PGP Encryption – A very basic overview.

As an IT guy I get a lot of questions about all kinds of topics, and lately security is pretty high on people’s minds. One of the biggest questions I get is secure communication and how it works. So here’s a very basic overview on PGP encryption which will tie into e-mail communication.

What is PGP Encryption?

PGP stands for Pretty Good Privacy. PGP is an encryption standard, widely used for encrypting data for secure communications.

How does it work?

There’s a lot of really technical information out there on how it works, factoring the results of huge prime numbers being multiplied together and exactly how the encryption algorithms function, so I won’t go into that. If you want that sort of information the Wikipedia page is a good place to get started.

What I’m going to give here is a broad overview of the system as it applies to people who use it or are thinking about using it.

Basic Encryption

To understand PGP you need to understand basic encryption, or data scrambling. Basic encryption works with a single key, usually a password. You give your encryption program a file, or some other kind of data, and supply a password. The simplest kind of encryption program will use the password as a variable in an equation that scrambles the data. For instance the equation might be as simple as:

Data * Password = Encrypted Data

When you want to unscramble the data you use a decryption program and supply it with the scrambled data and the same password. The program will use the password as a key to unscramble the data. In the simplest methods it simply reverses the process the encryption program used:

Encrypted Data / Password = Data

Here is a simple example of how to encrypt small amounts of data with this equation using the calculator in Windows.

Data: Hi
Password: Pie

First thing we do is convert Hi and Pie to hexadecimal. Hexadecimal is a number system based on 16, like our normal numbering system is based on 10. It just makes it easier to represent characters as numbers. In this case we’re taking each character and finding out what its Hex ASCII value is. There are tons of converters online that can do this. I used this one. Here’s the hexadecimal representation:

Data: 4869
Password: 506965

Each two digit combination respresents one letter. If you look at the password you can tell that 50 is P, and 69 is i, and e is 65. So now we have a numerical representation of the data and password we can open Calculator and put it in “Programmer” mode, set it to Hex and do the Calculation. We want to multiply the Data by the Password.

Calc Shot

4869 * 506965 = 16BE9FA26D

If we take the result and convert it back to text we get the following: ¾Ÿ¢m

No idea what the original message said now right? It’s effectively encrypted.

To get it back we just reverse the operation. We take the encrypted data, and divide it by the password, and we should get the data back:

16BE9FA26D/ 506965 = 4869

Convert 4869 back to text and we get “Hi”. It’s now decrypted.

Since any kind of computer data is really just a large number, this simple mathematical equation does the trick. But it only works for small amounts of data, and some algebra could figure out the password fairly easily. If you had the Encrypted data, but no password, you wouldn’t know what to divide by to get the data back. Of course for large amounts of data, or data that needs to be much more secure, a more complex equation or process needs to be used.

Pretty Good Privacy Encryption

Pretty Good Privacy takes basic encryption a bit further and uses a pair of keys, and in many cases, a password. Every person or entity using PGP has a public key, and a private key.

The public key is for encrypting the data, and the private key is used for decrypting it. When someone wants to send a message to someone privately they take that person’s public key and use it to encrypt the data, then the person receiving takes their private key, which only they have, and uses it to unscramble the data.

The public key can be sent to anyone, and as long as the private key remains only in that user’s control, it’s secure. No one without the private key can decrypt the data, or at least not easily.

You’ll note that this is one way only, the way it works is that every person using PGP has their own key pair. You never, ever share your private key. So two people communicating with each other securely would need to exchange their public keys with each other. Person A would use Person B’s public key when sending Person B a message, and Person B would use Person A’s public key when sending Person A a message.

Get PGP Software

Since there is an open standard for PGP called OpenPGP, programs that can make use of it are easy to find.

Mailvelope – This is a Chrome extension that makes your web mail secure. I use this one personally, and it is very user-friendly. You can import keys generated by any OpenPGP based software, and possibly others. I highly recommend this one as it works with Gmail, Yahoo!, and Outlook.com (Hotmail) right out of the box and can possibly be configured for others. If your version of Chrome supports extensions, this should run just fine on it. 

