mVirtualOffice.com

It’s a truth universally acknowledged that public Wi-Fi hotspots aren’t secure, but they’re so convenient that most of us use them anyway. That’s why there was something of a panic last year when Eric Butler showed everyone how easy it is to hijack Facebook, Twitter and PayPal accounts on open Wi-Fi networks via his FireSheep Firefox add-on.

Of course, not everything you do in an open Wi-Fi environment can be picked up by digital eavesdropping. Secure HTTPS servers are great, but it’s likely that your e-mail account and many social networking sites don’t use HTTPS servers, or maybe just use them for logging in. Or worse, have you submit your user name and password from an HTTP page to get to an HTTPS server. {There is at least one add-on for Firefox that offers HTTPS protection, but only for certain sites.}

In the end, online transactions are only as secure as their most open link, and the most open link of all is the gap between the laptop and the wireless access point. The technology that can really close that link is a tunneling virtual private network (VPN). VPNs establish a secure tunnel between your device and the first server you connect to.

Theoretically, if you’re employed at a company that uses a VPN, you could use that corporate VPN to secure your coffee-shop connection — but most companies frown on such use of their resources. So the obvious choice is to rent a connection from a personal VPN provider.
3 personal VPNs

Introduction
HotSpotVPN
StrongVPN
WiTopia
Conclusions

Personal VPN services have been marketing themselves as hotspot security measures for almost a decade. Once you get past the initial learning hump, it’s a relatively simple and inexpensive way to lock down your communications. I looked at three of the more established players: HotSpotVPN, StrongVPN and WiTopia.
Choosing a VPN

The first step is to understand what these providers offer. For a fee, personal VPN providers provide an end-to-end secure connection to one of their servers, which can be located in a variety of places. Personal VPN providers offer some choice of servers, so you can pick those nearest to you for better response time, but some charge extra for wider choice. In addition to security, this can provide you with anonymous browsing and a virtual regional presence (so that if you’re abroad, you can appear to be logging on in the United States and retain access to regionally restricted sites like Hulu or Netflix On Demand).

The personal VPN providers reviewed here offer two basic flavors of VPN. The most basic (and slightly cheaper) is built into the operating systems of practically every computing device: point-to-point tunneling protocol (PPTP). VPN providers give you settings for their servers to plug into your operating system. It’s robust enough for most people, but is blocked in certain regions and by certain service providers. It also requires mucking around in your operating system for configuration and selection of a separate network device, which might not be feasible if you’re on the road using a company laptop for some personal surfing.

A more robust and recent development is an SSL-based technology from OpenVPN, which uses client software to manage connections. This works on Windows, Mac and various Linux and Unix platforms.

Once configured, these services all work the same way: You turn on the OpenVPN client software when you’re ready to connect to a public hotspot and make sure the OpenVPN software isn’t showing a red (not connected) or yellow (attempting to sync up) color. If it’s green, you’re connected to a VPN server that’s either owned or leased by your VPN provider, and can enter passwords in a public Wi-Fi hotspot with confidence.

Introduction

TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys. Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, meta data, etc).

Files can be copied to and from a mounted TrueCrypt volume just like they are copied to/from any normal disk (for example, by simple drag-and-drop operations). Files are automatically being decrypted on the fly (in memory/RAM) while they are being read or copied from an encrypted TrueCrypt volume. Similarly, files that are being written or copied to the TrueCrypt volume are automatically being encrypted on the fly (right before they are written to the disk) in RAM. Note that this does not mean that the whole file that is to be encrypted/decrypted must be stored in RAM before it can be encrypted/decrypted. There are no extra memory (RAM) requirements for TrueCrypt. For an illustration of how this is accomplished, see the following paragraph.

