Best IT Blog

Caring for Archives

Posted in Compliances (1300) by Guest on the May 31st, 2010

Physical maintenance of the records

All metal paper clips, rusting staples, and rubber bands should be removed.

Documents should be in containers that prevent dust from entering

Large items should be stored flat.

The ideal storage area for records:

Amenable to consistent environmental control (temperature and humidity)

No water pipes running nearby

Little or no natural light

Why does paper deteriorate?

Wood pulp = acid content = slow burn

Any paper manufactured since the mid-19th century, unless it is of the type designated permanent/durable or acid-free, has an expected useful life of less than fifty years.

What is the best defense against paper deterioration?

Environmental controls

A chemical reaction is taking place in acidic paper, and this reaction is accelerated by high temperatures and high humidity

Ideal temperature: 60-68 degrees F

Ideal relative humidity level: 40-60%

If ideal conditions cannot be reached, try to maintain

CONSISTENT conditions

Preservation common sense:

Some records are valuable as physical artifacts while others are valuable primarily for the information they contain.

For some deteriorating items, photo-copying them onto acid-free paper and discarding the originals makes more sense than spending money to deacidify, repair, or encapsulate them.

Optical scanning and digitization are the most stable way to preserve records


Repairing materials:

NEVER use cellophane tape

Get some basic supplies:

archival repair tape

wipe cloths

acid free paper


Special needs for photographs

1) Never label photographs on their reverse with ballpoint pen. The ink may bleed through to the front. Reference numbers on mounts should be written discreetly in light-resistant ink. Reference numbers on the back of photographs that have not been mounted can be written with a soft pencil that leaves a clear mark.

2) If possible, put photographs in chemically stable polyester or paper sleeves (e.g., made of a material such as Mylar, or acid-free paper.) Such sleeves help prevent curling of photographs and reduce physical contact with the photos. It is also possible to label the sleeves with identifying information or to insert a separate written label inside the sleeve.

3) If it is not feasible for you to use sleeves, be sure to store the photographs in such a way that they will not curl over time and will not be subject to excessive handling.

4) Photographs should be handled with cotton gloves, or held by the edges to avoid skin contact with the image.

5) Photographs are very susceptible to water damage and should not be stored near sources of water. If you ever have a flood situation in the archives, be sure to rescue the photographs first.

6) Photographs are susceptible to insect damage, so may be best stored in a metal container if insects are likely to be a major problem.

7) Photographs should not be scanned or photocopied repeatedly.


Special needs for films and videos

Be aware of the dangers of nitrate film

Make a video cassette use copy for films;

Store videos upright with tape on bottom.

Rewind films and videos periodically


Electronic records:

The conservative stance for a repository to take regarding electronic records is to require that all records be deposited in hard copy.

This stance will be increasingly untenable as organizations and individuals wholeheartedly enter the electronic age.

Even now, there is a danger in requesting hard copy printouts of records to be saved. The extra steps of selecting and printing records to be saved will inevitably limit the number and variety of records saved.


Basic strategies for preserving electronic data:

Medium refreshing: copying data from one physical carrier to another of the same type, e.g. backing up a hard drive, diskette, or CD ROM.

Medium conversion: transferring electronic data from one medium to another – this might mean transferring to a non-digital medium.

High quality acid neutral paper can last a century or longer and archival quality microfilm is projected to last 300 years or more. Paper and microfilm have the additional advantage of requiring no special hardware or software for retrieval or viewing

Format conversion: converting the data format in order to reduce the number of different formats being used in a particular setting, e.g. converting WordPerfect word processing files to a Word format.

Migration: converting the data so that it can operate with different hardware and software than originally intended. This could involve transferring data to a central server or computer housed in the archives.

The most important thing that an archivist can do at this point is to work with those generating the records to raise their consciousness about the problems involved in preserving electronic data. If records are received in electronic format, repositories may need to reformat them at intervals to avoid obsolescent formats and the need for obsolete hardware.

A schedule should be put in place, and a particular person made responsible, to intentionally verify at specific intervals that the following types of electronic data are still readable:

Word processing and web documents

Disaster preparedness

A disaster plan in the event of fire or flood should be an integral part of any repository’s program.

