Email Security

Recently, I have been asked a lot of questions about email and email security. The simple answer to the question, “Should you be sending sensitive documents to other people via email” is no, email is not secure. It’s true that email is not secure; however, there are steps one can take to make it more secure. Before we go any further, I want to say that I believe that in most cases using a secure document sharing platform is a much better solution for securing attachments and data that may need to be shared with clients. If you must send data via email then read the rest of the article to find out what needs to happen before your email can be secured.

Securing an email requires that it be encrypted before it is sent then decrypted on the machine it will be opened on. To do this, you need a certificate with which to sign and encrypt email messages. Companies like Thawte and Comodo have SSL certificate products both free and for a small fee that will allow users to encrypt email from their email client, Outlook for example. Purchasing a certificate is different for each vendor, but in general you create an account when you purchase the certificate, log in, and download the certificate file. Once you have the certificate file, find it on your computer and double click it. A certificate import wizard will launch. Follow the instructions. Depending on the certificate, there may be specific steps you need to follow that will be provided to you by the vendor you purchased your certificate from. When finished importing the certificate into Windows, you will be able to import the certificate into Outlook. Open Outlook and click File, then Options, and Trust Center. Click the Trust Center Settings button then click E-mail Security. Select Add Digital Signature to Outgoing Messages. This will add the public portion of your signature to every email you send out so the recipient can add it to their contact info. The recipient need this signature to decrypt encrypted messages you send to them in the future. Next select Send clear text signed messages when sending signed messages This allows the recipients to read signed messages so they can import your certificate. DO NOT select Encrypt contents and attachments for outgoing messages. This will encrypt everything you send out which may cause issues for your recipients for whom you may not have a certificate for. Next click Settings and click choose next to Signing Certificate. Select your certificate from the list and click OK. Select the hash algorithm which will be SHA1. Now click Choose next to Encryption Certificate and select your certificate from the list and click OK. Choose the Encryption Algorithm, 3DES or AES 256-BIT. You should now be able to send signed email messages and receive encrypted messages from people with your public certificate. For you to send an encrypted message, your recipient will have to set up a certificate for themself and send you a message signed with their public certificate. You can save their contact info by right clicking their email address. This will save their certificate as well so that you can send them encrypted messages in the future.

As you can see, securing email is no trivial task to set up and it requires setup by both parties in order to encrypt messages both ways. Once it is set up however, all you need to do is tell Outlook to encrypt the message you are sending and Outlook takes care of the rest. I would also recommend that any attachments with sensitive information be password protected and encrypted before they are attached to an email and sent to add another layer of protection if possible. I still stand by the recommendation that a secure document sharing site is a better solution to sharing sensitive data with parties outside your business and recommend that no email be sent containing any personal or sensitive information written its text.

Microsoft Azure IaaS

IaaS stands for Infrastructure as a Service, which is a fancy way of saying your servers are being stored and run by some host off-site. Microsoft has been running full steam ahead into the cloud and shows no signs of stopping. Azure is a platform Microsoft is building a set of hosted services on similar to the Amazon Web Services that run in Microsoft datacenters, which are some of the top datacenters in the world. Azure includes web site hosting, Virtual Machine hosting, SQL Server database hosting, Virtual Networks and VPN, and the new Windows Azure Active Directory. All of these services are accessible 24/7 from the internet and backed up and maintained by engineers at Microsoft’s data centers.

Azure services integrate with on-site Active Directory databases in order to allow administrators to manage services and access in one place. The new Azure Active Directory is not a replacement for having a server for log in in your office. It is designed so that applications and services built within the Azure infrastructure as well as other 3rd party cloud services can authenticate users with a single-sign-on that is integrated with users Windows logon. Azure can be used to build or install enterprise applications to the cloud so users can access business data and services from anywhere, while reducing the overall cost in support and maintenance over having it all onsite. Azure can be used to backup virtual machines and run them in the event of a disaster. Azure can be used to store backup files off-site and restore from those backups. Virtual machines can be spun up in a matter of minutes and backups restored to these virtual machines in the event of a disaster. Azure allows companies to create secure virtual networks for applications and connect them to their onsite networks via VPN. SQL databases can be created directly on the Azure platform and accessed via an application built on Azure services.

All of these services are considered infrastructure because solutions can be built on them. This technology is great and opens up doors to some fantastic cost savings and innovation; however, if you are thinking of moving your entire network out to Microsoft’s cloud we just aren’t there yet. Today, most of what Azure does is geared towards developers; however, as more of the pieces fall into place products built using Azure services will be available to just drop in to fill the needs of businesses with minimal IT required. The IaaS over the Internet, Azure in particular, is not quite ready for businesses to move in fulltime yet, but based on what I have been reading and what vendors like Microsoft, Apple, and Cisco are saying the move is right around the corner…so get ready.

Windows Server Essentials 2012

Small Business Server, one of the “best deals going” for small businesses needing enterprise server services on a small business budget was discontinued after the 2011 version was released, but only in name. Windows Server Essentials 2012 has however taken up the banner for small businesses and looks to be a great replacement. Essentials 2012 is missing a few options that used to be major parts of the SBS package. First, is that there is no built in Exchange Server. From my point of view, this is a good thing. Taking care of Exchange can be a daunting task, and when Exchange isn’t working neither is the small business it serves. In Essentials, Microsoft has opted for the ability to integrate Active Directory (the database used to manage users on the network) with Office 365, allowing companies to manage users of both Exchange for Office 365 and network users from within Active Directory. Another option that is no longer available is the Advanced server option, which has included a license for SQL server or SQL Express. Since SQL Express is free and adding an extra server for Applications that use SQL is no more of a chore than adding a client computer, the only real loss here is the small discount Microsoft gave on the Windows Server Standard License.

