Mother Knows Best- Even with Network Security

You didn’t realize it at the time, but your mother taught you everything you need to know about network security--or at least the important highlights. After all, mom’s goal is the same as ours as network security administrators: to keep us all safe.

Does any of this advice sound familiar?

1. Be suspicious, trust nobody. That goes for users on your network, as well as messages you receive from friends. Make sure users aren't allowed to download anything without permission. Be wary of suspicious links or invitations to join new social networks. These could be phishing attacks in disguise.

2. Lock the door. You wouldn’t let strangers into your house, so why would you let them onto your network?

3. Do your homework. Threats change daily. Keep up on newest threats so you can make sure your network is prepared for them.

4. Keep things clean. What she meant (in addition to clean socks and washing your hands regularly) was to make sure your PC, network protection and malware detection software is always up to date. Updated software and network protection will help keep the bad guys out.

5. Always be aware. Look before you cross the street, even if you don’t hear a car, and don’t assume some websites are safer than others. Sometimes the most “trusted” sites can be more dangerous. Educate other users on your network to inform them of the risks.

So let’s hear it for Mom. The network security savvy we have today originates in her good advice. It’s one more reason to thank her for all that she’s done for us. Oh, by the way, Happy Mothers’ Day!

We appreciate you reading our posts. Feel free to comment or post a tweet: www.Twitter.com/Smoothwall

© Smoothwall, Inc., all rights reserved, 2011.

Sir Becta and Mr. Cipa - Comrades-in-Arms

The quote is attributed to George Bernard Shaw: “England and America are two countries separated by the same language.” (1)

Who knows? Perhaps it’s true. Nonetheless, there are many things that bind us together, despite Mr. Shaw’s rumination.

Here, for example, are two distinguished purveyors of Network Security, or if you will, Web Security. They are, Sir Becta and Mr. Cipa, similar in outlook, and contemporaneous in age. Both are focused on providing safety for school children and school administrators from the perils present on the Internet. Each is a creature of the legislative system of his respective country. In this case, Sir Becta, http://www.smoothwall.net/c/article/306/becta/ is British, borne of the House of Commons in 1998 (though recently destined to be "downsized" by budget cuts), while Mr. Cipa http://www.smoothwall.net/c/article/63/cipa/ is the offspring of the U.S. Congress, Senate and White House, circa 2000, and still very much his lively self, the law of the land (USA, that is).

Whether you ascribe to Mr. Shaw’s opinion or not about our two countries being separated by the English language, web security on both sides of the pond, especially for minors, is a vital part of society’s response to the threats and dangers lurking on the web. Responsible teachers, schools, administrators, boards of education, and the public (citizens like you and me) all form part of civil society’s efforts to protect children from pornography, pedophiles, cyber-bullying and other threats that can invade and threaten kids via an internet connection, a chat room, email or other means.

This is in essence what one British-born, American-bred company, Smoothwall, does for a living. We are both British and American, like Sir Becta and Mr. Cipa. And, we are committed in both countries and everywhere else we operate to providing our web filtering and network security solutions for the safety of minors, and the safety of everyone else, for that matter. So, rather than seeing the two countries as divided by a common language, Smoothwall sees the world and the Internet protected by a common set of network security solutions. Doesn’t it make sense to minimize our differences, and maximize our commonalities, for the benefit of our kids, and the protection of society?

Thanks for reading, and please feel free to comment. Care to converse or "tweet" with us? Please go to: http://www.Twitter.com/Smoothwall .

(1) source: http://www.brainyquote.com/quotes/authors/g/george_bernard_shaw_3.html)

©Smoothwall, Inc., All rights reserved, 2011.

Infosec this week. Best post about security?

Hey there readers. (Or at least I hope there's more than one of you). Infosec this week - if you've not been it's a lot of fun (except for the standing up for ages bit). Be good to see a few old friends there (hey Shep), and check out whats new and groovy in the world of "Info" "Security" (don't hold your breath).

So, anyway, what with the week it is - maybe I thought i'd stick up a post about security... these crazy ideas, eh? Bit of an old topic though - risk. Specifically people mis-assessing it - including some folks who should know better.

