bigstock-Isometric-Cloud-Computing-Conc-243793318-Converted-01

Setting Up Your Own Secure File Server: A Primer

Take Your Files with You

Just as the world never stops turning, our operations remain in constant motion. They take us on the road, in the air, and over the sea. We bundle up our technology and bring it with us so we can continue working, and no matter which types of tech we take along, one thing is always needed: our files. A secure file server can make all the difference.

Of course, you could take a thumb drive with your files wherever you go, but everyone knows how risky that is. Misplace the drive and your documents will most likely find a new life in dark places on the Internet where all sorts of bad things can result. Or, at the very least, multiple versions of the documents will be created, leading to version control confusion (i.e., you won’t know which version is the most recently updated and accurate).

The only answer is to have an online file repository where you can access your files, without creating and carrying around multiple copies. But which method is the best to create a secure file server?

Host your own secure file server

Cloud Storage Thunderstorms

The fastest way to give your files the gift of remote access is to upload them to a cloud storage server operated by one company or another. We won’t name cloud storage companies because for many, they are viable options for file storage. However, we will mention some of the potential security risks these cloud storage companies, as a whole, represent.

  • Lack of Crypto-Key Control – In simplistic terms, when files are encrypted, keys are created to encrypt and decrypt the files. If you don’t have the key, you can’t see the file. The problem with some cloud storage providers is they maintain ownership of the encryption keys, which means if the service was hacked, the hackers would have control over the encryption keys to your files.
  • Lack of Any Security Control – When you sign up for a cloud storage provider, they have their own methods of cybersecurity in place. You don’t have a say in what encryption they use, for example, or any other security features. In short, you are trusting their cybersecurity team with all your data.
  • Data Sharing – Sometimes cloud storage providers have shared data (or, at least, metadata) with third parties. When security is a prime concern, the sharing of any data about your data or your organization is potentially very harmful.
  • Shared Server Storage – When you upload files to a cloud storage provider, your files are stored on a section of one of their massive servers. If the file server gets hacked via another customer’s account, once again, the hackers can gain access to your files since they reside on the same server.

Host your own secure file server

Host Your Own Secure File Server

The easiest way to take total control over your file server needs is to set up your own. Though that might sound daunting, it is actually pretty simple. Plus, there are multiple manners of file sharing you can use. Here are a few:

  • NAS (Network Attached Storage) – NAS is one of the easiest ways to build a secure server, but it is reliant on you having the proper type of router. Some routers have USB ports for storage. Plug in a thumb drive, configure a few settings, and you’re the proud owner of a private server!
  • FTP (File Transfer Protocol) – FTP has been around for almost as long as the Internet. While it’s not exactly what you imagine when you think of a cloud server, FTP servers can be used to easily transfer large files. You can even add security measures to FTP. Use SFTP (Secure File Transfer Protocol) and you’ll be using SSH to protect the transmission of your files. Or, use FTPS (File Transfer Protocol Secure) which give you TLS encryption for data transmission.
  • HFS (HTTP File Server) – HFS is another protocol which has been around for some time. It can be set up quickly which is great for inexperienced users yet has tons of customizable options for the more advanced users.

The most important part, after you’ve determined the type of private server you plan to run, is to explore security options. You’ll need to do it all yourself (as compared to a cloud storage provider) but, as previously stated, you’ll have full control over your security. You can make sure your security measures are always up to date, your software properly patched, and access to your files exactly as controlled as you desire.

To learn more how Fognigma, our leading-edge enterprise software solution, can take your protected, online-accessible file storage to the next level, contact us today.

Isometric Icons without Light-12

VoIP vs. Landline Security: A Comparison

Telephones Require Security, Too

Telephones were created to transmit person-to-person communication at a longer distance. Everyone knows that. It’s also expected by most people talking on phones that the conversation is only between themselves and the person or persons at the other end. But we in the cybersecurity world know that’s not always the case. We know that if communications are happening, there are always third parties trying to intercept those communications. Therefore, security is just as important for your telephony as it is for your networks, users, and other systems. VoiP vs Landline security is important for deciding which to use.

For office use, two types of phone systems are the most plentiful: hardwired landlines (also called PSTN, or public switched telephone networks) and virtual VoIP (Voice over Internet Protocol). Which is more secure: landline or VoIP? Let’s explore further.

