Categories
End User security

Intro & Password Pain by @LindseyAnnison

I’m grateful to Tref for leaving the corporate treadmill and embarking on this new venture.  Although he never appeared to hate, or even dislike, his day job as some others in the industry seem to (in fact, having seen him in situ in the Timico offices several times, he seemed to positively revel in it!), I am very much looking forward to his posts, especially about monetising this blog, and hence the new company. So, I would first like to say thanks for the chance to guest post and wish him the best of success.

I guess I’d better briefly introduce myself. I have campaigned for ubiquitous, affordable and, in particular, rural broadband since the mid 90s when I was trying to set up my Internet marketing business in the Yorkshire Dales.  I met Tref because he was kind enough to allow a bunch of broadbandits to invade the top floor of Timico for a colloquium a few years ago. I am currently trying to take a break from all things broadband to write more books (I have so far published six), an internet marketing course for SMEs, and to get back to my core skillset (Internet Marketing and Web PR), and my own business which keeps being put on the backburner because of the broadband shenanigans in the UK. I’m a guest/ghost blogger on many sites, copywriter, occasional ranter, and can be found on Twitter. Usually late at night.

I thought I would begin my guest posting with a tale of woe – the Absolute Pain of Passwords. Is it just me or do others have this problem too?

I have several devices – an iOS smartphone (the iThing), an Apple tablet (iThing2), a Windows laptop, a Remembering PasswordsPC (that can boot into either Ubuntu or two different versions of Windows) and a Mac Mini. That makes a total of seven separate devices. And then there are the many times I might need to use someone else’s device eg whilst travelling, when my battery is flat, cybercafe etc.

If I go to log in to, say, a social media account on one of these devices, and I cannot remember my password, then I either have to find one of the other devices that is logged into the account – which can be a pain if I am not in their location – or, and this is where the nightmare begins, hit “Forgot password”.

This action then kickstarts a chain reaction of marginal chaos.

Categories
End User online safety security

Eventbrite security really on the ball – Adobe hack

Had an email from Eventbrite yesterday with the subject “Keeping your account protected”. Fair play to them. Eventbrite have looked at the 3 million user name email addresses recently hacked at Adobe and cross referred them to any in use on the Eventbrite platform.

They have then let the Eventbrite users with these identical email addresses subs. I was one of them.

Most of my passwords are different and far too complicated to remember even. I didn’t even know I had an Adobe account. I checked. I did. I changed the password.

I also checked for any other account with the same email/password combo. There were two. They had not been used for some time (years maybe) but I changed each password.

One of the sites was Kodak. It took me some time to find out how to login on the Kodak website and I found I was locked out of that account!! Had someone tried to login a few times and locked the account? (could have been me – I dunno).

I also got a message saying “NOTE: Your MySupport account is different from your KODAK Store, KODAK Gallery, KODAK Pulse Digital Frame, Tips & Projects Exchange, and Google Cloud Print™ accounts.”

Goodness knows how I’m supposed to figure out/remember which is the right one to log into. Why can’t they have one login for everything?

Anyway well done to Eventbrite – this is great customer service. I looked but saw no email from Adobe letting me know my details had been compromised. Might have been caught in a spam filter I guess.

Tata.

Categories
Engineer online safety

More on Team Cymru

team cymruSeeing as  I mentioned Team Cymru (Teem Come-ree) yesterday I just noticed that I’ve had their quarterly newsletter (Cymru Quarterly) on my desk since June. This is a personalized high quality newsletter that I specifically signed up for. I remember when doing so they asked me a second time whether I really wanted the newsletter in hard copy. I rarely read hard copy but in their case I did so I’ve been getting it through the post.

I’ve just noticed that on the cover of this edition they ask me whether I want to continue receiving the newsletter. In order to do so I have to click on a link and fill out a survey.

This is pretty cool and efficient. I get a fair bit of junk mail/magazines that I never look at and which are a total waste of space (and money). I’m not going to carry on with the hard copy. I follow them on twitter @teamcymru and am happy that I get my news in that way and save them some cash.

I wonder if they will be supporting Wales v South Africa at the Millenium Stadium on Saturday 🙂 They are based in Florida mind you. I expect they are so busy they will have forgotten the match is on…

Categories
Engineer peering security

Team Cymru – the correct pronounciation

On a completely different note whilst I was at the Euro-IX conference last week someone gave a talk that included something about Team Cymru. Team Cymru are a top bunch of guys in the cyber security space.

