onega

Onega Treasure Hunt and Christmas Dinner 2016

For this year's work Christmas do we started off with a treasure hunt for which we started off at The Barbican and followed cryptic clues around the city exploring many of the sights that we usually walk past and take for granted every day. The clues were probably written by the same people as make the Telegraph Cryptic Crossword as they were challenging to say the least. The best of us managed to get half way through the fifteen waypoints before we had to break off for supper.

Could you have worked out these clues? 

Dinner was at the Disappearing Dining Club at Ropewalk / Borough. This was inside an architectural salvage yard and the food and drink were excellent.

For the treasure hunt we'd been split into three teams and there were prizes for everyone, which ranged from a Lock-Picking Skills Masterclass through to tickets to the BFI IMAX Cinema, getting to choose the next company outing, parkour at the Parkour Academy, and others. 

Many Thanks to Heather for organising this. 

Christmas Party Gallery:

A Maharajah's Wedding

In Hindu wedding tradition, the Groom is treated as a Maharajah or King for a day and the Bride is honoured as Goddess Parvati. So it was for one of our most esteemed colleagues, Krunal Patel, this weekend and we were honoured to have been invited to his and Sejal's wedding at the Hilton Heathrow on Sunday 27th November 2016. Krunal was resplendent in traditional attire as you can see below:

Krunal before the big event.

The Groom enters the wedding ceremony first and Krunal did this in style, mounted on a suitably garlanded white horse.

Krunal on his White Charger. Thankfully the horse was very well behaved.

The groom's procession approached the venue with much dancing, with an Indian drum and brass band proclaiming the approach.

The Ceremony

The ceremony itself starts with just the Groom, his best man, the parents and the priest who orchestrates proceedings. There was a film crew present so we expect a Bollywood style production to showcase the event for posterity in due course. Guests were requested to be silent for the wedding (not always the case) which had a number of steps including the ceremonial washing of Krunal's feet by his new parents-in-law, prior to the arrival of the the Bride.  Sejal kept Krunal waiting as all brides (according to legend) do and was brought into the hall carried by her brothers and uncles upon a flat, open sedan chair.

The different parts of the ceremony include blessings, offerings and processions. At the end of the ceremony the Bride and Groom are presented as a married couple and you can see Sejal and Krunal here, newly married. If you look carefully you can see a red string that goes around them both and joins them. There is also a scarf around Krunal's neck that is tied to Sejal's sari for the same symbolic purpose; quite literally tying the knot. They remained joined after the wedding as tradition dictates, newly bonded to one another.

Sejal and Krunal newly married.

A photo from part of the ceremony.

Wedding Lunch, Dinner and reception:

After the wedding there was a very good lunch and then a well-needed break before the big celebration and reception in the evening.

Some of the Onega team and partners at the wedding reception dinner.

A photo from the big reception and party in the evening. Sejal was changed into a white wedding dress and Krunal wore a dinner suit and top hat - you can see the dancing in the centre of the picture here amongst the confetti.

We all wish Sejal and Krunal every happiness and all the very best for their future together.

Crims are clever..

You have to hand it to them, criminals are a clever bunch and in some ways we should thank them for entertaining us with their ingenuity. Actually we do thank them - with our hard earned cash when they get the better of us. This cat and mouse game will likely still be going on when Long Player (http://longplayer.org ) has long since stopped playing...

In the interests of learning and staying safe, we'll share some experiences of current attacks used to try to steal your information (and thus maybe your money a little later).

Example 1:  Socially Engineered Email Attacks

This is a popular one as we write and, having started off targeting large organisations, it is now trickling down to smaller organisations like yours.

What happens? Criminals have a look at public sources like your own useful website / Companies House etc. to identify who the main boss(es) of the company are and who is in the finance team. They then craft (forge) an email from the head of the company to the head of finance asking for help to make a payment to a supplier, which might be a perfectly normal thing to do and a reasonable request. If the scheme runs to completion then the head of finance replies, thinking that he or she is talking to the boss, and £15,000 (or such amount as the criminal deems appropriate to not raise suspicion) is transferred into the sunset. 

If the criminal can be bothered, they may even have sent a fake enquiry to your company prior to the attack, so that they have a copy of your email stationery and footers to make the mail more convincing.

To date (October 2016)  it is estimated that just short of a billion pounds have been lost by UK companies falling for this type of fraud. Not many people or large organisations are going to want to stand up and admit that they were caught out though.

The same exploits are used not only in attempted financial fraud but in other walks of life too. A salient example is noted at http://www.bbc.co.uk/news/uk-england-london-32095189 where a prisoner was released and ushered out of jail after his bail / probation had come through - albeit on a fake email which was not noted until his release.

Example 2:  Phishing Links

A newer threat that we are seeing in the wild at the moment is the digital equivalent of the chain letter, but with more malice. It starts when criminals trick you (through one of many possible ways) to reveal your login credentials for your email (MS Office 365 / Exchange / Lotus Notes / Google Mail). They then access your mailbox and send out a bulk email to all your contacts using your email account. Since this will be to people you know and who know you and is sent via your real email address and mail system, the chances are that it will get through all the email filters.

As they have access to your mailbox, they know your industry and how you write, along with your stationery etc.  They also have a full copy of your email box in case there is anything interesting or useful to them in there. What could a criminal or competitor do if they had a full copy of your email box, sent box, folders, contacts, diaries, public folders and web shared folders?  Have you ever emailed payment card details to people or noted passwords in email?  Although most of the time this may be disregarded as the prime aim is just to spread and spread malware to do more damage later.

A typical mail sent out from one company to another could include a note such as: 'Please can you review these deal documents?'; or something similar that is appropriate to the industry and company, such that it looks credible, as well as a link to a document sharing website like Google Drive / Docusign Form etc.

