Remote App
+ Small Business Server and Essentials
– Moving files to the cloud
+ hosted server
– Syncing with dropbox
– Office 365 transitions workflow to the cloud
– VPNs
+ Complicated for users
+ SecurePoint client makes it easier
– Cisco mobility to connect (forwards all traffic via the VPN?)
+ Local storage with encrypted storage
+ files are stored remotely
– Windows BranchCache?
– Bittorrent sync, Dropbox, Syncthing
– Caching servers that sync overnight
– Microsoft DFS Replication (don’t bother!)
+ OneDrive for Business is still not working
– OpenVPN over OpenWRT
– Hamachi
– SSH tunnelling for remote access
– Remote support: SSH tunnelling, VNC, Fuse and SSHFS
– OwnCloud with WebDAV
+ OwnCloud does not do symbolic links very well
– WebEx (free for first three clients)
+ http://www.webex.com/…­
http://www.remoteutil…­ : free for 10 clients
– AWS cloud?
– Using git for synchronization

What clouds are easy to set up?
——————————-

– OwnCloud on VPSes or your own servers

What is painful?
—————-

– Attaching remote files to local email
– Syncing multimedia files (photos)
– Downloading things from the VPN is slow
– People want things to work without learning anything
– Initially contact to a remote client: how do you get them setup?
+ join.me, bomgar, TeamViewer, screensharing with Skype (slow)
– Users do not provide enough detail
– Slow connections on the remote end
– ADSL connections with slow uploads
– Can we stop the cloud?
– Synchronizing calendars
+ OwnCloud is not up to snuff
+ What webdav clients exist for Android? acal, solcalendar don’t work
+ SunRise calendar: https://play.google.c…­
+ business calendar: https://play.google.c…­
+ There is an Exchange connector for Android

Troubleshooting mobile devices?
——————————-

– Remote support viewing on smartphones? WebEx, LogMeIn

Other considerations
——————–

– syncing over DSL
– online collaborative systems for sharing documents
– newer versions of Sharepoint allow concurrent editing of documents
– confidential/sensitive information being uploaded to The Cloud ™
+ But any computer that is online is on the Cloud
– Storing medical information on the Cloud?

– VPN routers?
+ They have VPN servers themselves (IPSec and PPTP)
+ How do they find the clients? They use a road warrior setup

– German company: SoftMaker (word processor software)

ISPs
—-

– Execulink supports vDSL now?
+ http://www.execulink….­

– Teksavvy has business offerings
+ They have good support

– Yak
– Eyesurf : okay but limited
– Acanac ?

Posted in Past Meetings, Update Remote Sites | Leave a comment

2015-06: Updating Computers

Posted on 1 June 2015 by Marc

Location:  The Working Centre 58 Queen Street South, Kitchener, ON (plan)
Date: 08 Jun 2016

  • All about keeping systems (specifically desktops) up to date:- What tools do you use to keep desktops up to date? (Windows or
    Linux, or other)
    – What tools do you use for third party updates (Flash? Adobe Reader?
    Hateful Java?)
    – What tools do you use to monitor and ensure that updates are
    happening?
    – How do you prevent desktops from filling up with spyware and other
    nonsense?
    – For Windows people: what are you doing about the Windows 10 upgrade
    offer?

Meeting Notes

—————-

### Linux

– Run apt-get manually
– apticron: emails when there are updates
– unattended-upgrades : does security updates automatically
– apt-dater : run updates in parallel
– rootkithunter

### Windows

– Download and ask to install
– WSUS updates
– Download updates and shut down

### Third Party Updates

– ninite.com
– wpkg.org
– chocolatey.org
– wsusoffline.net

### Restoring computers

– DriveVaccine (SUCKS)
– SteadyState (RIP)
– SteadierState
– Faronics DeepFreeze
– Virtual terminal servers (Multipoint server)
– Ubuntu with guest account
+ PlayOnLinux : install Wine easier
– DelProf

Posted in Past Meetings, Update Computers | Leave a comment