It is important to have the plan in written form because of potential chaos and confusion at the height of the emergency

If there should be water damage, it is best to rescue photographs, microfilm, and any materials with coated paper first.


Comments Off on Caring for Archives

The Loss of Corporate Knowledge

Posted in Business (600),Security (1500) by Guest on the May 31st, 2010

The challenges are related to people and strategy:

Attracting & Retaining Talented People                                                      9%

Identifying the Right Team/Leader for Knowledge                              15%

Defining Standard Processes for Knowledge Work                                 24%

Setting the Appropriate Scope for Knowledge Initiatives                 24%

Mapping the Organizations Existing Knowledge                                     28%

Justifying the Use of Scarce Resource for Knowledge Initiatives    34%

Determining What Knowledge Should be Managed                               40%

Measuring the Value and Performance of Knowledge Assets           43%

Changing People’s Behavior                                                                            56%


People contribute to knowledge bases

Process – Embedded in core processes

Content – Consistent with strategy

Technology – Just-in-time’ delivery

People contribute to knowledge bases

    • Process – Embedded in core processes
    • Content – Consistent with strategy
    • Technology – Just-in-time’ delivery
Comments Off on The Loss of Corporate Knowledge

Management and Support Planning

Posted in Data Center - SOC - NOC by Guest on the May 30th, 2010

Planning Fundamentals

Understand: “To perceive and comprehend the nature and significance of”

Communicate: “The exchange of thoughts”

Involve: “To contain or include”

Document: Take notes, write everything down  

Technical Architecture     

Establish a Technical Architecture and use it!!!

TA is the hardware, operating system, applications software, transmission medium, and methodology for an information platform.

Standards Based

Security & Disaster Recovery  

Implement and follow standards

Visual standards

Development standards

Documentation standards

Page – file – directory standards


Backup and disaster recovery standards  

Document – “Write it Down”

Reduce revisits

Develop a TO DO List

Self documents the project process

Reminds you what you did months later

Reduces lost ideas  

Keep current and train staff to:

Reduce errors

Reduce stress

Reduce delivery time

Reduce life cycle cost of application  

Use outside expertise to:

Plan new projects

Address areas that you do not know well

Do implementations that you will only manage

Test security

Use a life-cycle approach

Use tools that provide real benefit

Monitor system performance to ensure stability and acceptable response time  

Review and test security

Support Summary

Systems Approach

Planning Fundamentals

Technical Architecture



Life-Cycle Approach


Comments Off on Management and Support Planning

Common Sense Identify Theft

Posted in Compliances (1300) by Guest on the May 30th, 2010

Identify Theft

With very little information, the criminal can financially drain bank accounts and charge an enormous amount of debt. Identity theft is a growing problem in the United States today. Identity theft occurs when an unauthorized person uses another individual’s personal data and assumes that person’s identity in making financial transactions. In order to commit identity theft, a person somehow gains access to another person’s identification, such as a driver’s license or Social Security card, credit card accounts, and/or bank account information.  

Here are some general guidelines for protecting yourself from identity theft:

Do Not Give Your Social Security Number Or Driver’s License Number To Anyone Unless An Organization Or Business Has A Legal Right To Request That Information.

Safeguard Your Checkbook And Identification When Making Purchases At Stores.

Avoid Providing Your Birthdate And Your Mother’s Maiden Name, Unless Required By Law. (Your Mother’s Maiden Name Is Often The Keyword To Gaining Entry To Credit Card Accounts Via The Telephone.)

Avoid Providing Too Much Personal Information On Warranty Cards, Registration Cards, Etc.

Check Your Bank And Credit Card Statements Very Carefully. Report Any Discrepancies Immediately To The Respective Financial Institution.

Avoid Making Online Purchases From Obscure Organizations On The Internet. Research The Organization Before Making A Credit-Card Purchase.

Do Not Give Your Credit Card Number To Internet Auction Sellers. Use A Money Order, Cashier’s Check, Or An Intermediary Financial Organization, Such As Paypal, To Pay For Online Purchases.