When someone receives this message, if they click on the link, they might get a login page such as the below to access the 'documents':

The above looks like a legitimate login page for Google Drive, but please look carefully at the address - it starts out with 'drive.google.com (which looks legitimate to the human eye), but the 'gotcha' is the bit after this of .kwaltaz.com ... so you will not be going to Google Drive at all in this case, but to a sub-domain (sub-site) of kwaltaz.com - easy to miss that small but vital detail. The page looks convincing so if you are in a hurry then you may just enter your details to log in to get to the interesting deal documents.

If you do proceed to enter your details as invited to do, then you'll have just given away access to your files / email / anything else you store on Google in this case to the criminals. Unless you have further login security in place, they can now log into your email, continue the chain and help themselves to any interesting items you have. You may well not know that they've been looking and lurking for a week or more, before your mailbox is used in turn and it is also possible that your login might be sold on the underground 'darkweb' markets - value being higher depending on factors like, organisation and connectedness.

When one of these email abuse attacks are launched to repeat the cycle that started this example, the person or group starting the bulk mail is said to have 'owned' your mailbox. They may also change your password to lock you out and to slow down the process of you getting control back once you realise what is happening (by which time the damage is done in mail sending and to your reputation in turn).  We've also seen that criminals like to interact with people when they are in the process of an exercise of abuse. For example: if a bulk mail goes out referring to deal documents etc. and a recipient is slightly suspicious so mails back to confirm validity (e.g. 'Hi Paul - can I check that this link was from you and is legitimate?'); then the crims in turn reply back to say something like - 'Hi Bob - yes, these are from me - please review and let me know your thoughts' etc... so encouraging Bob to become the next victim in the chain. The perpetrator of the fraud also likely deletes all your contacts and the replies / conversations they've had to further frustrate your recovery and communications as you wrestle back control of your mailbox.

Remember that, in this case, the email comes from the trusted mail account and no virus bearing attachments are included, only the link to the website for the 'documents' so the majority of virus scanners / junk mail filters will pass the email as 100% legitimate. There are effective defences but we'll come onto that later. Apart from just stealing your login details, scripts on the site also commonly detect what type of computer you have and which web browser and if these are known to be vulnerable to known attacks then they will often proceed to use these open doors to load malware onto your computer in the background without your knowledge. If you know that 90%+ of infections can be avoided by having your computer up to date so that known vulnerabilities are stopped, then you'll understand why your IT department focuses a fair bit of time and energy on patches and updates that get pushed out to your computer to keep you up to date. The odd reboot to apply these is a very minor inconvenience compared to the alternative of not keeping up to date!

Example 3: The Freebee USB stick.

Who doesn't like a freebie? For example a free promotional USB drive that you're sent in the post, or one that you were 'lucky to find' which someone else had evidently previously dropped. Statistically we're all suckers for the proverbial free lunch and 'don't look a gift horse in the mouth'.  So you proceed to plug the drive into your computer to make use of it, or if found to see if there is anything interesting (music/ files / competitor files / the original owner's contact details to return the drive) on the drive. There is a chance this was your lucky day, but equally there is a good chance that the drive might have been 'dropped' where you'd find it.

When you click to open files on the drive, these may not be what they appear and unbeknownst to you could silently install malware or viruses on your computer, especially if you don't disable the 'autorun' features on removable media. By the act of plugging in the USB device to your computer, you bypass all your network firewall and external security and there is a very good chance that if a hacker can be bothered to drop USB devices for you to find, then they'll be bothered to write a custom virus for you that will not be detected by your virus scanner.  Thus the last line of defence on your desktop could well be bypassed as well and the attacker has a backdoor to your office network and can likely get to anything you can get to, as well as maybe recording all your visited websites and keystrokes. Combine this with taking the odd screenshot in the background and letters 2 and 6 of your password may not be your secret for long.

Example 4:  Bank Phone fraud.

We're all very careful about our computing and personal data, which websites we trust and keep our cards safe, don't we?  So if you get a call from your bank's security department that they're worried about a number of transactions that have been put through for authorisation on your account, then you'll be glad that their anti-fraud systems have got your back, right? Not if the caller is not, in fact, your bank, but yet another clever criminal trying to catch you off-guard; to obtain your banking details to later abuse and enrich themselves. The fact that they appear to be trying to help you by flagging attempted transactions on your account is often enough for them to get your confidence before any of these 'transactions' go through.  Analogue telephones also have a flaw that is abused at this point; if you have any doubt as to whether the call is genuine, then you can call back the bank on the phone number printed on the back of your bank card and are encouraged to do so 'to satisfy yourself that the call is genuine'.  So you hang up the one call and then dial the number on the back of your card for whichever bank you are with. The call is answered - sometimes with a short 'your call is very important to us and we are connecting you as quickly as possible'; then you ask to be transferred to the fraud department where you are connected to the same, or another, agent who then verifies your details and helps you reset your security information to be very secure in future. In actual fact you've not called your bank, as the original call has not been cut off.  The flaw in many phones is that calls do not disconnect until the caller (that rang you) has hung up, thus you've been on the same fraudulent call all the time and likely given away your memorable word / date / date and place of birth etc. in the process, while all the time thinking you are helping the bank to protect you.  You can imagine how this ends; often within days of the original call.

There are a number of variations on this fraud call which targets businesses as well as individuals. Criminals know that certain professions, like solicitors, accountants and investment advisers may well hold short-term funds for clients in client accounts separate from their own funds. Where this is the case, there is a heavy duty of care on the holder and thus criminals may well target these groups as the modus operandum of the call appeals to and preys upon the instinct of the account holder to 'keep the funds safe'.  Variations have included suggestions that the 'bank' will call back (and then do) tomorrow to assist with moving chunks (often quite considerable) of money into 'safe' accounts away from the account which is currently being 'targeted'. So, in a desire to keep client money safe, the unwitting victim actually assists the criminals by transferring large amounts of other people's money to them; which in many cases is never to be seen again.

