<Mach 4
Network—Value-Added Internet Presence Provider
& Consultancy EST
1996
This is a
continuously evolving communiqué, first published circa 2004.
You oft ask:
- Why should I even talk to Mach 4?
- What can you do for me, that
I don't already know... or can get "for free"?
- What the heck is "web
presence consultancy" anyway?
- BUT, I already have...
Isn't it just...?
Why can't
I...? I thought
they already...
I only
want... I was told specifically
that... IF _ I can still...
So-and-so would... right?
Shouldn't you...? Aren't you just...?
Because...
I'm sure...
I've always/never...
Might
as well... [What "the road to hell"
is paved with]
- What do you mean it's actually a subsidized
operation... part of the "perks of IT services..."
Scenarios
(hint: it's
well-beyond "just" web & email hosting)
- traditional web + email
hosting... how many mailboxes?
- traditional (no CMS/SQL): http, css, javascript, CGI +
managed PHP
7.1~7.3
- unmanaged WordPress
hosting: fully administered by you
- managed WordPress
hosting: incl. updates, security patches, plug-ins, themes
- Joomla! optional: with CiviCRM
- Drupal
- Magento
(eCommerce)
- Databases:
MySQL, MariaDB, Redis, CouchDB
- email
hosting only,
web hosted elsewhere (or none)
- standard mailbox: 2 GB, web portal, SPAM/AV dashboard,
calendar
- extra mailbox: 12 GB
- MailBiz mailbox: 50 GB
- Exchange mailbox: 25 GB, DLP, etc.
- Exchange Premium: 50 GB, incl. Office 365, DLP, etc.
- web
hosting only,
email hosted elsewhere (or none)
- see #1.x above for options & levels
- evaluate
providers (various approaches
& methods)
- hybrid
linkage & coordination: e.g. M4-hosted dynamic site, with some
static content from owner-designed legacy site, embedding external
YouTube steaming, with 3rd-party hosted shopping cart site (and
inventory), with (yet another) external payment gateway (thru your
parent company's account).
- Migration Services
/ Strategic
Guidance
- external → M4
- M4 → external
- ext1 → ext2
- mirroring/redundancy: http/MX
- Advanced DNS
- TLS topics
(https & browser landscape)
- all things "certificate" & PKI
- perception vs reality
- practical purposes, intentions, objectives, priorities
- unintended consequences, overlooked scenarios
- Secure
Email
- beyond transport TLS @all nodes (Bravo mandate since
2017)
- PKI, PGP, GPG, S/MIME... and
- the likes of ProtonMail, Hushmail, Tutanota
- SPAM
& Spoofing...
- Demystifying SPF, DKIM, DMARC, shattering your
delusional "high hope" (of its magical power)
- Demystifying phishing
- Demystifying filtering... coping strategies
- Aliases principles & techniques
- PKI
Certificates; different classes; purposes, policies
& strategies
- non-ISP 3rd-party DNS
service
- misinfo * disinfo re: OpenDNS,
9.9.9.9 and the likes
- coordination with on-premises
domain-based DNS/WINS
- considerations for roaming devices, intricate
coordination
- media streaming
(being a broadcaster/publisher)
- SEO
demystifying
- NOTABLY MISSING: Actual SEO endeavor, and
- Social Media management... branding & other PR
- focus on the big picture, comprehend, then decide
- CDN,
DDOS
defense
- "cloud" misnomers
- so-called "VPN"
vs VPN
(HQ ↔ branches/homes + road warriors)
- what's the point?
- why the former is banned (be it web proxy, or NAT
bypass)
- how does it compare to DIA with Static IP, with SLA
- pros & cons against EPL / EVPL / EP-LAN
- VoIP
vs SIP
vs PSTN/POTS
- Multi-Tenancy
Provisioning
- isolation & security, VLAN
- QoS & throttling, partitioning, bursting
- relevant legalities, grey areas, best practices
- IoT
Aspect
- this is largely a subset of Subnet
Zoning security topic
- not unlike Wifi Aspect
- legal*
(HOW TO evaluate
& obtain
legal services, how to work
with your
legal advisor/dept. with tangible stipulations
& deliverables...
AND HOW NOT
TO SELF-INFLICT HARM)
- Internet Domain legal disputes:
- concepts, processes, frameworks, recourses,
strategies & tactics
- roles, entities, standing, case law, current
climate, trajectory
- common transfer process, barriers and
pitfalls
- practical tips re: ICANN and IANA governance
- compliance:
- PCI DSS, HIPAA, SOX, GDPR
- NYS Dept of Financial Services (DFS)
- Cybersecurity Regulation Title 23 NYCRR Part 500
- § 500.19(a)
to (d) exemptions
- § 500.17(a)(2)
- tech briefing for management on principles:
- control, data custodianship,
- nodes & pathway + jurisdiction,
liabilities, enforceability
- scope, depth, granularity, cascaded/flattened
- the perils of:
- freebie EULA
- press-a-button MSSPs that are RMM out-sourcers
- unbridled outbound agents,
invalid/pretend uPnP, or otherwise neutralized LAN/WAN barrier, or
- other ploys
which tantamount to manifest self-contradiction
- detect and address
- being corralled through a regime which is
convenient and/or advantageous to them, to your detriment
- don't know what they don't know
- shockingly outdated info
- plausible falsehoods
- platitudes
- excessive hedging
- blatant fiduciary violations &
misrepresentations
*Virtually
in all cases, SMBs get taken for a ride by practitioners, with ineffectual paths
that are
doomed
from start. Arm yourself with glossary + roadmap + game plan
before embarking... Spare yourself the wild goose chase.
OR... DON'T smack your head against a brick
wall repeatedly, when 2 steps to the side, 1 step forward will do
nicely. Murphy is not your friend. 4 Blind
Men and an Elephant is a fool's game.