Electronic Government Information Strategy Roadmap

Posted on by CeraNet

Recently the office of the CIO for the USA put out a roadmap plan that outlines how the US government will enable secure access high-quality digital government information, data and services—”anywhere, anytime, on any device.” It provides a high level outline of how raw data should be made available, an application interface framework to connect agencies to data they need to operate, as well as driving goals for all bringing electronic data to the end consumers (aka the public). This is an unprecedented step in bringing the government in line with today’s technology and expectations of a mobile society.

It reminded me of when I went through the process of getting a permit for a block party from the local government (City of Columbus, Ohio if you’re watching!). It was a complete nightmare. I had to drive down to the Parks & Rec department to get the form (it was not available online), drive it over to the police department to get it approved (why wouldn’t they approve me shutting down the road in front my house for the neighborhood kids to have fun?!?!), drive it back over to the Parks & Rec department to get it finalized (or so I thought!). When I went to get the permit, the Parks and Rec department informed me that the form was invalid because it didn’t come directly from the Police department via interdepartmental mail. How was I supposed to know that? The officer that signed off on the permit didn’t know that either (he had been with the department for 30+ years!). Long story short, they called over and spoke with him — luckily he remembered me & told them it was ok, I paid $75, and received my permit. Imagine if this was a web page form that was directed to the appropriate department for approval. It would save everyone a lot of time, trouble, and unnecessary cost.  While I understand this has little to do with the attached doc, it is indicative of how far we have to go before we can start talking about API’s to different systems and heaven forbid allowing me to fill out the necessary forms from my IPAD.

You cannot finish unless you start.  This is a great start.

Download the PDF full doc here: digital-government-strategy

Posted in CeraNet | Tagged , , , , , , , , , , , | 10 Comments

Passwords

Posted on by CeraNet

Are you using ‘strong’ passwords?

About once a month we receive a call from a client asking to change all of their access information… account admin, email, ftp, cloud control panel access, dns services, domain name registration information, and anything else that has a password associated with it. Each month we tell them that they can reset their passwords for access through the control panel and end up spending about an hour walking them through it. While it is a bit cumbersome to change all of your account info so often, it is a very good idea. I recently asked them if they changed all of their info with online banking, portal access (like MyYahoo, Google, iTunes, etc.) so frequently. They do. He proceeded to tell me that he has a little black book that he keeps in his desk with records of everything. HELLO! He works in an office with over 100 other people. Does anyone else see a problem with this?

Regardless, it is a great idea to change your passwords every 30 to 90 days just to be safe. Here are some other tips from a recent PingZine! article:

  • Use special characters like $#@!%^&#$
  • Never give your password to anyone
  • Never reply to an official looking email asking for your password or access info
  • Clear your browser history
  • Use spyware detection software (Windows comes standard with it – check out security essentials)
  • Don’t save your passwords on your computer, post-it notes stuck to your computer, or anywhere else.  Keep them in your head.
Posted in CeraNet, Security | Tagged , , , , , , , , , , | Comments Off on Passwords

On Demand Cloud Servers

Posted on by CeraNet

Last Friday we received a frantic call from yet another business saying their data center / service provider was closing down.  They were given a three-day notice (pretty good comparing to other similar situations) and told that they needed to get their equipment & data out.  Unfortunately, *not* an uncommon scenario these days…

We spent a couple of hours discussing possible solutions including colo service, where they would just bring their VOIP systems over to our data center, dedicated servers that we would setup with new installs of CentOS and Windows Server 2008 R2 + a Cisco ASA for firewall / VPN protection, and finally a hybrid approach using cloud servers that they could expand as their business expands + an ASA to secure everything.   They chose the hybrid approach as it was the most economical, plus gave them the ability to expand as needed.  We had the servers setup within a few short hours and they began setting up the servers & migrating their data.

By Monday afternoon, going with a hybrid approach turns out to be the best choice.  They found that some of their software was going to be more difficult than expected to upgrade.  They have a colo server with their main PBX system, a dedicated firewall / vpn device (Cisco ASA 5505), a Linux cloud server that will take over as their PBX as soon as they get some software issues hammered out, and a Windows-based cloud server running their billing systems.

Your data center partner should be helping you with these types of solutions.  If they are not, email sales@cera.net and we’ll get you started.

 

Posted in Cloud Servers, Co-Location, Dedicated Server, Security | Tagged , , , , , , , , , | Comments Off on On Demand Cloud Servers

MAC multi-tunneling VPN connection

Posted on by CeraNet

Apple makes great computers.  Unfortunately they software selections are not the most robust.  Recently we rolled out a solution to a new client including a virtual private network, cloud servers, and software licensing.  Everything has gone relatively smoothly with the exception of a couple small issues including using the Cisco AnyConnect VPN client on a MAC.  The client tries to force all of traffic down the VPN connection when it should be sending only the traffic to the server.  This means that when the client is connected to the VPN, he cannot get to outside web sites, email, etc.  Obviously an issue & since he is the one paying the bills, its our problem.

There are many workarounds available from the thousands of MAC users out there with similar issues.  Each one has some potential issues and will inevitably end up being a support nightmare.  I believe we are going to implement a site to site connection using an ASA at his site that directly connects to the ASA here, therefore eliminating the need for the software client.

If Apple is going to make a serious push to get their computers more involved in the business environment, they are going to need to dedicated more resources to providing software to make it happen.

Posted in Cloud Servers, Security, VPN | Tagged , , , , , , , , , | Comments Off on MAC multi-tunneling VPN connection

Payment Card Industry (PCI) Compliance

Posted on by CeraNet

Every week a client calls or emails with PCI compliance issues.  Usually they merchant account provider has initiated a software scan of their website and created a report showing at least 5 or 6 items that are ‘serious’ issues.  While the credit card companies and major banks such as BoA, JPM, Citi that own majority stake of them, along with the merchant account companies, use PCI standards and regulations as a way to push liability for data breaches to businesses that accept the cards from end users.  They have a vast set of compliance regulations (https://www.pcisecuritystandards.org/) in place that make it nearly impossible and largely uneconomical for small business to abide.  However, if you want to be complaint these are some of the items you need to look at:

  • Use a software scanning company to check your site.  They will give you a report that shows some of the items that you need to change on your site, hosting account, security setup, and more.
  • Look at using a secure firewall / vpn appliance like the Cisco ASA 5505 to secure your server (cloud, dedicated, or colo).  You have to use a separate application firewall to protect your data – not the firewall built into the OS and not a shared firewall.
  • Encrypt your communications from end users with SSL certificate.  Use SSL 3, not 2.
  • Once the data makes it to your server, encrypt it there.  Encrypt the database.  Make sure any backups are encrypted.
  • Most all shared servers are inherently not PCI complaint.  Despite what the low-cost, shared hosting providers say.   They guarantee compliance, say everything is secure, etc for $1.95 per month.  What do you think is going happen if there is a problem.  You will find out that their terms of service didn’t allow you use their service if you were actually accepting credit cards (this really happened to one of our newer clients), they have all sorts of options that you have to ask for to really get compliance (all adding to the price), etc.

There is more, but you’ll have to email us to find out.  Thanks for reading.

Posted in Firewall, Security, VPN | Tagged , , , , , , , , , , , , | Comments Off on Payment Card Industry (PCI) Compliance