posts about online data security. often includes discussion as to whether we should allow governments to store personal information about our online activity
I picked up the Conficker worm whilst at LINX64 yesterday. I’m pretty sure I was one of the few Microsoft users in the audience of out and out geeks so I know not whence it came.
My virus checker caught it, or at least told me it was there. This morning I gave my machine a complete set of security updates and it is now clean.
This is not an easy worm to remove. You can use a free tool provided by Symantec at this location. The Microsoft update that patches the vulnerability is at this location.
Dame Stella Rimington is in the news today attacking the government’s postition regarding data retention. This is in tune with comments previously made on this blog.
I sympathise with the need to guard against terrorism but you do get the feeling that we are moving backwards. When I was growing up we were hit with propaganda about the communist enemy. A police state where people were frequently spied upon just in case they had views that were contrary to official policy. Increased levels of surveillance in order to catch terrorists is undoubtedly going to impact on many innocent lives. If we are not careful we will end up mimicking the police states that we were cricisising not so long ago.
The BBC today has reported that Italian crooks are using Skype to avoid detection by police who use traditional wiretapping to monitor phone calls. The Skype signaling and media path is encrypted which makes it very difficult to tap into. Also because, as a Peer to Peer protocol Skype doesn’t use any centralised servers that might be able to be monitored it adds to the difficulty for law enforcement agencies.
The whole problem is then compounded by the fact that because VoIP/Skype is a very nomadic service, ie you can use it from any internet connection anywhere, it becomes difficult to track the location of a caller.
This is a problem being looked at by Ofcom as part of the process of caller location identification for the emergency services. Currently if someone makes a 999 call from an unknown address, it is difficult to pin down where that call is being made from, at least in a timely manner.
There was a high profile Canadian case where someone dialled for an ambulance and it went to a location three thousand miles from where the call was actually being made from because the address held by the operator was not the address from which the call was being made.
When a VoIP call is made the details of the call logged by the Internet Telephony Service Provider include the IP address of the originating party. If you are an Internet Service Provider (note the distinction between ITSP and ISP – an ITSP often does not provide the underlying broadband service) you can correlate this IP address with a physical address (ie house number and street).
The problem is that this is a manual process and would likely take hours at best and potentially a couple of days. This is a process that could be automated but it is something that would probalby cost billons to implement universally in the UK.
I’m sure there will be more to say on this subject in 2009. As a final note it is often said that the security forces, aka GCHQ and CIA et al have not cracked the Skype encryption technology. I find this difficult to believe.
I see that Microsoft has offered a $250k reward for the arrest and conviction of the authors of the Conficker worm. This is the one that was causing Timico customers issues in the run up to and over the Christmas break.
I did suggest to one of our tech support guys that were he to admit to the offence the rest of us (who would have pocketed the cash) would be eternally grateful. Funnily enough he didn’t think it was a good idea.
I do get images though of a bounty hunter turning up at the Microsoft HQ in Seattle with a guilty looking nerd roped kicking on to the saddle of his horse.
No I’m not talking TV channels here. I’m talking channels to market for converged services. And I’m not talking about which company within a channel will win. I’m talking about which channel will win.
Out there in the big wide world there are three basic types of channel that sell communications services:
Traditionally none of these channels have stepped on each other’s toes. Ok I know there are probably companies out there that might claim to cover more than one of the spaces but seldom all three.
Certainly mobile dealers find it hard to sell non mobile services. Although PBX resellers have had to get to grips with some aspects of networking in order to be able to sell VoIP enabled products they are far from being involved in the whole gamut of IT related products and services.
Finally in my experience an IT reseller usually doesn’t have the knowledge to be able to sell voice, be it fixed or mobile. It’s not their space.
The UK is moving at high speed towards being a totally internet connected country. If anything it is speeding up (witness yesterday’s Digital Britain announcement and last year’s roll out of 21CN) and the communications requirements of businesses are going to get evermore complex and ever more converged.
