Configuring a Windows computer from the ground up for security and stability Part 1.

This blog will walk you through configuring a Windows computer from the ground up for security and stability. This configuration will make you virtually impervious to viruses you don’t actively try to install yourself, and will help constrain any malicious code that does get on your computer.

Pretty much all of this is free, but any mentions of products in this guide are completely un-compensated.

Section A: The Ground Up

The best thing to do is start from the bare hardware and install Windows 10 from scratch with UEFI, TPM, and SecureBoot turned on. If you don’t want to do that, skip to Section B. Any retail computer purchased with Windows 8.1 onward will already have these turned on.

1.) Update BIOS

For best compatibility and security you should update your computer’s BIOS. A modern BIOS (really UEFI) is a full operating system that runs below and at the same time as Windows, and it needs patches too. People who built computers in the early 2000’s will tell you BIOS updates are risky, and they were, but not anymore. They deliver fixes, features, and security updates you won’t hear about on the news.

Even new computers/motherboards need updates. If you’re starting from scratch, do the BIOS update after installing Windows 10.

You can find the BIOS update tool on your manufacturer’s driver page for your computer model. You will need to reboot for it to take effect. If you have a Surface, BIOS updates are delivered through Windows Update.

2.) Prepare Windows Bootable Media

To get ready to install Windows 10 64bit on the bare hardware, use Microsoft’s Media Creation Tool to create a bootable DVD or USB stick.

Make sure everything is backed up before proceeding. The following changes will wipe your Windows installation.

3.) Configure BIOS

This is important and is something nobody talks about.

From the boot of your computer, press the setup hotkey. It may be F1, F2, F8, F10, Del, or something else to get into SETUP mode.

In the BIOS:

  • Set a setup password. Make it simple, this is only to prevent malicious modification by someone in front of the computer or by a program trying to corrupt it.
  • Change boot to/prioritize UEFI. Disable everything except UEFI DVD, UEFI HDD, and USB UEFI if you plan on using a USB stick to install Windows.
  • Enable the TPM (if available) and SecureBoot (if available) options. This is super important.
  • Disable 1394 (FireWire) and ExpressCard/PCMCIA (if you’re on a laptop) as a layer to further mitigate DMA attacks. This isn’t as important anymore, but if you don’t use them you might as well turn it off.
  • If you want, and if the computer offers it, you can enable a System and HDD password. We will be using BitLocker to protect the disk, but this is an extra layer you can add if you want. I don’t.
  • If you don’t use webcam or microphone, you may be able to turn them off in the BIOS

Save settings and shut down.

4.) Install Windows 10

Insert your DVD/USB. Boot the computer and use the boot menu hotkey to boot to your UEFI DVD or UEFI USB. The hotkey is often F12.

Follow the prompts and install Windows. If it gives you an option of where to install Windows to, and there’s already a partition, delete the partition first.

Keep an eye out for Part 2

For more information on all our services, please visit our website @ http://www.cans.scot

Advertisements

The CANS Guide to Not Getting Hacked

KEEP YOUR APPS UP TO DATE

Probably the most important and basic thing you can do to protect yourself is using up-to-date software. That means using an updated version of whatever operating system you’re using, and updating your apps and software. Bear in mind that you don’t necessarily have to use the latest iteration of an operating system, such as, say, Windows 10. (In some cases, even slightly older versions of operating systems get patched. Sorry, that’s not the case with Windows XP, stop using it!) What’s most important is that your OS is still receiving security updates, and that you’re applying them.So if you come away with one lesson from this guide is: update, update, update, or patch, patch, patch.

Many common cyberattacks take advantage of flaws in outdated software such as old browsers or PDF readers. By keeping everything up to date, you have a way lower chance of becoming a victim of ransomware, for example.

PASSWORDS

We all have too many passwords to remember, which is why people just reuse the same ones over and over. And even though our brains aren’t actually that bad at remembering passwords, it’s almost impossible to remember twenty or more unique and strong passwords.

The good news is that the solution to these problem is already out there: password managers. These are apps that keep track of passwords for you, automatically help you create good passwords, and simplify your online life. If you use a manger, all you have to remember is one password, the one that unlocks the vault of your passwords.