However there is something that urgently needs addressing about the organisation and that is how you pronounce their name. I’ve been hearing Team Kim-roo which is understandable but totally incorrect. I’m sure that the good folk at Team Cymru will not mind me saying that the correct way to pronounce the name is Come-ree. It is the way that the Welsh would say it.

There. I’ve got that one off my chest. Cymru am byth!

Categories
Engineer security

Is Huawei in your network a national security concern?

I am reminded that yesterday’s post on how would Huawei spy on your network has an additional dimension in the UK in that a significant chunk of BT’s 21CN infrastructure is based on the Chinese vendor’s kit. I hadn’t noticed that this hit the headlines a couple of months ago.

The BT Huawei deal would have been based on very attractive commercials spread over the lifetime of the contract. I’ll leave you to draw your own conclusions on its wisdom from a national security perspective. I don’t have any details to suppose there is a risk other than what I already covered yesterday and then I couldn’t assess the level of risk. That’s somebody’s job.

One wonders whether the powers that be might be might at this very moment be redrawing rules of engagement for secure national networks roll-outs. I can’t imagine that UK defence networks touch any part of 21CN anyway. They will be totally separate. Won’t they?

Access to non defence networks that are strategic could also be a problem. For example how are all our power stations connected? The telecommunications infrastructure itself? Imagine if nobody could make a phone call or send an email for a week? How about the oil refineries? No oil = everywhere grinds to a halt. I’m sure you can come up with other scenarios.

I dunno.

PS takes me a while to catch up with the news, I know.

Categories
Business security voip

How to make your VoIP secure #fraud

VoIP securityIt’s a pretty simple process to set up your own VoIP phone system. Google “free VoIP server” and you will find links to 3CX or Asterisk. Download their free software and install it on a computer in your office. Sign up for a few SIP trunks from an Internet Telephony Service Provider (eg Timico) and you can be up and running making VoIP phone calls from your Local Area Network in an afternoon. You don’t even need to buy phones. You can download free soft phones that will run on a PC or a smart phone that will work perfectly well over WiFi. The cost is minimal. It’s as simple as that.

Except it isn’t. Now google “VoIP fraud” and

Categories
Engineer UC voip

S3 SBC, rhymes with VoIP, Securitee – Session Border Controller @Genband @Timico

Trefor DaviesYesterday I wrote about our new mobile VoIP App for the iPhone. This included a link to a press release issued by Genband, our VoIP infrastructure partner.

That release covered more than just the mobile VoIP iPhone App. It is a bit of an overall solution release but an important bit covers our acquisition of the Genband S3 Session Border Controller.

The SBC has been a bit of a controversial beast in the world of purist VoIP engineering. It’s purpose is to manage VoIP sessions across different networks. In its earliest incarnation it was used to convert VoIP signalling from the old H323 video conferencing protocol (also used for just voice in older VoIP services) to the more modern and up and coming SIP (Session Initiation Protocol) or perhaps to a variant of MGCP (Media Gateway Control Protocol). As a “border controller” it also grew in functionality as a device used to manage the security of a network.

The conceptual problem of the SBC amongst the early VoIP pioneers was that it operated as a “back to back user agent”. In other words it effectively terminated a signalling stream on input  and started it up again on output. This meant that in the “open internet” it would not necessarily be possible to trace a VoIP signalling packet from end to end as you might be able to do with other non-voice packets using tools such as tracert, the outcome being that it would be harder to debug problematic services.

This was at a time when the theory stated that all VoIP calls would be free heralding the end of the telco and paid phone calls as we know it. This Utopian scenario was underwritten by companies such as Skype who appeared to offer free phone calls to all. Of course to be confirmed and adopted by the general scientific base, theories need proving in practice and even the virulently successful Skype ended up demonstrating that it has to pay for its infrastructure somehow by starting to charge for some of its services.

The growth of the VoIP market1 has also stimulated the growth of a VoIP security sector. There was initially an element of playing on the fears of people entering uncharted technical territories. The fact that VoIP is designed to operate on the DNS based internet2 and functions in a similar way to email and web browsing opens up opportunities for fraudulent activity in the same way that we have become accustomed to such happenings in our general web use. Email SPAM is replaced with VoIP SPIT (computer generated SPAM for Internet Telephony bombarding the world with automated sales messages).  The use of a crawler ploughing through blocks of IP addresses looking for open networks to penetrate is replaced with a search for exposed network based iPBXs that can be exploited for financial gain.

