Cloud Security Architectures for the Industry

Few people doubt the benefits that cloud-based applications can bring to the industry in the coming years. Intelligent and distributed production systems will be a key piece of innovation in this sector. The flexibility, ubiquity of access and the large computing capacity of cloud-based systems will enable integrated management, not only of factories with each other but of the entire value chain from suppliers to the consumer.

However, for this promising paradigm to become a reality, there are several challenges that control systems have to face:

Availability and latency: Some of the industrial applications, such as reading measurements in real time through architectures such as defined in IEC_61499 or real-time process management systems, to use distributed cloud services must minimize the time of latency and therefore there must be some node in the vicinity of the control point. Keep in mind that certain security measures such as data encryption harm latency.

Integrity and security of data in transit and at rest: in SCADA systems in the cloud, which sometimes control critical infrastructure, the integrity of the data collected by the control network is crucial. Likewise, the security of the data must also be under control, for which it is advisable to implement from the beginning a “need-to-know” policy limiting the access to information to the personnel necessary for the realization of process.

Confidence and compliance with data protection regulations: When choosing the cloud provider we must evaluate the reliability and trust it gives us. There are numerous research projects in the line of systematizing the request for security and privacy guarantees to cloud providers, not only in contracts or SLA (Service Level Agreements) (eg some research projects funded by Europe, the CCM (Cloud Control Matrix) and the PLA (Privacy Level Agreement) of the Cloud Security Alliance), but also in the transparency protocols of the security methods they employ (eg the Cloud Trust Protocol CTP) Security Alliance).

Architectural options to apply to cloud deployment in a secure environment

Basically, SCADA systems can take advantage of cloud services in two different ways:

The security peculiarities for this architecture are the following:

  1. The SCADA application runs on a local server / s and connects directly with the centralized control network on the one hand and with the cloud on the other, for storage and distribution (visualization) of the control data.
  • The control and performance of the SCADA system is within the organization. The information that is sent outside is treated through the cloud through SCADA SaaS applications for data visualization, but not control or action.
  • In this type of architecture the cloud is usually public. The industry must request transparency from the cloud providers, for example through the CTP protocol, for this it must be considered that the provider can offer the following information:
    • Initiation: identification and login of the evidence request service, transparently and between peers.
    • Request for evidence: configuration, vulnerability analysis (hypervisor, recipient’s OS, virtual switches and virtual firewalls), status (geographical location and identification of units separated from the platform), audit, service management (indicator of changes in records of the services themselves) and provision of service statistics
    • Provider assertions: list of capabilities offered by the cloud provider, both functionality (for example flexibility, configurations, etc.) and security (security and privacy practices and controls, audit reports, certificates, etc.)
    • Supplier notification: alerts about confidentiality, integrity and availability events.
    • Introduction to security policies: provision of policies for identification, authentication and authorization (AAA), configuration, location and alerts mechanisms.
    • Extensions: any element, even security, that the client wants to extend to the cloud provider.
  • User access to the application should only be read. The application (SaaS) should not perform any type of action to restrict the risk to the maximum (there is no command or action from outside to inside, analogous to the idea of ​​a data diode).

The SCADA application runs in the cloud and connects remotely to the distributed control network. An example of this second option is the so-called SCADA as a Service, mentioned in the article My SCADA in the clouds.

The security peculiarities for this architecture are the following:

  • In this case, remote control from the cloud is allowed. Security must be complete throughout the tour (end-to-end security). Security does not have to be cracked, from the use of industrial protocols that support authentication and encryption such as Secure DNP3, to secure processing and storage in the cloud.
  • The latency generated by the incorporation of security mechanisms must be considered, since both critical and non-critical data frames are transmitted in communications.
  • In order for a control from the cloud to the organization’s devices to exist, it is necessary to open the firewall ports that give access to the internal network. The opening must be justified, monitored and restricted to those authorized users and strictly necessary cases.

The fact that there is data traffic and control commands makes them more attractive communications to be attacked and may suffer “man in the middle” attacks (Man In The Middle), or even packet modifications along the way. This can cause the values ​​that an operator enters in the cloud when they arrive at the device have a totally different value and could jeopardize the operation. In order to prevent such attacks, the encryption of the information is necessary.