This past month I migrated an office to Windows Server Essentials 2012. When the server booted, I was presented with a Windows 8 like Start screen. My first response was to just shake my head and wonder why. After some time getting used to the interface, I found that all the tools that I needed to continue with the setup and migration and thought no more about the new Metro interface being added. Getting around was no more difficult than it was in SBS 2003, once I got used to it.

Once I began setting things up, I discovered that the Wizards and Dashboards are the best yet for getting a quick clean installation up and running. The Server dashboard walks you through all of the initial configuration in a very clear and simple yet informative way. Many of the services were tested and verified to be working by wizard as part of the setup for the service being configured in that step of the process. The Dashboard also gives you access to tools to manage user, computers, automatic client computer backups, storage, and file shares. For more advanced configuration and monitoring, the Windows Server 2012 Server Manager is included giving administrators quick access to a dashboard that shows information about the health of services running on the server. From here, familiar tools to manage Active Directory and other services are just a click away. Again, it took some getting used to navigating each of these layers, but Essentials isn’t designed for IT admins like me — it is designed for small businesses with little or no IT support to be able to get a server up and running easily. With that in mind, Essentials delivers on that goal. It just works, and just about anyone could set one up.

Essentials delivers on everything a small business needs to get started with a first server or as a replacement for old Small Business Servers needing to be replaced. It sets up quickly and provides a minimal touch experience for getting a network set up with all the tools it needs to support users working both in the office and out. I give it 2 thumbs up even with the Metro interface, because like I said before it’s still just Windows – just like Windows 8.

Windows 8 – Don’t Worry, It’s Still Just Windows

Not too long ago some news outlets covered the impending release of an update to Windows 8 that is being called Windows 8.1. After this news broke, I was hit with an onslaught of questions. People telling me that they had heard that no one likes Windows 8, that Windows 8 doesn’t work, and asking will this update fix it all. For the life of me I still cannot figure out what needs fixing. I have tested Windows 8 and even run software on it that does not support Windows 8 — all without any trouble. The best theory that I can come up with is that, as a group, PC users abhor change and the new home screen that Windows 8 presents on start-up and Metro UI is too much for us to deal with all at once.

The new Windows 8 Metro style interface is a smooth, visually appealing, and easy to navigate space for storing tiles that provides quick access to our favorite apps and folders. Live tiles even provide dashboard-like features, allowing us to get a quick, up-to-the-minute overview on what is happening in apps like email, news, and social media without having to open the application. The native Metro style apps are just like the old apps we know and love — they just fill the screen completely, providing a more immersive experience for the app. New Metro UI apps are appearing on the Windows Store all the time, but Metro UI apps aren’t the only kind of apps Windows 8 will run. Windows 8 is more than happy to run all the classic Windows style Apps you ran on Windows 7. You can even place tiles on the home screen to these apps so you can access them easily.

Another question that still comes up is what happened to the desktop, and can I get it back. The desktop is still there. It didn’t go anywhere. It is just hiding behind the Metro UI, and to get there all you have to do is click or touch the desktop icon on the home screen and there it is, just like you would expect. You can even fill it up with icons just like you did before. You could say the classic desktop provides the bridge between the new user experience and the old, providing a framework for running the classic Windows style apps. Some of the tools you are used to, like the Control Panel, are even still found on the classic side of the bridge.

I won’t lie to you. Windows 8 takes some getting used to, especially if you have been managing and maintaining Windows systems for as long as I have. There is a learning curve to finding where some of the tools you used to set things up have moved. For most users though there are but a few new things to learn, like switching apps in the Metro UI, which requires using a fly-out that hides itself on the left side of the screen. On touch devices like tablets, the basic gestures like swiping, pinching, pulling, and so on are fairly natural, and if you have had any interaction with apple or android phones or tablets this will be a breeze.

If you are still running Windows XP your days are numbered. As of April, 2014, Microsoft will no longer support the operating system. That means no more patches or security updates. This will also mean other software like QuickBooks or Adobe will stop supporting their software on that operating system. If you have an application that will not run on anything other than Windows XP, you need to either find a new solution or really push the developer to update their software and start supporting current operating systems. If neither is an option, or there is some reason to extend the migration period for a piece of software, Windows 8 includes what Microsoft calls the client hypervisor. If you have been reading the newsletter you know what a hypervisor is. It is a piece of software that allows you to run a virtual computer inside a window on a “real” computer. A Windows XP virtual computer can be created and run on your Windows 8 machine to allow you to run your old application until you can complete your migration. Just remember that a virtual machine running an unpatched version of Windows is just as big a security risk as running a physical one, so I would not look at this as a permanent solution to running your legacy Windows XP software but a life raft to help you make it to the shore.

You have nothing to fear from Windows 8, it’s just Windows, part of the ever forward moving march of technology. Windows 8 is beautiful but more than that it is functional. Windows 8 is going to be the most secure version of Windows for your business, not because it is better but because it is the version being actively maintained by Microsoft. It is going to get the most attention and quickest response to threats from Microsoft’s development team. I don’t have all the details on Windows 8.1, but it is not bringing back the desktop because it never went anywhere. 8.1 is the first update to Windows 8 in a much faster development cycle. More updates will follow every few months as Microsoft continues to improve and add to the platform as part of their commitment to try and bring its customers the best operating system it can. If you are still staring down the barrel of a migration from Windows XP call me and let’s talk. You need a plan, and starting by evaluating Windows 8 with a partner is a good first step.