Category: General IT

DNS Terminology

In this post, I am going to give few basic DNS components before going to discuss the DNS functionality in depth in technical terms.

Who invented the DNS?

Paul V. Mockapetris (born 1948 in Boston, Massachusetts, US) is an American computer scientist and Internet pioneer, who, together with Jonathan Bruce Postel (August 6, 1943 – October 16, 1998) invented the Internet Domain Name System (DNS)

DNS Inventors

Paul has dual B.S. degrees in Physics and Electrical Engineering from MIT, and a Ph.D. in Information and Computer Science from the University of California, Irvine.

Postel has done his B.S. degree, M.A in Engineering and Ph.D. in Computer Science from UCLA.

Domain Terminology:

There are many terms used when talking about domain names and DNS that aren’t used too often in other areas of computing.

Domain Name System

The domain name system, more commonly known as “DNS” is the networking system in place that allows us to resolve human-friendly names to unique addresses.

Domain Name

A domain name is a human-friendly name that we are used to associating with an internet resource. For instance, “google.com” is a domain name. Some people will say that the “google” portion is the domain, but we can generally refer to the combined form as the domain name.

The URL “google.com” is associated with the servers owned by Google Inc. The domain name system allows us to reach the Google servers when we type “google.com” into our browsers.

IP Address

An IP address is what we call a network addressable location. Each IP address must be unique within its network. When we are talking about websites, this network is the entire internet.

IPv4, the most common form of addresses, are written as four sets of numbers, each set having up to three digits, with each set separated by a dot. For example, “111.222.111.222” could be a valid IPv4 IP address. With DNS, we map a name to that address so that you do not have to remember a complicated set of numbers for each place you wish to visit on a network.

Top-Level Domain

A top-level domain, or TLD, is the most general part of the domain. The top-level domain is the furthest portion to the right (as separated by a dot). Common top-level domains are “com”, “net”, “org”, “gov”, “edu”, and “io”.

Top-level domains are at the top of the hierarchy in terms of domain names. Certain parties are given management control over top-level domains by ICANN (Internet Corporation for Assigned Names and Numbers). These parties can then distribute domain names under the TLD, usually through a domain registrar.

Hosts

Within a domain, the domain owner can define individual hosts, which refer to separate computers or services accessible through a domain. For instance, most domain owners make their web servers accessible through the bare domain (example.com) and also through the “host” definition “www” (www.example.com).

You can have other host definitions under the general domain. You could have API access through an “api” host (api.example.com) or you could have ftp access by defining a host called “ftp” or “files” (ftp.example.com or files.example.com). The hostnames can be arbitrary as long as they are unique for the domain.

SubDomain

A subject related to hosts are subdomains.

DNS works in a hierarchy. TLDs can have many domains under them. For instance, the “com” TLD has both “google.com” and “ubuntu.com” underneath it. A “subdomain” refers to any domain that is part of a larger domain. In this case, “ubuntu.com” can be said to be a subdomain of “com”. This is typically just called the domain or the “ubuntu” portion is called an SLD, which means second level domain.

Likewise, each domain can control “subdomains” that are located under it. This is usually what we mean by subdomains. For instance, you could have a subdomain for the history department of your school at “www.history.school.edu“. The “history” portion is a subdomain.

The difference between a hostname and a subdomain is that a host defines a computer or resource, while a subdomain extends the parent domain. It is a method of subdividing the domain itself.

Whether talking about subdomains or hosts, you can begin to see that the left-most portions of a domain are the most specific. This is how DNS works: from most to least specific as you read from left-to-right.

Fully Qualified Domain Name

A fully qualified domain name, often called FQDN, is what we call an absolute domain name. Domains in the DNS system can be given relative to one another, and as such, can be somewhat ambiguous. An FQDN is an absolute name that specifies its location in relation to the absolute root of the domain name system.

This means that it specifies each parent domain including the TLD. A proper FQDN ends with a dot, indicating the root of the DNS hierarchy. An example of an FQDN is “mail.google.com.”. Sometimes software that calls for FQDN does not require the ending dot, but the trailing dot is required to conform to ICANN standards.

