Good IT Exercises: Documentation!

Important strategies and tools

Everybody’s talking about importance of physical exercise and routine workouts these days, and of course that’s the result of 21st century life-style which is forced through technology but how about some technology exercises and routine practices which can help reduce the pressure on tech staff workload and leads us to a healthier IT environment?

Documentation

It will be so easy documenting and actually using it as a powerful tool and a supportive factor in everyday IT dynamic environment. But Only once we realize the application and purpose behind it in addition to simple techniques.

is Documenting really that much hassle?!

Most of us see Documentation as a hassle, an extra useless job of writing some staff on paper or Word and Excel files, and give a version or revision number, control it (what does it mean exactly?)… and then live it dusty chest or even ends up with some nonconformity because it is not what a reflection of our real world processes…..what is the purpose? why people see this as a hassle and this way it is actually a negative workload. Rather than utilizing it, that utilizes our resources!

The reason task of “documenting” has seen and believed to be a bother for most of IT professionals or even business analysts, is that we are doing it wrong, so no doubt it utilizes resources without any value. The easiest way to describe what is right documentation is explaining what is not. first you should ask:

What is going to be documented and for what reason

If reason is justified as a “Management System”, or “Standard”, or “Certification” then the answer is wrong and you are going the wrong way. You should justify by reasons like: “part of manufacturing process”, “describing system of asset management”, “explaining why product X failed during evaluation”, “document of how an employee is hired”, and so on. But never have the Driver as the Reason.

Documentation is not complicated but just like any other skill, first we need to understand the concept, and then some practice. Mastering this skill would not take more than 1% of your daily duties so let’s see what is the heart of the matter:

Document the logic and purpose of a task or subject rather than describing details of a task. In other words, focus on goal rather than the task. This saves a lot of time wasting on useless information in documents. This is also one of the main reasons users later won’t refer to documents. So we waste time creating them and then force the audience to read but they won’t because content is boring, confusing and only waste of time; no added value or even negative value.

Why so many policies and procedures fail?

Screenshots and steps to do something is not usually what documentation is all about. That might be useful for a user manual (I would doubt!) but not as an option for an IT guideline or even procedure, work instruction or policy. Here’s an example:

An introduction to the basics of Risk Management and Disaster Recovery

Let’s say you want to document your backup process, Disaster Recovery Plan, malware response and handling procedure, or how a node is setup and connected to a system in another network segment, how anti-virus agent is deployed….and thousands of other scenarios. Now would you open a Word file and start capturing screenshots of each step?!

It means you might doing in right way if that sounds funny to you, but most IT personnel are so busy that they don’t have time to step back and think about the way things have been done Wrong in the past, and they just repeat the same tools and techniques

Benefits are endless, and the result which is an agile environment will be appealing!

Once documenting become a routine and as a regular exercise the benefits start to show off their positive effects in environment:

  • Less time spending on Documentation! More effective and useful documents!!
  • Refined workflows
  • Effective corporate communication and team elaboration
  • Compliance management in a controller manner
  • Certainty and confidence in changes: an strong and original strong change management
  • Faster, accurate and more effective and meaningful evaluation of future solutions. In other words, re-born of R&D within IT operations which I believe it has been totally forgotten in the fast paced today’s tech world
  • Smooth transition among staffing, team leadership and general daily administration
  • Audit and being audited any time with zero nonconformity or noncompliance
  • Better understanding of current processes and natural automatic and constant training for tech staff and end-users
  • Trustworthy IT team with reasonable full support from top management
  • Smarter internal and external customer relation and interaction
  • Reduced or almost zero anxiety among help desks and system administrators
  • Supporting to any future or ongoing management system and any framework which seeks documentation: ISO standards, Security management systems…

Do you need technical people to compile documents?

You need people that understand the logic of the document Subject, so it is likely that you need technical expertise but not necessarily a technical writer. Of course technical writers can add value but those value are not certainly useful and inline with purpose of documentation. Again refer to User Manual example.

IT Management in an ever-changing corporate environment

The moment you discover the power of documentation as an integral part of IT management model, you won’t let anything done without it (I have seen this also as an imbalanced approach). But the beauty of it, is more the fact that it is a useful tool for both management and staff, something that is so rare. Stay tuned for IT Documentation Workshop soon.

Naturally Secure Windows Machine

How to utilize native Windows security features to get beyond all the tools in the market?!
Windows Security Monitoring: Scenarios and Patterns
Dig deep into the Windows auditing subsystem

Most of the times ‘extra tools’ are just for doing things in a different way, perhaps more convenient, but not necessary in a better way, or more effective, cheaper or faster way and Windows is not an exception. Speaking of Windows security features, all the features we need are already part of operating system, they are either initially included or later provided by Microsoft. There are exceptions, but only when we are looking for a totally different structure, a very unique extraordinary situation, and that is where what we want is behind the Windows native features and capabilities, so we have to add something to the kernel or expand the API.