If you're thinking 'no one would fall for this', then have a read of http://www.bbc.co.uk/news/business-34425717 which is a real example of this fraud occurring. The article notes that in the case of this unfortunate solicitor, the implication of the fraud was personal bankruptcy and being banned from practicing her profession. We understand that the professional indemnity insurers also failed to pay out on the grounds that she 'knowingly assisted criminals' which we think counter to probability and good faith in insurance so also be reminded that not all insurance is the same, though you may only come to understand that when you need to call upon it. Would your insurer cover you for this case if you acted (in your mind) in utmost good faith but were fooled into transferring money to criminals? Now might be a good time to make a call and find out.

What can we do to stay safe?

The above are just some examples of common frauds that we see in the real world that are delivered by technological means. There are many more.

Some advice we'd generally give is:

  1. Remember nothing is secure.

    Sobering as it is, there is no such thing as a completely secure system; only degrees of risk reduction. Security is about reasonable justified degrees and measures which reduce risk of abuse. Admitting that you have a security problem (we all do) is the first step towards mitigating it. Never trust a security professional who isn't paranoid!
     
  2. Learn from the mistakes of others and don't repeat them.

    Take an active interest in security. The more you know, the more you are armed. There is a lot to read on the Internet and in the press and knowing that you are at risk is the first step in reducing risks.
     
  3. Respect the need for security.

    Security often (nearly always) comes at the expense of some convenience. Be that glass screens or steel bars in a bank branch that physically protect cash, or computer processes that ask for authentication or for you to change your password from time to time. Each time you have to go through the hassle of changing a password, remember that means you have a fresh start where anyone who might have known your password, now does not.  Equally if your computer prompts for a reboot to complete install of (security)updates, don't hit 'postpone' but instead save anything you need to save, hit reboot and grab a coffee or glass of water; the updates are there for a good reason - to keep you safe.
     
  4. Be part of security.

    We all need to be careful and vigilant. Even network administrators should normally only log in with normal user rights - see our other post on this at  http://www.onega.net/blog/2015/6/4/are-you-logged-in-with-admin-level-credentials-on-your-computer-right-now . More generally, ensure you consider things and share information on a 'need to know basis'. Recruitment companies and those involved with industrial espionage (the former might arguably be the latter in some cases) might charm information out of you under many guises.  We've even had phone calls where people claim to be calling from the Police (not the band or manufacturer of sunglasses, but the law enforcement crew) and naturally we want to help them, don't we? Even beware that, by reading security blogs and web pages, you are often giving away your network IP address and location.
     
  5. Make sure appropriate technical measures are in place to minimise your risks.

    Where appropriate, pieces of technology can help maintain security.  Make use of these and make sure they are configured, deployed, monitored and managed appropriately. There is a big difference between just 'having a firewall' and having a well-configured and well-run security solution in the same.
     
  6. There are no stupid questions when it comes to IT security.

    As a rule of thumb: If you have a doubt, point it out. If something looks too good to be true, or does not 'feel right', then be sceptical and check. This might be in the language used in an email that might not be quite characteristic of the sender. Remember it took the one little boy to point out the emperor wore no clothes - often we find this recurring on a digital scale. It can also be in person or on the phone.  Who is that new guy in the office and does everyone else just assume he has the right to be there?
     
  7. Trust your security.

    There are many computing tools that aim to minimise risks online while you get on with your work. Quite a few operating systems (including MacOS / Windows 7, Windows 8, Windows 10 etc.) and popular web browsers like Firefox, Chrome and Internet Explorer have pop ups when they are warning you about a potentially dangerous website, or when a piece of software is trying to change things on your system. Unfortunately many studies show that 95%+ of the time people just hit 'Continue' and carry on. Stop and think when you see these, and better to err on the side of caution.
     
  8. Maintain good backups (and test them).

    If all else fails, you've got your backups, right? There are many risks from threats like 'cryptolocker' which encrypt your files and ask for a ransom to restore them (which likely leads to only an empty wallet and no files back for you) and the value of your information to others which may be electronically leaked. But if you have good backups, at least you are still in business. Onega have developed a Backup Policy Template document which takes you through a number of risks to help make sure you have an appropriate strategy in place.  We'd be happy to share a copy of this with you. Do test your backups though; we can't stress that enough. Over time companies implement new systems and people put things in new locations. On the cloud, on their computer, on external drives and network shares. Pick some random files, note their details, move them to somewhere new and challenge yourself or your IT department to get them back. A good example of this is if you move all your Outlook contacts from Office 365 to a PST file - do you have these backed up and can you get them back easily? I digress, but in that example Onega would have you covered with our O365 SkyKick backup system to keep your MS Office 365 cloud data safe.
     
  9. Don't be complacent.

    This one is hard. Our natural inclination is to concentrate our attention on what is urgent, not neccessarily what is important. Even if your office is connected to the MOD secure network, or if you've got the shiniest new firewall, is everything else as good and is everyone briefed and playing the same way. If: you leave your computer unlocked while you are away from your desk; your Sage 'manager' password is blank (the default so do check if you use this); or 1001 other things, then you are at risk.  An external check can sometimes help to remind us of this and wake us all up.  Standards like the basic Cyber Essentials standards from the UK Government give a good basic baseline, also to make sure most of the low hanging fruit is covered.

    ** Please note the above are elements of what we consider salient advice but in no means comprehensive guidelines.
Think and read warnings before you blindly click continue.

Think and read warnings before you blindly click continue.

