Inbound vs. outbound firewall rules

Inbound rules: These are to do with other things accessing your computer. If you are running a Web Server on your computer then you will have to tell the Firewall that outsiders are allowed to connect to it.
Outbound rules: These are so that you can let some programs use the Internet, and Block others. You will want to let your Web Browser (Internet Explorer, Firefox, Safari, Chrome, Opera…) have access to the Internet, so you will tell Windows Firewall that it’s allowed.

Using outbound firewalls

It’s actually rare to see an outbound firewall used because of the complexities that it introduces into the network. Oftentimes, outbound firewalls interrupt application traffic, disrupt business workflows and get users upset unless close attention has been paid to configuring the firewall in just such a way to enable everything to work.

However, in certain cases, businesses might need to filter outbound traffic. For example, an outbound firewall can be beneficial in very locked down environments that control network behavior down to the host level. Alternately, certain data loss prevention technologies may need an outbound firewall to protect specific information on the host.

How to know if laptop motherboard is bad

Many people usually blames bad motherboard if they experience problems with their laptop. But how do you make certain it’s a laptop motherboard issue and not any other component? The thing is, there are other issues caused by a specific component that may be misconstrued as a motherboard failure. To avoid misdiagnosing a problem, make sure that you read through this brief material.

Laptop Motherboard failure is one of the most challenging issues any user or technician can face simply because there are a number of variables to consider. To get down to the bottom of the issue, a technician will usually have to eliminate several software and hardware causes. Usually, there are not many signs to come by to help you diagnose a motherboard failure. A motherboard either works or not, nothing in between. Other peripherals like fans and hard drives may still work even if the motherboard is dead but your computer may still not work at all.  If you think motherboard is to blame, make sure that you consider the items below.

Physically damaged parts. The first thing that you want to do, especially if you haven’t opened a computer yet, is to physically check the motherboard. This will allow you to examine if there is any bloated or damaged capacitor causing the issue like the ones identified in the figure below.

Leaking or bloated capacitors are usually products of overheating, material defect, or plain old aging. If you can see a capacitor that’s about to blow, you can assume that the reason for your motherboard problem.

Look out for unusual burning odor. Another telltale sign of a motherboard problem is burning smell. Most of the time, a really strong burning smell is an indication that an overheated component. Sometimes, plugging in an incompatible component can lead to overheating or failure so if you’ve installed any component prior to noticing the problem, make sure to remove it right away. You cannot just install a component to any motherboard so make sure that you consider checking compatibility first. Plugging in an incompatible RAM or video card for example may lead to severe problems so as to damage the motherboard permanently.

Random lock ups or freezing issues. If you’ve noticed that your computer has been freezing up lately, the first thing that you should do to troubleshoot it is to see if software is to blame. However, if you’ve already ruled out all software factors, the next good thing to do is to consider other hardware variables, including the possibility that the motherboard may be failing.

Blue screen of death. Getting a blue screen of death on your computer does not automatically means a motherboard issue. At lot of times, the main reason may be a bad driver or hardware failure. If you can, take note of the error message, especially the error code which looks like this one (0x000000(0x000000,0x000000,0x000000,0x000000). Once you have the code, use Google to research it to see if it says something about motherboard failure.

Other symptoms can also appear such as the ones below although there’s a chance that a totally different malfunction may be causing them. Below are the additional warning signs that you should watch out for:

  • Some peripherals appear to stop working for a few seconds.
  • Computer taking a long time to boot up.
  • Motherboard does not do POST or Power On Self Test.

Reasons why a motherboard fails

Now that you’ve confirmed that your computer’s motherboard has failed, you may be wondering what causes such trouble. Well, below are some of the common reasons why a motherboard can stop working:

  • Overheating.
  • Fan failure. Dust can accumulate very fast in fans causing them to fail. Make sure that you clean the fans inside the tower at least once every year.
  • Too much dust in the system. Dust, like heat, can shorten component lifespan and the motherboard in general. Try your best to clean the inside of your computer regularly.
  • Smoke.
  • Accidental drop that subjects components to unnecessary shock.
  • Aging.
  • Power surges or unstable voltage.

RSSI

What is RSSI and what does it mean for a WiFi network?

RSSI, or “Received Signal Strength Indicator,” is a measurement of how well your device can hear a signal from an access point or router. It’s a value that is useful for determining if you have enough signal to get a good wireless connection.

Note: Because an RSSI value is pulled from the client device’s WiFi card (hence “received” signal strength), it is not the same as transmit power from a router or AP.

RSSI vs dBm

dBm and RSSI are different units of measurement that both represent the same thing: signal strength. The difference is that RSSI is a relative index, while dBm is an absolute number representing power levels in mW (milliwatts).

RSSI is a term used to measure the relative quality of a received signal to a client device, but has no absolute value. The IEEE 802.11 standard (a big book of documentation for manufacturing WiFi equipment) specifies that RSSI can be on a scale of 0 to up to 255 and that each chipset manufacturer can define their own “RSSI_Max” value. Cisco, for example, uses a 0-100 scale, while Atheros uses 0-60. It’s all up to the manufacturer (which is why RSSI is a relative index), but you can infer that the higher the RSSI value is, the better the signal is.

Since RSSI varies greatly between chipset manufacturers, MetaGeek software uses a more standardized, absolute measure of signal strength: received signal power, which is measured in decibels, or dBm on a logarithmic scale. There’s a lot of math we could get into, but basically, the closer to 0 dBm, the better the signal is.

To help leverage your signal strength measurement most effectively so you can make channel planning decisions,inSSIDer Plus displays signal strength in two ways.

Acceptable Signal Strengths

Signal Strength TL;DR Required for
-30 dBm Amazing Max achievable signal strength. The client can only be a few feet from the AP to achieve this. Not typical or desirable in the real world. N/A
-67 dBm Very Good Minimum signal strength for applications that require very reliable, timely delivery of data packets. VoIP/VoWiFi, streaming video
-70 dBm Okay Minimum signal strength for reliable packet delivery. Email, web
-80 dBm Not Good Minimum signal strength for basic connectivity. Packet delivery may be unreliable. N/A
-90 dBm Unusable Approaching or drowning in the noise floor. Any functionality is highly unlikely. N/A

What if I have an acceptable signal strength but I’m still having problems?

If you’ve already checked your signal strength using a WiFi scanning app like inSSIDer Plus and concluded that you have acceptable WiFi signal strength, then interference may be to blame. Your computer’s WiFi adapter can help you see some types of interference, but for finding non-WiFi interferers, you’ll need a spectrum analysis tool like Wi-Spy.

NVMe vs M.2 vs SATA

One of the bigger breakthroughs for PC hardware in modern memory has been the solid state drive. And with data transfer speeds many multiples of traditional 7200 RPM and even 10,000 RPM drives, it’s easy to see why. Not only are boot and shut down speeds much faster with SSDs, but all aspects of the system are sped up as well. We highly recommend them. But what about NVMe SSDs, how do they differ from standard SATA drives? And do all M.2 drives classify as NVMe? Read on while we break down the differences between NVMe vs. M.2 vs. SATA.

What is NVMe?

NVMe vs. M.2 vs. SATA
The Samsung 960 Pro is was fastest NVMe drive on the market…until the 970 Pro replaced it.

First, a quick note about SSDs – they’re fast. So fast in fact, their limiting factor is not their own hardware, but rather the SATA III connection that hard drives have traditionally used. Enter NVMe. Standing for “Non-Volatile Memory Express,” NVMe is an open standard developed to allow modern SSDs to operate at the read/write speeds their flash memory is capable of. Essentially, it allows flash memory to operate as an SSD directly through the PCIe interface rather than going through SATA and being limited by the slower SATA speeds.  Put another way, it’s a description of the bus the component uses to communicate with the PC, not a new type of flash memory. It is also unrelated to the form factor, which is why NVMe drives can come in both M.2 or PCIe card form factors. With both form factors, the component is connecting electrically to the PC via PCIe rather than SATA.

