O is for …

On-premise

This term is used to describe equipment which is physically located in your offices. The alternative would be a third party hosted service such as those offered by cloud hosting providers.

Open Source Intelligence

The internet is full of many sources of information, many of which are free. This is known as Open Source Intelligence (commonly called OSINT).

The most well known sources of information are social media sites like Facebook, LinkedIn and Twitter. If users do not lock down their accounts, potential attackers can learn a lot about them just by trawling their details. For example, Facebook allows you to list family members, friends, schools, colleges and work places, all of which are invaluable to attackers.

Operating System

All computers need code to tell them how to interact with their components eg keyboards, mice, monitors etc. They also need code which tells them what to do when switched on, how to store files and how the file store is structured. All of these services are provided by the Operating System, or OS for short. The most common operating systems for desktop and laptop computers are Microsoft Windows, Mac OS and Linux. Smartphones and tablet devices also have operating systems, the most common being Apple iOS, Android, Blackberry and Windows Mobile.

C is for…

CAT5

We don’t really hear this term very often any more, but it refers to probably the most common form of network cabling in offices and homes over the last 15-20 years. It’s the cable you may connect from your home router to your laptop if you don’t use Wi-Fi – it’s almost certainly been provided with the router and you may have left it in the box.

The picture below shows the ends of a CAT5 cable. Recognise it?

CIA Triad

This is a common term used to refer to the three main pillars of information security, Confidentiality, Integrity and Availability. Information Security is all about addressing these three topics when applied to data.

Cloud

“The Cloud” is a term used by many, and the common reference for it is “someone else’s computer”. That’s a pretty good explanation, in that cloud services are provided by a range of companies where they have buildings housing lots of servers, and you effectively rent out one or more of those servers. The benefits are that you don’t have to manage the servers, procurement of parts or maintenance. You don’t have to worry about ensuring the power is always on and quite often your backups are done for you. You can also generally flex storage space up and down as you need it, rather than having to own lots when you don’t always use it. Cloud can therefore seem quite attractive from a cost point of view. The disadvantages – which are actually things you need to ask about – are that you don’t know who has access to your physical servers, you don’t know who you’re sharing server space with, and you don’t necessarily know which country your data is being held in. You therefore need to have a good handle on the security of data, and make sure your Governance / audit processes take this into account.

Confidentiality

Part of the CIA triad, confidentiality is concerned with making sure only authorised people have access to data.

For example, you would not want just anyone to be able to read your medical records: your doctor’s surgery or hospital will keep that information confidential.

Cryptocurrency

Put simply, cryptocurrency is an electronic form of currency which is not regulated, managed or overseen by any banks or governments. Based on cryptographic techniques, it uses blockchain technology to validate every transaction. There is no single point of control. Some stock exchanges and banks are starting to recognise the various currencies, such as Bitcoin, Ripple and Ethereum, and to actively trade in them, while others are banning cryptocurrency altogether. At the time of writing this article, values for the various currencies have been fluctuating massively and it’s likely that they will take some time to settle down.

Cryptography

Cryptography is all about scrambling data to make it unreadable or impossible to understand without first unscrambling it. The technical terms for these processes are encryption and decryption. Many methods have been used over the years to encrypt data.

Manual manipulation of messages eg using one time pads (as the name infers, these were sheets of paper which were to be used only once: messages were scrambled using the random set of letters on the pad and the recipient would have to be using the same pad to decrypt the message) has been done for at least 2000 years or more.

Computers have been increasingly used for this process in the last 70 years. Enigma was a machine used by the Germans in WW2 to securely swap messages and was the name given to the code which was broken by Polish mathematicians in the 1930s and again by a team led by Alan Turing at Bletchley Park during the war, as dramatised in the film The Imitation Game. Later in the war, a code called Lorenz was broken using a machine devised by Bill Tutte and built by Tommy Flowers. The machine was called Colossus and was the first real computer in the world. It was destroyed after the war and its creation kept secret until many years later, so an American invention in the late 1940s called ENIAC has until recently been thought to be the first computer.

Modern cryptography relies on complicated maths and massive processing power, which can only be provided by computers. Techniques are continuously evolving, and manual cracking of codes is nigh on impossible now.

Cyber

We all use the term, but what exactly is cyber? There are many different definitions, all of which are right. The most basic is probably “something to do with computers”. It’s important that all people in a business share the same definition, so you all know exactly what you mean by the term.

I believe that in 5 to 10 years we won’t be talking about cyber- anything. Cybersecurity, cyberwarfare etc will have lost the prefix and we’ll just be talking about security, warfare etc.

Episode 3 – The Cloud

A while back I posted on here about The Cloud and some of the security concerns associated with it. I’ve just published a podcast covering the same topic which I hope will help bring some of it to life for you. 

