WindowsNetworking.com - Monthly Newsletter - October 2016

Welcome to the WindowsNetworking.com newsletter by Debra Littlejohn Shinder, MVP. Each month we will bring you interesting and helpful information on the world of Windows Networking. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to: dshinder@windowsnetworking.com

 

1. Email Privacy: Is it an Oxymoron?

In this era of social networking, we often share much more than we intended to with many more people than we should have. It’s so easy, when chatting with a friend, family member or co-worker in the comments section of a post, to forget that all of our other friends, family members and co-workers – as well as those friends’ friends and sometimes the general public – are often able to read what we’re saying.
And that’s not all. if they want to take the time and go to the trouble, they take a screenshot of it and preserve it for posterity, even share it with others we do or don’t know – even if we later decide that we’ve been indiscreet and delete it from the original thread. Ouch.
If you’ve been burned a few times (or you’re just cautious enough or paranoid enough to think about this possibility from the get-go), you probably make sure that any sort of confidential information that you want to communicate electronically is done via email rather than on a social site. Certainly email is more private than Facebook – but exactly how much more private? Does sending a message via email mean that nobody in the world except you and the recipient will be privy to its contents?

Of course not. Because most email is still sent unencrypted, it can be intercepted along the way on the networks and at the servers that it passes through and on which it’s stored. The problem goes all the way back to the beginning, when the email protocols that we still use were designed. They weren’t created with security or privacy in mind, because at the time, the Internet hadn’t been commercialized and was available only to a limited number of people who compromised somewhat elite groups in government and academia.
Today, everybody and his dog uses email for both business and personal communications that range from simple “hey, what’s up?” messages to confidential disclosures about our heath, finances, business trade secrets, and much more. The need for privacy hasn’t been completely ignored; email is – or at least, can be made to be – much more secure than it used to be.
Encryption can protect the content of messages from prying eyes – but with tradeoffs. Encrypting individual messages can be complicated and has to be supported by both sides, sender and recipient. Encrypted network connections protects mail from interception in transit, but if the mail provider stores the messages in plain text, they can still be accessed on the server. And even if you use an encrypted connection to send, you can’t be sure that your recipient will also use an encrypted connection to reply or forward the mail.
Perhaps you take comfort in the fact that governments have been cracking down on hackers and attackers who, among other things, attempt to steal email messages. But what about the threat to your privacy from those governments themselves? You probably heard the widely-reported news this month that Yahoo is alleged to have searched all its users’ incoming email with a secret program at the behest of U.S. federal agencies.
With privacy very much on everyone’s mind, and email one of the most common ways that people transmit important information, email providers are providing more options than ever before to help you protect your mail. Office 365 offers optional policy-based Message Encryption, but requires that the organization purchase Azure Rights Management, for a per-user per-month fee.
There are substitute communications methods that can be used when you need to send ultra-sensitive messages, but you can’t necessarily count on them to be around forever. Silent Circle, one such secure messaging service, closed its email service in 2013 and focused on its encrypted voice products, BlackPhone and Silent Phone, and now is facing lawsuits that put its future in question.  
Bottom line: email has a long way to go before it’s truly secure, and the sad truth is that it probably never will be. Of course, we all know that security is a matter of degree, and absolute security is attainable only at the cost of all accessibility. Using plaintext email is somewhat like sending a post card through the postal system. Using encryption, we can make it more like sending a letter in a sealed envelope. But it’s never going to be equivalent to sending a document via an armed, trained, bonded courier whose bag is chained to his wrist. And that’s a reality we’ll just have to accept.

‘Til next time,

‘Til next time,
Deb

dshinder@windowsnetworking.com

=======================

Quotes of the Month

Relying on the government to protect your privacy is like asking a peeping tom to install your window blinds. – John Perry Barlow

If security were all that mattered, computers would never be turned on, let alone hooked into a network with literally millions of potential intruders. – Dan Farmer

If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology. — Bruce Schneier

=======================

2. Windows Server 2012 Security from End to Edge and Beyond – Order Today!

Windows Server 2012 Security from End to Edge and Beyond By Thomas Shinder, Debra Littlejohn Shinder and Yuri Diogenes From architecture to deployment, this book takes you through the steps for securing a Windows Server 2012-based enterprise network in today’s highly mobile, BYOD, cloud-centric computing world. Includes test lab guides for trying out solutions in a non-production environment. Order your copy of Windows Server 2012 Security from End to Edge and Beyond. You'll be glad you did

Click here to Order your copy today

 

3. WindowsNetworking.com Articles of Interest

This month on WindowsNetworking.com, we bring you a new installment for one on-going popular article series and Part 1 of a new series, along with two brand new standalone articles.

