Security is fundamental for any business. However, managing security can be a costly and time-consuming effort, especially today, when cloud services, “bring-your-own-device” and “bring-your-own-application” and other new approaches are spreading to the offices.
Money-wise, if you thought buying services costs a lot, you may think again. The price tag of services, bigger though it might look at the beginning, might end up being the smaller one.
Let’s make a small comparison, using F-Secure Protection Service for Business as an example:
[i] Please note the price estimate is just a fictional example based on selected services, the real price of SaaS services can vary a lot depending on the scope of services
F-Secure Protection Service for Business is a hosted security solution that provides 360 degrees protection against all threats for all devices.
Photo: Chris Meller via Flickr.com
F-Secure is back from CES -- where the tech world comes together in Las Vegas to preview some of the latest innovations – some which might change our lives in the coming years, others never to be seen or heard again. Inside the over 200,000 square meter exhibit space, Drones flew, and made a fashion statement; hearing aids got smartphone apps; and 3-D printers printed chocolate. We made a stir of our own with Freedome. Our David Perry reminded the industry professionals that the mobile devices nearly all of them were carrying can do more than connect us. "I want you to stop and think about this," he told RCR Wireless News as he held his smartphone up on the event floor. "This has two cameras on it. It has two microphones. It has GPS. It has my email. It has near-field detectors that can tell not only where I am but who I'm sitting close to. This is a tremendous amount of data. Every place I browse on the internet. What apps I'm running. What credit cards I have. And this phone doesn't take any steps to hide my privacy." In this post-Snowden world, where professionals are suddenly aware of how much their "meta-data" can reveal about them. Privacy also played a big role in the discussion of one the hottest topics of 2015 -- the Internet of Things (IoT). The world where nearly everything that can be plugged in -- from washing machines to light bulbs to toasters -- will be connected to the internet is coming faster than most predicted. Samsung promised every device they make will connect to the net by the end of the decade. If you think your smartphone holds a lot of private data, how about your smarthome? "If people are worried about Facebook and Google storing your data today, wait until you see what is coming with #IoT in next 2-5 years," our Ed Montgomery tweeted during the event's keynote speeches, which included a talk from US Federal Trade Commission Chairwoman Edith Ramirez that tackled privacy issues on the IoT. Newly detected attacks on home routers suggest that the data being collected in our connected appliances could end up as vulnerable to snoops and hackers as our PCs. Some fear that these privacy risks may prevent people from adopting technologies that could eventually save us time, effort and energy. At F-Secure we recognize the promise that IoT and smart homes hold and we’re excited about the coming years. But we also understand the potential threats, risks, and dangers. We feel that our job is to enable our customers to fully enjoy the benefits of IoT and that is why we’re working on new innovations that will help customers to adopt IoT and smart home solutions in a safe and controlled way. It will be an exciting journey and we invite you to learn more about our future IoT solutions in the coming months. We at F-Secure’s IoT team would like to hear from you! Are you ready to jump on the IoT? What would your dream connected home look like? Or have you perhaps already set up your smart home? What are you worried about? How could your smart home turn into a nightmare? Read the rules and post your thoughts below for your chance to win one of our favorite things -- an iPad Air 2 16 GB Wi-Fi. [Image by One Tech News | via Flickr]
In computer security, we throw around the word authentication all the time. It means a process or mechanism that is used to prove that you are you, (or that someone else or something else proves to you that they are they). Imagine yourself in a wartime encampment. Someone approaches the sentry and the sentry calls out "Flash" The approaching soldier replies, "Thunder". This is a classic sign and countersign password set from World War II. The answer doesn't make any sense, and that's entirely on purpose. This was to prove to the soldier that he was at the right camp, and to the sentry that he was one of his own. There is a lot of chatter about signs and countersigns at one of my favorite blogs, and you can find it here. In the age of computers, things get a lot more complicated, but it's basically the same process. The website wants to know who you are, that you are the right person, and that is authentication. Now there are three methods of authentication, and they are: 1. Something you have, such as your driver's license, credit card, etc. 2. Something you know, such as a password. 