Convergence and Unified Communications are somewhat trendy buzzwords which have different meanings to different people. The fact is however that businesses will increasingly want to buy services that work with their other services:
Currently I believe it is only high end corporates that can really indulge in a communications roadmap that embodies the true vision of Unified Communications. However I do think that a new breed of business is appearing that smaller companies and channel partners can turn to for access to the wider range of skills and technologies needed to service this new connected market.
This type of business, call it a super-convergence provider, will be able to partner with any reseller from any channel and offer them a range of products and services that is complementary to what they already do. So mobile, voice and IT resellers can carry on with their core business without having to worry about not having all the arrows in the quiver.
So what is the answer to my original question? Which channel will win? I guess my view is that the winner will be the channel that works best with the new breed of super-convergence service providers, one of which is clearly Timico.
I’d be interested to hear from people who have views on this subject, either by commenting on this blog, on facebook or by contacting me directly.
Circulating on the law inforcement distribution list of the Internet Service Providers’ Association today is information regarding a website called extremeporn.org.uk which appears to have set itself up as a vigilante-type organisation to hunt down downloaders of illegal extreme pornography.
According to their website:
“At present, our primary activities are categorizing and monitoring torrents. Our system, once a torrent is added to it, will periodically poll the tracker for geoIP technology to guess with high accuracy (approximately 99.5%) their location. If the IP is geolocated to somewhere other than the UK, no further processing is performed; otherwise our system checks to see whether an existing record for this IP and torrent exists. If so no further processing is performed. If no such matching record is found, the system inserts such a record.”
… and that record then generates an email to the relevant abuse team (ISPs have an “abuse@” email address that is used as standard to report illegal activities).
I’m sure that many if not all abuse teams are aware of the limitations of the above procedure, which is that having your IP address attached to a torrent implies one of four things:
a) you are actively fetching or distributing the file
b) you are an academic researcher who is monitoring the torrent, but who is not uploading or downloading at all
c) your IP address has been selected at random by the owner of the tracker to add to the list of active IPs so as to bring this type of tracking into disrepute
d) your IP address has been specially chosen by someone who wishes you harm and who has deliberately added it to the list of active IPs so as to cause trouble.
Case (a) is what the people running the extremeporn website think they are dealing with.
Case (b) has been well documented by researchers at the University of Washington http://dmca.cs.washington.edu/ .
Case (c) is believed to be behind the large number of incorrect copyright abuse allegations currently flooding the market 🙁
There is a strong belief that Pirate Bay is doing this deliberately (anyone with an on-the-record citation for this, I’d be really pleased to get this).
Case (d) is of obvious concern. The U of Washington people falsely accused their laser printers of sharing Hollywood movies. In this area there is an obvious risk of defamation or worse!
My thanks to Dr Richard Clayton of the University of Cambridge Computer Laboratory for this analysis. Richard is an expert on internet security and was recently quoted on the BBC concerning the Data Protection Act. Readers should note that I am in no way supportive of people downloading extreme pornography. It does seem that the approach described above is flawed.
Woke up this morning to another interview on the BBC News that concerns the ISP industry (is there a song there?). This time Jim Gamble, CEO of CEOP was speaking with BBC journalist Angus Crawford regarding the fact that CEOP often gets charged by ISPs when requests for information are made concerning child protection.
Gamble is suggesting that not charging should be the norm and that ISPs should see it as part of their social responsibility. Bit of an emotive subject this one. I have more than the average number of kids and of course I am interested in protecting them from sick, deranged individuals that roam the wild wild web. I am also a businessman and we have to keep a bit of perspective in play.
Firstly the ISP industry is legally entitled to recover costs under the Regulation of Investigatory Powers Act (RIPA). Secondly typically when ISPs “cover their costs” all they are doing is recovering a contribution towards their costs rather than the total cost (see penultimate paragraph). Thirdly the industry gets many thousands of these requests each year.
If there wasn’t a mechanism there to keep these requests down the those actually required, ie by charging for them, the concern is that the floodgates would open and the costs would skyrocket. These costs have to be borne by customers.
The numbers quoted by CEOP are as follows:
How much has CEOP paid to Communications Service Providers in each relevant accounting period since setting up in 2006?