Intuitively, you might think it’s unwise to store your passwords on your computer. What if a hacker gets in? Surely it’s better that I’m keeping them all in my head? Well, not really: for most people’s threat models, the risk of a crook taking advantage of a shared password on a website is far greater than some sophisticated hacker dropping a load of super-fancy malware onto your device. Again, it’s all about understanding your own threat model.

So, please, use one of the many password managers out there, there’s no reason not to do it. It will make you—and the rest of us!—safer, and it’ll even make your life easier.

TWO-FACTOR AUTHENTICATION

Having unique, strong passwords is a great first step, but even those can be stolen. So for your most important accounts (think your main email, your Facebook and Twitter accounts) you might want to add an extra layer of protection known as two-factor (or two-step or 2FA) authentication.

By enabling two-factor you’ll need something more than just your password to log into those accounts. Usually, it’s a numerical code sent to your cellphone, or it can be a code created by an ad-hoc app (which is great if your cellphone doesn’t have coverage at the time you’re logging in).

There’s been a lot of attention recently around how mobile phones may not be suitable as 2FA devices. Activist Deray McKesson’s phone number was hijacked, meaning hackers could then have the extra security codes protecting accounts sent straight to them. And the National Institute of Standards and Technology (NIST), a part of the US government that writes guidelines on rules and measurements, including security, recently discouraged the use of SMS-based 2FA.

The attack on Deray was low tech: It essentially involved getting his phone company to issue a new SIM card to the attackers. It’s hard to defend against that, and there are other ways to get those codes sent via SMS, as text messages can, in theory, be intercepted by someone leveraging vulnerabilities in the backbone that carries our conversations. There is also the possibility of using an IMSI-catcher, otherwise known as a Stingray, to sweep up your communications, and verification texts too.

But apart from the trick of getting a new SIM card, these are attacks that are not trivial to pull off, not just because they might requires specific hardware like Stingrays, but also because they are relatively expensive.So, realistically, though, for the vast majority of people, SMS 2FA is still a robust security measure that does what it’s designed to do: add an extra layer on top of your password that might get phished or otherwise stolen.

You could, if the website allows it, use another 2FA option that isn’t SMS-based, such as an authentication app on your smartphone (for example, Google Authenticator), or with a physical token like a Yubikey. If that option is available to you, it’s great idea to use it. But it would be foolish to disregard SMS 2FA altogether, especially if you’re not under targeted attack.

2FA is a great way to make it nearly impossible for average cybercriminals to break into your most important accounts. You can check out all the services that offer it and how to turn it on here.

A 2FA token like a Yubikey (pictured) can be a more secure 2FA solution that doesn’t require a cell connection.

DOs & DON’Ts

Don’t use Flash: Flash is historically one of the most insecure pieces of software that’s ever been on your computer. Hackers love Flash because it’s had more holes than Swiss cheese. The good news is that a lot of the web has moved away from Flash so you don’t really need it anymore to still enjoy a fully-featured and rich browsing experience. So consider purging it from your computer, or at least change the settings on your browser so you have to click to run Flash each time.

Do use antivirus: Yes, you’ve heard this before. But it’s still (generally) true. Antiviruses are actually, and ironically, full of security holes, but if you’re not a person who’s at risk of getting targeted by nation-state hackers or pretty advanced criminals, having antivirus is still a good idea. Still, it’s far from a panacea, and in 2016 you need more than that to be secure.

Do use some simple security plugins: Sometimes, all a hacker needs to pwn you is to get you to the right website—one laden with malware. That’s why it’s worth using some simple, install-and-forget-about-it plugins such as adblockers, which protect you from malvertising threats presented by the shadier sites you may wander across on the web. (We’d naturally prefer if you whitelisted Motherboard since web ads help keep our lights on.)

Another useful plugin is HTTPS Everywhere, which forces your connection to be encrypted (when the site supports it). This won’t save you if the website you’re going to has malware on it, but in some cases, it helps prevent hackers from redirecting you to fake versions of that site (if there’s an encrypted one available), and will generally protect against attackers trying to tamper with your connection to the legitimate one.

Do use VPNs: If you’re using the internet in a public space, be it a Starbucks, an airport, or even an Airbnb apartment, you are sharing it with people you don’t know. And if some hacker is on your same network, they can mess up with your connection and potentially your computer.