Landline phones need security

Landlines

The oldest and more traditional method of telephony is the landline—wires literally stretching all over the world, physically connecting handset to handset (with all the switches, terminals, cables, etc. in between, of course). It’s a system and infrastructure that’s been built up over one hundred years and works via circuit switching (a dedicated link between the two callers that exists as long as the call takes place). By having an actual physical connection, landlines are quite secure. In order to intercept communications, the wires themselves must be hacked into. This is not impossible, but it is quite an undertaking. However, to get this innate security, one must pay for the infrastructure by way of taxes, per-call fees, and other applicable charges. Also, this technology is limited to only voice calls—no other type of data (SMS, video, other file types) can be transmitted.

voip vs landline security

VoIP

VoIP calls have the curse and blessing of traveling over the Internet. VoIP calls are more feature rich and can transmit voice, video, and files. Because calls are placed over IP, there are little to no fees per call. However, VoIP calls work via packet switching, in which the information is digitally sent over the Internet in sections via many different and ever-changing routes (to be reassembled when they reach the end caller). As this article on Lifewire points out, “It is easier . . . to intercept VoIP data thereby breaching your privacy.” The articles goes on to say, “Many of the nodes through which the VoIP packets pass are not optimized for VoIP communications, which renders the channel vulnerable.”

That was the curse part. The blessing comes in the form of cybersecurity. Since VoIP calls are traveling over the Internet, you can protect them using all the cybersecurity methods you use for your organization, networks, and users. Firewalls, encryption, VPNs, and virus and malware protection (yes, you can get malware from a VoIP call) can enrobe and strengthen the security of VoIP telephony. These security measures are just not available for landline phone systems.

Telephony security is important

One Final Warning

There is one other way to intercept any type of phone call, possibly one you thought about in the section about landlines, and that is eavesdropping. Yes, no matter how much security you put in place, someone simply could be listening in at your door or through an electronic device. This means the final telephony security measure is your own discretion. Are you in a secure location for a call? Is there the possibility that devices could be hidden around you? Is there anywhere more secure you could place the call? Along with the type of telephony your organization is using and its intrinsic and additional security measures, being aware of your surroundings is the extra step which will help your phone calls stay secure.

Fognigma’s telephony solutions take VoIP security to the next level, featuring leading-edge technology and the utmost in communications protection. To learn more how our solutions can help your organization or to schedule a demonstration of them, contact us today.

Manage network attribution

The Importance of Patches and Updates

Everything was Once New

A new bit of software is released. It’s sparkling, it’s fun, it’s revolutionary. Everyone loves it and starts using it. Or, perhaps the new thing is an IoT device which lets you monitor the air quality of your office. In order to survive in today’s marketplace (read: make the company money), products get pushed onto shelves to be sold often times before they are fully functional and secure. Because of this rush, most software and software-based products are flawed at the time you purchase them. It’s important to apply patches and updates to software when released.

You know the drill: you get your brand-new cognition amplifier home and what’s the first thing you do after you turn it on and connect it to Wi-Fi? That’s right, you search for (and normally install) updates. Many people think that’s the only maintenance they need to do, but it’s not. Just like a flower in a pot. It will look nice as soon as you get it home, but if you think you can just leave it and it will always look nice, you are wrong. You need to care for it and provide what it needs, or it will get sick. Just like your devices and software.

“Data is moving in and out of hospitals very freely and they’re very unsegmented. We have customers who are still using Windows 95. That’s insane … And we’ve been told that, since they’re saving lives 24/7, they never patch. They’re afraid of rebooting the system or messing it up.” – Chris Morales, Head of Security Analytics at Vectra

patches and updates

What Can Go Wrong?

But what really can go wrong if you don’t update your stuff? Can it really be that bad? You might just be missing out on some new features, right? Let’s explore some recent update and patch news:

These examples provide insight into potential security breaches on a massive scale that were all fixed with a patch. You don’t want to install some weather-checking software or an IoT thermostat and have it serve as a doorway outsiders can exploit to compromise your systems, steal your data, and destroy the credibility of your users and organization. And software/IoT device companies don’t want to get in the news as being the cause for such a compromise and feeling the wrath of litigation, bad press, and governmental fines rain down upon them.

All the above stories have one thing in common (other than the scale and potential damage the flaws could have inflicted): every vulnerability was fixed with a patch. This is what responsible software and software-reliant hardware companies do—they monitor and patch and update to make their product the safest and best it can be.

This is something you should think about and investigate when selecting software and hardware options. See if the company has frequent updates or patches. Make sure they are continuing to support their product and make it secure. Otherwise, you could put a lot of faith in a product that will just leave you exposed to those who wish to do you harm.

Always update and patch your software

A Final Word on Patches and Updates

It’s not just for your own organization’s security that you want to keep your software and hardware updated and patched. Between GDPR regulations (where organizations can be fined up to 4% of their annual income or €20 million, whichever’s greater)  and the new Binding Operational Directive from CISA ((BOD) 19-02) setting a deadline for updating any and all systems when a patch is available (15 days for “critical” vulnerabilities and 30 days for “high”-severity flaws), pressure is on from national and international institutions to protect your systems. Like herd immunity for viruses and diseases, the world has seen the importance of all organizations keeping their software updated.

