Archive for July, 2008

Reasonable Network Security

Written by Nick B. Nicholaou on . Posted in Articles

© 2008 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from Christian Computing Magazine

Church and ministry networks have unique security needs.  Many mistakenly approach network security in our niche like they would a club or hobby, and thus don’t go far enough to protect our data and our team.  Others mistakenly go so far they impede the team and increase their support call volume unnecessarily.  We have worked or consulted on hundreds of networks in churches and ministries, and we have developed an approach that protects and empowers while minimizing support needs. I’ll share it with you so you can enjoy the same results.

We Are Vulnerable!
There are those who want to hurt us!  Whether they’re hackers, disgruntled former employees, or internet programs (bots and other malware), our systems are vulnerable.  Our systems have full-time internet connections that offer an opportunity to those on the outside to cause damage.

We also have system users who accidently delete files, introduce malware, or lower our security protection by sharing their passwords.  Some question why we need to be so protective.

The first step in reasonable network security is the regular reminder to staff that we have sensitive data on our systems— contributions information, payroll information, social security numbers of staff, counseling notes, and more— that we are required to protect on behalf of those who could get hurt if that information were made public.  System users need to keep their passwords confidential, not sharing them with anyone on the team other than the network administrator.

Biometrics Anyone?
Many are beginning to use fingerprint readers instead of passwords to improve network security.  The cost is minimal; in fact, Dell is now shipping systems with these devices at no extra cost when asked to!  The benefits include no one being able to use another’s network username, including team members’ kids!

Off-Site Access
Most churches and ministries have staff that need to access the network from off-site.  There are a number of ways to accomplish this; the best is via Microsoft’s Terminal Services.  Any network running Windows Server 2000 or newer has this feature available.  It allows approved users to access the network from off-site as though they were sitting at a desk on the campus and connected to the network.

The benefits are:

  • It’s very fast!  The only data that gets transmitted is monitor images, keystrokes, and mouse movement.
  • It’s very secure!  All the data stays on your network servers!  Security can even be improved more by adding a security certificate, which we strongly recommend.
  • It’s very inexpensive!  You already own the technology, all you have to do is configure it and show your team how to use it.  And since it’s all server-based, there’s no need to keep workstations running and using electricity like some other solutions.

Firewalls
A firewall on a network is a protective barrier that blocks harmful things.  We recommend three solutions that address different needs:

  • SPAM Firewall.  If your system is in any way typical, more than ninety percent of the email that hits your email server is SPAM.  It is essential that network users be protected from SPAM because a lot of it contains malware and other schemes intended to harm them and/or you.  Our favorite SPAM firewall is from Barracuda Networks (www.barracudanetworks.com).  Their devices are very capable and reasonable in price.
  • Access Firewall.  Who— or perhaps better stated— what should have access to your system?  In addition to controlling which team members can access your system from off-site, it is necessary to protect your system from internet programs (referred to as ‘bots’) that are constantly looking for server and system vulnerabilities.  Our preferred access firewalls are from SonicWALL (www.sonicwall.com).  They have the ability to completely secure your system from intruders, and are well worth the expense.
  • Internet Accountability.  For most, internet filtering is not necessary.  But for all, internet accountability is!  The difference is helping those on our team to want to avoid any inappropriate internet content even when no one is watching.  The best solution we’ve found to accomplish this is from Covenant Eyes (www.covenanteyes.com).  Their software does not filter content (though they also offer that option).  Instead, it sends easy-to-read accountability reports to those holding system users accountable (we recommend at least two: their supervisor and their spouse or parent, etc) with scores that highlight inappropriate sites.  They have special pricing for church and ministry teams so that it’s very affordable, and we consider it essential on all ministry-owned systems.
  • Internet Content Filtering.  For those with schools or who offer public internet access through wireless cafes, etc, internet content filtering is a must.  Again, we recommend SonicWALL’s solution for this.  The good news is that it’s all done through the same device as access filtering!