3. Something you are, such as your fingerprint, retinal scan, or facial structure. This is called biometric authentication. On a computer, you actually have other things that can be known about you. There is your IP address (the address assigned to your computer on the internet), and your computer itself has a unique identifying serial number that isn't too difficult to read. Your operating system identifies itself, so do many other pieces of hardware and software on your computer, all unique, and all traceable back to you. One of the things that we use to protect ourselves is a kind of authentication called a password. This creates a lot of confusion in our lives, and small wonder--what follows is abstracted from my personal blog: Hackers are into lockpicking. Every year at DEFCON there are lock picking contests and demonstrations, and you can buy the various tools (picks, bump keys, etc.) at Black Hat and DEFCON and many other such events. Now, Timo Hirvonen tells me that this is a legitimate extension of learning Penetration testing, and I believe that that he is absolutely correct. I actually took up lockpicking in the summer of 1965, long before I ever dealt with a computer, but that's a story for another day. This is actually relevant, so you might want to stay with me, here. Take a look at the typical key pictured above. This is a key to a pin tumbler lock, and is the most common kind. Notice that the little notches in the key is at a different depth. The key would insert into the keyhole, which is in the part of the lock called a cylinder. When all the notches on the key line up properly, the pins line up so that the cylinder can turn. They have to be very accurate. Our example here is a five pin lock, so this key would only need notches cut in five places. The pins each have a number of discrete settings, and just to make it easy, let's imagine that there are five different settings for each pin. So how many possible combinations is that? Five times five is 25, but that's not it. Neither is five times five times five, or 125, correct. This would be a very simple lock, but it would carry a grand total of 3,125 combinations (five to the power of five). If each pin had six possible positions, you could raise that to 15,625 different combinations. With a pin tumbler lock, like the one shown here, there is also a restriction that the key has to be the right keyway (that's what they call all the channels and grooves that let the key fit into the lock). Each brand of lock uses a unique keyway which is why the key shop has hundreds of different key blanks hanging on a big rotating display. This is a very close model of an internet password. The number of pins is equivalent to the number of characters, and the number of possible positions is equal to the number of possible characters. This is why people keep telling you that a password is either strong or weak. Let's look at it. Imagine a very short password of only two characters. If you use only numbers, then there are only ten possibilities for each character position. (0-9) so with that limitation, a two digit password using only numerals in base ten would give you only 100 possible combinations. If you had to type that in by hand it might be too much trouble, but a computer could feed those hundred combinations in less than a single second. The same two character password, if it used alphabetical characters, instead of numbers, would give you 676 possible combinations, instead of a hundred. Going to more places, or more pins, would give you an even greater combination, such as noted below. Well, you don't have to. You can get a program known as a password manager. The one we make here at F-secure is called KEY. We will take a look at that in just a little bit. First we want to make a couple of things clear.So, as you can see, it becomes much more difficult to crack a longer password, or a password with more available characters. That is not the end of the story. If you use a password made up of words that can be found in any dictionary, then a hacker could attack your password with a dictionary. Really. It's actually called a dictionary attack. So the best password would be gibberish. How would you ever remember such a thing? 1. Passwords are extremely valuable, they are the online version of your keys, and eventually your car will start and your door will open to a password, rather than to a physical key. (I am very tempted to run off on a tangent, here) You need to pay some attention to your passwords, because they are getting stolen left and right and because they open the door to your email, to your reputation and to your bank account. RUNNING OFF ON A TANGENT Car keys have gotten much more complicated over the last decade. First we added electronic door locks to the car, and the key acts as a remote control. Other functions come with that, including trunk release, and some kind of an alarm system. On top of all that, there is a secondary locking mechanism included with your key, where the car will only open for a key with both the proper physical keyway and tumbler pattern (( as described above)) AND the proper electronic signature. So, in my car, for example, a new key needs to be cut and then programmed, and a new key costs almost $300! Now they tell you that's because it takes extra programming, but it's really because you NEED a car key, and based on the brand of car you drive, and I drive a Lexus, they hit you up for the highest price the traffic will bear. The circuitry isn't worth nearly that much, and neither is the 'programming'. This is indicative of the state of the world. Drive a 1961 Buick, and you can buy a key for a buck, drive a 2001 Lexus, and the key is $300---the newest models skip the physical key entirely, and cost even more. They only charge what the traffic will bear. 2. It is very important that you not use the same password for everything. If you do, when somebody cracks one of your passwords they can find all of them. Some people use simple, same passwords for things they don't really care about (your Cookie Bakery discount code coupon, for example) but use stronger, unique passwords for more important things, like missile launch codes. 