Getting started with Azure Networking

In this article, Deb Shinder gives you a “quick and dirty” rundown of some of the networking capabilities of Microsoft Azure, including Virtual network infrastructure (Azure Virtual Networks), Network access control (Network Security Groups), Remote access (Azure gateway/point-to-site VPN/RDP/Remote PowerShell/SSH), and Cross premises connectivity (site-to-site VPN/dedicated WAN link).

Why server GUI

This article by Mitch Tulloch examines the premise that it's still a good idea in some environments for Windows servers to have the graphic user interface (GUI) features installed on them instead of running as headless Windows Server Core machines.

Building a PowerShell GUI (part 10)

Brien Posey’s ongoing in-depth series of articles on how to build a graphical user interface for PowerShell continues in this tenth installment, where he shows you how to do some cleanup work on the code for the script that he has been creating.  

Preserving server hardware

In-house servers can be a considerable CapEx (capital expenditure) investment for smaller businesses, so it’s important to know how to get the most out of the hardware. This is the first article in a short series of articles by Mitch Tulloch that will examine how to safeguard small business server systems and PCs from dust, smoke and other airborne particulates.

4. Administrator KB Tip of the Month

A tip on how you can find passwords that never expire in Active Directory

This week's tip is by Roan Daley, a Premier Field Engineer at Microsoft.

Finding Active Directory objects that have Password Never Expires
As an Active Directory PFE, one of the issues I typically address with administrators is to identify objects (computers or users) that have Password Never Expires. From security perspective, this is considered a risk. For most environments, the easiest way to do this is to use the DS query command:

For Users:
dsquery * domainroot -filter "(&(objectClass=user)(UserAccountControl:1.2.840.113556.1.4.803:=65536))" -attr sAMAccountName userPrincipalName userAccountControl -d contoso.com

For Computers:
dsquery * domainroot -filter "(&(objectClass=computer)(UserAccountControl:1.2.840.113556.1.4.803:=65536))" -attr cn userAccountControl -d contoso.com

For Window 2008 R2 and above this is even easier with the advent of the Active Directory PowerShell Modules:
For Users:
Search-ADAccount -PasswordNeverExpires | FT Name,ObjectClass -A
For Computers:
Search-ADAccount –PasswordNeverExpires - ComputersOnly | FT Name,ObjectClass –A

 

5. Windows Networking Links of the Month

These IT jobs offer a good work-life balance
Sure, there are jobs that are harder on family and social life than being an IT pro; police officers, ER docs and nurses, and military personnel are just a few. But many IT admins find themselves working long hours, foregoing vacations, and getting called back in at night and on weekends (or at least having to work remotely from home to fix unexpected server problems). Take heart; this article discusses some IT specialties that can put your work and off-duty lives in better balance.

Microsoft Azure networking is speeding up, thanks to custom hardware
Microsoft is deploying new hardware known as Field Programmable Gate Arrays (FPGAs) in their datacenters that promise to significantly improve the performance of networking between Azure virtual machines. The new Accelerated Networking feature will take advantage of this hardware to provide speeds up to 25 Gbps between two VMs that both have it enabled.

The Alarming Cybersecurity Skills Gap
With security breaches constantly in the news, and attackers throwing new and more sophisticated malware and exploits at business networks all of the time, you would think training facilities would be churning out new security experts as quickly as they can and companies would be investing heavily in recruiting and hiring the best. Sadly, recent studies show that cybersecurity expertise is undervalued by many organizations’ management, and companies are neither hiring personnel skilled in this area nor training their existing personnel to take up the slack.

New Ethernet standard brings 5x the speed without cable changes
The new IEEE 802.3bz standard that has been ratified by the Institute defines new high speed specifications, 2.5Gbase-T and 5Gbase-T, which can provide for data transmission that’s up to five times faster than traditional Ethernet over the same Cat5e and Cat6 cabling that most locations already have installed.

73% of companies using vulnerable end-of-life networking devices
An analysis of over two hundred thousand pieces of Cisco networking equipment deployed at 350 different companies in North America showed that almost three quarters of them were still using old, outdated devices that are vulnerable to attacks and intrusions because vendors have stopped supporting them and/or because they were made without the new security features that protect against today’s threats.

Brave New Network: How IT Departments will Enable Artificial Intelligence
AI is one of several trending buzzwords in today’s tech world, and we talk a lot about how it will change our lives – but how will it change our networks? What does AI mean to the future of the IT professional, and what effects will it have on the way those IT workers do their jobs, or even whether they continue to have jobs? These are some of the questions that we’ll be grappling with in the not-so-distant future, and this article ventures into those uncharted waters.