There are many precautions that can be taken to remove vulnerabilities from a VoIP network but if you are serious at security you will want to use a Session Border controller.

A VoIP network, at least if it is to be usable by business, needs managing to maintain its quality and reliability and the SBC plays an integral role in this. The SBC today, far from being the object of criticism of the VoIP network engineer, is the demesne of the grown up Internet Telephony Service Provider. Think of it as a super security tool that secures your network and cements the quality of the service it supports.

Looking at it parochially I’ve been wanting an SBC “to play with” for years, ever since we started our hosted VoIP service. We put a lot of effort into the management of security of our VoIP users but the Genband S3 SBC, covered in the press release, allows us to take this to new heights.

The Genband S3 effectively acts as a VoIP firewall. It manages network access using real-time and aggregated admission control policies. It can, for example, spot and prevent the SPIT attacks referred to earlier.  It will also help Timico as a service provider to control the quality of the VoIP service with capabilities such as the automatic monitoring of network bandwidth rates and capacity.

From Timico’s perspective as a voice carrier the Genband S3 will allow us to hook up with many more interconnect partners because as a border controller it allows us to manage interoperability with different carrier’s kit. The SBC will also provide us with the flexibility to fine tune routes based on both cost effectiveness and quality. For example if a specific route begins to suffer from poor call completion rates the S3 will detect this and intelligently reroute traffic to that destination via a different interconnect partner. The S3 is also hugely compatible with our Genband A2 VoIP platform and will scale to 25,000 concurrent calls that effectively supports a subscriber base of over 250,000 users.

The S3 is relatively new to Genband. It came with the acquisition of NexTone, one of the market’s original and leading SBC vendors. This has brought with it a maturity and pedigree of user base that is not only reflected in its functionality but will quickly help Timico cement our position as one of the leading VoIP providers to the business market. Bit of marketing blurb there but it is actually based on solid engineering principles.

If anyone wants to chat more about our new S3 SBC drop me a line, call or hook up with me via @tref on Twitter.

Ciao.

1 note there will come a time when we don’t talk about it as a VoIP market. It won’t be long before we have to simply describe the world as a communications market which contains a subset known as the old fashioned telecommunications network as championed by the ITU (another story in itself).

2 It still doesn’t fully merge with the domain name system as this would rely on every ISP supporting VoIP on its DNS servers. The principle of domain based routing is still the same for VoIP as for regular web traffic.

Categories
Business Regs security

Now where did I leave that important information? #commsdatabill

You will of course recall my recent post on Big Data in which I related how many laptops are left in the back of taxis. 10,857.14 of them every year to be precise. Well I was wrong. Not only did I underestimate how many cabs there are in London but the average number of laptops left in them every year was wrong.

Today I was picked up by a driver who estimated he had found 8 laptops over the last 5 years (up from the previous 4 in 7) and that there were around 25,000 black cabs in London (up from 16,000).

This bumps up the averages. To  make it easy on myself if I assume only one a year that suggests that 25,000 laptops are left in London black cabs every year.

Now I know someone will pipe up and say that this is not very scientific and

Categories
datacentre End User

#rebelwithoutacause and other lyrical waxings

There’s a definite change in the air. The short British summer is coming to a close, people are squeezing in their last bits of holiday before school starts again and my kids are getting ready to set off for university, in one case, for the first time (yes I am excited).

It feels as if this is the last week before the rush. Traffic will get heavier and business get serious again. It’s not that it isn’t serious in August but not much gets done as half the world is out of the office – staff, suppliers and customers.

Next week all the shops will have their Christmas decorations out! There’s a lot going on in the world before you need to

Categories
Business olympics

How VIPs got around during the Olympics – security hard undebelly

We were walking through London to Hyde Park for the Blur gig and saw several of these convoys driving along Picadilly. I guess they were ferrying VIPs from their 5 star hotels on Park Lane to the Closing Ceremony at the Olympic Park. The cops took no prisoners and were pretty aggressive with pedestrians and other cars that didn’t get the message to shift out of the way in a timely manner. The hard underbelly of diplomatic security 🙂

Categories
Business Net olympics

Logistics & Security at the London2012 Olympics

The Olympic rings at Tower BridgeTravel to and from the games: – a joy – the train to Cardiff was standing room only but we had booked seats – no problem. I travelled back in first class early the next morning with the lad so don’t know how the people up the back were. Most of the fans from the previous night will have either gone

reading material in the 1st class lounge at cardiff stationback that night or still be in bed sleeping off the beer. For the record the lad had two hot chocolates, a diet coke, a Fanta, a packet of hand cut crisps and a croissant – taking advantage of the free food and drink up the front.

