Firewalls for Home Use

A question I see often is what firewall is the best for a home/residential environment? Before I get into that, we must realize that the majority of non tech-savvy people do not even have a firewall, or they have one but it’s not enabled/configured correctly, or they’re just not sure. In an age where we see more weaponized vulnerabilities and threats year after year – this is a huge problem. The problem though, is as big as an issue for consumers as it is for businesses such as ISPs and network device manufactures.

Home router firmware hasn’t change much over time. In early 2016, The Wall Street Journal looked at the security capabilities of the top 20 home routers. Only six of those had up-to-date firmware at that time, and just two of them had good password processes. The recent ASUS settlement with the Federal Trade Commision over the critical security flaws in their home routers is further proof that home router manufacturers don’t take security seriously. Today’s home router selections don’t offer you the flexibility to set up your network the way you see fit. They also don’t provide you visibility into the devices that are connecting to your network says Untangle.

There is a wide array of security practices that would probably make you shake your head.  Just the other day I was at my parents place and found that the ISP provided modem/gateway’s firewall was set to “NAT only”. The firewall was disabled and it even stated that this was the default option and that enabling the firewall was “optional”. I would highly suspect that this is the default configuration for all of the ISP’s customers. This means the firewall functionality and security legwork is responsibility of the end-device. Scary! Continue reading…

Windows Server 2016 – Technical Preview 5

Install

Microsoft has released Windows Server 2016 Technical Preview 5 (build #14300). You can see what’s new here. This could probably be one of the last few TP (tech preview) builds that we will see. Especially so if Microsoft is still firm on their plans to officially launch Windows Server 2016 this summer (Q3 2016).

As long as you are running VMware ESXi 5.5 or higher (6.0 or later is recommended) then Windows Server 2016 is an supported operating system on VMware. You can even select it as an option for the guest OS on virtual machine version 11 or higher. Keep in mind that VMware VM version 11 restricts you to using the web client ONLY. When moving from a previous version of Windows Server to Windows Server 2016 Technical Preview 5, you will need to uninstall the previous version for a clean installation of Technical Preview 5. You can download TP5 as an ISO, however Nano server is only available in VHD format. See Getting Started with Nano Server for full details.

Personally I was never a fan of Windows 8.x or Server 2012. So far I think that Windows Server 2016 is already step in a better direction. Even in technical preview it offers many improvements of it’s predecessor. Windows Server 2016 Technical Preview 5 provides a wide range of new and enhanced features and capabilities spanning server virtualization, storage, software-defined networking, server management and automation, web and application platform, access and information protection, virtual desktop infrastructure, and more. The GUI version or what is now referred to by Microsoft as the “Desktop Experience” is my current de-facto standard. If you use or have seen Windows 10 then right out of the box you will notice that Server 2016 is a stripped down, optimized, server version of Windows 10.

Choose Standard or Datacenter edition, depending on the features you need:

  • Windows Server 2016 Standard
    • Up to 2 VM’s or Hyper-V containers
    • Unlimited Windows containers
    • New Nano Server deployment option for “just enough OS”
  • Windows Server 2016 Datacenter
    • Unlimited VM’s and Hyper-V containers
    • Unlimited Windows containers
    • New Nano Server deployment option for “just enough OS”
    • Shielded VM’s and Host Guardian Service
    • Storage features, including Storage Spaces Direct and Storage Replica
    • New networking stack

Windows Server 2016 Technical Preview 5 Gallery:

Overall Technical Preview 5’s new features seem to be focused on Hyper-V, Networking, Storage, Nano Server and Security. In Server 2016 you will also find Windows Defender and “Windows Server Antimalware” is installed and enabled by default.

The introduction of Host Guardian Service (HGS)’s new feature Shielded Virtual Machines which focuses on the security of virtual machines running in the Hyper-V environment. The goal of shielded VMs and Guarded Fabric is to help provide service providers and cloud operators the ability to offer their tenant administrators a hosted environment where protection of tenant virtual machine data is strengthened against threats from compromised storage, network, and host administrators, as well as malware.

This is just a quick post showcasing the new tech preview build. I will have a more in-depth view of all of these features and more when a release candidate build is finally available.

What do you think of Windows Server 2016 so far? Comment below!

Microsoft support and security updates for Internet Explorer 8, 9, and 10 end on January 12, 2016

Internet-Explorer-centered-header-664x374

Microsoft has announced that they will no longer provide security updates or technical support for older versions of Internet Explorer. Running older versions of Internet Explorer after January 12, 2016 may expose you to potential risks.

The latest version of Internet Explorer will continue to follow the component policy, which means that it follows the support lifecycle and is supported for as long as the Windows operating system for which it is installed on. Focusing support on the latest version of Internet Explorer for a supported Windows operating system is in line with industry standards.

