bigstock-Isometric-Internet-Security-Lo-238957666-Converted-01

Why Two-Factor Authentication is Important

Today, more and more of our lives are happening on mobile devices, laptops and computers. So it’s no wonder why our digital accounts are the prime target for cyber criminals. 

Attacks against the government, companies and individuals are happening every day. High profile data breaches and password leaks are becoming more and more common. Cyber criminals are continuously developing more sophisticated hacking methods, making some security practices obsolete. 

Fortunately, for any organization, one simple method for protecting digital accounts remains effective: two-factor authentication (2FA). Learn more about why two-factor authentication is important. 

What is two-factor authentication?

Two-factor authentication is the method of verifying your identity by adding a second factor of authentication to your account. Incorporating 2FA adds an additional step to the login process. After users enter their credentials, 2FA prompts users to enter an additional code before they can access their account. 

Types of two-factor authentication

There are many types of 2FA available. Some are more secure than others, but all provide improved protection for digital accounts. 

Here are a few of the most common forms of 2FA: 

Software Tokens: 

Software tokens are the most popular form of two-factor authentication and requires software that generates a time-sensitive, single use passcode to use to access an account. The user must download and install a 2FA app on a smartphone or desktop, such as Google AuthenticatorAuthy, or Microsoft Authenticator. These applications are compatible with a variety of websites. 

Once the user configures the application with the account, it will begin generating and cycling through time-sensitive codes. 

To access the account, the user must use the code provided by the 2FA application to access the account. These passcodes are usually only valid for less than a minute. 

SMS or Voice-based Messages: 

SMS Message Two-Factor Authentication - Dexter Edward

In an SMS-based 2FA environment, a user attempting to access an account will be sent an SMS message containing the 2FA code. 

Similarly, voice-based 2FA automatically dials the user’s phone and verbally delivers the 2FA code. 

SMS and voice-based authentication is one of the least secure methods of 2FA.

Push Notifications: 

A user with a smartphone or computer can receive notifications when an authentication attempt is taking place. The user can view details related to the request and can approve or deny access through the provided link. 

Push notifications provide a more user-friendly form of security. 

Other forms: 

In Biometric 2FA, user identities are verified via fingerprints, retina patterns, and facial recognition. 

These types of authentication are in development and are sure to become more popular within the next few years. 

Why use two-factor authentication? 

Passwords, no matter how complex, are no longer as infallible as they once were. Cyber attackers can test billions of passwords in seconds. Furthermore, it’s extremely common for users to use the same password across multiple accounts, meaning once hackers have access to one account, they can gain access to other accounts with relative ease.

2FA provides additional protection to accounts that is independent of password strength, and more secure than traditional security questions, which can be guessed by hackers who can view public social media profiles. Dexter Edward incorporates 2FA support into several of their solutions that can help your organization be secure, encrypted, and traceless. 

LEARN MORE
Dexter Edward Mobile Security Header

Online Privacy Methods

Protect your Online Privacy

As you venture out on the Internet, reaching and searching for information or as a portal for communication, one thing is clear: privacy is key. Because without privacy, anyone can intercept, analyze, and exploit your communications—and, eventually, the odds are someone will. It behooves you to take proper steps to ensure your online activities and conversations remain only between you and your intended parties.

There are many methods to remaining private online, some more powerful than others. Examining all your options will help guide you to make the best decision for your online security.

Private browsing is the minimal you can do to protect your online privacy

Private Browsing

Perhaps the easiest way to ensure some privacy online is flip that little switch and use a private browser window. Sometimes called incognito mode, private browsers hide some of what you do online, but only some. While exactly what they conceal varies from browser to browser, private browsers do have some aspects in common.

Many disable the browser’s history and web cache, hiding the record of what you are doing online. Often autofill will be disabled, preventing the risk of accidentally storing login credentials. Along that same thought, many private browsers will prevent you from remaining logged in to online accounts once you close the browser window.

So that’s all you need to be totally secure, right? Unfortunately, no. Though most private browsers clear your browsing history in the browser, a portion of it might remain on your computer or your ISP—bits that could be used to reconstruct your online activities. Also, a lot of their functions rely on you closing the tab when you are done. If you don’t close the window, the caches aren’t erased. As Hana Habib, a doctoral student at Carnegie Mellon, points out, “A lot of people use private browsing just to hide their activity from other people who might use their computer later. . . [a]nd for that, private browsing does a pretty good job of protecting users against that particular threat.”