In both cases, the cloud services provision model can be public, private or hybrid. And it is the second scenario that is expected to be massively adopted in the near future.

Whether the SCADA application is running locally (option 1) or in the cloud (option 2), when it comes to protecting security at the infrastructure layer, access to virtual resources must be controlled. There are several options to do this:

  • Access through VPN (Virtual Private Network) or protect the internal network with an instance that acts as a front and add load balancers and a NAT (Network Address Translation) server.
  • Configure the rules and security groups so that only explicit access is granted to the minimum ports required on virtual servers.
  • Protect SSH access by using key pairs and modify the default SSH access port in the machine’s SSH configuration.

The fact of having all the data and the control in a single centralized point makes the use of the cloud very attractive, especially the second architecture shown. However, the latency of the data that needs to be read in real time and its security must be assessed. Before contracting with a cloud provider, it must be verified that it contemplates the security measures outlined in the article: authentication, encryption, secure protocols, etc. In addition, the infrastructure must have the appropriate characteristics so that it can use the cloud as in the case of Secure DNP3.

For all the comments, it is necessary to make an assessment of the infrastructure and services offered by the provider before migrating to the cloud.

Mobile Devices: A Risk of Security in Corporate Networks

Through this article, three important aspects regarding the security in the use of mobile devices within corporate networks will be addressed, which have to do with the establishment of business policies, security mechanisms to be implemented and recommendations for their use. As mentioned by Murgante, Gervasi, Iglesias, Taniar and Apduhan (2011), many companies are adopting the use of smartphones for the implementation of a smart work environment or smart office. Through their article, they show that the implementation of VPN between the company and the mobile client represents an effective security technology for network protection between corporate information systems and smartphones.

On the other hand, reports submitted by companies such as CISCO, Juniper and Symantec on the use and security of mobile devices, also coincide in the growth in this area since 2011, the trend responds to the need to access company information being out of it.

As Carey Nachenberg, Vice President of Symantec Corporation points out, users often synchronize their devices to public cloud services, being out of the control of network administrators; It is therefore important that companies define security policies and control strategies for the use of such devices in the corporate network.

BUSINESS STRATEGIES AND POLICIES

Protection of mobile devices in business networks Today, the use of smartphones and tablets both on a personal and business level has become a growing practice due to the multiple functionalities provided by these devices as well as the applications that can be installed in the same. I refer to its use in the environment of companies, which have adopted their incorporation as a labor practice so that staff can access information systems, databases, email, telephone and other corporate resources both from the interior as from the outside of the company. What is sought is to obtain greater productivity.

It is important that before implementing and providing greater mobility through such devices, use policies and strategies are designed and implemented that safeguard the integrity of the company’s information as well as the security of all the technological resources it has.

According to Saro and Fernández (2013), the strategy and security policies for the use of mobile devices must be defined by a commission composed of personnel from the areas of ICT, human resources, legal and management, with the aim of planning, design, implement and make them known to the company’s staff. All aspects that may represent a security risk for corporate information must be taken into account and, on the other hand, must be within the framework of the organization’s ISMS.

When defining a security strategy and policies for mobile teams aligned to the information security management system, the company will have procedures in accordance with the institutional objectives, in addition to defining and implementing security controls based on a risk analysis. In the blog Business Under Control, specifically in the article entitled Management of the Security of Corporate Information on Mobile Devices (2013), the author presents a table suggesting possible risk factors and control strategies to implement each of them so that the security of corporate information is not threatened by the use of mobile devices.

Establishing adequate security policies and strategies is not an easy task, but it is necessary and indispensable for companies that adopt the use of these technologies because each mobile device must be considered as an asset that represents a security risk in corporate networks.

SECURITY MECHANISMS FOR THE USE OF MOBILE DEVICES

Technology companies such as Symantec, Cisco, Juniper, Enterasys and Citrix, to name a few, are aware of the imminent concern on the part of companies and IT department personnel to protect the integrity of corporate data. When considering the risks of using mobile devices, they currently offer solutions to implement various security mechanisms.

Going deeper into these strategies, companies can adopt several of them in order to protect their resources. Among the main mechanisms are:

MDM (Mobile Device Management). Mechanism oriented to the management and centralized control of corporate or personal mobile devices. It allows you to have all the information regarding the device, monitor it, configure policies, applications and have a history of each device, among other features.