It does take a little time but make it part of standard operating procedure and get it on a schedule. Find the best time for updates to take place for your organization and make sure they are never missed. Your organization’s cybersecurity will thank you.

To learn more how we make sure our solutions stay updated and our customers are alerted any time a new update or patch is released, contact us today.

malware to vdi

The Problem with Old Encryption Methods

Encryption is Vital

Mission success depends on organizational data and communications staying protected. It behooves organizations, therefore, to shroud their comms and data with encryption. So why don’t they? Why don’t organizations and agencies rush out and implement at least some form of encryption? Why don’t they make encryption a top priority? Well, it’s not as easy as just pressing a button, but perhaps not for the reasons you think. Let’s examine encryption, some of the things that prevent organizations from adopting it, and some of the disasters that can occur without it.

 

Encryption is Nothing New

As soon as the first person had a secret they wanted to tell another, without the whole world knowing, encryption was born. (We’ve covered some of this before in our blog about Dual Encryption. Take a read for some extra background into the history of encryption.) Encryption of one form or another has been used to protect trade secrets, important communications, and military intelligence.

All encryption is based on ciphers — rules of reorganizing the information so its actual meaning is hidden from anyone who doesn’t know the rules. In a simplistic model, the ciphers work with special keys to lock up the data, and the same key (symmetric encryption) or a different key (asymmetric encryption) unlocks the data and allows it to be deciphered.

Since encryption was first born, however, others have been working hard at breaking encryption. And so, encryption methods have grown more and more complex. The current accepted standard of encryption is AES-256 encryption which creates digital keys 256 characters long. Brute force (i.e., guessing all random combinations) a number that size would take a billion times longer than the age of the universe.

So, encryption has been around a long time, which brings the question again: Why aren’t organizations adopting encryption for all their data and communications?

Encryption Costs Time

Encryption doesn’t just happen. A method must be chosen, procedures must be implemented, users must be trained, and then everyone actually needs to use the encryption. All this disruption to the current way of doing things takes time. Lots and lots of time, especially the “everyone actually using it” part.

Encryption adds extra steps to workflow and users are notorious for going around company policy if it slows down their work. A new report from Symphony Communication Services shows 24% report they are “aware of IT security guidelines yet are not following them;” “27% knowingly connect to an unsecure network;” and “25% share confidential information through [unsecure] collaboration platforms.”

This is very troublesome when incorporating encryption into your organization. For encryption to protect properly, everyone needs to be using it instead of finding ways around it. A report by the Government Business Council showed that of those Defense employees who admit to using their personal devices to conduct agency work, 94% say their devices have not been approved by the agency. Once again, more evidence that users are choosing convenience over security—choosing to save time over protecting the organization. Time, then, is the true cost (and problem) with old encryption methods.

Automated Encryption is the Future

In the future, encryption will be easier for organizations to adopt because it will all be handled behind the scenes. You’ll simply log in to a program (which will handle all the key exchanges and encryption/decryption) and let it run in the background. You will then be able to send encrypted messages as easy as sending a regular chat message—no extra steps needed. You’ll be able to encrypt files that only the specific users you selected will be able to open (even if the user is just yourself). And this encryption will be available on desktop and mobile devices, all working together to ensure your organization’s encryption.

Think that sounds like a pipe dream? Too good to be true? Too far out in the future? What if we told you the future was in the final stage of development and testing, and will be ready for release very soon? It has a name: Conclave. It has a purpose: to make sure you use encryption and protect your organization without all the extra steps. To learn how our automated encryption solutions can help secure your data, users, and organization, please contact us today!

Spawner Storm

Spawner Storm: An Introduction

Always Innovating

One key goal of innovation is not always to do something new, but to do something better. The process in which Fognigma communicates with various cloud service providers, leasing and building virtual machines, and uniting those machines to function as one invisible and secure network is new (which is why it’s patented). But we’re not content with just creating an amazing product and then resting on our laurels—we want to continue to make the product evolve into an even better version of itself. We are constantly checking our software and stretching our brains to figure out ways to make it more secure, more undetectable, and more valuable to the customers who use it.

Which is why we created Spawner Storm, a revolutionary and patent-pending method for anonymizing Fognigma Network builds and communications even more. But we’re getting ahead of ourselves. Let’s first describe the issue and then we can showcase Spawner Storm’s technology and how it takes Fognigma Networks to the next level.

Even a Little is Still Too Much Association

When the Fognigma engine builds a network, it sends messages to the cloud service providers communicating the plans to build each virtual machine. Then, the engine continues to talk to the cloud and all the virtual machines. What we realized is because the engine has a set IP address, if anyone could discover some of the virtual machines and see the IP address that was communicating with it, they’d be able to associate all the machines. That is, they could tell the virtual machines were working together and then trace them back to the engine using the discovered IP address of the engine. This sort of association could possibly lead a nefarious third-party right to your Fognigma’s engine’s front door and, from there, learn where your organization is located, your IP address, etc. Even the remote possibility of this happening is not acceptable to us. We had to find a solution.

