Thursday, May 24, 2012

Free Online Storage: Practical - But is it safe?

Who wouldn’t like to have his data available 24 /7, Accessible from everywhere using any computer or operating system?
How many times have you left home without your precious USB drive? Well worry no more because the internet has provided you with a solution!

Online Data Storage, with products like: Google Drive, iDrive, Sky Drive, and CX will give you the ability to stash your data on a virtual drive (cloud Storage) and access this data from approximately anyplace that has internet connection. 
Although online storage seems appealing and interesting but there are some concerns that should be taken into consideration when using these services.

Having tried many products myself I will try a more direct approach: 

  • Availability: Online storage provides users with access to their data virtually at any time, and anywhere.  
  • Free: Most online storage vendors provide free accounts for people to try their services. Using free accounts services users are granted between 5 and 25 GB of online storage.
  • Recovery: Storage drives can be used as backup drives, where users can upload their data and keep it available should they lose their original data.
  • Cross Platform: Since all that you need to access your data is an internet browser, and since nearly all platforms and operating systems are equipped with at least one browser. Users should have no difficulty accessing their files.
  • Sharing: After your files are uploaded to your cloud drive, it would be very easy to share a certain file with someone else, or even link it directly to your website.
  • Downtime: Since we are talking about the free service provided from some vendors, there is no guarantee that your files will be available 24/7. Although most of online storage providers brag about their compliance with the  Five Nines Availability (99.999% available) there is no solid guarantee of ultimate availability.
  • Bandwidth Limitations: There are two drawbacks within this aspect
  1. First, in some “Internet Primitive Countries” Internet Service Providers assign limited bandwidth speed and limited quota to their users. So if a user exceeds his preassigned quota extra charges will apply. For example, here in Lebanon, it would take me around 66 minutes to upload a 100MB file to the internet. And around 17 minutes to download the same file.
  2. The second drawback is related to the online storage vendor: since it is a free account,  bandwidth limitation is more likely to be forced by the vendor.
  • Data Security:  this is the most interesting part of online data storage; we tend to convince ourselves that since the vendor claims that our data is safe and sound, then no one could access it. But this is not the case; I believe that the moment you agree to upload your data to the so called internet drive, you should be aware that your data might be compromised. Your Storage Drive account might be hacked, your password guessed, revealed or even stolen. These things usually do happen, and when they do you lose Confidentiality, Integrity and Availability of your Data. Moreover, who could guarantee that the vendor doesn’t disclose any of your data?  
Finally, Cloud Storage is effective in storing, sharing and managing data, but when it comes to information security there should be a big question mark around your virtual drive.

Sunday, May 13, 2012

Physical Information Security

A lot has been written on information security, how to protect your PCs, your email accounts, your bank accounts, and so on. But what about physical files, credit cards, even personal conversations. Social engineers do not always have to hack your PC to collect information, they can eavesdrop on conversations, sneak a look on your laptop especially when you are writing personal confidential information.
The key is to Protect your personal and confidential information at all times, whether in your PCs, in hard copies, or even in your mouths.
Below are some tips to ensure the security of your information.
    1. Work elevators: They are the gold mine for social engineers. People tend to discuss loudly work issues, personal stuff and other confidential information in the elevator. We should refrain from discussing such topics when there is a stranger in the lift.
    2. Coffee shops: We often tend to use our laptops in coffee shops and restaurants, and we often open personal or confidential files there. Remember, someone can be looking. You should be cautious when using your laptop in public areas. You can also use privacy filters to make sure only you can see what is on the screen.
    3. ATM machines: Make sure no one is standing close to you once to key your pin. It goes without saying that you should never share your pin; that is why it is called PERSONAL Identification Number
    4. Banks and government counters: Make sure that no one is looking when you are filling applications in banks or at government counters.  These applications may contain confidential and personal information that can be easily used by social engineers. Also make sure no one is close enough to hear your conversation with the clerk.
    5. Credit card payment: A car rental agency once asked me to take a photocopy of my credit card and process the transaction later! Be careful when paying with a credit card, and never accept such offers. Also remember to verify the amount on the slip before signing it. 
    6. Your office: It is a treasure of information. Make sure all confidential files are locked away, and unauthorized people are not admitted to the office space. Don’t leave your PC unlocked and unattended. Discard confidential files smartly by shredding them. (Always consider the environment by reducing the quantity of printed material, and recycling the shredded documents)

