Computer Security Incident Response

Computer Security Incident Response Team

Computer incidents happen.  They just do.  Regardless of the expansive and proactive nature of a particular team, the Computer Network Defense (CND) job will include Incident Response.

Why?  Because in part, CND is reactive.  A properly running CND team will include a subgroup of Attack and Exploitation members who will actively look for vulnerabilities in your network, but that subgroup is dwarfed by the number of active attackers in the world.

So what should a CND team do?  The team should prepare for incident handling and response.  As it turns out, when it comes to incident handling and response, prior planning provides utmost performance.

A brief history

In the beginning was ARPA. And the Internet was with ARPA.  And the Internet was ARPA.  The Advanced Research Projects Agency (ARPA, later known as DARPA) network was the precursor of what we now know as the Internet.

In 1988, Robert Morris made international history… by mistake.  A young Cornell student at the time, Morris crafted what became known as the Morris Worm.  The worm was intended to gauge the size of the then current internet through a sequence of weak passwords and services available on most networked devices at the time.  But Morris poorly coded his worm.  The mistake was that the worm would reinfect the host computer as well as spread to other computers, thereby overwhelming the host computer with processes.  When a network engineer or systems administrator rebooted the machine to regain access, the nearby computers would quickly reinfect the machine.  Recovery was not a simple task, and the Internet came to a halt.

At the time, DARPA and the Defense Department were positioning the have a guaranteed delivery, always available information network.  The Morris Worm helped them realize the vulnerability of the net, and their response was to create the Computer Emergency Response Team (now known as CERT[tm]) hosted under the Software Engineering Institute (SEI) at Carnegie Mellon University.  The charter for CERT was created to be a coordination center for computer network operations defenders in the US and around the world.

The NIST Incident Guide

NIST’s Computer Security Incident Handling Guide is an excellent source of how to organize and design a Computer Security Incident Response Capability.  Realize, it will take some time to digest the entire document.  You’ll have to forget some ideas you’ve likely held on to, and learn new techniques that have been proven in the art of incident response.

But why would you want to rewicker your incident handling policies, and plans, and procedures?  This is a costly endeavor, no?  Well, yes, it is.  But it is going to help your organization prepare for incident response, will help in the process of incident response and recovery, and may even help in preventing an incident in the first place.

If your management is resistant to reviewing the policies, plans, and procedures in place, you might want to help them reconsider their position.  If you happen to work in an industry or at a company who is responsible to external validation, or maintaining information that requires response to incidents (read this: just about everyone, including those who handle SOX, PHI, PII, PCI, and nearly any other data), you might want to make sure your policies, plans, and procedures follow NIST, even if not strictly required.  When you are breached (and it is a when, not an if), your adherence to NIST or other standard is likely to go a very long way in reducing your fines.

Reviewing the NIST guide

The NIST Computer Security Incident Handling Guide is very well thought out and presented.  The following sections take abstracted direct quotes from the NIST guide.

Chapter 1: Introduction

This document has been created for computer security incident response teams (CSIRTs), system and network administrators, security staff, technical support staff, chief information security officers (CISOs), chief information officers (CIOs), computer security program managers, and others who are responsible for preparing for, or responding to, security incidents.

Chapter 2: Organizing a Computer Security Incident Response Capability

Organizing an effective computer security incident response capability (CSIRC) involves several major decisions and actions. One of the first considerations should be to create an organization-specific definition of the term “incident” so that the scope of the term is clear. The organization should decide what services the incident response team should provide, consider which team structures and models can provide those services, and select and implement one or more incident response teams. Incident response plan, policy, and procedure creation is an important part of establishing a team, so that incident response is performed effectively, efficiently, and consistently, and so that the team is empowered to do what needs to be done. The plan, policies, and procedures should reflect the team’s interactions with other teams within the organization as well as with outside parties, such as law enforcement, the media, and other incident response organizations. This section provides not only guidelines that should be helpful to organizations that are establishing incident response capabilities, but also advice on maintaining and enhancing existing capabilities.

Chapter 3: Handling an Incident

The incident response process has several phases. The initial phase involves establishing and training an incident response team, and acquiring the necessary tools and resources. During preparation, the organization also attempts to limit the number of incidents that will occur by selecting and implementing a set of controls based on the results of risk assessments. However, residual risk will inevitably persist after controls are implemented. Detection of security breaches is thus necessary to alert the organization whenever incidents occur. In keeping with the severity of the incident, the organization can mitigate the impact of the incident by containing it and ultimately recovering from it. During this phase, activity often cycles back to detection and analysis—for example, to see if additional hosts are infected by malware while eradicating a malware incident. After the incident is adequately handled, the organization issues a report that details the cause and cost of the incident and the steps the organization should take to prevent future incidents. This section describes the major phases of the incident response process—preparation, detection and analysis, containment, eradication and recovery, and post-incident activity—in detail. Figure 3-1 illustrates the incident response life cycle.