VPNs are one method of online privacy

Virtual Private Network (VPN)

Another option for online security is using a Virtual Private Network (VPN). VPNs take your traffic and passes it through a VPN provider’s server on its way to your destination. With a VPN, your traffic and IP address are obscured, and your communications are encrypted. To an outside observer, you will appear to exist where the VPN server is, which is why VPNs are popular in countries with censor-loving governments (or for people trying to circumvent geo-specific website restrictions).

VPNs are much safer than relying on private browsing, but even they can have their drawbacks. For one, you are relying on the VPN service’s security choices. The big drawback of VPN services are their terms and conditions, specifically in regard to logging. TheBestVPN recently updated their survey of over 300 VPN providers’ privacy policies to see if their advertising claims were matched by their policies.

The good news is this analysis shows that only about 8% keep logs of your browser history (with another 9% aggregating your browser history with all their other users). The bad news is when those VPN services who log your IP address and timestamps (the where and when of your browsing activity). 40% of the VPNs analyzed log your IP address and 38% log timestamps of your activity. For a service claiming to keep your anonymous, those statistics are striking (and should remind you to really read all the fine print when trusting another company with your security).

Onion routing is another method to preserve your privacy online

Onion Routing

Onion routing is similar in some respects to a VPN in that your traffic and communications pass through another remote server. But, in Onion routing, everything passes through multiple servers with a new layer of encryption added for each server passed through. Each server only knows of the servers on either side of it, so, for example, the second server in a 3-server chain (that is, 3 servers between you and your destination) will not have any record of your IP address (or other particulars) or what your final destination is. Onion routing takes your online anonymity and security up to another level.

Unfortunately, Onion routing has a few drawbacks. First, because your traffic is passing through various servers in various parts of the world, it can be slow. This isn’t any fault of the Onion routing method, mind you, but rather the varying Internet speeds in different locations. Another drawback is, again, not due to the Onion routing method, but rather to those who use it to hide their activity. Because of some users using Onion routing to commit illicit or illegal acts, the whole system echoes with negative overtones for some. That is, people might suspect or associate users who just want privacy with users who are doing all the illegal things.

Fognigma Provides the Best Online Privacy

Fognigma

Fognigma is a patented enterprise software solution that gives organizations the power to build their own secure, encrypted and traceless networks and communications systems. Fognigma works by strategically leasing virtual machines over eight commercial cloud providers which function as one gestalt network. Inside this invisible, on-demand network are various communication components (VoIP, file share, messaging, video conferencing, and Virtual Desktop Infrastructure) which are afforded the same protection as the Fognigma network itself: FIPS 140-2 validated, cascading AES-256 encryption with two distinct encryption libraries.

Like Onion routing, the parts of a Fognigma network only know of their immediate neighbors, so even if one part could be found, it couldn’t compromise the whole network. Also, like Onion routing and VPNs (which makes sense, since Fognigma is a virtual private network), where you exit the network to the rest of the Internet is where it appears you are located. However, Fognigma takes that to the next level by giving organizations the power to create multiple exit points almost anywhere in the world and users the ability to dynamically switch exit points (and their perceived location) with just a few mouse clicks.

Fognigma takes all the best privacy features, wraps them in a massive level of encryption, and gives them to organizations to build and run their own invisible networks, never having to worry about the privacy policies of a distant VPN provider or the ofttimes stigma of Onion routing. To learn more about Fognigma and how it can help your organization (or to schedule a demonstration), contact us today.

bigstock-Isometric-Cloud-Computing-Conc-243793318-Converted-01

Setting Up Your Own Secure File Server: A Primer

Take Your Files with You

Just as the world never stops turning, our operations remain in constant motion. They take us on the road, in the air, and over the sea. We bundle up our technology and bring it with us so we can continue working, and no matter which types of tech we take along, one thing is always needed: our files. A secure file server can make all the difference.

Of course, you could take a thumb drive with your files wherever you go, but everyone knows how risky that is. Misplace the drive and your documents will most likely find a new life in dark places on the Internet where all sorts of bad things can result. Or, at the very least, multiple versions of the documents will be created, leading to version control confusion (i.e., you won’t know which version is the most recently updated and accurate).

The only answer is to have an online file repository where you can access your files, without creating and carrying around multiple copies. But which method is the best to create a secure file server?

Host your own secure file server

Cloud Storage Thunderstorms

The fastest way to give your files the gift of remote access is to upload them to a cloud storage server operated by one company or another. We won’t name cloud storage companies because for many, they are viable options for file storage. However, we will mention some of the potential security risks these cloud storage companies, as a whole, represent.