MDP (Mobile Device Protection). Mechanism used for the protection of the mobile device itself through the installation of a VPN / SSL client, an antivirus, the use of encryption and robust authentication methods.

NAC (Network Access Control). Mechanism to control access to the corporate network of each mobile device. It allows, among other things, to determine if the equipment is personal or of the company, to apply security policies for sensitive operations carried out through the device and to repair devices through the installation and updating of applications through VLAN and considering the authentication profile of it.

MAM (Mobile Application Management). Manages applications from black and white lists, provides virtual environments, applies P2P policies, among other features.

MDS (Mobile Data Security). Mechanism responsible for data security, protection of the device’s Wi-Fi, Bluetooth and mini USB ports, as well as the installation of a DLP client (to control and prevent data loss) and the use of MRI (to administer information rights).

An important point for the implementation of these security mechanisms is that they can be implemented using the public cloud services offered by different solution manufacturers, or use a private cloud. This decision will depend on the specific needs and resources of each company.

RECOMMENDATIONS

Staff awareness is an important aspect of security so that the corporate network is not vulnerable by the use of mobile, personal or corporate devices, contributes to the adoption of security policies and strategies established for access to data and resources of the company.

In the event that personnel will use their own devices, they should be aware of aspects such as the use of complex passwords for blocking / unlocking their equipment, using firewalls, making backups, using antivirus software for data analysis and applications, configure options for blocking and / or deleting data from the device in case of loss or theft, among many other good practices that currently exist for the safe use of devices in business networks.

8 reasons to use a VPN

VPNs may sound intimidating, but these are the reasons why you should consider using a VPN.
Many people (including us) will tell you that you need a VPN (virtual private network) to guarantee your privacy and security when browsing the web. A VPN like Avast SecureLine creates an encrypted connection between a VPN server and you, which prevents others from seeing what you do online and from where you do it.


That’s fine, but, from a practical point of view, what does it mean? What are the benefits of using a good and reliable VPN? Here are 8 reasons why you should use a VPN:
1. Access your favorite videos wherever you are
Thinking about taking a trip outside your country? You may be surprised to discover that some of the content offered through your favorite subscription-based video services is not available in other countries. A VPN allows you to connect to a server located in your country while traveling abroad, so your streaming service believes you are still in your country and allows you to watch your favorite shows.
2. Enjoy a secure Internet connection in coffee shops and other public places.
Who hasn’t spent a few minutes (or hours) online at their favorite coffee shop? We all do it, but public Wi-Fi zones are just that: public. You are sharing that connection with many people. Without a secure VPN, all the information you send and receive (yes, including passwords and other personal data) is vulnerable to cybercriminals. And, yes, this includes if you are on a PC or on your smartphone.
3. Get a higher level of security for online banking.
Probably the privacy of your bank account information is very important to you. We all like the convenience of online banking, but it will not be as convenient if your identity is stolen because your Internet connection was not entirely secure. A VPN provides an additional layer of security to give you additional peace of mind.


4. Make secure online purchases from another country.
Online shopping is a beautiful thing. In the USA UU. And abroad, when you see that “https” or that padlock in your browser, you can be reasonably sure that there are security protocols to keep your personal data and credit card information encrypted … but stay tuned. Not all sites have HTTPS. Do not take risks and avoid online sites without HTTPS.
5. Relieve your fears about using the airport wifi.
It is very useful for most airports to provide free public Wi-Fi hotspots so that we all have something to do while we wait for our flights. Unfortunately, with so many strangers in one place, it also makes the airport a “hot zone” for identity theft. If you must work or play online at the airport, then you should also have a VPN.
6. Unlock social networks when you are in other countries.
Social networks like Facebook and Instagram are some of the most censored sites in the world. Whether you are a university student who spends a semester abroad or a business traveler who makes frequent trips abroad, a VPN can guarantee that you are up to date with the latest on your home.
7. Stay anonymous when buying airline tickets, hotels and car rentals.
While shopping to find the best deal on air tickets, a hotel room or a car rental, those websites are actually following your activity. The next time you return, the rental price of that vehicle may have increased. Use a VPN and a browser with a high privacy setting (for example, anti-tracking) and you will browse privately online and compare your purchases.
8. You can create a fake LAN to play games.
Remember that PC game that you and your friend loved to play together, you know, before the developer stopped supporting him and turned off the online servers. Well, with a VPN, you can trick your PCs into thinking that you are on the same network and that you play LAN games over the Internet. This also works with older game consoles that are no longer compatible with online services, but that can play over LAN, such as the PS2 and the original Xbox.