Name Server

A name server is a computer designated to translate domain names into IP addresses. These servers do most of the work in the DNS system. Since the total number of domain translations is too much for any one server, each server may redirect the request to other name servers or delegate responsibility for a subset of subdomains they are responsible for.

Name servers can be “authoritative”, meaning that they give answers to queries about domains under their control. Otherwise, they may point to other servers, or serve cached copies of other name servers’ data.

Zone File

A zone file is a simple text file that contains the mappings between domain names and IP addresses. This is how the DNS system finally finds out which IP address should be contacted when a user requests a certain domain name.

Zone files reside in name servers and generally define the resources available under a specific domain, or the place that one can go to get that information.

Records

Within a zone file, records are kept. In its simplest form, a record is basically a single mapping between a resource and a name. These can map a domain name to an IP address, define the name servers for the domain, define the mail servers for the domain, etc.

 

Source: internet hall of fame, digitaloceanwikipedia

 

What is DNS and how it works

DNS stands for Domain Name System, is the backbone that runs the Internet.

It is a database that works like a phone book for the internet, converts a domain name, such as “www.example.com,” to a machine-readable IP address, such as “22.231.113.64”.

image

The internet is built up on two namespaces. The domain namespace and the IP address namespace. The translation of one to another is the service which is provided by DNS.

Explanation about DNS in Simple Terms:

DNS is very similar to the postal or telephone addressing system most countries have, with two main components: a name, and a more detailed, numerical address. If you’re sending a letter to someone, say, Jennifer who lives in Manhattan, you’d address it such:

Jennifer Aniston,

100 5th Avenue,

New York, NY 10027

With the Internet, the “name” is called a domain, and the “numeric address” part is an IP (Internet Protocol) address. But unlike sending a letter, as a regular user on the Internet, you don’t have to know the numeric address of your site, just the domain name!

Each domain (in the form of http://www.domainname.com) has a specific IP address it corresponds to. This IP address indicates the “home” or server where the web page being requested is being hosted.

Note:  Although, these procedures appear to be lengthy; however, they can happen within a tenth of a second. It is so fast that the entire process can occur before a blink of an eye.

DNS The IP Address:

xxx.xxx.xxx.xxx – where each ‘xxx’ is a number from 0-255

If you have a dedicated IP address, there will be only one domain at your “house” address. Very few commercial hosting options offer dedicated IPs with their basic plans, and usually there are hundreds to thousands of domains being addressed to the same server. So, your address is more likely to be an apartment building instead of a single-family house.

 DNS Name Servers / Authoritative Name Server: Your Global Directory Assistance

Another important player in this DNS world is the “Name Server” which is the equivalent of your local post office. They know where you live and that when a letter arrives with your name and address, they confirm and ensure that it reaches its final destination.

Each domain has just one Name Server that is in charge of keeping that domain’s information and IP addresses. Simply, when your change your IP address or “home,” your domain’s name server passes the word on the internet (with the help of routers, which we’ll talk about later) to the rest of the internet so a request directed to your website will find you.

What Happens When You Change Web Hosting

If you were moving your physical house, you’d have to notify the local post office or city hall with your new address. With your website, since you’re moving your data from one “house” to another, you need to update your site’s address, too. Usually this will require you changing the IP address to reflect the new hosting company’s server where your information will reside. Your hosting company can provide the correct IP address for you.

  • In the DNS, you’ll delete the current “address” and then insert the new IP address of your new hosting.
  • The name server notices that the DNS for your domain has changed, and usually within 24-48 hours, the name server will notify the rest of its network, which in turn will propagate the information throughout the internet.
  • The next time someone types in http://www.domainname.com, the request will be sent to your new address!

