A recent vulnerability has been found in the way that WPA2 encryption works that makes it possible to gain access to wireless networks that use WPA2, it has been named Krack (short for Key Reinstallation Attack).
Firstly some things to remember, the person gaining access to the system has to be physically near to your WiFi network so if your WiFi does not extend outside the building then the attacker has to be within your four walls.
Secondly, you can upgrade the firmware on the majority of major systems already, visit the vendor's website and download and install the firmware that has been patched.
For your information, the websites for popular devices are shown below:
Espressif Systems: LinkFortinet: Fortinet's support forumHostAP:LinkIntel: linkLinux: linkNetgear:linkMicrosoft:linkMicrochip:linkMikroTik:linkOpenBSD:Errata60 , Errata61Ubiquiti Networks:Link,
The best way to stay protected is a regular update of all systems and software.
In a purely generic way, using https or adding an SSL certificate does not stop your website being hacked
We have helped a few of our non-hosting clients with their websites recently after they had been reported as being hacked by Google. In two cases in the past fortnight for clients who were hosted by different providers, they have been told by their hosting provider that to stop them being hacked and to remove the message from the Google search results, they should purchase and install a SSL certificate and then their site won't be compromised (hacked) again.
Let me reiterate, for these sites, who are using the ever popular WordPress CMS, having an SSL Certificate will not stop a BOT from using a hole in one of your plugins, or an exploit in the base CMS Code to inject additional unwanted code into your site. In the same way that it won't stop an unauthorized person from logging into the admin area if they can guess your username and password combination.
What an SSL Certificate will do is make a secure route for any information between a remote browser and your website, this will stop anyone from monitoring the stream of data as it passes over the internet and extracting from it things like usernames and passwords, credit card details and similar. This is why online shops are strongly advised to install an SSL Certificate so that the user can confirm that they are the business that they wish to purchase from, and also that any information sent cannot be read on the way to or from the website, especially the payment portal.
This is short and sharp as a blog post as I am frustrated in that someone offering a hosting service could misrepresent the value of an SSL Certificate, there are excellent reasons for having one, in 2014, Google notified webmaster via the Webmaster Central Blog that sites with SSL would gain better ranking than those without, this single statement probably increased sales of SSL certificates to non-commerce websites by a factor of 100 overnight as people clamour to get the highest ranking they can, if you are taking information from clients ( of providing it if you are a client) then to encrypt the connection being used is a better security policy than not.
If you want to protect your website and you are using one of the common CMS Systems ( WordPress, Joomla!, Drupal etc ) then the best way to protect yourself is to always use the latest versions of the core CMS system, always check and update any plugins that you use, be careful of using old plugins that are not updated and scan your site for problems on a regular basis, there are systems that will do this for you, or just get to know your website and do it yourself ..
In conclusion - get an SSL Certificate, it's good for your website and its ranking on search engines, but please don't be misled into thinking that it will protect you from the malicious code that looks for holes in websites, or guesses your username and password, it most certainly won't!
As usual. feel free to get back to us with any questions or queries, we are always happy to help - 01948 820787
We host a considerable amount of domains, websites and look after DNS for our client base and as such we have to make changes at times to create links to new sites and services.
One of the questions that I get asked is why are these changes not instant?
I thought it would be useful to explain the basics of how these changes happen and how the Domain Name System or DNS works. This is not a definitive guide to DNS as it is a very complex subject and there are a lot of excellent books and resources that will explain in great detail the bits and bytes of what is an amazing system of data transfer and update of records that probably shouldn't really work!
DNS - The Very Basics
For the non-technical, a few words on what DNS is there for:
If you consider that the internet works on numbers, all the computers, servers and machines connected to the internet have a unique number ( or IP Address ), let me be clear, when you are connected at your office or at your home, then you will have a local address, your router or modem which connects your internal network to the internet has one of these unique numbers as until recently they have been in short supply.