Onega can help with aspects such as Incident Response (although we'd rather help avoid incidents in the first place), Security Review / Audit, ensuring you have good Physical and Cloud Backup Solutions, implementing multi-level UTM Firewall protection, user education and security awareness, external mail filtering etc. The first step is to get in touch and we can discuss any particular concerns, run through any issues and decide what would be appropriate for your needs.

Epilogue:

The story header picture here is of a Lego Criminal, but in actual fact we're probably not giving them the credit they're due. Here, more accurately, your foe could be better imagined as:

.. the Evil Genius (complete with white cat)

.. the Evil Genius (complete with white cat)

But in reality would actually probably look more like this:

Average Joe..

Average Joe..

Be on your guard; keep safe online and in the real world :-)

Onega Authorised to sell Microsoft Surface Computer Range.

Microsoft's Surface range consists of the SurfacePro tablet computers (the current line-up includes the SurfacePro 3 and SurfacePro 4 series) and the SurfaceBook which is a convertible laptop that can run in traditional laptop or folded screen only mode. They were originally introduced by Microsoft as much to point the way to the rest of the computing industry on design and what could be achieved, as to an actual product to sell to users. Given that Microsoft produce the Operating System for the majority of computers in the world it is not good form to be seen as competing with your clients.

In the object of taking direction, Lenovo have done so with their successful Yoga range which includes a series of convertible computers and Fujitsu (who have always been strong in tablets) have brought out new convertibles in the form of the nattily named Stylistic R726 which has been well received. However, the success of the SurfacePro range has taken even Microsoft by surprise and they sold over six million units in 2015 with 2016 likely to be double that.

Onega have been working with Microsoft products since MS-DOS 3.2 and although Microsoft is primarily known for its software, they have, for many years, made hardware which is known for being at the premium end, but reasonably priced for what it is. For example you'd always find a safe and dependable choice in a Microsoft keyboard and mouse. The SurfacePro computers are definitely at the premium end of the market and are very slick computing devices which have had very good feedback from users.

Until now, availability of the computers has been quite limited so you'd have to go to John Lewis or other big retail providers, or buy direct on the MS Surface website. Microsoft is expanding its channel to selected partners and we're happy that Onega have been accepted in the latest round as an authorised reseller. This means that we can provide clients with best pricing and support on the Surface range.

In another innovation, Onega and Microsoft are also making it easy to access the benefits of the Surface range. You can take the traditional route and buy a SurfacePro or SurfaceBook, but we can now also offer the choice of 'Surface as a Service' which allows a bundle of Surface hardware, software (if needed) and services to be made available for a monthly subscription. When the hardware and the warranty services are bundled this way there is no barrier for obtaining the very latest technology, with the peace of mind of a full warranty including accidental damage cover and a very reasonable monthly investment - you should, in any case, make sure your computers are covered under your general business policy for loss or theft.

The Surface as a Service scheme offers same day finance acceptance and we only need basic details to get approval in principle.

What do we think of the Surface and why would you consider this vs competitors? The Surface is a very slick computer which provides a lot of computing power at your fingertips and runs full MS Office and other Windows apps. If you try the touch and pen interface for handwriting or just drawing on the screen then having only a keyboard again can feel limiting on any other laptop. Potentially the Surface can save you from needing to carry around both a laptop and an iPad.

Any computer is a compromise between cost / weight / capacity / build quality / speed / expandability / badge / serviceability etc.  We often think of a laptop as being the 'sports car' of the computer world in that they are great machines but you have to make choices (unless you have an unlimited budget) to get things right for your needs. The SurfacePro ticks most boxes. The one 'gotcha' with it is that, due to the focus on ultra slim build, the spec you buy is the spec you'll finish with, in that the case is glue sealed, so you cannot upgrade memory or storage. So it is important to specify enough up front for your foreseeable needs. The comprehensive extended service warranty means that any service problems are dealt with by an advanced swap out if you have any hardware issues.

Competitors like Apple also go for the sealed device approach (seen any screws on the back of your iPad lately?) but others like Fujitsu do allow for upgrades and servicing at the slight (very marginal) expense of size and weight.

Post Brexit the British pound has been dropping in value against both the Euro and US Dollar so computers have been going up in price lately but a good computer, at whatever price, is still excellent value, especially if you get a good few years' use out of it (big hint - best money - from £10 - you'll ever spend on a computer is on the case that protects your laptop).

Onega's aim is always to find the best fit for clients and to recommend the appropriate device for your needs - so please feel free to run any requirements by us and we'll be happy to discuss.

Happy computing.

Onega Goes H2Only

We talk quite a lot about our coffee machine.  In our defence, it is a thing of beauty, producing a mighty fine brew - the carpet to the kitchen is wearing thin because of it.

A few weeks ago, Krunal made a very bold suggestion; that some or all of us take on the H2Only Challenge – an RNLI fundraising initiative involving a pledge to forgo all drinks bar water for 10 days.  One or two immediately suffered withdrawal symptoms at the mere thought of it but 8 of us decided to give it a go.   Whether there is such a thing as a selfless good deed is debatable; our first thoughts focusing on the health benefits and difficulties we may encounter.  All about us.

Except it isn’t all about us.  The RNLI had a very busy week last week – with bad weather around the coast, they had numerous well-reported emergencies to deal with – sadly with the loss of six lives throughout the UK.  This is just the work we hear about. In truth most of their weeks are very busy; it just doesn’t always make the headlines. 

If you’re quick, you can still catch two episodes of the BBC’s documentary series on the RNLI: ‘Saving Lives at Sea’ on iPlayer http://www.bbc.co.uk/programmes/b07l1z87/episodes/guide

10 days without coffee, tea, wine, beer or fizzy drinks is going to be a challenge, but we're determined to go H2Only and raise as much as we can for the RNLI. Their lifeboat crews and lifeguards know all about staying strong. They do it every day – dropping everything to go out on the water and save lives. Your support will help us stay strong too, so please give as much as you can.