Advanced DNS Questions

  • Can you have multiple IP addresses for a single domain? Yes, much like Lifestyles of the Rich and Famous, sites which are very popular often have multiple “houses” – and often this is done with sites that have a lot of traffic and are using multiple servers to meet the demand.
  • Can multiple domains respond to the same (IP) address? Yes, as mentioned above, many commercial hosting solutions offer low-priced hosting because they can put hundreds or thousands of sites/domains on the same server since the traffic demands are so low. Depending on the traffic that comes to your site, you’ll probably never notice.

Keep reading, Keep learning 😊

Source: whenihavetimecloudflare

 

Digital Minimalism

Minimalism is big these days. In particular, there’s a version of Minimalism called Digital Minimalism that’s quickly rising to prominence as our lives become increasingly tech-centric.

Personal technology like smartphones and tablets are enabling us to spend more and more time online. And as we do, many of us are starting to feel uneasy about this persistent ‘digital creep’—that steady march of gadgets and tech into every aspect of our lives.

Logo

Before we get to Digital Minimalism specifically, it’s helpful to first understand Minimalism in general.

Josh Millburn & Ryan Nicodemus, two bloggers largely credited with kickstarting the current Minimalist movement, define it like this:

Minimalism is a lifestyle that helps people question what things add value to their lives. By clearing the clutter from life’s path, we can all make room for the most important aspects of life: health, relationships, passion, growth, and contribution.

What is Digital Minimalism?

Digital Minimalism is a specific application of the general minimalist
philosophy to the role of technology in our lives.

Cal Newport has the best definition of Digital Minimalism I’ve seen:

Digital minimalism is a philosophy that helps you question what digital communication tools (and behaviors surrounding these tools) add the most value to your life. It is motivated by the belief that intentionally and aggressively clearing away low-value digital noise, and optimizing your use of the tools that really matter, can significantly improve your life.

“Digital minimalism” is the concept and strategy of how to embrace and enjoy the benefits that the internet, email, the web, smartphones, tablets, and other technology bring us, without becoming overwhelmed by the fire hose. It is about how to cope with email overload and information overload, how to reduce email volume or manage it more effectively and how to not just survive, but how to thrive in the age of distraction.

If the problem is “Too Much”, then the solution to the problem will always be “Less”. Digital Minimalism is the practice of learning how to achieve that balance without losing the benefits that technology brings us.

DIGITAL USAGE BY THE NUMBERS: According to the latest research from comScore’s 2017 U.S. Cross-Platform Future in Focus study:

  • Total digital media usage is up 40% since 2013
  • Smartphone usage has doubled in the last 3 years
  • 1 of every 2 minutes spent online is on “leisure activities” including social media, video viewing, entertainment/music, and games
  • 1 of every 5 minutes spent online is on social media
  • At the end of 2016, the average person spent 2 hours 51 minutes per day on mobile

If those stats aren’t shocking enough:

  • Last year, Apple apparently acknowledged that its device users unlock their phones 80 times every day.
  • Another piece of research from dscout claims the average person touches their phone 2,617 times per day (tapping, swiping, typing, etc.) — some people are even over 5,400 touches per day.

We have been interacting with devices long enough to know, fairly scientifically, that too much screen time is a health risk:

  • Basing our measures of success and well-being on social media negatively affect our happiness, stress levels, and feelings of self-worth.
  • From a physical standpoint, over-indulging on devices can cause ailments like eye strain, text neck, insomnia, and cybersickness or “digital motion sickness.
  • Increased use of chat and text to communicate is reducing our ability to read emotions and interact empathetically with each other.
  • Fear Of Missing Out (FOMO) is a feeling of anxiety over the possibility of missing out on something, which many people experience when they discover that other people have had fun together, especially caused by things you see on social media.
  • The Fear of Being Offline (FOBO) is the lesser-known cousin of The Fear of Missing Out (FOMO). FOBO includes the fear of not being able to get online and check what is going on in your social media feed.
  • Nomophobia is the irrational fear of being without your mobile phone or being unable to use your phone for some reason, such as the absence of a signal or running out of minutes or battery power.

Tech is for making stuff, not feeling better. Use technology as a tool to accomplish your goals and aspirations. Don’t lean on it as a crutch for cheap emotional satisfaction or distraction.