Are all M.2 drives NVMe?

No. Remember, M.2 is just the form factor. M.2 drives can come in SATA versions (like the Crucial MX500 M.2 for example) and NVMe versions (like the Samsung 970 Pro), which describes the bus they use to electrically communicate with the other PC components. SATA M.2 SSD drives and 2.5” SATA SSDs actually operate at virtually identical spec. NVMe M.2’s on the other hand, definitely do not, as we’re about to discuss.

How does NVMe speed compare to SATA?

Modern motherboards use SATA III which maxes out at a throughput of 600MB/s (or 300MB/s for SATA II, in which case, it’s time to upgrade). Via that connection, most SSDs will provide Read/Write speeds in the neighborhood of 530/500 MB/s. For comparison, a 7200 RPM SATA drive manages around 100MB/s depending on age, condition, and level of fragmentation. NVMe drives, on the other hand, provide write speeds as high as 3500MB/s. That’s 7x over SATA SSDs!

How to Delete EFI System Partition in Windows 10/8.1/8/7/XP/Vista

This page talks about what is an EFI system partition, why you cannot delete EFI partition in Disk Management and how to delete or remove EFI system partition in Windows 10/8/7/XP/Vista with Diskpart command line.

Usually, you can easily delete a partition in Disk Management. But sometimes, you can’t remove EFI system partition in Windows 10/8.1/8/7/XP/Vista because “Delete Volume” feature is grayed out. And you may encounter the similar situation when you trying to delete OEM partition, recovery partitions, system reserved partition. This page will talk about what is an EFI system partition and how to remove, deleted or format EFI system partition in Windows 10/8.1/8/7/XP/Vista.

What is an EFI system partition and why you cannot delete it?

Usually, when you successfully install Windows OS on a GPT disk of your computer, an EFI system partition (ESP for short) will be created. But what is an EFI system partition?

what is an EFI partition

Deleting EFI system partition will cause installed systems unbootable. So, EFI system partition is usually protected and locked by the Windows operating systems to prevent and avoid accidental deletion of these partitions. That’s why you can’t delete EFI partition using Disk Management tool. But in some special situation, for example, when you uninstalling Windows system, you might want to remove EFI system partition to free up some disk space. At this moment, how can you delete EFI system partition? Actually, there are two ways to do this job.  And in case something goes wrong after the operation, we recommend you to clone EFI partition to make a backup.

Method 1. How to delete EFI partition with Diskpart

Step 1. Hit “Windows Key + R to open the run dialogue box, enter “diskpart” and click “OK” to open a black command prompt window. (run with administrator)

Step 2. Type “list disk” to display all the disks of your computer. Type “select disk n” to identify which disk you need to work with. Here n stands for the disk letter.

Step 3. Type “list partition” to display all the volumes on the hard drive. Type “select partition n” to identify which partition you want to remove. Here n stands for the volume letter.

Step 4. type clean and it will erase everything. then you should re-initialized the disk

Site to Site VPN with Draytek

model: Vigor 2925 and Vigor 2926

HQ: (dynamic ip address)
a) put in the peer id  (both must same on HQ and Branch)
b) IKE pre-shared key (both must same on HQ and Branch)
Step:
1. go to vpn and remote access -> lan to lan
2. create a profile – choose dial in, enable profile
Branch: (dynamic ip address)
a) pre-shared key (both must same on HQ and Branch)
b) put in the dynamic dns from hq
c)after click advanced, select aggressive mode and put the local ID (both must same on HQ and Branch)
click advanced

Port Forward in Maxis MA131

Maxis Business fiber will having issue to setup on other router if the user want to use their phone (free line). they cannot attach to the TM modem as per this equipment is not own by maxis. If you want to use the phone line from maxis you must use their router MA131. Problem come if you want to do port forwarding when you have different firewall router which will need. what we do is to do double port forwarding.

 

below is the example of the port forwarding in maxis router.

as you can see the ip 192.168.2.3 actually is the firewall router behind this maxis router.

 

below is the firewall router. the wan ip for this router are configure as static ip receive from the maxis router. which is 192.168.2.3

what you to do is double open the port for both router.

DSX-600 CableAnalyzer

Essential certification of copper, twisted pair structured cabling from Cat 3 / Class C through Cat 6A / Class EA

The DSX-600 from Fluke Networks provides essential Cat 6A and Class EA Copper Certification featuring ten second test times and advanced user interface. Manage jobs and testers from any smart device over Wi-Fi with LinkWare™ Live. Features legendary Fluke Networks reliability backed by worldwide support.

  • Cat 6A and Class EA Copper Certification
  • Includes Channel Measurement Adapters; Optional rugged Permanent Link Adapters with removable test plug available
  • 10 second Cat 6A test time
  • ProjX™ Management System makes test setup fast and foolproof
  • HDTDX and HDTDR diagnostics pinpoint fault location
  • Integrates with LinkWare™ Live to manage jobs and testers from any smart device.
  • Quickly and easily create professional custom PDF reports with LinkWare™ PC.

Unique Features

  • The DSX-600 enables users to accomplish more than ever before by accelerating every step of the testing process
  • LinkWare Live cloud service lets the Project Manager remotely set up the testers, monitor job progress and even location from any smart device
  • ProjX™ management system eases tasks from initial set-up of a job to system acceptance. It eliminates redundant steps, and ensures that all tests are completed correctly the first time, and every time
  • Taptive™ user interface puts advanced data analysis and easy set-up and operation at the fingertips of technicians of all skill levels
  • LinkWare PC management software provides unmatched analysis of test results and professional test reports

Standards

  • TIA – Category 3, 5, 5e, 6, 6A per TIA 568-C.2 or TIA-1005
  • ISO/IEC – Class C and D, E, EA certification per ISO/IEC 11801:2002 and amendments
  • IEEE 802.3 – 10BASE-T, 100BASE-TX, 1000BASE-T, 10GBASE-T

Performance

  • Nine second Cat 6/Class E and 10 second Cat 6A/Class EA test time contributes to the fastest way to gain certification
  • Graphically displays the source of failures, the DSX-600 HDTDR and HDTDX algorithms provide quick, easy-to-understand directions to identify the point of failure (distance from the tester).
  • Manage up to 12,000 Cat 6A test results with full graphics
  • Capacitive touchscreen allows quick tester setup with easily selectable cable types, standards and testing parameters

ProjX™ Management System Manages Complex Jobs with Ease

Manage up to 12,000 Cat 6A test results with full graphics

Managing the testing of multiple jobs with multiple teams, testers, and requirements is time consuming and a source of errors. Increasingly larger jobs make project organization more important than ever. The new ProjX management system on the DSX-600 CableAnalyzer provides individual project files for all job specific details to be saved under a simple name, eliminating the need to re-enter job specific details after starting a project. This minimizes set-up errors or lost files when switching from one job to another or utilizing multiple testers on a single job. In addition, it provides test results by cable ID, merges any changes without duplicates and defaults to the last copper or fiber module installed. ProjX management system provides real time status to completion on each job with a 0-100% scale and gives the operator the option to isolate any test requiring a second look and helps to assure nothing is overlooked. The “Fix Later” selection creates a punch list or automatic to do list for correcting any workmanship issues. ProjX enables project managers and crew leaders to be truly efficient.

Performs with Unsurpassed Speed

Ten second Cat 6A test time and the fastest way to submit your certification results

No tester offers so much speed for so many tests. Complete copper certification to Cat 6A in 10 seconds . Quickly get a Pass or Fail result and easily review individual test parameters by value or drill into specific area on a graph.

LinkWare™ PC Cable Test Management Software

Leveraging the popular and multi-featured LinkWare PC management software application, DSX-600 users can easily access the ProjX management system data, generate reports, and upgrade the software in their testers. Project Managers have full capabilities to manage workflow and consolidate test results. Users can provide the finishing touch by adding their company logo to the report and offer it unaltered to their customers for system acceptance purposes. Keep your business tools simple, no matter which Fluke Networks copper or fiber tester you are using, LinkWare PC is the software package that reports it all.