So, while we present these healthy reasons to use a “Virtual Private Network”, let’s be honest, all you really need is one. And that main reason is this: a VPN is one of the best tools to protect your identity and your data in the digital world. Take the reins of your own safety (and good sense!) And grant yourself the security you deserve.

What is Cloud Computing and What are its Scopes?

Cloud computing is the provision of technological services such as: servers, comprehensive analysis, network administration, databases, storage of information and software through internet systems. Cloud providers charge according to the nature of the business and the particularity of the package.

To realize an excellent relationship with a partner or a supplier, you will need advice that will lead you to a correct decision; We will talk about this later, however, first know the scope of cloud computing, its schemes and classification by services.

What are the scopes of cloud computing? 

Although it is easy for some users to understand technology issues, other consumers need more information and support. You are probably still not clear about the concept of cloud computing, for this reason, we will explain it with basic examples.

Personal and professional daily life is packed with tools and technological products designed to create a better experience in the execution of tasks and entertainment activities; most work online, clear mentions are: Television (Netflix), email (Outlook), storage (OneDrive, Google Drive), document editing (Google Documents), online music (Spotify), image files (iCloud ), among other. The mentioned applications work thanks to systems backed by cloud computing.

Among the main features of cloud computing are:

  • Application Development and other services.
  • Data analysis and create models or patterns of predictions in business.
  • Software development and administration.
  • Storage, backup and data recovery.
  • Share videos, photos and audios.
  • Website hosting services.

Advantages of cloud computing:

  1. Support and trust

Cloud computing allows backups of stored data, while disaster recovery, while the objectives of organizations and businesses continue to be executed. One of the main functions is to host the information in the correct places to avoid redundancies of the information or use of unnecessary spaces.

  1. Reduction of technology expenses

Cloud computing reduces the costs in the acquisition of software and hardware, also optimizes the resources invested in the maintenance of data centers, servers and electrical systems. IT department managers will quickly experience the results.

  1. Performance

The largest and best-ranging cloud computing services run on global networks of secure data centers, which are constantly updated with efficient and fast hardware. This is an important guarantee for the IT administration of companies and institutions.

  1. Productivity

Cloud computing is a very important support for the IT department to direct it to tasks of greater relevance and performance. Through cloud computing technology, the maintenance resources of a local data center (hardware configuration, security patches, among other tasks) are drastically reduced.

  1. Speed

Most cloud computing providers are made up of self-service features to provide various computing resources, which allows companies flexibility and reduction in technology planning.

3 types of cloud implementation:

Public cloud

The public cloud is created, executed and operated by direct providers of this service, they deliver computer resources from servers and storage on the internet. The public cloud fully supplies the support hardware, software and infrastructure; The provider usually provides an account through a web browser.

Private cloud

Private cloud services and their computing resources are for the sole use of a single company or organization. This can be physically located in the data center of the company or in the data center of a product supplier. Specifically, the private cloud is one in which services and infrastructure are maintained in a private network.

Hybrid cloud

The hybrid cloud is a combination between public cloud and private cloud, this system is linked by a technology that allows data and applications to be shared with each other. A flow of data and information through the private and public cloud is an opportunity for improvement in the ways of implementation of the company or organization.

What are the 3 types of cloud computing service?

Before selecting a type of cloud service, you need to know what the following 3 classifications consist of:

Infrastructure as a Service (IaaS): It is an infrastructure of instantaneous computing and managed through the internet. One of its main features is to avoid additional costs and the complexity of managing servers or data centers, you only need to acquire the features that you only need to use. The service provider manages the infrastructure, while the company installs, configures and manages its own software, operating system and applications.

Advantages of IaaS:

Improvements in disaster recovery and business continuity: IaaS provides high availability, continuity and disaster recovery at no additional cost while you can access your data.

Stability and reliability: with IaaS, it is not necessary to maintain, update software or hardware, or solve problems within the equipment, as the service provider is in charge of the infrastructure.

