Electronic Frontier Foundation’s Let’s Encrypt

In the early days of my business, one of the first services that we offered was web development and design, to be quite honest because it was fairly easy to sell at a large profit margin. However, with me being me and having an intense background in system and server administration, we not only designed and developed the websites, we would also provide the hosting and maintenance for those sites.

All well and good except that some of those websites had either e-commerce built into the site or collected sensitive information from their customers or patrons. So it was a must to use SSL certificates to secure the data while in transport from the user’s browser to our servers (I’ll get into securing and encrypting that data at rest some other day). Back when we were doing it, you had to go find a trusted certificate authority that you actually trusted such as Verisign or Norton that usually came out to a few hundred dollars every year, generate your public and private certificates on your server then getting them to work with whichever web server you had. It was a mess. By far the thing that I hated doing the most for web hosting.

That’s why I was so stoked when I found out about a year and a half ago that The Electronic Frontier Foundation (EFF), in an effort to make SSL connections the new default, not only was becoming a certificate authority, they developed a tool called Lets Encrypt that makes it ridiculously simple to enable SSL on your website. All you have to do is go to https://letsencrypt.org, choose your operating system and web server and it will download the appropriate script. Oh yeah, it’s completely free!

Since Let’s Encrypt has came out, I have used it for every web server that I’ve set up whether it needs it or not. It literally on takes about five minutes to setup so why not?

Continue Reading

3CX Phone System

Back in the day, when I first started with VOIP, I really wanted to go with some form of asterisk like Trixbox or Elastix but after months and months of trying, I just couldn’t get it stable enough for companies to be able to rely on.

Then a buddy of mine suggested that I look at a system called 3CX. At that time they were just on version 10 and it only ran on Windows but I tried it out anyway and it seemed pretty stable so we went ahead and bought a license for it (I believe it was $1,200 at that time).

Fast forward to today, about a month ago I had to rebuild a phone server for a non-profit in Bakersfield. Beforehand, I did a bit of research and found that 3CX was not only now on version 15, but they now supported Linux as a platform! Moreover, since this non-profit only had a handful of employees, I could get them on the free tier! Some of the more advanced features aren’t included in the free tier such as the fax server and it limits the number of simultaneous calls to eight but for this particular project, it was perfect!

Within an afternoon, I had wiped one of their old servers, installed Debian 9.0 on it, installed 3cx on it and was provisioning phones. I built it on a Friday but waited until the weekend to change over their SIP trunk provider (Nexvortex) just in case something went wrong.

That following Monday morning, I made sure to wake up extra early and clung to my phone all day knowing that there had to be something that was overlooked or left un-configured. 8:00? Nothing. 12:00? Nothing. 3:00? Nothing. I finally sent the director a text and asked how the phones were today? She just said, “Good, no problems.” Trust me, that’s a miracle!

It’s been up and running solid for a good month and a half except for one issue: if you’re running 3CX on a server with two NICs, be sure to only have one interface hooked to the network.

For the past few years, I had been using RingCentral for most of clients just because it was pretty much friction free but I’m thinking that for now on, I’ll use 3CX on top of Debian.

Continue Reading

PFSense: My Go To Firewall for SMB

Given that I’m an open source junky, it should be no surprise that PFSense is without a doubt, my favorite firewall for both home and small business use.

During the last three years of my business, instead of buying a Cisco SMB or a Sonicwall firewall, what I’ve done is buy a refurbished Dell Poweredge server with typically around 16 gb of memory and usually a RAID array that has the usable capacity of 500 gb for around $200-$300 and popping PFSense on it.

Aside from it being completely open source, some of the things that I love about it are:

  • It being rock solid given its FreeBSD foundation
  • It’s bandwidth monitoring and rule-based policies
  • VPN built in with both OpenVPN and IPSec
  • Web caching built in with Squid
  • Web content filtering to block people from visiting unwanted or inappropriate websites
  • It’s on-demand virus scanning, blocking viruses and malware before it reaches the client’s computer
  • Limit traffic by country
  • A programmable intrusion detection system
  • VLANs completely built in

I could go on and on and on. There are literally hundreds of available plugins that extend the core of PFSense’s functionality. Knock on wood but I’ve had some PFSense servers running for years without issue. I know that a Poweredge server is a bit overkill for a firewall for a small business, but at that price, why the hell not?

Continue Reading

iPads and Chromebooks: A Glimpse into the future of Small Business IT

I remember the day that Steve Jobs unveiled the iPad. I remember watching the keynote saying that this is going to change things, just like the iPhone changed the mobile phone industry.

