Thursday, September 17, 2015


Why startup leaders need to set the tone for security
Amid new calls from federal authorities for prioritizing security in tech startups, industry experts stress the importance of having firm leaders set a cultural tone.

CIO | Sep 16, 2015 6:34 AM PT
·         Security
Federal consumer-protection authorities have called on the entrepreneurs building tech startups to prioritize cybersecurity from the earliest stages of the development process.
But a variety of factors -- cost, lack of technical expertise, rush to market, etc. -- can make security seem like more of a burden or an impediment to the startup's growth than anything else.
At a recent event convened by the Federal Trade Commission, industry insiders emphasized the importance of incorporating security as an integral part of any company's operations, not just the services or applications that it produces.
At startups in particular, which are often led by a founder/CEO whose personality can to a great degree define the culture of the organization, it is crucial that the firm's leaders establish the expectation that security is a company-wide priority.
"I think company founders, management are really critical to developing a culture," says Devdatta Akhawe, a security engineer at Dropbox. "In my experience, the companies that have responded well and responded seriously to security issues are often the ones where the founders are driving this sort of culture and these sort of values."
It's worth noting that the idea that the founders should set the tone from the top on security is hardly confined to startups. Frank Kim, chief information security office at the SANS Institute, recalls the predicament of Microsoft in the late 1990s and the early part of last decade. In 2002, when then-CEO Bill Gates issued an all-hands warning about the need to prioritize security in the company's ubiquitous software, Microsoft was viewed as a "laughing stock of the security industry," Kim says. The result of Gates' warning was Microsoft's Trustworthy Computing initiative, a concerted effort that considerably improved the company's security posture.
In part, security became a priority at Microsoft because the company's customers demanded it. And fledgling startups trying to carve out a slice of market share can ill afford a data breach or the reputational hit that comes from the perception that its applications aren't secure -- customers are likely to vote with their feet.
Making security in a startup a high-level goal
It seems easy enough to designate security a high-level goal within a startup, but how should that work in a practical sense?
Window Snyder, CSO at Fastly and an experienced hand at security who has done stints at Apple and Mozilla, emphasizes the importance of starting from the earliest stages of the development process and training the engineering team on some basic tenets of secure programming.
Then, she suggests that companies implement a peer review process whereby the security experts and others get a chance to kick the tires on a particular feature before it is released to the public, noting the benefits that can emerge from bringing disparate teams together to focus on security.
Bottom of Form
"That creates a sense that it's everyone's job," Snyder says.
The argument for more clearly defined security roles
That maxim that everyone is responsible for promoting security on its face sounds simple enough, but not everyone is on board. Count among the dissenters Jonathan Carter, a veteran security professional and software engineer who argues for more clearly delineated roles within the development team.
"I take a slightly more controversial approach," Carter says. "Whenever I see something like 'security is everyone's responsibility,' that makes me cringe inside because, really, that means security is no one's responsibility. It's the diffusion of responsibility psychological principle, where suddenly it's on no one's radar and it's just this amorphous concept. So as a software engineer, I would say your responsibility is to identify issues and confer with your local security champion within your immediate team."
There was scant disagreement, however, on the broader point that startups and mature companies alike would do well to elevate security as an organizational priority.
And to the concern that a more security-intensive development process would carry more cost than a cash-strapped startup could afford -- to say nothing of the delay in time to market -- Akhawe urges firms to consider the alternative, the disastrous effects of a breach or the release of a product with glaring vulnerabilities.
"Security's much, much, much cheaper the earlier you do it," he says.
This story, "Why startup leaders need to set the tone for security" was originally published by CIO.