Chapter 4: Coordination and Information Sharing

The nature of contemporary threats and attacks makes it more important than ever for organizations to work together during incident response. Organizations should ensure that they effectively coordinate portions of their incident response activities with appropriate partners. The most important aspect of incident response coordination is information sharing, where different organizations share threat, attack, and vulnerability information with each other so that each organization’s knowledge benefits the other. Incident information sharing is frequently mutually beneficial because the same threats and attacks often affect multiple organizations simultaneously.

As mentioned in Section 2, coordinating and sharing information with partner organizations can strengthen the organization’s ability to effectively respond to IT incidents. For example, if an organization identifies some behavior on its network that seems suspicious and sends information about the event to a set of trusted partners, someone else in that network may have already seen similar behavior and be able to respond with additional details about the suspicious activity, including signatures, other indicators to look for, or suggested remediation actions. Collaboration with the trusted partner can enable an organization to respond to the incident more quickly and efficiently than an organization operating in isolation.

This increase in efficiency for standard incident response techniques is not the only incentive for crossorganization coordination and information sharing. Another incentive for information sharing is the ability to respond to incidents using techniques that may not be available to a single organization, especially if that organization is small to medium size. For example, a small organization that identifies a particularly complex instance of malware on its network may not have the in-house resources to fully analyze the malware and determine its effect on the system. In this case, the organization may be able to leverage a trusted information sharing network to effectively outsource the analysis of this malware to third party resources that have the adequate technical capabilities to perform the malware analysis.

This section of the document highlights coordination and information sharing. Section 4.1 presents an overview of incident response coordination and focuses on the need for cross-organization coordination to supplement organization incident response processes. Section 4.2 discusses techniques for information sharing across organizations, and Section 4.3 examines how to restrict what information is shared or not shared with other organizations.

Appendix A: Incident Handling Scenarios

Incident handling scenarios provide an inexpensive and effective way to build incident response skills and identify potential issues with incident response processes. The incident response team or team members are presented with a scenario and a list of related questions. The team then discusses each question and determines the most likely answer. The goal is to determine what the team would really do and to compare that with policies, procedures, and generally recommended practices to identify discrepancies or deficiencies. For example, the answer to one question may indicate that the response would be delayed because the team lacks a piece of software or because another team does not provide off-hours support.

The questions listed below are applicable to almost any scenario. Each question is followed by a reference to the related section(s) of the document. After the questions are scenarios, each of which is followed by additional incident-specific questions. Organizations are strongly encouraged to adapt these questions and scenarios for use in their own incident response exercises.

Appendix B: Incident-Related Data Elements

Organizations should identify a standard set of incident-related data elements to be collected for each incident. This effort will not only facilitate more effective and consistent incident handling, but also assist the organization in meeting applicable incident reporting requirements. The organization should designate a set of basic elements (e.g., incident reporter’s name, phone number, and location) to be collected when the incident is reported and an additional set of elements to be collected by the incident handlers during their response. The two sets of elements would be the basis for the incident reporting database, previously discussed in Section 3.2.5. The lists below provide suggestions of what information to collect for incidents and are not intended to be comprehensive. Each organization should create its own list of elements based on several factors, including its incident response team model and structure and its definition of the term “incident.”

 

Reference material

  1. ARPANET, http://en.wikipedia.org/wiki/ARPANET
  2. History of the Internet, http://en.wikipedia.org/wiki/History_of_the_Internet#Three_terminals_and_an_ARPA
  3. Morris Worm, http://en.wikipedia.org/wiki/Morris_worm
  4. CERT is a Registered Trademark of CMU, http://www.cert.org/incident-management/csirt-development/csirt-faq.cfm?
  5. CERT/CC, http://en.wikipedia.org/wiki/CERT_Coordination_Center
  6. CMU, http://en.wikipedia.org/wiki/Carnegie_Mellon_University
  7. ARPA/DARPA, http://en.wikipedia.org/wiki/DARPA
  8. Computer Worm, http://en.wikipedia.org/wiki/Computer_worm
  9. SEI, http://en.wikipedia.org/wiki/Software_Engineering_Institute

 

Business and Technology Planning

Opportunity Ahead

Business continuity

Business Continuity
Business Continuity

How does your company deal with Business Continuity? Business continuity planning is almost always a difficult endeavor, but it doesn’t have to be expensive. Business continuity planning for small businesses sometimes feels even more difficult.  Before discounting the idea of planning for disaster, realize that sometimes changing small practices can make significant impacts on continuing your business during adverse situations. In the case of one of our Home Health Agency customers, the strategy is to put as much computing power “in the cloud” as quickly as possible, reducing our Recovery Time Objective to near zero.

