Category Archives: The Job

Are the Russian (Hackers) Still Coming?

The headlines in the news these days are about hackers attempting to infiltrate sites, mostly from Russia or China. The targets are many American sites, both government and private. How does IT Cybersecurity folks know if they’re coming? Going through the application logs for all attempts is a start. However, the best source of knowledge is the first line of defense: the Firewall. So it’s best to have a tool like Elasticsearch to make a readable report on the firewall logs, to figure out which ports are being probed.

It’s imperative any exposed ports are being denied on the firewall side to prevent any successful hack. In a real world example, in the past 7 days, the hackers were scanning for popular vulnerable applications such as telnet, RDP (Windows Remote Desktop), Microsoft SQL, or SMTP.

Thankfully, those ports are being blocked on the firewall. Unfortunately, this does not deter them from trying again and again. Network and system admins must put in the due diligence in controlling access and patching applications. No matter the business requirements, security must take precedence and IT Professionals must have the tools to detect, analyze, and protect.

WWW Prefix Is Superfluous

HTTP WWW

When Tim Berners-Lee made famous the “World Wide Web” by introducing the HTTP protocol, he set the standard that all web sites would start with “www” as a host name prefix. It was supposed to indicate it’s a web site, for everyone who hadn’t seen this new way of using the Internet.

That was the early 90’s.

Now, 20+ years later, the World Wide Web is as ubiquitous as e-mail or postal code addresses. Everyone knows what to do when they open a browser.  Even better, when someone receives an email with a web link (URL) in it, even though it’s not safe to click on any random links via email if source of information is not checked.

So why do web developers and content managers still tag on the prefix www into their host names?  Perhaps, out of habit because that’s how they learned to use the Internet from 20 years ago.  Maybe the fault is with e-mail servers, like Microsoft Exchange, creating automatic hyperlinks whenever “www.” is in the text, which makes it easier for mailing list managers to create content without deliberately hyperlinking URLs.

Whatever is the reason, people need to stop adding the prefix www when entering a web address. It’s a pain to setup on the server and network sides because DNS have to contain both entries (as alias or A records), web servers need to accept both host names, and SSL certificates have to be requested with www as a common name.

Besides, without the www prefix, it’s easier to tell someone (written or verbal) of the website’s shorter address. Nowadays, the prefix is superfluous and unnecessary.

BYOD: Why It Should Be The New Normal

Smartphone UseThere’s been a lot of talk lately about Bringing Your Own Device (BYOD) to work. It’s not a new concept. People love their smartphones, tablets, or laptops. They prefer using a particular brand for personal and work. They bring it to work because it’s convenient to carry just one device, and they can be productive with their own.

Traditionally, companies provide their own “certified” devices to retrieve secured Enterprise data. However, it’s difficult to stop employees from transmitting those data somewhere else, either via E-mail, USB drives, or Cloud Storage, potentially enabling others to see them. A strong privacy policy may be enough deterrent – at least in the beginning. As time goes by, employees will get complacent and too comfortable in taking their data everywhere, not realizing the confidential data may be leaked.

As an IT leader, one can imagine the complexity of supporting multiple devices and worries about zero control over securing protected data. Case in point, the biggest early adopter of BYOD was IBM. They learned valuable (and painful) lessons from it. Employees were not aware of insecure apps, not using secure channels to transmit data, and losing their unprotected/unencrypted devices. These security breaches could potentially cost them, or anyone else for that matter, millions of dollars to repair.

So, why is there growing trend to adopt BYOD? In this tough economic condition, company expenses have to be cut aggressively. The most obvious is to stop allocating budget for productivity machines. Having the cost shifted to the employees, it eliminates the need for company’s machines to be stocked, upgraded, and re-stocked.

Employees have also voiced their concern about the lack of productivity using company issued devices, such as a Blackberry, instead of their favorite iPhone or Android phones. It doesn’t make any sense to have a dedicated, company issued, device just to receive e-mails or phone calls for work, and another for personal use. It certainly becomes challenging to carry two devices, especially when an iPhone, for example, is more than enough to handle all of those tasks and be just as productive.

IT leaders are starting to embrace this BYOD trend because solutions are starting to appear, as the concept become widely accepted. Android and iPhone devices are now equipped with additional security to deter data theft or loss. Both Google and Apple are serious about Enterprise adoption and have updated their OS to be more secure. Now, it’s up to the IT leaders to trickle down the information to users on how to secure their devices, according to the companies’ need.  Instead of preventing employees to bring their own devices, educate them on how to secure the content of their own devices. As Ronald Reagan would say: “Trust, but verify.” There is a level of trust on both sides, but both must remain vigilant.

It is time to stop believing the myths of bringing-your-own-device to work. BYOD is happening, whether or not IT is ready. It is the “new normal”.