First up - there's been a lovely message doing the rounds on Facebook. This message exhorts users to sidle on up to the url bar, and bob an "s" on their "http". Harmless advice, nay even reasonable advice - but you're really not at a great deal of risk, given that login is always encrypted, so the worst you're really looking at is a session hijack on untrusted media. So folks will bandy about useful but largely irrelevant advice - you never see a "viral" encouraging good password sense, or not leaving yourself logged in on a public PC.. and this is probably because the HTTPS advice is easy to execute - hey look, I can see there's no "s", but I can put one there and feel safe. Nice. Security, it's like a switch, you can turn it on and go back to sleep. Hmm I didn't intend this post to be about Infosec, but i'm getting a faint echo of some of the marketing guff I heard there last year...

Secondly, and these boys and girls belong firmly in the "should know better" camp... I recently upgraded my phone (finally went smartphone, the Luddite is dead). The network, Everything Everywhere (always block.. guardian3 users know the score...) allow me to set a lovely long password. It has numbers and everything. Now, don't ask why, but I ended up calling these guys a few times over the last week.. and always giving the same two characters in my password. My secure-sense (yeah right) finally surfaced, and I questioned my "customer services advisor" and yeah, sorry coincidence hunters, they always ask the first two characters. There's probably a few statistics you can use to tilt the balance in your favour (not least overhearing any call!) - my first guess, going vowel-consonant only bought me 3%, I bet you, dear reader can whip that with a bit of grep and /usr/share/dict/words! On the other hand, these guys won't post my new trombone to anything but my home address. Which I told them. After giving my "2 character 10 character" password. I wonder if this new "home address only" policy is fixing the symptom, not the cause?

Lastly i'd like to put in a good word for CEOP, who got a bit of gyp in the press for not making their child abuse reporting form HTTPS.. what's more important, being able to report such sites, or mitigating the minuscule risk of an interested party snooping?

Voices from America

Greetings from the United States of America!

As a long-time software executive, working throughout the world to sell, market and establish high-tech solutions in various markets, it's a pleasure to be a part of the Smoothwall team. My role is to run the U.S. and other territories in the Americas, and to expand Smoothwall's success. This is an ongoing and expanding project, and as part of our outreach, we're contributing "posts" to this blog.

For the most part, you'll hear about ideas, activities and interesting elements that we comment on from the USA or other parts of our extended territory. This may be something specific to the industry, or more detailed, with regard to how a particular client deals with network security challenges, or applies creativity to network situations.

With luck, you'll read and enjoy these voices from America and they will be relevant in today's globalized world. You'll clearly be reading the U.S. English version (z's insteads of s's), with U.S.-centric vocabulary and phrases. The bottom line, all the same, will be added-value for your appreciation of all things in the network security industry, specifically with regard to how Smoothwall, Inc. (and the mother ship, Smoothwall, Ltd.) approach our charter of protecting networks, people and productivity.

As we say in the States: "British-born, American-bred, World-class Web Filtering and Security".

Thanks for reading. Care to comment? Please do so, or follow us and talk back via Twitter:

www.Twitter.com/Smoothwall

© Smoothwall, Inc., 2011, All rights reserved.

Poor customer service - in this day and age!

In this day and age of bloggs and web-savvy users, especially those buying technical services - who would expect a DNS company to have poor customer service? Customer service is pretty much the most important part of a company - it is so important and influential that it can even make up for or mask a lesser product. By customer service I don't just mean the support department, but also accounts, pre-sales, sales, website - anything which services a customer's needs.

I needed a new DNS provider as my old one no longer replied to support tickets and seemed to be disappearing. I was recommended Namesco by someone; "I use them and they are OK." They did not appear to support IPv6 so I contacted their support and they said that although it's not on the control panel, I can contact them and they will add the glue records for me. So I moved my 24 domains.

But then I found out that they could not support IPv6 DNS glue after making a ticket to ask for it to be added. So I put up with having only IPv4. I've now got to the point I no longer want to run my own DNS servers (SaaS FTW) so I've been looking around and gandi.net seem to offer a good promise of customer service, full IPv6 support and free DNS serving. They also responded to my first ticket in minutes.

Back to the irritating Namesco control panel and I find that to transfer each domain I have to pay £10+VAT. I've never had to do this before when I transferred the last three times (I've had my own domains for 13 years). But not only do I have to pay £240+VAT, I have to repeat the process and go through a checkout TWENTY FOUR TIMES. Fail!

Don't they know a happy customer tells maybe three people. But an unhappy customer tells ten!

If the customer service staff at Smoothwall acted like this to our customers, I would have words with them, or their manager - and then make sure they got the training needed not to make the mistake again.