Now with LinkWare PC stats, the new automated statistical report option, you can move above and beyond the page-per-link report and see your entire cabling infrastructure. It analyzes and transforms LinkWare PC test results data into charts and diagrams that reveal your cabling plant performance; this report summarizes your entire cabling infrastructure in a compact, graphical format that makes it easy to verify margins and to spot anomalies.

LinkWare™ Live Test Results Management Service

LinkWare Live is a cloud-based service that lets you manage certification jobs anytime, anywhere, with anyone on any device.  With LinkWare Live, you can:

  • Keep track of every test on every job. Get an overview of every project from any smart device. Drill down to each individual test. Instantly receive notification of incorrect test setting or cable IDs.
  • Get it right the first time. Define cable IDs and test settings from your PC or tablet.
  • Keep your testers up to date. Standards can change without notice, and an out-of-date test report can mean hours of re-testing. LinkWare Live automatically ensures your testers are running the latest.
  • Stop wasting time and gas driving testers back to the office. Upload your test results straight from the job site to LinkWare Live over Wi-Fi. Then download them automatically to the right job for fast report generation with LinkWare PC.
  • Avoid Project Delays. Track the last used location and monitor the status of all testers to ensure they are always calibrated and running the latest firmware*

How to change the listening port for Remote Desktop

To change the port that Remote Desktop listens on, follow these steps.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows
  1. Start Registry Editor.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\PortNumber
  3. On the Edit menu, click Modify, and then click Decimal.
  4. Type the new port number, and then click OK.
  5. Quit Registry Editor.
  6. Restart the computer.

Note When you try to connect to this computer by using the Remote Desktop connection, you must type the new port. Maybe you have to set the firewall to allow the new port number before you connect to this computer by using the Remote Desktop connection.

How to prevent remote users from shutting down/rebooting the Windows

Open secpol.msc from the Run menu to open “Local Security Policy”, from there navigate to Security Settings -> Local Policies -> User Rights Assignment. In that subfolder find the option for Shut down the system and add the group named Console Logon to the list then remove the other groups from the list.

Multiple port forwarding setup

 

On router 2, you need to open the port assign to the wan port  of router 1. for example 192.168.22.5 cctv use 37777 tcp

on router 1, you need to open the port assign to the DVR. for example 192.168.8.19 cctv use 37777 tcp.

 

How to Determine Your Network Cabling & Wiring Needs

The conveyance media you choose for your structured cabling implementation is determined by many factors, the most important of which are your current bandwidth needs, your network environment, your expected future bandwidth requirements and your budget. This article will address each of these primary concerns in an attempt to help you identify which cabling solution will best meet your specific requirements.

Determining Your Current Network Bandwidth Needs

Your primary concern in determining the type of cabling to use is your network’s current bandwidth requirements. This figure can vary greatly based on the size of the network (i.e. the number of workstations connected to the network). A small network of 15 workstations will generally have much lower bandwidth requirements than a network that needs to support 100 workstations. Future growth should also be factored when considering network size. If your company is expecting to double the number of employees over the next two years, then you can expect your network bandwidth needs to increase accordingly. To complicate matters further, you must also factor in the type and volume of the data traffic that your network will be supporting. For example, a small multimedia and graphic design firm with only 10 workstations will likely have much greater bandwidth requirements than a law firm consisting of 25 workstations. Again, this is due primarily to the type and volume of the data one can expect in each work environment: a single user transferring a 5-minute high definition video across the network can easily consume more bandwidth than 20 users opening MS Word and Excel files.

So how do you accurately determine your network bandwidth requirements?

There are several ways to analyze network traffic, but the best and most accurate method is to utilize a tool called a network analyzer. Among the simplest and most ubiquitous of these tools is a utility that is built into all flavors of Windows servers called Network Monitor. The Network Monitor utility gives detailed insight into traffic on a network segment and can detail broadcast traffic and specific packets transmitted to or from a machine. There are also several other third-party products such as Ethereal (free), as well commercial analyzers such as Network General Fast Ethernet Sniffer, Cinco NetXRay, AG Group EtherPeek, Novell LANalyzer for Windows, and Intel LANDesk Traffic Analyst among many others. It is important to note than when using a network analyzer to monitor your current network’s bandwidth usage, that you sample data over the course of several days (or even weeks), and that you do so throughout different times of the day. Doing this will ensure that you make the most accurate assessment of your network’s bandwidth requirements.

Your Network Environment

Your network environment plays a large part in determining the best type of cabling you should use. While optical fiber offers the fastest possible bandwidth and is the best medium for “future proofing” your network, certain environments are ill suited toward fiber optic installation. Unlike twisted copper mediums like Cat5e or Cat6, optical fiber is prone to transmission problems due to dirt and scratches on the fiber. This can be typical of dirty or dusty mechanical closets, equipment closets, and any rooms that are not clean or friendly to fiber technology. In such cases, twisted copper solutions might be the best way to go. Alternatively, certain environments cause problems with twisted copper mediums. Although Cat5e and Cat6 have much improved noise immunity than their twisted copper predecessors, they are susceptible to high RF (radio frequency) and EMI (electromagnetic interference). Hospitals for example, have tremendous RF interference problems over twisted pair cabling. A Cat5e or Cat6 cable running alongside a CAT scanner or NMR (nuclear magnetic resonance) scanner would be rendered virtually useless due to RF interference. In such environments, optical fiber is the ideal solution as it is all but immune to such interference.

Future Bandwidth Requirements

It is rare that people think to factor in the growth of a company, or the launching of new products and services when estimating future bandwidth requirements. But, failure to make an accurate assessment of future bandwidth requirements can end up costing a lot of money. Unfortunately, estimating future bandwidth is both complex and often speculative. As an example, it might seem that doubling the number of employees in a company would result in a doubling of the network bandwidth demand. Rarely is it so straightforward, however. Consider that several of the new employees might be multimedia authors, who generally have much higher bandwidth requirements. Also consider that bringing on several new sales people means bringing on the back-and-forth communication between those sales people and all their customers. Perhaps the sales department has decided to host an in-house, web-based CRM implementation — this could result in an increase in bandwidth requirements that are that are far out of proportion to the rest of the users on the network. Because of such factors as these, it is important that a network administrator have knowledge of the future plans for a business when planning a structured cabling implementation. Generally speaking, it is far less costly to “future proof” a structured cabling implementation than it is to replace the existing cabling once it becomes apparent that it is not sufficient to meet the demands of the network.

Your Budget

While working within a budget is certainly something one should consider, it must be understood that the difference in costs between Cat5e, Cat6 and optical fiber is insignificant compared to the costs involved in not using the correct conveyance media for current and future network requirements. The old adage that “it’s better to do it right the first time” certainly holds true when planning your network infrastructure. Not doing it right the first time could cost your company far more than it saved by choosing an older technology or less expensive conveyance media, not to mention that not choosing the correct media could cripple a network and bring about the wrath of it’s users. Because of this, current and future bandwidth requirements, as well as an understanding of your network environment should play a far more important role than cost in determining which type of cabling is best suited for your needs.

 

Five of the Best Web Browsing Privacy Programs

In today’s time and age, one has to take safety and security as some of their top priorities. You know how whistleblower Edward Snowden revealed that the National Security Agency (NSA) accesses the central servers of major companies like Microsoft, Google, Yahoo, AOL, Skype, Apple, Facebook, YouTube, and others.

You should always think that this agency (and several others) analyze all electronic communication devices, files, and everything else that they contain and store. You cannot tell the government to exclude you from their surveillance list. What you should do instead is to control your own web privacy.

Because of the above-mentioned revelation from Snowden, you should never underestimate the power web browsing privacy programs. You should always use cryptography and encryption software in order to keep things as private as possible.

What Encryption Is

When you encrypt data, you can send sensitive information to authorized individuals via the Internet. It features a formula that render the information unreadable or inaccessible to people who do not have the “code” or the “key.” Proper encryptions will allow only you and those who have the code or key to access the data.