Gpg4Win – Pretty big piece of software, seems to be updated and current though. I tested it with Windows 7 64bit. It works just fine if you run it as an administrator. The key generation software is easy to use and fairly user friendly. It also comes with a mail client you can use to send secure e-mail back and forth with. The mail client is good for Outlook Express, or Windows Mail users. Also seems to be free. Uses GnuPG, which is an open standard based on OpenPGP.

GPGTools – GnuPG’s Mac software. This looks much like Gpg4Win, just for Mac. This would be the software I suggest as it comes with everything you need right out of the box.

GnuPG – I’m a big fan of Ubuntu, and GnuPG has a Debian version that you can download. It looks like GnuPG is part of the standard packages you can download from the Ubuntu. I was able to just download this from the GUI several years ago so this is very easy to get now. They also have packages for other distributions.

How to Keep Your Personal Contacts Synced and Up To Date

I’m a big fan of Google Mail. I can’t count the times it has saved me from a lot of trouble. I used to keep a contact list on Outlook and managed to sync it to my various cell phones via sketchy software that barely worked and required a lot of editing. These days your data plan is such that you can sync from Google, Microsoft, or any one of a number of other services.

I’ve worked as an IT technician in some form or another for the past decade and I don’t know how many times someone has come to me complaining that their personal contacts were lost. There are a few really common situations that cause this.

1. Loss or change a job. This is the most common by far. Your contacts were all on your company’s Exchange or RIM server and now your account has been blocked. Note that being fired isn’t the only reason this can happen. Simply changing jobs and forgetting to back them up can cause this. Note: Some companies might not want you keeping your customer contacts on your phone after you leave, so be careful here and always follow company policy. Keep in mind that if they have a policy like this, they should be providing you with a CMS system or something to keep everything separate. If you are an IT pro or small/medium business owner and are interested in customer management software, contact me, my consulting rates are pretty inexpensive.

2. Server/PC Crash. I don’t even know how many times I’ve seen this. E-mail server dies, contacts go away. Have to rebuild the server, backups sucked and they are just gone. Sometimes they taunt you by showing up as blank contacts.

3. New Phone. Settings sometimes don’t transfer.

So how does one prevent this? Well like a lot of computer related things, it’s usually a matter of changing your habits. Industry people like to throw around the term “Best Practices” because it sounds fancier.

Best Practices for Keeping Contacts

First things, first, get away from Outlook on your computer for your personal contacts. Go sign up for an Outlook.com, Gmail, or potentially even Yahoo! Mail. I heavily suggest the Microsoft Option or the Google option, stay away from Yahoo!, they are way more ad happy now than the other two.

I will assume you went with the Gmail option for now, though if you went with Microsoft Live, drop a note below or contact me. I’d like to write a how-to using it.

The next thing you want to do is export your contacts from Outlook or whatever other program you were using and import them into Gmail. Google has kindly put up a page that will tell you how to do this from a lot of other providers.

Exporting Contacts From Other Providers

 

Once you’ve got your CSV file, you import them into Gmail. Once again, Google has provided this information, so I won’t repeat it here. Here’s the link:

Importing CSV Files Into Gmail

 

After you’re done importing your contacts into Gmail, make sure they are cleaned up like  you want. Gmail has a tendency not to put meaningful labels on email addresses or phone numbers after import. So if someone has multiple phone numbers, you’ll want to make sure to label them with “Home”, “Work”, or “Mobile” so your phone can tell you where they are calling from. You’ll also want to do the same with addresses, e-mail addresses, and anything else. I like to make sure the phone numbers are formatted correctly and add job titles and companies to my contacts, even if they are friends and family.

Once your contacts are cleaned up, you’ll want a backup. I don’t think Google is in danger of going away any time soon, but you may change e-mail addresses or something weird might happen. You might also want a CSV copy of your cleaned up contacts for other reasons. For instance, mail merge software might use it. So keeping a backup is good, I back mine up like this a few times a year. All you want to do is export your Google Contacts. Here’s the relevant link. I’d go with the Outlook CSV file as it’s more widely recognized by other software, the Google CSV is fine for a local backup though.

