Welcome to Guardian Computer Systems knowledge base
Workstations
Whether it is a PC or a laptop or a handheld device, reliable workstations are necessary for a healthy IT system. A home PC is a far different type of workstation and Home PC’s are not recommended for business networks. When purchasing a workstation you need to stipulate that you want a PC for a business environment.
Microsoft provides two versions of their operating systems for PC’s: the “home” edition and the “pro / business” editions. The home edition will not connect to a Windows server correctly and provide you the same level of usability as the Pro or Business versions. Also the Home products are not licensed for use within a business.
Business Workstations tend to be of a better build quality, and are designed for heavy use. Don’t fall in to the trap of buying the cheaper end home PC and using it in your business, it will only cost you more money in the long term in software licensing.
Also with home PC’s the manufacturers tend to provide additional software with the workstation that’s more suited to the home user, and the antivirus may not be suitable for usage on a business network.
Servers
If you have 5 PC’s or more, then adding a server to your network can have many benefits to your business, some of these key benefits are outlined below.
- Centralised storage of all your company data – without a server, typically each PC would store documents relating to the user, this becomes difficult to backup and maintain.
- Security – Having a server in place allows more control of the data on your network and management over each workstation connected to it, allowing you centrally manage user rights to data and resources on your network.
- Data Security – Windows servers come with many features to prevent data loss, along with hardware features such as redundant storage to ensure reliability.
- Monitoring and Reporting – Windows servers provide status reporting & monitoring in email and web form to allow you to see the status of your network and highlight any issues before they can become problems
Microsoft have scaled the Windows Server System to suite the needs of all shapes and sizes of business:
Small Business Server (or SBS for short)
Windows SBS server is specifically aimed at the small business market (up to 75 users), and has the following features for your business:
- Exchange – Exchange connects the Microsoft Outlook mail client on your workstations, allowing you to run a shared calendar system for group appointments, schedule meetings, share company contacts, and run all your email needs.
- Remote Web Workspace – This great feature allows remote access to your company network remotely from any PC with internet access, allowing you connect to your desktop at work from home as if you were sat at your desk, additionally this allows access to your outlook and exchange system directly from your web browser.
- Company Web / Sharepoint – The company web, which is usually the home page set for all your users’ web browsing within your organisation. The company web allows sharing of ideas / content, such as in its simplest form a notice board or holiday calendar. This in essence gives your company a full intranet system.
- File Sharing and Centralised storage – Centralised storage for all company documents in easy to access form.
- Fax Server – Remove the fax machine and bring your faxes directly into outlook as an email. Stop printing a document and faxing, and instead just click file and print, but select “fax” as your printer, type the phone number and click ok. This reduces costs of running a fax machine and makes faxing far easier to work with.
- Managed Backup – Your SBS server provides a managed backup solution were backups are logged and their status is reported to give you a clear understanding to the state of your backup.
Terminal Servers & Remote Working
Terminal servers benefit your organisation in situations where you have multiple mobile or remote users; this standalone server gives all your users a full windows desktop with all the benefits and security of the Windows server system.
The single biggest benefit of a terminal server is that no matter where your users are they can connect to their work desktop and work as normal. This ensures all company data is stored in a centralised place and no user workstations mobile, office or home contain company data. This offers a much more secure way to work over your sales, remote and mobile workers using data contained on their PC / laptop.
A typical scenario for a terminal server environment
Networks
Networking is essential for almost every business now, and comes in many forms methods and standards:
Wired Networks
Now wired networks exist in almost every business and are becoming common in the home. They come in the form of Category 5 data cabling, which connects sockets on the wall to a centralised point in your building, where your network equipment connects to it and usually where your phones connect to it.
Category 5 (or Cat5) cabling is universally used for data networks and telephone networks, we would recommend a minimum of two data points at every workstation, which can be used for connecting the workstation to the network and also provide connectivity for your telephones.
Wireless
Wireless networks have become a very popular method of networking where wired networks can become restrictive, although while working without wires is useful, security of your network must be a concern. We are interested in two types of wireless networks for business use.
