So last time around I did an overview of VERY basic principles that will make your Website grow and reach your target audience, WITHOUT selling your soul to a (potentially) fishy SEO campaigner. The abridged basics are

• Make it Look Good
• Make it Organized
• Make it Say Something
• Make it Good Under-the-Hood
• Use HTML PROPERLY
• Don’t fall for Quick Fixes

Today I want to start at the top and talk a little bit about the first two topics, Make it Look Good and Make it Organized – because as the old adage goes, “You never get a second chance to make a first impression”!

So let’s talk FIRST about the SECOND item… (I’m not sure why I put Looking Good first anyway).

Site Plan. Structure. Logic. Flow.

Sound vague, cryptic and complicated?

Step #1 for a well-built Web site is planning your layout. It seems much easier to “Just Do It” and start building pages. But I guarantee that if you don’t take the time to lay out your site and put some structure and organization on paper BEFORE your “creative juices” do their thing, you’re going to spend many long hours saying “now how can I make this…”

I’ve never regretted sitting down with a client, my Design Consultant (my wife), or by myself and thinking “What must this site include, and what is the BEST way to include it?” You just won’t regret it. Ever. An ounce of prevention is worth a pound of cure.

So take the time, right now, at the start of things (or at whatever stage you are at now), and give some thought to structure and layout. It’s terribly important.

Start with the basics. What is the purpose of your site? Are you promoting a product, a business, a person, or just your blog? Will you be promoting more than one TYPE of product or service (or a combination of BOTH). How many? Do you need a way for people to Contact you about your products or services, or to give feedback on whatever you are posting? Is there legal information that should be easily accessible to your visitors? Do you need a “Directions” page to help potential clients find your office?

It’s good to think big and think ahead. Maybe right now you only need a Home page, About Us page, Contact page, and one Products page. But perhaps down the road you’d like to showcase two entirely different product lines? Will you (at that point) really want a ‘Product A’ link and a ‘Product B’ link from you home page/nav bar, or would you prefer to direct visitors to your Product page and then link to ‘A’ and ‘B’ products from there? Try to think through this and plan accordingly, to save you from totally re-building your website every time you add a product or service.

Try to develop a high quality Site Map up front. A Site Map is a logical, hierarchical structure of the pages and how they link together. See example .

Generic Web Site layout

A good Site Map and logical layout will help you to develop a clear, simple and flexible navigational system that is easy to follow (for your customers), easy to maintain, and easy to build upon.

In the example above, we have a basic site layout that contains a navigation bar (it could be placed anywhere, but I would place it at the top or left of each page) that contains 3 Root links (About Us, Products/Services, and Resources), each of which contain 3 Nested (or sub) links. EACH PAGE also contains all of the links shown at the bottom of the Site Map, most likely in a supplemental navigation pane in your “footer” at the bottom (or side) of each page.

This logical layout allows visitors to quickly and easily identify what they are looking for, and if you have it. And IF you DO have it, you’re in business!

This also allows your visitors (at any time) to quickly click “Contact Us” or “Help” if they have a problem or a question that they can’t find an answer to elsewhere on your site (because they didn’t look OR can’t find it).

Finally, we can talk about Layout and Design…

How do you want each page to physically appear? There are a couple key rules that I recommend you stick with…

• Simplicity - don’t confuse and bewilder your visitors with too many glaring banners, graphical adds, image links and crazy complicated graphical buttons.
• Consistency - keep things the same, especially your overall layout and your navigation bars. People want to easily and quickly know where they were, where they’re going ,and how to get back – or they freak out and leave altogether!
• Neutrality - don’t overdue the crazy colors, crazy fonts (for many reasons), crazy pictures or anything else “out there” – unless you’re trying to alienate people, try strike a balance in everything you do – it’s the professional way!

Browse the web, search for “free website templates” or “website layouts” to get some examples and ideas of great ways to lay things out. Even go to some of the “Big” sites (microsoft.com, apple.com, foxnews.com, cnn.com, etc) and take notes from the guys who see the BIG TIME traffic – what do they do, and what DON’T they do?