Don’t overexpose yourself for no reason: People love to share pretty much everything about their lives on social media. But please, we beg you, don’t tweet a picture of your credit card, for example. More generally, it’s a good mindset to realise that a post on social media is often a post to anyone on the internet who can be bothered to check your profile, even if it’s guessing your home address through your running routes on a site like Strava, a social network for runners and cyclists.

Personal information such as your home address or high school (and mascot, which is a Google away) can then be used to find more information via social engineering schemes. The more personal information an attacker has, the more likely they are to gain access to one of your accounts. With that in mind, maybe consider increasing the privacy settings on some of your accounts too.

Don’t open attachments without precautions: For decades, cybercriminals have hidden malware inside attachments such as Word docs or PDFs. Antiviruses sometimes stop those threats, but it’s better to just use commons sense: don’t open attachments (or click on links) from people you don’t know, or that you weren’t expecting. And if you really want to do that, use precautions, like opening the attachments within Chrome (without downloading the files). Even better, save the file to Google Drive, and then open it within Drive, which is even safer because then the file is being opened by Google and not your computer.

Do disable macros: Hackers can use Microsoft Office macros inside documents to spread malware to your computer. It’s an old trick, but it’s back in vogue to spread ransomware. Disable them!

Do back up files: We’re not breaking any news here, but if you’re worried about hackers destroying or locking your files (such as with ransomware), then you need to back them up. Ideally, do it while you’re disconnected to the network to an external hard drive so that even if you get ransomware, the backup won’t get infected.

Your life needn’t be the above-pictured cyberhell. Most hacks are opportunistic, and these basic precautions go a long way toward securing yourself. Image: Shutterstock

GO OUT THERE AND BE SAFE

That is all for now. Again, this is just meant to be a basic guide for average computer users. So if you’re a human rights activist working in a dangerous country or a war zone, or an organization building IT infrastructure on the fly, this is certainly not enough, and you’ll need more precautions.

But these are common sense essential tips that everyone should know about.

And remember, always be vigilant!

Computer Jargon Explained

Technology advancements are happening far quicker than most of us can keep up with. Ultimately, as technology changes so does the endless amount of terminology and jargon that we have to get to grips with. This guide to computer jargon will help you to understand the difference between a Hard Drive and the cloud, and everything in between.

Hardware:

Hard disk drive – This is essentially the place where your computer stores information on a permanent basis. If you create a Word document or a PowerPoint presentation you’ll save it to your hard disk drive and it will stay there until you delete it.

Random Access Memory (RAM) – Whenever you have a program open on your computer it is running from your RAM. RAM is your computer’s memory that is used for running programmes. Ultimately the greater amount of RAM your computer has, the more programmes it will be able to handle at once.

USB stick – USB sticks work in a similar way to your hard disk drive in that you can save information to them. However, as these can be plugged into any computer with a USB port you’ll be able to access the files from any system that you plug it into. The files will stay on your device until you delete them.

Motherboard – The motherboard is a circuit board that links everything together on your computer or mobile device; consider it the main hub that allows everything to work with each other.

Software:

Operating System (OS) – An operating system is a piece of software on your device that is responsible for how things look and behave. There is a wealth of operating systems available on both mobiles and computers and their main difference is appearance. From a functional perspective all these operating systems translate your command into a response from your device, essentially being the thing that allows you to interact with your mobile or computer.

The Internet & Connectivity:

Web browser – A piece of software that displays websites and allows you to search the web. 

Local Area Network – A Local Area Network is any network of devices that are connected to each other to share information. Generally these are used within businesses to share documents, images, videos and more.

Wi-Fi – Wi-Fi is used to connect a wireless device to the Internet through a wireless hotspot.

Bluetooth – Bluetooth is a wireless connection that deals with short-range signals. The latest version of Bluetooth is version 4 and each version indicates a difference in usage, connection speed and compatibility. Devices such as wireless headsets and car kits primarily operate via Bluetooth.

IP-Address – This is a unique number that is assigned to every device that connects to the Internet or a network.

Server – A powerful computer that sends information to other devices ether through the Internet or a network. The most common use of a server is the hosting of websites. As a user connects to a server they will be displayed a webpage.

Proxy – A server that acts as an intermediary from users that are looking to gain access to information held from other servers.

The cloud – The use of networks and remote servers to store information on the Internet rather than on a hard disk drive.

