Posted on

Why you should be using Open DNS

 

What is OpenDNS?

Open DNS is a free DNS lookup service, provided as an alternative to using your ISP’s DNS service. It provides additional features for filtering, web security, statistics, and speed improvements. The business collects revenue from adverts served from search pages, and from the enterprise products they offer, which provide more detailed reporting and more granular features. It’s suitable for use by home users and businesses.

  1. Features
    1. Web content filtering by category
    2. Malware url blocking by default
    3. Phishing website protection
    4. Statistics of DNS resolution
    5. Blocking of malware infected devices “phoning home”
    6. Notification of above devices attempting to phone home
    7. Typo correction (e.g. yaho.co.uk will resolve to yahoo.co.uk)
    8. Custom URL whitelists and blacklists
    9. DNS caching – if authoritative DNS fails, requests will resolve to the last good IP address.
    10. Multiple networks on one account
    11. Potential speed improvements
    12. Zero cost
  1. Benefits
    1. An extra layer of web access filtering can block access to websites by category, such as pornography, malware, adware, and others.
    2. Where your web filtering application or server may fail, Open DNS will pick up the slack, and block inappropriate sites, malware, or phishing attacks. This should result in significantly fewer virus infections.
    3. Where a machine is infected, it will not be able to contact malware servers to update itself or spread further (assuming the malware uses DNS to lookup the home servers). Statistics will show you when devices do attempt to contact malware servers, highlighting potential problems with infection.
    4. Staff will be further protected from online scams and phishing attempts, protecting both them and the business.
    5. Easy-to-read and access statistics will show us which domain names are requested most frequently, and at what times of day. It also highlights where local addresses are being incorrectly forwarded, and may aid fault resolution or identification of previously unknown faults.
    6. Typo correction improves the safety of online activity for users, and improves the user experience, potentially resulting in fewer helpdesk calls.
    7. Where an authoritative DNS server fails to resolve a request, Open DNS will use the last known good IP address. This should also protect against malicious DNS attacks, such as that against NetNames earlier this month.
    8. OpenDNS is usually faster than ISP DNS servers, resulting in an improved user experience.
Posted on

Opening multiple calendars with Outlook 2003 and Exchange 2010

Due to the way Outlook 2003 interacts with Exchange 2010, if a user on outlook 2003 tries to open multiple shared calendars, they may receive an error:

The action could not be completed. The connection to the Microsoft Exchange Server is unavailable. Outlook must be online or connected to complete this action.

This is because outlook 2003 has to open multiple mapi connections to exchange 2010 for each calendar, and in doing so, hits the default limit of concurrent connections set in the default throttling policy (20). This problem occurs due to Outlook 2003 dependencies on reference Mailbox Database support, which is not supported in Exchange Server 2010. Outlook 2003 clients must now reference the Exchange Server 2010 Address Book service when they open shared calendars.

Usually, restarting outlook provides a temporary fix, but as more mapi connections are created, the limit is reached again.

Using Exchange Shell, I created a new throttling policy with a maximum of 40 concurrent connections.

To create a new policy:

  • New-ThrottlingPolicy <policyname> -RCAMaxConcurrency 40

Check the details of the policy:

  • get-throttlingpolicy <policyname>

Check the user has the default policy applied already:

  • Get-Mailbox -Identity <username> | fl

To apply it to a user:

  • set-mailbox -identity <username> -throttlingpolicy <policyname>

Then test opening multiple calendars.

There is actually a registry key that sets a limit on the Exchange Information store, at 32 connections, so without changing this, clients will still be limited in the number of calendars they can open, but it looks like 32 connections is enough to open 5-6 calendars.

If you were to change these registry keys, they are:

  • Maximum Allowed Sessions Per User
  • Maximum Allowed Service Sessions Per User



Posted on

Today’s illegal downloaders are the entertainment industry execs of the future.

The entertainment industry has been slow to embrace the internet, and it’s fair to say that it still hasn’t got its head around a business model that enables consumers to purchase music and films at a reasonable price, online, and without heavy-handed restrictions on use.

itunes was (is) only successful because it’s easy to use. For people with one computer, one iphone or ipod, and an itunes account, it’s the easiest way in the world to purchase music and film downloads online. However, if you have more than one computer, and/or more than one playback device, the DRM imposed upon itunes downloads restricts your use and enjoyment of your purchase measurably. The alternatives are to use Amazon, play.com, or another DRM-free download outlet, or simply use a P2P “illegal” download service. Frequently, due to the technology behind P2P / torrent downloads, it’s also the quickest way to get hold of digital media. This is patently absurd. I can think of no other product where the “free” version is easier to get hold of and easier to use than any paid-for option.

