As an IT Security professional and a father, I'm often asked how to filter the internet for their children. I would suggest there are three elements that need to be looked at including IT security, education and computer location.
My children use a Windows 7 computer, but in order to secure the system, I run Avira Internet Security 2012, which is a lightweight, low footprint but highly effective anti-virus software. It offers anti-malware, a software firewall and a basic level of web filtering. I ensure all these components are enabled, updated and running. I have created limited access Windows user accounts for the children, where no administrative rights are available.
Everyone assumes that controlling the computer or access to the internet is the answer, but your children need to understand why they are in place. We have spoken to the children that if they encounter anything that they did not expect, then they should make us aware of it. We have also spoken about password security to them, to ensure that the passwords they use are not shared with anyone beyond the family.
Some people are surprised with the final piece of advice, but I suggest putting the computer, or using the laptop in a high traffic area of the house. Some recent research has shown that paedophiles are less likely to engage in a webcam chat, if it is in a family area of the house, compared to a bedroom. We have situated the desktop computer in the kitchen, where the children are rarely using the computer unsupervised.
Some think this attitude may be a little paranoid, but the key component is education and for your children to understand why.
Thanks to Jason Jones for pointing out this Ofsted report, which makes for some interesting further reading.
A Cyber Security professional, who currently holds EU GDPR Practitioner, CISSP, MCSE:Security and MCTS certifications.
Thursday, 20 October 2011
“To The Cloud…”
For the last
year or so, it seems marketing people have moved away from terms such as “...
as a Service”, and replaced the words with Cloud.
We are
seeing hosted applications, hosted infrastructure, hosted servers, hosted
platforms, managed services, VPNs, MPLS networks, distributed networks, hosted
virtual servers, remote VDI solutions, all termed with the phrase Cloud.
I understand
the drivers that are used to move services out of your own server room, by
lowering infrastructure costs, moving capital expenditure to operational
expenditure, upgrading or downsizing by modifying your service plan, removing
running costs (such as air conditioning, trained server administrators, etc.),
having your systems monitored and changing applications on the fly.
I have a few
issues with Cloud offerings, which include:
Authentication
- How do users connect to the solution?
- Are they using a username and password?
There are
many issues around authentication, such as weak or insecure passwords, using
common words, using easy to guess words (such as favourite bands, football
teams, children’s names, car, etc.) and that’s before the fact the password can
be told to someone else.
People often
talk about multi-factor authentication, but to surmise it, the factors are “something
you know” such as passwords and PINs, “something you’re given” such as a one
time passwords from a token, or “Something you are” where biometric devices are
used to read fingerprints or iris scanners.
A
combination of two of these will be known as two factor authentication, where passwords
are coupled with a token generated one time password, offering much improved
security.
Encryption
- How is your data protected?
- Who has access to your data?
With the
Information Commissioner’s Office issuing fines of up to £500,000 for the loss
of personal data, it is more critical than ever data is encrypted.
I would
expect the data to be encrypted with to a minimum level of 256-bit AES, although
another consideration who has access to your data. It may be encrypted, but if the key is held
by the service provider, then they will have the ability to decrypt your data.
Backup
and Archive
- Is the data backed up?
- Is the data archived?
Your data
should be backed up regularly, giving a point in time that the data can be
restored to. The issue with back up is
that it will back up current data, but the ability to roll back and restore can
be more destructive and time consuming than working round the
missing/lost/corrupted data.
If your data
was archived, then it would offer the ability to manage and archive all versions
of the data. Archiving is driven by
compliancy and traceability, rather than disaster recovery.
Access to
the service
- Where can you access the data from?
It would be
great to be able to access your service from anywhere in the world, wouldn’t
it? A concern is that although this
great for remote users, should everyone be able to have access? Data security may dictate that the service or
data should not be access from non-trusted IP addresses, or by specific users
or during specific times. If this level
of control is required, ensure your provider is able to deliver this.
Disaster
Recovery
- Are there multiple servers hosting your service?
- Are there multiple datacentres hosting your service?
One of the
draws with a Cloud offering include having your applications and services available
from anywhere, so there perfect disaster recovery solution.
The issue
will be when the provider has a server failure.
Will they be able to move your service to a new server in a timely
fashion? Whether the services are being
run on virtual or physical servers, ensuring your service up time is vital.
Another
concern will be if the provider only has one datacentre or one WAN connection,
so if there service is delivered well I would expect multiple datacentres, with
multiple links running an active/active configuration, along with an
active/active or active/passive server configuration.
Conclusion
My concern
with Cloud solutions is the number of providers who are “jumping on the bandwagon”
offering cloud services as quickly as possible.
The issue is that some providers offer very favourable pricing, but the
infrastructure may not be in place until there is some uptake. This can only be a bad thing for the early
adopter, especially if it is not making money and they stop the service or
become bankrupt.
My advice is
to proceed with caution, check the provider thoroughly and try not to be price
driven.
Subscribe to:
Posts (Atom)