“Wifi” or 802.11 a/b/g/n
This type of wireless network is used within your building to connect Laptops and other mobile devices to your network, your laptop or mobile device must have a wifi adapter (most new laptops come with this). This is then used to connect the laptop to your wireless router or access point in the building. Usually the wireless is encrypted using WEP or WPA, which prevent unauthorised users connecting mobile computers to your network.
3G or “mobile broadband”
All mobile phone operators provide “mobile broadband” services or 3G services these days, this usually comes in the form of a USB stick or card that you connect to your laptop, which then connects you to the internet using a contract or pay as you go account with your mobile phone provider. A typical example where this comes in useful for your organisation is where you have travelling sales staff or staff with the need to access files or email outside the office.
We can assist with all aspects of networking throughout your organisation, including extending existing networks, to managing the move of all your IT from your current premises to new premises.
Remote Management
Remote Assistance
While IT is getting more and more reliable, problems can arise, we provide remote assistance, which works very similar to remote working. As part of a service agreement we can reduce the number of site visits by resolving problems your users are having. Should you be having a problem with a workstation, server, laptop etc your staff can call us and we can attempt to talk them through the problem in the first instance or remotely connect to their workstation to resolve the problem.
Remote Monitoring
All IT hardware requires a level of maintenance, and most of these problems are visible before they become a problem to your business. Guardian provides remote monitoring of all your IT hardware and we receive data on a daily or in some situations hourly basis to the status of the hardware and software running in your building. We then should be able to notify you of impending problems before they occur.
Service Contracts
We provide customised service contracts for all your technology needs, our IT contracts can be as little as remote support or telephone support to on site management. Our contracts can easily be tailored to suit your IT budget and size of your IT network. We can provide emergency support to get you up and running with loan equipment in case of equipment failure, fire, theft or flood.
Security
Backups
- Probably the most important of all security considerations. The computers and servers in your organisation all store their information on an internal hard disk; this is a mechanical device containing spinning disks. As with all mechanical devices they will fail or wear out in time, this is inevitable. So how do you protect your data against these occurrences?
- Disaster recovery plan: If you have in place an organised plan in the event of a disaster caused by failed hard disks, loss of data, theft or damage to servers and equipment you are far more likely to be able to continue trading in an orderly manner after the event. Speak to your IT Company about a disaster recovery plan and have them test it annually for proof of concept.
- Backups: All servers should have a backup policy in place with rotating backups performed on a daily basis and kept in a fire proof safe or removed from site every evening.
Employee security
- Many organisations suffer from a lack of security when it comes to employees, this can occur for a number of reasons, trusted staff leaving to setup a new business, grievances or just accident or lack of knowledge.
- Steps should be taken to ensure employees only have access to the documents or work they need, policies should be considered to stop the easy removal of data from your systems and disclaimers set for outgoing email.
- In today’s workplace of remote workers and web based systems do your employees really need access over the web to file sharing and instant messaging networks?
Malware
Malware is an industry term used to describe the variety of "malicious software" that is in circulation around the world. The definition includes viruses, worms, Trojans, computer "bombs", and other forms of intentionally destructive software.Classification of malware
For the sake of naming and categorising threats, malware is classified into a number of categories depending on its method of replication, trigger, and payload. Although these categories are useful, they are still artificial and many of the more recent varieties of malicious software use a combination of tactics that blur the lines between these classifications. Still, it's important to understand the terms used by the antivirus industry in order to quickly assess new threats.
The Classic Virus
The formal definition of a virus is simply a self replicating computer program that can "infect" other computer programs. Note that the definition doesn't actually require a virus to cause any damage, and many don't. In fact, a virus's ability to replicate itself and spread to other computers often relies on its ability to stay undetected. The more malicious and destructive it is, the more attention it draws to itself, and the more likely it is to be discovered and deleted. A virus will try and stay undetected until it has infected as many computers as possible and then trigger its payload.
Worms
Worms are computer programs that replicate themselves across network connections, without modifying or attaching themselves to a host program. Some experts consider worms as a special type of virus instead of giving them their own category, however the classifications that traditionally separate worms and viruses are beginning to blur. Many of the more modern variants that are commonly described as worms can also be classified as viruses or worm/virus hybrids.
