security | Technology Bloggers

Why Is Cloud Computing So Important?

22nd November 2011 17 Replies victor

Cloud computing has a lot of hype surrounding it. More than a few observers have wondered what is so important about this new internet phenomenon. The truth is cloud computing is leading to a rethinking of the internet’s capability. Cloud computing promises to completely delocalise computing power and technology. Users will be able to access and manipulate files, images, videos and other data remotely. Cloud computing promises the ability to keep networks and mobile devices synchronised at all times.

Infrastructure

A bank of sophisticated computers host operating systems and data for hundreds, if not thousands, of customers. internet search engine giant Google pioneered the use of data centers to store clients’ personal data safely. The same principle is being extended to cloud computing. Huge data centers will act as remote desktop computers. These centers will be able to store every file a user would need. All the user needs is a counterpart machine that can be as small as a conventional laptop with much less weight. These so-called “netbooks” serve only to connect the user to the internet so he can access his files.

An example of how cloud computing works – every device synchronises with the cloud, meaning that your data can be accessed anywhere!

A single data center can offer multiple services and applications. Theoretically, a cloud computing system could perform almost any function or task the user desires. In a typical system, each application will have its own dedicated server combined with multiple iterations to create redundancy and prevent sudden malfunctions. The whole center is managed by a central server that constantly monitors the traffic and load volumes. Balancing the differences between machines, it seeks to maintain the harmony of the system and prevent crashes.

Business Advantages

The advent of cloud computing is actually forcing businesses to change their strategies. Previously, hiring a new employee meant providing him with a desk, computer equipment and various other hardware or software. Cloud computing allows them to reduce these capital expenditures significantly. Now all an employee needs is a computer with an internet connection to access his work data. Desks and office equipment may still be necessary, but the investment in computer hardware can be outsourced to cloud computing companies.

The hardware and software demands on the business’s side decrease dramatically. Labor costs per individual employees go down, enabling a company to hire more workers. Productivity increases, raising the efficiency and profits of the business.

Concerns

The primary reason why cloud computing is getting so much attention is its effect on business strategies. The sheer cost pressure alone is forcing industry after industry to adapt to the new reality. The advantages notwithstanding, several valid concerns about cloud computing exist, namely having to do with privacy and security.

Business owners and executives may hesitate to turn over their sensitive data to a third-party system with good reason. Losing access to their own data or having it compromised is unacceptable in a ruthlessly competitive private sector. One major argument against this fear is the fact that cloud computing companies survive based on their reputations. This gives them a huge incentive not to lose their clients data or compromise accessibility. Despite the power of this incentive, regulations may still be required to ensure safety.

As for privacy, the obvious concern is the connection between the user’s computer and the cloud system. Privacy could easily be compromised by unscrupulous individuals who could access personal information like credit card numbers. A solution to this problem is to use authentication and encryption like regular secure connections.

These practical concerns are somewhat overshadowed by a number of philosophical and legal questions. For instance, who owns the data stored by the cloud computing system? While it is held in the client’s name, a case could conceivably be made that the cloud computing system is the actual owner and therefore has a right to it. These technicalities are still under debate, and no resolution has yet been achieved.

Conclusion

Cloud computing holds great promise for upending things as they are currently done in the business world. The practical effects on information technology jobs will likely be profound. These and other challenges must be met because cloud computing will continue to change the nature of the internet.

WordPress Security Tips – Safeguard Your Blog

8th November 2011 18 Replies Jonathan

I recently came a cropper to a hacker on a WordPress Blog I was setting up – luckily I’d backed everything up, but what if I hadn’t? Well, I’d have likely lost everything.

Now the hacking was partly my own fault for not putting the right measures in place. This got me wondering about how many other webmasters fail to implement basic security measures that could save them a lot of trouble in the future.

So without further ado lets look at my top WordPress security tips. I’ll also point you in the direction of a few WordPress Security plugins that I’ve discovered that do a great job of adding that second line of defence.

Don’t Use Admin as a Username

Let’s start simple – the default username in WordPress is “admin” – don’t use this! It’s the first username that all hackers will try, and allows them to a launch a brute force attack, which simply means a bot that tries multiple attempts at guessing your password.

This is probably one of the most common types of hacks out there and it still works. As a second line of defence I’d install a handy plugin called Login Lockdown, basically it records IP addresses of all failed login attempts, if a lot are cropping up in a short time frame it bans all IP addresses from that range. It also goes without saying use a strong password.

Change the WordPress Table Prefix

This involves changing another WordPress default that makes it harder for a hacker to attack your blog via a SQL injection. The table prefixes are defaulted to wp_ – they are easy to change in your wp-config.php file prior to installation.

However, if you have a site that’s already installed and you’re trying to secure that – I recommend using the WP Security Scan Plugin to do so. Remember to take a backup before you change anything – it’s good practice! The WP security scan has a number of cool features (such as removing the WordPress version in the source code) so it’s definitely worth installing.