Local Workstation Rights
An area where many go beyond what’s necessary is local workstation security.  We have found that an easy way to empower users is to give each user local administrative authority.  This does not mean they have administrative authority on the network; only on their local computer.  This eliminates a large percentage of support calls and keeps users from feeling like they’re fenced in.

The potential dangers are that users might install something they shouldn’t or that they would do something that requires rebuilding their system.  Training can help the first (though that risk never completely goes away), and using a strategy employing software such as Symantec’s Ghost (www.ghost.com) to build local workstations reduces the cost of the second threat.

Backup, Backup, Backup!
Enough can never be said for the responsibility to ensure the most critical data is backed up daily and a copy stored off-site at least weekly.  This may be the network administrator’s most important responsibility because it ensures the ministry’s data will not be lost in a catastrophe.

That’s our strategy!  And anyone can do it!  I hope it helps you and your team to do more for less, and to do it more reliably and without distraction.

Mac Tips & Tricks

Written by Nick B. Nicholaou on . Posted in Articles

© 2008 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from Christian Computing Magazine

Macs and PCs do mostly the same things, but they do them differently.  Each platform has its quirks, and since I now use a Mac I’m learning some good tips and tricks that make me more productive on it.  A couple of these have been in my previous Mac articles, but most haven’t.  They may help other Mac users— especially those who are former PC users or who primarily support PCs— understand how to make the Mac work a little better.

Routine Maintenance
One thing that surprised me was that Macs are engineered to do certain routine maintenance tasks unattended at specific intervals.  This is a carryover from Unix, the foundation of Mac OS X.  Mac OS X behaves like a server because Unix is a server operating system.  These maintenance routines clean up log files, caches, temporary files, histories, etc, but only if the system is not either shut down or in sleep mode.

If you leave your Mac powered on overnight, it will automatically run its routines between 3:15am and 5:30am (your local timezone), when it figures no one would be using the system.  If, like me, you turn your system off overnight, those routines won’t trigger.  You can buy software that will run them or their equivalents, reschedule them, or just use the following commands (only the part between the quotes) in the Terminal utility:

  • Daily maintenance command: “sudo periodic/daily”
  • Weekly maintenance command: “sudo periodic/weekly”
  • Monthly maintenance command: “sudo periodic/monthly”

After entering any of these commands into the Terminal utility (the Terminal is the Unix equivalent of a command prompt), it will likely ask for your password.  You must have administrative rights on the Mac for these to work.  Also, make certain you let the command complete (return to a prompt) before entering another.

Display Hidden Files
Sometimes it’s helpful to see those files normally hidden by the operating system.  To display hidden files in Finder (the Mac equivalent to Windows Explorer), enter the following command in Terminal:  “defaults write com.apple.finder AppleShowAllFiles TRUE”.  As with all Terminal commands, this is case sensitive.

Adding a Separator to the Dock
I like to organize my Doc by putting “system” icons on the left, applications in the middle, and trash on the right.  You can add a separator to the Dock and move your icons around it to help accomplish this visually with the following commands:

  • To add a space to the left side of the Dock (the applications area), enter the following command in Terminal:  “defaults write com.apple.dock persistent-apps –array- add ‘{tile-data={}; tile-type=”spacer-tile”;}’”.  Once the prompt returns, follow it by entering the following command:  “killall Dock”.
  • To add a space to the right side of the Dock (the trash area), enter the following command in Terminal:  “defaults write com.apple.dock persistent-others -array-add ‘{tile-data={}; tile-type=”spacer-tile”;}’”.  Once the prompt returns, follow it by entering the following command:  “killall Dock”.
  • To remove them, simply drag them off the Dock as you would any other icon you’d like to remove.

Adding the Path to Finder’s Title Bar
I like to see the path of the folder I’m looking in to make sure I’m where I think I am!  To do this, enter the following command in Terminal:  “defaults write com.apple.finder _FXShowPosixPathInTitle -bool YES”.