It is a fact that the vast majority of human beings are not good at remembering numbers. Imagine if you had to remember that the website for your favorite shop was at an address that looked like 220.127.116.11 (just made up!), then I suspect that you would fail to remember and you would need to write it down, this is why we have books of telephone numbers or we have to save them in our digital phone books, most people can't remember the numbers but they can remember the names.
If you take this idea of a phone book, the DNS System works in a similar way by taking a name e.g. www.abcompany.com and turning this into a number 18.104.22.168 which is then used to make the connection, so you can, therefore, think of DNS in simple terms as a "phonebook" of websites and their unique IP Addresses.
Having got the basic concept of what DNS is. the obvious thing would be to think that there is one big "phone book" of names and addresses that everyone can access, but as there are now expected to be over 1 billion websites online in mid 2016 (source: NetCraft Web Server Survey - [and its data compiled by Pingdom]. Netcraft Ltd. ) and as such a single database of entries is not sustainable and of course with all your eggs in one basket like this the system would not be robust enough.
The way that the DNS system covers this is to use a distributed system of thousands of servers running DNS software and each providing details for a smaller number of domains.
The next stage is to understand how a computer makes a query, again this is at a very high level and not meant to be anything else!
DNS - A simple query
If we quickly go through a query for www.abcompany.co.uk and see how this makes a connection
You type into your web browser www.abcompany.com
- The first thing that happens is that your computer looks at which DNS server is assigned, this is set to "obtain automatically" in the vast majority of cases so will use the server that your ISP provides, this is called the "recursive resolver" as it knows which other servers to contact in order to get the information required for this domain.
This first server sees that you are looking for a .com site and it therefore knows that the first place to go for information on a .com is one of the "root servers" that are located across the world and can be considered the ultimate place to start looking. Again in very simple terms, all that is initially asked is about ".com" , the query is then referred to a Top Level Domain server (know as a TLD Server) which then looks up the domain name itself , in our case this is abcompany.com this TLD Server then returns the IP Address (number) of the Nameserver that is assigned to that domain name, for the sake of argument, lets say this is IP Address 22.214.171.124 (again this is not real!) and in fact if possible it will return both the older IPv4 address shown and a newer IPv6 Address which is being used to allow room for all the new systems that are connecting to the internet every day ( but that's another post !)
So we have now been directed to the Nameserver for the domain, and it is here that the final IP address of the website you are looking for will be provided, the query is passed through and the ip corresponding to the request is identified, in this case we have not got a prefix, in a domain records you can have just abcompany.com or you can have www.abcompany.com or xyz.abcompany.com and these are called "A" Records and each can have a different address.
You now have the final piece of the puzzle and your browser can now go to the ip address and show you the information you have requested.
This all happens in a few milliseconds ( ideally ) or can be a second or two which is why you can sometimes get a delay before a site is shown.
DNS - Making Changes
So you now know that there can be lots of systems around the world that need to be updated with any changes to your DNS settings, for example, you add a new "A" Record or make a change to a corresponding IP Address, all the relevant systems have to be updated with this new information, this is called "propagation" and this is the bit that takes time, but not generally in the way that you would think.
Each DNS record is actually a Text File containing the information on the domain that you need, and example of a DNS File is shown below:
; Database file abcompany.dns for abcompany.com zone.
; Zone version: 2017071801;
@ IN SOA nameserver1.i7net.co.uk. root.i7net.co.uk. (
2017071801 ; serial number
900 ; refresh
600 ; retry
86400 ; expire 3600 ) ; default TTL
; Zone NS records
@ NS nameserver3.i7net.co.uk.
nameserver3.i7net.co.uk. A 126.96.36.199
@ NS nameserver2.i7net.co.uk.
nameserver2.i7net.co.uk. A 188.8.131.52
@ NS nameserver1.i7net.co.uk.
nameserver1.i7net.co.uk. A 184.108.40.206
; Zone records
@ A 220.127.116.11
ftp A 18.104.22.168
www A 22.214.171.124
We can see that at the top of the file, there is a serial number and this is the basis on which a DNS record is updated.
When any change is made to the Zone Records then this number is incremented so in this case the next change will make the serial 2017071802 then 03 at the end and so on.