Suddenly, the sky darkens and thickens with a mass of water-laden clouds. Lighting and thunder tear the sky open and the rain begins to deluge down. The Storm is here.

dissociates communication

Unleash the Spawner Storm

Spawner Storm dissociates the Fognigma engine from its components and build requests like never before. It does so by leveraging our patented Portal Proxy solution. Portal Proxies are unique, on-demand URLs from which users access web services (including internal Fognigma components). Portal Proxies add a singular dissociative layer between the user and the web service (i.e., between the two communicating parties).

What Spawner Storm does is create a mass of Portal Proxies and then passes all the virtual machine build requests and further communications to Fognigma components through those proxies. In one test we performed, we created a Spawner Storm with 200 Portal Proxies through which to pass communications. At the end of the test, the virtual machine we were pinging noted contact with over 60 different IP addresses spread throughout clouds in various locations across the globe.

Spawner Storm ensures that communications between an organization’s Fognigma engine, cloud service providers, and all virtual machines are as scattered as possible to prevent any chance of association.

Working together yet seeming apart is one of the main benefits Fognigma can offer organizations, and Spawner Storm is the newest innovation to make that separation even more separate. For more information on Spawner Storm or Fognigma or to schedule a demo, please contact us here.

malware from vpn

The Perils and Pitfalls of Free VPNs

VPNs Can Help Your Organization’s Cybersecurity

Virtual Private Networks (VPNs) create private and secure tunnels through public Internet space in which we nest our networks. They give us anonymity, protect our resources, and often allow us to get around geo-specific barriers to software and services. But you know all that. There are paid VPN services and free VPN services, but you know that, too. Often, in this world of getting the most with spending the least, our wallets (or, rather, those of our bosses) predicate examining VPNs that cost nothing. But be warned: just because you’re not paying for something doesn’t mean you won’t pay for it.

 

Everything Has a Cost

Nothing online is really free—everything comes at a cost. You might not realize what the cost is, but it’s always there. So, what are the hidden costs of a free VPN service?

Malware

In an independent study by CSIRO, 283 VPN-based Android apps were analyzed. One of the key findings was over 38% of the apps had some sort of malware presence. Though this study was done on Android apps, you can easily extrapolate that these statistics are likely very similar to apps and services on other platforms.

malware from vpn

Third-Party Tracking

In the same study, it was found that 75% of apps used third-party tracking libraries. The top two trackers were Google Ads and Google Analytics, but the paper also pointed out that some of the least common tracking libraries used in all apps were the most prevalent in VPN apps. Some of this makes sense: instead of charging you for the app, the developer is relying on ad revenue. But the pervasiveness and quantity of these trackers is still worrying.

Third-Party Access to Private Information

82% of the apps analyzed in this study requested permissions to access more private information. Some wanted access to SMS messages, while others wanted to view other apps’ activities or read system logs. This last permission is categorized by Android as “highly sensitive,” as it can “expose personal information (including passwords).” Again, some of these permissions can be explained as being normal for the services offered, but the depths at which these free VPN apps are gaining access to your resources and protected information is troublesome.

sensitive and private information

Internet Throttling

Another way free VPNs can make money is by enticing you to opt for paid versions of their free services. The easiest way to do this is through tiers of service. You want free? Okay, that’s fine—but you’ll have to put up with low speeds and a very limited amount of data that can be transferred per day. Want the service you thought you were getting? Well, just take out your credit card and upgrade to the premium package.

Sale of Private Data

This is a little different than allowing third-party apps to access your data; this is the explicit selling of the data you provided when you created an account, as well as your usage statistics, to third parties. Luckily, due to GDPR and other privacy laws, this exploitation of private data does need to be spelled out for potential customers (it just might mean you have to read lots of fine print before you sign up).

Sale of Bandwidth

This one isn’t common, but it has happened. Hola’s free services allow users to get around geo-specific barriers to watch videos and TV shows. However, they also run another paid proxy site called Luminati. What do these two sites have in common? Basically, Hola has been selling unused bandwidth from its free Hola users to its paid Luminati users. And what has this bandwidth been used for? In one example, it was used as a botnet to run multiple DoS attacks against an online forum. What else is the bandwidth of free users being used for (other than making money for the company providing the free service)? No one knows.

botnet attack from vpn

Is A Free VPN Worth It?