Here are five of the best web privacy and encryption software you should use.

  1. AdBlock Plus

One of the most commonly sought-after browser extensions, this open source community project addresses a lot of the annoying issues that come with intrusive and sensitive-data-stealing online ads. Its motto, which is: “We want to make the Internet better for everyone. Purging bad ads is a good start,” aptly describes what they can do for their users.

  1. EasyList & EasyPrivacy

Created specifically for AdBlock users, these subscriptions contain filter lists that, when activated, automatically eradicates unwanted ads and unauthorized tracking from all your web activities. With these two enabled, you no longer have to worry about web bugs, information collectors, and tracking scripts. In other words, you can ensure your personal data, specifically the sensitive ones, remain private and secure.

  1. Ghostery

Ghostery, a web monitoring tool, turns you into a detective by having more than 1200 trackers containing information about annoying and data-stealing ad networks, web publishers, and data providers among many other companies that want to be privy of your web activities, Internet behavior, and other net-concerned habits.

  1. Tor Browser

Another open source tool, Tor makes your Internet activities anonymous. It comes bundled with a browser that you can use for Linux, Windows, and Mac operating systems without having to install any other unnecessary software. Its primary functions are to prevent anyone from gaining knowledge of the sites Internet users visit, prevent websites from learning your physical location, and provide you with access to blocked or banned websites.

  1. HTTPS Everywhere

With HTTPS Everywhere, you can make sure every website you enter and visit starts with https://. This means that all sites you visit go into an encrypted mode. You can use for both Mozilla Firefox and Google Chrome (BETA).

 

Do not allow your websites and all web-related activities to become privacy concerns. Start using these programs and extensions now.

ref: https://www.buycpanel.com/five-best-web-browsing-privacy-programs/

Factory Reset OS

Below is some guideline of the shortcut key to perform the factory reset for following brand of PC/Laptop

Acer – Alt + F10

Asus – F9

Dell/Alienware – F8

HP – F11

Lenovo – F11

MSI – F3

Samsung – F4

Sony – F10

Remote IT Support

10 reasons why use remote IT support

1. Efficiency

There’s no way around the fact that if you have to drive to every client, you’re spending precious time (time that could be billable) in your car. Instead of a fifteen to thirty minute drive, why not make that a fifteen second dial of a phone number? You’ll be getting more done, faster, thereby you’ll be billing more hours and working far more efficiently. Yes, you’ll have the downtime of getting clients connected to you – but most often that is a fairly painless process (there are of course those clients that simply don’t get what “open your web browser” means).

2. Cost effective

Doing remote support means you’re not using gas or adding wear and tear to your vehicle. It also means fewer chances of accidents while driving (so cheaper insurance rates). Remote support can also save your budget in many, varied ways: Eating lunch at home, less budget spent on clothing, and even less money spent using your smartphone data plan to look up information for the job at hand.

3. Green

Again we return to vehicle usage. When doing remote support, you’re not driving. When not driving, you’re not adding to the greenhouse gas issue. Having a greener overall footprint can help you in many ways. First, you can find possible tax credits. Second, your reputation for being a conscientious business will precede you – thus helping to win you over more clients. But this issue shouldn’t necessarily be about winning over clients…right?

4. Client-friendly

How many times have you stepped into a job to find the clients to be less than happy you are on site? Whether it’s due to bad timing, impossible scheduling, or what – there are instances when you arriving at a client location is less than ideal. When that occasion arises, it can quickly escalate into you not getting much work done (or worse, working under a pressure you don’t need). Avoid this by offering remote support for those clients that would rather hear you, than see you.

5. Multi-tasking

When you work remotely, you can do as many jobs as you can juggle. I have, on more than one occasion, had six remote sessions going at one time. If each of those appointments takes an hour to resolve, that’s six billable hours taken care of in one hour. This type of situation, of course, must be handled with care. You cannot bill a client for an hour when the job would have taken significantly less time had you not been double-dipping. If handled properly,  remote support enables you to get much more done in less time.

6 After hours

Remote support also allows you to work after hours. This, of course, is not for everyone. But there are certain situations (such as Windows updates – especially on servers) where working after hours is the only way to get something done. For those times, you’ll be glad you offer remote support. I have run into numerous instances where a client had a problem but didn’t have time for me to work on said problem until they were out of the office. Remote support – perfect solution.

7. Work from home

I have to confess…I’m a big fan. Why? Why not? Working in my PJs, working at my own pace, working within a safe and known environment…what is there not to like? I always find, when I’m working within a comfortable environment, I work better. Injecting remote services into your business model is the easiest means of making the work-from-home model work for you.

8. Fast response

The difference between hopping in your car and dialing a phone number could be crucial. This is especially true when you’re dealing with failing machines or clients that demand immediate turn around. Your clients will greatly appreciate the super fast contact times and you will be glad for the quick resolution of issues.

9. Controlled environment

Like working in your most comfortable pajamas, working in an environment you can control will go a long, long way to helping you get your work done as efficiently as possible. When working on site, there is no way you can control the variables thrown your way. This is also very much dependent upon the client. If you’ve ever done support for a retail client, you know trying to get anything done inside the business (especially during business hours), is nearly impossible. When working remotely, you don’t have to worry about customers or clients getting in your way.

10. Less intrusive

There are clients that simply don’t want you there. There are also clients you don’t want to be around. Doing remote work avoids this trap all together. You won’t have to feel like you are in the way of someone else doing their job or feeling unwanted (which certainly does nothing to make a job more efficient). A lot of clients greatly appreciate it when you can get their technology back up and running smoothly from behind the magic curtain.

Not every job can be handled remotely. Considering remote work depends upon a solid network connection, and it should be pretty obvious there will be times when you will simply have to be on site. But when you have the choice, working remotely sure makes the job easier in many ways. If you have the opportunity to add remote service to your menu, give it a try…both you and your clients will be glad you made the addition.

ref: http://www.techrepublic.com/blog/10-things/10-reasons-you-should-offer-remote-support-to-your-clients/

Window Life Cycle

Every Windows product has a lifecycle. The lifecycle begins when a product is released and ends when it’s no longer supported. Knowing key dates in this lifecycle helps you make informed decisions about when to upgrade or make other changes to your software.

End of support

End of support refers to the date when Microsoft no longer provides automatic fixes, updates, or online technical assistance. This is the time to make sure you have the latest available update or service pack installed. Without Microsoft support, you will no longer receive security updates that can help protect your PC from harmful viruses, spyware, and other malicious software that can steal your personal information. For more information go to Microsoft Support Lifecycle.


 Client operating systems  Latest update or service pack  End of mainstream support  End of extended support
  Windows XP  Service Pack 3  April 14, 2009  April 8, 2014
  Windows Vista  Service Pack 2  April 10, 2012  April 11, 2017
  Windows 7*  Service Pack 1  January 13, 2015  January 14, 2020
  Windows 8  Windows 8.1  January 9, 2018  January 10, 2023
Windows 10, released in July 2015**  N/A  October 13, 2020  October 14, 2025

 

ref: https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet

QNAP Launches QTS-Android Combo NAS TAS-168/268

TAS-x68_Release_en

Taipei, Taiwan, December 1, 2015 – QNAP® Systems, Inc. today announced the world’s first and only QTS-Android Combo NAS – TAS-168 and TAS-268, which support QTS & Android dual systems. Both systems share the same storage database, allowing users to simultaneously access media files and documents from QTS and Android. With a compact mini-tower design, the TAS-168/268 comfortably fits in homes and small offices/workspaces. Coupled with up to terabytes of storage capacity and 4K (H.265 & H.264) HDMI-out, the TAS-168/268 is the optimal budget-friendly multimedia NAS with unlimited app applications for modern digital lifestyles.