3. Do not use passwords that can be derived from the names of your pets, or the name of your spouse, or your boat, or anything that could ever be found out about you from a thorough analysis of your Facebook page. 4. Back up your data! I use two different backups on everything, and a third backup on the most important data. I back up to a NAS (network attached storage) device, and to the cloud, and the third method is secret. Never put yourself in a situation where somebody could hack into your account and steal or delete anything you are going to need. Having said that, I want to say that too many things are authenticated these days (that's what a password is all about, authentication--it's when you prove that you are you) If you are doing a lot online you might actually be known via hundreds of passwords and who can possibly keep up with that? Nobody, that's who. It's just another example of FUTURE SHOCK, brilliantly predicted in 1971 by Doctor Alvin Toffler. My point? Maybe we are authenticating too much. Does your nephew's Bar Mitzvah really need me to get a password to reply to the evite? Do I really need a strong password to protect my registration to a trade show? The universal and always increasing demand for new passwords kind of cheapen the image they have to the public. If you need to keep track of a hundred passwords, then you might not put so much effort into managing them. Here at F-Secure we have a solution and it is called KEY. I use it on all my devices and I think it handles things very well indeed. It synchronizes all your passwords to all of your devices under a single master password. The keys are safely encrypted and cannot be extracted from either the install nor the cloud. It can and will generate new and stronger passwords for your most valuable data. You might want to look into it. Persevere, David Perry Huntington Beach, California 10/29/2014
Ordinary people here in Finland have been confronted with yet another cybersecurity acronym lately, DoS. And this does not mean that retro-minded people are converting back to the pre-Windows operating system MS-DOS that we used in the eighties. Today DoS stands for Denial of Service. This case started on New Year’s Eve when customers of the OP-Pohjola bank experienced problems withdrawing cash from ATMs and accessing the on-line bank. The problems have now continued with varying severity for almost a week. What happens behind the scene is that someone is controlling a large number of computers. All these computers are instructed to bombard the target system with network traffic. This creates an overload situation that prevents ordinary customers from accessing the system. It’s like a massive cyber traffic jam. The involved computers are probably ordinary home computes infected with malware. Modern malware is versatile and can be used for varying purposes, like stealing your credit card number or participating in DoS-attacks like this. But what does this mean for me, the ordinary computer user? First, you are not at risk even if a system you use is the victim of a DoS-attack. The attack cannot harm your computer even if you try to access the system during the attack. Your data in the target system is usually safe too. The attack prevents people from accessing the system but the attackers don’t get access to data in the system. So inability to use the system is really the only harm for you. Well, that’s almost true. What if your computer is infected and participates in the attack? That would use your computer resources and slow down your Internet connection, not to speak about all the other dangers of having malware on your system. Keeping the device clean is a combination of common sense when surfing and opening attachments, and having a decent protection program installed. So you can participate in fighting DoS-attacks by caring for your own cyber security. But why? Who’s behind attacks like this and what’s the motive? Kids having fun and criminals extorting companies for money are probably the most common motives right now. Sometimes DoS-victims also accuse their competitors for the attack. But cases like this does always raise interesting questions about how vulnerable our cyber society is. There has been a lot of talk about cyber war. Cyber espionage is already reality, but cyber war is still sci-fi. This kind of DoS-attack does however give us a glimpse of what future cyber war might look like. We haven’t really seen any nations trying to knock out another county’s networks. But when it happens, it will probably look like this in greater scale. Computer-based services will be unavailable and even radio, TV, electricity and other critical services could be affected. So a short attack on a single bank is more like an annoyance for the customers. But a prolonged attack would already create sever problems, both for the target company and its customers. Not to talk about nation-wide attacks. Cyber war might be sci-fi today, but it is a future threat that need to be taken seriously. Safe surfing, Micke Image by Andreas Kaltenbrunner.