Here is a sample ad for a computer consultant.

Expert IT Support for Law Firms

Large firms have in-house IT specialists.

But if yours is a small firm, you probably spend time mucking about with computers when you could be doing law. And there are probably other times when not mucking about with computers puts your practice at risk. E.g., when you're in the final week of trial preparation, do your data files nonetheless get backed up every night?

I understand how law offices work. Chances are that I can help your law office work better. I'm good at solving technology problems. I don't have all the answers, but I'm very, very good at finding them. And my hourly rate is less than yours.

That is the start but the formatting was so bad I had to take it down. Will post again later for you computer consultants.

Life as a Computer Consultant is crazy sometimes. Please tell me your best Computer Consultant story.

How To Protect Yourself On The Internet Part 2

Email Privacy
In the 90s Internet Service Providers ISPs were forced by the government to stop allowing their customers to use their own or external mail servers to send email. The claim was that they wanted to reduce SPAM, but that was bogus because 99.999% of us never send spam. The proof that SPAM isn’t the reason is that the second thing ISPs were forced to do was to start SAVING ALL EMAIL sent and received by their customers.

So now if the government wanted access to any of your email they had one place to go to get it, instead of trying to track it down. Also this allowed the government to install various computer systems in the ISP, for the purpose of scanning all emails for keywords and notifying officials when an email was flagged.

A good computer consultant will tell you there are 2 ways to keep your emails safe from prying eyes, 1) encrypt them (make them unreadable) before you send them, and/or 2) encrypt the path between you and the recipient. There are many products on the market and a few services that provide a very high quality form of encryption for emails, the most popular being PGP.

I won’t go into all the technical details but basically what happens is that you run the software or use the service to create a public and a private key. Then you give other people your public key to encrypt anything they want to send to you. And the only way to decrypt (make them readable) them is with YOUR private key.

You can also digitally sign your email which is the same process in reverse. The message you send will have a signature of your private key which can be verified by the recipient using your public key. The benefit of the signature is that you will know it came from your friend (or computer consultant) and not someone who stole your public key.

If I confused you with the technical jargon, sorry. The simple explanation is that encryption is like a regular postal envelope (except no one can open it). When you send a message put it in an envelope and you don’t care who delivers it because you have a reasonable expectation that no one but the recipient will open it.

The digital signature is like a real signature. If you received a letter in the mail, and it said it was from your friend you would be very likely to believe it if you saw your friend’s name signed at the bottom.

The method of encrypting all the traffic will be discussed in the section about anonymously browsing the internet.

How To Protect Yourself On The Internet Part 1

First Step – Is Your PC Compromised
Everyone has heard of Viruses and Spyware and by now should know to have scanners and protection software. Most good computer consultants don’t recommend any one vendor over another because the main players, Microsoft, Norton, McAfee, AVG, essentially catch all the really bad stuff. That said Microsoft does have a good anti-spyware program that everyone should install called Defender you can get it at http://www.microsoft.com/athome/security/spyware/software/default.mspx.

After you buy and install a good antivirus program it is essential that you ‘keep it UP TO DATE’. Most software has auto update ability, make sure it is turned on and working. I set it to update 2 times a day. Also make sure your anti-virus and anti-spyware are set to auto protect your PC. And even with auto protection make sure you do a full system scan on a regular basis, at least weekly.

Please note that while the concepts in this report relate to most operating systems, some of the step by step instructions are specifically for ‘Windows’ based computers. One of these is the ‘Automatic Updates’. This comes standard with Windows XP Service Pack 2 and higher. If you haven’t seen it goto ‘Control Panel’, and click ‘Automatic Updates’.

Make sure the ‘Automatic’ is selected. What happens is that anytime you go online this program goes out and sees if there are any critical/security updates for your PC, and the first 2 option tell the program to just automatically download them. It is important to note that the updates are not ‘installed’ until the time specified above or when you allow them. If you leave your PC on overnight, 3 am is OK. If not you can just manually install the updates, I recommend 5-10 minute before you take a break from the PC because some installs require a reboot and you don’t want to be annoy by the popup that tells you to reboot all day.

IMPORTANT NOTE: If your computer has already been compromised and/or you have been specifically targeted by the someone these precautions may not help you. For instance, if someone put a simple key logger (which keeps track of every key you type) on your PC, anytime you type in a password for say your encrypted email, they can just look at the log and know exactly what it is. If you think your PC is already being used to spy on you please contact a computer consultant who specializes in security to check it out.

Several months ago I was setting up my wireless network at home and found that I had a problem. Another signal was more powerful than mine from the other room. But what was scary was that, unlike my connection, theirs was completely UNSECURE.

My laptop has wireless built in so when I turn it on it immediately starts detecting to see if there is a Wireless Access Point, WAP, to connect. I find it amazing that wherever I go, friend’s apartment, mall, airport, etc., someone is nice enough to give me unfettered access through their high speed connection.

