Forum Best Practices: Protecting the crown jewels
For a long time the forums have been the last resort for people with high urgency questions, ...
And that's fine, the forums are there to help each other...
But in many of these highly critical situations, people are at the end of their breath, they don't know where to go, or have tried many different things without result, a lot of frustrations have been piling up...
As people need help, on the spot, right now, ASAP... things must go fast.
You can imagine the physical symptoms like you've experienced it yourself, right?
So, what happens next?
Don't know where to ask the question, hesitation how to ask the question, "which forum to choose?", what the appropriate subtopic, rush to the TechNet Forums page to find the right forum, try to find the appropriate tech forum (if you did not save your favorite forum yet), fail to find your forum, just pick a forum, post your question on the wrong from, have some issues to find the right keywords, missing screenshots, is the explanation clear enough for your audience to understand, posting an all upper case shout, you forget to mention what you have investigated already ...
And in essence you can almost see the despair dripping from this forum post...
But in essence a lot of things go wrong when you rush...
You post to the wrong forum (we almost got daily off-topic posts on the Wiki forum), you ask the wrong questions. You don't provide enough information to have the essential troubleshooting completed.
Conclusion: you're shooting yourself in the foot, from the start. Because you block your audience from answering the questions..., without asking some more questions first. You lose even more time...
Or on the opposite, you have been troubleshooting the situation thoroughly, have some screenshots, have some detailed event details, ... and you dump them straight away on the forums.
But this is pretty similar as running butt naked on the streets (the mental picture is more than enough, right?), the consequences either: aka "too much information", literally a violation of your privacy, and more important publishing PII (Personally identifiable information) of your company or customer is legally a major issue...
This way you put yourself at risk, not only on the TechNet platform (as you risk to get banned and loosing all your access to TechNet/MSDN community), but also any legal actions against you for leaking/posting PII that can lead to cyberattacks or security issues with the system you manage (owned by your employer or your customer)... So your job is at stake here... Pretty serious stuff, isn't it?
Conclusion: you're shooting yourself in the foot... again.
Therefore, some hints and tips to avoid the pitfalls of overdocumenting your case.
First of all, keep breathing and THINK.
Secondly: THINK AGAIN.
Think what is essential for the question without exposing yourself.
What is essential, but has no PII info?
- Product information
- Build numbers, versions
- Error messages, error codes
The following must NEVER EVER NEVER be posted:
- accounts and personal information used with these passwords, like account names, logins, mail addresses
- address information
- physical location
The next package of information needs thorough investigation and must be anonymized before posting:
- system names
- host names,
- IP addresses
- network names, FQDN,
- domain names
- account names of any user and service accounts
- (anything else?) ...
And due to the critical nature of the info, it's also highly advised to mask any date and time info (by replacing it with a fake date/time stamp).
MOST IMPORTANT: all this does not only apply to text you publish, but also to images.
Mask or scramble the PII from images before you post.
(also think about the meta data in your pictures... see the picture properties with geolocation info, date & time stamps, ownership info...)
What's the reason for this?
In short: it does not take advanced technical skills or social engineering skills to use this information and go try hacking the system or use the information to damage the target system (or worse: damage you). In most of the cases the questions asked are about technical issues, so you already give a first hint where to start hacking...
IMPORTANT: Even when it's too late, you can always pull a forum post from thread you started (else report the issue to the forum support team). Or go back to the forum post and remove sensitive information.
But you want to avoid that in the first place, so...
Call to action
- prepare your post, gather detailed technical information. It will help to get things sorted.
- if it takes more than one paragraph of text, prepare your post offline.
- add a good structure to your post
- have very clear questions to ask
- try to limit your questions to one per thread
- review your post at least twice before you post
- better have a second opinion before you post
- take screenshots where possible
- remove PII by masking the info (replace PII with fake info)
- In worst case scenario, remove your forum post, if you realize that it could hurt...
Just remember that you need to ask the right question to get the right answer.
Protect yourself. That's were it starts.