The Primary DNS server for the domain which is the one that you make changes on, will then notify any secondary servers that a change has been made to the record and they in turn will access this primary domain server and update their records accordingly. This usually happens within a few minutes, so why does it take so long to see the change everywhere?
Propagation and Caching - the long wait
The function of delivering a DNS Entry from a file is quite laborious so to speed up the process, the vast majority of ISP's use a system of caching where they only read from the file every few hours or in some cases days and it is this one thing that delays the appearance of your change.
If you change your nameservers, for example, you move to a new providers, then the TLD servers need to be updated with this information and as these are all over the world and there are further lower levels of domain servers which also help out the main TLD servers, this can take time for all of them to be updated.
The default expectation is that all Domain servers should be updated within 72 hours of a change, in reality, we find that the majority of changes to a .uk ( .co.uk / .org.uk etc ) take a couple of hours for the majority of updates, but this is not guaranteed and when you consider the caching at the ISP then the updates can appear much longer.
Can I speed things up?
We often make changes and need to see a fast update to DNS to check that everything is working, there are several ways of achieving this.
If you set your local DNS Server setting to use the name server allocated to your domain then you should see any changes immediately, however you must set a secondary to one of the global DNS servers, a common one would be at Google (IP 126.96.36.199 or 188.8.131.52) , or if you are a bit old school, then you can update your hosts file on your local machine with the entry you want to check, but please do not attempt this if you don't know the potential effect of any hosts file change !
I hope that this explanation assists with your understanding of why DNS can take time to change, but if you want any further information then feel free to get in touch.
I have been working on a few SharePoint sites in the past weeks and one of the questions that keep coming up is how you can find out which of your users has access to different areas and sites within your SharePoint environment.
Obviously when you move to SharePoint, there are issues of data security both with the protection of sensitive data and also ensuring that people have access to the information that they need.
If you are familiar with normal Windows access rights (shown below), you should understand the use of Users and Groups to control access to files and folders within any Active Directory implementation, and the same outline principles are there with Sharepoint. (more…)
We often get asked for the limits on Microsoft 365 Email so thought it would be relevant to put these into a technical blog for easy access:
Microsoft has put some limits on the accounts to prevent abuse of the service (e.g. sending unsolicited email from their servers), this is not unusual with any provider and for normal business use, these should not be prohibitive in any way. If you want to send out thousands of emails an hour, then Microsoft Office 365 is not the service for you.
The only restriction that we can see that may cause issues is the total size of an email as we have clients who regularly send larger files than the 25Mb limit, but we have alternative options for this requirement that are both inexpensive and reliable.
Basic Limits with a Microsoft 365 Account
Max Mailbox size for a single account is 50Gb
Size of a single e-mail message. The total size is 25Mb
Number of file attachments allowed in an e-mail message is 125
Number of text characters allowed in the subject line of an e-mail message is 255
Number of message body parts that are allowed in a MIME multipart message is 250
Number of forwarded e-mail messages that are allowed in an e-mail message is 30
Number of message recipients allowed in the To:, Cc:, and Bcc: fields is 500
Number of e-mail messages that can be sent from a single e-mail client per minute is 30
Number of recipients for e-mail messages sent from a single mailbox in a 24 hour period is 1500
Hardware is not a fan of hot weather, the temperatures that are acceptable on Desktops, Laptops and Servers can be above 38 Deg C, however, it is not a good place to be.
We had a call out for a Server that wouldn't power up this morning, it was very possibly heat related as the unit was in a cupboard and was full of dust from some recent electrical work in the same cupboard, lots of drilling and no dust collection!
It's always a good idea to keep servers in the coolest place in your office (assuming that you haven't got a dedicated room with security and air conditioning) so in order to be cool, try and keep them away from windows, out of direct sunlight and where there is a good air flow.
The cupboard under the stairs can be a very hot place when there is no air circulation and I have seen many systems that are putting out alarms because of internal heat because they are in cupboards, under stairs or have been used as a handy place to pile papers, magazines and general office rubbish!