Note: I’m not endorsing illegal downloading, simply stating that if it’s as easy, or easier, than paid-for downloads, people are going to do it. Make paid-for downloads more attractive by removing DRM, introducing an easy, more universal, very fast method of purchase and download, and look at other ways of adding value (bonus content, concert tickets, graphics and other media), and people will pay for them.

The music and film industry simply don’t understand the new business models, or are not willing to change their own. Instead, they foist anti-piracy adverts onto rental and purchased DVDs (Why?! I’ve just paid for it after all.), they add DRM to their own products, making them more difficult to use (the king of “anti-features”), they hunt down file-sharers and threaten them with court cases, and they insist on sticking by their mantra that one illegal download equals one lost sale (if you were let loose in a sweet shop and told it was all free, you’d grab more than if you were paying for the stuff, right?).

Of course, it’s not all bad. The people that are using P2P and torrent technology to acquire digital media today are the business and entertainment industry executives of the future, and they will understand this technology and these business models better than anyone in the industry at the moment. Maybe we’ll soon see a fresh wave of new businesses, new record labels, new legal download outlets, and an industry that sees its customers as valued clients, rather than a thorn in its side.

Posted on

The ten principles of IT Management (and probably a lot of other jobs).

1. Work your way out of a job.

If there’s any procedure, task, or process that you have to carry out or manage more than once, you should consider automating it. What’s the point in you doing it, if a machine can? Of course, some things have to be done by a human, but can you streamline the task? For example, can you stop searching through event logs every week, and instead set up a monitoring system that will alert you by email and/or sms to certain types of errors?

2. Make life easier for users

Your users are customers. They pay your wages and are essentially the only reason you’re in the job. By making their life easier, you’re enabling them to make money for the business, instead of working the system. You’ll also be making them happier, and that’s a good thing.

3. Constantly evaluate costs, and try to reduce them.

Costs creep up. They always do, and forever will do. Keep an eye on them, and constantly try to think of ways that you can reduce them: do you need that old server, or can it be virtualised? Do you need all your mobile connections, or can you cancel some? Do you have any old printers that aren’t utilised enough? Get rid of them. Is your hardware vendor giving you the best deals? Are you out of contract with your telecoms firm, support firm, leased lines, printers, or anything else? If so, look for a better deal and/or renegotiate.

4. Constantly evaluate the business, and try to increase productivity.

Don’t take your eye off the ball with what the business is up to. It’s easy to focus on the day to day stresses of the IT function, and your pet projects, while the business starts running in a different direction, and before you know it, you’re off doing something that is hard work, and provides no benefit to the business, or you’ve missed an opportunity. Get involved in the different functions, like marketing, and strategy (even if your directors don’t actively involve you – just get in there anyway.)

5. Consolidate

One contract is better than two. Vendors fight harder for bigger contracts, and there are big efficiency savings to be made by consolidating. Multiple contracts for a similar service just wastes money, administrative effort, and doesn’t make the supplier work as hard for you.

Consolidation applies also to IT systems and infrastructure, of course, but only where sensible. One server can carry out multiple roles, but not at the expense of reliability, or necessary performance.

6. Be a pessimist – plan for disaster.

Shit does happen, and it will happen in ways that you didn’t predict. When setting up and supporting systems, ask yourself:

“How could this fail?”

“What’s the impact if it does fail?”

“How can i recover from failure?”

and

“How can I reduce the likelihood of it failing?”

Note that you can never completely prevent something from failing, but you can make it so unlikely that you don’t have to worry. Ideally, everything should have a redundant partner, ready to failover, but if that’s not possible, make sure to be ready to recover from failure, and mitigate the impact.

7. Be an optimist – plan for expansion and success.

As important as planning for failure, is planning for success. If you have 2000 users now, don’t spec a mailserver with just enough capacity to serve all of them just enough. Spec a server with enough capacity for 3000, or 4000, or 10000. Don’t spend more than you need to, but you can guarantee that if you only spec just enough now, it won’t be enough in a year or two.

8. Don’t be afraid to make mistakes.

Try new things, and accept that not all your endeavours will work out well. Some may turn out to be awful, but some may turn out great. Try out new technologies, new systems, or even old systems that you haven’t tried before. If you don’t know how to do something, ask. And if there’s nobody to ask, do it anyway, and work it out.