Now I am off to repeat an annoying loop 23 more times, get RSI and probably have VISA call me up and say there's suspicious activity on my card...

ICANN approve XXX, Domain Registrar In Line for $$$

ICANN have finally approved the controversial .xxx top level domain. Apparently all the porn on the Web is suddenly going to up sticks and move to this new domain. Whilst our jolly pornographers get to grips with that, lets take a moment to leave fantasy island and consider the real world implications of this move.

Who is the new TLD going to help? Will it help those of us trying to keep impressionable youngsters away from pornographic material? Not really. At Smoothwall we have been blocking this non-existent domain pretty much since we started making web content filters. It is not hard to do, but it certainly does not get you much traction. Most porn sites will keep their existing domains, and even if legislation eventually forces the US and EU sites to consolidate under .xxx, there's still the less salubrious porn sites whose owners are less than concerned about that sort of legal threat. Will it help the porn industry? Unlikely. It might lead to the odd fracas over a contested domain name, where two skin merchants try to muscle in on the same .xxx domain, having come from, say a .com and a .tv. No, the only people it will help are those selling domains, and the really unimaginative self-abusers who have a hard time finding porn (if this is you, please write in at the usual address).

Entertainingly, whilst we've been fannying around trying to find a new home for our hardcore, looking at pics of naked people has finally been relegated to second spot in the "internet usage highscore table". Yes, you guessed it, social networking, that digital white noise (that this blog almost certainly counts as), has overtaken porn in the UK web traffic stakes. I'm not sure what sort of a message this sends about our society as a whole. Idle chatter probably appeals to a wider demographic than the soon-to-be denizens of .xxx and is less likely to be blocked at web filter level, despite contributing to huge levels of timewasting in offices the world over. Maybe we should lobby for a "social notworking" tld - .poke? .trivial? .inane? .waste?

It's not technology, nor is it cricket - Homeserve nightmare

For the past two weeks we have been suffering two leaks caused by a Homeserve plumber. He fixed the original problem of a problematic flush, charged us £90 and gave us two free leaks.

A bit of history. We used to have our house serviced by Homeserve. They used to pop around once a year and spend a few mins doing the minimum work. The thing that really made us stop using them was one year the cowboy plumber checked a couple of things and then asked me to sign a form to say he had checked all the radiators. He had not even been upstairs!!! I asked him how he could have checked them without going to see them. He grunted and then checked them. We cancelled after that.

A few weeks ago our main bathroom toilet stopped flushing easily so my wife, without asking my advice, booked a plumber from Reactfast. He turned up in a Homeserve van. Oh dear I thought. I also thought "that guy looks familiar - is he the one who did a slack job of the radiators?"

He did a fairly quick job and showed me the toilet flushing easily and that he had replaced the cistern. Great.

Two days later, just before going to work, I noticed water coming out of the ceiling of the garage. This was not there when he was there as I would have noticed as I was doing a lot of work in the garage the same day he was breaking the toilet.

So we called Reactfast aka Homeserve again. A second different plumber turned up. He showed me how the first plumber had left the overflow pipe leaking and had fitted the float badly so it would get stuck. He ‘fixed’ it and left. He said the dripping would take a few days to stop.

Several days later the dripping was still going just as strong and the bathroom floor was now squelching with water coming between the tiles. So we called Reactfast aka Homeserve again. A third different plumber turned up. He showed me how the second plumber had left the overflow pipe leaking and removed it. He showed me that the first and second plumber should have removed the over flow pipe as the new cistern has an overflow built in. He said it was zero percent chance that it was not caused by the first plumber.

Five days later the dripping was still going albeit about half as strong. So we called Reactfast aka Homeserve again. A fourth different plumber turned up. He showed me how the third plumber had not spotted a leak under the tank behind the toilet. He replaced a rubber seal. Minutes later the dripping was almost gone.

For want of a working flush I have wasted time and effort and ended up with a ruined bathroom floor. Now I will have to go through all the time and effort getting my insurance company to argue with Homeserve’s liability insurance as to who’s fault it is. They already refused to send out a plumber “because it’s not an emergency”. Then when that is all done I will have to arrange people to come in and re-grout and fix any other damage which turns up.

Assuming of course this is the end of it.

I recommend never ever ever using Homeserve (or Reactfast). They clearly employ coyboy jobsworth useless plumbers.