In short, yes and no. You must do your research and read any and all fine print before agreeing to grant access or move traffic. And remember, some free VPN apps are better (read: safer) than others. However, always keep in mind these words from Ryan O’Leary, president of the Threat Research Center at WhiteHat Security, “The lower the cost of the [VPN] app, the greater the chance they have security problems. . . . At best, they are using ads to earn income. At worst, they are selling your private information. . . . When done correctly, VPNs are a good option [for extra security]. But never forget that, in the end, you get what you pay for. “

benefits of a VDI

Benefits of Virtual Desktop Infrastructure

Hardware: The Old-Fashioned Approach

In the past, adding computers to your organization was easy. It normally involved spec’ing out new hardware, purchasing it, installing it into your network, and then getting belittled by users who were unhappy with the machine’s capabilities. Like any decision, adding new computers is always a compromise: budget vs. tech vs. amount of time till obsolescence. It’s a balance that’s never perfect, especially when scaled up to an organizational level.

Once you have your computers though, you’re chained to them for quite some time. Often, they determine where your organization can operate (i.e., desktop computers predicate staying in office, while laptops allow for more freedom to travel) which, in some respects, dictates how your organization can operate. If your organization, however, needs to function all over the world, if it needs the flexibility to adapt dynamically to mission specifications, then you need to explore the benefits of Virtual Desktop Infrastructure (VDI).

Virtual Desktop Infrastructure Benefits

First, we must note: VDIs don’t replace all hardware as they need hardware on which to function. But they can provide a myriad of benefits to organizations who use them to their fullest. The easiest benefit to highlight is the cost savings. As mentioned in a ComputerWeekly.com article, VDIs use an estimated “60-70% less power than existing physical environments.” On top of that, VDIs offer cost (and time) savings when updates are required. No longer do you have to go to each physical machine and run updates. VDIs update through their software, meaning they all update at once. Some call this “future proof”.

Another key VDI benefit is its sandboxed nature. Open a browser in a VDI, for example, and if some malicious code gets through, it’s trapped inside the framework of the VDI. This protects the host computer from a wide variety of attacks, but it’s not perfect. If you save files on a VDI, they go to the host computer. This can store files in unintended (or unwanted) places or expose the host computer (and, by extension, your entire network) to malware, viruses, and other nefarious bits of programming.

malware to vdi

There is a VDI solution out there that goes above and beyond—one that takes everything good about standard VDIs and adds some hearty doses of superpowers. If you need a VDI solution created with total mission success in mind, then you need a VDI powered by Fognigma.

Fognigma’s Virtual Desktop Infrastructure Added Benefits

Fognigma VDIs have all the features of a standard VDI (sandboxed, cost savings, etc.), but add capabilities not found anywhere else. Let’s explore some of the most important capabilities and prove why VDIs powered by Fognigma is the best choice for your organization.

Unlike standard VDIs, Fognigma VDIs have the ability to save and move files without involving the host computer. Files can transfer to and from USB drives and the VDI and the host computer will never retain a record of anything. VDI audio is filtered to ensure no IP leaks occur. In short (and to paraphrase a slogan), what exists in a Fognigma VDI stays in a Fognigma VDI.

secure usb to host vdi

 

 

There are even more special ways Fognigma VDIs can interact with files. Using our Nomadic Profile ability, files will follow authenticated users from VDI instance to VDI instance. Launch and log into a VDI and save files to the VDI’s desktop. The next time you launch a VDI and log in, your files will be on that desktop, too! As a complement to this Nomadic ability, Fognigma VDIs can use a shared server folder which adds drag-and-drop file sharing between multiple concurrent VDI instances. Take your files with you and share with your team all from the safety of a VDI.

Fognigma VDIs can also be tailored to the organization and individual user. Install custom apps if needed or limit the access of apps or features users can employ. Perhaps your organization has a squad that just needs to collect information—let them access a VDI with just a file share attached. Basically, VDIs allow for de facto Identity and Access Management by allowing admins to select the exact type of VDI (and, therefore, accessible apps) each user is able to launch.

The biggest unique feature of a Fognigma VDI, however, is the ability of anonymous world travel and web browsing. This is actually a fun way to describe a bunch of related features. Fognigma VDIs allow you to explore the Internet fully anonymous and appear to be in almost any location on the planet. So, if you need to look like a user in Germany, you can launch a VDI with an exit point (i.e., where the IP address appears to be) in Germany. But Fognigma VDI exit points are dynamically switchable, so in a few mice clicks that same VDI can now appear to exist in, for example, Japan. Plus, you can launch VDIs from almost any device anywhere in the world. These features all work together to allow your users to become part of any web-landscape in any geographic region, without raising suspicion.

As you can see, Fognigma VDIs strive to be the pinnacle of virtual desktop technology and they are always evolving (one of the latest updates sped our VDIs to almost 50% faster than standard VDIs). To learn more about our amazing VDI solutions or to schedule a demonstration, please contact us today.