See this article for more information on Business Continuity.

Physical security

big bully
big bully

Physical security is more than just a lock on the door or a guard at the gate.  Many times the first consideration is cameras — the thought is that if we deploy a large network of cameras, then our site will be physically secure.  But truly, when it comes to security solutions deployment, cameras (or at least cameras alone) are simply not the best practice.

Cameras and photo evidence

area under surveillance
area under surveillance

Cameras are great for forensic analysis, that is, to catch a thief. But as many law enforcement agents will advise, cameras don’t do much to stop a thief.

What is better?  In the case of a Time Share Community customer, the community was being hit by midnight bandits stealing items off of boats.  In this community, a two fold solution was employed:  (1) Motion (passive Infrared) lighting throughout the community and (2) reducing the access and availability to the protected area through easily designed terraine chokepoints.

In this case, the protected area was specifically a boat trailer lot, adjoining ramp, and marina slip area. Reducing access involved creating a single entry point with natural artifacts like large rocks surrounding the area. Restricting access with a keyed gate was considered but decided against because of aesthetic appeal.

Are lights high tech? Nope. Are lights a trending practice in the industry? Some will advise yes.

But most importantly, did the combination of lights and pleasingly aesthetic chokepoints solve the problem at the community?

Yes, it did solve the problem.  Two years running, and there have been no recurring incidences of theft.

Wireless access deployment

Free WiFi
Free WiFi

There is a current trend in the business community to provide free WiFi Internet access for customers.  You see it at McDonald’s, at Starbucks, at Home Depot, and at your local grocery store.  But why?

Will deploying WiFi cost money and impact your revenue?  You bet.  Your company will incur a capital expense in buying the equipment, as well as a recurring expense of both maintaining the equipment and the cost of the internet.  Then why do it?  Because it may impact your revenue in a positive way and keep your customers around.

Free coffee

Free Coffee Makes Me Happy
Free Coffee Makes Me Happy

Deploying WiFi is the modern way of providing free coffee to your customers.   It creates a hospitable environment for your customers, an environment that may appeal to them in a very homelike, friendly way.  Not everyone will be drinking the coffee, and not everyone will even care.  In the same way, most customers who have a WiFi enabled device are likely to already have data capabilities from their phone provider.  So why do it?  Because everyone will see the sign that says “Free Coffee”, and everyone will see the sign that says “Free Wireless Internet”.

The return on investment for “free guest WiFi access” is difficult to establish for a cost conscious executive.  Free anything is marketing.  It is just a way to reduce the “salesman vs customer” feelings, and create an environment where your customers are, well, at home.  It helps to keep them around.

 

 

Neiman Marcus Chocolate Chip Cookie

For those of you who know me, you know that I lead my life the way President Reagan was taught by the Russians — trust, but verify.

In the late 1900s (gosh that sounds like a long time ago!), about thirty years after Al Gore created the Internet, I received an email about a Neiman Marcus Chocolate Chip Cookie.  The email was a rant, someone claimed to have paid $250 for the recipe and wanted to “stick it to the big man” by sending everyone and their cousin the recipe.Neiman-Cookies

But receiving this email coincided with my first job as a Professional Pastry Chef!  Okay, well, it wasn’t a job exactly, and I wasn’t a professional.  But I did have my first Kitchenaid Stand Mixer.  At least that part is true… 🙂

Anyway, as I looked over the recipe that baked somewhere like a hundred dozen cookies, the ingredient mix just didn’t look right.  For example, it seemed there was just a bit too much baking power, and too much baking soda, which would have resulted in what I believed to be a bitter cookie.

So, in true form to doveryai no proveryai (Russian proverb Trust but Verify), I called Neiman Marcus.  The conversation went something like this:

Nice Neiman Marcus lady:  Hello, this is Neiman Marcus, how may I help you?