  • Lack of Crypto-Key Control – In simplistic terms, when files are encrypted, keys are created to encrypt and decrypt the files. If you don’t have the key, you can’t see the file. The problem with some cloud storage providers is they maintain ownership of the encryption keys, which means if the service was hacked, the hackers would have control over the encryption keys to your files.
  • Lack of Any Security Control – When you sign up for a cloud storage provider, they have their own methods of cybersecurity in place. You don’t have a say in what encryption they use, for example, or any other security features. In short, you are trusting their cybersecurity team with all your data.
  • Data Sharing – Sometimes cloud storage providers have shared data (or, at least, metadata) with third parties. When security is a prime concern, the sharing of any data about your data or your organization is potentially very harmful.
  • Shared Server Storage – When you upload files to a cloud storage provider, your files are stored on a section of one of their massive servers. If the file server gets hacked via another customer’s account, once again, the hackers can gain access to your files since they reside on the same server.

Host your own secure file server

Host Your Own Secure File Server

The easiest way to take total control over your file server needs is to set up your own. Though that might sound daunting, it is actually pretty simple. Plus, there are multiple manners of file sharing you can use. Here are a few:

  • NAS (Network Attached Storage) – NAS is one of the easiest ways to build a secure server, but it is reliant on you having the proper type of router. Some routers have USB ports for storage. Plug in a thumb drive, configure a few settings, and you’re the proud owner of a private server!
  • FTP (File Transfer Protocol) – FTP has been around for almost as long as the Internet. While it’s not exactly what you imagine when you think of a cloud server, FTP servers can be used to easily transfer large files. You can even add security measures to FTP. Use SFTP (Secure File Transfer Protocol) and you’ll be using SSH to protect the transmission of your files. Or, use FTPS (File Transfer Protocol Secure) which give you TLS encryption for data transmission.
  • HFS (HTTP File Server) – HFS is another protocol which has been around for some time. It can be set up quickly which is great for inexperienced users yet has tons of customizable options for the more advanced users.

The most important part, after you’ve determined the type of private server you plan to run, is to explore security options. You’ll need to do it all yourself (as compared to a cloud storage provider) but, as previously stated, you’ll have full control over your security. You can make sure your security measures are always up to date, your software properly patched, and access to your files exactly as controlled as you desire.

To learn more how Fognigma, our leading-edge enterprise software solution, can take your protected, online-accessible file storage to the next level, contact us today.

Isometric Icons without Light-12

VoIP vs. Landline Security: A Comparison

Telephones Require Security, Too

Telephones were created to transmit person-to-person communication at a longer distance. Everyone knows that. It’s also expected by most people talking on phones that the conversation is only between themselves and the person or persons at the other end. But we in the cybersecurity world know that’s not always the case. We know that if communications are happening, there are always third parties trying to intercept those communications. Therefore, security is just as important for your telephony as it is for your networks, users, and other systems. VoiP vs Landline security is important for deciding which to use.

For office use, two types of phone systems are the most plentiful: hardwired landlines (also called PSTN, or public switched telephone networks) and virtual VoIP (Voice over Internet Protocol). Which is more secure: landline or VoIP? Let’s explore further.

Landline phones need security

Landlines

The oldest and more traditional method of telephony is the landline—wires literally stretching all over the world, physically connecting handset to handset (with all the switches, terminals, cables, etc. in between, of course). It’s a system and infrastructure that’s been built up over one hundred years and works via circuit switching (a dedicated link between the two callers that exists as long as the call takes place). By having an actual physical connection, landlines are quite secure. In order to intercept communications, the wires themselves must be hacked into. This is not impossible, but it is quite an undertaking. However, to get this innate security, one must pay for the infrastructure by way of taxes, per-call fees, and other applicable charges. Also, this technology is limited to only voice calls—no other type of data (SMS, video, other file types) can be transmitted.

voip vs landline security

VoIP

VoIP calls have the curse and blessing of traveling over the Internet. VoIP calls are more feature rich and can transmit voice, video, and files. Because calls are placed over IP, there are little to no fees per call. However, VoIP calls work via packet switching, in which the information is digitally sent over the Internet in sections via many different and ever-changing routes (to be reassembled when they reach the end caller). As this article on Lifewire points out, “It is easier . . . to intercept VoIP data thereby breaching your privacy.” The articles goes on to say, “Many of the nodes through which the VoIP packets pass are not optimized for VoIP communications, which renders the channel vulnerable.”

That was the curse part. The blessing comes in the form of cybersecurity. Since VoIP calls are traveling over the Internet, you can protect them using all the cybersecurity methods you use for your organization, networks, and users. Firewalls, encryption, VPNs, and virus and malware protection (yes, you can get malware from a VoIP call) can enrobe and strengthen the security of VoIP telephony. These security measures are just not available for landline phone systems.