Windows 10 for Enterprise Administrators
Enhance your enterprise administration skills…

Windows Firewall and power of Micro Segmentation, EFS and power of Windows native file-level encryption, basic Access Supervisory via powerful native to kernel, Windows Event Monitoring and Sysmon, Group Policy and world of unlimited capabilities, PowerShell and unexpected security administration possibilities… and many more unleashed Windows features are already there, you just need to utilize them before thinking of buying a new tool!

In following articles I will explain how to unleash Windows native security features before shopping for a tool. Even though tools might be free, why add anything to Windows when it is already packed with most of the necessities? Let’s get through the basics briefly:

Zyxel ZyWALL (USG) UTM Firewall
Perfect for small offices…

Windows Firewall provides all you need as the cheapest and fastest host-based firewall for Windows. It does not matter if the target machine is part of a corporate network or small office or home computer. Most importantly, it is very easy to utilize it as part of your micro-segmentation and see how you can reach the effective filtering and totally eliminate lateral propagation of malware in a large scale network. But if you ask me why administrators ignore Windows Firewall, I have no explanation unless admitting that beauty of third-party firewalls totally blinds them!

Encryption in a Windows Environment
encryption is nothing new to Windows…

Encrypting File System (EFS) is a powerful file encryption which surprisingly has been ignored among new generation of IT administrators. Perhaps ‘encryption’ is enough scarry for most of IT staff to deal with so they decide to rely on third-party colorful tools, but I will show you later how to use EFS as the integral part of ACL and take your access supervision to next level!

We will deep dive into one of the most effective monitoring extensions of Windows, Sysmon, and see how a couple of extra megabytes can change the scope of Windows Event audit trial, needless to say Windows event log is a quiet piece of intelligence where all those shinny system and network monitoring tools are relying on, and if we add a little bit of AI to it how a free SIEM could evolve from it!

Master PowerShell Tricks
41 chapters of intense PowerShell learning…

The point is, Windows has enough native tools to touch almost anything you want in terms of security, and for some hidden tiny tweaks we could always get into Registry, at least we won’t be worried about extra security vulnerabilities result of introducing new tools to environment, so why not get more familiar with the operating system and get maximum benefit from its native security features and capabilities? Then some day if you had a very specific requirement which Windows was not capable of providing it, you could consider using third-party tools or even switching to a whole new operating system!

Five signs IT is overwhelmed with operations

There are signs before your IT department faces a disaster or worse, jeopardize your business by affecting tech operations in different departments. Those are signs of an overwhelmed IT so let’s take a look at common signs and symptoms:

Information Technology for Management: On-Demand Strategies for Performance, Growth and Sustainability
those who are working, or planning to work, in the field of IT management must always be learning…

1) Lack of resources
Whenever your IT staff are always talking about lack of resources be aware that lack of resourcefulness is the main case. IT supposed to create and generate virtual resources, right? We do not use shovel with help of our muscles to search within a haystack of zeros and ones, IT does not touch 0s and 1s anymore. IT creates or simple buys solutions so what is this lack of resources concept? IT does talk about lack of resources because they are overwhelmed with time and resource management, that’s a sign of being unfamiliar with tools and technique so they got frustrated and that’s not good for your business operations.

2) Tool oriented
Tools are good but tools obsession and jumping from one tool to another is a sign of overwhelmed IT. Of course IT uses tools with almost every piece of tech operation and regardless of how they are ignoring native accessible tools and always asking for more and more commercial tools, the fact that they jump from one solution to another without fully understand it, or even shopping with no clue at the first place, is totally a sign of unorganized IT which finally ends up with overwhelming and frustration.

3) Deadlines
No deadline is met, no surprise? You are not alone but imaging the most logical, supposedly organized people in a company become the most unreliable people in terms of meeting deadlines and project management. Regardless of the reason which is IT typical helplessness to time management, not being able to meet multiple, sometime any of deadlines is a sign of overwhelming by subjects which are either unknown to IT, or just out of the scope of their expertise. So what is happening is that they push and push and push to the moment that you are overwhelmed and give up.

4) Fading real IT mission
This has been a global issue within almost all non-tech companies’ IT department. IT main mission is supposed to be supportive to business and for that reason IT needs to understand business needs and flow, but they ignore this and main mission simply fades away from list to-dos.
You could eliminate all these overwhelming factors from IT operations with very simple techniques which I am going to explain later in a different article.

IT System Administration Good Exercises: Event Lookup!

Computer administration is all about how the system and network is running at the moment. What else could be more important than how zeros and ones are really interacting in background?

System and Network administration starts and ends with lowest level of these environment. Those place that we barely look are the source of system and network information. Those pieces that are crucial to administration and proactively find flaws. actually many future and potential security vulnerabilities also start showing some signs at lowest level of system and networks.

In Windows, the main (but not the only) source of system events are stored under System Windows Logs. We could use many interfaces and tools to query this database but the easiest way is to use Windows Event Viewer user interface (eventvwr.msc or eventvwr.exe under \windows\system32).

One of the good exercises it to check this log regularly. It may sounds funny but this regularly could mean annually, still better than zero, which is most system administrators choose. If you are not checking Windows System logs then you simply do not know what is going on on systems you are administrating. Even though this is the starting point, it is very crucial to look up for system anomaly events and start investigating them.

