Hilltop Consultants IT Blog
Category SubscriptionReceive email notification when a new item is added in this category.
Hilltop Consultants was very concerned about news reports about the recently revealed Prism Program (http://thenextweb.com/insider/2013/06/07/wapost-yahoo-google-facebook-skype-apple-directly-feed-user-data-to-the-us-government/).
These reports mentioned the pending inclusion of Dropbox in the Prism program. We asked our Dropbox partner manager about these reports, and this is her response.
I have confirmation we are not in any program.
We’ve seen the reports that Dropbox might be asked to participate in a government program called PRISM.
We are not part of any such program and remain committed to protecting our users and their rights to privacy.
We’re proud of our established track record of fighting for users’ privacy rights (https://www.eff.org/who-has-your-back-2013) and being transparent about government requests for user information (https://www.dropbox.com/transparency).
For more information about how we protect our users’ privacy, please see this page: https://www.dropbox.com/privacy
Hilltop Consultants is always looking out for you and your company. We will always find you the best solutions to help with privacy and keeping your network safe and secure. Please continue to follow our blog for more discussions such as these and all other tech related announcements. You may always contact us if you have questions or concerns for your company.
Hilltop has noticed a disturbing trend in Tech Support. Many Managed Service Providers (MSP's) do not want to go onsite to fix problems or help users anymore.
As the president of Hilltop, and as someone that has been personally providing technical support to end users for over 20 years, I think this is ridiculous. I do agree that the majority of issues can be resolved remotely by qualified Helpdesk personnel, sometimes it is better for the client to just send someone onsite to fix the problem.
If an end user is having problems, they are probably already frustrated by the time they call the Helpdesk. If the Helpdesk can not fix the problem remotely, the user needs someone onsite.
I understand that some Managed Service Providers are reducing their costs by using remote support only. What is the point of reducing costs, if it is going to further frustrate and possibly drive the client away? If you can not fix the problem remotely, send a tech onsite. It is better to send the tech, lower the frustration level, and keep the client happy.
If the only way that the MSP can maintain profitability is by frustrating clients, the MSP needs to fix their business model. No amount of slick sales and marketing can bring in enough new clients each month that the MSP can afford to lose their existing clients by denying onsite support.
If you are working with another MSP, or other Tech Support company that will not send a tech onsite when you need them, contact Hilltop today. We can schedule a FREE Network Assessment to find out whether or not your firm is a good fit for our version of Managed Services.
As your business grows, you may find that there comes a time where you need to upgrade to a faster and more reliable Internet Service Provider (ISP). While the DSL line that you started out with worked fine when there were less than five employees, the bandwidth you receive from your ISP is no longer sufficient. Having a slow internet connection can really affect your productivity. Problems such as slow email, web browsing, and incomplete cloud backups are often caused by having insufficient bandwidth.
When selecting a new ISP, there are many factors to consider. Try to avoid being fooled by slick marketing and salespeople. The amount of bandwidth and the type of connection you select are very important factors. This is why we never recommend slow DSL connections, especially when there is no guarantee of specific upload or download speeds. Have your IT consultant review all proposals from ISP's. If possible, obtain multiple quotes from multiple vendors. You should also consider utilizing a master agent or broker type service. They generally know where to find the best deals, and often they are paid by the ISP's, not your business. Always familiarize yourself with the terms of your current ISP service agreement. Many ISP's will charge a cancellation fee if you cancel the service early.
Once you have decided which ISP your business will switch to, there are many things to consider when planning a seamless transition. You should always gather the relevant information ahead of time, and not wait until the day of the cutover to find the information you need.
Here is a list of considerations when planning your ISP cutover.
- Always schedule ISP changes a couple of weeks ahead of time to give users and clients ample notice. Remind your users the day before, and a few hours before making your changes.
- Have account information for your ISP, hosting company, DNS provider, and domain registrar ahead of time. ISP changes will often require changes to DNS records for email and remote access servers.
- If your new ISP requires you to have a new router installed, consider having the ISP provide and manage the router. This will prevent finger pointing in the future, should there ever be a problem with the new ISP.
- Know the user names and password for your routers and firewalls. Your firewall will need to be reconfigured if you have a new IP address. You may also need to change the speed settings of your external firewall interface.
- Consider upgrading your firewall at the same time as you switch to another ISP. Chances are that you have outgrown your firewall at the same time as you have outgrown your old ISP.
- If you do not need to upgrade to a new firewall, check if there are any software or firmware updates for the firewall you plan to keep.
- Understand the changes that the ISP installer is making. Make sure that they don't disconnect your existing ISP, phone, or fax lines, unless you have already planned accordingly. Many DSL installations utilize your fax line. If your DSL is getting disconnected, you will need to know how this affects your fax capabilities.
- Document the configuration of your firewall prior to making any changes.