DoDIIS 2022 conference header graphic

The Benefits of a Hybrid Cloud Implementation

A Hurried Migration to the Cloud

As knights of old stood near the deep moats of the castles they were tasked to protect, they never realized how much the defense of the future would rely in the clouds above their heads. <insert uplifting lute music here.> Okay, so not really those clouds, but we just wanted to paint a dramatic picture of some folks in armor. Today, organizations are moving quickly into the cloud, often for its versatility of access (i.e., users can reach organizational resources from anywhere in the world). This is great for usability but can spell ruin for those without a proper cyberdefense plan in place. A hybrid cloud implementation may seem out of reach for organizations.

According to FireMon’s 2019 State of Hybrid Cloud Security Survey (via BusinessWire), “60% say cloud business initiatives are accelerating faster than security teams’ ability to secure them.” Organizations are rushing to adopt a technology without being properly prepared. The “why?” is anyone’s guess, but the reality is they are exposing their users, data, customers, missions, resources, and very existence to a swirling mass of calculated chaos bent on exploiting the hard work of others for their own financial gain.

 “The enterprise that the perimeter is intended to protect now extends well beyond ‘the four walls’ to the cloud.” – Accenture

 

A Hybrid Cloud Implementation Appears

For many organizations though, putting everything online isn’t the best use of their cloud resources. Sometimes it’s because their network uses legacy technology that isn’t adapted to the fast-paced world of the cloud. Other times, it’s due to laws or procedures which mandate they retain physical control over their resources. There are also organizations who wish to stay off the cloud so they can continue to protect the perimeter they know versus the unknown perimeter expanded by the cloud (as illustrated in the above quote).

communication cloud setup

Even these organizations realize that being connected to the cloud isn’t inherently a bad thing but being fully on the cloud is not a solution they are ready for. This is what is so great about a Hybrid Cloud – it works with already existent resources and can adapt to fit the online needs of any organization. “But writer-person, what benefits can a Hybrid Cloud give me now?” you demand. We point to the next headline and urge you to keep reading.

 

Hybrid Cloud Benefits

The benefits of a Hybrid Cloud implementation are multi-fold and specific to the organization’s needs.

Here are five of the main benefits:

  1. Maintaining physical control over resources. With a Hybrid Cloud, the cloud part is in addition to whatever physical servers the organization uses. Resources can remain on the physically controlled private servers while the network has access to the cloud.

physical cloud servers

  1. Flexibility to move resources on- or offline. With a Hybrid Cloud, organizations have the ability to move their resources to where they are most needed, whether that be online or offline. And this isn’t just a one-time movement—it is dynamic, with organizations having the power to move resources from their physical storage to the cloud and back at any time.

 

  1. Global access to specific organizational resources. As mentioned before, global access is one of the reasons organizations have pushed all their resources into the cloud. We can’t argue that being able to access your files from anywhere in the world is an amazing feature but doing so without thought to or planning for the dangers is a disaster waiting to happen. When properly configured and protected, a Hybrid Cloud gives you the benefit of global access.

cloud networks around the globe

  1. Quick scalability of online presence. Since only part of the organization exists online when using a Hybrid Cloud, their online presence doesn’t have to be bloated with every asset and resource of the organization. This gives great flexibility for the size of the organization’s online presence. When the organization needs more online resources, the Hybrid Cloud can expand to meet those needs (and vice versa when less online resources are required).

 

  1. Protect legacy infrastructure with leading-edge cloud technology. Hybrid Clouds can be the buffer between out-of-date networks and the Internet. They allow an organization to safely leverage online assets while still using their legacy systems. A Hybrid Cloud can also give a legacy system the means to upgrade itself bit by bit in a protected environment.

 

Fognigma Offers Unique Hybrid Cloud Solutions

Fognigma, the premier solution for invisible and secure cloud-based networks, gives organizations the Hybrid Cloud setup they desire with some added superpowers. One of the most important benefits of a Fognigma Network deployed as a Hybrid Cloud is the encrypted and invisible protection Fognigma offers an organization. [For a summary of Fognigma, click here.] This indispensable security will protect assets in your cloud and your physical servers.

Fognigma is a true enterprise solution—once an organization purchases it, the Fognigma Network is run and owned exclusively by the organization without any third-party oversight. Not all enterprise products work this way. One very recent example was an issue with the online storage service, Box. As reported by The Register, “Various Box Enterprise customers have inadvertently shared, and probably still are sharing, sensitive corporate data on the public internet. And that included Box itself.” Cybersecurity firm, Adversis, discovered that Box Enterprise customers got their own sub-domains and URLs, which followed a very specific pattern. Replicate that pattern with different business names and it was possible to brute-force your way into an organization’s files (terabytes of data have been exposed). Unfortunately, this is a chilling example of the danger of using online solutions with third-party oversight.