Export Google Contacts to CSV

 

Syncing Contacts With Your Phone

So here’s how to sync contacts with your phone. If you have an Android you likely already use a Gmail account with it, everything is automatic, though you may need to change which set of contacts it displays. You can tinker with this in your Contacts app settings. This is slightly different on the various Android phones out there so I won’t post any instructions here. Likely as not you can search for your phone model and “display contacts” and get what you need.

IPhone Users – This is the one that most people are probably looking for. Fortunately Google has a great help file on this too. Basically Google has made a fake Exchange server service on their end to allow people to sync their email, calendar and contacts on their mobile devices.

What you want to do here is delete any GMail accounts you’ve got on your phone, then set up a new account.

Step 1 – Set up a new e-mail account.

Step 2 – Instead of selecting Gmail, select Microsoft Exchange.

Step 3 – Fill out the e-mail address with your entire Gmail address, then put in the password. Give it a good description. Tap Next.

Step 4 – It will “fail” and go to a screen asking for a server. Enter ‘m.google.com’ here. Tap Next.

Step 5 – Turn on Contacts, Calendar and E-Mail Syncing (Note: Email might not work here, you might need to just turn on contacts and calendar and add gmail as an IMAP account).

If you use Google Apps for your business you will want to refer to this document here on how to set this up. It works very well for iPhone, arguably better than the Apple iCloud service.

If you did everything correctly you will now be able to get access to your contacts (and calendar) everywhere you go. You can enter contacts on your phone and it will sync to the web and vice versa. Make sure you don’t EVER use SIM contacts on your phone, if your phone gets stolen or the SIM card dies they are gone forever. This method insures that once you set a new phone up, your contacts just appear within a few minutes.

 

How To Child Proof Your Internet At Home For Free

A lot of people ask me this and unfortunately it’s one of those hard things to just tell someone how to do verbally. A lot of parents want to filter the internet for their kids, something that I don’t blame them for. I will post a few really hard to bypass methods, but this one is tough enough to get around that your average middle schooler probably won’t have enough skill or knowledge to bypass. It is also super easy to implement.

This is the DNS blocking method of parental control. The great thing about it is that you don’t need any special software on your kid’s computer. This is filtered past the router level and for the most part works very well.

The quick and dirty method of blocking adult content is by using OpenDNS’s preconfigured FamilyShield Method. I would also like to point out that a nice side effect of this method is your internet will be a bit faster as far as finding websites are concerned. A drawback is you might see just a touch more advertising when you make a typo on a web address.

Use Open DNS FamilyShield

Step 1 – Log into your router. You can check my “Setup Home Wi-Fi” article for how to child proof your router. Added benefit, this will keep people on the street out of your home internet service too.

Step 2 – Go to the section where you set up your DHCP server, most of the time this is under network settings. On Cisco/Linksys routers (which I recommend) this actually on the first screen you see (basic setup). Look at the DNS servers. Usually this will have your router address under the fist entry. Change the DNS settings here to:

DNS 1: 208.67.222.123
DNS 2: 208.67.220.123

Click Save

Step 3 – Once these changes are committed (make sure your router address is not in the DHCP server DNS list), reboot everything in your house so they get the new DNS settings.

This is all you should have to do, you may need to reboot things a few times before it takes effect. If you’ve got some weird brand of router this will still work, but you’ll want to go to opendns.com and check out their instructions, they’ve got a pretty comprehensive router database.

Note: If you have AT&T DSL, their tech support people can probably walk you through this. Just tell them you’d like to change your DNS servers to OpenDNS so you can filter the internet for your kids. Just give them the numbers above and they will likely walk you through all this if you have one of their 2WIRE modems.

Now a lot of IT professionals will tell you this is fairly easy to bypass. If you’ve got a kid who’s really good with computers, they might figure out how to bypass it. If you are a parent, e-mail me and I can tell you how to bypass this on your own devices.