Adaptation to business conditions: Agile and rapid availability of resources to adapt to increases in demand in applications. Once the situation returns to normal, the resources are reduced so as not to invest additional resources.

Platform as a Service (PaaS): The platform as a service (PaaS) is a cloud development environment, from simple cloud-based applications to complex cloud-enabled enterprise applications. A provider of this service provides you with resources through secure access through English. The Platform as a Service is the solution indicated to guarantee the life cycle of web applications: design, testing, implementation, administration and updating. PaaS also includes development tools, database administration, business intelligence services and analysis.

PaaS advantages:

Reduction in coding time: PaaS development tools reduce the time spent coding new applications with pre-encoded application components.

Modern technological tools: The PaaS service model allows access to organizations and companies of analytical tools and business intelligence.

Development for multiple platforms: Opportunities to develop on various platforms such as computers, mobiles and browsers that allow faster and easier creation of applications.

Software as a Service (SaaS): Software as a service allows the connection and use of cloud-based applications over the internet. Common situations are email services and collaboration tools such as Microsoft Office 365. SaaS offers users an application to connect to them through the internet; The entire software infrastructure and stored data are located in the data center of the provider company, the same is responsible for managing the maintenance of the software and hardware.

 SaaS advantages:

Premium access to applications: SaaS provides users with applications and systems of great relevance for the competitiveness of their data, resources or strategies, such as ERP and Investment is very accessible while you should not worry about infrastructure updates and maintenance.

Free access to cloud solutions: You can run most SaaS applications from the web without downloading or installing special or additional.

Access to data from anywhere: With the information stored in the cloud, users can access it from any device, whether mobile or desktop. One of the great advantages is that the information is not lost in case of damage to the computer or cell phone.

Although defining a scenario in the cloud is a task that requires the integral participation of the IT and administrative team, it is important to analyze the amount of internal information, the uses applied, before identifying opportunities for improvement. In the next post we will discuss the tips for selecting an appropriate cloud service provider.

10 Applications You Need to Protect Your Privacy

Everything you transmit on the Internet can be intercepted, heard, stolen. The emails you send, the files you share, the photos you hang.

By who? It is not known. No matter. It can be both a government and a hacker, an anonymous who travels through your network as a nosy neighbor. It is easy. And it is cheap.

But you are not helpless. There are tools that, well used, improve the privacy of your data without you having to give up the convenience of the Internet.

I’m going to tell you what you need to add to your computing life to increase the security of your data. Follow me and take notes.

1. A secure connection

No connection ensures total privacy and anonymity, but you can get quite close to it if you use a combination of anonymizers and encrypted tunnels.

The Tor utility, available for many operating systems, routes your traffic through a series of nodes, making navigation anonymous. Thanks to its installable package, it is very easy to use and configure.

But Tor does not make the traffic listen-proof. For that, you have to encrypt your connection, make it go through a tunnel. It’s what the so-called VPN do. The most famous are HotSpot Shield and UltraSurf.

Tor can be used in conjunction with a VPN: in exchange for the loss of speed involved in activating both systems, you gain anonymity and privacy. And you can also open banned websites in your country.

2. A secure browser

The browser is perhaps the program where you spend more time. You must be safe and have a wide selection of security plugins. Above all, it must be an open source browser.

My favorite is Tor Browser, a Mozilla Firefox based browser that is preconfigured to use the Tor anonymization service. But you can also use SRWare Iron, a secure version of Chrome that doesn’t send data to Google. The portable versions add a further security layer.

To make your browser more secure, you should install extensions such as Ghostery or DoNotTrack – they deactivate sneaks. Remember that most of these add-ons help anonymize you, but they don’t encrypt your traffic. For that you need to use encryption, as you will see later.

3. A secure search engine

Navigation almost always begins with a search. And searches say a lot about you. To increase privacy, you need secure search engines.

Since the PRISM scandal erupted, the independent search engine DuckDuckGo has been considered as one of the best alternatives to Google: its results have a similar quality, but DDG does not store your searches, which prevents you from associating with them.

If you want to continue using Google, a safe option is Googlesharing, an extension for the browser that passes all your search requests through an anonymous server, which prevents Google from associating you with the searches you perform.