The list of Hybrid Cloud benefits Fognigma can provide to an organization are too many to go into detail here. The best way to learn about them is to contact us today, request more information, and schedule a demonstration.

Mission Partner Network-01

IoT Encryption

IoT is Everywhere

Look around you. The normal household or office has at least one smart device (collectively called the Internet of Things, or IoT for short) nearby. Some have more. Some have many. They are useful, save time, and (let’s face it) fun. But just as the stick you played with as a child could have turned around at any moment and poked your eye out, so can the IoT devices of today puncture your Internet security without proper IoT Encryption.

Are we saying you should round up all your IoT devices and throw them into a burning cauldron? Of course not. Though they are all potential vulnerabilities, that doesn’t mean they can’t be protected.

IoT Encryption is Needed

By 2020, Cisco estimates the number of IoT devices will be around 50 billion. One year later, as Cybersecurity Ventures points out, the estimate increases so that there will be roughly three times as many IoT devices as there are people on the planet. Let that sink in for a second: three IoT devices for each human on Earth — all in just two years’ time. Three Internet vulnerabilities for each person on the planet. It’s time for action.

“But why are IoT devices so vulnerable and how did we get into this mess?” you ask aloud to Alexa and Siri. Siri isn’t listening, but Alexa offers to order you an economy pack of paper towels to clean up the “mess.” The short answer to your two-part question is money.

IoT Devices on desk

People like devices they can talk to, devices that let them do things from afar, and devices that let them take control over their world (even if just in such a small way as customizing the color of a light bulb). Companies saw this like of such devices and began pumping them out at insane speeds. Other companies ripped off (or reverse engineered or both) the tech from these first companies and started selling budget IoT devices. This is how we got to the size of the mess. But what about the actual mess?

The mess part involves the software on the devices themselves and the way this software interacts with the Internet. Quite often, especially for the budget IoT devices, the software is composed of copy/pasted, Frankenstein-ed code that accesses the device in your home or office and passes through an Internet portal. This is how you can click an app at work and turn on a light at home. These are the holes in your security we were talking about earlier.

Now, big companies are always testing, improving, and updating their code to improve their customers’ experience and, more importantly, to make their devices more secure. But sometimes they don’t. Often (for both big companies and budget IoT device companies), there is little care about the security of the product, as the company makes its money on the sale and (quite often) the service the product offers. Once the company has your money, their goal has been achieved. But this lack of updates leaves devices vulnerable. And thus, the hole in your cybersecurity becomes a tear.

IoT security

A solution is needed to protect your organization from these tears. Of course, you could just get rid of all your IoT devices, but that’s not going to happen because they are just too much fun (okay, and some are very useful). IoT devices are not just gimmicks or novelties—many have an actual use in your organization. The only solution is to protect them since they won’t protect themselves. We do this by surrounding them with the encrypted protection of Fognigma.

IoT Encryption is Here

Fognigma is a patented enterprise software solution that allows organizations to build invisible, encrypted, and secure networks. [For more information, please visit the About page at http://staging.fognigma.com/why-fognigma/.] Users connect to their organization’s Fognigma network(s) using software (desktop client or mobile app) or hardware options (a Gateway to protect an entire facility or a Wicket to protect a computer, phone, or office).

Let’s zoom in on the Wicket, since it protects devices and not facilities. A Wicket is a small, portable piece of hardware that can be installed between your router and the public Internet to protect multiple devices. Once configured, the Wicket routes all your Internet traffic through a Fognigma network, protecting it with FIPS 140-2 Validated, cascading AES-256 encryption. To protect a single device, a Wicket is configured between the device and your router to attach to a Fognigma network. This small, portable device will help plug all your IoT cybersecurity holes and tears.

An example: You plug a color-change IoT lightbulb into your desk at work so you can have a disco party each Friday. The bulb reaches out through your organization’s Internet connection to a portal run by the manufacturer and then back to the app on your phone. A third-party evildoer can see that there is a connection from your phone to the portal and from the portal to a device inside your organization’s cybersecurity shield.

IoT lightbulb

This gives the evildoer two things: the proof needed to associate you with your organization and a path to follow to breach your organization’s defenses. It’s obvious how bad the second part is, but the first is equally disastrous. [To learn more about why association can be devastating to your organization, read our blog entry on the importance of dissociation.] When connected to a Wicket, however, what a third-party evildoer can learn is decidedly different as the device is enveloped in an invisible shell of, in this case, IoT encryption.

Your app’s connection to the portal will still be visible, as will the portal passing on information to somewhere. BUT the somewhere will not be associated at all with your organization. You see, Wickets allow traffic into Fognigma, but when traffic leaves it goes through an exit point created by your organization to exist almost anywhere in the world. And once that signal passes into your Fognigma network and back to the IoT device, it is invisible to external observation.