Financial year breakdown:
Financial year 2006/2007 = £ 37,184.32
Financial year 2007/2008 = £ 69,717.46
Financial year 2008/2009 (to Dec 08) = £ 64,604.21
Total = £ 171,505.99
How many such requests has CEOPS had for access to information since 2006?
Financial year breakdown:
Financial Year 2006/2007 Total applications = 1,200
Financial Year 2007/2008 Total applications = 3,600
Financial Year 2008/2009 Total applications = 4,600
Total = 9,400
The CEOPs argument is that this money would be better spent on a couple more staff. In fact the charges, if you use the above numbers, work out at around £14 per request which in my mind is exceedingly good value. It certainly doesn’t cover the actual cost of the support.
The ISP industry covers so many areas of interest that it seems to have been in the news a lot recently. Intellectually it is a very interesting space to be and for ISPs brings with it particular challenges: consumers that want to pay very little but demand more for their money and stakeholders fighting their own corners left right and centre contribututing to further pressures on costs. In the B2B space the dynamics are slightly different but nobody can say this is a boring game.
In the news is the fact that US President-elect Barack Obama wants to keep his Blackberry when he becomes president. This must be worth a fortune in advertising to Blackberry manufacturer RIM and indeed their share price seems to have risen quite healthily this week.
The secret service is of course concerned about the Presidential email security and I will happily leave it to both parties to argue it out. What is of interest is why the Blackberry? Why not an alternative email device such as a PDA or Nokia Smartphone.
I used to have a Blackberry but moved onto Nokia, primarily because the Nokia E-Series had a SIP Stack that would allow me to play with VoIP on mobiles. The Nokia’s were more of a phone as well rather than a clunky data device.
The Blackberry has moved on since then and a quick survey of the Tech Support team suggests that it now has the edge in terms of features and ease of use. There is now even a Facebook plug-in for blackberry.
Certainly from a commercial perspective the mobile operators are doing a very good job at incentivising service providers to sell Blackberry as opposed to alternative mobile email solutions.
What is really exciting is the pace of development in the mobile handset world. Competition is really working here driving features up and pricing down.
I woke up this morning to an article on BBC Radio 4 concerning the forthcoming Data Retention Act (see previous post on this). The article was then carried several times on BBC Radio Lincolnshire, my local station – I’m sure it would have been repeated in all the regions.
The BBC’s slant concerned human rights and seemed to have been triggered by Human rights organisation “Liberty”. What has been happening since my post on the subject is that the tone of the Government’s conversation has moved on towards looking for a centralised database containing records of many different types of communications and not just email and telephony. This might include SMS, IM etc.
Nothing is set in stone here but I have concerns on two fronts. Firstly the technical cost and impracticality of implementing such a database would be huge and criminals would always be able to find ways around appearing on the records. Secondly is very much the human rights angle. 2008 saw a number of high profile examples of the loss personal data of millions of people because of stolen laptops and lost memory sticks.
I want to help the authorities catch criminals and haven’t really been too concerned in the past about their keeping my own personal records on file because I am a good boy. However in the light of last year’s data losses and because it is fundamentally not possible to totally trust the government (which is one of the reasons that democracies have elections) I have changed my tune.
If you want to read the BBC article online you can find it here.
As everyone who has caught a cold (manflu?) in the run up to Christmas knows, viruses are no respecters of holidays. This is what happened at one customer site yesterday.
The symptoms appeared gradually. Someone could not log into their PC when they came in to work. Then others had the problem. If you were already logged in you were ok. There was nothing obvious that was wrong.
The customer’s own IT person was overseas on holiday so they called in the cavalry. The Timico IT support team set to work immediately and started to analyse what was going on in the customer’s network. The company had two sites and one PC at the remote site was seen to be generating an inordinate amount of network traffic.
In fact what it was doing was conducting an alphabet attack on the company’s Active Directory server. It was trying to log on as an user on the network. Each time it did so three times unsuccessfully for each user account the server locked that account so a genuine user was then unable to log in.
This is of course good news from a security perspective although highly inconvenient from the customer’s point of view as it was very disruptive. The remote site was disconnected and the rogue PC isolated. The attacks stopped.