Mark:  Hi Mrs. Neiman Marcus!  I received an email today about a Neiman Marcus cookie recipe that cost $250, can you give me some idea of what all this is about?

NM: Well, thank you for calling us!  That is a nice chain letter that as far as we can tell started sometime in the 1970s, before Neiman Marcus even had a bakery or any baked goods.

Mark:  Haha, well, I thought it might be a hoax.

NM:  It actually is better than a hoax.  We had so much free publicity that we decided to create a cookie.

Neiman Marcus wound up sending me a gift wrapped box of cookies along with the recipe.  I was quite impressed — not only with their response, but with the cookie itself!

So what is the take away from this experience?  Never trust an email.  Never trust gossip.  Always verify sources and information.  And most importantly, bake these cookies!  They rock!


NM Cookie Recipe

 An urban myth is a modern folk tale, its origins unknown, its believability enhanced simply by the frequency with which it is repeated. Our signature chocolate chip cookie is the subject of one such myth. If you haven’t heard the story, we won’t perpetuate it here. If you have, the recipe below should serve to refute it. Copy it, print it out, pass it along to friends and family. It’s a terrific recipe. And it’s absolutely free.

Ingredients

  • 1/2 cup (1 stick) butter, softened
  • 1 cup light brown sugar
  • 3 tablespoons granulated sugar
  • 1 large egg
  • 2 teaspoons vanilla extract
  • 1-3/4 cups all purpose flour
  • 1/2 teaspoon baking powder
  • 1/2 teaspoon baking soda
  • 1/2 teaspoon salt
  • 1-1/2 teaspoons instant espresso coffee powder
  • 1-1/2 cups semi-sweet chocolate chips

Directions

  • Preheat oven to 300 degrees. Cream the butter with the sugars using an electric mixer on medium speed until fluffy (approximately 30 seconds).
  • Beat in the egg and the vanilla extract for another 30 seconds.
  • In a mixing bowl, sift together the dry ingredients and beat into the butter mixture at low speed for about 15 seconds. Stir in the espresso coffee powder and chocolate chips.
  • Using a 1-ounce scoop or a 2-tablespoon measure, drop cookie dough onto a greased cookie sheet about 3 inches apart. Gently press down on the dough with the back of a spoon to spread out into a 2 inch circle. Bake for about 20 minutes or until nicely browned around the edges. Bake a little longer for a crispier cookie.

Yield: 2 dozen cookies

Reference documents

  1. Neiman Marcus Chocolate Chip Cookie Recipe.
    http://www.neimanmarcus.com/assistance/assistance.jsp?itemId=cat33940741#cookierecipe&navid=redirectNMcookierecipe&eVar6=chocolate+chip+cookie+recipe
  2. Al Gore never actually said he created the Internet, that’s just a funny story for those of us who remember it.  Read here for more.
    http://www.snopes.com/quotes/internet.asp
  3. Even Snopes talks about the famous Neiman Marcus Cookie!
    http://www.snopes.com/business/consumer/cookie.asp
  4. Trust, but verify.
    http://en.wikipedia.org/wiki/Trust,_but_verify

Websites – time to make a web presence!

Domain name

Wait, make a what?  Make a Web presence.

Web Presence
Web Presence

What does that even mean?  Well to be totally straight, it is more than just a website, but a website is a good starting point.

So first things first.  I think I’ve heard of HTML and stuff related to websites somewhere. I suppose I better learn about it.  Let’s read up about HTML (the language that powers the web), and CSS (the format scripts that help your site look homogeneous), and WWW, oh wait, HTML5 is new let’s look into that, oh and URL, which is of course much different than UML   And PHP!  Yes, we better learn PHP Hypertext Preprocessor, and MySQL, and PostgreSQL, and, and, and … wait, where is my Ritalin.  I’m exhausted already.  Isn’t there a better way?

Well, I’m glad you asked.  In fact, there is a better way.

Web design in the wild west days

Early screen capture of Alta Vista web search engine, circa 1997
Early screen capture of Alta Vista web search engine, circa 1997

Way back at the turn of the century and even ten years ago, when it was time to start a web site, a web developer needed to learn all this and more.  Web sites were coded, Dreamweaver was king.  Back then a content editor would create the perfect prose and package it up for the web developer.  The content editor would then tell the web developer where to put the important stuff and where to put… well, you get the idea.

But today it is different.  That was the Old Covenant of the World Wide Web.  Today, we are under a New Covenant. It is totally different!