Bear with us if we're grumpy on the telephone for the first few days - you can always make us feel better by sponsoring us!   Thank you.

JustGiving - Sponsor me now!

(Remember that, if you’re a UK taxpayer, choosing the Gift Aid option means the RNLI will get even more from your donation).

If you wish to take the challenge yourself, you can sign up here:  https://h2only.org.uk/#

Onega March 2016 Planned Engineering and First Focus on DNS

This is to let you know about some March Planned Engineering and Service Updates - and our fist 'Bono Pastore' Focus area. Please see the background and overview of the program at http://www.onega.net/blog/2016/03/2/bono-pastore if you're not yet aware of this.

Our first best practice focus is going to be on DNS (Internet Domain Name Services) and making sure that clients systems (as well as our own) are in-line with best practice in this area.
 

In business terms:

DNS is the system that allows us to register Internet domains for our organisations and to browse the web and send emails with friendly names like www.bbc.co.uk www.onega.net and fred@onega.net etc. So much uses DNS that we often take it for granted much of the time – and well implemented so we should.

Being such an important system, we want to make sure that client implementations are optimal in three key areas relating to DNS:

Domain Registrations – This is the administration of your domain and the registration of it. We want to help make sure that all the details related to your domains are up to date, correct & appropriate, not due to expire any time soon etc.

Internal Resolution – This is how client and server computing devices carry out Internet resolution so that you can connect to the Cloud quickly, reliably and safely (see  Secure DNS Services for more on this).

External Resolution – This is how people find your organisation and services on the Internet – to know where to send you email, browse your website and communicate via electronic means etc. It is important that this service be provided robustly and reliably.

Our object is to conduct a review to ensure that these aspects of DNS are all well implemented across our client organisations.

The next steps are:

We will be in contact with clients over the coming weeks to ensure that we run through your DNS configuration with you. Don’t worry if you’re not technical – we are happy to take care of those parts. We have a checklist which we’ll complete with you so that we capture the key information about your domains, and identify any areas that need attention so that we (you or us as per preference and can work to resolve these and get them checked off.

For clients under Onega managed services contracts we'll liaise with you and do most of the running on this to help make sure your DNS is good and documented. For clients with whom we have PAYG agreementswe can agree with you who will do what with the aim that we make sure all our your services are robust.

Expect us to be in touch soon then about next steps and starting the process. If you are not under contract with Onega (or not sure) and would like to engage in the DNS best practice review process then please do get in touch and we’ll be happy to add you to the review rosta.

For reference:

Internet DNS Best Practice Policy – http://intwiki.onega.net/index.php?title=Internet_DNS_Configuration_Best_Practice_Policy

Organisational DNS Checklist - http://intwiki.onega.net/index.php?title=Organisational_DNS_Checklist

For information on Secure DNS Services:

http://www.onega.net/blog/2015/6/4/the-importance-of-using-secure-dns-servers

If you don’t have a login for the Onega’s Policy and Procedure wiki then please get in touch and we’ll setup access for you.

Technical changes that will occur on Onega Infrastructure:

Tuesday 22nd March 2016 12:00 (Midday) GMT - We will be changing the configuration of our two legacy DNS servers 81.3.75.71 and 81.3.75.72 to no longer act as recursive resolvers. Thus any computers or servers that are using these servers for DNS will need to be updated to use alternate (eg Secure DNS) servers before this cut off date.

Tuesday 12th April 2016 12:00 (Midday) GMT - We plan to turn off these two DNS servers - thus any zones hosted on these servers will need to be moved before that time.  We have new servers in place to take the zones and migrations will be done as part and in conjunction with the best practice review process – the new DNS servers being more best practice compliant than our legacy servers.

Why are we making these changes?

In short, so that we also comply with our own guidelines for Best Practice, but in more detail:

1) Comply with best practice - Recursive DNS Servers (ones that do lookups for client PCs) should be split off in role from ones that host DNS Zones.

2) For best security and maintain best performance of the service - Recursive resolvers can be abused in DNS Amplfication attacks (see https://deepthought.isc.org/article/AA-00897/0/What-is-a-DNS-Amplification-Attack.html if you're interested to learn more

3) So that we make sure all clients are resolving securely to the Internet and to retire an older Windows Server 2003 DNS Server which is coming towards end of life.

What happens if I don’t have best practice DNS?

We don’t want to scare anyone but if you don’t comply with best practice then you risk (in the worst case):

  1. Losing your domain or having it suspended.
  2. Not being able to access the Internet
  3. Not being able to send or receive email
  4. Clients getting redirected to phishing or competitor’s websites and email going the same way.
  5. Being unprotected at DNS level against infected websites.

The above are worst case scenarios but we aim to greatly reduce the risk of occurrence by complying with best practice with regards to your domains.

Once we've been through the review process with you the outcome should be that we can all sleep easier knowing that the DNS aspect of your IT is in very good order.

Bono Pastore

Bono Pastore = Good Shepherd

This is what we aim to be at Onega. We work with organisations to help deliver smooth IT and related services. We like working with people and machines, and fixing issues. Even better than this we like to prevent problems from happening in the first place.

Before anyone asks we're certainly not likening our clients to quadrupedal, ruminant mammals of genus Ovis, nor do we walk on water. What we are saying is that much of IT, like many other things is about procedures, routine and best practice. Watching over a flock is about patience and care. Not glamorous but important. 

In the same vein, here at Onega, we are thus planning to address a number of IT focus areas with clients during the course of 2016. The pattern we plan to set and repeat here will be as follows:

  1. Identify key areas of IT that may cause risks for clients.
  2. Ensure we have best practice solutions and procedures available to address these.
  3. Communicate the focus area and engage with clients to address this.
  4. Create and fill out appropriate checklists so that we capture any relevant information and actions.
  5. Agree on a plan to resolve any issues; so that things are brought as close to optimal as practicable and document exceptions where there are good reasons why not.