Internet Security:

Malware – Refers to a host of hostile software that are designed to harm your system. These include viruses, worms, spyware, adware and much more.

Anti-virus – A piece of software that is designed specifically to detect and destroy computer viruses before they infect your system.

Firewall – Firewalls are programmes that act to try and protect computers from malware. This is achieved by controlling the inbound and outbound communications of a device to reduce the risk of viewing information that could potentially harm your device.

What is VoIP and How Does it Work?

If you don’t already know what a VoIP is and how it works, get ready to be informed!

VoIP stands for Voice over Internet Protocol and it is the method of taking analog audio signals and converting them into digital data that can be transmitted over the Internet. Ultimately VoIP will completely change the way you think about long-distance phone calls.

How is VoIP useful?

The general perception is that long distance phone calls are extremely expensive and if you stay on the line for more than a few minutes you can expect a nasty surprise when your bill drops through the door at the end of the month.

However, VoIP turns a standard Internet connection into a way to place free phone calls. Therefore the advantage is that you can essentially bypass the phone company and their inflated charges and instead use the Internet to make phone calls.

If you want to try out VoIP take a quick look online and you’ll be presented with a wealth of free VoIP software options. You’ll be able to download them in a few minutes and if you get a friend to do the same you’ll be able to start making calls and get a real taste for how VoIP works.

How is VoIP used?

Now that you have a clearer understanding of what VoIP is and how it is useful, the next step is to see exactly how you can use it in your day-to-day life.

The chances are that you are already using VoIP in some capacity each time you place a long-distance call. Many phone companies have started to use VoIP to streamline the networks.

It’s not just the phone companies that are using VoIP either; more and more businesses are installing VoIP systems as a way of communicating with contacts from around the world, so the technology is certainly catching on.

VoIP can be used anywhere you have broadband connectivity, which makes it ideal for business travellers who don’t want to have to be wary of making long distance calls whilst they try to close a big deal on the other side of the globe. As long as you have a headset and a microphone you are good to go, so whether it’s from the airport departures lounge, your hotel room or an Internet café you’ll always be able to make long distance calls at an extremely affordable rate.

It’s not just in businesses that you see VoIP being used; it is also becoming increasingly popular in homes as well. With the world being more accessible than ever and people having family scattered across all corners of the globe, there is a high demand for VoIP as people look to keep in touch with their families and friends.

How much does it cost?

The cost of VoIP will vary according to your individual needs. Certain suppliers will have more affordable rates than others, so it is important to shop around.

When selecting a VoIP company make sure you check exactly what is included in your plan. VoIP companies tend to provide features that you would normally have to pay extra for with a normal phone provider, but again this can vary from company to company.

Typically you’d expect VoIP services to include:

  • Caller ID
  • Call waiting
  • Call transfer
  • Repeat dial
  • Return call
  • Call forwarding

Looking to make phone-calls via the internet instead of using the conventional telephone system?

Our VoIP services are probably just what you’re looking for.

What is Virtualization? Because almost every business can leverage the benefits of virtualization

The short answer is, it’s pooling a few resources to accomplish the same tasks you once did with many. To put it a different way think of a company with 6 servers, each in charge of a different task like email, storage, etc. Now instead of these servers being computers think of them as people, each person has a different job, one does marketing, one is in charge of mail, another might be the receptionist, either way; each individual has a task and does only that task. While it might be beneficial to have each person doing there own task, the allocation of work is going to be skewed. If for some reason hundreds of phone calls come in today and only the receptionist can answer the phone (their dedicated task), the receptionist is overworked. Meanwhile, the mail room person has a small amount of mail to sort, so they sit idle.

This is essentially how a company with a few servers works, each with their own set of tasks; none of which intersect. But the problem is, how do we fix the fact that the phone receptionist is doing too much work? Well, you could hire another person to help with the workload, but this is going to increase cost and if this spike in activity is only an once in a while thing then it wouldn’t make much sense to keep a second person on hand at all times. The other problem is what about the employee that is underutilized? They still have a lot of potential tasks they could do, but are waiting for the instructions. This is the problem most companies faced before virtualization, how can we lower the workload of one server and increase the work load of another?