Well kind of different.  And kind of the same.  The content editor’s job is very close to the same.  But it is true, the web developer portion has changed a lot.  There is still a web developer, but the developer’s job has changed.

Today, most web sites are not home brewed, new framework sites.   Today when we think of web sites, we think (or should think) Content.  As such, we will have the web developer look for a Content Management System (or CMS) to handle most of our back end work.

Custom development vs standards based off the shelf development

Foundry
Foundry

Think of it this way.  If you were going to build a home, what would you change?  Right, you’d change the doors, and the windows.  Oh, and the color of the house, and the size of the rooms.  But would you use custom sized doors that required a custom builder?  Would you hire a metal worker and forge your own water faucets, or buy them ready made off the shelf at Home Depot or a supply shop?  Would you hire a light company and create custom light bulbs, or use standard Fluorescent T8 and Edison screw light sockets? [ Bet you didn’t know they were called Edison screws… 🙂 ]

Edison Screw
Edison Screw

In most situations — scratch that, almost all situations — creating a brand new from scratch anything is just way more expensive, and also causes a lot of issues with the customers and users.  I mean, who wants to go to a special light bulb manufacturer and pay that extra special price when they need to replace a light bulb?  Not many people.  It creates a hard to build, hard to manage, and hard to maintain solution.

Same goes for web sites.  People have become used to seeing a certain format on web sites, and the easier we can make our site to use, the more likely we’ll have customers that stay around.  So for web development, keep it, well, normal.  Unless you have a very special need, there is no need to home brew a web site.

Get me started!

So now that we’ve decided we really don’t want to learn all this stuff, we just want to get on the web.

Person blogging
Person blogging

We want folks to be able to see news articles we find important, or rants about our children, or ideas that we’d like to share — like this page you are looking at right now.  We don’t want to be web developers, we want to be content editors.  We won’t be creating a brand new web development platform, so what do we want?  We want a content management system all our own.

Great!  Let’s go read about that.  What is the CMS paradigm?  What is a CMS engine?  Searching for Content Management Systems leads to WordPress, and Joomla, and Drupal,  and…. wait, gosh darn it!  Where is that Ritalin again?

Let’s look at this from a different perspective.  Is it really the case that these CMS solutions are appropriate for what I want to do?  Okay, I’m glad you asked that too.

  • WordPress is likely the most popular web imprint for blogging.  It is known for its easy management and thousands of free themes.  It powers the likes of The New York Times, eBay, and Samsung.
  • Joomla is a powerful and highly configurable CMS.  Joomla powers the likes of MTV, Barnes & Noble, and General Electric.
  • Drupal is the beast of CMS.  It is a very highly configurable and extensible framework that powers the likes of Warner Bros Recordings, NASA, and The White House.

So what is our take away from all this?  The shortest of answers is:  It just doesn’t matter.  What does matter is that we get out there and publish.  Sure, the CMS engine does matter some, but remember, content is king!  If we make a big mistake on using the wrong content management engine?  We can transfer the data later.

Choosing your CMS

Okay, time for a little candidness.  I’m new to this blogging stuff as well.  The last time I built a web site was ten years ago.  Guess what I used?  I built it using Dreamweaver, HTML, and CSS.  But like we’ve already discussed, times have changed, and it was time to learn a more modern approach at web sites and blogging.

When I started this article, I was going to approach it from the technical side — after all, I am an engineer.  I was going to get into the grit of how to install whatever engine on any given host, blah blah blah.  But you know what I’ve learned?  Everyone has a site like that.

This article is the essence of what I’m trying to convey — content matters.  As I’m new to this as well, I had to select one of the CMS engines.  I chose WordPress.  Why?  Because:

  • It had the largest number of free themes available.  I didn’t want to spend any money during the learning process, so free was desirable.  Since everything on this site itself is free, I didn’t want to impose any fees on the reader to get started.  My first impression of Joomla and Drupal was highly configurable, but with fewer free gadgets.
  • It was “configurable enough”.  I wasn’t looking for The Configurable King, I was looking for something to get content, like this article, out to you … oh, and the world, of course. 🙂

I did install Joomla after the fact.  My first impression was it is just like WordPress, just the menu system is different.  It looks as though it might be more highly configurable than WordPress, but again, I only installed it.  I didn’t work on it.

Is that enough?

But is WordPress really enough?  Well, maybe.

  • If I wanted to develop a web imprint for general use?  I would develop a WordPress theme.  Why?  Because of market share.  Of course, the market is highly competitive as well, so keep that in mind.
  • If I wanted to develop a highly scalable web imprint, like that might power a Facebook or dating web site, I would likely develop a Drupal theme.

