Keith Smith - My Blog

Keith Smith - My Blog


Though for my day: Things we can do to protect staff working remotely

Wednesday, April 22, 2020 - Posted by Keith A. Smith, in Journal of thoughts, Security

Things we can do as IT pro's to protect staff working remotely
  • Identifying Weaknesses in Remote Connectivity
    • Security Review: Ensuring workers using personal devices to connect to organization resources are properly protected to ensure the organizations network is not exposed to outside threats.
    • Home Network Review: Reviewing remote worker home internet speed or hardware to get the best experience possible, especially over wireless. 

  • Reviewing Workstation & Server Security
    • On Premise Security Review:  If your staff is working remotely, is your office protected from outside threats?  It's important to have multi-factor authentication into all systems when working remotely.
    • Regular Network Maintenance: Continued patching and maintenance of network hardware ensures your systems aren’t exposed to threats. 
    • Regular Device Maintenance: Workers on organization owned devices should have data encryption enabled, anti-virus installed and be fully patched with windows and third party updates.

  • Maximizing Work from Home Efficiency
    • External Hardware Review: Identifying opportunities for remote workers to use additional hardware like printers and multiple monitors.
    • Communications Review: Ensuring phone, messaging and remote meeting access is available to allow for efficient communications.

  • Controlling Costs
    • Licensing Review: Checking for unused licensing and software usage on monthly subscription costs can yield instant results to the bottom line with the IT budget.

  • Reminding Employees of Security Awareness
    • Remote Patching Reminders: Reminding remote workers of the importance of following the normal method for ensuring updates are installed on their organization owned device and personal devices.
    • Email Security Review: Running phishing campaigns to expose training needs for staff in relation to handling malicious emails that harvest personal and organization data.

  • IT Business Process
    • Business Continuity Planning: Create or refresh plans to continue access to key IT business resources and consider how that impacts keeping your business running if key staff are out sick or otherwise unavailable.
    • Password Management Review: Determine the current processes in place for sharing and storing passwords to ensure that other individuals have credentials in the case someone is out sick or unavailable.
    • Communications Review: Identify additional methods and tools you can use beyond email to communicate with workers


-End

View Comments 0 Comments
Share Post   


An old grind with a new journey on the horizon

Wednesday, March 4, 2020 - Posted by Keith A. Smith, in Journal of thoughts

Two years ago, an opportunity came about to return to K12, where I started my career many years ago. I took that opportunity because it would give me a unique chance to see how much things had changed since I left, and I could undoubtedly make contributions that couldn't have earlier in my career. At the time of my departure from K12 circa the early 2000s technology didn't have much of a place in the learning and teaching areas of the classroom. Projectors and Smart interactive devices were being introduced to replace chalkboards; no mobile devices existed for teachers or students. There wasn't any cloud-based anything or many applications either. Any computing was done in a lab under the supervision of an instructor. Most computers were Windows PCs or Macs loaded with applications that were best suited for curriculum and instruction.

Interactive displays such as promethean's and clevertouch panels are now replacing most Projectors and Smartboard type interactive devices. Interactive displays, referred to as "interactive whiteboards" or "smartboards," became an educational trend in the early 21st century as school districts began clamoring to get them. As time went on and more money was spent on whiteboard technology. Sadly, many of those traditional mounted interactive whiteboards became nothing more than very expensive dry erase boards.

At present most districts are either in a 100% Microsoft O365 camp or 100% google for education camp with some that lye in a hybrid of both. Most on-prem server infrastructures are on the decline, just like in other sectors where organizations have adopted various types of cloud services. Wireless infrastructure along with Mobile devices are rampant now and have supplanted most dedicated computer labs with the google Chromebooks being massively distributed due to them being a very cost-effective learning tool for students.

Some things had definitely changed in K12, but some things are still the same ole same and may continue to be that way as time goes on. A new and exciting career opportunity has presented itself to me, and I will be embarking on another adventure in a few weeks.  I plan to start blogging more once again now that I reclaimed sometime that was previously spent on my commuting, I also plan to start contributing to a few of my favorite open source projects in the near future.