At Kings Cross I noted no queues at taxi ranks.  Easier by and large than a normal day in town.

no queues at the taxi rank in Kings Cross StationConnections in London to get to Lee Valley for the kayaking – trouble free and swift with plenty of seating. We sat in first class between Tottenham Hale and Cheshunt despite not having the right ticket – you know I’m a reb. Nobody checked the tickets in either direction anway.

On the way back we joined the 12,000 spectators emptying out of the venue for the 30 minute walk to the station. At the station we got on a train straight away and were whisked away within 30 seconds – unbelievable. In fact almost every connection we had to make had a minimal wait. The train was full but hey…

friendly cops at Lee Valley

she's a fair cop guv

it's a specialist job, pointing

Security at the games – reassuring without causing lengthy delays. The coppers were very friendly and happy to indulge tourist Tref with photo calls. The women PCs smiled beautifully (steady Tref). The presence of armed police showed the underlying serious approach to security.

The pointers too were very friendly and efficient. The numbers of staff on hand to help was overkill but you didn’t feel that. They were great and all out to enjoy the occasion.

The presence of the military was also comforting. The troops approached their last minute call up with professionalism and I have to say we all felt that much safer with them around. They looked confident in everything they did &  also had a special Olympic cloth badge (fwiw:)

Other logistics – the number of portable toilets stood out – I don’t think I ever say anyone queuing to go to the loo – got to be a result.

We arrived at the Lee Valley venue at lunchtime which consequentially meant huge queues for the food concessions. Because of this we waited until one of the breaks in the sport and were able to buy food with very little wait. £9.5 for fish chips and mushy peas if that’s your fancy. A sausage bap and a diet coke were around seven quid. Good quality nosh but v expensive. One man handed over more than fifty pounds to feed his group.

Connectivity – as in the Millennium Stadium I didn’t get on with the WiFi but didn’t need to because the 3G was good – 3.8Megs down and 1Meg up. WordPress for Android with a few photos didn’t work very well. Admittedly one was a panorama shot which seems to mess it up. This post was originally written at Lee Valley but I’ve had to retype it on the laptop at home.

I’m back at the Olympics next week and will try and take advantage of the WiFi at that time and report back.

Categories
Business security

Infosec Europe – the stuff you really need to know

waiting travelers at London Kings Cross StationEn route to Earls Court yesterday for the Infosec show the Echoworx shoeshine stall at Infosec EuropeI had a bit of time on my hands whilst waiting for a work colleague’s train to turn up so I took the header photo with my Samsung Galaxy S2. It’s interesting to see how people naturally spaced themselves out so that there was an equal gap between them and the people in different directions  around them.

I’m going to write two posts on the visit to Infosec. This one covers all the essential things you need to know. The second will take a little more serious look at some of the learningsDennis Webster of Pangea with Trefor Davies and add some thoughts.

The essential information is presented here in pictorial format. The first inset photo is the shoeshine stand at the Echoworx booth. I say booth but all it really was was a space with a popup and two shoeshine chairs, one of which I sat at – I like to look after my shoes me (Timberland – none of this Hush Puppy stuff). The downside is that for 5 minutes as a captive audience I had to sit through a sales pitch for Echoworx. It’s fair enough. I got my shoes done and they got their message across. Bloomin’ hard work for the sales guy though – twelve 5 minute elevator pitches every hour. Wow.

The shoeshine guy was really interesting. Turns out he is a Seamus McDonagh, former cruiserweight boxer who was once a contender and was matched with

Categories
Cloud End User security

The Pocket Cloud (Innovation #1259) – Security Issues Answered

The Pocket Cloud…business critical data storage in a secure USB-connected non-wireless device.

the pocket cloud

the pocket cloud

The fiendishly clever engineers at my place of work have come up with a new innovation, The Pocket Cloud (pat pending TM applied for etc), a highly innovative means of storing important business critical content in a totally secure manner.

Built in security features include an USB connection – this is a totally wireless free device which completely eliminates drive by data theft.