    Bottom line, caution handling confidential information should be a part of our life, not a task that we do once a week. Whether at home, at work, or in a public place, remember that personal information is for you only.

    Saturday, May 12, 2012

    A Disaster in The Making part 2

    While I was having a presentation by one of the Middle East leading firms in providing Disaster Recovery and Business Continuity solutions, I was able to take the following picture using my phone

    I just wonder: how could any one buy this vendor so called “end to end” solution! and pay a huge amount of cash, while they fail to present a good and SAFE image of what they are selling.

    Business Continuity is not always about having the latest servers and backups, but also it is about the level of awareness and maturity.

    Tuesday, May 8, 2012

    New Technology Protects your Storage Devices

    We previously discussed USB flash drive security and how to protect it. ThumbDrive has developed a new technology to prevent unauthorized access to the information stored on your USB by using a fingerprint authorization.

    This USB has some advantages and disadvantages. Aside from securing your data, the advantages of this USB is that you can configure it to grant access to at most three users. You can also partition the USB flash drive to divide the storage capacity into secured data and open or unsecured data. It is a small, easy to set up and easy to access USB with an interface that reads your fingerprint.

    Unfortunately, this USB has two major disadvantages, cost and storage capacity. Storage capacity is an essential issue when buying storage devices. The ThumbDrive flash drive is available in 16, 32, 64 and 128MB, which is relatively small compared to our day-to-day flash drives. The reason behind this issue is that the flash drive is mainly designed to hold confidential files, and these files are usually personal files, legal documents, and financial or accounting data that don’t require huge storage capacity. So capacity isn’t really an issue here. Another major disadvantage is cost. The ThumbDrive touch 16MB costs $160, 128 MB $465, which is really a major concern for the buyer.

    Another solution for securing sensitive data on your flash drive is by using the newly designed “Voicelok Voice Authenticating USB drive”. This USB uses “voicecode”, in other words, it uses voice recognition to secure your data. The USB’s software detects precise frequencies and shades in the user’s voice. The advantages of this flash drive is that its price is much more reasonable than the fingerprint flash drive and has a better storage capacity, around $46 for a 8GB USB. Unfortunately this USB is still not reliable as the reviews indicate.

    If you want my advice, the best solution is to check the “Lenovo ThinkPad USB Portable Secure Hard Drive”. The hard drive protects the data from unauthorized access by requiring the user to enter a code into the numeric pad located on the hard drive. It allows up to ten different users and an administrator. It has a huge storage capacity compared to the fingerprint flash drive and its price is perfect, $179 for 160GB and $219 for the 320GB. The size of the hard drive is similar to the size of any other normal hard drive.
    Paying a little extra money to protect your information that can cost you a lifetime is worth it. If you have sensitive information and don’t want it falling in the wrong hands, I suggest you go for reliable technology like fingerprint flash drives or the numeric pad hard drive.

    Wednesday, May 2, 2012

    Ten Ways to Protect And Safeguard Your PC

    Since the use of computers has become an integrated part of our lives, information security has become a greater challenge; here are the Ten Commandments to protect and safeguard your PC:

    • Keep your operating system updated (install patches and service packs). If you are using Microsoft Windows turn ON Automatic Update.
    • Keep your third party applications updated especially your web browsers. New web browser exploits are discovered regularly and can severely impact your PC. 