As you can see from my own, personal website, I like centered. I like rounded. I also like clear Headers and Footers that are consistent throughout the site (I used PHP to save time and coding with these – more on that in another post). You can visit any page on my entire site and easily find your way back to where you started – it’s all accesible from any point via either the footer nav links or the main Graphical Navigation bar (which uses Javascript/JQuery and CSS – thanks to Stu Nicholls!).

It’s simple, it’s easy to follow, and it’s all there.

Now, maybe my colors aren’t great – but that’s fine, to each their own. This is the stage where you really make the site “yours”. Use your logo. Use your photo if you want. By ALL means use YOUR colors. But make sure that they don’t scare people away…

Again, browsing through free templates from freecsstemplates.org or freewebsitetemplates.com will give you plenty of ideas on how to do this. For ease of use and maintenance, I highly recommend learning CSS basics and putting them to good use. They are your greatest aid in maintaining consistent and aesthetically pleasing web pages. Good free tutorials can be found here http://www.w3schools.com/Css/default.asp and here http://www.csstutorial.net/.

As you go, keep revisiting the 3 basics – Simple, Consistent, and Neutral (or Professional).

This is NOT a comprehensive list, nor a tutorial for building a good site. It’s more of an “Off The Top of my Head” suggestion list of critical elements that I have found to be indispensable in building and maintaining quality web sites. Look around Eberly Systems and see what you think… we just recently were rated a 95 by HubSpot’s  WebsiteGrader.com (HubSpot is a leading Market Research and Analyst firm, and WebsiteGrader is their flagship Website Ranking / Grading tool). Visit www.websitegrader.com and enter our address (www.eberlysystems.com) to see exactly what they have to say about our layout, content and design.

For more tips and ideas, stay tuned for part III – till then (whenever “then” is), stay tuned for continuing Blog and Site updates!

I’ve spent the last several days fiddling around with Magpie RSS, attempting to feed Blog updates onto my home page via RSS.

Well, you’d think it should be easy, as I found no fewer than a dozen “simple” tutorials on parsing the output via PHP and customizing the feeds. But of the 5 or 6 different scripts that were freely available, only the last one I found actually worked.

The funny thing is, as I brushed up on my PHP, I realized that the issues were mostly very simple ones – syntax, mostly, and bad programming. You’d think people who write Magpie / PHP walkthrough’s would test their code…

Anyway, it’s up and running, and it’s working great – you can now view summaries of the latest Blog posts directly at www.eberlysystems.com – our Home page, plus breaking news as it becomes available.

For anyone who is interested in what I came up with, here’s the basics…

• Download MagpieRSS from http://magpierss.sourceforge.net/
• Install per the included “Install” file (open via your web browser – it’s in HTML format)
• Insert this PHP script into your page and customize the lines in bold
• Enjoy!

Script:

<?php
require_once(‘magpierss/rss_fetch.inc’);
$rss = fetch_rss(‘http://www.eberlysystems.com/blog/wp-rss.php‘);
if ( $rss) {

#in this case, we only want to display the first four news feeds:
$short_items = array_slice($rss->items,0,3);

#to be polite, set magpie to only refresh a feed once every half-hour:
define(‘magpie_cache_age’, 900); # 30 x 60 = 1800 seconds

#tell magpie to use utf-8 encoding
define(‘magpie_output_encoding’, ‘utf-8′);
define(‘magpie_input_encoding’, ‘utf-8′);
define(‘magpie_detect_encoding’, ‘false’);

#now we tell magpie how to format our output
foreach ($short_items as $item) {

#define the link to the story as $href
$href = $item['link'];

#set the item title as $title
$title = $item['title'];

#set the item content as $longdesc
$longdesc = $item['description'];

#to only display the first 60 characters of the title and
#the first 100 characters of the content:

$desc = trim(strip_tags($longdesc));
if (strlen($desc) >= 175)
{
$desc = substr($desc,0,174).”…”;
}
if (strlen($title) >= 25)
{
$title = substr($title,0,24).”…”;
}

#and now we want to put it all together to show the image icon,
#followed by the item title, followed by the content on a new
#line in a smaller font.
echo “<h2 align=center><a href=\”$href\”>$title</a><br /><span>$desc</span></h2>“;
}
}
?>

Happy New Year to everyone in case I don’t get to update again before 2010!