Stealing connections
Naturally, I don’t condone stealing in any way but my laptop can’t help itself. It is designed to connect to wireless networks. To be honest with you I turn off the wireless when I am not home, but I always test when I am out.

Unlike myself, I am sure there are plenty of people out there who have canceled their high speed connections, $40+, and are happily browsing the internet and sending email through their neighbor’s wireless network. While most of these people may not have any ill intentions there are some things to consider.

Why should I care
Besides the uneasy feeling of someone stealing from you, you may get into trouble. Everything they do on the internet will look like it came from YOU. Let me repeat myself because this needs to be clear. When someone is using your internet connection EVERYTHING they do will be traced back to YOU.

They can spam, send porno, hack into other networks, send viruses, hack your computer, steal all your information, steal money from your bank account, send nasty messages in your name, make plans for terrorist attack, I won’t go on but I can fill a book with the possible ways a malicious person can harm you. Let’s go into detail on one.

Warspamming
Once upon a time, the internet spammer had to use his own computer and his own internet connection to send millions of emails to unsuspecting potential customers. Then the spammers learned how to break into company computers to conceal their identities and again spam the world.

A few years later these spammers would sit outside of businesses that implemented wireless technology, and simply steal the connection out of thin air. Most of the bigger companies have become wise and implemented enough security to thwart most interlopers. But the spammers didn’t care they just found an easier target. Here is an interesting article, http://www.crime-research.org/eng/news/2002/09/Mess0801.htm.

Today, almost everyone has broadband and more and more people are getting wireless access points. And as I said in the beginning, not only is it easy to steal people’s connections, they literally broadcast their availability. Remember even when you turn off your computer, the high speed connection and WAP are still available.

Everyone’s problem
I recently attended a security event for computer consultants, http://www.winnetmag.com/roadshows/security2003/index.cfm#register, featuring the Microsoft expert Mark Minasi. He told us a story of how the world has changed. He has many servers that people access from the internet. They have his books and information but nothing that he would have lost any sleep over if it was stolen. He even said he would not have cared much if they were damaged or taken off line.

So, like many millions of people I’m sure, he thought I don’t NEED security. Then his server was infected with, I think, the ‘I love you’ virus and he realized that not only he had a problem but his server was helping to spread that problem to thousands of other people. This is a bit off the wireless topic, but his point and mine are that EVERYONE is responsible for security.

What can I do
Most WAPs on the market include SSID and WEP. SSID stands for subscriber service ID and it is a password that the WAP tries to detect on your computer before giving you access. This is easily hacked using simple tools.

Wired Equivalent Privacy protocol is used in 802.11 networks to protect data during wireless transmission. While these technologies are not perfect, especially the lower 40-bit key, they should be enough for the home user to protect themselves…for now.

Also some WAPs have MAC filtering and at a minimum you should turn the WAP off when you are not using it. Here is a decent site if you want to read the technical mumbo jumbo, http://www.drizzle.com/~aboba/IEEE/.

Nothing can replace due diligence in these matters. Home offices, like Mark Minasi’s, that have servers on all the time should definitely look into technologies like RADIUS to authenticate and provide logging. Even if you do all your homework and are fairly computer savvy, it would be advisable to contact an expert computer consultant.

Conclusion
Why did I call this ‘wireless terrorism’? As Rumsfeld would say, ‘there is no doubt BUT THAT’ as I write this terrorist(s) are using someone’s internet connection to plan the next attack. I am not a politician and I don’t want to scare anybody but the problem is REAL, it is HERE, and the government is absolutely HELPLESS to stop it. The only one that can make a difference is YOU.

Dr. Stephen Madaras smadaras@an-solutions.com is the president of Absolute Networking Solutions, www.an-solutions.com, a San Diego based IT consulting firm specializing in Small Business and Security.

10 Questions You Should Ask Yourself and Your Computer Consultant to Determine Your Current Level of Risk

1. What security policies, or any policies, do you have and ENFORCE in your company?
2. Has EVERY employee, especially the receptionist, had security awareness training?
3. Does ANYONE besides the computer consultant and his helpers have ‘domain admins’ privilege or ‘local administrators’ privilege on the desktops?
4. Are ALL the servers, routers, firewalls, desktops (including all applications) patched, especially related to security, to the latest level?
5. If you have internet access, do you at least have a router or firewall with NAT and port blocking?
6. Do you have UP TO DATE spyware, adware, virus scanning software on all systems with auto protect turned on, auto update turned on and with periodic scans scheduled?
7. Are SPAM blocking technologies enabled, and are unwanted attachments and HTML based emails being scanned or blocked?
8. Are the rights and access to company data, applications and systems available to ONLY those employees who need it to get their jobs done?
9. Is ALL vital data being backed up (and restores tested) and is there a disaster recovery plan in place (and tested) for essential applications and systems?
10. Is logging enabled on all systems necessary to alert of a possible security incident, and provide data after the fact?
11. Here is a bonus question, are passwords complex, hidden and changed frequently?

For more information about obtaining the full article and how to find good computer consultants visit http://www.an-solutions.com.