Trojans
Trojans are programs that claim to be one thing (usually appearing harmless), but carry an undesirable and often destructive payload. Despite mainstream news media coverage warning computer users not to simply click on e-mail attachments (especially executables), the Trojan is still an effective tool for spreading malware. In the past, Trojan programs were considered "non replicating malware" because they simply launched their payload and that was it. Modern variants blur this distinction and are used to launch worms and worm/virus hybrids that can quickly overwhelm e-mail systems.
Annoyances.
Not all malware is destructive, and some of it is not even intentional. Nevertheless, these annoyances still present a threat to your network because they consume resources. Some of these include:- Jokes and Pranks - Although their payload isn't typically destructive, jokes and pranks can be an annoying distraction for the user trying to work around the problem as well as the support staff trying to clean up the mess. The obvious pranks are usually easy to identify and clean up. More subtle pranks that intermittently re-map keyboard functions, change language or display settings, or randomise every 108th keystroke are much harder to detect. These pranks are available from any number of web sites. E-mail jokes and various attachments (pictures, movies, etc.,) can consume bandwidth and employee productivity.
- Mail Bombs - This is a variation of a denial of service attack that involves bombarding a victims mailbox (or a corporate mail server) with so much mail, it overwhelms the system. These can include a variety of large attachments, or in a variant of the distributed denial of service attack, a "subscription bomb" that subscribes a user’s e-mail address to hundreds or even thousands of mailing lists.
Despite the losses, many companies still gamble with the security of their networks. Antivirus software is only the first step in preventing the spread of outbreaks, but it is still a largely reactive approach that requires updates to be distributed to protect against every new vulnerability that is discovered.Effective malware management requires administrators to be proactive. To protect your environment, consider the following recommendations:
- Establish a single point of contact - New threats and outbreaks need to be reported and tracked as soon as they occur, and analysed for trends. Are your outbreaks coming through via mail, the web, or from rogue software? Is there a particular user or group of users that tend to be the source of outbreaks? Your users need an expert who is aware of the most recent threats and can prevent infections, contain outbreaks, answer questions, evaluate software, test new virus definitions, update software and e-mail filters, and educate users.
- Internet policies - Not only is e-mail a common entry point for malware, but so is the Internet. Blocking sites that may contain malicious script (which can be run via a browser) and prevent users from downloading software from questionable sites can go a long way to protecting the integrity of your network. Work closely with your business managers to find a balance of usability and security.
- Lock down your workstations - It's hard for malware to spread or delete files if the user that launched the file doesn't have permission to do it themselves. Use the security templates that come with Windows 2000 and XP to lock down your workstations so that regular users have a very limited ability to modify their systems.
- Secure your servers - As hackers that compromise servers often implant malware to expand their access or to launch a further attack if their efforts to increase their access to additional resources are unsuccessful. Servers need to be locked down, audited regularly, have strong password policies, be protected by firewalls, and have real physical security.
- Update systems for security vulnerabilities - It's not just hackers who love to exploit recent security vulnerabilities, but virus and malware writers as well. Some of the most "successful" virus and malware programs have taken advantage of commonly known system vulnerabilities in web servers, operating systems, e-mail clients, and other applications within a few weeks of the announcement. And in almost every case, a patch was available at the time of the announcement that could have prevented the outbreak. Keeping your systems up to date is as important as keeping your antivirus software up to date.
- Use a multi-tiered approach with AV software - Antivirus vendors love to sell corporations on the idea of a single solution for your entire enterprise. While this may be cost effective and reduce administration, it may also increase your risks having a real infection go unnoticed. By using two different vendors for the server and workstation level, you improve your chances of rapidly detecting a new outbreak.
- Don't rely on Antivirus software alone - Even up to date antivirus software can miss a virus or other malicious software, and for many companies antivirus software is their only protection from malware. New threats can go from zero to global in hours before vendors even have a chance to respond. Many virus packages may also attempt to disable common antivirus software packages, meaning you could be infected and never know it. Secure your network from internal and external attacks in order to head off a hacker that seeks to "seed" your environment with malware. And follow the recommendations in this document.
