T is for …

Tailgating

Tailgating is very easy to spot. It’s when you follow someone through a barrier without swiping your entry card, adding your pin number etc. You might have seen someone do this in a car park or elsewhere, following another vehicle in without paying: it’s the same principle.

Trojan

Taking its name from the Trojan Horse of ancient Greek tales, a Trojan is a form of malware in which the malicious code is hidden inside what looks like an innocuous application or other piece of code.

Two Factor Authentication / 2FA

2FA is becoming increasingly common, and is a really good idea for any accounts you may have where you have to enter bank or credit card details. Single (one) factor authentication is usually something your username and password.

With two factor, you’re normally asked either for your fingerprint (on iPhones for example), or you may be sent a code to your registered phone, which you need to enter after your password (PayPal operates like this). It’s really just an extra layer of security, based on something you know (eg your password) and something you have (a fingerprint or code from a mobile devices.

R is for …

Red Team

Just as penetration testers try to get access to an organisation electronically, red teams try to get physical access to the organisation. They use a combination of Open Source Intelligence gathering and social engineering to get access.

These teams are typically engaged by senior management to test processes such as visitor registration, tailgating, signing in, staff challenging non-wearers of passes etc.

Remote access

As the name suggests, this is the process of providing access to systems from a remote location. For example, many people are given access to their work systems when not in the office. This uses remote access tools including VPNs and Two Factor Authentication, or a combination of multiple tools. It means you don’t physically have to be in the office to access your work systems.

RAT

A Remote Access Trojan (RAT) is a piece of malware which enables attackers to gain control of a target machine from a remote location. When attackers use phishing techniques, the first step after a link is created is often to implement a RAT. This enables an attacker to get access to the device and carry on their attack using other tools.

Router

A router is a network device which examines network traffic and forwards it to the most appropriate part of the network.

 

What are backups, and when / why are they needed?

As I’m keeping this simple, I guess I should start by explaining what a backup is, and why it’s necessary. (Apologies to those who know, but if my blog item on Patching was Security 101, then this is surely part of IT 101!)

A backup is simply a copy of one or more files kept on a different device than your working version. You need one so that if the original file is lost, damaged or deleted, then you won’t have to recreate it from the beginning. Some files are irreplaceable e.g. family photos in the digital age (because we no longer get film negatives with our snaps) so we need to be careful.

Here’s a question: do you backup your home PC, laptop, smartphone, tablet etc on a regular basis?

  • Those of you using the iCloud or something similar – well done. (As an aside, and not part of this discussion – have you thought about how secure the data is there: after all, you don’t control who has access do you?) You probably just need to worry about how often you back up to that cloud storage and whether you have an Internet connection at the time you need it.
  • Those using iTunes or similar – that’s great, your device is backed up, but what if the place you backing up to e.g. your home PC dies?
  • As for the rest – do you use a thumb drive or external hard drive of some sort?

Another question to consider is: how often do your files change? If you have a document which you work on regularly e.g. accounts for a social club, it may be something you need to backup regularly. If it’s a treasured family photograph, or an invoice for an online purchase, the file won’t change but you should really have at least one backup copy.

There are many backup solutions available. Perhaps the simplest is to use an external hard drive or a thumb drive (also called a memory stick, USB drive, pen drive etc) and simply copy the files you want across to it. Make sure you keep the drive in a safe place (not next to your computer though: if the computer goes up in flames during a house fire, having files copied on a device sitting next to it probably won’t be any use) and, if the data on it is sensitive you may want to encrypt it. (Hmm, I think I’ll need to write a separate post on encryption!)

As you can infer from above, there are many cloud based services like the Apple iCloud or Microsoft’s Office 365 where you can hold all your files and not have to worry about messing around with thumb drives etc. Personally, if I was going to use them for some of my own sensitive files, I’d ensure I used some of their more secure services like two factor authentication.

That sounds scary and technical, but it’s basically a combination of a password and a code generated on a separate device (as they say in the trade, it’s something you know and something you have, which “proves” you are you). That device may be software on a phone, a pin code that’s sent to your phone or email, or it may be a physical thing like a fob which your bank provides: I have one which looks a bit like a small calculator which I have to slide my bank card into, and it gives a code which I have to type in on the website before I can access my account details.

There’s another time when you should seriously consider making sure you have backed up your data properly, and if you don’t do it at any other time then you should make sure you do it when … upgrading your device and / or the operating system software on it. Apple tend to force the backup if you use iTunes, because that’s the first thing they do before upgrading the software. Given that right now many people will be eligible to upgrade their Windows version for free (if it’s a personal device which is compatible and running specific earlier versions, it’s worth making sure your essential files are backed up before you start.