Gconnect Shortlisted for BIBA Awards!

Gconnect Have Made The BIBA’s Shortlist!

Exciting news in the Gconnect office, we have made the shortlist for 2 BIBA awards this year! As first time entrants, we are thrilled to have gotten to this stage! 119 businesses have been shortlisted from 1200 applications for the 17 awards!

The Be Inspired Business Awards, the BIBAs, today unveils its shortlists for the 17 prizes it will hand out at its annual prize-giving ceremony at the iconic Blackpool Tower in September.

It will put 196 applications from 119 businesses which were among the record number of entries it received before its judges when they meet for the first round of interviews later this month.

Ashleigh Dawson, Senior Business Development Manager at accountancy firm Grant Thornton which is sponsoring the Entrepreneur of the Year category, said the quality of firms shortlisted for the awards were evidence of the strength of Lancashire’s business community.

She said: “Grant Thornton is used to working with some of Lancashire’s leading businesses so we recognise the wealth of great firms which are in the county.

“The BIBAs are special because no firm progresses to the latter stages without being very special and this year is no exception.

“The quality and quantity of entries to the 17 prizes up for grabs this year has surpassed all previous years and there is no doubt the judges have a tough job on their hands picking a winner.”

The full story is available on The BIBA’s website here

Cisco Periodic Reboot Using Perl

A request to reboot a Cisco ASA every week came in today. Under Cisco IOS there is a kroon which would accommodate us here, however there appears to be no such thing under the ASA OS (is it still called FOS?). The next best thing is to run a Perl script which utilises the Net::SSH::Expect module to negotiate the SSH login.

As we are using an ASA without any kind of AAA usernames we also need to get past uplifting our privileges using en.

I’m on a FreeBSD server so I need to install the correct Perl module via the ports first:

# cd /usr/ports/net/p5-Net-SSH-Expect/

# make install

Now we can write and test the script:

#! /usr/bin/perl -w

 

use strict;

use Net::SSH::Expect;

 

my $host_ip = “1.1.1.1”;

my $login_name = “xxxx”;

my $login_password = “yyyy”;

my $en_password = “zzzz”;

 

my $ssh = Net::SSH::Expect->new (

host => $host_ip,

password=> $login_password,

user => $login_name,

raw_pty => 1

);

 

my $login_output = $ssh->login();

if ($login_output !~ /Type help/) {

die “Login has failed. Login output was $login_output”;

}

 

$ssh->send(“en”);

$ssh->waitfor(‘Password:’, 1) or die “prompt ‘Password:’ not found after 1 second”;

$ssh->send($en_password);

$ssh->exec(“reload noconfirm”);

Add the script to the crontab and we’re away!

BYOD Is On The Rise, Are You In?

 

BYOD (Bring Your Own Device) is on the increase, in particular amongst SMEs.  Essentially, BYOD is allowing employees to use their own devices for business use from synching a mobile to the company’s systems, to bringing in their own device and using it in their day to day work, connecting to the company’s network and storing company data on the device.

Aside from the cost saving implications for businesses, studies have found that allowing BYOD can increase employee confidence in device usage, also increasing employee productivity and overall satisfaction in the workplace.

The downside to BYOD comes in the form of security.  Few companies are aware of the risks involved in allowing an employee to connect their personal device to a network, and fewer still have a BYOD policy in place.  Allowing BYOD means allowing company data to be stored on a non-company owned device, which means data is only as secure as the measures in place on that device.  There is also the increased risk of virus infection, particularly when allowing devices to be connected to the company network.

Balancing the need between employee productivity and security is the difficulty most organisations face when using BYOD.  Risks can be mitigated by using applications delivered from a hosted Citrix platform to employee devices, as the data is stored centrally and strong policies can be implemented as to how and where the data is accessed.  Mobile Device Management (MDM) software also allows service providers to manage the delivery of applications and content to BYOD devices securely.  These measures significantly reduce the dangers of data being lost or compromised, decreasing the physical movement of the data itself, and preventing other users of the device accessing this information.  There is also lower risk of data breach should the device be lost or stolen.  Having a clear, well defined BYOD policy in place covering security measures will further increase successful and secure adaption of BYOD.

With the use of secure hosted technologies and implementation of a comprehensive BYOD policy, there are few reasons BYOD would be anything other than a positive step for many businesses.

You can find more information on how our hosted Citrix desktop and MDM solutions can help your business by calling us on 0845 006 0866

When Shared Servers Don’t Work….

For some businesses, having an up to date, easily accessible and manageable website is the lifeblood of their company.  For web designers maintaining various sites on a community/shared server, access and software updates can prove difficult to manage, if not almost impossible.  While a dedicated hardware server may not be the answer, Gconnect’s 30:30 server could be.

The 30:30 server bridges the gap between a dedicated hardware server and shared hosting on a community server.  The servers are delivered as a base server, with a number of optional add-ons.  These allow customisation with the “everything you need, and nothing you don’t” ethos.

The security advantages of these “lightweight” dedicated servers make hosting web sites with specialist software requirements and PCI compliance need a breeze.  The flexibility offered by full root access, and the option to install or develop your own software, makes the 30:30 server the ideal solution for many IT headaches.