YOU ARE A PERSON, NOT A PRODUCT

You are the product when you are using the Internet. You are data that is then sold to advertisers — that they then use to sell you even more stuff you don’t really need. Don’t fall victim to lifestyle inflation.

image (1)

 

Simplify your digital life:

  • Remove social media apps from your phone.
  • Unsubscribe from email newsletters that aren’t bringing you value
  • Turn off notifications from smartphone apps that are constantly distracting you
  • Go for a lunch break without your phone or tablet.
  • Practice mindfulness meditation.
  • Bring back the Sabbath. Use your day of rest as a day without tech.
  • Small Moves. Practice periodically leaving your phone at home, in the car, when you are on a walk, meeting for lunch, taking your kids to the park. People did these things just fine for generations. You can too.
  • Don’t keep your phone by your bed. Use an “old school” alarm clock.
  • Practice healthy sleep hygiene.
  • Go outside. Spend time in nature. Go for a walk after dinner.
  • Do it with your kids, friends, and family. Make a pact.
  • Track your progress. Make a chart, set goals. Use a pen and paper.
  • Keep a Journal. Note how do you feel. How does this change over time? What do you notice about your thoughts, feelings, moods, and interactions with others? Does it feel liberating? Empowering? Are you getting more done?
  • Build/Create something. Re-engage in an old hobby.
  • Plant a garden.
  • Read an actual book.
  • Go Analog. Start using pen and paper again for things like “to do” or grocery lists.
  • Incorporate into a dietary cleanse, fast, or other practice of food as medicine.
  • Stop taking pictures of everything and enjoy the moment for what it is.

6-ways-to-improve-your-health-by-reducing-your-screen-time

Join the movement. Take Part in the National Day of Unplugging 2019. The second Friday in March is National Day of Unplugging. This holiday consists of a 24-hour period from sundown to sundown, to unplug, unwind, relax and do things other than using today’s technology, electronics, and social media.

image (2)

 

The History of the Day of Unplugging:

The National Day of Unplugging was created by Reboot, a nonprofit Jewish community that was originally established in 2003. However, you do not need to be Jewish, or even religious at all to participate. The idea behind the day was to challenge people to keep their electronic devices unplugged and unused for 24 hours in order to give themselves the chance to take a break and spend time relaxing with family, friends, or alone. This is definitely something that would be useful to everyone, regardless of religion or lack of it.

Reboot believes that such time taken to “reboot” or systems will make us happier, more content with our lives, and more aware of the things that matter.

Credits: nickwignallsloww.co,faceyourfobodaysoftheyeardigitalminimalism,nationaldayofunpluggingfullformsblog.trellohealthyhildegardperthnow@marny_lishmanCal Newport 

Cloud Computing

Until the late 19th century, people produced their own power. They connected their horse, windmill or water wheel to run their own machines. However, in the late 19th century, power plants were invented to produce large amounts of power in a single unit and transmit to every home. Now, you no longer need to run your own power generator. You could just flick a switch.

Cloud computing is doing to computing what power plants did to power production 150 years ago.

Previously, companies and consumers just bought their own computers and maintained it. You will use your PC to store all your songs, videos, files etc. In the same way, your company will maintain its own servers for storing all the company’s documents.

This process is inefficient as maintaining computers is expensive. You need to do all the hard work like periodically buy new computers, update the OS, secure the system and backup the data periodically. Just like a power plant takes care of all the machines to just help your final output – electric power – a cloud computing company takes care of all physical servers so that in the end you just need your information.

The revolution in electric power production changed the world. In the same way, this is a game changer in computing.

Cloud computing is the delivery of on-demand computing services over the internet on a pay-as-you-go pricing model.