- If you are changing DNS providers, document your DNS records (zone file) prior to making changes.
- If a new router or firewall is installed, make sure that the DHCP settings are consistent with your existing network configuration. You should never have your router or firewall providing DHCP if you have Windows servers on your network.
- Know whether or not you are moving to a static or dynamic IP address. Having a static IP address may be required if you have an internal email or remote access server.
- Test your new connection with a single notebook computer prior to connecting a firewall. Make sure that you are receiving the expected upload and download speeds.
- Let the connection run for a couple of days before making the switch.
- Think about any site to site VPN connections between your office. If you change ISP's or IP addresses, your VPN connections will be affected.
- If you use a 3rd party spam filtering service like Reflexion or Postini, you may limit the downtime for your email server. These services do not require that you change DNS records. They will also hold on to your incoming email while you cutover.
- If possible, do not cancel your current ISP until your new ISP is in place and active. If feasible for your budget, consider using two ISP's and a firewall that allows for automatic failover and load balancing. It is always a good idea to have a Backup Internet Connection.
- Understand any changes that need to be made to your Citrix server if it uses a private IP address instead of a routable public IP address.
- Communicate often with the management of your business to set expectations. When done properly, there should be no downtime, as long as you plan your ISP change carefully.
- If you are using a 3rd party monitoring service or managed service provider, let them know when you are making these changes. It will prevent unnecessary alerts and phone calls if your servers go offline.
- Make sure that your monitoring service adds your new IP addresses to the items that they monitor for you.
- Have your ISP configure Reverse DNS for your new IP address. A lack of reverse DNS may cause some spam filters to reject messages from your internal email server.
- Update your network documentation when the ISP cutover project is complete.
As you can see, there are many things to think about when moving to a new ISP. One way to ensure that your ISP cutover is seamless to your users, is to contract Hilltop Consultants to manage the project. We have performed hundreds of cutovers and new installations over the years. We have the expertise and experience to get the job done on time with the least impact on your users and management.
Recently Hilltop began supporting a DC based law firm with around 80 users. The firm had been working with another Outsourced IT service provider. As far as the firm knew, they were doing everything right. Email was getting backed up, filtered for spam, and was be journaled offsite with Microsoft.
During Hilltop discovery, we found that the Outsourced IT service provider did not have everything under as much control as both the firm, and Hilltop would have hoped.
Email is one of the most critically important systems that your firm has. Your firm needs an IT partner that can be trusted to keep your email system secure, compliant, and reliable. In turn, your IT partner needs an email compliance and security partner that it can trust. Once that partner is in place, their systems need to be monitored and tested regularly.
If you are not 100% sure that your email system is properly secured, backed up, and archived, contact Hilltop about a free assessment.
Hilltop has found an email compliance partner that we can trust in:
Reflexion provide a range of hosted email services that are differentiated by their ease of implementation and use, their unique features and effectiveness, and their affordability.
Reflexion Total Control (RTC)
RTC is a hosted email security service that blocks spam, viruses and volume-based attacks before it reaches the corporate network. Reflexion’s unique technology also identifies address-sharing and the sources of spam, and provides concrete tools for preserving the integrity of one’s primary email address. Automatic inbound email queuing assures email continuity in the event of a local server outage, and outbound email filtering protects one’s reputation and helps to avoid the business disruption of IP address blacklisting. Reflexion’s service provides the configurability that IT Solution Providers need to address a wide range of customer requirements, with the automation and simplicity that ISPs require for their subscribers.
Reflexion Archiving, Discovery and Recovery (RADAR)
RADAR provides businesses with a complete, searchable email archive that can be accessed at any time, from anywhere on the Internet. RADAR provides email continuity during local email server outages, full email disaster recovery from more severe outages, rapid retrieval of emails that have been misplaced or deleted locally, a searchable knowledgebase of a company’s intellectual property stored in email, and a rapid means of responding to discovery requests for legal proceedings governed by the new Federal Rules of Civil Procedure.
With an increase in regulatory pressures, identity theft and highly publicized security breaches in the media, companies that do not encrypt emails containing sensitive information are at risk of regulatory fines, lawsuits, negative PR and a loss of company intellectual property. Companies dependent on building a relationship of trust with their customers and business partners cannot afford to risk such potential damages to their brand image. Email encryption is, therefore, an important piece of the security puzzle; it protects your company, your customers and business partners. The question then becomes how to implement this critical business process.
Jim Turner will be presenting a seminar on Mobile Device Management for Law Firms on 5/29/2013. This seminar is only for members of the Association of Legal Administrators.