Virtualization fixed this issue by taking all the servers computer power and created what is known as an Hypervisor to help distribute the tasks, evenly. Think of this as having a project manager distribute tasks to each of his employees as equal as possible. If the manger sees one department being overworked, they have someone from a different department step in and help with the workload. I know what your thinking. “Well, of course! Any good business would be structured like this!  You’re right.  And the brilliant software engineers who designed Virtualization agree with you, too.  They successfully took this proven effecient business practice, and wrote software so technology could follow suit: Virtualization.

What the Hypervisor does, is figure out the processing power of the combined servers and allocate each task a portion of this total computing power, just as project manager might allocate a percentage of the employee’s total work hours that day. By doing this, the Hypervisor can change how much computer power each task gets instead of how many servers, just like a project manager can delegate how many hours of work will go to a certain task vs. how many people.

When you start your computer you probably open Outlook, word and maybe an Internet Browser, all from the same computer. It wouldn’t make sense to have three different computers running three different applications when one has the power to run all three. This is what the operating system is for, to let each task run next to each other. Well, a Virtualized Network is the same thing.

IT Services What is Virtualization

This is a basic conceptional way to think about Virtualization.  The practical way is:

Less hardware to manage.

More uptime, less down time.

Disaster Recovery is built in.

You can virtualize one server.

It is beneficial to almost any IT environment.

Less power consumption.

More flexibility.

Your competition is probaby using virtualization.

 

What is wireless internet (Wi-Fi)?

What is wireless internet (Wi-Fi)?

Wireless networking – which is often just known as Wi-Fi – is a way of getting broadband internet without wires.

Wi-Fi allows you to connect several computers at once, anywhere in the house – or if you have a laptop, to even use your computer in the garden. You don’t need to install extra phone lines or cables.

Millions of Scots already connect to the internet using Wi-Fi. It’s also known as ‘wireless networking’ or ‘wireless fidelity’.

Wi-Fi is widely installed in cafés, airports and many other public buildings. If you have seen someone at your local coffee shop surfing the internet on a laptop computer, they are probably using a Wi-Fi network..

How does Wi-Fi work?

Wi-Fi creates a network in your home or office – a little zone where computers can get broadband internet. It uses radio waves, just like TV or mobile phones. You may sometimes hear this zone referred to as a WLAN (Wireless Local Area Network).

A device called a wireless transmitter receives information from the internet via your broadband connection. The transmitter converts the information into a radio signal and sends it.

Think of the transmitter as a mini radio station, broadcasting signals sent from the internet. The ‘audience’ for these transmissions is the computer (or computers, as more than one can connect at the same time) which receives the radio signal via something called a wireless adapter.

The whole process, meanwhile, works in reverse, with the computer sending information to the wireless transmitter. It then converts them and sends them via your broadband connection.

How do I set up Wi-Fi?

To use Wi-Fi you will need certain equipment:

A wireless transmitter, also known as a Wireless Access Point (WAP)
A Wi-Fi adapter on every computer that will use Wi-Fi

You may find that you already have a Wi-Fi network, as many ISPs (internet service providers) set up new customers with Wi-Fi from the outset. However you may find the equipment slow and outdate and this is where we come in.

CANS can set-up your company network with the correct Wi-Fi for your business. We can supply and configure the router and new laptops to get you going with your superfast new Wi-Fi network.

 

What is Cloud Computing, and what can it do for your business?

What is cloud computing?

Cloud computing means that instead of all the computer hardware and software you’re using sitting on your desktop, or somewhere inside your company’s network, it’s provided for you as a service by another company and accessed over the Internet, usually in a completely seamless way. Exactly where the hardware and software is located and how it all works doesn’t matter to you, the user—it’s just somewhere up in the nebulous “cloud” that the Internet represents.

Cloud computing is a buzzword that means different things to different people. For some, it’s just another way of describing IT (information technology) “outsourcing”; others use it to mean any computing service provided over the Internet or a similar network; and some define it as any bought-in computer service you use that sits outside your firewall. However we define cloud computing, there’s no doubt it makes most sense when we stop talking about abstract definitions and look at some simple, real examples—so let’s do just that.

Simple examples of cloud computing

Most of us use cloud computing all day long without realizing it. When you sit at your PC and type a query into Google, the computer on your desk isn’t playing much part in finding the answers you need: it’s no more than a messenger. The words you type are swiftly shuttled over the Net to one of Google’s hundreds of thousandsof clustered PCs, which dig out your results and send them promptly back to you. When you do a Google search, the real work in finding your answers might be done by a computer sitting in California, Dublin, Tokyo, or Beijing; you don’t know—and most likely you don’t care!