This is not the time and place to go through type of events and build the skill of event analyzing or train you to get your eyes educated, but it is the time and place to emphasis the importance of System logs database where you can start finding issues and tune up your system and network before an issue turn into something bigger or before a user call you that his machine is so slow and you do not have any clue why sometimes your nodes start acting.

I recommend at least every other week review through System log and find red flags for further investigation and analysis. Over time you could develop simple scripts and alerts to trigger certain repeated issues but you have to always go though every once in a while to have sight over your systems.

If your system administration tells you s/he doesn’t have time to do this, it is like saying I do not have time to make sure my bike is working fine in weekend, so I walk to office everyday and I am always late for that reason! Excuses like time and resources in this regard is like I am willing to work with an old fashioned lawn mower just because I do not have time to go to garage and plug the new faster one to outlet!

System logs gives you a lot of information about the computers your are managing. This won’t be limited to the system that your investigating, you will find things that are global within environment: specific to a software, a segment of network, an application malfunctioning or just performance issues. The latter has been generally ignored among IT staff because they find replacing equipment fast and easier than troubleshooting but it is funny when we replace something and issue remains unsolved.

How many times have you found a system having performance issues related to a hardware malfunction? a lot, right, but I assure you will find more performance issue is related to the fact that system is not tuned up and many things are running with problem is background.

But performance is not why I am insisting to lookup System logs. You will find Security issues that have not any reflection on the actual Security log. You will find useful correlation with other logs of the system, network issues, application, Active Directory, and many things that System is not directly a place to follow them but they have artifacts and footprint there.

Develop a simple process to review these logs and you will find yourself proactively mitigating issues before they turn to global system and network problems.

Three Reasons To Trust SECURE TARGET

Articles will be revealing in many aspect of information security and information technology in general, but why would you trust SECURE TARGET?

Articles will be revealing in many aspect of information security and information technology in general, but why would you trust SECURE TARGET?
Being blunt by default and straightforward about root causes of tech insecurities is not common at all. You will soon experience (if have not already) how the Computer Security business is not different from any other market. This is a business, why would you think market leaders do not want more profit and how they are able to make more profit without compromising some aspects of Real Security and pushing something to the market, not as a real ‘Need’ but more as a fake ‘Want’?
This has been one of the challenges of security products’ market in terms of customer acquisition, and the conflict between stakeholders and market drivers will always have its dark shadow over Security Initiatives, making consumer doubtful and uncertain about right solution.
Here you will be told about how to simply and effectively forever take care of the security of your computers and other information technology elements. You will realize which part of the market is real and which part is fake (and only for sake of making more money), but you should not be shocked as this is the reality of almost all businesses. Also it does not mean market is pushing something useless or necessarily insecure, it just might not necessary be what you need at the moment, it may be a waste of money, or may not be what your security program really demands, and yes sometimes it may totally put your security program in an insecure posture! Hence, jeopardizing Security with security!
In the other words, considering rule of “Complexity Equal Insecurity”, you generally pay more for something which not only is not more secure, but also downgrades your current quality of your security posture!
With many years of experience, transparency has been my first byproduct of IT business: I did not sell a single PC while it was possible to tune up the old one better than the current one, and I revealed all security details of a given IT element during my dedicated-focused-professional training without fear of having an student better than teacher! In the meantime, Questioning every aspect of computer technology without affiliation to any product or even any specific Trend put me in a neutral position where the metric would be measuring effectiveness, not what is possible at the moment according to market. So here’s why you can trust my judgment:

1) Member of both communities
I am an advocate to both communities of security and hackers. In order to stop Cybercrime we have to be virtually undercover and there is no way we can feel the heat of this battle unless being a front liner in security side.
Active learning from both communities is the key to help maintaining a healthy and secure cyberspace, something that is prone to turn to a myth! Defending a society is not possible unless knowing your enemy, and I am not talking about ridiculous hands-on training courses on ethical hacking. This is about social engineering of hackers community, that’s what they do with us every single minute of interaction. In opposite side, secure community, the most secluded introvert group of people who think that they can conquer a land before knowing the location of in on the map!

2) Research
knowing what is happening with the fastest-pace-industry-of -all -times (IT) is crucial but it is not enough for handling the unleashed horse of Cyber insecurities. Continuous Research is the key to maintain a level of balance between different individual cyber world entities: what is entering (or better say Penetrating) into world of cyber will bring its own insecurities to the equation which may totally change the current state of insecurities or magnitude of catastrophic outcome of other entities which were totally secure before introducing the new entity! It means we need to constantly research the current equation of cyber elements and assess different factors to manage ongoing changes in a secure manner. This requires research on all aspect of cyberspace not just those topics compiled with the word ‘security’.

3) Result oriented
Judge based on result and outcome not personal preferences, that’s the basic tool and logic of evaluation. Whether you prefer hot or cold coffee, does not change the state of hot and cold coffee! Simply every single security solution is good as long as the result is convincing and satisfying, and every single security solution is a waste of time and money as long as the outcome is not favorable. You could use this analogy with what SECURE TARGET offers as well: if the result is not superior and significantly positive then there is no reason to back up a solution.