Image-1

TYPES OF CLOUD COMPUTING:

Cloud computing is usually described in two categories. They are,

  1. DEPLOYMENT MODEL
  2. SERVICE MODEL

Image-2

DEPLOYMENT MODEL:

  • In public cloud, the services are stored off-site and accessed over the internet
  • It can be used by public
  • All hardware, software and other supporting infrastructure is owned and managed by the cloud provider

Example: Amazon Web Service and Microsoft Azure

Image-3

  • In private cloud, the cloud infrastructure is used exclusively by a single organization
  • The organization may run its private cloud or outsource it to a hosting company
  • The services and infrastructure are maintained on a private network

Example: AWS, VMware

Hybrid cloud – a combination of public and private cloud – to meet their IT needs. For example, you may use private cloud capacities to run business-critical applications that require non-disruptive performance or store classified data, while using public cloud resources to meet computing needs during workload peaks or subscribe to project management or CRM software on SaaS basis.

SERVICE MODEL:

Explanation in completely non-technical and in simple terms.

Suppose you want to eat a pizza. So, you’ll have the following options

  • Go to the market and buy all the ingredients (dough, spices, cheese, etc.). Take it home and make it raw and put in the oven and that’s it. Enjoy your pizza. In terms of Cloud Computing, this process is termed as On-Premises where you do everything on your own.
  • OR……You can go to the market and buy a raw prepared pizza. You take it home, bake it and enjoy it. In terms of Cloud Computing, this process is termed as Infrastructure As A Service (IaaS) where you leverage the services of someone else to make your work a bit easier
  • OR…. You can go to the market and buy a baked prepared hot pizza. Take it to your place and enjoy it with a drink. In terms of Cloud Computing, this process is termed as Platform As A Service (PaaS) where you leverage the services of someone else (like Dominoes) more than that in case of IaaS to further reduce your workload.
  • OR…. The final choice is…You can go to a restaurant. Use their own dining. Order a pizza with a drink and enjoy it. In terms of Cloud Computing, this process is termed as Software As A Service (SaaS) where you do nothing on your own and ask someone else to do everything (E.g. Dropbox, Google Drive, etc.).

These Four Pillars (On-Premises, IaaS, PaaS, SaaS) combine and form what is referred to as Cloud Computing service model.

Image-4

BENEFITS OF CLOUD COMPUTING:

  • Storage and Scalability
  • Backup and Disaster Recovery
  • Mobility/ Work from anywhere
  • Cost Efficiency/ Capital-expenditure Free
  • Enable IT Innovation
  • Flexibility
  • Disaster recovery
  • Automatic software updates
  • Increased collaboration
  • Document control
  • Security
  • Competitiveness
  • Environmentally friendly

Source:   QuoraAnirudh SharmaNishant HimatsinghaniJanhvi Parikh, Balaji Viswanathan

Incognito mode

What is incognito mode?

Incognito mode — also known as private mode — is a browser mode that gives a user a measure of privacy among other users of the same device or account. In the incognito mode, a browser doesn’t store your Web surfing history, cookies, download history, or login credentials.

Incognito mode

What does “doesn’t store” mean?

Well, as you know, browsers normally remember everything you do online: what you searched for, what pages you visited, what videos you watched, what you shopped for on Amazon, and so on. But in incognito mode, browsers don’t save any of that information.

 

When should you use incognito mode?

The simple answer is, you should use incognito mode when you want to keep your Internet activity secret from other people who use the same computer or device. Say, for example, you want to buy a gift for your spouse. You use your home PC to search for the best deals. You close the browser and turn off the PC when you’re done.

When your spouse uses the computer, say to check e-mail or Facebook, they are likely to see what you searched for, even without looking for it — either in browser history or in targeted ads. If you use incognito mode for your shopping, however, the browser will forget that history and not inadvertently spoil the surprise.

What else does incognito mode conveniently forget?

Login credentials and other form info. In the incognito mode, a browser won’t save login name or password. That means you can log in to Facebook on someone else’s computer, and when you close the browser or even the tab, you’ll be logged out, and the credentials will not autofill when you or someone else returns to the site. So, there’s no chance another person will go to facebook.com and inadvertently (or purposely) post from your account. Also, even if that person’s regular browser is set to save the data entered in forms (such as name, address, phone number), an incognito window won’t save that information.