The virus protection on each machine was updated and a full scan run on each PC in the customer’s network. It is not always possible to tell how a virus enters your network. This customer had external virus scanning on email. It probably came from a website that someone had visited. Their desktop antivirus was in need of updating.
It does reinforce the message that the fight against virus and malware needs to be conducted on multiple fronts. All’s well that ends well and the cavalry rode off into the sunset for a well deserved New Year’s Eve Party. See you in 2009 pardners…
I came across Netgenium whilst discussing a security project with one of our engineers. They manufacture Power Over Ethernet (POE) components that are used in building security systems.
These days practically everything can be controlled over secure IP connections. In this case we are now talking locks, speakers, lights and cameras. The first objective is security and control. Card readers can limit entry to certain areas to specific individuals. These card readers also tell a system who has entered which part of a building. This might sound big brotherish but it is a real requirement for many businesses.
The second, and surprisingly useful, by-product is cost saving. For example a company’s security system can be programmed to enable the POE to a desk when that user has swiped his or her card upon entry to a building. POE for a phone can be switched on thus saving unneccessary waste of power. Similarly when the last person leaves, the swipe of the card will turn off the lights and switch on the alarm.
Because SIP is supported the system now creates the prospect of hooking into a PBX announcement system that targets specific zones/locales in a building where an individual was last known to be.
The first UKCCIS Executive Board meeting took place in December chaired by Ed Balls, DCSF Secretary of State and Alan Campbell, Parliamentary Under-Secretary for crime reduction at the Home Office. The fact that this Board is being chaired by such high profile politicians is an indication of the seriousness with which the Government is taking the safety of children when using the internet.
Set up to implement the recommendations of the Byron Report, the committee has initially prioritised a number of areas of concern and is in the process of setting up working groups to move the activity on.
The first four working groups will focus on the following areas:
Industry Standards (title subject to change)
Aim: To develop clearer common standards (in the form of codes of practice or other guidelines) that are adopted, monitored and consistent with EU partners and are widely recognised as good practice. This should cover the areas identified in the Byron report but, over time, should also look at new issues that arise as technology and user habits move on.
Better Education
Aim: To ensure that children, families and the childrens workforce have access to consistent and comprehensive support and information that improves their knowledge, skills and understanding of internet safety.
Public Information and Awareness
Aim: To develop a comprehensive and joined-up public awareness campaign on internet safety for children and families based on consistent messages that form the basis of the one stop shop for all aspects of internet safety.
Video Games
Aim: To ensure that children and young people have a safer gaming experience and parents are aware of the issues and support mechanisms around gaming.
With the continually changing nature of the internet this is always going to be a work in process but at least a start is being made.
In the news today is a very high profile security flaw in Microsoft browser, Internet Explorer. Hackers have been hijacking websites and inserting code that enables them to steal username and password information of persons browsing using IE.
Microsoft made the situation public at the end of last week by which time they had calculated that 0.2% of internet users would have been exposed to a website that had been the subject of this hacking.
Apparently other browers are not affected at this time so users of Safari, Firefox, Opera et al should be safe at this time. This isn’t to say that web users should never use IE. Microsoft is working on a fix and most software of this type is likely to be subject to different vulnerabilities at different times.
A browser is a very personal thing. Different people like different browsers. Because it what I have always used IE that is typically what I stick with. However the Microsoft browser is known amongst tecchies as being imperfect and serious geeks won’t touch it with a bargepole. That isn’t to say it is no good. You just have to understand how the minds of most engineers work.
There are in fact times when I have to resort to other browsers to make a certain web functions work. For example when I am writing posts for this blog if I need to upload photos then as often as not I can’t do it using IE and have to resort to an alternative.
As I’m sure most of you know Phishing is a scam whereby unfriendly persons try to coax confidential account details out of individuals so that they can attempt to steal things. We are talking bank account information, network logons etc.
Well this morning Timico was subjected to a phishing attack and many users were sent an email purporting to be from the company asking for username and password logons for their network and email accounts. It was a very poor attempt using the typical poor grammar of the criminal mind. The notional email address of the perpetrator was also left in full view.