Telephony security is important

One Final Warning

There is one other way to intercept any type of phone call, possibly one you thought about in the section about landlines, and that is eavesdropping. Yes, no matter how much security you put in place, someone simply could be listening in at your door or through an electronic device. This means the final telephony security measure is your own discretion. Are you in a secure location for a call? Is there the possibility that devices could be hidden around you? Is there anywhere more secure you could place the call? Along with the type of telephony your organization is using and its intrinsic and additional security measures, being aware of your surroundings is the extra step which will help your phone calls stay secure.

Fognigma’s telephony solutions take VoIP security to the next level, featuring leading-edge technology and the utmost in communications protection. To learn more how our solutions can help your organization or to schedule a demonstration of them, contact us today.

Manage network attribution

The Importance of Patches and Updates

Everything was Once New

A new bit of software is released. It’s sparkling, it’s fun, it’s revolutionary. Everyone loves it and starts using it. Or, perhaps the new thing is an IoT device which lets you monitor the air quality of your office. In order to survive in today’s marketplace (read: make the company money), products get pushed onto shelves to be sold often times before they are fully functional and secure. Because of this rush, most software and software-based products are flawed at the time you purchase them. It’s important to apply patches and updates to software when released.

You know the drill: you get your brand-new cognition amplifier home and what’s the first thing you do after you turn it on and connect it to Wi-Fi? That’s right, you search for (and normally install) updates. Many people think that’s the only maintenance they need to do, but it’s not. Just like a flower in a pot. It will look nice as soon as you get it home, but if you think you can just leave it and it will always look nice, you are wrong. You need to care for it and provide what it needs, or it will get sick. Just like your devices and software.

“Data is moving in and out of hospitals very freely and they’re very unsegmented. We have customers who are still using Windows 95. That’s insane … And we’ve been told that, since they’re saving lives 24/7, they never patch. They’re afraid of rebooting the system or messing it up.” – Chris Morales, Head of Security Analytics at Vectra

patches and updates

What Can Go Wrong?

But what really can go wrong if you don’t update your stuff? Can it really be that bad? You might just be missing out on some new features, right? Let’s explore some recent update and patch news:

These examples provide insight into potential security breaches on a massive scale that were all fixed with a patch. You don’t want to install some weather-checking software or an IoT thermostat and have it serve as a doorway outsiders can exploit to compromise your systems, steal your data, and destroy the credibility of your users and organization. And software/IoT device companies don’t want to get in the news as being the cause for such a compromise and feeling the wrath of litigation, bad press, and governmental fines rain down upon them.

All the above stories have one thing in common (other than the scale and potential damage the flaws could have inflicted): every vulnerability was fixed with a patch. This is what responsible software and software-reliant hardware companies do—they monitor and patch and update to make their product the safest and best it can be.

This is something you should think about and investigate when selecting software and hardware options. See if the company has frequent updates or patches. Make sure they are continuing to support their product and make it secure. Otherwise, you could put a lot of faith in a product that will just leave you exposed to those who wish to do you harm.

Always update and patch your software

A Final Word on Patches and Updates

It’s not just for your own organization’s security that you want to keep your software and hardware updated and patched. Between GDPR regulations (where organizations can be fined up to 4% of their annual income or €20 million, whichever’s greater)  and the new Binding Operational Directive from CISA ((BOD) 19-02) setting a deadline for updating any and all systems when a patch is available (15 days for “critical” vulnerabilities and 30 days for “high”-severity flaws), pressure is on from national and international institutions to protect your systems. Like herd immunity for viruses and diseases, the world has seen the importance of all organizations keeping their software updated.

It does take a little time but make it part of standard operating procedure and get it on a schedule. Find the best time for updates to take place for your organization and make sure they are never missed. Your organization’s cybersecurity will thank you.

To learn more how we make sure our solutions stay updated and our customers are alerted any time a new update or patch is released, contact us today.

malware to vdi

The Problem with Old Encryption Methods

Encryption is Vital

Mission success depends on organizational data and communications staying protected. It behooves organizations, therefore, to shroud their comms and data with encryption. So why don’t they? Why don’t organizations and agencies rush out and implement at least some form of encryption? Why don’t they make encryption a top priority? Well, it’s not as easy as just pressing a button, but perhaps not for the reasons you think. Let’s examine encryption, some of the things that prevent organizations from adopting it, and some of the disasters that can occur without it.