Stay tuned!


-End

View Comments 0 Comments
Share Post   


Let's Encrypt redirect with KEMP load balancer

Sunday, November 10, 2019 - Posted by Keith A. Smith, in Network, Automation, Microsoft

PKI Management is a huge PITA, in a near future I will post how I've automated PKI renewals and installation of certificates. In this post I wanted share a method managing certificate renewals in an environment that has multiple web servers and a KEMP load balancer in front with a central server for certificate management. The Load balancer rules will send traffic with the /.well-known/acme-challenge/ to the certificate management server and all other 80 traffic gets redirected to 443.


You will need to create a virtual service with two subVS's.




Open the virtual service then add the first SubVSs





The first subVS weight should be 1100 and Not Available Redirection Handling Error code set to 302 and the Redirect URL set to https://%h%s.




The second SubVS has a weight of 1000 and has the IIS server I use to create my Let's Encrypt certs set as the real server.





Create a content rule named Lets_Encrypt, Rule Type is Content Matching, Match Type is Regular Expression, Header Field is left blank, Matching String is /^\/.well-known/ and ignore case is checked.




Now enabled Content Switching at the VS. I then added all my Content rules for my domains to the first SubVS so they will be redirected to HTTPS then I added the Lets_Encrypt Content Rule to the second SubVS.




To download the exported file, visit my github repo https://github.com/KeithIT-Dev/Kemp






-End

View Comments 0 Comments
Share Post   


Auto share requests to users in the field 'email ids to notify'

Monday, October 28, 2019 - Posted by Keith A. Smith, in Automation

I have implemented the ManageEngine ServiceDesk numerous times over the past few years. In the most recent instance, I created a tiered structure and escalation process for the technicians. The technicians at tier1 would need to escalate any request that is beyond their scope of the resolution.

The Challenge
The challenge was that when their requests were escalated to tier2, they would lose visibility to the request unless the request was shared with them. To share the request, they would input their e-mail into the "e-mail Id(s) to notify" field on the request, then click on share request and add themselves to the request before the request is escalated. These steps were time-consuming, and it took many clicks to accomplish this task.

The Solution

To make this process more efficient, I have published the python code that will set up an auto-share to users in the "e-mail Id(s) to notify" field on the request.

The Steps

To get this to work you need to
  1. Install the newest version of python on the server that has the ManageEngine ServiceDesk installed, be sure to click the custom installation option during the setup. You will need to install all the optional features along with all the advanced options during the setup.
  2. Reboot the server
  3. Clone or Download the master branch from the GitHub repo https://github.com/KeithIT-Dev/ManageEngineServiceDesk.git or run a git clone https://github.com/KeithIT-Dev/ManageEngineServiceDesk.git
  4. Place all the files and folders from the python libs in the Python\Lib\site-packages folder on your server
  5. Place KeithAutoShareRequest.py in the \ManageEngine\ServiceDesk\integration\custom_scripts folder on your server
  6. Generate an api key that doesn't expire and copy it to notepad, you can generate this api key from within the ManageEngine ServiceDesk.
  7. You need to edit the KeithAutoShareRequest.py, inside this script you need to add the api key you generated on line 17 and update line 13 with URL of your ServiceDesk instance.
  8. Create a folder named request in \ManageEngine\ServiceDesk\integration\custom_scripts folder on your server
  9. Now login to your ManageEngine ServiceDesk and go to the admin tab then click on the custom trigger under the helpdesk customizer
  10. Click the add new action button
  11. Match the settings as the same as the screen shot below







-End

View Comments 0 Comments
Share Post   


VMware Ports and Protocols

Wednesday, October 2, 2019 - Posted by Keith A. Smith, in VMware

While doing some research for vCenter ports I found this gem https://ports.vmware.com/home/vSphere a database of ports and protocols for VMware products. This site is definitely worth a bookmark in your browser of choice.


-End

View Comments 0 Comments
Share Post   


Page  <1234...18>