The Eberly Systems website continues to grow and improve! Currently ranking in the 88th percentile of all ranked sites, EberlySystems.com has grown from an unheard of byway to a budding hub of Internet information – thank you for your part in that!

Recent Score at WebsiteGrader.com

But the big question on everyone’s tongue these days is – “How?” How do you grow your site? How do you attract more and NEW visitors? How do you develop a thriving online community? How do you “optimize” your site for Search Engine and Keyword results?

There are many firms that offer SEO (Search Engine Optimization) for your website at very high prices, guaranteeing 1st page (or “top 100″) results within a certain time period. But how many of us actually want to (or are ABLE to) throw $3000-$8000 into an internet marketing campaign? Probably not too many…

For all of my readers who appreciate the expertise and experience that Eberly Systems offers, I’ve included a few suggestions. You don’t need to invest in a massive Internet Marketing blitz, and you don’t need to contract a fly-by-night (or by day) SEO firm (although you can contract ES if you want ) – I’ve broken the basics down into a few short items that EVERY webmaster should be aware of and integrate into their site, and if you pay attention to them, and are patient and meticulous, your back-water Custom Fishing Lure.com or Blue Widgets By Billy.com website could be tomorrows feature. Really. It’s not rocket science, it’s common sense and a little time!

I’ve compiled a short list of basic techniques that will go a long way for your website or blog. Here are the basics – we’ll expound on them in more detail through a series of more detailed blogs.

• It needs to look good. If it hurts your eyes or overloads your brain, no one will stay, and no one will check back.
• It needs to make sense. Make a “Site Plan” and stick to it. You want a simple, basic and logical hierarchical structure of pages that allows people to find what they want in just a few clicks.
• It needs to SAY SOMETHING! It can look good and be laid out well, but if it doesn’t SAY ANYTHING or HAVE ANYTHING, no one is going to stay.
• Pay attention to behind-the-scenes information. Meta tags, Titles and Alternate Text for images and links are all very important, both for Search Engine indexing AND users without the ability to view images.
• Learn the basics of HTML, and use them properly. You don’t NEED to know what Heading Tags do and how they work to make a nice looking site, but you’d be surprised what the proper use of them will do for your Search Rankings!
• Don’t get caught up in fancy “SEO” techniques. Gateway pages, massive link exchange/farming, hidden text, keyword planting, etc. – the Big 3 (Google/Yahoo/Bing) invest a lot of money and time in keeping results “authentic”, and as such, yesterdays “quick fix” for top results is todays “instant ban” no-no.  Some of them work (with very discerning use), some of them don’t at all, some of them hurt you – it’s not worth it.

There are many more that could be inserted here, but these are just a few basics. Over the next several weeks I will explore these and other basics in more detail. Stay tuned!

If you have any questions regarding these or other Website / Network topics, contact me through our Contact page, or simply comment on this (or any) post. We love getting feedback as well!

As a Network Consultant and Security Analyst, I often have the responsibility to either setup or audit Remote Administration tools of various sorts. I have my own ‘bag of tricks’ when it comes to securing these, but I always wonder where the best balance is between Security and Usability – it’s the age old question of Security – just how much inconveniance is it worth?

For the benefit of my clients and colleagues, I thought I’d lay out a few of my personal thoughts and experiences on the subject. The topic has been covered many times by many people, many of whom carry more qualifications on the subject than I myself do. But, for those that value my opinion, or would simply like another point of view, here are my thoughts on Security related to Remote Administration platforms.