Most customers are already using the latest version of Internet Explorer for their respective Windows operating system, however we have found there is still fragmentation across the install base which poses problems for web developers and support staff. Microsoft recommends customers upgrade to the latest version of Internet Explorer available in order to experience increased performance, improved security, better backward compatibility, and support for the modern web technologies that power today’s websites and services.

Beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical support and security updates, as shown in the table below:

Windows Desktop Operating SystemsInternet Explorer Version
Windows Vista SP2Internet Explorer 9
Windows 7 SP1Internet Explorer 11
Windows 8.1 UpdateInternet Explorer 11

 

Windows Server Operating SystemsInternet Explorer Version
Windows Server 2008 SP2Internet Explorer 9
Windows Server 2008 IA64 (Itanium)Internet Explorer 9
Windows Server 2008 R2 SP1Internet Explorer 11
Windows Server 2008 R2 IA64 (Itanium)Internet Explorer 11
Windows Server 2012Internet Explorer 10
Windows Server 2012 R2Internet Explorer 11

 

Windows Embedded Operating SystemsInternet Explorer Version
Windows Embedded for Point of Service (WEPOS)Internet Explorer 7
Windows Embedded Standard 2009 (WES09)Internet Explorer 8
Windows Embedded POSReady 2009Internet Explorer 8
Windows Embedded Standard 7Internet Explorer 11
Windows Embedded POSReady 7Internet Explorer 11
Windows Thin PCInternet Explorer 8
Windows Embedded 8 StandardInternet Explorer 10
Windows 8.1 Industry UpdateInternet Explorer 11

 

For customers running on an older version of Internet Explorer, such as Internet Explorer 8 on Windows 7 Service Pack 1 (SP1), Microsoft recommends customers plan to migrate to one of the above supported operating systems and browser combinations by January 12, 2016.

Customers have until January 12, 2016, to upgrade their browser after which time the previous versions of Internet Explorer will reach end of support. End of support means there will be no more security updates, non-security updates, free or paid assisted support options, or online technical content updates.

 

Sources:

 

Dashlane – Password Manager Review

000203_2015-11-09 08_33

First off, I am a technical user. Nothing gripes me more than a piece of software that is too dumb’ed down for the sake of “ease of use” that it lacks basic functionality. I have tried many password managers in the past but just have not been impressed by their reliability, security, features, etc. This is no longer the case since I discovered Dashlane. It’s both user friendly enough to be easy for anyone to use but also has the technical options and features that makes it usable day to day by a technical user or a systems administrator.

The best way to stay secure on the web today is to have a unique secure password for each individual website or service that you use. That way when one of your credentials are compromised the fallout is limited to that login and not everywhere you use that same password. The problem is how is someone supposed to remember a unique and secure password for each website they visit? You don’t. You use a password manager. It will generate a unique password for you, store it securely and automatically login to the website when you visit it. This both saves time from having to remember the password and have to fill in the login form. Maybe the time saving is trivial at best, but after say 500 times that adds up to lots of filling in login forms! Again the main point here is for security.

 

A closer look at WHSuite (Beta 4)

000163_2015-07-16 08_11

I had an article last year about the the company (Turn 24 Ltd) looking for participants for it’s alpha/beta of WHSuite. Since then it seems development has been in full swing and now the product is in open beta – which means anyone can (and is encouraged to) beta test the software. See the WHSuite website for more details.  I have been following development ever since the alpha stage and when time permits testing their software when a new version releases.

In this post I wanted to take a deeper look at what makes WHSuite. I will be doing a basic install on the vSkilled development server and playing around inside WHSuite. I’ll be adding some dummy customers, packages, domains, etc and see how things function at a core level. As the software is still in beta status we have to take into account that things can and will change – however with the launch of this version a developer has stated “Beta 4 concludes all changes to WHSuites core. At this point we’re only focusing on code-breaking bug fixes.” says Rick from WHSuite. This means this is basically what we can expect to see in the general availability release of the software at launch; of course following minor changes, bug fixes and probably some cosmetic changes.

Actually during the writing of this blog post I uncovered a number of bugs with the software and reported all that I could find to the developers.

The purpose of this post is to take a look at WHSuite in it’s current state for those who haven’t had a chance to see it in action, as well as provide my opinion on it for feedback to the community and developers for making potential improvements. This is not a sponsored/paid post.

vSkilled WHSuite Test Environment: (2015-07-15)

  • 2 CPU / 4GB RAM CentOS 6 VPS Server with cPanel/WHM 11.50.0 (Build 23)
  • Apache Version 2.2.29 w/ Varnish Cache
  • PHP Version 5.5.26
    • Ioncube Loader, MCrypt, PDO, PHP JSON, and Fileinfo Extensions
  • MySQL Version 5.5.42-cll
  • ModSecurity disabled
  • WHSuite Version 1.0.0-beta.4

WHSuite Installation Process

At the time of this writing there is only a scarce amount of documentation for WHSuite, that is something they are actively working on. That’s fine anyway because I probably wouldn’t read it unless I encountered an issue. Prior to this setup I created a MySQL Database and User with appropriate permissions and uploaded the WHSuite files to the web server.

