As you can imagine, results have been mixed…

What is the Network Extender?

It is a small box that attaches to your broadband Internet connection and creates a small cell for your cell phone to connect to. When inside that cell, or “bubble” as I have seen it referred, your cell phone talks to this little box rather than trying to find a signal from a far-away tower. Your conversation is routed across your Internet connection to Verizon’s servers and then to to other party.

What do I like about the Network Extender?

1. I like the idea of using broadband internet to allow cellular access in an area of weak cell phone signal.
2. Access to the Network Extender can be limited to only specified cell phone numbers.
3. A certain amount of management can be done on-line via the Verizon Wireless web site.
4. Our landline was out the past couple of days. With the Network Extender, we were still able to communicate with the outside world!

What do I not like about the Network Extender?

1. Following the published setup instructions did not work on my home network. I had to call tech support for more information. My connection t the Internet is very generic. They should include more information in the setup instructions.
2. I live in an area that was AllTel until last October. I couldn’t connect to the Network Extender with my cell phones, and so called Tech Support. Because of the migration from AllTel to Verizon, we have a hybrid PRL pushed out to our phones. The Tech Dude had to turn off the hybrid PRL, and then we had to do the *228, option 2 to get a Verizon-only PRL. (Of course, I had to take each phone to the one location in the house that get sufficient signal off of a Verizon tower in order to get the PRL update.) I’m still experimenting with my Moto Android to see if there is any impact on my reception and signal strength while out-and-about.
3. The cell phone needs to be within 15′ of the Network Extender to latch onto the femtocell for incoming or outgoing calls. Then the phone can go further away. I haven’t quite figured out the patterns of when the femtocell is used, and when it is not.
4. I had to configure my home router (linksys wrt610n) so that the Network Extender is the DMZ machine. This was one of the things that I needed to call tech support for. What if I had another machine using the DMZ configuration? How could I use both? The tech dude didn’t know what ports I needed to allow. I configured the wrt610n so that the Network Extender is the DMZ host.

Being the inquisitive sort, I decided to put a hub on the network drop going to the Network Extender and fired up Wireshark. It appears that the Network Extender is using IPSec to connect to the Verizon servers. I wonder if they are using VoIP protocols encapsulated in IPSec, or not…

I am thinking about sniffing the traffic for a bit longer and then removing the Network Extender from the DMZ and putting it back on the internal network. I will update this post if I try this.

- Dan

And so began the conversation…

Of course, backups are a part of the disaster recovery, but not the complete plan.

Just last night I found out about a local business whose server crashed. They had been dutifully performing backups. The backup subsystem reported that backups had been created. But…

It turns out that the backups are unreadable and now they are scrambling to determine the next steps to keep their business running.

Tip: Periodically check your backups to make sure that (1) they are readable, and (2) that they contain the information you hope they do.

Put this into your list of things to review on a monthly basis. As some point you will be glad that you did.

- Dan

While this was limited to sites that, admittedly, have little measurable business value, what if it was a business-critical site that was knocked off-line?

Now, stay with me while we take a bit of a leap…

Many small businesses and individuals are moving to “cloud computing”. Working documents are in the “cloud”. Software as a Service (SaaS) is finally starting to take off.

Now, if the “cloud” and SaaS provider that you are using are being hit with a DDoS, what plans do you have for your business?

Lessons for the small business…

1. Know the risks associated with your technological model – in this case “cloud” vs local.
2. Make your DRP/BCP include plans in the event your providers are unavailable.
3. Finally, know what response you will have if your providers never return.

Here’s hoping you have a weekend full of availability!

- Dan

UPDATE: The reports now are that many more sites were affected as a result of targeting ONE user (from cnet.com) !

1. I realized that I don’t know as much about the swine flu as I should. Stephen Northcutt (of The SANS Institute) has prepared a briefing on swine flu. Get it here.
2. I realized that we may have an opportunity to exercise the disaster recovery plan. This was put into place about a year ago and we have run through some scenarios on paper tests. If people are told to stay home from work to slow the spread of swine flu, we might be forced to crank up the D.R. plan.
3. Finally, I also realized that some of the well thought-out policies might need to exceptions. As an example, we don’t like for non-company computers to connect to our protected networks. But, if staff are told to stay home, we might need to bend on this policy.

The moral to this story???

Now might be a good time to review you disaster recover and business continuity plan, specifically as it relates to pandemics.

- Dan

I know an architect who had previous years records stored in a self-storage unit that was destroyed. He has received phone calls from over 30 miles away telling him of papers that had been found. Many of these had personal information. The tornado jumped over a doctor’s office causing only minor damage to the roof. But what if that office had taken a direct hit? I know that my medical records are stored on paper in that office and they would have been scattered throughout the area.

In our area, everyone knows that tornados are a fact of life. It seems like one nearby community or another is touched by a tornado every year. People living here have accepted the risk of severe weather outbreaks. But, not everyone has done what they can to minimize their exposure to the risk. Disaster planning, whether for business or personal, helps one to address exposure and think through what can be done to minimize the risk.

The following steps can be taken to minimize risk and improve protection in the event of a disaster. The first of these is to create a disaster recovery plan. Numerous resources are available to help with this. THe U.S. Department of Homeland Security has created the www.ready.gov website. It contains checklists and simple forms to help get started thinking about disaster recover. There are books available with more detailed help for creating the disaster recovery plan (DRP). The Institute for Continuity Management provides training and certifications in disaster recovery.

Another step to take is to make sure that there are reliable backups of electronic data and that they are stored off-site. Several technologies are available for creating backups. Tape has been the standard method of creating backups for several years. Several companies are offering secure on-line storage and backup strategies for individuals and small- to mid-sized business. These backups should be tested periodically to verify that they can be successfully used recover the business.

Every business should know and document business processes. This becomes especially important in the event the business must be shut down for a period of time following the disaster. As the business processes are documented, they should also be prioritized as to which ones are absolutely critical to the on-going recovery of the business. A maximum tolerable downtime for each business process will help with this.

- Dan