Well gosh though, with this in mind, you might ask why use a CMS engine at all?  I mean, if you are going to develop a large part of the engine and theme manually, why not just start from Java or .NET?  Three things come to mind.

  • Security.  If the Drupal or WordPress engine is compromised, rest assured the world will know about it, and a patch will be forthcoming.  If a site is home brewed, the site designers have to be particularly aware of security issues.
  • Speed of initial development.  Since the engine is off the shelf, a web site can be fully operational in weeks instead of months leaving the developers to concentrate on content.
  • Less expensive to maintain.  Since a large part of the management is handled by the engine itself, the content designers can focus more on the content and presentation instead of focusing on how that presentation might be coded.

WordPress pros and cons

I am already a big proponent of WordPress — can you tell?  There are great things, and there are a few things that I’ve noticed are difficulties.  The difficulties might be my fault, and these might be issues with all CMS engines, but just to note a few things…

  • It isn’t very easy to edit great content.  What I mean by this is the actual editing process.  For example, this page.  It doesn’t autosave (might be a plugin for that), and it just isn’t as natural as say using Open Office or Libre Office (haha, can you tell I support free software?)  Realize I’m new at this, so it might just be a learning curve.  I’ll edit this note if I figure out a better way.
  • It seems as though the site is going to become a little difficult to manage as the amount of content (especially pages) grows.  Managing WordPress is likely a learning curve issue, and I’ll post a note when I get this figured out.  I expect if The New York Times can manage tens of thousands of pages, it must just be a learning curve fear of the unknown.
  • There’s an app for that.  By itself, WordPress is really just a security engine.  What makes the magic happen are the plugins and themes and widgets.  Just remember, there is an app for almost anything you wish to do.  Sometimes it might be difficult to find, and sometimes especially difficult to find a free one, but someone somewhere has likely developed a widget or plugin that perfectly fit your needs.
  • Pages and post and plugins and themes and comments and administrators and editors and… Well, what I’m getting at here is, there is still a learning curve.  Once you pick the CMS engine of your choice, give yourself a few weeks to just poke and prod.  Create a page or even a site, and then start modifying it.  Add an image, change an image, add a page, just poke around.  Do it in a non production environment — like, create a wp2 instance for your eyes only, and break it.  Then see if it is easy enough to fix.

The WordPress platform

WordPress
WordPress

Out of the box, WordPress is a great platform, but what makes it a great engine is its extensibility.  This happens in part through plugins.  For example,  have you seen those CAPTCHA requests that are annoying to you as a user, but do a great deal to help reduce the amount of SPAM and spammy links to sites?  Well, there’s a plugin for that.  And for contact forms, so you don’t have to create your own, and for many other extensions you will likely use during your life as a web blogger.  We have an article on notable plugins that will help you learn to search for plugins, and help you get started in using them.

“…Let’s get this party started!”

Great, you’ve told me all this stuff, but how do I do it?  The easiest way is to open a WordPress account, and let WordPress handle the chores for you.  You can do that here, and learn about how to get started too.  Once you get an idea of how blogging works, you can install your own WordPress on your own site.  That task is host specific though, so you’ll have to find out how to do that through your domain host, or you can ask me individually and I’ll help you out.

As always, let’s be careful out there!  Happy blogging!

 References

  1. Elements of a successful business web presence, http://mashable.com/2010/02/10/business-web-presence/.
  2. WordPress Blogging introductory article, http://codex.wordpress.org/Introduction_to_Blogging
  3. Drupal Famous Sites, http://www.tributemedia.com/blog/erika-meissner/famous-drupal-sites
  4. Joomla Famous Sites, http://community.joomla.org/labels/joomla-portfolio.html
  5. WordPress Famous Sites, http://en.wordpress.com/notable-users/
  6. Get Started with WordPress, http://codex.wordpress.org/Getting_Started_with_WordPress
  7. Install your own WordPress, https://wordpress.org/

Search Engine Optimization

[SEO] Search Engine Optimization

Search Engine Optimization, or SEO, is a common phrase for “How do I get my web site highly ranked on Google!?” I’m simplifying this of course, but it is good enough for our use.

But really, let’s think about this a bit.  Do you care about SEO, and being highly ranked on Google?  Well, sure you do!  But … not really. Let’s be honest.  What you really care about is business.  Traffic, and driving traffic to your site, and converting that traffic into… business.  So what you really care about is business, and increasing that business.  I’m with you, and this “getting started in SEO” article is going to help you along.