Download history. If you download something while incognito, it won’t appear in the browser’s download history. However, the downloaded files will be available for everyone who uses the PC, unless you delete them. So, be careful with your My Little Pony films.

Are there other reasons to use incognito mode?

Incognito browsing is mostly about, well, going incognito. That said, here are a few more considerations.

Multiple accounts. You can log in to multiple accounts on a Web service simultaneously by using multiple incognito tabs.

No add-ons. This mode also blocks add-ons by default, which comes in handy in some situations. For example, you want to read the news but the page says “Disable your ad blocker to see this story.” Simply open the link in incognito mode.

How do you activate incognito mode?

In Google Chrome: You can use a keyboard shortcut or click. Press Ctrl + Shift + N in Windows or ⌘ + Shift + N in macOS. Or click the three-dot button in the upper right corner of the browser window and then choose New Incognito window. Click here for more info.

In Mozilla Firefox: Open the menu (three horizontal bars) in the upper right corner and click New Private Window. For more info visit this page.

In Microsoft Edge: Open the menu by clicking the three dots in the upper right corner and chose New InPrivate window. You’ll find more on that here.

In Chrome or Firefox, you can also right-click on a link and choose to open the link in a new incognito or private window.

To close this mode, simply close the tab or window. That’s it!

What Incognito mode isn’t suitable for?

It is always fine to use incognito browsing. But you need to understand what it can’t do. The first, very important thing to keep in mind is that incognito mode doesn’t make your browsing anonymous. It erases local traces, but your IP address and other information remain trackable.

Among those able to see your online activities:

  • Your service provider,
  • Your boss (if you are using a work computer),
  • Websites you visit.

If there is any spying software on your computer (a keylogger, for example) it also can see what you are doing. So, don’t do anything stupid or illegal.

Second, and just as important, incognito mode doesn’t protect you from people who want to steal the data you send to and receive from the Internet. For example, using incognito mode for online banking, shopping, and so on is no safer than using normal mode in your browser. If you do any of those things on a shared or public network,  use a VPN.

Source: Kaspersky Blog

What is the Greatest Cybersecurity Threat: Insiders or Outsiders?

In a short two years, it is safe to say that the prospect of cybercrime has suddenly shifted to be a top concern for many decision makers around the world.

It started with the explosive hacks that rocked companies like Sony, JP Morgan, Target, and other well-known brands. More recently, it was the release of thousands of hacked emails from the DNC and John Podesta, along with the allegations of Russian hacking, that has led the news cycle.

As a result, it is not surprising that much of today’s narrative on cybercrime is centered around the devastating potential of external threats to countries or businesses. The reality is, however, that there is a whole other side of things to consider.

Infographic from Digital Guardian explains the differences, methods, and typical costs associated with each kind of cybersecurity threat.

 

cybersecurity-threats-infographic
Insiders vs. Outsiders: What’s the Greater Cybersecurity Threat? 

Source: digitalguardianvisualcapitalist

 

INTERNET of EVIL THINGS (IoET)

Traditionally, InfoSec Teams had a difficult, but straightforward, job: they need to understand their assets, know what they were connecting to, and separate them from the outside world. That standard has changed, many devices introduced into the workplace by employees, visitors, partners, and other outsiders. Any device that can connect to a network, whether it is or isn’t built to be malicious, can cause disaster to both the data and networks IT Security is responsible for protecting.

So, what exactly is The Internet of Evil Things? First, we need to define evil, by which we mean malicious or harmful… purposefully or not. For the purposes of this report, we are defining a “connected device” as any device that can connect to a network or other devices via a wired or wireless signal.

IT security professionals (rightfully) expect that connected devices will be a major security headache in 2017 – but still struggle to get a grasp on how to account for, track and monitor those devices, a report from Pwnie Express found.