“The QNAP QTS-Android Combo NAS TAS-168/268 is an unprecedented network storage center for file storage, backup, remote access and diverse Android applications,” said Hanz Sung, product manager of QNAP. “Users can enjoy video streams, use apps and manage files on a big HDMI display instead of sliding and tapping on a small screen. The TAS-168/268 makes the personal cloud experience more flexible and enjoyable.”

Powered by an ARM® v7 1.1GHz dual-core processor with 2GB DDR3 RAM, the TAS-168/268 supports terabytes of storage capacity and is designed as a media NAS optimized for home use. Users can simply connect a keyboard, mouse and HDMI display to directly manage, edit and play files stored on the TAS-168/268 via Android, without needing an additional PC. Using TAS is extremely easy as the Androidexperience is the TAS experience, and users can freely control their multimedia experience with the bundled remote control.

With the TAS-168/268, users can download various videos and educational apps from Google Play on Android, or install QNAP apps and access other app marketplaces from Qmarket. Whether enjoying 4K (H.265 & H.264) videos, streaming videos from Android apps, using apps as e-learning tools or centrally managing files, the QTS-Android Combo NAS TAS-168/268 is a great choice for enjoying infinite applications and fun.

In addition to working independently, the TAS-168/268 can also be used with another QNAP NAS to handle more applications. QTS RTRR/rsync functions helps back up files on the TAS-168/268 to another NAS. With the Android interface displayed via HDMI, users can use apps like Qphoto, Qmusic and Qvideo to browse multimedia files on another QNAP NAS, or install the Vmobile app to monitor IP cameras from the Surveillance Station of another NAS. With another NAS using QTS 4.2, users can activate the remote connection function in File Station to manage share folders in the TAS-168/268 through FTP, WebDAV, and CIFS/SMB.

With various VPN apps available in Google Play, users can stream media contents from blocked sites, or create a secure OpenVPN tunnel between the TAS and another NAS to process remote backup tasks. The TAS-168/268 is also a great file center for synchronization. Users can synchronize their files across multiple connected devices using Qsync or use Cloud Drive Sync to synchronize files to Google Driveand Dropbox®.

The TAS-168/268 provides an easy way to create a secure personal cloud which alleviates the storage limitations and data security concerns of public cloud services. myQNAPcloud provides multiple remote access services for users to conveniently access, manage and share multimedia files on the TAS-168/268 from anywhere with a web browser. Users can also access and browse files on TAS-168/268 by using QNAP mobile apps including Qfile, Qphoto, Qmusic, Qvideo and Qmanager.

Key specifications of new models

  • TAS-168:1-bay mini-tower NAS
  • TAS-268:2-bay mini-tower NAS

ARM® v7 1.1GHz dual-core processor, 2GB DDR3 RAM; 3.5” SATA 3Gbps HDD; 1 x USB 3.0 port; 4 x USB 2.0 port; 1 x Gigabit LAN port; 1 x HDMI output

adapt from https://www.qnap.com/i/en/news/con_show.php?op=showone&cid=457

Average Temperature of The Processor

The appropriate operating temperature of your processor depends on its manufacturer, top clock speed, where the sensor is located, and what programs it is currently running. However, this document should give you a general idea of what temperatures are acceptable under certain conditions.
The majority of today’s desktop processors should not exceed temperatures of 35°C and most run between 21°-32°C. Below is a chart listing many types of processors and their average temperatures. Keep in mind, this is only to give our users a general idea of what their processor should be running at. If you believe your computer is running too hot, you can skip to the bottom of this document for information about the safe temperature range for your processor.

Processors Average temperature
AMD A6 45°C – 57°C
AMD A10 50°C – 60°C
AMD Athlon 85°C – 95°C
AMD Athlon 64 45°C – 60°C
AMD Athlon 64 X2 45°C – 55°C
AMD Athlon 64 Mobile 80°C – 90°C
AMD Athlon FX 45°C – 60°C
AMD Athlon II X4 50°C – 60°C
AMD Athlon MP 85°C – 95°C
AMD Athlon XP 80°C – 90°C
AMD Duron 85°C – 95°C
AMD K5 60°C – 70°C
AMD K6 60°C – 70°C
AMD K6 Mobile 75°C – 85°C
AMD K7 Thunderbird 70°C – 95°C
AMD Opteron 65°C – 71°C
AMD Phenom II X6 45°C – 55°C
AMD Phenom X3 50°C – 60°C
AMD Phenom X4 50°C – 60°C
AMD Sempron 85°C – 95°C
Intel Celeron 67°C – 85°C
Intel Core 2 Duo 45°C – 55°C
Intel Core i3 50°C – 60°C
Intel Core i5 50°C – 62°C
Intel Core i7 50°C – 65°C
Intel Pentium II 65°C – 75°C
Intel Pentium III 60°C – 85°C
Intel Pentium 4 45°C – 65°C
Intel Pentium Mobile 70°C – 85°C
Intel Pentium Pro 75°C – 85°C

Sync your clock with the domain controller

The quickest way to synchronise your clock with the domain time, open a command prompt window and type:
NET TIME /DOMAIN

To force a computer to synchronize its time with a specific computer, send the following command:

NET TIME \\<MACHINENAME> /SET /Y

-or-

NET TIME \\<IP Address> /SET /Y

Where <MACHINENAME> is the domain controller computer name, or IP address.

Disable/Enable Command Prompt

Command Prompt is a feature of Windows that provides an entry point for typing MS-DOS (Microsoft Disk
Operating System) commands and other computer commands. The most important thing to know is that
by typing commands, you can perform tasks on your computer without using the Windows graphical
interface. Command Prompt is typically only used by advanced users.

Disable:

When you open Command Prompt this message will be displayed:
The command prompt has been disabled by your administrator.
Press any key to continue …
wpfe99888a_01
Gpedit:

Warning Computers running Windows Vista Home do not have access to Group Policy (gpedit.msc)
This method shows you how to Disable/Enable Command Prompt from Group Policy
Please perform the following steps:
Type gpedit.msc and press Enter
In the Group Policy window please navigate to User Configuration> Administrative Templates>
System and open Prevent access to the command prompt
The Default state is Not Configured and Command Prompt is Enable
To Enable cmd select
Disable
To Disable cmd select Enable


Backup Solution for Business

QNAP Turbo NAS performs as an ideal backup center, with large storage capacity and excellent file transfer speed to greatly assist businesses on efficient backup tasks. In addition to being a backup center, the Turbo NAS can also have its data backed up to external storage devices, remote servers, and third-party cloud backup services easily and conveniently.

e2_Apple-Time-MachineFree PC backup utility for Windows users

The QNAP NetBak Replicator, a license-free backup utility provided with any Turbo NAS unit to execute data backup on Windows OS, helps users back up files from Windows PC – entire disk drives, documents, pictures, music, videos, fonts, emails, and more – to one or multiple Turbo NAS units on the network. Besides, NetBak Replicator also supports backing up to a remote server via FTP and WebDAV. The operation is very simple, and the data backup can be done in just a few clicks by the settings of real-time synchronization, scheduled backup and auto-backup.

The enhanced QNAP NetBak Replicator utility comes with many advanced features to help you easily back up data on Windows PC to the Turbo NAS.

  • Runs as a background service without login session required
  • Allows silent installation for administrators to deploy NetBak Replicator by Group Policy (GPO) on computers quickly without interruption
  • Creates VSS snapshot of VM or database on the Windows, and backs up the content of the snapshot to the Turbo NAS
  • Supports VHD/VHDX (Virtual Hard Disks) backup

Apple Time Machine supportThe Turbo NAS supports Apple Time Machine and provides Mac OS X users with an effortless solution to back up data to the Turbo NAS. This greatly saves cost of purchasing an external hard drive for every Mac user in order to back up their data. Besides, configurable storage quota for backup jobs is allowed so that IT administrators can arrange a certain amount of capacity dedicated for Mac data backup.

e2_Double_protectionBack up to external drives

By connecting external drives to the Turbo NAS via the eSATA or USB ports, IT administrators can easily configure and copy the shared folders on the Turbo NAS to the external devices. The external hard drive backup supports multiple backup tasks, email notifications, and scheduling, giving IT administrators more flexibility to arrange data backup.