We only think about being too hot ourselves when we get a mini heatwave, but get that office thermometer that's used to tell you when it is far too hot to work and sit in near your server for 24 hours and see how hot it is, if you are above 30 Deg C then have a look now at how you can help it to survive the hot spell!
We have found a problem with the Fujitsu D556 SFF PC where is the system is left for any length of time, it can freeze and the only way to restart is to power off the system and restart, obviously all data that has not been saved at this point is lost.
The problem is related to the BIOS and Graphics Driver and is only seen on some systems.
There are 3 possible fixes for this problem, for non-technical readers, item 2 is the one to start with, you can use the Fujitsu Desk Update facility to get the latest BIOS and Drivers for your system and these are also available from the Fujitsu website.
1) Update the BIOS:
The fix (a microcode update for the processor) for this issue was implemented in the BIOS release R1.14.0 / R1.15.0
2) Update the Graphics Driver:
Updating the graphics driver “Intel HD Graphics” to the version:
32-bit: 184.108.40.20674 - 220.127.116.1174 - PV - 32bit (13/06/2016)
64-bit: 18.104.22.168.4474 - 22.214.171.12474 - PV - 64bit (13/07/2016)
3) Change a BIOS Setting:
If the BIOS setting “Package C State Limit” is set to ‘Auto’ change it to ‘C0’, this BIOS item can be found under Advanced – CPU Configuration
The correct installation and termination of Network cables are essential for the effective, efficient and trouble free provision of a network throughout any building.
We see on a weekly basis, incorrectly terminated and poorly installed networks and in the vast majority of cases the installation has been completed by the Electricians that were employed to do the Electrical Wiring - a case of "oh we can do that" from them and "well its got to be ok because it is cable like any other" from the client who wants and easy life and the lowest cost.
I am very much aware that some Electrical installers are trained and certified to install networks, and there are a lot of these around and there is no issue at all with the work that they do, however when we are called to a "new build" and are presented with a handful of cables, solid cored with Cat5E or CAT6 cable and crimps stuck on the end with straight through 1:1 connections I really despair!
In this small technical article all we are asking is that they do the basics.
"All Cable is not equal" - Use decent cable from a reputable manufacturer, if it is cheap there is a reason !
We see a lot of very cheap bulk cable that is Copper Clad Aluminium, this is a very cheap low quality cable that looks as if it is copper but at the core it is cheaper aluminium which has completely different properties. This cable will often be marked Cat5e, ANSI/TIA-568-C, ISO/IEC 11801 and/or BS EN 50173, this makes it look compliant but is only there to attract a low cost buyer. Copper Clad Aluminium can NEVER be CAT5E Compliant this is because the CAT5E Standard says simply
“the conductor shall be annealed solid copper and comply with the requirements of EN 50288-1:2003, 4.1. The conductor shall be plain or metal coated. NOTE Copper covered (clad) aluminium and/or steel conductors are not permitted.”
As a client you will not save anything on the installation cost, the difference in cost of cheap and compliant cable is very small and in the Global Scheme of things in a build is miniscule, but for the person installing it can be a nice addition to their bottom line for the job to sell you inferior cable.
Reputable Brands include Brand-Rex and Excel (our and out installers preferences)
Terminate solid cored cable in a Patch Panel/Bay and in Wall Sockets - PLEASE!
As a general rule, solid cored "Installation" cable is not meant to be terminated in a Crimp Connector, Crimp Connectors are made to be used with Multi-stranded Cable, I know that there are some specialist crimp connectors made for Solid Cable, however they are very expensive compared to standard connectors and as such are both difficult to find and also require additional work when crimping as the "blade" is chamfered and therefore requires preparation to make the connection.
You can see the chamfered crimps on this solid core crimp example.
At the cabinet end, solid cored cable should be installed in a Patch Panel when the cable is "punched down" or "Kroned" into a Patch Panel using an inexpensive tool
Using a patch panel has many benefits apart from complying with standards, because installation cable has solid cores, it is not supposed to be bent and flexed (hence another good reason why it should not be used for Patch Cables that are plugged and unplugged regularly), the cables are punched into the connectors and these break the insulation and then grip the cable sides giving very good conductivity.