Mac Keyboard Help
PC users trying to work on a Mac might think there are some keys missing or that seem to not be functioning quite right on the Mac’s keyboard!  Here are some keystrokes that may help:

  • The Delete key acts like a backspace key!  To make it work like a PC Delete key, press the Fn key while pressing the Delete key.
  • There’s no Insert key!  Pressing Fn while pressing the ‘m’ key will insert.
  • In System Preferences, in the Keyboard & Mouse section, under the Keyboard tab, checking Use all F1, F2 keys as standard function keys will make the function keys work like they do in Windows.
  • When tabbing from field to field on a website, it may skip pull-down options
  • like predefined month or state lists.  Pressing Control + F7 will fix that!

Print Screen
There’s no Print Screen key!

  • Command + Shift + 3 will take a snapshot of the entire screen and place the file on your desktop.
  • Command + Shift + 4 will let you use your mouse to highlight what you want to take a picture of.
  • Command + Shift + 4 followed by a spacebar will let you take a picture of a whatever window the mouse is over.

Mouse Help
The Mac’s one-button mouse is challenging for PC users.  Here are a few tips:

  • Pressing the Control key while clicking will be interpreted by the system as a right-click, which Apple calls it a secondary click.
  • In System Preferences, in the Keyboard & Mouse section, you can tell the system to interpret two fingers on a trackpad as a right-click.  You can also tell it there to interpret two fingers moving as a scroll!  That’s really nice.
  • In the same System Preferences area, you can tell the system that two fingers moving on a track pad while the Control key is pressed will zoom the screen!  That’s very nice too!

While talking with one of Apple’s engineers this week I shared one of these tips with him that he didn’t know and he was thrilled!  Though these may not necessarily ‘thrill’ you, if you’re a new Mac user or a PC person trying to support Mac users, I hope they help.

MBS Customer Satisfaction Pledge

Written by Nick B. Nicholaou on . Posted in Articles

Our Pledge to Our Clients

Many who serve churches and ministries require that their clients sign a contract. We at MBS have never done that!
We believe we should do our best to earn your business every day, and if we don’t earn it you have the option of
simply terminating us. We’ve been serving churches and ministries since 1986, and we understand your corporate
culture. We pledge ourselves to the following:

  • Information we give you will always be accurate and up-to-date.
  • If we’re not certain about the answer to a question you ask, we’ll say so and offer to research the best answer.
  • Keeping in mind our normal work hours, we will always do our best to respond in a timely fashion and meet
    expectations. And when a client anticipates they’ll need us for an after-hours project, we’ll do our best to be
    available.
  • We constantly analyze our costs and look for ways to reduce them. Our goal is to make our services as
    inexpensive as possible while maintaining the quality you want/need. We are a mission.

Specific Policy & Procedure Handbook Template CDs Pledge

  • MBS PPHs are written by experts in their respective fields who are also church and ministry experts.
  • MBS PPHs will streamline the implementation of appropriate policies and procedures better and more
    accurately than any other product or service.
  • If, for any reason (we don’t even need to know why!) a client is dissatisfied with one of our PPHs, we
    will allow it’s return within thirty days for a full refund.
  • We update our templates regularly, and we contact registered users via email to let them know when
    updates are available.

Specific Network Engineering/Design/Implementation/Support Pledge

  • Our team’s approach is different than many engineering firms in that we work with you consultatively,
    helping you see the center of the target and make decisions that get your ministry as appropriately close
    to it as possible. We don’t sell or distribute any hardware or software, and thus don’t profit by your
    decision to purchase anything we recommend. Our recommendations are completely objective.
  • Our goal is for your network to be up 99.999% — or higher! That’s the standard AT&T set for the
    phone system years ago and is referred to as “five nines”; it means no more than five minutes of
    unscheduled downtime each year. The closer we can help you get— and stay— to the center of the
    target (the right hardware and software, coupled with our engineering), the more that kind of legendry
    up-time should be a reality for your team, and we’ve been delivering that for years!
  • We are fully available to work through your transition to our solutions, and we are also available to help
    transition to another provider if that choice is ever made. We always do so with good Christian character
    and grace, and we never gloat when former clients return— which they often do!

Call or email us and let us know how we can serve you and your team… we’d count it a privilege.

MBS, Inc.