Here is what you will learn:
- What is Mobile Device Management
- How MDM software secure, monitors, manages, and supports mobile devices
- How to protect the data and configuration settings for all wireless devices attached to your firms network
- How to protect corporate data on both firm-owned and employee owned (BYOD) devices
- How to optimize the functionality and security of mobile devices while reducing costs and downtime
- How to select the best MDM software for your firm
Find out more and RSVP here:
Find out more about joining the Association of Legal Administrators here:
I wanted to share information on the Best Practices for Enforcing Password Policies. Many firms are not enforcing password policies, rather they let the users determine how frequently they change their password. This usually means that the passwords never get changed. Weak passwords that are not changed on a regular basis leave gaping holes in the security of the network. Read the article below for more information.
No matter how secure you make a user’s password initially, she will eventually choose her own password. Therefore, you should set account policies that define a secure password for your systems. Account policies are a subset of the policies configurable in Group Policy. Here’s a look at the key settings you will work with.
Enforce Password History
This sets how frequently old passwords can be reused. With this policy, you can discourage users from alternating between several common passwords. Windows Server 2008 R2 can store up to 24 passwords for each user in the password history. To disable this feature, set the value of the password history to 0. To enable this feature, set the value of the password history using the Passwords Remembered field. Windows Server 2008 R2 then tracks old passwords using a password history that’s unique for each user, and users aren’t allowed to reuse any of the stored passwords.
Note: To prevent users from working around the Enforce Password History settings, you should prevent users from changing passwords immediately. This stops users from changing their passwords several times to wipe the history and get back to the old password. You can set the time required to keep a password with the Minimum Password Age policy.
Maximum Password Age
This determines how long users can keep a password before they have to change it. The aim is to force users to change their passwords periodically. Generally, you use a shorter period when security is very important and a longer period when security is less important. You can set the maximum password age to any value from 0 to 999, where a value of 0 specifies that passwords don’t expire. Although you might be tempted to set no expiration date, users should change passwords regularly to ensure the network’s security. Where security is a concern, good values are 30, 60, or 90 days. Where security is less important, good values are 120, 150, or 180 days.
Note: Windows Server 2008 R2 notifies users when the password expiration date is approaching. Any time the expiration date is less than 30 days away, users see a warning when they log on that they have to change their password within a specific number of days.
Minimum Password Age
This determines how long users must keep a password before they can change it. You can use this field to prevent users from bypassing the password system by entering a new password and then changing it right back to the old one. If the minimum password age is set to 0, users can change their passwords immediately. To prevent this, set a specific minimum age. Reasonable settings are from three to seven days. In this way you make sure that users are less inclined to switch back to an old password but are able to change their passwords in a reasonable amount of time if they want to.
Note: Keep in mind that a minimum password age could prevent a user from changing a compromised password. If a user can’t change the password, an administrator has to make the change.
Minimum Password Length
This sets the minimum number of characters for a password. If you haven’t changed the default setting, you should do so immediately. The default in some cases is to allow empty passwords (passwords with zero characters), which is definitely not a good idea. For security reasons you’ll generally want passwords of at least eight characters because long passwords are usually harder to crack than short ones. If you want greater security, set the minimum password length to 14 characters.
Passwords Must Meet Complexity Requirements
Beyond the basic password and account policies, Windows Server 2008 R2 includes facilities for creating additional password controls. These facilities enforce the use of secure passwords that follow these guidelines:
- Passwords must have at least six characters.
- Passwords can’t contain the user name or parts of the user’s full name, such as his first name.
- Passwords must use at least three of the four available character types: lowercase letters, uppercase letters, numbers, and symbols.
To enforce these rules, enable the Passwords Must Meet Complexity Requirements policy.
Store Password Using Reversible Encryption For All Users
Passwords in the password database are encrypted. This encryption can’t normally be reversed. The only time you would want to change this setting is when your organization uses applications that need to read the password. If this is the case, enable Store Password Using Reversible Encryption For All Users. But with this policy enabled, passwords might as well be stored as plain text—it presents the same security risks. With this in mind, a much better technique is to enable the option on a per-user basis and then only as required to meet the user’s actual needs.
Do you have what it takes to work for Jim at Hilltop Consultants ?
To be a tech at Hilltop, you….
- need to know what you are doing. Our clients are smart, you can’t fake it with them.
- need to get to work on time and work until all of your tickets are updated or closed.
- must treat the clients with respect. They are the ones that pay your salary.
- must look at the total picture and not be afraid to make recommendations. You know when the computer is too old and slow for the client, don’t be afraid to tell them.
- must respect everyone’s time. Our clients bill more per hour than we do, understand that everyone minute they are on the phone with you is a minute that they are not billing out.
- cannot take shortcuts. Don’t apply a temporary fix when you know the problem is going to come back in a couple of days. That wastes everyone’s time and just frustrates the client.
- must recommend good products and software. Don’t have a client purchase a $20 network switch made in China. How long do you really think that piece of garbage is going to last?
- need to keep up with current technology. I am sorry but your in depth knowledge of Windows NT 4.0 does not do us any good.