The same applies to Web-based email. Once upon a time, email was something you could only send and receive using a program running on your PC (sometimes called a mail client). But then Web-based services such as Hotmail came along and carried email off into the cloud. Now we’re all used to the idea that emails can be stored and processed through a server in some remote part of the world, easily accessible from a Web browser, wherever we happen to be. Pushing email off into the cloud makes it supremely convenient for busy people, constantly on the move.

Preparing documents over the Net is a newer example of cloud computing. Simply log on to a web-based service such as Google Documents and you can create a document, spreadsheet, presentation, or whatever you like using Web-based software. Instead of typing your words into a program like Microsoft Word or OpenOffice, running on your computer, you’re using similar software running on a PC at one of Google’s world-wide data centers. Like an email drafted on Hotmail, the document you produce is stored remotely, on a Web server, so you can access it from any Internet-connected computer, anywhere in the world, any time you like. Do you know where it’s stored? No! Do you care where it’s stored? Again, no! Using a Web-based service like this means you’re “contracting out” or “outsourcing” some of your computing needs to a company such as Google: they pay the cost of developing the software and keeping it up-to-date and they earn back the money to do this through advertising and other paid-for services.

What makes cloud computing different?

It’s managed

Most importantly, the service you use is provided by someone else and managed on your behalf. If you’re using Google Documents, you don’t have to worry about buying umpteen licenses for word-processing software or keeping them up-to-date. Nor do you have to worry about viruses that might affect your computer or about backing up the files you create. Google does all that for you. One basic principle of cloud computing is that you no longer need to worry how the service you’re buying is provided: with Web-based services, you simply concentrate on whatever your job is and leave the problem of providing dependable computing to someone else.

It’s “on-demand”

Cloud services are available on-demand and often bought on a “pay-as-you go” or subscription basis. So you typically buy cloud computing the same way you’d buy electricity, telephone services, or Internet access from a utility company. Sometimes cloud computing is free or paid-for in other ways (Hotmail is subsidized by advertising, for example). Just like electricity, you can buy as much or as little of a cloud computing service as you need from one day to the next. That’s great if your needs vary unpredictably: it means you don’t have to buy your own gigantic computer system and risk have it sitting there doing nothing.

It’s public or private

Now we all have PCs on our desks, we’re used to having complete control over our computer systems—and complete responsibility for them as well. Cloud computing changes all that. It comes in two basic flavors, public and private, which are the cloud equivalents of the Internet and Intranets. Web-based email and free services like the ones Google provides are the most familiar examples of public clouds. The world’s biggest online retailer, Amazon, became the world’s largest provider of public cloud computing in early 2006. When it found it was using only a fraction of its huge, global, computing power, it started renting out its spare capacity over the Net through a new entity called Amazon Web Services. Private cloud computing works in much the same way but you access the resources you use through secure network connections, much like an Intranet. Companies such as Amazon also let you use their publicly accessible cloud to make your own secure private cloud, known as a Virtual Private Cloud (VPC), using virtual private network (VPN) connections.

Types of cloud computing

IT people talk about three different kinds of cloud computing, where different services are being provided for you. Note that there’s a certain amount of vagueness about how these things are defined and some overlap between them.

  • Infrastructure as a Service (IaaS) means you’re buying access to raw computing hardware over the Net, such as servers or storage. Since you buy what you need and pay-as-you-go, this is often referred to as utility computing. Ordinary web hosting is a simple example of IaaS: you pay a monthly subscription or a per-megabyte/gigabyte fee to have a hosting company serve up files for your website from their servers.
  • Software as a Service (SaaS) means you use a complete application running on someone else’s system. Web-based email and Google Documents are perhaps the best-known examples. Zoho is another well-known SaaS provider offering a variety of office applications online.
  • Platform as a Service (PaaS) means you develop applications using Web-based tools so they run on systems software and hardware provided by another company. So, for example, you might develop your own ecommerce website but have the whole thing, including the shopping cart, checkout, and payment mechanism running on a merchant’s server. App Cloud (from salesforce.com) and the Google App Engine are examples of PaaS.