I have a somewhat more advanced, more difficult to bypass method involving a Cisco/Linksys router and DD-WRT that I’ll be publishing soon. It’s cheaper than what I consider the BEST method, but definitely not free (unless you’ve already got the router, don’t mind messing with it and don’t mind paying roughly $5 more a month for internet).

Quite frankly this is not the best option but it’s free, and for most families it’s good enough. If you want to know how to do this right and make it tough for your children to get around even if they know that one kid who knows everything about computers, check back here for an article on one of the best pieces of hardware a parent can buy.

If you found this information useful please comment (I LOVE novel length comments!), Facebook about the blog, tweet the article (check out the buttons below) or send me a note on the contact form up above. Also check out that Amazon ad below, there’s usually something good in the rotation.

 

 

Why I Keep Hand Written Notes – Old School IT Handbook

This is a stream of thought post on old school methods. I may do more of these if I get comments.

In my desk I keep a Moleskine notebook I got on Amazon for way too much, it’s the one in the thumbnail. I started keeping this thing several years ago to keep track of fixes at work. Most of my contemporaries thought I was sort of nuts for doing so as keeping handwritten notes as a sysadmin is laughably old school. So are all nighters because you can’t remember how to fix something, but no one seems to see the irony.

I started writing some how-to stuff on ShoreTel and Cyberoam earlier this year because finding such information was hard to do. A lot of my articles are actually refinements of what I’ve written in my little journal. I wanted to give back and some of this stuff is near impossible to find anywhere on the internet except here and perhaps if you dig REALLY deep into some forums. Much was gleaned from conversations with tech support operators.

So why did I keep it? Well the biggest reason was my last job had very little opportunity to digitize it and I needed a way to reference things quickly. The reason now is that when someone shows me how to do something, or I’m working my way through a problem, it is a lot easier to write it down with a pen then type up the notes.

I’ve heard it’s easier to remember something if you read it, write it down and then do some action based on that information. It sort of sticks with you forever. I don’t personally find the same retention when you type things up in a knowledge base. Also how many small or even medium and large size IT departments keep good documentation anyway? I probably failed about a dozen interviews because I’d always ask if they documented things and the interviewers would sort of blush, look at their feet and say, “No, not really, but we should.” I just quit asking and then I started getting hired.

Even when they do keep documentation, many times their help desk system is not reliably backed up, nor is the documentation feature reasonably implemented. I think this is in large part due to when a fix is found the IT staff go home early after two straight days of no sleep because their SQL server crashed because the battery backup failed, and they didn’t have a system that could reliably come up from a power failure (translation: a bad system). Documenting what fixed it is HARD, especially when you are hallucinating due to sleep deprivation.

So I keep hand written notes, because short of a fire or something, they are hard to destroy, and it’s a bit easier to work with than a folder full of inconsistently named Word documents, especially when those documents are on the system that failed.

I do have a method to my note keeping, even though it isn’t clear from looking at the notebook. It’s something I’ve come up with over the last few years and goes back to how my dad taught me to keep track of stuff.

The first thing I do is get a little, durable notebook. I like Moleskine soft cover notebooks because they can take a beating. I’ve got one I keep recipes in that has had everything short of straight battery acid spilled on it and it is still intact. The Piccadilly notebooks are pretty good too, and cheaper, but harder to find. Also I like the small pocket-sized ones because they fit well in a tool bag, or pants pocket. There are some engineering field notebooks out there too, but I’ve never had one to use. Expect to spend at least $10 on any of these.

Once I’ve got the notebook I number all the odd pages. I picked this hint up from Lifehacker. You don’t need to number all the pages, and if you will notice from the below picture all the odd numbers are on the right hand page so it’s a lot easier to do. It doesn’t take a genius to figure out the page on the left is the even-numbered page before it.

The next thing I do is just start adding stuff and not worrying about how many pages it takes up, although it works best when notes on a subject take up two pages. I don’t worry about when or where I add things, trying to keep ShoreTel stuff on pages 1 – 50, Cyberoam stuff on pages 51 – 100 and so on is not going to work and really limits what you can put where. The trick is in the table of contents.