Thursday, September 3, 2015

New Networking Trends


In the not-too-distant past, the networking industry focused a lot on hardware speeds and feeds. Networking gear was judged on how many packets it could process per second and how many ports per device. Today, the industry's focus is shifting to software, code, and open systems.
Software-defined networking, while still far from mainstream, is slowly making inroads into the enterprise. A survey of 153 midsize and large North American enterprises by Infonetics Research, now part of IHS Inc., found that 79% plan to have SDN in live production in their data centers by 2017. Garter predicts that by the end of next year, more than 10,000 enterprises will have deployed SDN in their networks.
Along with SDN, there's a lot of talk about open standards, open protocols and open systems. One aspect of the open networking movement continues to gain momentum as the number of alternatives to proprietary switches with tightly integrated software and hardware grow.
The Facebook-led Open Compute Project has helped lead the charge towards disaggregating the network. The social media giant recently proposed a specification for its open Wedge top-of-rack switch to OCP, and Accton Technology's Edge-Core subsidiary is offering a TOR switch based on the Wedge design. Meanwhile, HP is partnering with Accton and Cumulus Networks on its new line of open network switches, which HP says gives customers a choice of hardware and software on branded switches with HP support.
Infonetics expects the white-box switch trend to make big strides over the next few years as more companies seek the agility and flexibility demonstrated by Internet giants like Facebook and Google. The firm forecasts that bare-metal switches will make up nearly a quarter of all data center ports shipped worldwide in 2019, up from 11% last year.
While a lot of conversations in networking revolve around open networking, SDN and network automation, networking professionals are delving into many other areas. Enterprises are migrating to the 802.11ac WiFi standard and the transition to IPv6 continues to loom.
All these networking trends will be featured at Interop Las Vegas April 27 to May 1. Continue on to find out what you can expect to learn at Interop and what networking luminaries will share their views on the technologies poised to radically change the networking landscape.

Article by: Marcia Savage is the managing editor for Network Computing, and has been covering technology for 15 years. She has written and edited for CRN and spent several years covering information security for SC Magazine and TechTarget.

Monday, October 20, 2014


Hello everyone! 

There has been a great deal of buzz over what the new Windows 10 will look like. The Technical Preview has already released and although there will undoubtedly be more changes to come, this article lists the most prominent features - one being the highly anticipated return of the Start Button!

Enjoy!
~The TPUServices Team

The new windows operating system is due to come out mid-2015 and below is a list of the top 10 most prominent new features.

Windows 10: A guided tour
By Howard Wen, NetworkWorld | Oct 20, 2014 3:00 AM PT




















A guided tour

Microsoft released a technical preview of the next version of Windows for the public to download and try for free. Although a final release with additional features isn't expected until the middle of 2015, there are already a number of changes compared to Windows 8.1. Here are some of the most prominent.














Return of the Start Menu

Clicking the Windows logo Start button, or pressing the Windows logo key on the keyboard, summons the Start Menu, which was last seen in Windows 7, but absent from Windows 8 and 8.1. The left half of this Start Menu lists pinned applications, apps and folders, and recently opened programs and other items. The right half displays the tiles of Windows Apps -- it’s like a mini version of the Start Screen from Windows 8/8.1 attached to the Start Menu. Just as on the Start Screen, you can rearrange the placement of these tiles by clicking-holding-and-dragging on each one.


















All Apps

Clicking “All Apps” will show a listing of apps, applications and folders on your system. You can drag the name of a Windows App (in this example, the Weather app), or even a desktop application, from the left half of the Start Menu over to the right half, so that it can be placed as a tile with the other tiled Windows Apps or applications.




















Expand to fit

As you add more Windows Apps or applications to the right half of the Start Menu, the panel will automatically expand to fit them.



















Start Menu can expand or shrink

Click-and-hold onto the top border of the Start Menu, and you can drag up to increase the height of the Start Menu panel…



















Colorful changes

The background color of the Start Menu can be changed by right-clicking on a blank area of it and selecting “Personalize.”



















Return of the Windows 8/8/.1 Start Screen

If you prefer the Windows 8/8.1 Start Screen, you can turn it back on by right-clicking on the Taskbar and unchecking “Use the Start menu instead of the Start screen.”
















Resizable windows

In Windows 8.1, Windows Apps can run on the desktop environment but only in full screen. Windows 10 Technical Preview now allows them to be run in smaller, resizable windows. You can click-hold-and-drag on all sides and corners of the windows of Windows Apps to resize them.



















Don’t ignore the three dots

Clicking the three dots that are set toward the left of a Windows App’s title bar will open this panel which provides features that are specific to that app.



















Oh, snap

Windows 10 Technical Preview expands upon the user interface in Windows 8.1 that allows you to auto-resize an application’s window by “snapping” it to the edges of the screen. In this example, as the File Explorer window is dragged to the right edge of the screen, a light grayed-out region appears.



















More snapping

Releasing the mouse or touchpad button will then automatically resize the File Explorer to occupy exactly the right-half of the screen. The other two actively running programs, which in this case are both Windows Apps, then appear as thumbnails. You can also snap a windowed application or app into smaller sizes.



















It’s a snap

In this example, the Windows Store app has been snapped to occupy the right half of the screen. The File Explorer has been dragged to the upper-left corner of the screen.



