Don’t forget to use secret keys

I have a friend who works for a hosting company – and he revealed it’s amazing how many people forget to use secret keys. Now if you’ve installed WordPress via Fantastico or some other quick install tool that your hosting company provides they should automatically include these.

The hashing salt keys make your password even more secure. To make sure you’re using them – visit https://api.wordpress.org/secret-key/1.1 to generate your keys, and then put them in your wp-config.php file – you’ll spot them easily.

Secure your wp-admin folder

I missed this out when installing my blog and it’s another security tip that many webmasters fail to implement. The wp-admin folder is very important and if a hacker gets into that then they’re going to cause some serious damage.

This involves using a .htaccess file to prevent access. You have two options here – you can prevent access by only allowing certain IP addresses (which isn’t ideal if you have a dynamic IP or work form multiple locations or on the move) or you can use a .htpassword file.

To use the IP address method simply create an .htaccess file and paste in the code below (switching the xxx for your IP address) then upload it to your wp-admin folder:
AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "Access Control" AuthType Basic order deny,allow deny from all #IP address to Whitelist allow from xxx.xxx.xxx.xxx
You can add multiple lines of IP addresses if you want. If your site has multiple writers posting – like Technology Bloggers or accepts guest posts then it’s unlikely this method is viable.

If that’s the case use the .htpassword method – there’s a useful tutorial here: htaccess Files and WordPress Security.

Keep WordPress up to date

This seems obvious but a lot of people forget to upgrade their WordPress. Maybe through fear of breaking something or perhaps just laziness.

The majority of WordPress upgrades are made to increase security and patch up known vulnerabilities. So backup your install and upgrade to the latest version when they’re available.

Keep regular backups

Sometimes no matter how many security measures you have in place, a hacker it still able to get through, maybe through a plugin that contains an exploit.

In this case, you have to take regular backups as the last line of defence. Perhaps through the use of a plugin, or via your host. You can schedule them to run on a daily basis and then be emailed to you.

Having to restore a backup is probably a worse case scenario, but believe me, it’s far easier than having to re-setup your entire blog and redo blog posts from Googles cached pages.

What are your favourite WordPress security methods? Are there some great plugins that I’ve missed? Please let me know in the comments section below.

5 Most Popular Two-Factor Authentication Security Devices

16th September 2011 12 Replies Alan

As we had discussed before, one-factor authentication is not sufficient in order to have good security. Especially when we talk about sensitive transaction such as banking transactions, it is not secure anymore today if it were done only using username and static password.

Two-factor has to come into the IT security field to ensure that the correct person is authenticated. The items below are the five most popular methods used for any two-factor authentication.

1. Mobile OTP

Mobile One-Time Password (OTP)

A very popular and cost saving method is to use a SMS gateway and send OTP (one-time password) to a mobile phone user. This method is used widely simply because everyone has a mobile phone today which means everyone can use two-factor authentication as long as the host of the application willing to invest and provide this service.

2. OTP Token

One-Time Password (OTP) Token

OTP token works more or less the same as the Mobile OTP. The difference is that this is a separate device and the OTP can be generated immediately instead of waiting for the SMS gateway to send. As a result, it is more reliable than the Mobile OTP but additional cost needed to have this device.

3. PKI USB Token

Public Key Infrastructure (PKI) Token

PKI USB Token offers the second best security in the market by beating off man in the middle attack such as phishing attack. However, PKI implementation needs an infrastructure where it is going to be costly. Due to the cost matter, PKI is not well known in certain countries as people will go for OTP to have the balance of security and investment cost.

4. EMV Cap OTP with Signature

Europay, MasterCard and VISA Cap One-Time Password with Signature

Europay, MasterCard and VISA (EMV) Cap One-Time Password (OTP) with Signature

EMV Cap OTP offers the best security around as it not only beats off the man in the middle attack, but also the man in the browser attack. This is simply because the user needs to sign the transaction using the EMV card reader instead of the web browser. As a result, the Trojan of the man in the browser will no longer work. The drawback is that, signing with transaction device can be a tedious thing to do. The user needs to enter correctly the recipient’s account number and the amount in order to perform the transaction successfully.

5. Out of Band Transaction Detail Verification

Out of Band

This method provides the best security similar to the above and solves as well the weakness of the EMV Cap OTP. What this method does is to send the user the details of the transaction such as the recipient’s account number, amount and the OTP code via non-internet channel such as voice call or SMS. The user will verify those details given and confirm the transaction by submitting the OTP code into the web browser. This gives great security but not anything more after that. Unlike PKI, that piece of digital certificate can do not only authentication signing, but also document signing, PDF signing or even data encryption.

Nothing is perfect in this world where everything has its good and bad. You have to clearly define what you want and I’m sure you can find the device that is suitable to you.

Technology Bloggers

Championing responsible innovation in partnership with the Bassetti Foundation

Technology Bloggers

Championing responsible innovation in partnership with the Bassetti Foundation

security - Tag Archive

5 Most Popular Two-Factor Authentication Security Devices