The Pocket Cloud comes with “uber” portability as it fits neatly into your pocket and can easily be removed from an office location whenever there is a flood/fire/earthquake (delete as appropriate – other forms of disaster are available). It should be incorporated into every Disaster Recovery plan.

At times of Disaster The Pocket Cloud also has a secondary role as a cloud based stress ball thereby satisfying Health and Safety requirements as well as those of IT.

If you have any questions or are desirious of acquiring a Pocket Cloud please get in touch.

Categories
Apps Business Cloud mobile connectivity

Security and Personal Mobile Devices: Consumerisation of the Workplace

How does a business cope with the proliferation of personal mobile devices in the office? Not just mobiles, but laptops and tablet computers too? The problem is not new, but it is growing.

Not so long ago consumers would peer in through the smoked glass panoramic windows of business to admire and envy the tools that were available to those inside. Access to the internet was for most people above a certain age first experienced at work. Their first PC, first mobile phone, first email, first mobile email! The list is a long one.

Today’s workplace is totally different. Staff bring in the toys they use at home and often frown or laugh at their employer’s old fashioned proffering. IT departments now gaze back out through the self-same floor to ceiling windows with reverse envy and spend their time worrying about the security of their network.

A study of a small business

I recently did some work with a UK company on their communications and cloud strategy. The company provided 67 of their 115 employees with a mobile phone; 50 BlackBerrys and 17 mid-range Nokias.

30 staff also carried with them their own personal mobiles. Of the 30, eight people also received a company phone and actually used their own phones for business purposes in preference to those supplied by the employer. A further seven staff who were not given company mobiles used their own phones to pick up company email making a total of 15 out of 30 personal mobiles that were used for work purposes.

Categories
Business security

Internet security – a synonym for sleepless nights

How do we sleep at nights? Everywhere I turn I seem to come across security issues relating to my use of the internet.

In catching up on my reading I find that a team of Japanese researchers have figured out how to crack the WPA encryption technology that up until now I had considered to offer my home wireless network a safe and secure browsing environment, at least from the next door neighbour.

As it is the wireless performance of my home router is suspect because I suspect that it is finds it harder to cope with WPA than the previously less secure but more performant WEP.

Next I’m writing a blog post and a security warning flashes up in front of my eyes on the WordPress console telling me about a vulnerability in older versions of the blogging software that has caused some bloggers to lose large numbers of posts. Fortunately I am up to date with my patches.

One of my sons then complains that his website has been identified as a source of malware by Google. I investigate and find that indeed this is the case and remove the problem. His laptop, however, is a difficult kettle of fish to clean. It has conficker and some other nasties that won’t let any of the worm removal tools on to sort it out. So we are having to reflash his laptop and I then go around the house cleaning up all 12 memory sticks that the kids have in their possession (the fruits of a number of visits to trade shows 🙂 ) .

I could go on. It’s all very well for me though because I have dozens of highly skilled engineers sat outside my office door for who all this is bread and butter stuff. Our customers can also access these resources (for a fair price). The real problem is going to be for Joe Public who, as a consumer, is going to drown in the stormy seas of internet security.

Sorry if this one seems a little on the pessimistic side – it isn’t normally my nature.

Categories
Business scams security

Top Ten Security Risks For Business

These are the risks as seen by Timico engineers in their travels around our customer base together with a few of my own real world observations.

This list is not authoritative but it should be insightful and if you are the owner or IT manager of a small or medium sized business then you could do worse than read it. Some of the points, such as updating your virus scanner, might appear to be obvious but believe me they represent real world scenarios.

 

1.       Poor wireless network setup

 

Do you really want someone sat outside your office using your wireless network and gaining access to your internal servers?

 

A business needs to set up WPA-PSK or WPA-RADIUS.  WEP is simply not good enough, and by attacking a connected WEP client the key can be broken within minutes by a novice.

 

When WEP keys are broken all traffic on the air can be decrypted, so plaintext authentication to web servers without HTTPS is visible.  Even  more alarming, is that an attacker can then create their own access point which looks exactly the same as the customers access point, and  then tell a client to reconnect.  Then any number of man-in-the-middle attacks can be done, including intercepting HTTPS traffic to an online banking site for instance.  Users tend to ignore invalid certificate warnings.

 

2.       Default passwords left on devices (switches and routers)

 

Even my kids know that “admin” and “password” are the logons to try first if you don’t know or have forgotten a username and password. So do the crooks.