On separate pieces of half page notebook paper I keep in a pocket on the back I write all the subjects down along with page numbers. Then on a separate sheet of paper for each category (Shoretel, Microsoft, Cyberoam, Cisco, etc.) I put the relevant subjects and page numbers on those. I just keep adding to the notebook and every so often updating the cross-reference on the pieces of notebook paper. When I need to look something up I check this index in the pocket, find the topic and page number and I have what I need.

Of course this isn’t as extensive as Googling every problem. But if I know I’ve fixed it before I can typically find what I need long before everyone else is done fumbling with their phones.

Now I do want to clarify. I am not some old guy that just scoffs at newfangled things like “Googling” and “Not Including A 2000 Page Manual With Every Device Like They Do In The Military”. Search engines are wonderful and account for 95% of how I find fixes and other information. Please, use them, but don’t forget the old school methods because even if you’re 22 and an awesome tech, your memory is not as good as you think it is. Those things you only fix once or twice every few years will slip from your mind and when you need to remember them you won’t have your phone, internet access and the document you typed up on it in 2010 will be on that hard drive that just stopped spinning. Oh and someone will have stolen your precious disorganized “IT Binder” you keep in the filing cabinet.

Also you might be thirty feet underground in a muddy maintenance tunnel for an ancient building staring up at a crude four-inch hole with nothing but a flashlight trying to remember what cable went where. All this while the people who know figure out too late that their walky-talkies can’t penetrate eight feet of bomb shelter grade reinforced concrete. You’ll wish that Moleskine notebook was in your pocket, I promise.

Why I Put GetHuman Links In My Posts

Try this: Call your phone company, tell the menu you are not calling from the number you need serviced. It will ask you to put in your account number or phone number. Hit ten totally random digits and see if the customer service rep can tell you what you put in. It will even say it is looking your information up (Pro-Tip: It usually isn’t). For most companies (AT&T excluded) you’ll be asked AGAIN what number you’re calling about and everything else you entered. They aren’t validating, the auto-attendant didn’t record anything. Heck, even if you are calling from the number you need help with, and the computer tells you that number, it won’t even pass the Caller ID to the rep!

Of the many things I do as an IT guy is dealing with warranties and customer service representatives whose job it is to make sure only legit claims are serviced. This is something that I’ve done on a near monthly basis for the past fifteen years. I’ve learned a lot of tricks, and I’ve got a pretty good database of phone numbers to call when I need help or to get a part serviced.

One thing I’ve found is that the menus are long and complicated to prevent you from thinking you’re really on hold. On top of that many companies will ask you to enter account information (sometimes your social security number!). This is a stupid delaying tactic as there are very few companies that actually record this information.You’re going to go to the same set of first level customer support agents no matter what you do.

Now personally, I’m not a fan of services like GetHuman because there might be some valid reasons they need you to go through a menu system. They are stupid reasons, but the company might think they are valid. Nothing is more irritating to a customer service rep than someone cheating and getting through quicker because they knew a special service number or something. For companies that make their numbers easy to find, do record your information and truly use their menu system to make life easier on you, please use that menu system. Those companies are good companies.

For all those companies who make it almost impossible to find a customer service number, put fake BS menus on their phone system, don’t record anything they ask you to enter, and their agents make you repeat it out loud: SCREW THEM! Use GetHuman, cheat the system, bypass it entirely if you can, and generally voice your complaints about it to their management team. Maybe they’ll fix the problem.

I post links to GetHuman for good companies because it puts what number you need to dial for what department you need right on the page. You don’t have to look through a long table of specific phone numbers to find what you are looking for. This just makes it easier than posting some dynamic link that might not show the same information to everyone who clicks on it. Any links you find on my blog will for the most part be things I’ve either been given by customer support agents, or verified with the company’s website.

If I note that I found information only on GetHuman or some similar service you can expect it’s a crappy company that hides their contact information to avoid dealing with their customers. They either get so many complaints they just took their number down and are ignoring the problem, or they are too cheap to hire more customer service agents. Either way you’re probably going to get lied to a lot when you contact them.

Finally here’s a link to Gethuman.com.