Keep Your Credit Card Receipts To Compare To Your Monthly Statements. When You No Longer Need These Receipts, Shred Them; Do Not Throw Them Away In Complete Form.

Shred All Unwanted “Junk Mail” From Financial Organizations That Offer Credit Cards.

Comments Off on Common Sense Identify Theft

TGIS – Sample Engineering Design / Development Considerations

Posted in Business (600) by Guest on the May 30th, 2010

Route Design and Seasonal Field Activity Cycles

Route Design & Analysis – Happens continuously, but there are critical points where data and map products are required in a timely manner to support the following activities.

Thaw Settlement Calculations

Frost Heave Calculations

Pipeline Design Criteria

Stress Analysis for Frost Heave

Stress Analysis for Thaw Settlement

Thermal-Hydraulic Modeling

Facility and Road Design

River Crossing Design

Landform Engineering Properties

Material Site Selection and Access

Geo-hazards Studies

Compressor Stations

Pipeline Construction Support & Logistics

Pipeline Design Characterizations

… and many others


Seasonal Field Activities – There are two field seasons, Winter and Summer. Each requires data and map products in a timely manner to support engineering and sub-contracting personnel that work in the field.

Soil Temperature Monitoring

Soil Surveys

Fault Studies

Landslide Studies

Hydrology Studies

Geotechnical Boring

Stream Crossing Studies

Thermal-Hydraulic Model Testing

Landform Ground Truthing

Routing Studies


Comments Off on TGIS – Sample Engineering Design / Development Considerations

Introducing Firewalls

Posted in Firewalls (75),Security (1500) by Guest on the May 29th, 2010

Firewall Advantages and Limitations

Now that the theory behind a firewall has been presented, this section will focus on examining the several kinds of firewalls available as well as highlighting the kind of protection they can offer. The position that a firewall sits with respect to the rest of the network restricts entry to the system to a single, carefully controlled point. This point is usually where the internal network connects to the Internet. This then allows the firewall to act as a choke point that provides a significant amount of leverage over controlling the amount, and kinds of traffic that will pass to the internal network. As was mentioned in passing earlier, it is now obvious that a firewall can be seen as a method of preventing attackers from getting close to your network’s other defences present at the host level. A firewall will limit the systems exposure to potential threats as well as provide an efficient place from which to log Internet activity. Keep in mind that no security model protects against every possible attack, but aims to make break-ins rare, brief and inexpensive.

As well as understanding what a firewall can do, it is equally as important to understand what a firewall cannot do. No matter what kind of firewall is being considered, all of the below limitations are present to some degree.

1. A firewall will provide no protection against malicious insiders. Once an attacker is inside the firewall, it can do very little to protect you.

2. A firewall cannot protect against connections that don’t go through it. To obtain the best protection from a firewall, all ways into the system must pass through a firewall. This implies that one site could choose to have any number of firewalls present.

3. Since a firewall is designed with today’s threats in mind, you can’t rely on it to protect you against completely new threats. The firewall must be kept up to date through regular maintenance activities.

4. A firewall can’t fully protect against viruses. A firewall could look at every single packet that enters the system, but they are not designed to detect whether a packet contains part of a valid email message, or part of a virus.

Another issue that must be brought to light when discussing the limitations of a firewall is the fact that it interferes with the Internet. Although this is more of an essential design issue as opposed to a limitation, it is true that a firewall interrupts the end-to-end communication model of the Internet. This can result in a decrease in speed, or even the introduction of all sorts of problems and annoying side effects. Integrating a firewall into a network where there previously was none, can be a difficult challenge to do transparently. 

Types of Firewalls

There are four basic kinds of firewalls in use today. The first of which are referred to as Packet Firewalls. These firewalls are usually present on a router and will effectively pass some packets and block others.

