Baseline Protection – How to Begin (Part 1)

The more ‘connected’ our lives become, the higher the risk that someone with bad intentions could use these devices to capture information about us.  Each connected device (while adding value by simplifying or enhancing our lives )  presents an opportunity for bad things to happen.  Fortunately, many of the risks can be dramatically reduced through small changes that you can control.

This series presents simple, straightforward ways to protect your privacy and security in the online world.  By reducing the noise and complexity of the deep technological details, we can present straightforward understanding of the risks of connecting another Internet of Things (IOT) device – like that security camera – and provide solutions that take little time to greatly increase your understanding and a reduction of your risk.

Your home … a safe place that you feel secure.  The heat on, the dock locked, watching tv and relaxing with only or with loved ones.  Each time your tv reaches out to the internet, more data about you is tracked.   Even if you are using HTTPS, that lock that you see on your browser only encrypts the data passing between you and the site you are visiting.

What your internet provider (and anyone else on the internet can learn is : where you are going (sites visited) , how often you visit, and also an incredible amount about what you are doing.  (Just look at the address at the top of the browser – all of that is viewable by anyone watching the ‘internet’.

Step One – Always Look for the Lock    If you think of the Internet as a wide open space, everything you ‘ask for’ (each web page you visit for example) and  the response (the information that you then see in your browser) is open to anyone to overhear.  Think of it as yelling down the street to someone.  Anyone who cares to listen, can and most likely will.

Many sites have started to encrypt these ‘asks’ and ‘responses’ in a secure tunnel known as HTTPS, it is still very much optional.  Whenever possible, make sure your browser communication remains in this encrypted (HTTPS) mode.

This is easy to tell via a ‘lock’ which appears on the ‘address line’ of your web browser.

Not all sites enforce https or automatically return their pages in an encrypted manner.

It is easy for you to request them to however, just highlight the text in front of the www in this case, and add “https://” to the front of the line.

This converts a non-secure interaction with the web page, into a secure interaction.

If you bookmark sites, bookmark the https ( secure / encrypted ) version of the page instead of the http version of the page.

This is critically important anytime you transmit personal or financial information.  Also important is that any tidbit of data that can be capture and added to a database about you and your family will be.  Watching that you use https will limit the amount of information (base line information, activities and habits) that are collected about you, your family and/or your business.

Step Two – add a VPN Service.  VPN is a way to add an extra secure tunnel between your computer (phone and tablets) and the internet sites you visit.  All traffic addresses and data (from above), now flow to a number of neutral ambiguous sites.  The request is then forwarded on, but any one watching will not know that it can from you.   These services are extremely secure and a great, inexpensive way to add security and privacy to your digital life.    Nord VPN is a great service that we have used for several years

Nord has a great application that encrypts all traffic from your machine to the internet, however often we have issues where a networks security will stop this from working.   Fortunately, they have a great browser plugin – allowing you to quickly and easily turn your VPN on and off.

You will want this on each device that you can install in on:

  • Computers
  • Phones
  • Tablets

 

Next up – simple scanning tools to see what on your computer is exposed (and ready to be exploited by people outside of your home or work network.

 

How We Protect Your Home Network and Cloud Security

Here is a quick video overview of how we enable pinpoint secure access for you when you are away from home.   This is incredibly important security feature that is unique to ‘A Cloud Of My Own’ .   Your cloud is not accessible on the public internet by default.

The only time it becomes accessible is when you make a secure request. Then, we allow only access from our secure, monitored data center  through to your server.   Only users from the particular address can reach your login page, and then only for the time you allow.

This is known as reducing the Attack Surface Area – on both the time and location vectors.   This surface area is reduced by well over 99.999%. 

Be safe, Keep your information private.

Its this simple

1) Plug “A Cloud Of My Own” into your network.


2) Plug “A Cloud Of My Own” power cord into the electric outlet.


3) Visit acloudofmyown.com and register your account.


Thats It!

Now you and your family can start saving your photos and files onto your private, secure cloud.

Be a hero! Start protecting your family today!

Cloud Drive Privacy – Volume 1

This should be terrifying for anyone with a business that is storing their files on Google Drive.   There is no such thing as confidential information if the files are on the google drive.

Make sure you understand the risks of placing your creative and other files on the Google Drive.