I am not aware of anyone from Timico daft enough to respond to this but I thought it worth a blog post to show others the type of attack to be wary of. Internet users beware.
I do seem to get a wealth of material to blog about at Timico.
The IWF is a not for profit organisation dedicated to minimising the availability of UK internet content that is
Their website is somewhere people can go to report such content found on the internet. Since the beginning of the year their hotline has dealt with an average of 866 reports a week!
The number of commercial sites being reported has dropped slightly from 70% to 68% of all sites but it is still a high number. It is physically sickening to think that people like to make money out of this material and that people are willing to pay.
Unfortunately it is a constant battle because what tends to happen is that once a site has been closed down it just moves to a server in another country such as Russia where there is less scrutiny.
Interestingly in the UK in 2008 there have been few sites reported as being dedicated to racial hatred. However there were 77 reports referring to criminally obscene content, 51 or which were sites hosted on one server which has since been dealt with. These 51 sites I understand have just moved overseas.
Until the whole world has a consistent approach to the handling of this problem it is always going to be a problem.
One of our big PWAN customers had a virus problem over the weekend. For those of you who don’t know a Private Wide Area Network is basically a secure corporate network run over public networks such as ADSL and leased lines.
It took the customer most of the weekend to identify the source of the problem which came from a rogue PC at one site. What Timico was able to do was to shut off access to that site from all the others. This allowed the other sites to contiunue functioning and prevented the virus from spreading.
The virus was eventually identified as one that had not been covered in the customer’s security software virus definition package.
It did take some time to fix but all’s well that ends well. There is a lesson to be learnt here though. This was quite a big customer with almost 100 sites in their network but they would almost certainly have benefitted from a network security audit. It could have saved them several man days worth of effort over the weekend and probably kept the IT manager’s hair from going grey.
We do live in a marvellous world don’t we? If anyone was to ask you what the title of this post was all about you’d almost certainly give them a blank stare.
This is all about what is better known as “The Data Retention Act” which was stipulated by the EC some time ago. This Act has been implemented to assist in the fight against terrorism. Every Communications Provider has to keep logs of phone calls made and received.
I don’t mind this. We do it anyway otherwise we wouldn’t be able to bill our customers and I certainly will help fight the good fight if I can do so (safely).
The first phase was rolled out in 2007 for fixed and mobile telephony. The Internet community was given a further 18 months to implement the same measures for VoIP and emails. The VoIP service provider community is also OK with this for the same reasons given above.
When it comes to emails it is a slightly different story. ISPs have had no reason to keep records of emails sent and received. The service is flat rate (or free) and does not therefore require the information for billing purposes. So implementing the directive is likely to cost money for an ISP.
This Act is now in its consultation phase which is causing some consternation and confusion in the ISP industry. The Regulations state that costs associated with this ‘may’ be recoverable. No guarantees. A recent briefing by the Home Office also stated that because of these costs they were currently looking at a scenario whereby only the ‘big 6’ ISPs would have to keep the data and that smaller ISPs would only be asked to do so based on “intelligence led approach”. Ie you have to keep the information if they suspect one of your customers of being a terrorist.
The suggestion here is that if you are a small ISP you are more likely to have a terrorist as a customer than a big ISP. The baddies will know that they are less likely to be monitored.
This approach also presents other problems. The ISP having to do the monitoring is at a competitive disadvantage to the one not having to do so because of the additional overhead involved.
What’s more the technical logic is somewhat flawed in respect of email data retention and a savvy terrorist is easily going to bypass the system. Web based email networks normally allow you to save a draft of an email for sending later. It just takes two terrorists to know the log on details of a google mail account. One writes the email and saves it as draft. The second then logs in to the gmail account and reads the draft.
The Act is scheduled to become law on 15th March 2009 and it seems that there is a lot of work to be done before it can be sensibly implemented. Timico is playing a leading role here with its involvement in the ISP Association and you can be sure that readersof this blog will be updated on progress.
One of our tech support team, Will Curtis, mentioned to me today that the amount of spam he has been receiving on his home email account dropped considerably around two weeks ago.