To SEO, or not to SEO.  Is that even a question?

To start this exercise, let’s consider our goal again.  Our goal is to increase business, and we are going to do that by increasing traffic.  There are a few kinds of traffic:

  • There are new visitors who happen along our page because we’ve distributed business cards, or put up billboards, or paper advertising, or a customer or visitor has referred them to us, or we’ve had other personal contact with them.  These are direct contact visitors.  Any Page 1 ranking doesn’t matter for these visitors — but SEO is still very important.  Why?  Because we want to retain those customers, and have them visit again.
  • There are new visitors who happen along our page because they are referred to us by other web sites.  These are referred visitors.
  • There are new visitors who happen along our page because they searched for a certain term.  These are SEO visitors.  This traffic is directly influenced by our SEO work that helps our ranking.  We want to grab that person’s attention, and have them visit again.
  • There are visitors who happen along our page because they’ve already visited.  These are repeat visitors.  We definitely want to capitalize on repeat visitors and have them return to our site!  Why?  Because it is very costly to get that first time customer.  Customer retention is important in any business.

In the following chapters, we’ll visit each of these types of visitors, and try to better understand how to keep them around.

Backlinks

Let’s start with the now infamous backlink.  Don’t worry, it is okay if you haven’t heard of them before. 

Technically put, backlinks are links from one web site to another web site.  More simply explained, backlinks are kind of like endorsements.  If I place a link from my site to some other site, the Internet search engines considers that an endorsement for that site.

There was a day when SEO Page Ranking was almost purely based on keywords and the number of backlinks to a site.  The more the backlinks, the higher the ranking.  The idea was, a search engine spider would reason if so many people feel confident about this particular web site, then well, maybe the spider itself should feel confident about this particular web site too.

But then backlink farms started growing.  Backlink farms are web sites almost purely devoted to backlinks.  No real content, just hey, pay me a dollar and I’ll let you have your very own backlink to your site to help in your ranking.  What was the response?  Right.  As you might expect, the search engines realized the failure, and the algorithm changed a bit.  A site would be ranked based on a rough estimate of backlinks to outlinks.

I got caught on outlinks with my first web site.  I achieved front page status on all the popular search engines of the time (yay!), then I decided to outlink for key words to dictionary sites (to help my reader with unusual words and technical jargon), and outlink to companies I did business with (to help my reader more easily find companies in the “digital era” of web sites), and outlink to the weather reports (because I am a boater and pilot, and weather is important to both of those interests), and outlink to financial times news (since at the time I was actively involved with heavy day trading, it just seemed to make sense to link to these sites).  Well, what happened was… my first page results went to page 167 on google alone (no lie, I checked!).  At first I didn’t understand what happened.  It was a week or two between the time I started adding the outlinks, and the time I noticed that the site was no longer on page one.

I was able to get back to page one, but it was a slow process.  Just like the stocks I owned, they went down quickly, and took a long time to recover.  Eventually I was back to page one — unlike my stocks that mostly never recovered, but that is another story…

Anyway, today backlinks are “likely” part of the puzzle for these highly secretive proprietary search engine algorithms, but there is more.  Let’s get to a few others.

Be awesome in your field!

So let’s consider this a bit.  The first thing you need to do is define your business.  What are you doing?  Are you running a dry cleaners?  Then be awesome at it!  Are you opening a restaurant?  Then be awesome at it!  Are you creating a web services company?  Then… right, be awesome at it!  Why?  Well, here’s why.

If you open a restaurant, what do you provide to your customers?  Right, you provide food.  But you do more than that.  How do you keep customers coming back?  It usually isn’t only food, and not even only good food.  Think about it, why did Seinfeld revisit The Soup Man?  It is the atmosphere, the attitude of the wait staff, the cleanliness of the restaurant, the cleanliness of the restrooms, and even more.  If it were just food, most people would be just as satisfied to eat out of a can from the local grocery store.  But by providing good food, and good service, you are building a solution.  Even McDonald’s and Burger King do more than provide food.

Content

Just as in the “develop your own web site” document, let me reiterate that content is king.  If you have good content, a few good things happen.  First, the search engines themselves recognize that it is really content and increase your rank.  Second, people will actually look at your site and look over the content — I mean, what good is it if you have achieved the legendary Page 1, but you don’t have any decent content?  Right, you get hits with no retention.  Not good.  And third, people will begin to backlink to your site without your even needing to ask!

