Sunday, 19 December 2010

online backup

You can't recover what you haven't backed up. I am renowned for being obsessed with ensuring client data is backed up in multiple different ways in multiple locations / media. It is imperative that you backups are checked. If you backup has stopped running, is someone looking after it daily to make sure the issue is fixed. Or did you suddenly discover the last time your backup ran was three months ago...? Or was that a year ago... Nothing we haven't seen before...

So... solution one is to make sure your backups are automated... They don't require someone to remember to change a tape or cartridge etc... 

Solution 2... make sure that if the backup fails then someone is notified and they actually do something about it... Do you have a system in place to check this and make sure it happens. Is the backup status of your critical servers reported to the directors during management meetings?

Solution 3... backup off site. Be this online backup which we prefer especially with the cost of this being really affordable these days or taking tapes or USB drives offsite. If your site become inaccessible then you need a plan B... With our online backup facility, you can access your data on a remote server so get up and running a lot quicker than traditional offsite backup. Ask us for more info rather than me boring you with the detail now...

Solution 4... multiple backups... So traditionally we tend to run a windows server backup, i.e. using the software that comes with windows server (used to be called ntbackup). Then we run an online backup if the client agrees to the investment and finally like to sync the main data to an external USB drive. These are all pretty much low cost ways to backup but are worth their weight in gold.

Solution 5.... Now we start getting to the nitty gritty.... If your server fails then you need to get it backup and running as quickly as possible. This is where third party products come into it. The traditional third party products backup your servers data up, especially exchange and sql server and make it easier to restore the data. Reporting and configuration and options all tend to be a lot easier using third party products but can be really expensive. Where the real value lies is in snapshots... If you use backup software to take an image of the server then restoring an entire server can be as quick as an hour. We have used Acronis in the past on a number of servers and it does the job for us.

Actually to be fair, windows 2008 includes this facility which recently saved our bacon. So the moral of the story is, it doesn't have to be that expensive to setup backups that will prove to be quite simply priceless when they are required.

Hope this post helps, no doubt others have a lot of different experiences and advise but the above information is from our 14 odd years of practical experience so i hope it proves of some use.

Saturday, 18 December 2010

server hack!!

We had a pretty shocking discovery the other day when a new client who has old systems in place (we are trying to convince to upgrade) had a whole lot of strange things on one of their server's screens. After taking a look, we discovered that someone had logged onto the server using vnc .

We traced it back to someone in Turkey. They didn't do a great job of covering their tracks which is pretty unusual in my experience. Usually the only way you can tell your server has been hacked is because all the log files have been deleted. Considering how rubbish their internet connection is, they probably lost interest. 

What did they do? Well... essentially used various websites that sent spam email, pretending to be from Credit Agricole Bank to thousands of email addresses in France. Pretty serious stuff. They used different websites and different bits of software to do this.

Step one is to block access to the server for them to carry on utilising the server as a gateway. Note the important thing here. The server was not hacked to access the client's data, it was hacked to use the server as a computer to send out large amounts of spam email. I often get people telling me that no one would be interested in their data and therefore they won't be hacked. Thats BS guys... and here is the proof...

So changed the admin password, uninstalled VNC off the servers. Blocked the VNC ports on the firewall. Took down what info we could of what had happened but it was more important to protect the network from further access. Uninstalled any dodgy looking software on the server.

Couple of reboots, virus scanning, going through everything with a fine tooth comb essentially. Happy the servers and network were now protected from any further unwanted visitors.

Pretty interesting episode and quite scary how easy and quickly this kind of thing can happen so be warned. If you are not confident your systems are protected then get in touch with us - Colins IT Ltd

In the first instance you should not only have anti-virus on every single machine but ensure that it is running correctly, it has been configured to scan everything on the network, runs a full scan regularly, reports any suspicious files, is constantly updated.

Oh, and using free anti-virus... seriously.. you get what you pay for. If you can't afford to pay £30 odd a year to protect your vital data, credit card details, countless hours of work etc... something worth thinking about...