He also came across this article which tells that the Federal Trade Commission in the USA had raided an organisation that was supposedly one of the largest spam gangs in the world. The Chicago based gang had all its equipment confiscated.
I asked around to see if anyone else had similarly experienced the reduction in spam. Amazingly Ian Christian from the netops team had also seen a reduction and was able to provide a graph to show it in action. There is a clear drop in week 41.
Unfortunately spam will inevitably rise again. Our current monitors suggest that 37% of mail inbound through the Timico mailsafe system is spam. Very little of it makes it through to the end users though.
One of our engineers just bought a 512MB SD memory card off someone on eBay. At £2 it was a good enough deal (don’t know how much he paid for postage). On it were the vendor’s holiday snaps!
In this case it didn’t matter but this is just another example of how lapses in security might have unfortunate consequences.
By the way I’m told there were no interesting photos – in case you were wondering 🙂 .
These are the risks as seen by Timico engineers in their travels around our customer base together with a few of my own real world observations.
This list is not authoritative but it should be insightful and if you are the owner or IT manager of a small or medium sized business then you could do worse than read it. Some of the points, such as updating your virus scanner, might appear to be obvious but believe me they represent real world scenarios.
1. Poor wireless network setup
Do you really want someone sat outside your office using your wireless network and gaining access to your internal servers?
A business needs to set up WPA-PSK or WPA-RADIUS. WEP is simply not good enough, and by attacking a connected WEP client the key can be broken within minutes by a novice.
When WEP keys are broken all traffic on the air can be decrypted, so plaintext authentication to web servers without HTTPS is visible. Even more alarming, is that an attacker can then create their own access point which looks exactly the same as the customers access point, and then tell a client to reconnect. Then any number of man-in-the-middle attacks can be done, including intercepting HTTPS traffic to an online banking site for instance. Users tend to ignore invalid certificate warnings.
2. Default passwords left on devices (switches and routers)
Even my kids know that “admin” and “password” are the logons to try first if you don’t know or have forgotten a username and password. So do the crooks.
3. No security patches applied to external facing servers
These security patches are issued because businesses have had experience of servers being hacked by unfriendly agents.
4. No web or e-mail filtering (content, anti-virus, phishing, and spam)
I was in a queue at the support desk at PC World. In front of me someone was complaining that their PC had ground to a halt. They had so many viruses on it a complete OS reload was required. They had not been using anti-virus software.
Also my wife has anti virus/spam on her PC. Her SPAM is filtered into a separate folder and when I looked recently there were 8,500 SPAM emails in this folder (8 weeks worth!). Her personal email doesn’t go through the Timico Mailsafe service so all mail is delivered and she relies on the PC based anti-SPAM solution to protect her. Many small businesses in particular complain about the amount of SPAM being delivered. If they don’t have a local filter then this SPAM is going to appear in their inbox. SPAM filtering is therefore a massive productivity tool. It stops you having to delete the unwanted mails yourself.
5. Anti-virus not updating.
You probably haven’t updated your subscription.
6. Upset employees causing damage
Whilst there isn’t much you can do about this you can take steps to mitigate against potential problems – access lists for key network elements and password changes when someone leaves the business.
7. Laptop being stolen with no disk encryption
Witness the high profile cases there have been in the UK this year: loss of social security data of millions of people, bank account personal details, national security/military related information. Big potatoes compared to your own company data but do you really want lose a laptop with all your customer contact details on it.
8. Poor firewall rules setup
If you don’t tie down your firewall to allow your very specific traffic i/o requirements then it can be easy for your network to be compromised without you knowing anything about it. Note it is a good idea to have firewalls on workstations configured to reduce risk of data theft in the event of a network breach. Regular security auditing is also a good idea if the resources are available. Servers should have firewalls configured to prevent external access to non-public services such as remote desktop or ssh. A secure VPN connection to the internal network should be established first by remote workers before using such services.
9. Poor VPN security
Old clients using out of date protocols and short and easy to guess passwords are typical issues here. The use of security tokens is recommended for authenticating to privileged networks remotely.
10. Poor or no password policy
For example, users never having to change their password. It is a pain in the neck to have to change a password regularly, especially when people today have many accounts that are password protected. However changing important passwords on a regular basis is an essential security mechanism. Also who do you trust with your passwords?