Each IP packet contains the source and destination address, the protocol (TCP, UDP or ICMP), the source and destination ports, the ICMP message size as well as the packet size. Some advantages to a Packet Firewall are:

Every network requires a router in order to connect to the Internet and so this is an attractive alternative for low budget organizations

A single screening router can protect an entire network

Simple packet filtering can be very efficient

Packet filtering is widely available

A Packet Firewall is not without its disadvantages though. The rules used to filter packets can be difficult to configure and test. The presence of a packet filter on a router can reduce its performance somewhat, but this is highly dependant on the make of the router. It is also not always possible to readily enforce a security policy by using just packet filtering on a single router. 

The second major type of firewall is known as a Traditional Proxy Based Firewall. All of the users on the system must use special procedures and network clients that are fully aware of the proxy. These proxies are specialized programs that take requests for Internet services and provide replacement connections and act as gateways to the service. There is some excellent software that is available for proxying.

There are several toolkits available that will either allow you to easily convert existing client / server applications into proxy based versions or provide you with a suite of proxy servers for common Internet protocols.

Proxy services have the following advantages:

they can be quite effective at logging, since they understand the application protocol and they can therefore only log the essential information which makes for more efficient, and smaller logs

they may also provide a form of caching, which can help to increase performance and reduce the load on network links

they can be configured to do much more intelligent filtering

since they are actively involved in the connection, they provide a place to do user level authentication

they automatically provide protection against deliberately malformed IP packets since the generate completely new IP packets to be delivered to the client

a single proxy machine can relay requests to the Internet for a number of other machines at once. The proxy machine is the only machine that requires a valid IP address, which makes proxying an easy way to economize on address space.

It can prove to be difficult to find proxy services that are as up to date as the same non-proxy service, since the development of the proxy can only begin once the new service is available. Finding proxy services for newer or less widely used services can also present a challenge. The services that a proxy provides may require different servers for each service. Setting up and configuring all of these servers can take a lot of time. One major disadvantage to proxy services is that the internal user is aware of the proxy, and documentation for applications that the user is trying to use is usually not written with the firewall in mind.

A packet rewriting firewall is the third major type of firewall and it attempts to solve the problems a firewall creates for the internal user by making the firewall transparent. It does this by taking the contents of inbound IP packets and rewriting them as they pass between the internal network and the Internet. From the outside all communications appear to be mediated through a proxy on the and from the inside it appears that each machine is talking directly to another host on the Internet.

Most proxy and packet rewriting based firewalls are effective only when they are used in conjunction with some way of controlling IP traffic between the internal clients and the servers on the Internet. Two of the most common hardware configurations used to accomplish this task are known as a screening router and a dual homed host. Both of these configurations provide a way to examine packets travelling in both directions and filter (or rewrite) them based on the sites security policy. A screening router and a dual homed host both sit between a network and the Internet. A screening router is effectively the same as a packet filtering router and a dual homed host is just a host with two NICs (Network Interface Card).

The last type of firewall to examine is known as a screen. This is another way of bisecting Ethernet traffic with a pair of interfaces, however in this case, the screen doesn’t have an IP address. It contains a complex set of rules on which it bases its decisions regarding which packets to forward to its other interface. The fact that it has no IP address makes it nearly transparent, and highly resilient to attacks over the network.

Firewalls are built with different combinations of the essential building blocks mentioned above. Using an additional two concepts provides a large number of alternate firewall architectures designed to suit any situation.

Firstly is the concept of a Bastion Host. This is a computer that represents an organizations public presence on the Internet. It is a highly secured machine that is accessible by everyone. This machine has been built and designed from the beginning to be configured as the most fortified host on the network due the fact that it is also the most exposed host on the network. It can be likened to the lobby of a building. Anyone can come in and ask questions to the people at the desk but they may not be permitted to go up the stairs or use the elevators to access the rest of the building.

The second concept is that of a subnet, or more precisely a screened subnet. This can basically be thought of as a group of computers that are all connected together on the same wire. The computers are all able to talk to one another locally, but all other connections must first pass through a router that is acting as a screen.

Now, combining these two concepts, with an exterior router, then a bastion host followed by an interior router, a perimeter network can be formed with this screened subnet architecture. This effectively places all of the machines that are most likely to be attacked together, and introduces another degree of separation between these more vulnerable machines and the rest of the internal network.


Comments Off on Introducing Firewalls
Next Page »