Let’s suppose that there is an .avi video file stored on a TrueCrypt volume (therefore, the video file is entirely encrypted). The user provides the correct password (and/or keyfile) and mounts (opens) the TrueCrypt volume. When the user double clicks the icon of the video file, the operating system launches the application associated with the file type – typically a media player. The media player then begins loading a small initial portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) in order to play it. While the portion is being loaded, TrueCrypt is automatically decrypting it (in RAM). The decrypted portion of the video (stored in RAM) is then played by the media player. While this portion is being played, the media player begins loading another small portion of the video file from the TrueCrypt-encrypted volume to RAM (memory) and the process repeats. This process is called on-the-fly encryption/decryption and it works for all file types (not only for video files).
Note that TrueCrypt never saves any decrypted data to a disk – it only stores them temporarily in RAM (memory). Even when the volume is mounted, data stored in the volume is still encrypted. When you restart Windows or turn off your computer, the volume will be dismounted and files stored in it will be inaccessible (and encrypted). Even when power supply is suddenly interrupted (without proper system shut down), files stored in the volume are inaccessible (and encrypted). To make them accessible again, you have to mount the volume (and provide the correct password and/or keyfile).

BitLocker Drive Encryption is a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft’s Windows Vista and Windows 7 desktop operating systems, as well as the Windows Server 2008 and Windows Server 2008 R2 server platforms. It is designed to protect data by providing encryption for entire volumes. By default it uses the AES encryption algorithm in CBC mode with a 128 bit key, combined with the Elephant diffuser for additional disk encryption specific security not provided by AES.[1][2]

BitLocker is available only in the Enterprise and Ultimate editions of Windows Vista and Windows 7.[1] Users of other versions of Windows that don’t include BitLocker could use a third-party encryption program to satisfy the need for full drive encryption (see Comparison of disk encryption software). In the RTM release of Windows Vista, only the operating system volume could be encrypted using the GUI and encrypting other volumes required using WMI-based scripts included in Windows Vista in the %Windir%\System32 folder. [3] An example of how to use the WMI interface is in the script manage-bde.wsf, that can be used to set up and manage BitLocker from the command line. With Windows Vista Service Pack 1 and Windows Server 2008, volumes other than the operating system volume can be BitLocker-protected using the graphical Control Panel applet as well. [4]

The latest version of BitLocker, included in Windows 7 and Windows Server 2008 R2, adds the ability to encrypt removable drives.

Security concerns

According to Microsoft sources,[16][17] BitLocker does not contain an intentionally built-in backdoor; there is no way for law enforcement to have a guaranteed passage to the data on the user’s drives that is provided by Microsoft. The lack of any backdoor has been a concern to the UK Home Office,[18] which tried entering into talks with Microsoft to get one introduced, though Microsoft developer Niels Ferguson and other Microsoft spokesmen state that they have not granted the wish to have one added.[19][20] Although the AES encryption algorithm used in BitLocker is in the public domain, its actual implementation in BitLocker, as well as other components of the software, are closed source; however, the code is available for scrutiny by Microsoft partners and enterprises, subject to a non-disclosure agreement.

Notwithstanding the claims of Niels Ferguson and others, Microsoft Services states in Exploration of Windows 7, Advanced Forensics Topic (page 70), “BitLocker has a number of ‘Recovery’ scenarios that we can exploit”, and “BitLocker, at its core, is a password technology, we simply have to get the password…”.

The “Transparent operation mode” and “User authentication mode” of BitLocker use the TPM hardware to detect if there are unauthorized changes to the pre-boot environment, including the BIOS and MBR.[21] If any unauthorized changes are detected, BitLocker requests a recovery key on a USB device, or a recovery password entered by hand. Either of these cryptographic secrets are used to decrypt the Volume Master Key (VMK) and allow the bootup process to continue.[21]

Nevertheless, in February 2008, a group of security researchers published details of a so called “cold boot attack” that allows a BitLocker-protected machine to be compromised by booting the machine off removable media, such as a USB drive, into another operating system, then dumping the contents of pre-boot memory.[22] The attack relies on the fact that DRAM retains information for up to several minutes (or even longer if cooled) after power has been removed. Use of a TPM module alone does not offer any protection, as the keys are held in memory while Windows is running, although two-factor authentication, i.e. using TPM together with a PIN, offers better protection for machines that are not powered on when physical access to them is obtained. Similar full disk encryption mechanisms of other vendors and other operating systems, including Linux and Mac OS X, are vulnerable to the same attack.[22] The authors recommend that computers be powered down when not in physical control of the owner (rather than be left in a “sleep” state) and that a password also be required to boot the machine.