After filling in a few setup forms our WHSuite install was finished. A quick removal of install.php and a tweak of .htaccess since I had installed it into a sub folder and I was up and running in about 5 minuets. Out of the box it gives you a clean/bare installation that you can then fully customize. Props for a very easy install process.

By default all of the “Addons” are disabled, so first you will want to check out the Addon Management page and enable everything that you would want be using in your environment. It has the basics that you would expect from a web host billing platform; domain registrar modules, payment modules, ticket system, knowledge base system, and support for cPanel, Parallels, and DirectAdmin.

For the purposes of this demonstration I took some time to setup some dummy information (clients, packages, etc) to replicate what this might actually look like in a production environment. To properly set everything up to point of accepting a customer for example would take at least an hour if you have everything required (cPanel server info, email’s setup for support system, etc).

Administration Interface

WHSuite uses a modern looking administration dashboard. The dashboard is where you can get a quick glace of the current state of your business. This is the area where as the business owner, support or sales agent will spend most of their time so it has to be functional and clean which I believe WHSuite does quite well.

It is a tree-menu driven system to navigate around in the backend. I found it nice to have full control over the menu system (from Menu Management) of both the client and admin interface. If you wanted you could completely re-arrange all of the links of the menu’s as well as add, change, or remove the existing links.

Customer management I found to be slightly lacking in terms of functionality. For example if I wanted to manually add a service/package to a customer’s account from the admin back-end there is no way to do so without using the login-as-client feature and placing an order on their behalf. In the couple of hours I spent playing around I found it had a bit of a learning curve to find where things were, but once that was sorted out it wasn’t too bad.

The support system was pretty basic as well but would be fine for a small hosting business. You can customize the support ticket statuses, colors, and it has an auto close functionality. It also supports having multiple departments and email piping. I didn’t like that clients have the ability to change the status of tickets with their reply and would hope for more granular permission control over something like that in a future release. For example a client can change the ticket status when they submit a reply. In the situation of an abuse complaint support ticket for example I wouldn’t want the client being able to change the ticket status from their end.

I really liked how Stripe was included as a payment gateway out of the box as this is still something that most other billing solutions don’t have without the use of a third-party plugin.

Client Interface

The client interface is the “business end” of any billing suite. With WHSuite you get a pretty simple and clean looking client area. It’s almost too clean though because it has a very “stock” feel to it. In time I can imagine this will improve and I’m sure it wouldn’t be too difficult to re-brand it.

There is everything you would expect that a client would need to manage their account, pay their invoices, and manage their services. Clients have the ability to submit tickets if the support system module is enabled. There is also a knowledge-base addon that I didn’t get into testing but is freely available for use.

Keep in mind all client information shown in the images (and otherwise) is completely fictional.

Conclusion

Overall I think WHSuite has potential. You have to keep in mind that they are trying to compete with many other types of billing platforms for web hosting companies. In it’s current state I think WHSuite will have some work to do to get up to par with some of those other billing systems, but considering the software is still in it’s infancy they are off to a great start. Over time as WHSuite matures as both the software and their company I think that they could definitely compete in the market. I think WHSuite would be best offered at a lower competitive price point and targeted towards startup and smaller web hosting operations.

 

What are your thoughts on WHSuite? What billing platform do you use and why? Leave a comment below!

 

WHSuite – Alpha/Beta Group

Today the WHSuite development team announced that the Alpha/Beta groups is now in full swing. They are releasing Alpha v1 to all testers next week and the focus for the first Alpha build will be bug fixes and stability.  The testing will go out to a select few for “alpha” phase testing. I have been accepted into the official tester team for WHSuite and will provide more details and reviews as things progress.

Approximately 25 people have been selected for the Alpha testing, and as they move to beta releases they anticipate they will accept at least another 50 more testers. The people who actively contribute will also receive an owned license with 12 months of support. Woot!

I personally have used WHMCS and ClientExec extensively, including beta testing for both products. All platforms have their strengths and weaknesses, but having WHSuite join the market is good news. When it comes to web hosting billing platforms there are only a handful of worthy names; WHMCS, ClientExec, Blesta, and HostBill. I am excited to see what this team is able to come up with. If they play their cards right I can see many web hosts choosing to make the switch – if the circumstances are right for their business requirements.

For those interested in being part of the alpha/beta test, you can register your interest via this form.

Dashboard-WHSuite-ALPHAv1

 

Are you a web host? What billing platform do you use and why? Let me know in the comments section below!