With the supports of external drives in EXT3, EXT4, FAT32, HFS+, and NTFS format and high-speed read/write performance, the Turbo NAS can back up data to these devices and restore the data in Mac and Windows environment.

Advanced external drive backup options allow IT administrators to replicate data to designated local disk volume. When setting up multiple external drives as backup destination, each backup task will be correctly mapped to the corresponding external drive even after the external drives are repeatedly removed and plugged back. IT administrators are rest assured data backup is always functioned correctly.

In addition, the Turbo NAS is compatible with various renowned backup software on the market, such as Acronis® True Image, CA® ARCserve Backup, Retrospect®, Symantec® Backup Exec, LaCie® SilverKeeper and so on. Companies that have already adopted such backup software can immediately back up Turbo NAS data to the external drives by means of the third party backup software.

Backup center

The Turbo NAS is an inclusive backup center to safeguard important business data.

QNAP NetBak ReplicatorThe QNAP NetBak Replicator helps back up files from Windows PCs to one or multiple Turbo NAS units on the network. The operation is very simple, and the data backup can be done in just a few clicks of the settings in real-time synchronization, scheduled backup and auto-backup.

Apple Time Machine

The Turbo NAS supports Apple Time Machine and provides Mac OS X users with an effortless solution to back up data to the Turbo NAS. Besides, configurable storage quota for backup jobs is allowed so that IT administrators can arrange a certain amount of capacity dedicated for Mac data backup.

Third-party backup software

The Turbo NAS is compatible with various renowned backup software on the market, such as Acronis® True Image, CA® ARCserve Backup, Retrospect®, Symantec® Backup Exec and so on.

2-way sync

QNAP’s RTRR (Real-Time Remote Replication) service allows scheduled data backup to synchronize shared folders between two Turbo NAS units, ensuring the synced Turbo NAS will always have identical data. The 2-way synchronization provides better backup efficiency and improves office and branch collaboration.

product_RTRR

Window 10

Are you a Windows 8 user? Still using Windows 7? Either way, you’ll love Windows 10.

Over the six years since Windows 7 was released, Microsoft has made its PC operating system far more intuitive and powerful by packing it with tablet- and smartphone-like features.

Windows 10 has a Start Menu, just like Windows 7 — only better.

On the left Start Menu column, you’ll find a list of your most used apps, most visited folders and recently added software. There’s also a button that will show you all your apps in a single list.150220164556-windows-10-start-menu-small-780x439

 

On the right part of the Start Menu, there is a grid of app tiles that you can arrange however you like. The “live” tiles will show you updates, such as the latest stock prices, the last show you were watching on Netflix, social media updates, weather, news and sports scores.

150220164656-windows-10-start-menu-large-780x439

If you want, you can take the Start Menu full-screen by clicking the “expand” button — it’s kind of like having a tablet or smartphone screen for a desktop. But, crucially, it’s only there if you want it. The default is the familiar Windows desktop experience.

Windows 10 provides some design changes that Windows 7 users will welcome. For example, taskbar icons glow at the bottom when they are opened, but only the app icon that is currently being used is completely highlighted. In Windows 7, all open apps are highlighted, confusingly.

150220164423-windows-10-files-780x439

Folder icons are far less glitzy and much more intuitive in Windows 10, making it much easier to view the contents of the folder at a glance before you open it. Gone is the confusing and redundant “libraries” directory. The task manager is also much simpler to use.

Windows 7 users should be unafraid of upgrading when Windows 10 hits store shelves later this year. There is hardly any learning curve, and the new bells and whistles alone are definitely worth checking out.

Better than Windows 8: So what if you’ve upgraded to Windows 8? Here are the big differences you’ll notice in Windows 10.

Windows 8’s odd tablet-style layout was confusing to Windows die-hards. You won’t find Windows 10 difficult to use. Windows 10 boots straight to the desktop, and it stays there.

If you have a convertible laptop or Windows tablet, Windows 10 has a “tablet mode” that recognizes when there is no keyboard or mouse present. But rather than make two separate tablet and desktop interfaces like Microsoft did for Windows 8, Microsoft chose to make the Windows 10 desktop and apps more finger-friendly for tablet users. They only morph a little to fit the device they’re running on.

So if you download a “modern” app from the Windows Store, it will run in a window, just like standard Windows software. The only difference is that it has a diagonal arrow button between the “close” button and the “expand” button at the top right of the window. That will take the app into “tablet mode,” going full-screen. But you can easily get out of that by moving the mouse to the top of the screen and clicking the button again.

Windows 8’s unhelpful charms bar has been replaced with the Windows 10 action center. There, you get notifications and access to handy quick settings, such as brightness controls, airplane mode, Wi-Fi and tablet mode toggles.

150220163923-windows-10-action-center-780x439 150220164656-windows-10-start-menu-large-780x439

Also different is Windows 8’s app-choosing feature, that let you go back to the last-used app by swiping in fro the left. It has been replaced with a far more useful display of all your open apps on a single screen.

Touchscreen users can access the action center with a swipe in from the right, just as they can view all the open apps by swiping in the from the left. But, mercifully, Windows 10 put buttons for both on the taskbar so mouse and keyboard users won’t accidentally launch those features by putting the cursor too far to the left or right.

Window 10’s New Features: Windows 10 isn’t just about correcting Windows 8’s mistakes, though. There are new features that Windows 8 users will love.

The coolest new feature is Cortana, Windows 10’s version of Siri, which appears net to the Start button on the taskbar.

“She” has a sense of humor (“I know Siri, but I don’t KNOW her, know her, if you get what I mean,” Cortana says in response to an obvious question). But in addition to barking voice commands and queries, the search feature is genuinely helpful.

It will search your apps, the Windows Store, the Web and your files to answer search queries. It’s a super-quick way to launch an app (just start typing and hit Enter when the app appears). And like Windows 8’s outstanding search function, Cortana can help you access deeply hidden settings with a few keyboard strokes, helping you avoid hunting and pecking through control panel settings.

Windows 10 also comes with multiple desktops, which is helpful for cleaning up a messy workspace.

I have been testing the preview version of Windows 10 for a few weeks. There are plenty of things not to like, including the fact that you still can’t access all your settings from the “settings” app. We’ll cover more of the hits and misses in a fuller review once Microsoft gets closer to releasing Windows 10.

But the preview has shown me enough to confidently say that Windows 10 will be a breeze to use, a welcome change for both Windows 7 and Windows 8 users, and a big hit for Microsoft.

money.cnn.com/2015/02/22/technology/windows-10-review/index.html

Guide of solving common wireless network problem

One of the most common root causes for having slow and unstable wireless network connections is interference. Many things interfere with a wireless network: everything from walls to the microwaves you use in the kitchen to other wireless networks. That’s why I decided to learn more on the subject, experiment with my own wireless network and share what I have learned. You will understand more about what can interfere with your wireless network and learn how to deal with interferences from other wireless networks.

The Causes & Symptoms for Wireless Network Interference Problems

There are many possible causes for having interference problems with your wireless network:

  • The physical landscape where your network is placed: the apartment, office building or house where the wireless network is found. Walls and doors interfere with the signal of your network, lower its strength and the transfer speed.
  • Electronic equipment you are using: microwave ovens, cordless phones, wireless headsets, Bluetooth devices, surveillance cameras operate at the 2.4 gigahertz (GHz) frequency used by most wireless networks.
  • The physical distance from the router or the device emitting the wireless signal. The further away, the weaker the signal weaker. This always translates into a higher likelihood of being impacted by different kinds of interference.
  • Last but not least, other wireless networks can interfere with yours.

When your wireless network has interference problems you can encounter one or more symptoms: reduced range for your WiFi network (generally much lower than what the manufacturer of your router mentions in the hardware specifications), sudden drops in transfer speeds, the wireless signal dropping out in certain places or at certain times during the day, your wireless signal strength going up and down randomly.