Once a BitLocker-protected machine is running, its keys are stored in memory where they may be susceptible to attack by a process that is able to access physical memory, for example through a 1394 DMA channel.[23] Any cryptographic material in memory is at risk from this attack, which is therefore not specific to BitLocker.

Overview

We strongly recommend treating each virtual machine as if it was a physical machine for most activities. Virtual machines are vulnerable to most of the same things as physical machines including data loss/corruption, hardware failures, viruses, and hackers. Install and use virus scanning software. Take regular updates to your operating system, preferably via an automatic update system. Make regular backups of important data. Follow the recommended best practices for your guest operating system. In most cases, simply treat your virtual workstation as you would any other machine.

Security Recommendations

We strongly recommend you treat each virtual machine as though it is a real machine for the purposes of security.

1. Install Anti-Virus Software
   While MIT does its best to prevent virus attacks, no computer is immune to them. Anti-virus software needs to be installed separately on the Virtual Machine, even if virus protection is already installed on the Macintosh operating system itself. For more information about virus protection, distributed by MIT at no cost, see: Virus Software.
2. Exclude Virtual Machine folders from your Macintosh’s Anti-Virus Scans
   To prevent damage to your virtual machines, the virus protection software on your Macintosh must be configured to exclude the Virtual Machine’s folder from its scans. This is due to an incompatibility between VMware Fusion 2.x and 3.x and McAfee Security 1.0 for Macintosh, or VirusScan 8.6.x for Macintosh. Learn how
3. Utilize Anti-Spyware Software
   While virus protection software offers some protection from spyware, we recommend using MS Defender on your Windows virtual machines for additional protection. For more information about spyware, see: Dealing with Spyware and Other Malware
4. Choose Strong Passwords
   Weak passwords can be guessed, thus giving someone else access to your files and your system. Create passwords that are at least eight characters long, containing numbers, upper and lower case letters, and symbols. More information on creating strong passwords can be found at http://ist.mit.edu/security/passwords
5. Follow Security Recommendations
   IS&T provides platform-specific security recommendations to address security concerns with each operating system. See: Security Recommendations by Platform
6. Keep your Operating Systems Updated
   It is equally important to keep your host and virtual operating systems updated as compromises can occur in either kind of system. Install operating system security updates to keep your system current and protected from known vulnerabilities. We strongly recommend utilizing automatic updates, but note that virtual systems can only take updates when they are running. If your virtual system has not been started in some time (or is rarely left running long enough to take an update), we recommend you run a manual update as soon as you start your virtual system. For more information, see: MIT Windows Automatic Update Service, Red Hat Network.
7. Maintain Like Risk Postures for All Machines (Virtual and Host)
   Your system is only as secure as the least secure virtual or host machine. All guests on a host machine should have like risk posture – same level of accessibility, data sensitivity and level of protection. If any guest is more vulnerable than other guests or your host, it could be an entry to compromise the rest of your system.
8. Limit Host Access
   Access to the host should be limited (firewalled off).
9. Snapshots of Virtual Machines
   When taking a snapshot of a virtual machine and then branching off, make sure to save the image at the instance before the branch (the trunk) rather than at the branch level to ensure security patches are most up to date.