First up, you have the ubiquitious (in the Windows Networking world) RDP protocol, coupled with Remote Desktop/Terminal Services. Easy to use. Easy to configure. Easy to hack…?

That’s what everyone says. But the reality of it’s actually quite secure. With proper configuration, RDP (Remote Desktop Protocol) / Remote Desktop is capable of 128-bit RC4 encryption, virtually any port or set of port allocations, and even (since Windows Server 2003) TLS (Transport Level Security). RDP has proven to be relatively bug-free, with only extremely minor flaws ever discovered (I think two or three in it’s history) and no known exploits of those flaws ever successfully executed.

RDP’s main weakness has always been Man-in-the-middle attacks. While alternate configurations (any VPN, SSL/SSH)  require authentication of endpoints, RDP does not, and is vulnerable to attacks that would reroute traffic through a malicious machine (a “sniffer”) to capture data. While all data is encrypted (at varying levels), there was never any way to ensure that someone was not capturing all session data (including encryption keys) and performing decryption to recover passwords and other sensitive data.

Enter TLS.

TLS (Transport Level Security) institutes certificate-based Authentication of the Terminal Server (computer serving the session). With TLS enabled, endpoints are validated via Security Certificates to assure both Client and Server are communicating securely and directly, with no “sniffers” in between.

Some of my favorite “tweaks” to beef up my RDP access security are:

1. Edit the Windows Registry to enable a secondary RDP “Listener” on a non-standard port (say port 11437), and then forward ONLY that port through your Firewall.
2. Ensure that Domain Policies on the Terminal Server’s Domain include valid Lockout Policies with low thresholds (3 attempts is good) and reasonable reset periods (30 to 60 minutes is my preference). This ensures that anyone who ever COULD gain access to your ip/address and port number would have a LONG time trying to guess passwords.
3. Be smart about Password Security – you know (or should know) a good password from a dumb one – if it’s a word, a name, or a number that isn’t random, DON’T USE IT.
4. Check your logs. Anybody trying to brute-force or dictionary-hack your user name/password will have several hundred years of work cut out for them if you have a good password, and the Lockout Polices setup correctly – and no matter who you are, that’s PLENTY of time to stumble upon a few thousand failed login attempts in your Security log.
5. Set Idle Timeouts in your Terminal Server setup – long, unused connections are trouble waiting to happen. TLS can protect you from 99.999999% of session “thefts” and MIM’s, but leaving connections idle for any period of time is tempting fate (and your 0.0000001% chance of theft.)

Personally, I like RDP. It’s simple, straight forward, and reliable – and with a little tweaking it’s plenty secure for todays Corporate World. Now, if you’re CIA, FBI or Military, different story. But then, you wouldn’t be using Windows either…

Next up: SSH/SSL.

I have to confess, my experience with SSH/SSL and variants is a little limited – most of my handling has been WINSSHD. Which I like. Great software, very robust, configurable, and secure. I guess. But it has it’s quircks.

SSH servers (such as OpenSSH, WinSSHD, etc) provide SSH (Secure SHell) encapsulation for all communications, using Digital Certificates for Client and Server Authentication (similar to TLS). SSH supports much higher standards of encryption than RDP, specifically support for Blowfish, DES and IDEA algorithms. The Certificate based Authentication provides secure recognition before transmission of any (encrypted) data, even passwords for Domain authentication.

The problem I have run into with most SSH implementations is, quite simply, the complexity of it. SSH servers such as WinSSHD provide a host of options, the like of which would never be required by anything short of an international Conglomerate. This poses a problem for the “little guy”, who really needs to access a few work files from home, but has no idea about security, but DOES know that someone somewhere told him that “SSH” is really good for security. Beyond that, even the small-office techie who can fiddle his way through a relatively secure RDP setup is left scratching his head over SSH configurations.

Once configured, a lot of the same common sense rules apply – use non-standard ports if possible, don’t leave sessions idle forever, don’t use bad passwords, control your access lists, and CHECK YOUR SECURITY LOGS.