This is how Fognigma assists with IoT encryption. This is how Fognigma can plug the holes insecure IoT devices can rip in your cybersecurity. This is why you should contact Dexter Edward today for more information or to schedule a demonstration.

Dual Encryption Methods

Dual Encryption Matters

Why Encryption?

Encryption is, quite simply, a means of ensuring your information remains your (and only your) information. It disrupts the “mind your own business” adage by attempting to make it impossible for others to mind your business. Tracing the trail of encryption (or cryptography, as they were almost synonyms until more recently as encryption has become digital) back through time, some of the very earliest encryption was used to protect military orders. This isn’t surprising, as an effective military must keep its movements secret from the enemy. The Arabs, Greeks, Romans—almost all the cultures of the ancient world, in fact—used encryption in some form, though the Arabs are thought to be the first to document the subject. Military secrets needed to remain secret.

In his history of cryptography and encryption, The Codebreakers, David Kahn describes a 3″ x 2″ tablet from around 1500 B.C. This Mesopotamian tablet described the earliest known formula for making pottery glazes, protected with a cipher to safeguard trade secrets. Information was protected with encryption.

Fast-forward through time. More people in the world meant more secrets. Religions split and collided. Sciences grew, hid, grew more, and blossomed. And during all these changes and growth spurts, information about many topics had to be kept hidden from some group or another.

Today, information is just as valuable as ever and, since there is more of it and it is more accessible, protecting information has become a job in itself. Therefore, we encrypt to protect our organizations, our intellectual property, our families, our country, and, most importantly, our security.

 

But Really, Why Encryption?

We know there is information we need to protect, but is that the only reason we encrypt things? Nope! The tree of encryption bears three other fruits: authentication, integrity, and nonrepudiation.

Authentication refers to proving the sender is who they say they are. This is simple to picture. If you receive an encrypted message from someone and it’s using the encryption you both previously decided on, then you know the person sending you the message is the person you think it is. By using encryption, the sender has provided some proof of their identity or, at least, their authority to send an encrypted message.

Dual Encryption Methods

Integrity provides assurance that the information hasn’t been altered. Again, this is simple to picture: if you take a piece of data, encrypt it, and then decrypt it, you will have the same piece of data. If anything happens to that data, it won’t decrypt properly, and you’ll have a mess of random characters. If you have a mess, you know the integrity of the information has been compromised.

Nonrepudiation is a fun word that means the sender can’t say they didn’t send the information. If only two people have the encryption keys and information is encrypted using those keys (and assuming the receiver didn’t send it to themselves), then the sender is the sender. If the sender says they didn’t send it, the fact that the encryption was used proves they did. That is, the sender is unable to repudiate (or disavow) they sent the information.

 

Dual Encryption Matters

So, your information is protected with encryption, which is great. But what if someone breaks that encryption? One virtual lock picked, and your information is now in peril. Perhaps the easiest way to visualize this is a door with both a door lock and deadbolt. Any attempted intrusion has to bypass both locks before the door can be opened. By using two levels of encryption, information is safeguarded against a single point of failure.

encryption methods to protect devices

Encryption should ensure the amount of time required to defeat the encryption is longer than the amount of time the data is of value and required to be secure. With AES-256 encryption, the current accepted standard, block lengths support 256 bits from which to create a key. Imagine guessing an ATM pin that was 256 characters long and the variations that it could contain. That’s a lot of really long numbers.

To put this in another context, breaking a symmetric 256-bit key by brute force would theoretically take longer than our universe has existed—multiplied by a billion. Now imagine two layers of AES-256 encryption and you can see why dual encryption matters: having to brute force through two layers of such a tough encryption standard borders on statistically impossible.

 

Two Heads are Better than One

Most cryptographic solutions make use of a single software library to provide encryption and decryption of data. A single software library does give you encryption, true, but also comes with the risk that in the event of a zero-day compromise of the library, the entire encryption fails.

To combat this single point of compromise, Fognigma (our enterprise software solution which gives organizations the power to build encrypted, invisible, and anonymized cloud-based networks, thus securing your communications and online activities) offers the ability to add in a completely separate secondary software library to dual layers of encryption. In the event of a zero-day exploit or other compromise of one library, the second library remains uncompromised and your data remains safe.

In addition to the standard versions of these libraries (OpenSSL and wolfSSL), Fognigma also offer a FIPS 140-2 validated version of each library (OpenSSL – Certificate #3284; wolfSSL’s wolfCrypt – Certificate #2425).  By using one or both of these FIPS-certified cryptographic libraries, Fognigma can comply with the most rigorous regulatory requirements.

Dual layers of encryption. Dual software libraries. Fognigma is ready to give you the power to protect everything your organization holds dear. Contact us today to learn more or to schedule a demo.