At the device end, so by desks or outlet positions, you should use a CAT5E Socket, or module as an outlet so again you then connect a patch cable to the socket and to the Computer or device. Patch cables are low cost and meant to be bent and flexed, if you bend and break a solid cable, then you have to re-crimp the end again - call the electrician back ? The alternative is to replace the patch cable which takes seconds and costs little.
Never use solid cable to make Patch Leads
Very simply - Patch Cables are meant to be bent, flexed, plugged and unplugged, installation or solid cored cable is not !
Use a wiring convention not One to One
The installation of network cables requires the removal of any possibility of cross-talk , to do this the cables are connected in a specific way. For most patch cable uses ( patch panel to device) the TIA 568B Standard will be used at BOTH ends, this is actually called a "straight through cable" even though some of the colours are not together.
TIA 568B Standard
Maximum Cable Lengths
CAT5E Cable often comes on 305 Metre Boxes, this does not mean that you can install a 305M cable!
For CAT5E. the maximum length of a single cable run is 90M, that is the standard. If you need to go further than this then you should look at alternative technologies. It is correct that if you make a 150M cable. it may work now, but as speeds and requirements increase it will at some point become unreliable, but it will fail any test for compliance. Stick to 90M on a single run and you will not have problems with anything that supports the CAT5E Standard.
Don't Bend it like ...
The MAXIMUM bend radius for CAT5E and CAT6 Cable is 4 x the diameter (Cat5E approx 15 mm, Cat6 is thicker so approx 25 mm ), any tighter and you will find that you can experience problems with higher speed communications, and of course again is it not within the CAT5E/CAT6 Specification.Cat5E in Blue, Cat6 in Orange gives you the idea.
Testing and Certification are not the same
If you want to certify a network installation (and this should be the normal procedure) you will use a certification device to check the cable installation again the relevant specification, every cable that has been installed should be Certified and a printout of the test given to the client for every one. Many cabling systems such as BrandRex when certified by a trained installer will come with a 10 year guarantee against failure.
Continuity testing ONLY confirms that that the cable is connected in a way that is the same at both ends, that is it, nothing more, it does not say that the cables are connected to the correct standard ( this requires physical and electrical test) it does not say that a cable is too long, that it has a kink in it, that is has been pulled around a tight corner, it can handle the maximum network speed for the particular category of cable and lots more.If you don't get a report like the one below, then your network has not been certified (you should get one of these reports for EVERY connection in your installation).
If you are installing to a standard then meet it
Installing to the CAT5E or CAT6 Standards does mean buying cable that has the text stamped on it !If you are installing to Standards then a good guide and overview can be found here(please note that this link takes you to an external site over which we have no control of the content)Our stance on cabling
We do not install CAT5E or CAT6/6A Cabling, we decided that it had become much too much of a specialist job 10 years ago. We found a partner company PSP Data Communications (www.pspdatacomms.com) who we use and subcontract all our network cabling requirements from CAT5/6/6A and Fibre and since that time we have never had a single issue with network reliability or performance ( ok we have had rats chew cables in lofts and barns, but this was not an installation problem!).
If you would like to discuss any of the points raised above then feel free to get in touch - 01948 820787.
Wireless networks are improving all the time and the versions of wireless that you see on devices vary greatly in performance and range, however some of the results of testing are quite revealing.
Year of Release
300 Mbps (2 Antenna)
2.4 GHz & 5 GHz
Modern devices should be N or AC, N provides more connectivity as it supports the older 2.4 Ghz frequency where the newer AC wireless connects only to 5Ghz so will not connect to older routers.
The big thing for many is speed, AC has the edge here by a long way and the range is better on the 5Ghz system, generally due to the lower levels of interference as the 5Ghz spectrum is not as cluttered .. so if you have a large farmhouse with thick walls, wireless AC will generally outperform all the older protocols even though theoretically the 2.4Ghz range can transmit further !