I bought one right out the gate. In fact, I think that year I bought my dad one as well as both of my siblings. However, I found myself “looking for a reason to use it” and eventually just put it into a drawer and forgotten about it. Throughout the years, I kept trying to fall in love with it, but every time I’d buy a new one, I’d end up not using it again and giving it away. I kept saying, I don’t use it because whether at home or at work I’d be less than ten feet away from a desktop so the need wasn’t there.

Seven years later, late last year, I decided to try again and purchased a 9.7” iPad Pro. I was doubtful that I’d actually use it other than when I was sitting on the couch watching TV. I was pleasantly surprised. The reverse had happened. Instead of not using the iPad in favor of my computers, I was using the iPad instead of my computers. In fact, at home for all of this year, that 9.7” iPad Pro, now a 10.5” iPad
Pro is the device that I’m on from the time that I wake up until the time that I go to bed. I even hardly touch my iPhone while I’m at home since everything also goes to my iPad.

I think there are several reasons for this but if I had to narrow it down to two: it’s the maturity of professional, desktop class apps and the fact that the cloud has become more prevalent in our lives, allowing us to access our data from whichever device we have in front of us.

Here’s the thing though, if you put my use case aside. I see the trend of iPad-like devices on the rise in the consumer technology market. In addition to Apple with their iPads, Google has their Chromebooks and now earlier this year, Microsoft came out with their Windows 10 S laptops. Despite these three giants having their own approaches to their own versions of next generation devices, I see a lot more in common with the three than you might think.

All three of these platforms restrict what you can install on them. In the case of iOS, you can only install apps from the App Store, in the case of Windows 10 S, the Windows Store and the Chromebooks you can’t install anything, you just have the Chrome browser. These restrictions make it almost impossible to install anything malicious on the devices. On top of that, they all update automatically and aside from Windows 10 S, Chromebooks and iOS backup automatically to the cloud. Can you see the trend, yet? The three biggest tech giants in the industry are creating manage-less devices. What happens when you physically break or lose one of these devices? You go and buy a new device, enter your login credentials, everything restores from the backup and you’re back to square one.

The reason that I’m so fascinated with these new era of devices is because I can see them impacting small businesses in a large way. Think about this, say a small business with 5-10 employees, instead of buying their employees traditional desktop computers, they bought them one of these devices instead with an LTE connection? And if you add to that a cloud based phone system such as Grasshopper or RingCentral, you would eliminate the need for an office network all together. No more ISPs, routers, firewalls, servers, switches, etc. Plus, since these devices are secure by default, you have a lot less reliance on IT people.

I’m the first one to admit that all the pieces aren’t quite in place yet. For instance, there will still be a need for printers and copiers to have some type of network connection. And the wireless providers need to be a lot less restrictive on data caps and data throttling. I do see the pieces falling into place sooner rather than later. If you look at the typical small business productivity software such as Office, Quickbooks, communication and file sharing and collaboration, all the biggest software providers have cloud and/or app equivalents of their products.

Something to think about.

Continue Reading

Disk Imaging

I’m beginning to feel old here but I remember my first IT job at my high school. At that time, Windows XP had just came out and all the computers on campus were running Windows ME. My first year working there, we spent the whole winter break manually formatting the existing computer lab computers, installing Windows XP, installing all of the Windows Updates, installing Microsoft Office, Adobe Reader, Flash, installing all of the network printers, etc. Over and over and over, again all by hand (I still have that damned Windows XP product key memorized).

This was before I discovered imaging. Fast forward 15 years, I very rarely ever rebuild a system from scratch because I developed a new habit. Whether it be for my personal computers or computers for clients, I get the system setup perfectly the first time, create an image for that system and store it. This way, if that computer ever crashes or it becomes time for a client to buy new systems, I just pop start the image restore, come back half an hour to an hour later and vola! A perfect, clean system already configured.

When I started working at California State University, Bakersfield I started in the “installs” department. Our job was whenever departments would order new computers, we were tasked with getting them configured with the necessary software both for the departments standards as well as the campus standards. At that time, we used Symantec’s Ghost to create an image for each particular model of a system that the campus would buy so when we would get that model again, we would already have an image for it. However, by the time my tenure of working there completed, we had signed a contract with Dell where every six months or so, we would send a master image off to them and Dell would do the imaging for us prior to shipping. Because the campus was constantly buying new computers, we could do that.

For small businesses, however, they only upgrade their hardware once every few years, if that. So I highly recommend that when you do purchase new computers for your small business, create an image and try your best to have everybody on the same model and vendor of computer (even though there are utilities to create universal images to be able to create and restore images to and from different hardware).

My go to imaging software for both personal practice and for my IT clients has always been Acronis True Image because of its simplicity and price, it starts at just $50.

So, start using imaging! Your future self will thank you!

Continue Reading