Best Practices

• Don’t register a virtual machine for DHCP on wireless.
• When copying or backing up a VM image:
  1. Make sure the virtual machine is powered off.
  2. Do not copy the lockfile directory (the only subdirectory that ends in “.lck”).</li>
• When restoring from backup use move, not copy. This prevents issues with duplicate Mac Addresses on the same network.
• Treat each VM as a standalone computer for security purposes. Install virus scanning software. Take regular OS updates.
• Enable “Time synchronization between the virtual machine and the host operating system” via the VMware Tools installed on the virtual machine.
• Networking: use NAT Networking. This should be the default setting for your virtual machines.
  Advanced users, particularly running Linux guests, may discover they want or need to deal with the additional complexity of setting up a Bridged network interface.
• Carefully plan your disk allocations. Do not over-allocate your disk. It is dangerous to tell VMware to make images that, if they all grew to their full size, would take up more disk space than you have free. If this happens, VMware may pop up an alert warning you when you’re about to use up more space than you have. That would give you a chance to free up disk space or exit cleanly. We don’t recommend relying on the warning. There’s no guarantee it will appear before bad things (data loss or corruption) happen.

Backups

The importance of backing up your data cannot be stressed enough. Virtual machines are at just as much risk, if not more, for data loss due to hardware failure, file corruption, system compromise, and other events. If data loss happens, a backup can make a world of difference in recovering from such an event. How you use your virtual machine (VM) will determine the best way to do backups for your VMs.

1. You have important software/data in the VM (research, data, etc):
   Install TSM within your virtual machine and have it run regular backups of the data within your virtual machine. This method does not preserve your virtual machine, just the data within it. For more information on using TSM for virtual machines, see: TSM Backup Accounts
2. Your VM is an appliance:
   We recommend that the system administrator manually makes backups. This preserves both the virtual machine and your data within it. Simply, drag and copy the VM somewhere (e.g., an external drive). Exclude your VM files from regular backups via TSM. See items 2 and 3 below for reasons. For more information, see: Q. I want to make a backup/copy of my virtual machine. What is the best way to do so?

Things to note regarding virtual machine backups:

• A virtual machine image is actually comprised of several files. All of those have to be in sync or behavior is erratic.
• From outside the virtual machine (host machine), if a backup is made when the virtual machine is running, the results are inconsistent. Backup your virtual machine files on the host machine when the virtual machine is not running.
• To backup virtual machines using Mac OS X 10.5’s Time Machine, users will need to be running Mac OS X 10.5.2 or later. When backed up using Time Machine, virtual machines are duplicated and may take up considerable space on your backup drive.

Security Risks Specific to Virtual Machines

While virtual machines are at risk of all the same things as any other machine, you should be aware of a few additional issues.

1. If a host is compromised, scripts can be run on the host that can interact with the guest at whatever privilege level the guest is logged in as. This can result in malicious trojans being installed on the host and guest machines.
2. A virtual machine that is not virus protected, compromised, and in a shared networking configuration can be used by an attacker to scan both the private and public address spaces. The other virtual machines on the host (if not patched) can also be exploited via the network, so a software firewall on each of the guests is recommended.
3. (Enterprise version) When turning on shared folders, they can be accessed through a compromised guest. Files can then be placed on the host and attackers can access other guests’ file systems.

http://kb.mit.edu/confluence/display/ist/VMware+Security+Recommendations+and+Best+Practices

There are lots of “free” tools but you have to wonder if some of them contain virus or trojan codes.

I’ve been using Applian tools since 2002 and can tell you from my experience that the software is top notch.

Apps are frequently updated and upgrade pricing is very fair.

Checkout the products here:

Replay Capture Suite

Do you feel like sometimes it takes forever to make a decision when it comes to your business decisions?

When it comes to web hosting, a sheer number of available web hosts are just mind boggling.  And everyone has opinions about who is the best.

I have used several web hosts out there past  5 years (DreamHost, BlueHost, 1and1, KnownHost and Hostgator).

I prefer the KnownHost VPS for its simplicity, cost and uptime availability but if you are just starting out, KH maybe an overkill.

I also use Hostgator (actually started out with HG from the beginning) and I can honestly recommend that their shared hosting service is very reasonable.