IOET11

IOT—LIFE AFTER MIRAI

On October 21st, 2016, a massive Distributed Denial of Service (DDOS) attack took down large portions of the Internet across the United States. It quickly became clear that the only way an attack that large could have happened was with an unprecedented number of computers. In this case, connected devices like webcams were being used as unwitting accomplices in the biggest DDoS attack in history. How were they being “recruited”? A clever malware that took advantage of unprotected, web-connected devices with weak or non-existent passwords. Like other botnets, anybody’s devices could be a part of the zombie mob.

dyn-ddos-attack-diagram_02Historically, over 60% of IoT devices are consumer devices; which is troubling considering that consumers are the group least likely to consider or improve the default security of their device. An ESET and National Cyber Security Alliance study of 15,527 consumers revealed that 43% of end users had not changed the default passwords on their home routers. Consumer IoT devices include any internet enabled device, such as webcams, printers, routers, mobile devices, etc. There is currently a quarter of a billion CCTV cameras worldwide. In many countries, including the United States, most home users who purchase television or internet access are provided with a company specific DVR or router. These IoT devices often rely on generic or default administration credentials that most end users neglect to change. Other devices have hardcoded vendor default credentials that end users cannot change.

Default credentials pose little threat when a device is not accessible from the Internet. However, when combined with other defaults, such as web interfaces or remote login services like Telnet or SSH, default credentials may pose a great risk to a device.” “In this case, default credentials can be used to “Telnet” to vulnerable devices, turning them into “bots” in a botnet.”

Attackers hacked IoT devices via SSH or Telnet account exploiting known vulnerabilities or using default passwords that were not changed by the owner of the targeted systems.

IoET

We can find out the flawed IoT devices by using Shodan search Engine 
on the internet      https://www.shodan.io/
What Is being Done To Secure The IoT?

The IoT security issue has also given rise to new alliances. A conglomeration of leading tech firms, including Vodafone, founded the Internet of Things Security Foundation, a non-profit body that will be responsible for vetting Internet-connected devices for vulnerabilities and flaws and will offer security assistance to tech providers, system adopters, and end users. IoTSF hopes to raise awareness through cross-company collaboration and encourage manufacturers to consider the security of connected devices at the hardware level.

Online Trust Alliance recommendations:
  1. Developers and manufacturers:
  • Proactively communicate to customers any security and safety advisories and recommendations.
  • Products which can no longer be patched and have known vulnerabilities should either have their connectivity disabled, the product recalled and/or the consumers notified of the risk to their personal safety, privacy and security of their data.
  • Provide disclosures, including on product packaging, stating the term of product/support beyond the product warranty
  • Update websites to provide disclosures and security advisories in clear, everyday language.
  1. Retailers / Resellers / eCommerce Sites:
  • Voluntarily withdraw from sale products being offered without unique passwords or without a vendor’s commitment to patching over their expected life
  • Apply supplementary labels or shelf-talkers advising buyers of products with exemplary security data protection and privacy policies.
  • Notify past customers of recalls, security recommendations and of potential security issues.
  1. Consumers and users have a shared responsibility. Users need to:
  • Maintain devices and stay up to date on patches.
  • Update contact information including email address for all devices.
  • Regularly review device settings and replace insecure and orphaned devices
  1. ISPs should consider the ability to place users in a “walled garden” when detecting malicious traffic patterns coming from their homes or offices. In concept, this would allow basic services such as 911 access and medical alerts, while limiting other access. Such notifications can advise consumers of the harm being incurred, and the need to make changes, replace devices or seek third party support.
  2. Government:
  • Fund outreach and education, working with trade organizations, ISPs, local grassroots organizations, media, State Agencies, and others to raise awareness of the threats and responsibilities. Focus on teachable moments such as at the time of purchase, inclusion in billing statements and emails to installed base of users and notices to ISP customers.
  • Prioritize “whole-of-government” approach to the development, implementation, and adoption of efforts and initiatives, with a global perspective. Coordinated efforts will help to ensure the industry can innovate and flourish while enhancing the safety, security, and privacy of consumers, enterprises, and the nation’s critical infrastructure.

Source: pwnieexpress,  Online Trust Alliancejoy of tech,  techcrunch,   Trend MicroProduct Hunt