 

3.       No security patches applied to external facing servers

 

These security patches are issued because businesses have had experience of servers being hacked by unfriendly agents.

 

4.       No web or e-mail filtering (content, anti-virus, phishing, and spam)

 

I was in a queue at the support desk at PC World. In front of me someone was complaining that their PC had ground to a halt. They had so many viruses on it a complete OS reload was required. They had not been using anti-virus software.

 

Also my wife has anti virus/spam on her PC. Her SPAM is filtered into a separate folder and when I looked recently there were 8,500 SPAM emails in this folder (8 weeks worth!). Her personal email doesn’t go through the Timico Mailsafe service so all mail is delivered and she relies on the PC based anti-SPAM solution to protect her. Many small businesses in particular complain about the amount of SPAM being delivered. If they don’t  have a local filter then this SPAM is going to appear in their inbox. SPAM filtering is therefore a massive productivity tool. It stops you having to delete the unwanted mails yourself.

 

5.       Anti-virus not updating.

 

You probably haven’t updated your subscription.

 

6.       Upset employees causing damage

 

Whilst there isn’t much you can do about this you can take steps to mitigate against potential problems – access lists for key network elements and password changes when someone leaves the business.

 

7.       Laptop being stolen with no disk encryption

 

Witness the high profile cases there have been in the UK this year: loss of social security data of millions of people, bank account personal details, national security/military  related information. Big potatoes compared to your own company data but do you really want lose a laptop with all your customer contact details on it.

 

8.       Poor firewall rules setup

 

If you don’t tie down your firewall to allow your very specific traffic i/o requirements then it can be easy for your network to be compromised without you knowing anything about it. Note it is a good idea to have firewalls on workstations configured to reduce risk of data theft in the event of a network breach.  Regular security auditing is also a good idea if the resources are available. Servers should have firewalls configured to prevent external access to non-public services such as remote desktop or ssh.  A secure VPN connection to the internal network should be established first by remote workers before using such services.

 

9.       Poor VPN security

 

Old clients using out of date protocols and short and easy to guess passwords are typical issues here. The use of security tokens is recommended for authenticating to privileged networks remotely.

 

10.       Poor or no password policy

 

For example, users never having to change their password. It is a pain in the neck to have to change a password regularly, especially when people today have many accounts that are password protected.  However changing important passwords on a regular basis is an essential security mechanism. Also who do you trust with your passwords?

 

Categories
Business datacentre security

It’s all about Security, Security, Security

I enjoy this business so much because of the wonderful diversity it provides me in terms of issues, problems and successes. The latest is the fact that the firewall at our corporate headquarters has been the subject of a number of attacks by some unfriendly person.

These attempts to break into corporate networks happen millions of times daily around the world, which is why businesses need to be on top of their security strategy. What interested me here was the fact that this was the same attack coming from a number of different places around the world.

The sources were in China, the USA, Poland, Australia and a couple of other countries whose names escape me. The same common username and password combinations were used each time from each different source (lesson here – never use “admin” and “password”) .

Of course the same individual or organisation is almost certainly involved in all of them. That person will have systematically hacked into a certain type of server whose operating system and security patches has not been kept up to date. It is likely a company server hosted at a datacentre somewhere.

Our course of action, if the attack persists, is to look up the owner of the IP address from which the attack is coming and ring the business up to let them know they have a problem. In the case of the Chinese source we send them an email – only because they will almost certainly be in bed. 🙂 Usually this sorts the problem out and indeed the recent spate of attempted break ins has abated. No doubt there will be more.

We know what to do in these cases but it is a lot to ask of a business that is not and ISP or doesn’t have a highly skilled IT department, which is why it very often makes sense to outsource your security management.

Categories
End User internet

"Stealing" domain names is just not cricket

Businesses need to be mindful of the need to manage their domain name strategy sensibly. There are any number of individuals and organisations out there ready to take advantage of the careless.

For example take a look at http://www.cricinfo.com/. Not a bad time to be visiting the site during an exciting match between England and South Africa (yes I did say exciting).

If you now visit http://www.crickinfo.com/ you will see a difference. The spelling mistake is an easy one to make for someone looking for the main cricket website in the world (wide web). A good domain name strategy would have seen cricinfo snaffle both domains.

Now visit http://www.cricinfo.co.uk/. This one you might think would certainly take you to cricinfo but it doesn’t. It is owned by someone else and until recently took people to a cricket shop completely unassociated with cricinfo.com.