Make it snappy

This causes the File Explorer to auto-resize to take up the upper-left portion of the screen. The Chrome browser application appears now as a thumbnail, which when clicked, snaps into place, resizing itself to fill the screen’s lower-left portion.



















Switch it up

In Windows 8 and 8.1, you switch among running Windows apps and the desktop environment through this app switcher toolbar, which appears when you move the mouse pointer to the upper-left corner of the screen. But in Windows 10 Technical Preview, this interface won’t be available if you are using the new Start Menu.



















Task View

In Windows 10 Technical Preview, there’s a new Task View function. It’s activated by clicking the overlapping-rectangles icon toward the left on the Taskbar. It displays all active applications and apps as thumbnail shortcuts. Just click on one to go to that program, or you can close a program by clicking the “X” that appears when you move the pointer over its thumbnail. Clicking “Add a desktop” along the bottom will open another instance of the Windows desktop environment...




















No Charms

In Windows 8 and 8.1, when you move the pointer to the upper- or lower-right corner of the screen, the Charms toolbar appears. Like the app switcher, Windows 10 Technical Preview does away with the Charms, if you are using the OS with the new Start Menu activated. Instead, the Charms’ search function has been relocated as its own icon on the Taskbar set to the right of the Windows logo Start button.



















Shutdown

And you access sleep, shut down and restart from the Start Menu; whereas on Windows 8/8.1, you had to go to the Charms bar or Start Screen to get to these.



















Command

The command prompt program has a few improvements, and one is keyboard friendly cut-and-paste functionality. Here, a folder directory location is highlighted in the File Explorer and copied by pressing CTRL+C...



















Internet Explorer 11

Windows 10 Technical Preview comes with a version of Internet Explorer 11 that includes just a few new features, such as support for the HTTP/2 protocol, and improvements to its JavaScript engine (called Chakra). Otherwise, the Microsoft browser in Windows 10 Technical Preview is the original desktop application, not the Windows App version.



















The GUI

Regarding the overall look of Windows 10 Technical Preview: There are hardly any changes from Windows 8.1 at this very early stage of its release, and no new color themes or wallpaper backgrounds. The File Explorer’s icon is a new design, and appears for now to be the only default Windows application to have an updated one.

The only notable change is that the bottom and side borders of windows and many panels have been removed, lending an even more “flat” design that is perhaps meant to unify with the look of Microsoft Office 2013.

Monday, June 30, 2014

All of us worry about security, hackers, spyware, malware, and the like. Here are several practical tips to help keep you and your computer safe. Not everyone needs to follow all of guidelines set below, but choose those that are important or will have immediate benefits for you. 

 

 ~The TPUServices™, LLC Team


 

Security

10 critical security habits you should be doing (but aren't)

@ianpaul  Jun 30, 2014 3:00 AM 

via PCWorld @ pcworld.com

 

 

Batten down the hatches

It's a tough, insecure world out there, fellow PC faithful. Times have never been scarier, with website data breaches turning into regular affairs, programming flaws like Heartbleed popping up left and right, and botnets like Gameover Zeus infecting a legion of PCs, only to gobble the up personal information and financial data stored within.

Good news: There's a lot that regular PC users can do to protect themselves against the worst of the worst. But bad news: Most of us don’t bother.

Giving your digital life a thorough security overhaul is easier than you'd think. Here are 10 critical security measures you should be doing right now—go ahead, do it!

 

Use a password manager

Saying that passwords are dead is a popular meme. Until someone figures out a viable and universal replacement, however, we’re stuck with them.

Alas, passwords are a pain, since you should be using a long string of random letters, numbers, and special characters for all your critical accounts. Passwords that complex are as difficult to remember as they are to crack—which is why using a password manager that can generate and save those passwords for you is so crucial.

Password Mangers are easy to use, and most are cross-platform, giving you access to the data on PCs and mobile devices alike. Our favorites include LastPassDashlane1Password, and KeePass.
 
 

Two-factor authentication

Two-factor authentication is a second step that bolsters the strength of all those long, random passwords you’re now using. This security measure is based on the notion that you need two items to prove your identity: Something you know and something you have. The "something you know" is your regular password, and the "something you have" is usually a short, one-time code generated via text massage or smartphone app that you need to enter before logging in.

Two-factor authentication is not foolproof, but it’s far stronger than using passwords alone. Google’s Authenticator app for Android, iOS, and Blackberry 4.5-7.0 is a popular choice for generating one-time codes, but there’s also the cloud-sync service Authy for Android, iOS, Linux, Mac, and Windows.
 