During the course of these processes we well be looking at the same aspects of IT operations across multiple clients so we have the benefit of scale in the effort and the team will be well briefed on the task at hand to ensure you are getting good advice.  The outcome should be more robust systems implementations, documented procedures and policies, and documented systems and responsibilities. 

The engagement that Onega has with clients varies widely. For some clients we manage entire IT estates and systems, and for others we provide ad hoc assistance as you need us. Thus, one of the first parts of an effort is establishing the relevance of an area of IT to a client, who is responsible for this aspect and who will carry out the work and under which contract.

We fully expect that not every proposed Bono Pastore engagement will be relevant to every client so where you are happy to take care of something yourself this is documented, and where you'd like our assistance in a matter big or small we are happy to help with that. One big benefit for everyone is that the process should help make everyone aware of aspects and ensure that any ambiguity in responsibilities (or duplication of effort) is addressed and removed. 

The first pass of this series of best practice benchmarking exercises is due to start soon with DNS - Domain Name Services. This is one of the underpinnings of the Internet and something we use every day for conduct of business. Thus it is one that affects just about all clients so expect a post and for us to be in touch about this. We may even make it a podcast topic soon to go into more detail. We're mindful that we should communicate more about what we do as much of good IT, if done right, will not be seen but contributes to things 'just working'. This is ideal but far from universal so we should resist the trap of complacency just as the good shepherd keeps vigilant watch. The wolf is ever hungry but will find tonight's meal elsewhere.

Onega Awarded Silver Partner Status In New WatchguardONE Program

Onega have been installing and maintaining Watchguard firewalls for many years, and from time to time Watchguard releases new products and realigns itself with the channel. In the past we have been qualified as Certified Partners, Expert Partners, Silver and Gold Partners over time as the program has changed, and as new models have been introduced etc. Onega first became certified as an Expert Partner when Watchguard introduced their V-Class firewalls (and we have fond memories of our internal V-60 unit at the time) which were amongst the first devices to support 'fast path' architecture to allow for wire speed processing of firewall network traffic. 

Watchguard work with partners such as Onega Ltd to provide secure firewalls for business.

Onega have multiple engineers formally trained in Watchguard, and we pride ourselves that we can configure the firewalls to be more secure than 99% of the world's firewalls, which equates to achieving very high levels of network security as part of an integrated stack for clients.

We are happy that we've fulfilled the technical and commercial criteria to qualify as Silver Partners with Watchguard, and are looking forward to moving to the next step up in the program over time.

Onega At The Fujitsu World Tour 2015 - London

We have just returned from participating in the Fujitsu World Tour 2015 in London, which was held at the venue of The Brewery, on Chiswell Street in London. This was a useful day and allowed us to catch up on all that was new at Fujitsu, see some of their latest technology on display and chat directly with members of senior management etc.

Fujitsu rolled into London for one of the first events of their 2015 World Tour. Hyperconnectivity and both its impact and potential were key themes.

Fujitsu rolled into London for one of the first events of their 2015 World Tour. Hyperconnectivity and both its impact and potential were key themes.

This year's event was a big occasion, with Fujitsu marking its 80th anniversary of formation. When we are so used to tech companies coming and going, Fujitsu has shown that it is very much here to stay (and indeed growing and thriving as a business).

First item in the day was the greeting from Fujitsu UK CEO Regina Moran who also shared some of the history of the company with us. This was interesting and new to me - Fujitsu's origination was just after the Great Earthquakes of 1923.  After this tragic and devastating event, a team of Japanese engineers made a visit to Germany to investigate the newly developed technology of the automated telephone switchboard and specifically Siemens who were one of the European leaders in this emerging field of electronic communications. This lead to the founding of Fuji Electric, from which Fujitsu Computers spun off (in 1935) and also gives us insight into the origins of the enduring relationship and strong ties between Fujitsu in the East and their counterparts in Germany over time. You may or may not remember that in Europe in recent history until 2009, the company traded as Fujitsu-Siemens computers (when Fujitsu bought out Siemens' 50% stake).

Fujitsu continue to have a large manufacturing and research facility in Germany at Augsburg where many of their business laptops, servers and desktop computers are produced. Where a lot of modern computers are now manufactured in China (not that there is anything wrong with this), it is good to know that computer manufacturing of the highest quality is still alive in Europe.

The keynote address from Fujitsu's Dr Joseph Reger was standing room only.

Next up was Dr Joseph Reger, who used to be Head of Research but is now CTO of EMEIA and a Fujitsu Fellow (the highest rank of engineering within Fujitsu). His background is in academia and we have enjoyed listening to his thoughts in the past, and his take on industry trends and insights are to be respected and in our opinion well worth paying attention to. The key theme of Dr Reger's keynote address was mainly on The Hyper Connected Society, and Human Centric Computing. At Onega we'd think of these as different takes on Digital Disruption, IoT (Internet of Things) and Pervasive Computing. Whichever terminology you use, the key message is the same - society is becoming more and more connected, to the point that we'll think it odd if something is not networked and 'smart' in a number of years and this is going to bring a lot of change, and contingent to this; opportunity for some and threats for others. By 2020, approximately 10 Billion devices will be connected to the Internet.