“Google also retains “a worldwide license to use, host, store, reproduce, modify, create derivative works […], communicate, publish, publicly perform, publicly display and distribute” your stuff. This license to use your data specifically persists even after you stop using their services. Although they specify that there are some services which will allow you to “access and remove” your data, they are not specific in their terms of service as to which services these are.

Arguably of more important note, this license to use your data also applies to, in Google’s words, “those we work with”. This means third parties, which might include governments, social networking sites, and anyone else Google has relationships with. They don’t specify any further what entities this applies to.”


We think differently.  All of your files are encrypted and decrypted on the device you purchased and own.  The encryption keys never leave your network.   The files that are store in the cloud are truly just a ‘bucket of bits’ to anyone but you and those you authorized.

Think Differently.  Maintain your privacy.


Google privacy source:

Is Google Drive Safe to Use? How Google Secures Your Files Online

 

Should your private cloud data always be online?

Like the 24 hour convenience store on the corner, the convenience of having a cloud storage solution that is always online is assumed these days.  (Think dropbox, onedrive, google drive)  But should it be?

Having your cloud files stored on a public web site, invites the probability of attack by the millions of bots, trolls and hackers probing all web facing sites for vulnerabilities.

By having your site online 24x7x365 (always on), time is on the hackers side.   Although you probably will never see it, the battle is continuous.  Your cloud provider will be keeping guard of your site (and the thousands or hundreds of thousands of other sites that are running.), but how much can they spend on your site in particular?

Additional attack vectors outside of their control are the applications that your have on your server, as well as the application and server configurations.  All of those must be patched and maintained – most likely by you (if anyone is).

Large companies can taken on the added security, however you protecting yourself, your family and/or your small businesses cloud files sharing and storage site is unrealistic.

That is why we approached the problem differently.  Unlike your ‘always on’ cloud sharing products (dropbox, onedrive, etc), you own the main physical ‘server’.   It plugs into your internal network (not exposed to the public internet), so that moves everything from the 24 hour convenience store into your kitchen (in a really tiny package).

When you need access (during the evening perhaps), you leave the ‘A Cloud Of My Own’ appliance plugged in.  You have full access to your files – which are encrypted and stored out in the Cloud.   When you are done for the night, simply unplug the appliance.   The files remain locked up tightly in the cloud.  Even if someone managed to break into the cloud storage, the encryption keys are in a secure device in your home, that you  powered off.   There is absolutely no way for someone to obtain them.

Home

Encryption Keys and Security

With Encryption – Why do we leave our keys in our locks?

We don’t leave our keys in our locks (it kind of defeats the purpose). So why do we continue to have the keys to encrypt and decrypt the files are stored together in the cloud?

Because it has been the ‘logical’ way developers looked to solve the problem.   Either the keys were on the client ( the laptop, table, phone, or desktop) or they were on the side where the file were stored (the server).

Having the keys stored on the client side limited the access to only that particular device.  In addition making the data – ‘single device/single user’, it also added the risk of the device failing (or being stolen or compromised) .

Putting them on the server side makes the files available to many devices and users, and dramatically reduces the risk of a machine failure.  However – it becomes much easier to compromise the information, by capturing both the encryption key and the file at the same time.

Just like the lock and key shown above…

We thought about the problem differently.   In “A Cloud Of Our Own” – The keys aren’t on either the client (eliminating the single user/single device issues and compromised device) or the cloud server (eliminating the risk of compromise from a server breach).  They exist on a hardened, secure device (about the size of a cellphone) that you plug directly into your home network.

 

You lock your car and take the keys with you.  We believe a similar approach to your cloud files.   Keep your files safe.

Data and the 180 Day limit

Did you know that data stored on a 3rd party server has limited protection after 180 days in the United States?

I was an surprised as you when I first learned of this law.  It is called the Stored Communications Act and you can read details here:  https://en.wikipedia.org/wiki/Stored_Communications_Act

Basically, by agreed to ‘give’ information to a 3rd party provider,  you no longer have a reasonable expectation of privacy.

“Furthermore, users generally entrust the security of online information to a third party, an ISP. In many cases, Fourth Amendment doctrine has held that, in so doing, users relinquish any expectation of privacy. The Third-Party Doctrine holds “…that knowingly revealing information to a third party relinquishes Fourth Amendment protection in that information.”

This is why you must take control of encrypt any data you store with third parties – and don’t store the keys there as well..