Did a colleague forward this newsletter? Please email me to join the list and receive your own copy. Blog Please visit the Technology Reflections Blog on the Web for new articles, explainers, and opinion. Here's just a sampling of a few blog entries this last month. 09.22. WiFi-N: 802.11N Explainer 09.21. Fight Spam Smarter! 09.10. Does Skype Make Small Businesses More Vulnerable? 09.07. Small Business: Responding to the Avian Flu. 08.31. A Simple Approach to Managing Malware. News and Announcements We Welcome our New Customers! GeorgeTown, Inc. Clackamas, OR   Oregon Trail Lumber, Inc. West Linn, OR Our Subscriptions Have Doubled! We're very pleased that our subscribed readership has more than doubled from September 2006! We're now reaching a little more than 100 subscribers every month - thank you! Our Internet Traffic Has Quadrupled! We're also very pleased that traffic across our blog quadrupled over the last month. This is primarily in part due to our blog's syndication to Technorati and our recent E-Zine publication. This is also great news! Our Online Presentations are Updated! This month, we've made some material changes to our online academic presentations. They've all been reformatted to support our new 2006-2008 colors and template standards, and, new content is being added all of the time.  You will also see that handouts are now provided for every presentation, making printing our presentation content easier on my students. Our most recent presentation is on the role of Information Systems in professional environments. Bugs and Viruses As of 09.25.2005, the largest virus threat came from the w32.pasobir worm. The w32.pasobir worm was an interesting threat this month. Like any worm, this is a self-replicating program that tries to harm your computer and makes copies of itself to other computers. Specifically, it replicates by using removable storage devices - like thumb (USB)  drives, for example - and attempts to steal instant messenger passwords. Stick in the drive and it infects the machine, or, an infected machine writes the worm when a new drive is inserted. Hey, it's social: imagine this vulnerability at a school or at your business, where people are sharing thumb drives to transfer data.  Make sure your anti-virus software is patched to counteract this threat. There was an interesting Trojan Horse threat from a spyware application called Boolospy.  This isn't something you would willingly download or think it was on your system. Your system is infected when another program from the Internet is installed. When this spyware is active, it collects the keystrokes and sends them somewhere on the Internet. Passwords, account numbers, pass phrases - the works. Again, have your anti-virus software up to date! Finally, Microsoft released a set of patches this month to address vulnerabilities with Microsoft Office. These updates are not included with your regular Windows updates. As we advised earlier, you should manually run the Microsoft Update Service to catch these updates; make sure you have your Microsoft Office CD ROM nearby for licensing validation!   Learn more about the role of Information Systems in executing business strategy. Additional Resources for Technology and Business Professionals The Microsoft Small Business Support Center offers a myriad of tools, product demonstrations, and free articles that explain how your business can improve upon its competitive advantage. Here's a good technical tool. Ever wonder about where a user of an IP Address comes from? IP- Address.com uses Google Maps to generalize an area of the world where a given Internet Protocol (IP Address) comes from - this is useful for tracking down spammers and other miscreants logged by your company's servers. Author Chris Anderson explores the demise of mass markets and the rise of niche consumer markets in his new book, The Long Tail. This is an extraordinary read and I'd highly recommend it to anyone who is interested in the evolution of on-ground and online retail in the next five years. I'd also recommend it to any business owner who wants to understand the impact of the Internet on consumer choices. Meanwhile, keep up with Chris and his powerful insights at his blog, The Long Tail.

Technology Reflections is a newsletter sponsored and prepared by Mickler & Associates, Inc. of Battle Ground, Washington.  The newsletter addresses the technology concerns of small business in every day lingo, and reflects on trends, issues, and tips to help your company gain competitive advantage from tech spend. Please feel free to distribute to colleagues and partners.

Privacy Responsibilities Don't End at the Round File

A news item this month reminded me to bring up the fact that Due Care privacy obligations don't end at the trash can.  Case in point: Vekstar, an Indianapolis telemarketing company ditched its employee records into the dumpster. Names, Social Security Numbers, addresses, insurance information, driver's licenses, and dates of birth - discarded without regard to Vekstar's liability or regard to the unintended consequences of consumer identity theft.

There's a concept in information security called the CIA Triad. Unlike what you might initially think, it has nothing to do with the Central Intelligence Agency. The acronym stands for Confidentiality, Integrity, and Availability. When computer professionals install technical controls like encryption, passwords, firewalls, and audit tracking, we're reinforcing the CIA Triad; and when you lock a file cabinet, you're offering a physical control, the security of a locked cabinet, which also reinforces the CIA Triad.

Think about what might happen when your company data leaves the controls setup to protect the CIA Triad. Papers taken off-site in a folder. Your company's email address posted to public environments like MySpace or ESPN. Backup tapes left in an employee car or purse. Payroll information maintained on a portable computer like a laptop.  A PC stationed in plain sight near a window. Or papers casually thrown into the trash can. Each of these actions and situations deliberately bypass the technical and physical controls that were originally conceived to protect the CIA of your data, thereby eliminating the benefits of such controls in the first place.