So good they named it twice. Actually I was trying to think of a sexy title for network monitoring but I couldn’t. Network monitoring is the unsung hero of a communications business. A network has to have monitoring in place to allow staff to keep an eye its health but it isn’t what might be called an exciting product.
You would of course expect an ISP to monitor its network. Perhaps less expected would be for a normal business to do this. However as a business grows, so does its network and the truth is that the network is increasingly likely to become mission critical.
Monitoring individual nodes on a public network has been standard practice for a long time. However when it comes to a private network then traditionally this has been done from a device (monitoring server) within the network. This is fine but if that network is purely private with no external access then it can be difficult for a network operator to provide support.
A neat solution is via virtual server which is what Timico does for private networks requiring ongoing monitoring. A virtual server sits logically inside a customer’s private network but is accessible via secure command line from the Network Operation Centre.
This a hugely more cost effective solution than providing a standalone network monitoring server for each private network. It is also easier to provide resilience to the service by providing two separate virtual machines on two geographically separated bits of hardware.
And what gets monitored? The list is endless but here are a few ideas
There isn’t one single ideal solution for network monitoring. Best practice involves amalgamating a number of tools and providing suitable alert mechanisms.
What is done with the alert also needs to be considered in the light of the needs of an individual business. Some might get away with a next day fix and others might need a speedier solution particularly where health and safety is concerned or when downtime means loss of revenue.
If you need advice on network monitoring drop me a line at Timico.
If your business uses Skype then you could do worse than check out all the cases of identity theft that have been occuring in the Skype user community. For those who don’t know Skype is a free PC based VoIP telephony service that also allows paid for calls in and out from the PSTN. It has always been tagged as an insecure service which potentially opens a corporate network to hacking.
Recently Skype users have been having their identities stolen, and their accounts being used to make illegal phone calls. What’s more if you periodically top up your Skype account using PayPal note that people have found their bank accounts being debited of funds to pay for someone else’s calls. This on it’s own is bad enough but the problem is compounded by the fact that you can’t ring up Skype to complain or get it sorted. Skype relies on email contact for support with apparently slow or non existent response.
What’s more your exposure as a business is exacerbated by the fact that in stealing your identity a Skype hijacker can also steal the business contacts you keep in your Skype account with who knows what consequences.
You can read more about the Skype problems on The Register and if you want to phone a VoIP service provider to discuss how to get a professional service call 08700 949600.
Employees of large companies often whinge about the constraints placed upon them by their IT departments. These contraints normally centre around security best practice.
Small businesses do not typically have the same disciplines. Timico recently performed a security audit at the request of one of it’s customers. The results were very revealing.
Timico identified over ten major security faults at the customer’s premises. In fact this business was wide open. A malicious person could have sat in a car outside the office building, hacked into the network, accessed their important server information and disabled their network before leaving. These people do exist.
The fixes were relatively quick to implement in most cases. It’s just a question of discipline, with a little help from Timico. . .
It always gives me a great buzz to sit in our NOC. It’s because when we started Timico only 4 years ago there were only four of us sat in the room of Tim Radford’s parents’ stable block (it was cheap and there was no room at the inn anyway). Now on a normal working day there are more people sat in the NOC than there were in that original room. It is a world away.
Today sat in the NOC some of the engineers were setting up a MPLS PWAN for a customer. This particular PWAN had over 80 sites – a mixture of leased lines and ADSL. In itself it isn’t a big news item. It isn’t our biggest PWAN by a long chalk. However it is another new customer and an endorsment of what we set out to achieve four years ago sat in the stable block.
It is a good feeling to be at Timico.
Oh oh here come the pirates!
What a rogue.
It’s a constant battle.
Everyone needs a little help.
Ofcom to the rescue.
I recently wrote about access control and the different ways that we can open doors at Timico. Well this has gone one step further and certain individuals on the approved list can now send an Instant Message that will open the front door.