What Makes Wireless Networks Interfere With Each Other?

If two or more wireless network are placed close to one another, then they can interfere with each other if:

They use the same operating frequency (2.4 GHz or 5 GHz). The 802.11g and 802.11b standards use the 2.4 GHz operating frequency, 802.11n can operate both at 2.4 GHz and 5 GHz while 802.11a can operate only at 5 GHz.
They use the same channel or neighboring channels which overlap. A wireless router can send the wireless signal using a set channel, from 1 to 11 or 13 (depending on the router model and where it is sold). To make sure there is a smaller likelihood of overlapping with other channels, you should choose channel 1, 6 or 11 (or 13 if available for your router). By default, most routers are set to use channel 6, thus the reason for conflicts.
Identify Interference Problems from Other Wireless Networks With inSSIDer

Identifying the exact root cause for your interference problems can be quite a pain, depending on your location. If you are in a busy area with lots of wireless networks around, then your problems are most likely caused by the other networks.

So… how do you fix them? You can use a tool named inSSIDer (working download link: here). We covered the basics of using it in a previous tutorial: Find Hidden Wireless Networks & View Useful Information (Including the SSID). I recommend that you read it first, before going ahead with the instructions in this article.

Let’s assume you are trying to fix interference problems in your own home. If you are using android, download wifi analyzer software into your phone.

wifi analyzer

Pay attention to how wireless networks disappear from the radar or show up on it. View how your network signal evolves. In the areas where you encounter most issues, you most probably have other wireless networks active.

 

Possible Solutions to Your Wifi Interference Problems

If your router fully supports the 802.11n standard, you can use it and switch to the 5 GHz operating frequency. However, this can cause some problems you need to be aware of. First, the wireless network signal will not be able to penetrate as far as when using the 802.11b standard, for example. It is better absorbed by walls, doors and other solid objects. If covering a large area is important, you might not want to go this route. Then, another issue is caused by support for this standard. Older laptops, smartphones and wireless adapters do not support it. Test your older equipment and learn if it can detect and connect to the wireless network when using the 802.11n standard.

If you have a dual band router, that can operate both at 2.4 GHz and 5 GHz, then you can connect the newer devices to the 5 GHz wireless network and the older equipment to the 2.4 GHz network. Depending on your router, in this scenario, you can encounter issues with file sharing and how devices and computer detect each other over the network. Don’t hesitate to test things through and check if file sharing works as needed.

If changing the operating frequency and the wireless standard is not an option, then you have to analyze the signal used by all wireless networks in your area.

In the screenshots used in this article, my home network is named C1pr1an. It uses channel 7 to operate. Most networks in my area use channel 6. If look on the 2.4 GHz tab, I can see how my wireless network signal overlaps with many networks, especially with those using channel 6. It is clear that it is best to change the channel.

adapted from www.7tutorials.com/layman-guide-solving-wireless-network-interference-problems

Web Content Filtering

Web Content Filtering

DrayTek’s Web Content Filtering (WCF) facilities enable you to protect your network and your users from web content according to your preferences. There are many reasons for doing this, for example:

Reason to Block Example
Unsuitable Adult material for children
Undesirable Time wasting sites for employees
Dangerous Malware or virus-ridden web sites
Fraudulent Confidiential data leaving your network

As DrayTek WCF is performed by your router – your point of entry to the Internet – it is far more difficult to circumvent than software solutions installed on each client/PC and applies to guest PCs too (laptops etc.). Blocking/filtering can be selective for certain computers, users or groups too, so that, for example, managers can have less filtering imposed than other users and time schedules can apply these content filtering for specific time periods only (the facilities and granularity of this depends on the specific model of router selected).

Internet Control in the Home

Whilst the Internet can be hugely beneficial to any home, both for adults and children, there is also the opportunity for it to become distractive, over-consuming as well as risky. For children, a common use of control control is to block inappropriate content, such as web sites with sexual, violent or other adult-oriented content. That’s the inappropriate content, but even age-appropriate content can be undesirable. Facebook might be great for your teens, and CBeebies for your younger children, but not if they are supposed to be doing something else. Many parents want to control access to the Internet, for example allowing access to acceptable web sites for specified times of day only. For your adult users in the home, you may want to block access to sites which have a high probability of being infected with malware. You may also wish to block your own computers from sending emails in case of trojan/zombie infection. There are infinite combinations of content filtering and firewalling you might want to impose in your home.

Staff Internet Abuse – A real cost to your business

The Internet provides your business with an effective, useful and often essential facility. Your staff can use it to find quick answers, liaise with customers, send and receive emails and many other productive tasks. Unfortunately, the Internet also provides the opportunity for mis-use. DrayTek products can help you restrict, control and monitor staff Internet usage.

Staff using your Internet facility for time-wasteful activities are costing you. Even more importantly these activities can put your businesses computers and network at risk. A recent survey of 10,000 employees indicated that 44% admitted to spending time on the Internet for personal use, for up to 2.1 hours per day.

Most staff are responsible and prudent with their Internet use and we always recommend a suitable AUP (Acceptable Use Policy) to be in place so that staff or any users of your systems know what they are and aren’t permitted to use the computers for. This AUP can be re-inforced by DrayTek routers which can block specific content (either at certain times only or all times) and also block potentially harmful file/code types from being installed by rogue web sites. There are some staff who will make severe abuse of the Internet facilities – spending literally hours on personal matters or social networking sites.

Top 5 Personal Internet Uses for Employees

 

  • Personal Email: Hotmail, Gmail, Yahoo etc.
  • Intant Messaging: Skype, AOL, Yahoo etc.
  • Social Networking: Facebook, MySpace, Twitter etc.
  • Buying: Using Amazon, Ebay etc.
  • Multimedia : YouTube, iPlayer etc.

 

It’s easy to let a ‘quick visit’ become a prolonged stay without realising and losing track of time. All of the above activities can be immensely time consuming and addictive. What doesn’t quite make the list but could be even more serious in its consequences is adult or illegal material being accessed in the workplace, as well as the higher likelihood that such sites are infected with malware which will then get onto your business network. There is also the potential to ‘innocently’ download software and install it on local PCs, unwittingly introducing spyware or trojans onto your network.

Introducing DrayTek Web Content Filtering

DrayTek Web Filtering allows you to block web content in four main ways:

 

  1. By matching keyword / specific sites
  2. By web site category (Subject to Subscription)
  3. By digital content type
  4. IP Filtering (Actually part of the firewall, along with many other security features.)

Features 1,3 and 4 above are included with the router. Feature 2 is included but requires an annual subscription to the external server which keeps a real-time constantly updated database of web sites. More details of that later. Features supported varies with router model; please check on specifiction for confirmation of Web Content Filter capabilities.

1. Keyword Matching URL Content Filter

In Keyword Matching you can specify a list of either banned (blacklist)) or permitted sites (whitelist). The DrayTek method is ‘object’ oriented, which means that you create lists of keywords or sites, can then group them and then apply them into specific user groups or time periods

Using a blacklist, all sites would be accessible by your users except those that match the keywords you specify. This would be useful, for example where there are specific sites known to be causing disruption or timewasting in your organisation such as social networking or webmail. The example below would allow access to all sites except the ones listed:

web_url_blacklist

A whitelist, on the other hand, is much more restrictive on what your users can access as it blocks all web sites by default and then only allows access to web sites which match your keywords. This is useful when you really want to lock down your Internet access to only allow very specific web site access. The example below would block access to all web sites except those listed:

web_url_whitelist

The URL blacklist and whitelist feature support varies with router model; Please check on specification for details of keyword matching support.

2. Web Site Category (DrayTek GlobalView)

DrayTek’s GlobalView is built into most of our routers and allows you to select specific categories of web site which your router will allow access to. For example, an office may wish to block access to social networking or other company time-wasting sites or a home user might want to block adult sites from their children. In public Internet access facilities, you might want to block various unsuitable categories.