Advantages of cloud computing

 

Advantages

The pros of cloud computing are obvious and compelling. If your business is selling books or repairing shoes, why get involved in the nitty gritty of buying and maintaining a complex computer system? If you run an insurance office, do you really want your sales agents wasting time running anti-virus software, upgrading word-processors, or worrying about hard-drive crashes? Do you really want them cluttering your expensive computers with their personal emails, illegally shared MP3 files, and naughty YouTube videos—when you could leave that responsibility to someone else? Cloud computing allows you to buy in only the services you want, when you want them, cutting the upfront capital costs of computers and peripherals. You avoid equipment going out of date and other familiar IT problems like ensuring system security and reliability. You can add extra services (or take them away) at a moment’s notice as your business needs change. It’s really quick and easy to add new applications or services to your business without waiting weeks or months for the new computer (and its software) to arrive.

Drawbacks

Instant convenience comes at a price. Instead of purchasing computers and software, cloud computing means you buy services, so one-off, upfront capital costs become ongoing operating costs instead. That might work out much more expensive in the long-term.

If you’re using software as a service (for example, writing a report using an online word processor or sending emails through webmail), you need a reliable, high-speed, broadband Internet connection functioning the whole time you’re working. That’s something we take for granted in countries such as Scotland, but it’s much more of an issue in developing countries or rural areas where broadband is unavailable.

If you’re buying in services, you can buy only what people are providing, so you may be restricted to off-the-peg solutions rather than ones that precisely meet your needs. Not only that, but you’re completely at the mercy of your suppliers if they suddenly decide to stop supporting a product you’ve come to depend on. Critics charge that cloud-computing is a return to the bad-old days of mainframes and proprietary systems, where businesses are locked into unsuitable, long-term arrangements with big, inflexible companies. Instead of using “generative” systems (ones that can be added to and extended in exciting ways the developers never envisaged), you’re effectively using “dumb terminals” whose uses are severely limited by the supplier. Good for convenience and security, perhaps, but what will you lose in flexibility? And is such a restrained approach good for the future of the Internet as a whole?

Think of cloud computing as renting a fully serviced flat instead of buying a home of your own. Clearly there are advantages in terms of convenience, but there are huge restrictions on how you can live and what you can alter. Will it automatically work out better and cheaper for you in the long term?

What is a VPN, and what can you use one for?

Connect securely to your network from anywhere in the world, cover your tracks, protect your privacy and watch stuff you’re not supposed with a VPN

VPN (short for virtual private network) is basically a secure link between your computer and another computer somewhere else on the internet. In theory, all communication between your computer and that computer over the internet can’t be eavesdropped on or inspected so as to see what you’re up to.

Having  VPN configured on your network’s server or a network hardware device will allow a user to connect from their laptop or tablet from anywhere in the world there is an internet connection and allow them to access their files, folders and email etc… as if they’re right there in the office.

You can get access to a VPN service out with your company’s network by giving a VPN hosting company a few pounds a month, then configuring your computer or router to send all your internet traffic via them. Most VPN providers have servers in multiple countries, so you can pretend to have your internet connection appear to be in any country in the world.

Evading and confusing the indiscriminate mass surveillance of a nation state is a popular use of VPN services. By using that secure link between you and a computer abroad, ideally in a friendly jurisdiction, you’re able to avoid the government’s tracking of which websites you visit and when. All your ISP will record is that you visited the VPN over and over, because they don’t know where that traffic goes after it leaves your VPN provider.

If privacy is your reason for wanting to use a VPN, make sure you check that your DNS information isn’t leaked, which would result in your ISP knowing which websites you visited.  Ensure that you use a VPN service that doesn’t log your activity, nor is in a country that shares its surveillance data with the UK. There’s no point trying to hide your tracks from your ISP if the VPN provider is logging it and they’re in a Five Eyes country that shares its information with the UK.

Of course, a VPN alone isn’t a foolproof way of evading surveillance, as there are multiple methods the law has up its sleeve to track what you’re up to. A downside of routing all your traffic over a VPN is that you’ll suffer a slower Internet connection due to all your traffic travelling across the globe and back again, even if accessing a local server.