Consider also, the better the content, the more rich, fully vetted content you can provide, the more easily the search engine is going to be able to realize what your site is about.  Not only that, the better, more rich, fully vetted content you can provide, the more easily a human reader is going to enjoy your site, and the more likely the human reader is going to return.

Fresh content

Okay, so you are awesome in your field.  You have backlinks because people love your <<< pizza | law office | physical therapy practice | weblog | insert gadget here >>>. You have great content on your site, you’ve written all about your cookie recipe, and how it won an award in 1999, and how you won the gymnastic gold medal in 1986.  How do you keep the visitors coming back?

The answer is:  Fresh content!

If someone visits your pizza palace and enjoyed the experience, they might be inclined to return — but you ought to be providing fresh pizza ingredients!  In the same way, if someone has visited your page once and enjoyed the experience, they may be inclined to return — but you ought to be providing fresh content!

But what is fresh content?  It depends.  If you are msn.com, you provide fresh content in several categories — International events, weather, local events, sports, the stock market.  These are reasons customers revisit msn.com.  If the content is stale, then fewer people are likely to return.  You get that first costly hit, and then… nothing.  There is no reason to return tot he site.

Are you involved with homelessness and child welfare?  Well, how about fresh newsworthy content on developments in the world and the community that directly affect homelessness and child welfare?  That might entice people to return.

Are you the pizza palace?  How about fresh content like coupons, or discounts for the day, or “special events” where you give away a free pie, or free wine tasting with a the purchase of meat lovers pizza?  Right, there are ways to encourage people to revisit your site.  But mostly, you are trying to convert those site visits into business, and business is buying that pie!

If you are a web services company, you also need to build content, just like food is content.  But more than that.  You need to build good content, and fresh content to keep your customers interested in coming back.  That first click is hard to achieve — just like getting that first customer through your door at a restaurant is hard to achieve.  After spending thousands of dollars on advertising, you reasonably have one chance to convince that customer to return.  Having good fresh content is a great way encourage that return visit.

Keywords

Keywords will definitely help your search engine ranking.  Consider, how would a search engine know you are a lawyer without actually using associated key words and phrases like law, attorney, law firm, criminal, defense, injury law, or contract law?  But consider also, every other lawyer out there is going to be interested in using those same key words.  Well what about key word stuffing?  Like, if I can repeat “attorney” on my site more than the next guy, will that help me?  Likely not.  In fact, it likely will hurt.  Key word stuffing is like ballot box stuffing.  It has been caught, and most search engines are going to penalize the site for stuffing that key word box.

What do we do then?

As we’ve seen, SEO is more than just getting on Page 1.  It is about providing such a great service that your existing customers are talking.  It is about providing such great content that people want to return.  It is about building a solution that people want, and the Page 1 rank is almost secondary.

Okay, well, all that except for the last part.  Page 1 is SEO.  But all that other stuff is critical to convert a traveler through your page to a traveler who builds your business.

So then, how can you stand out?  With key words alone, it is going to be tough.  With backlinks along, it is going to be tough.  With static web page content alone, it is going to be tough.  You need a splattering of key words through your fresh, awesome content that people want to read!

What do we do?  We write articles that will entice the reader to return to your page, and that will entice him or her to say, “Hey, I found this great law site, and the content is awesome!  You need to check it out.”

That is what we do.

 

Goodbye Landline Phone – get rid of the local exchange

So you’ve looked at your local phone bill and it was… oh my, I’m paying that much for a simple phone number? This doesn’t seem right! How can I be paying $40 a month for a land line phone?

Well it doesn’t matter how you wound up paying that much. The unfortunate answer is that you are. That monthly fee turns out to be $500 per year after taxes. Yikes! But are there any real, viable, and safe options? And further, are you really ready for a change? I mean, it is only $500 a year. Most of us pay more than that eating fast food every year.

If your answer is, “Yes! I am ready for a change! I’m ready to ditch my landline! I’m ready for an alternative that will save me some dough!”, then you are in luck! This paper is for you. We’ll talk about the pros and cons of different services, and even the “risks” that you will face with getting rid of your phone line.

Ditch the landline is focused on the home user or small SOHO user. It is not a technical step-by-step or “how to” document (of which many exist), it is a document to get you comfortable and thinking about the switch. Sometimes you just need to know your options before you make a decision; if that is you, this paper is for you.

Please contact me for more advanced opportunities like private branch exchanges and other multiple user deployments.

<Originally posted 2011 on phoneexchange>