GlobalView covers 64 separate categories which you can select as blocked or permitted. Every time one of your users attempts to access a site, the router’s automatically queries the central GlobalView server to ascertain its classification. This takes only milliseconds. If a site is blocked by GlobalView, according to the categories you have selected, instead of the requested web page, a warning message is displayed to the user (you can customise the message).

The GlobalView central database is continuously updated with new sites and changes to sites but also records normally legitimate sites which have become compromised or contain malware (a unique feature to GlobalView). Access to the GlobalView server requires an annual subscription. A free 30-day trial is included with all new routers so that you can try the feature out before subscribing. Scroll down the box below to see the 64 different categories which can be blocked by GlobalView, either permanently or at certain times of day/week according to your chosen schedule and for the PCs you choose.

GlobalView Categories :

Globalview requires a subscription to the Globalview server. This is a 12-month subscription available from your dealer. There is no additional licensing for the number of users you have; it is a flat fee based on your router model:

Subscription Type Supported Series
Group A Vigor 2820, 2830, 2850, 2860, 2920, 2925, 3200, PBX2820
Group B Vigor 2110, 2130, 2710, 2750, 2760
Group S Vigor 3300V+, 300B, 2930, 2960, 2950, 2955, 3510, 3900, 5510

wcf_categories_cropped

Why Globalview?

Globalview uses a unique method of categorisation to ensure the most accurate, relevant and up to date database of web sites. In particular compared to other services, these are some important advantages of Globalview:

  1. Globalview is built into the hardware. There are software solutions for category blocking or parental control but they have to be installed on each PC, maintained on each PC and someone with the right skills (a skilled employee or smart child!) can often find a way to bypass or disable the software. DrayTek’s Globalview operates at your Internet point of entry so examines all web site URLs requested and cannot be turned off without administrative rights to the router.
  2. GlobalView is a commercial/professional Service
    . Unlike some other services, GlobalView does not rely on volunteers to submit suggestions for sites to include or rely on volunteers to categorise each site submitted (and multiple users to then concur which the category proposal). Relying on community-driven categorisation can lead to inaccuracies, delays, mischief and an incomplete database which omits many sites, particularly those which are more obscure or unknown (which are also more likely to be undesirable). The Globalview WCF service has been available for many years, and continuously evolves to improve performance and accuracy.
  3. GlobalView is not a Domain Resolution Service, therefore it is not possible to bypass it merely by changing the DNS settings on your PC, or by browsing by IP address instead of URL. Globalview intercepts and examines all web requests for their specific destination rather than just intercepting DNS requests and rejecting those which it believes should be blocked.
  4. Categorisation uses an automated mechanism.
    GlobalView URL filtering is based on a hugely scalable cloud-based architecture that uses the extensive cloud computing resources available for categorization. GlobalView URLF uses a dynamically built, relevant local database with real-time connectivity to a hugely scalable cloud-based repository. GlobalView URLF therefore provides more complete, relevant categorization of the Internet. GlobalView’s main benefit is the highly intelligent and accurate categorisation algorithms which are used to build its database.
  5. Zero-Hour Protection
    The Internet is a living, continuously growing and evolving system. As GlobalView operates in real-time, it can categorise a site from the moment it becomes available from the first time it is requested, and re-categorise it if it changes at a later date without community-driver or user intervention. Users do not have to manually submit sites for categorisation.
  6. Categorise IP Addresses
    Some other content filtering services can be bypassed simply by the user browsing to an IP address so that the URL is never considered/checked. Globalview will categorise sites based on their IP address if a user tries to access via that method. i.e. Both www.facebook.com and 69.63.190.18 would be blocked by GlobalView if you have prohibited social networking. This is also particularly useful in combating phishing emails which commonly use IP addresses instead of URLs. The DrayTek router can, in addition, block browsing by IP address altogether.
  7. Multiple Categories Per Site
    Globalview can identify a single web site or page as falling into several categories, for example a site might provide both ‘dating’ and ‘adult’ content so if you choose to block either of those, Globalview will correctly identify it as both.
  8. Site granularity
    Whereas other services considers only the top level domain (TLD) i.e. the URL up until the first “/”, Globalview will parse/consider the whole URL. This is particularly a problem for Web 2.0 sites such as blog sites (members.tripod.com/sitename) where one user’s blog might be for kids and other user’s contain adult-suited material. Another example is commercial sites which contain different materials types. For example, Globalview will distinguish between “sportsillustrated.cnn.com” (Sports pages) and “sportsillustrated.cnn.com/swimsuit/” (Swimwear models/nudity).
  9. Embedded Links are examined.
    Another common methods that users might use to bypass web controls is using parsing or translation web sites. For example, if you try to visit “http://translate.google.com/translate?tl=it&u=http%3A%2F%2Fwww.swimwearplace.com%2F” then GlobalView will correctly identify that you have asked Google to display ‘www.swimwear.com’ and block it if that is a category you have prohibited, whereas other services will just see ‘Google” and permit access based on the categorisation of Google (search engine).

3. Digital Content Type

DrayTek’s Content filtering allows you to specify particular data types or web content to be blocked by the router. The vigor is pre-set with many different content types or protocols. You can select any or all of them for blocking. There are infinite combinations but some examples of commonly blocked content are:

  • Block download of executable (EXE) or compressed (ZIP) files to reduce the chance or virus infection or installation of untested software.
  • Block Peer-to-Peer (P2P) software such as BitTorrent, to avoid users using vast amounts of your bandwidth or engaging in media piracy.
  • Block HTTP/FTP upload or webmail to prevent theft/espionage of your company data
  • At Home, block Instant Messaging protocols to prevent your children from unsupervised chat with strangers.
  • Block SMTP from all devices other than your mail server to stop Trojan Zombies

For detailed list on the protocols and content type which can be blocked, Click Here.

4. IP Filtering

This is a more technically complex method. All data sent across the Internet is sent as a ‘data packet’ between devices (for example between your PC and a web site) Each device has its own IP address (such as ‘194.194.123.18’). In addition, each data packet can be one of several data types (TCP, UDP, ICMP etc.) and may also have additional information such as TCP port numbers. Don’t worry if this all sounds a bit complicated; the useful factor here is that these packets can be distinguished and therefore rules can be set up on the router to block or pass packets which match parameters you choose.

Examples of useful IP filters might be to block incoming mail from all but known mail servers, or to allow access to your internal web server from all addresses except known remote locations. IP Filters can be nested so that a chain of filters can all be tied together and data passed only if one of, or all of the rule criteria are met. As we said, it’s a technically complex feature but immensely powerful.

Note : Although we include IP filtering here, most users actually consider that to be part of the main firewall features as it’s not filtering ‘by content’ as such.

 

SSL/TLS (“HTTPS”) Sites & DrayTek DNS Filter

 

Concerns regarding privacy and security have increasingly lead to web sites moving their services to web servers that offer SSL/TLS connections as standard. SSL/TLS connections are those prefixed with https:// or commonly shown with a ‘padlock’ symbol in your brower.

SSL/TLS is a protocol that allows communication to be secured encryption so that it can’t be read by a third party – anyone in between you and the server. This security also extends to the actual URL (web address) that the user enters, which has an impact on web content filtering methods that categorise websites based on the URL that is being accessed.

The Keyword matching URL Content Filter is unable to make web content filtering decisions for HTTPS requests because the web address is encrypted. DrayTek’s Globalview is also affected but the Globalview servers have other methods which can assist with categorisation decisions even when the URL is encrypted.

However a new feature is now available on various DrayTek products called DNS Filter.

When a PC tries to access a web site, it has to always convert that web address into an IP address (e.g. 194.213.12.44). That IP address itself cannot be encrypted by SSL/TLS because your router has to know where to send the data to!

DrayTek’s new DNS Filter examines all DNS lookups that your PCs make and then make categorisation or content filtering decisions. DNS Filter can be used with both the Keyword matching URL filter (whitelists/blacklists) and the Globalview Web Content filter.