I’ve seen clients who get hundreds of hits a day in their logs from guys who’ve stumbled upon their IP and found port 22 open, and seem to get kicks from “hacking” a SSH server by password guessing. Badly.
But you never know… someone might be smart and guess a password, or someone on the inside might be stupid enough to use an easy password… you never know.

The bottom line in either case is the intelligence of the setup. Nothing is secure out of the box. Nothing.

For simplicity, use RDP and Google for a good setup guide (contact me through my web form for suggestions) to enact some of the measures I’ve suggested. For maximum security, if you’re willing to take the plunge, SSH (or an SSL equivalent) will provide a tighter solution. Just be ready to maneuver pages of settings and troubleshooting.

And either way, check your logs.

For anyone and everyone who thinks I am crazy and out of my mind, I thought I should clarify…. I AM wearing a safety harness in the video previously posted regarding my diagnosis of Sunoco’s 120′ Sign Light – you just can’t see it very well.

But yes, I’m wearing a very secure, OSHA approved full body harness, securely attached to the sign structure.

Always professional…

So yesterday (December 10th) I undertook a rather crazy assignment – to diagnose a problem preventing a 120′ high lighted Sunoco sign from lighting! Crazy because – it’s 120′ in the air, it’s cold, it’s windy, and I have to climb it to figure out the problem!

I’ve included the video for your viewing pleasure – if you’re afraid of heights, don’t watch. It’s pretty high…

View from up top, and some introductions….

Inside the sign – further diagnostics.

Wrap up!

I hope you enjoy them – don’t forget, Eberly Systems is your full service solution for any Technical, Data, Network or Electrical service or installation! We go the extra mile – as you can see!!

 Hi Everyone,

 Eberly Systems continues to grow! In the next couple of days, we will be relaunching EberlySystems.com – you can expect to see a new, larger and improved format, featuring more space, more pages, increased information and resources, as well as helpful links to quality online retailers and partners.

 Stay tuned… it’s going to be AMAZING!

In the last week or two I have found myself working on a dizzying number of Mal-ware / Spy-ware infected computers. Two things never cease to amaze me -

1. The fiendish creativity 0f Mal-ware creators and their unscrupulous habit of taking advantage of other peoples gullibility

2. People’s gullibility!

The first thing I tell all of my clients regarding safe and responsible Internet usage is, “If it seems too good to be true, it probably is!” Because lets face it… The Internet is really no different then the rest of the world. It’s full of loan sharks, used car salesmen and pickpockets who have found a more profitable living Online – but they are still trying to push stuff on you, sell you junk and steal from your wallet – only now it’s from the confines of your living room!

In my experience, 49% of infections are from user neglect, 49% are from user gullability, and the remaining 2% are from operating system vulnerabilities. It’s a painful, but sobering truth!

So, for all of my clients, a friendly (and free) word of advice;

- Get an Anti-virus  program, (any – even free ones are fine) and learn how to use it
- Get a Spy-ware scanner and learn how to use it
- Keep both of the above updated regularly
- Don’t believe anything you see if it’s a dream come true. It’s the Internet – someone is trying to take advantage of you!

If that’s too depressing or scary, I’ll gladly buy your computer from you and set you up with a nice, safe typewriter.

Otherwise, take these things into consideration; your car doesn’t drive itself, play the lottery for you, or make contact with foreign diplomats and arrange large cash deposits for you – neither will your computer. Also, your car will not change it’s oil, change it’s breaks, tires or anything else on it’s own. Neither will your computer.

Take care of it, and you’ll have a great Internet ride. Neglect it, and… well, my number is 484-256-3519 and my rates are posted on this site.

Have a nice day.

(P.S. If you read this and feel like I’m writing about YOU, I’m not – EVERY single one of my clients has required Spy-ware service from me – it’s very common, and you’re not alone. That being said, I’m sure each of you can still learn from this. Thank you for your continued patronage!)