To give you an idea of the continuing exponential change to come after that - if all these devices were connected only to Onega's own IPV6 allocation of addresses, they would use only 0.0000000000000000003% of our available addresses. Companies have to think about their strategies to be part of this change, to embrace the opportunities, or to be left behind. Good companies simultaneously plan and think about their strategy for the next 12 months, the next 24-60 months, and the longer term. We've written about this at Onega before but it stands repeating - some industries will be created, others will be decimated. Dr Reger was frank that some companies sugar coat this with harmless sounding terminology such as IBM's preference for the term 'Augmented Intelligence' and indeed Fujitsu's own term 'Human Centric Technology' somewhat masks the fact that whilst technology connects people, it also cuts people out of the loop in the interests of efficiency and effectiveness.

There were some good points that we can all relate to. In the current age of technology, even as it is, there are simple things too that can (and will) be improved. One obvious example in the UK, Europe and most of the world, in the field of medicine, is the current status quo; when, typically, you turn up on time for your appointment with your GP and end up waiting for up to an hour to be seen, whereas in time the reverse can be true and the statement of 'Doctor, the Patient Will See You Now' will perhaps be made as per the work of Alex Topol that we link to here.

After the Morning Plenary Session, the rest of the day contained a number of breakout sessions including Government as a Platform (Gaap), Hybrid IT, CyberSecurity, Democratisation of application development in a business, Windows 10 and many others. Like many days with multiple tracks; Murphy's law dictates that the three sessions you're particularly keen on attending will all be on at the same time.

We attended the Partner Session which was a good briefing for Partners (Onega are one of the most qualified Fujitsu Partners in London and the UK) and learnt about progressions in Fujitsu's channel operations etc. Fujitsu works well and is responsive to the partner channel, and they are introducing new concepts to their Innovation Centre in Baker Street as well as continuing to grow UK sales and engineering presence. The business is profitable and growing, and this was only good news. We and other partners asked questions and gave feedback, and the session was in good spirit.  After the session we had a short meeting with Alistair Hollands who is Retail and Volume Sales Director at Fujitsu in the UK, and this was also productive.

Bet you didn't know that Fujitsu make biscuits, beans, soup or FujiFlakes? Sadly, alongside their excellent business smartphones, these are only available in Japan for now. OK, we know you're smarter than that - this was part of the Connected R…

Bet you didn't know that Fujitsu make biscuits, beans, soup or FujiFlakes? Sadly, alongside their excellent business smartphones, these are only available in Japan for now. OK, we know you're smarter than that - this was part of the Connected Retail Display Showcase.

The evening before the event, I'd seen that Fujitsu had a smartphone app (for both Android and iPhone) for The World Tour - this I downloaded to see the agenda and map and it proved useful during the day as The Brewery is not a small venue and some of the halls had a lot of display areas from Fujitsu and their key partners; Brocade, Citrix and Intel. The app was genuinely useful on the day and I noticed that they also had a Challenge Game in this. The goal of the game was to fulfil a set of challenges and take photos which were uploaded for evidence (and embarrassment!) to prove you'd completed the task. These involved visiting nearly every stand and investigating something on it; ranging from the Oculus Rift VR Headset through to the Financial Services Innovation display and storage areas. Fujitsu now thus have photos of me doing dodgy yoga in their Human Centric Zone etc.  The game was fun and while I decided to participate competitively on this and visit all the stands quite quickly for the points, I then went back later and had good in-depth conversations with staff on a number of the stands of most relevance to our work at Onega.

The 3D view from the cockpit with an Oculus Rift in the busy demo hall.

The 3D view from the cockpit with an Oculus Rift in the busy demo hall.

The lunch time break allowed for plenty of time to visit the key stalls and have good conversations with engineers who very much knew their stuff. As with any exhibition style event, not everything brought was working.  One of the displays of interest was a state of-the-art Fujitsu Cashpoint system which incorporated palm vein scanning technology which actually scans the blood veins within a hand with IR to make a map and is more secure than fingerprints as they can't (yet) be copied. Onega have one of these scanners in our own office for staff access identification, complete with the relevant SDK which is quite simple to use.  The demo cash machine however did not want to co-operate, and thus was said to be running in 'Full Greek Mode' as the day of the Fujitsu London World Tour coincided with the day that the Greek government failed to pay EUR 1.5B to its creditors and thus became in default. We do of course empathise with the case of temporary financial hardship and correction in the birthplace of democracy.

Onega's Ben Fitzgerald with a member of the Fujitsu Hoodie Hacker brigade, who had been released for the day to come and demonstrate their ability to keep your network safe whilst enduring air conducting of the 1812 Overture and other impressive&nbs…

Onega's Ben Fitzgerald with a member of the Fujitsu Hoodie Hacker brigade, who had been released for the day to come and demonstrate their ability to keep your network safe whilst enduring air conducting of the 1812 Overture and other impressive feats.

One particularly good conversation I had was with the Fujitsu Managed Security team - they have a number of outsourced services that are relevant to Onega clients and take IT elements that are important but often in reality boring and apply excellence to these. An example of this is in their firewall log file monitoring and management service. Traditionally this is something that would be done by internal staff in a large organisation, but it is hardly the sexy job that everyone wants. Analysing large amounts of data is something that is vital in order to find the needles in the haystack and manage the information that matters. Through best practice and a high degree of automation, Fujitsu can offload this task from an organisation and in 99% of cases do it better - alerting a business to threats and realities that they would want to know about in order to manage reduce the risk of cyber fraud and information (which leads inevitably to financial loss). This service is evolving so that it will be of emerging interest to mid size firms who want to make sure their security is in good hands.

Fujitsu had all their latest laptops on display and these are among the slickest and best built business laptops available - many members of Onega staff are equipped with Fujitsu laptops and for good reason. They are good and dependable, light and with excellent screens and battery life (some up to 20+ hours with an extended battery - and this is genuinely achievable). Also on display was the lineup of storage solutions, for which Fujitsu are particularly strong. Their storage we also use here at Onega with our DX90S2 SAN, which has had zero unplanned downtime since installation and is boringly dependable (in a good way - some things in life you want to be boring and dependable so that you can sleep easy and worry about other things instead).