Another less known, but perhaps the most important, reason to grab a VPN account is to protect yourself when using unsecured public wi-fi. Most public wi-fi hotspots don’t use WPA2 encryption so that you can connect to the network without having to enter a password. Without any encryption, anyone also using that same access point as you with nefarious or even curious intentions can see whatever you’re doing. Utilising a VPN encrypts all that information so anyone looking at your data stream will just see gibberish.

Once again, a VPN isn’t perfect, as in that short period between connecting to the wi-fi and your VPN connecting, there can still be unencrypted traffic flowing out of your computer or smartphone, so be aware of that next time you use public wi-fi.

A more consumer mainstream use of a VPN is to get around pesky geolocation of Internet services. Take for if you’re abroad but still wanna watch some iPlayer? Fire up your VPN, set your endpoint to the UK and tune in.

4 Ways to Protect Against the Very Real Threat of Ransomware

 

Password’s – Seven tips and tricks to keep your digital locks secure

1. Think Length, Not Complexity

A longer password is usually better than a more random password, as long as the password is at least 12-15 characters long.

In fact, a long password that comprises only lower-case letters can be more beneficial than crafting just the right combination of alphanumeric gibberish. Usually all it takes is a password just two characters longer to make up for a lack of other types of characters such as upper-case, numbers, or symbols.

In other words, the time spent making your password look like Popeye cursing would be better applied toward typing two easier to remember letters.

2. Keep It Weird

That’s not to say you should be content with 111111111111111. Longer is always better, but that length yields diminishing returns if you’re not still mixing it up.

We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers.

Avoid common sports and pop culture terms regardless of length. The more common a password is, the less secure it will be, so go with something no one else would (ideally, a random string).

3. Don’t Bunch Up Your Special Characters

Many password input fields now require you to use a combination of upper case and lower case letters, numbers, and symbols. That’s fine! Just keep them separated.

Put your digits, symbols, and capital letters spread throughout the middle of your password, not at the beginning or end. Most people put capital letters at the beginning and digits and symbols at the end. If you do that, you get very little benefit from adding these special characters.”

It’s that “most people” part that gets you in trouble. It’s about predictability based on how many people do it. Avoiding front- or backloading your passwords with special characters also gives you a lot more real estate to work with, which creates a bigger bottleneck for anyone trying to break in.

4. Never Double Dip

You’ve followed every password recommendation, down to the last &$@. It would take years for someone to crack. Your password is so good, in fact, and took so long to memorize, that you’ve decided to use it on a couple of accounts.

This is bad!

Even if you have an ‘unimportant’ password and an ‘important’ password tier, it’s very unsafe. It makes it way too easy for a hacker to attack one site and get your password to all the others.”

The main point here, really, is that your passwords are only as secure as the sites to which you entrust them. If you don’t want to pay dearly for someone else’s mistake, limit the potential fallout by using a unique password everywhere. Or, you know, skip the whole thing and use a password manager.

5. Don’t Change Them So Often

Don’t change passwords every month.

Passwords are hard. They should be! But it’s better to go through the trouble of making one good one, and sticking with it, than to expect to be able to turn over that many special characters more often than you do the pages on a wall calendar.

Frequent password changes are largely a waste of time. There’s no evidence that password changes improve outcomes.

6. Take the Panic Down a Notch

You’re right to do everything you can to make your password as safe as possible. But it might also help to remember that most people don’t need a digital Fort Knox. A digital combination lock should do just fine.

Ignore the stories about attackers doing billions of guesses and saying that the average password can be guessed in under a second: your bank is not going to allow an attacker to try 100 billion guesses. For web passwords you mostly have to worry about withstanding a few thousand guesses.

Yes, that’s still a lot of guesses. But if anything, it’s a reminder that if you do commit to password best practices, the bad guys are probably going to move right along.

7. Layer Up

When deployed properly, passwords are pretty good. They’re much better, though, as part of an overall plan of attack. This goes double for those on the admin side of the aisle.

Don’t rely on passwords alone! Passwords should not be considered sufficient for anything other than the lowest-risk applications.

Instead, adding a layer of more robust authentication, like cryptographic credentials, or a biometric identifier i.e a fingerprint scanner.

Adding a layer of protection makes sense, but it also has potential ancillary benefits that aren’t quite so obvious.

By adding [extra authentication], a company could have a less strict password policy, like less characters or requiring password changes less frequently.

Which, hey! As great as an airtight password is, anything that makes them a little easier to achieve is more than welcome.