- Scan proactively - Although most AV software is configured to scan documents as they're opened, they're also quite capable of running an "on demand scan" of every file stored on your network. Unfortunately, this is rarely done in corporate environments. You may not be able to scan every desktop, but you need to scan every server at least once a week, and critical servers daily. Especially servers that contain user’s home directories, e-mail, and critical business files.
- Backup aggressively - If a virus or other piece of malware gets loose on your network and starts deleting files (or worse, subtly modifying data), how much data could you recover? If your company only backs up data once a week, you could be in for a nasty surprise. If a virus goes undetected and slowly spreads across your servers subtly modifying data or seeding a logic bomb set to go off on a specific date, you could lose weeks or even months of data. Be sure to include a malware infection recovery plan as part of your company's disaster recovery policy.
- Monitor your power users - Users with administrator access and other privileged accounts with broad network access are at risk for spreading malware across multiple systems if they encounter an infected file. Limiting accounts with broad based network privileges is the first step, but you also need to monitor all accounts that have the ability to access and modify your company's critical data. It's not just malware that can misuse these accounts, but hackers as well - if they manage to crack a privileged user’s account using a password stealer or backdoor program.
- Monitor your laptop users - Laptop users are more likely to be higher tier employees that have access to your company's most sensitive data, often without a healthy respect for computer security and the risk from hackers, laptop thieves, and malware. Laptop users that access the web from DSL and Cable modems from home or wireless networks in coffee shops and hotels are at high risk for data theft, or having malware implanted onto their open shares. Password stealers, backdoor programs, can all be installed on a laptop which then becomes a type of Trojan horse when it logs onto a network that trusts it. All corporate laptops need to have a higher level of security than their desktop counterparts and laptop users need to receive training on the risks associated with being a mobile user. In addition high level executives should have a technical contact to answer security questions as they come up and insure security measures aren't circumvented.
Secure your wireless networks - Forget hacking the firewall, intruders have a new favourite access point to your company's data - your wireless network. Locating and tagging wireless networks has become a popular past time for hackers who often
Web Services
Email is essential to business now, guardian provides email solutions to suit your business, we can provide web mail to access from anywhere, exchange email within your business, email to fax services, email to text message (or sms) and Spam controls to remove the unwanted email from your inbox.
Having a website is good idea with even small business, having that website hosted is necessary, however you need reliable hosting that is always working for when that new customer visits your website. We provide reliable hosting solutions with support for E-commerce websites and customised web solutions. We also provide full support with your website, whether you’re just moving your website to us or need our design services.
Back to the top
E-Commerce or a online shop used to be very expensive to setup and maintain, now with 60% of retail customers using the web to find the product or service they are looking for, it has now become a cost effective outlet to add to your business. We provide E-Commerce design services, and hosting solutions to suit your business.
We can also provide maintenance services and update services to ensure your products, pricing, shipping information are up to date and your website is running reliably. We can now even integrate SMS messaging on your e-commerce website to inform your customers of special offers and when their product has been dispatched.
Back to the top
Guardian provides a full design service to suit your needs, but we also help promote your website on the internet with full optimisation services, so that when your net customer is searching for you on the web they can find you easily. This is done in several steps and can be suited to any budget. We can adjust your website design and content so that the search engines can more easily read your website, all the way to pay for advertising services to increase your visibility to customers on web.
Back to the top
With most businesses having internet connectivity to communicate via email and browse the web, the problems of Malware and Spy ware are becoming more and more apparent, costing businesses and causing downtime while workstations are rebuilt or viruses removed from networks. Antivirus and Anti-malware software is only half the solution. We provide solutions to monitor web activity, block malicious software being installed on your workstations and control web usage throughout your organisation. This can reduce the cost of maintaining your IT by stopping the potential problems before they affect your business.
We can provide a customised service which controls all aspects of web usage on your network and provides detailed reporting by email or webpage, while still flexible enough to allow different levels of web access to different users within your organisation.
Back to the top