This is quite a high profile example of someone not doing something right when the business was small and it didn’t matter but paying for it downstream.

There are other different examples – the famous myspace court case where the .co.uk domain name was owned by an ISP long before myspace.com existed.

It is quick and easy to check your own business’ domain name – click here if you need a domain name checker.

Good luck England.

Categories
Business internet security

“Stealing” domain names is just not cricket

Businesses need to be mindful of the need to manage their domain name strategy sensibly. There are any number of individuals and organisations out there ready to take advantage of the careless.

For example take a look at http://www.cricinfo.com/. Not a bad time to be visiting the site during an exciting match between England and South Africa (yes I did say exciting).

If you now visit http://www.crickinfo.com/ you will see a difference. The spelling mistake is an easy one to make for someone looking for the main cricket website in the world (wide web). A good domain name strategy would have seen cricinfo snaffle both domains.

Now visit http://www.cricinfo.co.uk/. This one you might think would certainly take you to cricinfo but it doesn’t. It is owned by someone else and until recently took people to a cricket shop completely unassociated with cricinfo.com.

This is quite a high profile example of someone not doing something right when the business was small and it didn’t matter but paying for it downstream.

There are other different examples – the famous myspace court case where the .co.uk domain name was owned by an ISP long before myspace.com existed.

It is quick and easy to check your own business’ domain name – click here if you need a domain name checker.

Good luck England.

Categories
Apps Business security

Access control meets www – and it's not what you think

When I began this blog I intended to cover subjects that I felt would be of general interest to users of business communications services in the UK – Timico customers generally. I didn’t think that this would for one moment include the topic of door entry systems. It does.

Some time ago we began a relationship with a company called Paxton Access. This was because we needed a security system for our new purpose built Headquarters building in Newark (Notts – not New Joisey for the benefit of international readers). Since then we have started installing it as part of an integrated package for customers.

Door locks have moved on a long way. This system comes with a Software Development Kit. I’m not suggesting that this is something particularly useful for general business customers who won’t know one end of a SDK from the other. However the rich engineering talent we have at Timico has been able to put it to good use.

We now have an intranet page that provides access to the door entry system. One click on the web interface and the door can be opened. Is this a security risk? We don’t think so. Access to the web page is controlled via Active Directory authentication and is tied down to specific individuals. This can apply to any door at any of the Timico UK locations and can be tied in with camera visuals so that the person allowing entry can see who they are letting in.

The same door can be opened by anyone holding a registered keyfob or, using the intercom, via any telephone handset on the Newark Nortel PBX. This functionality could be extended to opening by sms pin number from registered mobile handsets, or via command line interface from non Windows PCs as is the case in our Ipswich NOC where the engineers have the traditional geek’s abhorrence of all things Microsoft.  

There is more. This system can be used to set the alarm and turn off all the lights when the last person leaves the building. This is serious use of web technology for mundane but important business needs. 

Categories
Apps Business security

Access control meets www – and it’s not what you think

When I began this blog I intended to cover subjects that I felt would be of general interest to users of business communications services in the UK – Timico customers generally. I didn’t think that this would for one moment include the topic of door entry systems. It does.

Some time ago we began a relationship with a company called Paxton Access. This was because we needed a security system for our new purpose built Headquarters building in Newark (Notts – not New Joisey for the benefit of international readers). Since then we have started installing it as part of an integrated package for customers.

Door locks have moved on a long way. This system comes with a Software Development Kit. I’m not suggesting that this is something particularly useful for general business customers who won’t know one end of a SDK from the other. However the rich engineering talent we have at Timico has been able to put it to good use.

We now have an intranet page that provides access to the door entry system. One click on the web interface and the door can be opened. Is this a security risk? We don’t think so. Access to the web page is controlled via Active Directory authentication and is tied down to specific individuals. This can apply to any door at any of the Timico UK locations and can be tied in with camera visuals so that the person allowing entry can see who they are letting in.

The same door can be opened by anyone holding a registered keyfob or, using the intercom, via any telephone handset on the Newark Nortel PBX. This functionality could be extended to opening by sms pin number from registered mobile handsets, or via command line interface from non Windows PCs as is the case in our Ipswich NOC where the engineers have the traditional geek’s abhorrence of all things Microsoft.  

There is more. This system can be used to set the alarm and turn off all the lights when the last person leaves the building. This is serious use of web technology for mundane but important business needs.