- you have to follow directions. If I tell you to CALL a client, that does not mean send them an email. If I say send the client an EMAIL, that does not mean leave them a voicemail at 6PM when they are no longer at their desk.
- don’t ask clients questions that they are not qualified to answer. Imagine a surgeon waking you up to ask what kind of incision she should make when they are performing surgery on you!
- have to be dressed appropriately and have basic to impeccable personal hygiene. If you cannot fix a problem remotely, you sometimes have to hop in a cab and head over to the client. You cannot do that if you are not dressed appropriately.
- always recommend that computers over 5 years old be replaced. Why should a client spend money on a slow computer that is going to die soon?
- always blow the dust out of computers when you open them.
- never allow a client to use Norton 360, Norton Internet Security, or McAfee Antivirus. Those products suck. Their solution is worse than the problems they prevent.
- always make sure that computers you work on have current and functional antivirus software installed.
- recommend that all computers have at least 4 gigabytes of RAM. Memory is cheap. There is no reason to have less RAM than this.
- will always test computers after you fix them and before you give them back to the client. The worst thing in the world is getting called back about a problem you said you already fixed.
- will always check in and out with our clients when you visit their office. We never sneak out like a thief in the night when we are done with our work.
- must always respond to your co-workers and clients in a timely manner. They have better things to do than wait a day for a response.
- always update the service ticket. This is how the client knows that you are working on their issue and that you have ultimately fixed the problems.
- need to escalate when you are stuck on a technical or vendor issue for more than two hours. If you get a request and don’t know where to start, escalate faster.
- Keep Jim in the loop when he personally assigns a ticket to you or asks about a ticket in your queue. If Jim is involved, this means that I client has gotten Jim involved. Jim needs to be able to talk to the client about the ticket if they reach out to him again.
- must respond to requests to update clients quickly. If management is asking you to update the client, it means that there is an issue. If the client has to ask for an update twice, there is going to be a problem.
- don’t let other vendors get in the way of progress. We all know that Verizon tech support stinks. We all know that Dell will do anything to avoid shipping parts. We will press on these vendors as hard as we need to in order to make them do their jobs. No wimps!
- don’t install freeware, trial-ware, or advertising supported software on client computers. You get what you pay for.
- will not recommend residential grade networking equipment for a business. It is not as reliable, secure, or predictable.
- must tell clients if their internet connection is too slow. If there are 10 users on the network, that 784kbps DSL line is not going to cut it. The clients are not network engineers. They may have been told by Verizon that this high speed connection is adequate, but we know better.
- understand that it is always a good idea that our clients have redundant internet connections. A single connection is a single point of failure. Always recommend that they have a backup connection.
- understand that there is no place for backup tapes in the modern technological world. Clients must back up to disk and hopefully to the cloud. Backup and Disaster Recovery systems are the best. Carbonite and Mozy are not Backup and Disaster Recovery systems. Waiting a week to recover a client’s data is not an option for us.
- always recommend that clients use a spam filtering service. Not an appliance, but a service that also bags their email in the event that their server or internet connection go down.
- always use a real UPS that can be monitored. We never want our clients to know that their battery has failed before we do.
- always monitor for low disk space.
- always monitor routers and firewalls. Clients should not have to call us to let us know that they can’t get to the internet.
- always automate any task that you have to do more than 3 times.
- always offer to help your other techs when you have closed all of your tickets
- don’t get stuck waiting for parts. If Dell tells you that it will take 3 days to get a new hard drive, or Lenovo tells you it will take 3 days to get a tech…FIND ANOTHER SOLUTION!
- must understand that you are only as good as your last client interaction. Every client is given the opportunity to rate your service after each service ticket.
- always put the client first. Management will always stand behind you as long as you were trying to put the client first.
- have to understand that Jim may email you at any time of day 365 days per year. He is not expecting you to respond at 4AM, but you do need to respond within one hour of starting your next business day.
If this sounds like a job for you, apply at:
Did you know that Hilltop Consultants has a Facebook page?
You can visit our page by clicking this link.
We use Facebook to post pictures of Hilltop events like our Earthday Recycling Event, Hilltop parties, and our upcoming 10th Anniversary Celebration.
Visit our page and "like" it the next time you are signed in to Facebook.
Get to know the Hilltop Consultants team. Our staff bio's are now online.
Here are some interesting facts about our team:
There are 5 Hilltop kids. (kids born after their parents joined the team)
There are 2 Hilltop marriages. (people that got married after joining Hilltop)
There are 2 Hilltop Masters Degrees. (degrees obtained after employment with Hilltop)
Thanks for visiting our blog. Our blog will tell you a lot about our team, our company culture, and the work that we do for our clients. If you would like to find out even more about Hilltop, you can visit our Facebook page.
We post information about special events, technology news, and company outings. I especially recommend that people interested in applying for a position with Hilltop visit our Facebook page.