Stepping outside my comfort zone (I'm neither photogenic or telegenic), I also had the pleasure of an interview with George Barker from Cloud-Channel.TV  which was actually fun and I look forward to (read: 'am dreading!') seeing the results.  I was asked about my take on current and future trends and shared thoughts on some of the disruption we see coming.

After this, we attended a world first at the event which was the Global Launch of Fujitsu's'Beluga' storage system. Answering the needs of 'big data users' this a storage array system that can scale massively to 18 PBytes+ of data in a single array, with a massive IOPS capability to go with this. This allows for massive data sets to be stored and crunched through in a large scale system with greater coherence than you'd get in a (lower cost) distributed data system. We understand that the code name of Beluga was adopted as it is big but agile. The Caviar of the Beluga is also the most sought after, and the digital equivalent is the meaningful insight that large data can give, which can give a company significant competitive advantage.  The launch event was motor sport themed and included a racing driver on standby to demonstrate the speed of the system to get everyone 'revved up'.  After the formal launch I spoke with Mr Reichart about the systems and some of the business results that clients are finding that large data analysis is delivering.

The launch of the Beluga storage system complete with the 'Fujitsu Stig' racing driver and F1 engine sound effects to get us all 'revved up'.

The launch of the Beluga storage system complete with the 'Fujitsu Stig' racing driver and F1 engine sound effects to get us all 'revved up'.

The final session of the day was a plenary session with a talk and thoughts from Futurologist Rohit Talwar, author of 'First to the Future' and a Panel Session that included Dr Reger, who shared with us his serious concern that IOT may be 'The Last Chance For Europe to Lead in Technology'. Michael Ibbitson, Gatwick Airport CIO spoke on Open Data and integration between services and there was some joint thought of the Circular Economy (a return to the past). A few interesting things we noted were the '30 Storey Hotel Built in 360 hours' (15 days) - by Dongting Lake in China and New York based Quirky Consumer Products, who help inventors get their ideas into production with the power of the crowd. Good examples of innovation and agility in business in the current day.

In closing, people were thanked, and awards given. I was surprised and happy to find that I'd won the Fujitsu Challenge competition by completing the challenges first (partly I was late entering my pictures due to the TV interview). I met a fellow competitor at the last of the challenges who worked at Bletchley Park so it must have been a close run race. Many Thanks to Fujitsu for the Virgin Experience Voucher which I was grateful to accept on behalf of the team at Onega and which will be very much enjoyed.

A very worthwhile day in all and very good to catch up with people at Fujitsu in person, with many that we normally might mainly talk to electronically or by phone. Onega are happy to partner with Fujitsu, and value the strong relationship.  

What To Do If You Lose Your Laptop Computer - Onega Style

One of our clients recently had the misfortune to become separated from and lose his laptop computer while on a business trip to Sweden. This is the story of what happened and how we were able to help later reunite him with his laptop.

Anyone who travels on business will be aware that current rules and procedures for airport security require that, if you are travelling with a laptop computer in your hand luggage, then you must take it out of the bag and run it separately through the x-ray machine at the security station.

On this occasion Onega's client, Tim (who was happy for us to share this story), was on his way back to the UK from a business trip to Sweden and running close for time to get on the plane. After having gone through the bag check and x-ray station, in the rush to get on the plane, he was distracted and forgot to pick up the laptop after it had gone through the scan.

It was only the morning after returning home from the evening flight back that he realised the computer was missing and what had happened. Airport lost property was contacted with a description and identification details of the laptop, but unfortunately nothing had been handed into lost property. A report was left of the loss of the computer with the airport authorities and for our client's insurance purposes. From a practical perspective Onega then proceeded to procure a replacement laptop for our client the same day and configure for email, restore the files from most recent backup and generally get our client back to operation quickly and efficiently.

Normally this would be the end of the tale and you'd kick yourself for forgetting the laptop (though it's easily done and we're all human), but in this case the tale then continued a few days later...

Onega like to pro-actively manage our client's systems, and we have some software and systems that help us make sure that machines are in good health, up to date with security patches and generally happy. While monitoring the management system, we noticed that the lost laptop had done an electronic check-in, so must be alive somewhere, just not with our client. So we knew the machine was being used and now had a clue as to where it was.

Following the clues here our management system logs showed us the Internet IP address that the computer had registered on, and we could in turn find out which Swedish ISP ran this particular network.

Next step was to get in contact with the Swedish Airport Police. We must say that they were incredibly helpful. We filled them in on what we'd found and they were able to contact the ISP to find the subscriber details related to the IP address where the laptop had checked in from.

The next day, armed with this information and after we confirmed that the computer was still online from the same address, the police visited the house. Unfortunately there was no one in; so they broke the door down and entered the property, recovered the laptop, and left a note on the door asking the householder to get in touch.

The person who had the laptop claimed to have bought it from someone in a park, so was let go with a warning, a note on record, minus the laptop of course and with the task of replacing their front door.

The evidence here was later used to support (alongside other evidence) a successful prosecution of a member of the airport security scanning station staff; who it turned out had a sideline in taking and selling items that were left behind on the scan station when they really should have been handed into the airport lost property office.

Our client picked his laptop up a few weeks later when he returned again through the airport on business, and the laptop has now become a 'good spare' which is always a useful thing to have.

So a good result all round (unless you were the unwitting buyer of the laptop or the light fingered security officer of course!). Here at Onega we rather enjoyed working with the Swedish Airport Police as well as the happy outcome for our client in getting his computer back.

We can't promise that we'll be able to reunite every owner with their lost laptop, but we do promise to do our best for our clients to continue to provide excellence in IT support delivery that 'goes one step beyond' as Onega's normal standard.