 

Encryption is Nothing New

As soon as the first person had a secret they wanted to tell another, without the whole world knowing, encryption was born. (We’ve covered some of this before in our blog about Dual Encryption. Take a read for some extra background into the history of encryption.) Encryption of one form or another has been used to protect trade secrets, important communications, and military intelligence.

All encryption is based on ciphers — rules of reorganizing the information so its actual meaning is hidden from anyone who doesn’t know the rules. In a simplistic model, the ciphers work with special keys to lock up the data, and the same key (symmetric encryption) or a different key (asymmetric encryption) unlocks the data and allows it to be deciphered.

Since encryption was first born, however, others have been working hard at breaking encryption. And so, encryption methods have grown more and more complex. The current accepted standard of encryption is AES-256 encryption which creates digital keys 256 characters long. Brute force (i.e., guessing all random combinations) a number that size would take a billion times longer than the age of the universe.

So, encryption has been around a long time, which brings the question again: Why aren’t organizations adopting encryption for all their data and communications?

Encryption Costs Time

Encryption doesn’t just happen. A method must be chosen, procedures must be implemented, users must be trained, and then everyone actually needs to use the encryption. All this disruption to the current way of doing things takes time. Lots and lots of time, especially the “everyone actually using it” part.

Encryption adds extra steps to workflow and users are notorious for going around company policy if it slows down their work. A new report from Symphony Communication Services shows 24% report they are “aware of IT security guidelines yet are not following them;” “27% knowingly connect to an unsecure network;” and “25% share confidential information through [unsecure] collaboration platforms.”

This is very troublesome when incorporating encryption into your organization. For encryption to protect properly, everyone needs to be using it instead of finding ways around it. A report by the Government Business Council showed that of those Defense employees who admit to using their personal devices to conduct agency work, 94% say their devices have not been approved by the agency. Once again, more evidence that users are choosing convenience over security—choosing to save time over protecting the organization. Time, then, is the true cost (and problem) with old encryption methods.

Automated Encryption is the Future

In the future, encryption will be easier for organizations to adopt because it will all be handled behind the scenes. You’ll simply log in to a program (which will handle all the key exchanges and encryption/decryption) and let it run in the background. You will then be able to send encrypted messages as easy as sending a regular chat message—no extra steps needed. You’ll be able to encrypt files that only the specific users you selected will be able to open (even if the user is just yourself). And this encryption will be available on desktop and mobile devices, all working together to ensure your organization’s encryption.

Think that sounds like a pipe dream? Too good to be true? Too far out in the future? What if we told you the future was in the final stage of development and testing, and will be ready for release very soon? It has a name: Conclave. It has a purpose: to make sure you use encryption and protect your organization without all the extra steps. To learn how our automated encryption solutions can help secure your data, users, and organization, please contact us today!

Spawner Storm

Spawner Storm: An Introduction

Always Innovating

One key goal of innovation is not always to do something new, but to do something better. The process in which Fognigma communicates with various cloud service providers, leasing and building virtual machines, and uniting those machines to function as one invisible and secure network is new (which is why it’s patented). But we’re not content with just creating an amazing product and then resting on our laurels—we want to continue to make the product evolve into an even better version of itself. We are constantly checking our software and stretching our brains to figure out ways to make it more secure, more undetectable, and more valuable to the customers who use it.

Which is why we created Spawner Storm, a revolutionary and patent-pending method for anonymizing Fognigma Network builds and communications even more. But we’re getting ahead of ourselves. Let’s first describe the issue and then we can showcase Spawner Storm’s technology and how it takes Fognigma Networks to the next level.

Even a Little is Still Too Much Association

When the Fognigma engine builds a network, it sends messages to the cloud service providers communicating the plans to build each virtual machine. Then, the engine continues to talk to the cloud and all the virtual machines. What we realized is because the engine has a set IP address, if anyone could discover some of the virtual machines and see the IP address that was communicating with it, they’d be able to associate all the machines. That is, they could tell the virtual machines were working together and then trace them back to the engine using the discovered IP address of the engine. This sort of association could possibly lead a nefarious third-party right to your Fognigma’s engine’s front door and, from there, learn where your organization is located, your IP address, etc. Even the remote possibility of this happening is not acceptable to us. We had to find a solution.

Suddenly, the sky darkens and thickens with a mass of water-laden clouds. Lighting and thunder tear the sky open and the rain begins to deluge down. The Storm is here.

dissociates communication

Unleash the Spawner Storm

Spawner Storm dissociates the Fognigma engine from its components and build requests like never before. It does so by leveraging our patented Portal Proxy solution. Portal Proxies are unique, on-demand URLs from which users access web services (including internal Fognigma components). Portal Proxies add a singular dissociative layer between the user and the web service (i.e., between the two communicating parties).