It is somewhat mind boggling where this is all going. It is quite possible to envisage a scenario where say the cleaner appears at your home front door whilst you are at work and needs to be let in. You have an application running on your PC that rings when the doorbell rings. Upon hearing this you look on your home website to verify that it is indeed he or she and open the door with a click, or sms or IM – whatever is easiest from where you are sitting.
Following my last post which was on security I was sat in the Timico NOC today and interestingly watched a SPAM attack in progress.
It was an alphabet attack. This is one where someone’s email server is compromised and used to send out SPAM by rotating through the alphabet for email addresses (eg [email protected] – the SPAM algorithm works its way through every combination of alphabetical variants. In this case it was targetting Italian .it addresses.
Our network monitoring picked it up and we immediately blacklisted/shut down access to that Exchange mail server. We also contacted the customer to let him know and so that he could take remedial action and remove the offending SPAM.
Apart from being interesting to watch it in action, a bit like standing on the edge of a battlefield watching the fighting, it again highlighted the need to have secure passwords. In this case we tried accessing the offending server and were able to log on using a simple admin/password combination of credentials.
When I started this blog I didn’t think that security would become such a mainstream subject but I was wrong
I enjoy this business so much because of the wonderful diversity it provides me in terms of issues, problems and successes. The latest is the fact that the firewall at our corporate headquarters has been the subject of a number of attacks by some unfriendly person.
These attempts to break into corporate networks happen millions of times daily around the world, which is why businesses need to be on top of their security strategy. What interested me here was the fact that this was the same attack coming from a number of different places around the world.
The sources were in China, the USA, Poland, Australia and a couple of other countries whose names escape me. The same common username and password combinations were used each time from each different source (lesson here – never use “admin” and “password”) .
Of course the same individual or organisation is almost certainly involved in all of them. That person will have systematically hacked into a certain type of server whose operating system and security patches has not been kept up to date. It is likely a company server hosted at a datacentre somewhere.
Our course of action, if the attack persists, is to look up the owner of the IP address from which the attack is coming and ring the business up to let them know they have a problem. In the case of the Chinese source we send them an email – only because they will almost certainly be in bed. 🙂 Usually this sorts the problem out and indeed the recent spate of attempted break ins has abated. No doubt there will be more.
We know what to do in these cases but it is a lot to ask of a business that is not and ISP or doesn’t have a highly skilled IT department, which is why it very often makes sense to outsource your security management.
Businesses need to be mindful of the need to manage their domain name strategy sensibly. There are any number of individuals and organisations out there ready to take advantage of the careless.
For example take a look at http://www.cricinfo.com/. Not a bad time to be visiting the site during an exciting match between England and South Africa (yes I did say exciting).
If you now visit http://www.crickinfo.com/ you will see a difference. The spelling mistake is an easy one to make for someone looking for the main cricket website in the world (wide web). A good domain name strategy would have seen cricinfo snaffle both domains.
Now visit http://www.cricinfo.co.uk/. This one you might think would certainly take you to cricinfo but it doesn’t. It is owned by someone else and until recently took people to a cricket shop completely unassociated with cricinfo.com.
This is quite a high profile example of someone not doing something right when the business was small and it didn’t matter but paying for it downstream.
There are other different examples – the famous myspace court case where the .co.uk domain name was owned by an ISP long before myspace.com existed.
It is quick and easy to check your own business’ domain name – click here if you need a domain name checker.
Good luck England.
It’s not very often I get excited about an ISDN line going down. This is what happened today at Timico Headquarters in Newark. Apparently becausewe are currently going through normal summer weather (that’s normal hot not normal British wet) the BT telephone exchange in Newark began to overheat. The BT response to this was to switch off some kit includiong our ISDN lines. Uhuh.
However fear not dear customer. When you called in you probably didn’t notice because our Disaster Recovery plan kicked in and the ISDN numbers were diverted to VoIP ensuring continuity of service. Hooray!
It is not true to say that this was seamless. It did take us a few minutes to realise that the lines were down and then switch over but the time lost was minimal.
The outage happened at around 14.20 and normal service was resumed at just before 17.00 hours, presumably because the sun had gone over the yardarm and the BT engineers wanted to get away for a cooling thirst-quencher.