EasyCyber Episode 3

If you like the podcast, why not subscribe to my You Tube channel so you can get new releases as they come out. Also, please do let me have any questions / comments. For example, are there any topics I haven’t covered yet which you would like more information on? 

Episode 1 – What is Cyber?

This is very exciting! This is the first podcast I’ve ever made with video. I’ve even thrown in a couple of edits, see if you can spot them! It’s a quick introduction to the site, and I talk about why I’m doing this and what I hope to achieve. I hope you like it!

The podcast expands a bit on the topics covered in this post.

Oh – and it’s on my very own YouTube channel. I’m very excited about it!

EasyCyber Episode 1

The Cloud – Vapourware made real?

One of the things that’s been a petty annoyance for me professionally over recent years is all the hype about Cloud services. Things like Amazon Web Services, Dropbox, Google Docs and Microsoft OneDrive. There have been pages and pages written about this new wonderful thing called the cloud, how it’ll revolutionise our lives, but at the end of the day, it’s your data on someone else’s machine. That’s it!

The only major difference I can see between services like the ones I named above and other remote services is scale. But the issues are the same. Where is the data held, who has access to it, how is it deleted when you don’t want it any more, how secure is that deletion.

Nearly 20 years ago there was a lot of hype about “e-business’, i.e. trading and doing business online. Nowadays (as I predicted back then) we don’t bother with the e- prefix, it’s all just business. [Though many companies are finding out that without the e- portion to their business, they struggle to stay afloat.]

The Cloud is no different. It’s the latest and greatest, a buzzword used to make business sexy, but at the end of the day you’re just renting out space on some machines that someone else owns. So you better believe it’s down to you to make sure it’s secure. The big providers have all sorts of physical security (fences, guards, access controls etc) and IT security (redundant disks and power supplies, industrial scale UPS etc) but if you want the data encrypted, or backed up securely etc then you need to sort that yourself.

We’re going to see it more and more, and it’ll become a de facto standard, but please just remember it’s nothing special!

What are backups, and when / why are they needed?

As I’m keeping this simple, I guess I should start by explaining what a backup is, and why it’s necessary. (Apologies to those who know, but if my blog item on Patching was Security 101, then this is surely part of IT 101!)

A backup is simply a copy of one or more files kept on a different device than your working version. You need one so that if the original file is lost, damaged or deleted, then you won’t have to recreate it from the beginning. Some files are irreplaceable e.g. family photos in the digital age (because we no longer get film negatives with our snaps) so we need to be careful.

Here’s a question: do you backup your home PC, laptop, smartphone, tablet etc on a regular basis?

  • Those of you using the iCloud or something similar – well done. (As an aside, and not part of this discussion – have you thought about how secure the data is there: after all, you don’t control who has access do you?) You probably just need to worry about how often you back up to that cloud storage and whether you have an Internet connection at the time you need it.
  • Those using iTunes or similar – that’s great, your device is backed up, but what if the place you backing up to e.g. your home PC dies?
  • As for the rest – do you use a thumb drive or external hard drive of some sort?

Another question to consider is: how often do your files change? If you have a document which you work on regularly e.g. accounts for a social club, it may be something you need to backup regularly. If it’s a treasured family photograph, or an invoice for an online purchase, the file won’t change but you should really have at least one backup copy.

There are many backup solutions available. Perhaps the simplest is to use an external hard drive or a thumb drive (also called a memory stick, USB drive, pen drive etc) and simply copy the files you want across to it. Make sure you keep the drive in a safe place (not next to your computer though: if the computer goes up in flames during a house fire, having files copied on a device sitting next to it probably won’t be any use) and, if the data on it is sensitive you may want to encrypt it. (Hmm, I think I’ll need to write a separate post on encryption!)

As you can infer from above, there are many cloud based services like the Apple iCloud or Microsoft’s Office 365 where you can hold all your files and not have to worry about messing around with thumb drives etc. Personally, if I was going to use them for some of my own sensitive files, I’d ensure I used some of their more secure services like two factor authentication.

That sounds scary and technical, but it’s basically a combination of a password and a code generated on a separate device (as they say in the trade, it’s something you know and something you have, which “proves” you are you). That device may be software on a phone, a pin code that’s sent to your phone or email, or it may be a physical thing like a fob which your bank provides: I have one which looks a bit like a small calculator which I have to slide my bank card into, and it gives a code which I have to type in on the website before I can access my account details.

There’s another time when you should seriously consider making sure you have backed up your data properly, and if you don’t do it at any other time then you should make sure you do it when … upgrading your device and / or the operating system software on it. Apple tend to force the backup if you use iTunes, because that’s the first thing they do before upgrading the software. Given that right now many people will be eligible to upgrade their Windows version for free (if it’s a personal device which is compatible and running specific earlier versions, it’s worth making sure your essential files are backed up before you start.