What Spawner Storm does is create a mass of Portal Proxies and then passes all the virtual machine build requests and further communications to Fognigma components through those proxies. In one test we performed, we created a Spawner Storm with 200 Portal Proxies through which to pass communications. At the end of the test, the virtual machine we were pinging noted contact with over 60 different IP addresses spread throughout clouds in various locations across the globe.

Spawner Storm ensures that communications between an organization’s Fognigma engine, cloud service providers, and all virtual machines are as scattered as possible to prevent any chance of association.

Working together yet seeming apart is one of the main benefits Fognigma can offer organizations, and Spawner Storm is the newest innovation to make that separation even more separate. For more information on Spawner Storm or Fognigma or to schedule a demo, please contact us here.

malware from vpn

The Perils and Pitfalls of Free VPNs

VPNs Can Help Your Organization’s Cybersecurity

Virtual Private Networks (VPNs) create private and secure tunnels through public Internet space in which we nest our networks. They give us anonymity, protect our resources, and often allow us to get around geo-specific barriers to software and services. But you know all that. There are paid VPN services and free VPN services, but you know that, too. Often, in this world of getting the most with spending the least, our wallets (or, rather, those of our bosses) predicate examining VPNs that cost nothing. But be warned: just because you’re not paying for something doesn’t mean you won’t pay for it.

 

Everything Has a Cost

Nothing online is really free—everything comes at a cost. You might not realize what the cost is, but it’s always there. So, what are the hidden costs of a free VPN service?

Malware

In an independent study by CSIRO, 283 VPN-based Android apps were analyzed. One of the key findings was over 38% of the apps had some sort of malware presence. Though this study was done on Android apps, you can easily extrapolate that these statistics are likely very similar to apps and services on other platforms.

malware from vpn

Third-Party Tracking

In the same study, it was found that 75% of apps used third-party tracking libraries. The top two trackers were Google Ads and Google Analytics, but the paper also pointed out that some of the least common tracking libraries used in all apps were the most prevalent in VPN apps. Some of this makes sense: instead of charging you for the app, the developer is relying on ad revenue. But the pervasiveness and quantity of these trackers is still worrying.

Third-Party Access to Private Information

82% of the apps analyzed in this study requested permissions to access more private information. Some wanted access to SMS messages, while others wanted to view other apps’ activities or read system logs. This last permission is categorized by Android as “highly sensitive,” as it can “expose personal information (including passwords).” Again, some of these permissions can be explained as being normal for the services offered, but the depths at which these free VPN apps are gaining access to your resources and protected information is troublesome.

sensitive and private information

Internet Throttling

Another way free VPNs can make money is by enticing you to opt for paid versions of their free services. The easiest way to do this is through tiers of service. You want free? Okay, that’s fine—but you’ll have to put up with low speeds and a very limited amount of data that can be transferred per day. Want the service you thought you were getting? Well, just take out your credit card and upgrade to the premium package.

Sale of Private Data

This is a little different than allowing third-party apps to access your data; this is the explicit selling of the data you provided when you created an account, as well as your usage statistics, to third parties. Luckily, due to GDPR and other privacy laws, this exploitation of private data does need to be spelled out for potential customers (it just might mean you have to read lots of fine print before you sign up).

Sale of Bandwidth

This one isn’t common, but it has happened. Hola’s free services allow users to get around geo-specific barriers to watch videos and TV shows. However, they also run another paid proxy site called Luminati. What do these two sites have in common? Basically, Hola has been selling unused bandwidth from its free Hola users to its paid Luminati users. And what has this bandwidth been used for? In one example, it was used as a botnet to run multiple DoS attacks against an online forum. What else is the bandwidth of free users being used for (other than making money for the company providing the free service)? No one knows.

botnet attack from vpn

Is A Free VPN Worth It?

In short, yes and no. You must do your research and read any and all fine print before agreeing to grant access or move traffic. And remember, some free VPN apps are better (read: safer) than others. However, always keep in mind these words from Ryan O’Leary, president of the Threat Research Center at WhiteHat Security, “The lower the cost of the [VPN] app, the greater the chance they have security problems. . . . At best, they are using ads to earn income. At worst, they are selling your private information. . . . When done correctly, VPNs are a good option [for extra security]. But never forget that, in the end, you get what you pay for. “

benefits of a VDI

Benefits of Virtual Desktop Infrastructure

Hardware: The Old-Fashioned Approach

In the past, adding computers to your organization was easy. It normally involved spec’ing out new hardware, purchasing it, installing it into your network, and then getting belittled by users who were unhappy with the machine’s capabilities. Like any decision, adding new computers is always a compromise: budget vs. tech vs. amount of time till obsolescence. It’s a balance that’s never perfect, especially when scaled up to an organizational level.