Limit your company's liability and information system vulnerability by being conscious of where your information's going.  Good information system security just doesn't begin and end at the server. In everything you and your team does, or carries, or tosses into the round file, consider the CIA Triad and the unintended consequences of loss, theft, or destruction.

Russell P. Mickler, CISSP | MCSE
Principal Consultant, Mickler & Associates, Inc.

The Value of Vista (Part Two)

Continuing my exploration of Microsoft Windows Vista, one of the more positive changes that will be introduced in Windows Vista is native encryption system called BitLocker.

BitLocker works differently than Windows' current ability to encrypt files at the file-system level. BitLocker prohibits access to data at the controller level, preventing someone from bypassing the Windows platform to even have access to encrypted data on the hard drive.

Why encrypt your data? Many small and mid-range businesses are subject to regulatory constraints that require data encryption; HIPAA, GLB, SOX. Further, one need only to read another smash headline that reports x-thousands of confidential records exposed because of a stolen laptop. Encryption is the answer to keep what is supposed to be private totally private: encryption scrambles data so it's completely unreadable by unauthorized parties.

BitLocker is a big advantage to mobile users: laptops can be encrypted in a way that completely prohibits data from being read or copied due to the way that data is accessed by the hard drive.  So the hard drive, even if it was ripped out of the laptop and used on another computer or operating system, is still unable to be read at all.  And because encryption and decryption takes place in the hard drive itself, the process is faster than many application-level options currently on the market today.

However, it's not all that plug-n-play - you're going to need a special computing platform and hard disk to support BitLocker functionality supporting a feature called TPM (Trusted Platform Module).  Only TPM-capable computers and hard disks will be able to leverage BitLocker as a data security strategy.  This would influence your buying decisions within the next year: minimum hardware requirements for BitLocker require TPM 1.2 or higher support and a Trusted Computer Group (TCG)-compliant BIOS. Further, there's some additional setups on the drive system itself - two partitions need be setup in a special way - that really will require an expert eye to look at things to get it setup right.

What BitLocker lacks in convenience it makes up for in security. BitLocker can work in two different modes: a transparent mode where it just works in the background, or, a user authentication mode where a PIN must be setup in order to start up the computer and mount the hard disk. For technology professionals everywhere, we breathe a collective sigh of relief here - ahh, a permissions-level control that will allow us to recover your data a whole lot easier.  But what is really interesting about BitLocker is its USB-mode: dynamic drives that connect via USB can also be encrypted with BitLocker. 

Microsoft assures its customers that the NSA or any other government agency doesn't have a backdoor to BitLocker and that there's no shortcut way of working around the security. That makes planning for BitLocker all the more important.

However, naturally, Microsoft intends to curtail support for the Windows XP operating system following two years of Vista's release, forcing small and medium-range businesses to upgrade or be left in the cold for updates and patches.

Look for further revelations on Windows Vista in future editions of Technology Reflections.

What is Multi-Core Processor Technology?

In recent months, beginning in the summer of 2005, small business owners have been confronted with a decision to invest in a Pentium 4 clone or a dual-core processor. A core refers to a processing element in the PC and having "multi-cores" would be conceptually representative of having multiple processors. With the dual-core technology, there are two processors on one IC (Integrated Circuit).

So, the more cores, the better system performance will be. Multi-processors eases bottle-necks and increases processing throughput; it lowers your wait time when you're opening an application or waiting on Excel to crunch some numbers.  This makes your computing experience faster.

However, there's a bit of a misnomer in the name. A dual-core isn't twice as fast as a single core, and it's not as fast of a dual-processor system - dual-core isn't Symmetric Multi-Processing (SMP). Having a dual-core processor is not equivalent to having two or more processors on the mother board working by SMP. Having two, entirely independent processors in the computer is far superior to dual-core in terms of speed. There's a difference and it falls somewhere in between both extremes: dual-core is faster than a single-core processor but not as fast as an SMP (dual-processor) system. Therefore, the better option is to purchase the dual-core technology for laptops and PC's, and leave the SMP to servers.

Expect a revolution. Multi-core is going to become the norm - Intel has over 15 multi-core projects underway; look for Intel and others to release processors next year containing up to eight cores on a single die (processor). Multi-core can benefit the

entire user experience but mostly it'll speed up routine operating system tasks so that the computer is more responsive (wireless communication, virus protection, security, encryption, compression, etc.); dual-core really won't help you word process faster, email faster, IM faster, or surf the web at blazing speeds.  It will speed up operating

system cycles so that the system begins and finishes background tasks quicker.

Again, dual-core is great on the client-side but it doesn't beat true parallel processing on the server-side.  When making those capital asset purchases next quarter, be mindful of the difference. If you need help distinguishing the two, feel free to give us a call.

Russell P. Mickler, CISSP | MCSE
Principal Consultant, Mickler & Associates, Inc.