Based upon industry leading “VMWare ESX Enterprise” software and enterprise grade Dell hardware, our 30:30 servers are built for reliability and resilience, giving you peace of mind that your application will be available day and night.  To find out more about these fantastic servers, call us on 0845 006 0866.

Using .htaccess to Secure a Website

As promised, here are some .htaccess examples to help secure your web site. First off is preventing .php or other scripts from being run from within an ‘upload’ folder in the web space. You would expect images and in some cases, zip files or even Office type files. In order to block the script being run, add the .htaccess file into the directory in question, this file prevents .php files from being accessed:

<Files *.php>
   deny from all
</Files>

This one prevents .php, .pl, .cgi and .rb (for the Ruby enthusiasts)..

<FilesMatch "\.(php|pl|cgi|rb)$">
   deny from all
</FilesMatch>

Next up is to prevent access to the directory from any IP address but the ones you trust:

<Limit GET POST PUT>
 order deny,allow
 deny from all
 allow from 1.1.1.1                     # Use a single host
 allow from 192.168.0.0/16              # Use a CIDR slash notation
 allow from 172.16.0.0/255.255.0.0      # Use a netmask
 allow from 10.*.*.*                    # Use wildcards
</Limit>

Ive used various notations here for allowing the ip addresses.
The .htaccess files can do loads of great stuff, far too much to document here, but why not look on the Apache website here: http://httpd.apache.org/docs/2.2/howto/htaccess.html

Spring Has Sprung, Time For A Clean

Spring is in the air, and as is traditional most people will soon be undertaking a “Spring Clean”.  While you’re busy cleaning out your cupboards and emptying that drawer full of used batteries, it would be worth considering taking stock of your IT, and having a clean of your tech closet.

A slow, over loaded machine can be a source of endless frustration, and while it’s easy to focus on the big issues such as broadband speeds and updating hardware, sometimes following a simple cleaning regime can have surprising impacts on performance.  Take a look at these tips for keeping your machine clear and quick:

  1. Ensure your virus software is up to date, and perform a full system scan.
  2. Clear out your hard drive. It’s all too easy to build up temporary files which will clog up your hard drive and slow down overall performance.
  3. Delete cache. A simple, but effective task
  4. Remove programmes you no longer have use for.  Uninstalling unwanted software will reduce the strain on your machine.

Done regularly, these steps can help keep your computer running smoother, for longer.

Deprecation of Internal Server Names from SSL certificates

We have had to reconfigure some of our customers Exchange Server settings recently as part of their SAN UC certificate renewal. This is due to the CA/Browser Forum, a collaborative effort between the Certificate Authorities and Browser vendors, phasing out the use of internal server names and reserved IP addresses from certificates from November 2015.

In a nutshell, this means if you use internal server names on your SAN UC certificate and have a domain such as .local, you will almost certainly need to change some settings on your Exchange Server, or apply your certificate at the perimeter of your network and use an internal CA for your Exchange server certificate. These changes are designed to stop the use of domains that cannot be verified in the public namespace.

Further information on the CA/Browser Forum and the changes can be found here: https://www.cabforum.org/index.html

How Secure Is Your Password?

Do you change it often? Do you use the same password across the board, or multiple ones? Do you use a variety of letters, numbers and punctuation characters ?  How about your phone, do you use a password lock at all? Or do you stick to the simple screen swipe? How about your business? Do you make sure passwords are changed often? That they are not simple or easy to crack? That employees are maintaining strong passwords that change often?

A simple internet search brings up a slew of free downloads, instructional pages and videos on creating and using password hacking software.  Some so basic, it has been said an 11 year old could use them! There is a constant threat from opportunistic criminals, who scan for accounts with default and weak passwords, plus the threat of more targeted attacks looking to fool users into revealing details.

Most businesses are aware that password security is important, but are they aware that one compromised computer on a network can bring the whole community to its knees?  Just one hacked terminal can spread a crippling virus throughout the network, effects ranging from halting all business to harvesting or wiping critical data.

In today’s evolving world more and more employees are using their own devices for business.  From mobiles to laptops, business is moving further and further away from the office based devices where most companies focus their security practices.  If your employee is using his mobile, tablet or laptop for business use, how sure are you that the data they have stored there is protected? A stolen device with no, or a very basic, password can have just as serious an impact as allowing access to your office machines.

So, how can we minimise the risks? Firstly, and most importantly, ensuring different passwords are used for different accounts/devices.  This is a basic, often unenforced practice that can lessen the damage should an attack occur.  Imagine giving someone a single key that will unlock any door in your home, office, car, garage…….

Once this simple practice is established, it is then wise to look at the complexity of the passwords themselves.  Certain things should be avoided, amongst them use of names, company names and dates of birth.  Matching usernames and passwords are a big no-no, as is using any word that appears in the dictionary!

A minimum length of eight characters is a good place to start, the longer your password the harder it will be to break. Mixing in letters with numbers and punctuation characters, surrounding the password with random punctuation characters(@&$ etc), and breaking it up with these, will increase the security of your password.  If the system allows use of a pass phrase, this is often harder to crack and easier to remember.