Once you have your computers though, you’re chained to them for quite some time. Often, they determine where your organization can operate (i.e., desktop computers predicate staying in office, while laptops allow for more freedom to travel) which, in some respects, dictates how your organization can operate. If your organization, however, needs to function all over the world, if it needs the flexibility to adapt dynamically to mission specifications, then you need to explore the benefits of Virtual Desktop Infrastructure (VDI).

Virtual Desktop Infrastructure Benefits

First, we must note: VDIs don’t replace all hardware as they need hardware on which to function. But they can provide a myriad of benefits to organizations who use them to their fullest. The easiest benefit to highlight is the cost savings. As mentioned in a ComputerWeekly.com article, VDIs use an estimated “60-70% less power than existing physical environments.” On top of that, VDIs offer cost (and time) savings when updates are required. No longer do you have to go to each physical machine and run updates. VDIs update through their software, meaning they all update at once. Some call this “future proof”.

Another key VDI benefit is its sandboxed nature. Open a browser in a VDI, for example, and if some malicious code gets through, it’s trapped inside the framework of the VDI. This protects the host computer from a wide variety of attacks, but it’s not perfect. If you save files on a VDI, they go to the host computer. This can store files in unintended (or unwanted) places or expose the host computer (and, by extension, your entire network) to malware, viruses, and other nefarious bits of programming.

malware to vdi

There is a VDI solution out there that goes above and beyond—one that takes everything good about standard VDIs and adds some hearty doses of superpowers. If you need a VDI solution created with total mission success in mind, then you need a VDI powered by Fognigma.

Fognigma’s Virtual Desktop Infrastructure Added Benefits

Fognigma VDIs have all the features of a standard VDI (sandboxed, cost savings, etc.), but add capabilities not found anywhere else. Let’s explore some of the most important capabilities and prove why VDIs powered by Fognigma is the best choice for your organization.

Unlike standard VDIs, Fognigma VDIs have the ability to save and move files without involving the host computer. Files can transfer to and from USB drives and the VDI and the host computer will never retain a record of anything. VDI audio is filtered to ensure no IP leaks occur. In short (and to paraphrase a slogan), what exists in a Fognigma VDI stays in a Fognigma VDI.

secure usb to host vdi

 

 

There are even more special ways Fognigma VDIs can interact with files. Using our Nomadic Profile ability, files will follow authenticated users from VDI instance to VDI instance. Launch and log into a VDI and save files to the VDI’s desktop. The next time you launch a VDI and log in, your files will be on that desktop, too! As a complement to this Nomadic ability, Fognigma VDIs can use a shared server folder which adds drag-and-drop file sharing between multiple concurrent VDI instances. Take your files with you and share with your team all from the safety of a VDI.

Fognigma VDIs can also be tailored to the organization and individual user. Install custom apps if needed or limit the access of apps or features users can employ. Perhaps your organization has a squad that just needs to collect information—let them access a VDI with just a file share attached. Basically, VDIs allow for de facto Identity and Access Management by allowing admins to select the exact type of VDI (and, therefore, accessible apps) each user is able to launch.

The biggest unique feature of a Fognigma VDI, however, is the ability of anonymous world travel and web browsing. This is actually a fun way to describe a bunch of related features. Fognigma VDIs allow you to explore the Internet fully anonymous and appear to be in almost any location on the planet. So, if you need to look like a user in Germany, you can launch a VDI with an exit point (i.e., where the IP address appears to be) in Germany. But Fognigma VDI exit points are dynamically switchable, so in a few mice clicks that same VDI can now appear to exist in, for example, Japan. Plus, you can launch VDIs from almost any device anywhere in the world. These features all work together to allow your users to become part of any web-landscape in any geographic region, without raising suspicion.

As you can see, Fognigma VDIs strive to be the pinnacle of virtual desktop technology and they are always evolving (one of the latest updates sped our VDIs to almost 50% faster than standard VDIs). To learn more about our amazing VDI solutions or to schedule a demonstration, please contact us today.

DoDIIS 2022 conference header graphic

The Benefits of a Hybrid Cloud Implementation

A Hurried Migration to the Cloud

As knights of old stood near the deep moats of the castles they were tasked to protect, they never realized how much the defense of the future would rely in the clouds above their heads. <insert uplifting lute music here.> Okay, so not really those clouds, but we just wanted to paint a dramatic picture of some folks in armor. Today, organizations are moving quickly into the cloud, often for its versatility of access (i.e., users can reach organizational resources from anywhere in the world). This is great for usability but can spell ruin for those without a proper cyberdefense plan in place. A hybrid cloud implementation may seem out of reach for organizations.