9. Stay on top of technological progress.

Go to seminars, webinars, workshops, training events, trade shows, and new product demonstrations. It’s easy to get behind in IT, and you don’t know the things you don’t know. You can’t do many of the things before this item if you don’t know about the newest technology, systems, products, or services. Also, by keeping really up to date, you can help your business keep ahead of their competitors.

10. Network

And I don’t mean with ethernet cables. Networking is especially important if you work in a small IT team, partly because you learn best from others. You’ll learn what other people are doing, how they’re doing it, why, and who with. You’ll find out how to do a better job for your business, and make a better career for yourself.



Posted on

Why are we running out of IP addresses? (About IPv4 and IPv6)

IP addresses are what computers and other networked devices use to identify each other on the network. This network could be your home wifi network, with two computers, a couple of iphones, a printer, and your ADSL router, or it could be the entire internet, with millions of connected devices. IP (version 4 – the “normal” version) addresses are made of 32 bits (thirty-two ones and zeros), written in the form of four “octets” (8 bits, or ones and zeros), separated by dots. Each octet can be any number from 0 to 255, because this is the number of different potential combinations of ones and zeros if you have eight in a row, like 11001001, for example.

So, if each number can be 0-255, and you have four of these numbers, there are 4,294,967,296 different potential addresses. Nearly 4.3 billion. That’s quite a lot, but not enough.

A home network might use a range of IP addresses that look like 192.168.1.x (where x can be anything from 1 to 254), and a big business network might look like 10.x.x.x or 172.16.x.x. Because you can change the numbers where the x’s are, you can give your network the ability to have different numbers of things connected. Being protected from the internet (a “private” network), these addresses can be (and are) used over and over again in homes and businesses all over the world. There are internet “rules” that tell people what IP addresses you should use.

Just so you know, the address 127.0.0.1 always means “loopback” or “localhost” or “home” – it’s commonly used for troubleshooting, as it is effectively the device’s own IP address. If you want to reach all the computers on a network, you use the IP address 255.255.255.255, or the “broadcast” address.

But on the internet, an address will more usually look a little different, and could be something like 209.85.143.99 (google.co.uk), 80.82.118.57 (this website), or 171.64.13.26 (stanford.edu). Everything on the internet needs to have a unique IP address, from websites, email servers, itunes, internet radio stations, your iphone, and your home ADSL router. There are some clever ways that internet service providers conserve the number of IP addresses they need to use, by re-using IP addresses that haven’t been used in a while (which is why your home IP address may change every now and then), or using “network address translation” techniques (essentially giving out “private” IP addresses and re-routing them) so that multiple devices can use the same “internet” IP address.

However, partly because there are increasingly more and more devices connecting to the internet, more servers, and more websites, but also due to IP addresses being handed out in blocks (resulting in many not being used, but not available for use by anyone else), we’re running low. Current estimates put the running out date as early as February 2011, but by clawing back some of the wastage, and using Network Address Translation, the internet should be safe for a while.

Long term, however, we need a new system. That system is IP version 6, which instead of 32 bits per address, uses 128 bits, and therefore supports 2128 or approximately 3.4×1038 unique addresses. By comparison, this amounts to approximately 5×1028 addresses for each of the 6.8 billion people alive in 2010. Actually, the primary aim of IPv6 was not really to provide such a huge number of addresses, but rather to enable devices to more simply allocate addresses, improve routing efficiency (less requirement to fiddle around with address translation or port forwarding), and add clever features such as authentication and data integrity.

Oh, because I know you’ll ask, IPv5 was an experimental streaming protocol, which is why we’ve gone from IPv4 straight to IPv6.

Globally, IPv6 is still very much in its infancy, with largely only the internet big players such as google beginning to roll it out. If you have new hardware and Windows Vista or 7, however, you can use it quite effectively in your private home network. On the internet itself, there’s not that much around yet. Facebook have an IPv6 address at http://www.v6.facebook.com/ and google have theirs at http://ipv6.google.com/, but without an internet-facing IPv6 connection, you won’t be able to get to those links, yet, as there are some issues to be overcome in combining the two addressing protocols. Possibly the biggest and most notable use so far of IPv6 was the 2008 Olympic Games – http://ipv6.beijing2008.cn/en (IP addresses 2001:252:0:1::2008:6 and 2001:252:0:1::2008:8), and all the network operations of the games were conducted using IPv6.

In a few years’ time, we’ll all be using IPv6 in one way or another, by using 4G mobile phones, connecting our homes to high-speed internet, accessing new websites and web services, and more; though IPv4 is going to be around for a long, long time.