Plus, if you prepay 3 years worth of payments, you get an awesome 20% discount.

So, don’t just sit there and over analyze it; just do it!

Affiliate Link (yes, I make a small commission if you buy from them)

We’ve all heard the commercial about phone companies paying more taxes and fees than cable tv companies.

Well, as someone who recently changed from Cablevision Triple Play to Verizon FIOS Triple play, I can provide you with the actual (redacted private info) billing statements from both companies.

You decide who is telling the truth.

Cablevision - Actual Billing Statement

Verizon FIOS - Billing Statement

If you are brand new to WordPress and cPanel, it can be little daunting to learn how to do simple things.

No worries.  Keep plugging at it (no pun intended) and you will learn it in no time!

Ok, let’s say you want to install a Google WordPress plug-in.  This is how you can do it:

1. Log into your main cPanel account (let’s say your master domain name is ABCDEFG.com)
2. Click on the “file manager” and go to the root directory of the addon domain (example would be HIJKL.com)
3. Navigate to the WP-CONTENT –> PLUGINS (your file path should look something like this: /public_html/HIJKL.com/wp-content/plugins
4. Look at the upper level screen and click on the “UPLOAD” icon then following the simple on-screen instruction, upload the Google Analytics plugin
5. When completed, click on the bottom link on the upload page which should take you back to the plugin directory
6. Highlight the zip file you just uploaded, then click on “EXTRACT”.  All files should be extracted to this file location
7. Log into the WP-ADMIN from your browser, click “PLUGINS” and then activate.  That’s it!

A virtual machine (VM) is nothing more than a piece of software that allows users to mimic a physical computer.  Think of it as installing a small computer within your physical computer.

Virtual Machine Installation

The main advantages of VMs are:

• multiple OS environments can co-exist on the same computer without impacting other “machines”;
• utilize a “sandbox” strategy to limit online security exposure (i.e. virus/trojan infections, etc.)
• ability to quickly dispose and replace contaminated machines without the expensem(yeah, that mean FREE!)

The main disadvantages of VMs are:

• a virtual machine is less efficient than a real machine (that is because a virtual machine must access hardware via virtual software)
• any demanding applications (i.e. Adobe Illustrator or Photoshop) may not run properly under a VM due to virtual hardware deficiencies;
• Running multiple VMs concurrently (at the same time) may slow down all processes

Multiple VMs each running their own operating system (called guest operating system) are frequently used in server consolidation, where different services that used to run on individual machines in order to avoid interference are instead run in separate VMs on the same physical machine.

The guest OSes do not have to be all the same, meaning you can install and run different OSes on the same computer (e.g., Microsoft Windows 7, Ubuntu Linux and others).  The use of virtual machines is recommended to “sandbox” an OS that is not trusted, possibly because I have to browse through unknown, sometimes fishy websites for obtain affiliate marketing information.

One good example is what’s called “rick rolling” or “rick roll”.  According to wiki, Rickrolling:

“…is an Internet meme typically involving the music video for the 1987 Rick Astley song “Never Gonna Give You Up”. The meme is a bait and switch: a person provides a hyperlink that they claim is relevant to the topic at hand, but the link actually takes the user to the Astley video. The link can be masked or obfuscated in some manner so that the user cannot determine the true destination of the link without clicking. When a person clicks on the link and is led to the web page, he or she is said to have been “rickrolled”…”

Sounds innocent enough, right?  Wrong!  If you visit some affiliate marketing, being rick rolled means being shown an obscene and explicit video clips with no way of getting off that website or getting virus infections and/or trojan software installations.  Key benefit of browsing using one of these virtual machines is that when you are “rick rolled”, you can simply kill the virtual machine process, delete and start another virtual machine, all within few minutes.

I recommend either VirtualBox (free, open source from Oracle) or VMplayer (free from VMware, but you need to register).

Try it and let me know if you have any questions.  You won’t regret it.