According to FireMon’s 2019 State of Hybrid Cloud Security Survey (via BusinessWire), “60% say cloud business initiatives are accelerating faster than security teams’ ability to secure them.” Organizations are rushing to adopt a technology without being properly prepared. The “why?” is anyone’s guess, but the reality is they are exposing their users, data, customers, missions, resources, and very existence to a swirling mass of calculated chaos bent on exploiting the hard work of others for their own financial gain.

 “The enterprise that the perimeter is intended to protect now extends well beyond ‘the four walls’ to the cloud.” – Accenture

 

A Hybrid Cloud Implementation Appears

For many organizations though, putting everything online isn’t the best use of their cloud resources. Sometimes it’s because their network uses legacy technology that isn’t adapted to the fast-paced world of the cloud. Other times, it’s due to laws or procedures which mandate they retain physical control over their resources. There are also organizations who wish to stay off the cloud so they can continue to protect the perimeter they know versus the unknown perimeter expanded by the cloud (as illustrated in the above quote).

communication cloud setup

Even these organizations realize that being connected to the cloud isn’t inherently a bad thing but being fully on the cloud is not a solution they are ready for. This is what is so great about a Hybrid Cloud – it works with already existent resources and can adapt to fit the online needs of any organization. “But writer-person, what benefits can a Hybrid Cloud give me now?” you demand. We point to the next headline and urge you to keep reading.

 

Hybrid Cloud Benefits

The benefits of a Hybrid Cloud implementation are multi-fold and specific to the organization’s needs.

Here are five of the main benefits:

  1. Maintaining physical control over resources. With a Hybrid Cloud, the cloud part is in addition to whatever physical servers the organization uses. Resources can remain on the physically controlled private servers while the network has access to the cloud.

physical cloud servers

  1. Flexibility to move resources on- or offline. With a Hybrid Cloud, organizations have the ability to move their resources to where they are most needed, whether that be online or offline. And this isn’t just a one-time movement—it is dynamic, with organizations having the power to move resources from their physical storage to the cloud and back at any time.

 

  1. Global access to specific organizational resources. As mentioned before, global access is one of the reasons organizations have pushed all their resources into the cloud. We can’t argue that being able to access your files from anywhere in the world is an amazing feature but doing so without thought to or planning for the dangers is a disaster waiting to happen. When properly configured and protected, a Hybrid Cloud gives you the benefit of global access.

cloud networks around the globe

  1. Quick scalability of online presence. Since only part of the organization exists online when using a Hybrid Cloud, their online presence doesn’t have to be bloated with every asset and resource of the organization. This gives great flexibility for the size of the organization’s online presence. When the organization needs more online resources, the Hybrid Cloud can expand to meet those needs (and vice versa when less online resources are required).

 

  1. Protect legacy infrastructure with leading-edge cloud technology. Hybrid Clouds can be the buffer between out-of-date networks and the Internet. They allow an organization to safely leverage online assets while still using their legacy systems. A Hybrid Cloud can also give a legacy system the means to upgrade itself bit by bit in a protected environment.

 

Fognigma Offers Unique Hybrid Cloud Solutions

Fognigma, the premier solution for invisible and secure cloud-based networks, gives organizations the Hybrid Cloud setup they desire with some added superpowers. One of the most important benefits of a Fognigma Network deployed as a Hybrid Cloud is the encrypted and invisible protection Fognigma offers an organization. [For a summary of Fognigma, click here.] This indispensable security will protect assets in your cloud and your physical servers.

Fognigma is a true enterprise solution—once an organization purchases it, the Fognigma Network is run and owned exclusively by the organization without any third-party oversight. Not all enterprise products work this way. One very recent example was an issue with the online storage service, Box. As reported by The Register, “Various Box Enterprise customers have inadvertently shared, and probably still are sharing, sensitive corporate data on the public internet. And that included Box itself.” Cybersecurity firm, Adversis, discovered that Box Enterprise customers got their own sub-domains and URLs, which followed a very specific pattern. Replicate that pattern with different business names and it was possible to brute-force your way into an organization’s files (terabytes of data have been exposed). Unfortunately, this is a chilling example of the danger of using online solutions with third-party oversight.

The list of Hybrid Cloud benefits Fognigma can provide to an organization are too many to go into detail here. The best way to learn about them is to contact us today, request more information, and schedule a demonstration.