(Top) [ Services | News | Papers | About | Contact & Enquiries ]

Consulting

I provide consulting services to companies that use or wish to utilise network based systems and solutions, such as those used in Internet/Intranet infrastructure and server services.

The Need for Consulting

Any attempt to solve a problem, be it a computer system, network issue, or otherwise, should begin with consideration of the following.

- What is the problem or issue at hand?
- What options are available to solve the problem or fulfill the requirement?

A fundamental role of consulting is to work with the client to first define the problem, and sort through the various methods available to determine ways in which it can be solved. It is in this process of problem definition that consulting plays an integral part.

There are many instances of system integration being undertaken with unnecessary spending and organisational effort being allocated in an attempt to deal with a situation or solve a problem, after incorrectly identifying the issues at hand. A classic example is a company purchasing an expensive appliance in an attempt to solve a security problem they have, despite the fact that their security problem is not one that can be solved by the requisition of a product. To be more specific, a company may launch themselves on a large scale anti-virus campaign, and yet keep using unpatched (non-updated) versions of Microsoft Windows, and at the same time keep using Microsoft Outlook.

In my experience to date, I have seen numerous companies who require consulting to better guide them on how to realise and manage their computer infrastructure.

Well then, how can I help such companies or individuals in an advisory, or consulting, capacity?

Consulting Scenarios

The following scenarios have been written up so that ways in which I can help the company or individual can be easily understood. Please keep in mind that these are only examples, and by no means is my profile limited to them. There have been cases of my help being successfully sought in ways I myself had not imagined. In such cases I work closely with the client while logically breaking down the issues and presenting the alternatives to the client.

a) Internet Services

Basic Scenario: You use or would like to make use of network oriented systems or solutions typically used in an Intranet or the Internet.

This is obviously a case where Internet or Intranet servers play an integral part in the solution. Key server servers may include, but are not limited to, the following.

- Online content publishing (web servers)
- Email communication (mail servers)
- Local file sharing (file servers)
- Software sharing and delivery (ftp servers)
- Mass email communication (mailing list servers).

There is a chance that the only obvious element of this solution is that an Internet (or Intranet) server is part the picture, as it from here where so many companies seem to select an under-performing/over-priced/high-maintenance/poor security/... (and the slashes go on) product or approach to their problem.

This is one case in which Linux and open source software thrives. Linux (as is open source software in general) is stable, secure, easily maintained, and has performs tremendously in terms of overall cost (the software and the management/administration costs).

In a case like this, specific server configurations can be drawn up and comparisons can be made with the priority alternatives (such as that of Microsoft). However in the case of TCP/IP based services (as for the Internet), the conclusions are usually much the same. Would you prefer an expensive proprietary system with moderate stability, high maintenance and no "under the bonnet" control (i.e. no access to the source), or would you like a very stable, easily maintained (remote and on-site), with all the control you - or your system administrator or support staff - ever wanted. And of course, in the case of open source software, you need to spend so little on the purchasing or acquiring the software, that you can afford to keep it maintained by a professional!

b) Data Backup

Basic Scenario: Within the company, employees work with their own set of data (documents, spreadsheets, etc.), however backups are not systematically made. Backups may taken by some on an individual basis, however it is not known what it being done in this area.

As shocking as it may seem, I personally estimate that most companies do not have a comprehensive backup policy. A litmus test that can be applied here is to imagine that the data in the computer in front of you was destroyed without warning, be it by a virus, hard drive failure, or whatever. If this happened, can you recover the data - or at least a reasonable portion of it - by say copying it over from an alternative media? Hard disks are perishable goods and viruses are getting more clever and malicious. As such, you should think that your data could be lost at any time.

Given the realities here, backup measures are an absolute must.

In order to realise this, there is the approach to purchase an expensive software suite "for starters", however even with this software, will the right backup policy be formulated and carried out regularly? Come to think about it, is there really the need to spend a large sum of money to realise this in the first place?

It is here that I spend time with the client to evaluate their needs, and make specific proposals complete with proof of concept demonstrations.

(Comment added Sat Jun 29: Precisely this - a hard disk failure - did happen to me, *twice* last week (albeit for the first time ever), with both a laptop of my own and a client's server. The customer's data was fine, and all I lost from my laptop was some of what I had written in the past few hours leading up to the failure. Hard disk failures across the board, and it hardly affected us...)

c) Data Security Management

Basic Scenario: You want to ensure that only specific people are able to access certain data, restricting access from both individuals inside and outside the company.

Usually, data that is intended to be confidential can not be considered secure when it is simply saved in the computer. Even if you have taken measures such as setting your login password and ensuring that no-one other that yourself knows it, there are numerous ways to achieve access to data without going through the operating system. If the computer can be physically accessed, then so can the data.

Many company employees use portable laptop computers, and, for the reasons above, in the event of them being lost or stolen, any or all of the data inside of them can fall into the hands of the finder or thief!

The use of encryption technology is a necessity in order to safely protect data. So then, what software or products are their available and which ones are suitable? Naturally this depends on the company and its circumstances, and it is here that I make recommendations as to the best selection for you environment and how you can implement these measures.

This is a scenario where it is possible to make proposals in a relatively short amount of time (sometimes in a few hours) after visiting your company and asking becoming aware of your fundamental requirements. It is also possible to in implement the products and train employees and management on how to correctly use them to protect your data.

d) Unauthorised Access Surveying

Basic Scenario: You have suspicions that some kind of unauthorised access is occurring or has occurred within your server or network.

By monitoring the network and/or the server it is possible to survey what kind of access is being made to or within it. If the access is originating from within the company network, then it is nearly always possible to determine who is making such access, and if it is from outside, it is sometimes possible to verify what organisation or what individual is making such access.

Suspicious access to servers made public to the Internet is especially frequent. If a mail server is being abused by a third party (for example), there is definite action that can be taken to prevent such abuse.

At a consulting level a survey of activity can be conducted to provide the client with an exact picture of what is occurring. Methods of preventing such unauthorised access can be presented so that the client may follow the findings up with system integration or the necessary support.

Suggestions and proposals are made to the client with the following priorities:

  • First and foremost, solve the problem at hand. (This also means that if and when there are instances where I cannot personally help you, then I will tell you so, and do by best to introduce you to someone who can.)
  • Present the client with as many options possible, including both open source and proprietary approaches.
  • Work to provide solution(s) that are of a maximum performance - cost ratio, and leave the client with as much freedom and choice as possible after implementation.
    • - Migration from one software selection to another (e.g. Sendmail to Postfix, Majordomo to Mailman, etc.)
    - Operating system operation and administration training (see below for details)

    Linux Training:

    Training based on a selection of publicly sold Linux operating system books - as well as official documentation. Training is based on Red Hat Linux.

    (c) Copyright S. A. Hughes Consulting. All rights reserved.
    Scott A. Hughes
    Last modified: Mon Aug 11 03:19:06 JST 2003