 

Back up your data... twice

Backing up your data may not seem like a security matter, but guarding your data against faulty hardware or a devastating virus that wipes out your hard drive is extremely important. For best results, don’t just back up to an external hard drive at home. You should also back up to an offsite location to protect against fire, burglary, or children carrying water.

Online backup is the easiest way to get offsite protection. The numerous services available include Backblaze, Carbonite, CrashPlan, iDrive, and Mozy. A disaster-proof backup scheme doesn't have to cost you a dime, though, if you're willing to do a wee bit more legwork.
 
 

Create your own private Internet tunnel

Most public, shared Wi-Fi networks are wide-open. A hacker equipped with a few trivial programs can snag your online traffic as it flies by.

This is mitigated somewhat by logging into websites using HTTPS, but it’s not a perfect solution. Ideally, you should be using a virtual private network to create an encrypted tunnel between your device and the Internet. There are free options from companies such as Hide My Ass, Hotspot Shield, and Tunnel Bear, but a paid VPN is the better option if at all possible. A year of Hide My Ass is just $60 and covers you across PCs and mobile devices.
 
 

Lock down your router

Your home Wi-Fi router is probably the most sensitive Internet connection in your life, since home is where you're most likely to view your bank accounts and other sensitive information online. But alas, most people stick to basic or—shudder—default passwords for their home network.

For the best home Wi-Fi security, use WPA2 encryption and a randomly generated login password that is at least 30 characters long. The longer and more random it is, the harder it is to crack (the occasional flaw in router firmware aside). Can’t remember a 30-character password? Save it in your password manager. Finally, don't forget to change the user name and password for your router’s admin panel.
 
 

Cut the daisy chain

Another weak spot in online security: Email accounts that receive password-recovery messages, in the event you get locked out of your account. Recovery accounts are also prime targets for hackers looking to penetrate your online life.

The best defense is to use a single, hard-to-guess recovery address—something like “myrec0v3ry_ZMf43yQKGA@outlook.com"—and use it only for emergency recovery.

The worst solution is to daisy-chain all your critical accounts—your Outlook.com address is the recovery address for your Gmail address, and Gmail is the recovery address for Amazon. All it takes is one break in the daisy chain to ruin your entire online life.
 
 

Ditch Java (if you can)

Oracle’s Java is no longer critical software for many PC users. That’s a good thing, because it’s been the source of a veritable flood of security vulnerabilities. Some security experts are calling for Oracle to rewrite Java. In January, 2013, the Department of Homeland Security’s US-CERT (Computer Emergency Response Team) recommended that all PC users disable Java unless they absolutely need it.

The best way to find out if you can live without Java is to delete it completely. Seriously! Go do it right now. If a website or software prompt demands Java in the future, simply reinstall it—but you probably won't have to.
 
 

Encrypt everything

When Google learned the NSA was intercepting traffic from its internal networks, the company's answer was simple: encrypt everything. And you should, too. Forcing websites to use encryption whenever possible—with browser plug-ins such as the Electronic Frontier Foundation’s HTTPS Everywhere, if need be—keeps no-goodniks from swiping your logins and personal information.

Don't stop at websites, though. If you carry personal data on a USB stick, encrypt it with Microsoft’s BitLocker to Go, or create encrypted file containers via the Disk Utility in Mac OS X. Open-source encryption options for Windows include FreeOTFE or DiskCryptor. Encrypt your external hard drives, too—especially your backups.
 
 

Supplement your antivirus with an on-demand anti-malware scanner

To stay as safe as possible on Windows, it’s best to equip your PC with two security programs: one antivirus and one anti-malware. The antivirus programs, such as AVG Free or Avast, are always-on solutions that scan incoming files and websites for malicious intent.

These programs won’t necessarily catch or remove everything. That's why it’s a good idea to periodically run an anti-malware program, which stands a better chance of catching active and cutting-edge problems. Snag MalwareBytes Anti-Malware Free (or an alternative) and run it weekly.
 
 

Tape that webcam

Malware was bad enough when it randomly distributed your Word documents to all your email contacts. It can get much worse, now that computers have the capability to see and hear us via webcams and microphones.

Luckily, there’s an easy defense against peeping webcams: plain, old adhesive tape. Just take a small piece of that and cover the lens. When you need to use your webcam, just peel it off and replace it later. If you’re worried about putting tape on the lens, use paper and tape instead.

It’s a bit of a kludge, but hey: Tape has the added benefit of being impenetrable to software attacks.