VPNs for public and untrusted networks
The days of the traditional office environment and its confines have been coming to an end with the continued world-wide growth in mobile workers using smartphones, tablets and laptops at home, while on the road and
at coffee shops – but then so has traditional IT security as we used to know it also come to an end as a result. Free Wifi access can be found in almost all major cities in the world today, including their international airports and on public transport, and usually with very few limits, but as the saying goes, there are no free lunches and sacrificing security and privacy for something that is supposedly free can come with some major unanticipated costs.
One solution to this problem is to use a Virtual Private Network (VPN) connection. A VPN creates a private tunnel to its servers and encrypts the data being sent and received, which greatly improves security and reduces the chances of interception by a third party. And although each device would need its own VPN client it will protect the data and limit tracking algorithms from monitoring your online activity. All organisations should ensure that their employees make use of an authorised VPN client when accessing information on their devices out of the office since even if they are using their connection for private use, the fact that they are vulnerable to being compromised and hacked means that the next time they connect to the company’s resources they are putting them at risk too.
Internet browsers and Ad Blockers
Most websites on the internet are changing rapidly with the advancement of technologies like HTTP2, secure browsing, web apps/services and high-resolution media. A good number of websites and web services also utilize advertising pop-ups and click-through tracking to generate additional revenue, but these sites can also include malicious coding, scripts and tracking cookies (spyware). These components may infringe on the privacy expectations of the user and could potentially lead to security compromises. Many users also don’t realise that an outdated web browser can very easily be compromised in a matter of seconds by clicking on a malicious link. Browser updates don’t only improve compatibility with other software and applications on a device, but they also improve performance and add new security features to help counter the latest threats that may have been created with previously unknown techniques.
Microsoft issued a statement on 06 February 2019 about “The perils of using Internet Explorer…” stating that the browser they had developed is no longer safe to use by declaring that “Internet Explorer is a compatibility solution. We’re not supporting new web standards for it and, while many sites work fine, developers by and large just aren’t testing for Internet Explorer these days. They’re testing on modern browsers. So, if we continued our previous approach, you would end up in a scenario where, by optimizing for the things you have, you end up not being able to use new apps as they come out. As new apps are coming out with greater frequency, what we want to help you do is avoid having to miss out on a progressively larger portion of the web!”.
No security implications were mentioned by Microsoft in their statement, but you can rest assured that this is the main reason for their declaration. Alternative internet browsers are easy to source with many options available, such as: Chrome, Firefox, Opera, Edge, Safari (for Apple devices) and many more. This should be one of the first upgrades applied to any new workstations. It’s ironic in fact that Microsoft allegedly put Netscape out of business in the 90’s after replicating their innovative Navigator browser and calling it Internet Explorer after their own Microsoft Explorer desktop application. Perhaps Microsoft has realised that they can’t compete with the other browser companies and apart from not being able to generate revenue from their own browser, it has fallen in popularity to the point of no longer being viable.
An added benefit to the alternative browsers mentioned above is their support for extensions and add-ons. Ad blocker add-ons implement active traffic scanning which strips specified content before delivering it to the internet browser. The benefits of this include improved privacy, faster webpage loading and reduced ads. Some websites may in fact warn against the use of ad blockers in the interests of their own click-through tracking and serving advertisements for revenue generation.
Reliable anti-malware
Anti-malware software is essential for all computing resources as it usually protects against both known threats and previously unknown threat using heuristic scanning. The more advanced applications are also using Artificial Intelligence (AI) to combat new threats and most are constantly improving their ability to detect zero-day threats. There is a reasonably clear divide between free and paid anti-malware, but one should always bear in mind that you can’t necessarily put a price tag on trust. Anti-malware is the first and most essential line of defence that protects computing systems from harm and vendors like F-Secure are constantly evolving and implementing new technologies, such as AI cloud predictions and behavioural analysis, to combine knowledge with technology.
“It can be argued that nuclear scientists lost their innocence in 1945 when we, as mankind, used the atom bomb for the very first time. If that’s the case, then we could argue that computer scientists lost their innocence in much the same way in 2009, when we started using malware as an offensive attack weapon.” Mikko Hypponen, global security expert, F-Secure. “A day at F-Secure Labs looks something like this: 7 billion events, 6 billion online reputation queries, 1 million suspicious URLs, 500 000 samples to analyse, and about 10 000 new pieces of malware.”
The value of encryption
Data encryption provides the last line of defence against a hacker or unauthorised person gaining access to confidential or private information. In the unfortunate event of device loss or theft, data encryption also ensures that such information is inaccessible to any party other than the owner.
Basically there are two types of encryption:
Hardware encryption: With this type of encryption the device has an in-built encryption chip which requires a pin, passphrase or biometric (fingerprint) authentication to provide access to the user, without which it remains locked. Being built-in, the encryption of the data remains in place, even when the hardware around it is changed, e.g. when installing an encrypted hard drive into another computer. The encryption process is usually also separate from the rest of the device and software, making it extremely difficult to intercept or break. Many premium flash-drive storage devices offer this type of encryption out of the box. Hard drive or storage encryption should be used on all devices that handle sensitive or personal data.
Software encryption: Similar to hardware encryption, this type pf encryption also relies on user authentication, but the encryption process is different. As the name suggests, software (e.g. BitLocker, VeraCrypt) is used to encrypt the data. Although not necessarily as secure as hardware encryption, it offers a relatively inexpensive and robust option for protecting the data. Another possible downside is that the process can use more system resources than with hardware encryption, making it slower.
Devices like cell phones, tablets, laptops, desktop hardware, flash drives and external hard drives generally offer some form of encryption to protect against loss or theft with some brands providing more advanced encryption than others. Device encryption adds peace of mind that the stored data remains inaccessible to anyone but the owner or authorised user.
Before enabling encryption on laptops and desktops, one should consider upgrading the hard drive to solid state storage (SSD) if its still using a mechanical hard drive (HDD). SSDs are on average two to three times faster than standard HDDs and are more reliable (there are no moving parts) which can drastically reduce the time for the encryption and decryption processes along with other general operations.