     2- Use an Antivirus / Anti-Spy / Anti-Adware
    • There are many good and free anti-malware applications that are free and can be downloaded and installed easily. I personally use AVG (free and effective)
    • Usage of anti-spy and anti-adware application will help you preserve your identity and privacy while using the internet. I personally use two: Spybot Search and destroy, and Lavasoft Ad Aware.
    • Keep your antivirus definitions updated or else you will be vulnerable to multiple types of threats that your current antivirus cannot detect.
    • Full scan your PC periodically.
    • Don’t panic: sometimes anti-spy-adware applications generate false positive alerts where for example some legitimate browser cookies are flagged as adware and scheduled for deletion.

     3- Use Windows firewall 
    • Although many professionals consider Windows firewall to be dumb and bypass-able, there is no reason why you shouldn’t utilize this extra free, built-in feature in your windows (Available on all Windows versions from XP and up)
    • Use third Party firewall to increase your defense against internet attacks, I personally use:  Zonealram

     4- Turn on the popup blocker
    • Pop-ups are usually used for advertising purposes they appear to grab your attention and redirect you from one website to their own. But not all pop-ups are used for advertising purposes; others are planted with malicious intent. Some use these programs to distribute adware, spyware and more dangerous types of malware (Trojans and even Rootkits)
    • Recent Browsers give you the ability of blocking Pop-ups, and the option of choosing which sites are allowed to pass pop-ups
     5- Suspicious Mails are not to be Opened 
    • Never open emails that look or feel suspicious to you or not known to you, Use the “Mark as Phishing – Scam – Spam- Junk” option that most email providers utilize.
    • Some malicious Emails contain links that direct users to malicious websites that aim to harvest usernames and passwords of social media websites such as Facebook and Twitter or financial websites.
    • Never communicate your confidential data via email. Confidential data includes but not limited to usernames, passwords, addresses, telephone numbers, and social security number. Note that: Legitimate companies will never ask you to share your credentials via email.

      6- Caution When downloading Software
    • Exercise extreme caution when downloading applications and software from the internet because these applications could carry different types of malware.
    • Cracks and serial number generators are hosts to many kinds of malicious codes that most of the times can’t be detected by antivirus applications.

    7- Usage of USB and External Storage Devices 
    • Transferring data from one PC to another using an external storage media without the proper information security measures could lead to virus infections, data loss and data theft.
    • Disable auto run functionality in windows, although most antivirus software perform an activity monitor over files trying to slip into your pc from an external storage, but mistakes do happen.
    • Always scan the USB memory sticks, mp3 players, iPods, and Mobile phones memory cards before browsing its content. Always: better safe than sorry.
    • Don’t compromise your data; don’t use your semi full 500 GB External Hard Disk that contains “Your Lifetime Data Backup” as a transfer media to copy small files less than 8 GB from one PC to another. Get a memory card for this task – 8 GB sticks are currently cheap easy to handle, easy to carry and protect.

     8- Back-up Data
    • Perform periodical backup of your data, and please taking a copy of your “important files” To your D: drive (which is the same primary drive, but another partition) is not considered backup.
      Backup should be done on an External media such as USB drive or Hard Disk; I personally keep two backup copies on two different media storages. 

    9- System Restore – Time Machine
    • Use Windows System Restore to create restore point before doing any major change to your operating system. If something goes wrong you can use this option to restore windows to a previous saved point.
    • Similar to System Restore on Windows, time machine works on OS-X. Backup is done seamlessly provided the designated drive is connected. And restore option allows users to restore from multiple points simultaneously.

    10- Password Protection
    • Passwords are unique strings of characters that users provide in conjunction with a User ID, to gain access to an information resource.
    • Passwords should be at least eight characters long including upper and lower case letters along with digits and punctuation characters.
    • Should not be a word in any language
    • You shouldn’t reveal your password in an email message.
    • You shouldn’t talk about or HINT the format of your password in front of others.

     It is not hard to protect and safeguard your Data and PC, you just have to exercise some attention, and run the extra mile