One of the easiest ways to create a strong, apparently completely random password is to create an acronym from a phrase.  Again, substituting letters for numbers and adding punctuation characters will further increase the password strength.

Ideally, no passwords would be written down anywhere, but for those who must write their passwords to remember them: don’t have a list, don’t write them with their corresponding usernames or which account/device they relate to and do keep them in a safe place.

Any mobile device used should have the most secure password system it allows.  For example, where a device allows a numbered pin, opt for the 6 or 8 number version over the basic 4, if there is an option for a written password, always take this.  Don’t be afraid to ensure your employees are protecting your data, even if that data is on their own device.

Changing passwords on a regular basis will also increase your security.  When making changes, ensure the new password in no way relates to the previous ones.

With increasing hacker activity, more companies adopting BYOD, it is vital we do everything we can to protect our systems from malicious attack as diligently as possible, adopting good password procedures is often the best way to start.

Dutch Pirate Bay Ruling To Influence UK Ban?

Citing the ban as ineffective, a Dutch court has overturned the ruling on restricting access to The Pirate Bay site.  With a similar ban in place for British ISPs, we look at why the ban was first imposed, the reasons the Dutch court has taken this decision and the implications this carries for UK ISPs.

Launched in Sweden in 2003 by a group of friends, The Pirate Bay became one of the largest file sharing sites on the net.  The site hosts links to downloads of mostly pirated free music and video content.

In early 2012, the High Court in London ruled that The Pirate Bay facilitated copyright infringement, and ordered ISP’s to block access to the site.

The British Phonographic Industry stated “Sites like The Pirate Bay destroy jobs in the UK and undermine investment in new British Artists….Its operators line their pockets by commercially exploiting music and other creative works without paying a penny to the people who created them.  This is wrong – musicians, sound engineers and video editors deserve to be paid for their work just like everyone else”

At the time of the ban, Virgin Media warned such measures were only part of the solution, “Virgin Media complies with court orders addressed to the company, but strongly believes that changing consumer behaviour to tackle copyright infringement also needs compelling legal alternatives, such as our agreement with Spotify, to give consumers access to great content at the right price”

Being relatively easy to circumvent, by use of VPNs or proxy servers, many claimed the ban was having little to no effect on P2P traffic .

In the months immediately after the ban, ISP data suggested P2P traffic in the UK had dipped 11%, but this quickly recovered to almost match the level before the ban.  The Pirate Bay also reported it received 12 million more visitors on the day after the ban than ever before.

In the Netherlands, the appeal against the ban was brought by Ziggo and XS4ALL, two local ISPs, who argued that the measure denied their users free access to information.  Although evidence indicated Dutch traffic to The Pirate Bay had declined, the amount of torrenting had not.  “This blockade imposed a violation of the basic freedom of commercial activity of the providers with insufficient justification” The court’s ruling said.  “It is of great significance that the providers themselves were not violating the copyrights”

Although ISPs affected by the ban in the UK, such as Virgin Media, said they will be looking into the implications of the ruling for British ISPs, a law expert thinks the ruling unlikely to be overturned here.

“Recently the EU advocate general decided that under EU law you cannot issue a site-blocking injunction which is expressed in general terms, but you can require ISPs to take specific measures to prevent users accessing a website with illegal content, even if those measures can be circumvented,” he said.

“Other courts in Europe will certainly have to take into account relevant EU directives, this opinion of the advocate general and decisions of other EU courts such as this one in the Hague Appeals Court, but ultimately each nation can make its own decision based on the facts of the individual case and as to the terms of any site-blocking injunction which it issues.”

So, whilst the Dutch may have overturned their ban, it looks as though for the time being UK ISPs will continue to restrict access.

App Data – To Share Or Not To Share? Do We Have a Choice?

With the recent revelations from the Edward Snowden leaks on the harvesting of private data, and the use of analytics data from mobile apps in its collection, how aware are you of the extent downloading and using an app can affect your security?

Many mobile app developers use analytics to help improve their products. They provide the developer the ability to see how often their app is used, which sections users visit most often and for how long.  This information is essential in making improvements and developing further apps.  Alongside developmental advantages, app developers also collect data for another reason – with free games ever increasing, developers need this information to help in targeted advertising, and to sell on to third parties, meaning the information is another revenue generator.

But Snowden’s leaks have revealed many apps, such as Angry Birds, are collecting far more detailed information than originally thought, from phone model and screen size to much more personal details such as age, gender, location and even sexual orientation.  Many will be shocked to learn of the extent of information collected, and the fact intelligence agencies are harvesting it.

Apps that require you to log in via social media platforms, and access your GPS can easily track where and when you play the game, as well as your full identity and all personal information you have on your social media account.  If this information is then transmitted without being encrypted, any third party with basic know- how has open access to your information.

So, next time you download an app that asks your permission to access certain data, think about the information this could release if the data is transmitted without encryption, and if this is the information you want being studied by everyone from advertising companies to the NSA!