4. Safer email

An email account contains a huge amount of personal information. And your shipment can say a lot – too much – about us. You have to protect it.

SecureGmail is an open source extension that adds encryption to your communications with Gmail (if you use this service). To go one step further, you must use PGP or GPG, which is currently the most widespread and secure communications encryption system. For convenience, use extensions such as MailEnvelope and SafeGmail.

Do you want even more security? Create an account in HushMail or CounterMail, which are secure mail services with integrated encryption. The alternative is to use temporary, “use and throw away” email accounts, such as Mailinator and Guerrilla Mail.

5. A secure message app

Can’t you leave the WhatsApp? Well, know that it is not a very secure app: until recently its traffic was not encrypted and the app saves messages on your mobile.

If the idea of ​​using an unsafe application bothers you, don’t despair: there are alternatives. For mobile phones, the two most interesting are Wickr (iOS) and Gryphn (Android), which allow you to encrypt your messages with a very powerful algorithm. And soon Heiml.is will arrive, an app that promises to revolutionize the messaging landscape.

On your PC, I advise you to use Cryptocat, an extension for Firefox that allows you to chat with strong encryption. It is available in 32 languages ​​and there are already many journalists who use it for their confidential communications. Used together with Tor, Cryptocat provides encryption and anonymity for your talks.

6. Secure file hosting

At some point you will have to share large files. If we talk about sensitive information, uploading them to certain services can be risky, especially if your servers are in countries with laws that guarantee poor privacy.

A system like BitTorrent Sync, whose use we explain here, uses an ingenious system of 256-bit secret keys and encryption so that file and folder sharing is easy and secure at the same time.

7. A place to upload text and images

You may need to paste text or share photos publicly and anonymously. CryptoBin, which encrypts the text with a key. For images, services such as PostImage or Imgur allow you to upload files anonymously. Obviously, it is up to you that the private links you generate when uploading the image do not spread where it does not touch.

8. An application to clean metadata

All the documents you have produced contain metadata, information that may violate your privacy and expose your identity to the public.

Cleaning them is not difficult. Utilities like Doc Scrubber or MetaStripper help in the task. In general, never share a file or a photo on the network without first deleting its metadata.

However safe the communication channel is, GPS coordinates in a photo or your name in a DOC can spoil your attempts to go unnoticed.

As I explained in the article “How to be a computer detective”, there are tools capable of compiling the metadata of many documents in a matter of seconds. With such utilities out there, you are interested in taking maximum care of the cleaning of the documents you share.

9. Clean social profiles (or invented)

In the 10 commandments to take care of your online reputation, we present guidelines for not saying too much about yourself. One of them was to clean your traces in the networks.

The Simplewash application helps you erase your past activity on social networks. Another, Safe Sheperd, makes a detailed diagnosis of your online presence, which you can also investigate using the methods illustrated by Ivan and I in the article How to search for people on the Internet.

Another solution is to keep your official profiles on the one hand … and create alternative profiles on the other. Invented identities, which you use to mislead or to participate in the public life of the Internet. Many people opt for this method when it becomes visible on the network. But be careful: it must be a credible identity.

10. A secure hard drive on your PC and in the Cloud

No matter how much cloud storage you use, in the end the place where more personal information is stored is your computer’s hard drive.

To keep data from prying eyes safe, such as a thief who stole your laptop or an intruder who wants to touch your data, it is best to encrypt your hard drive or part of it. PGP can do it, but an equally powerful free solution is TrueCrypt, which encrypts virtual disks on the spot.

How to Protect Your Android

Securing your Android phone or tablet is more complicated than adding a lock PIN (although we certainly have something that everyone does). Next, we analyze some steps you can take to certify that security.

1. Avoid unreliable public Wi-Fi networks

Smartphones and tablets are mobile devices, which means we use them anywhere. Given this situation, it is important not to fall into the trap of connections to any unsecured wireless network. Whoever that ‘free’ Internet connection is available, may be getting much more than a change is intended.

Open hotspots are incredibly useful when you are away from home and need to connect, but they are not always safe. The Wandera security company examined 100,000 corporate mobile phones and discovered that 24% used open and insecure Wi-Fi networks. We also discovered that 4% of these devices came into contact with a man attack in the middle in November 2017.

The security company advises that you should use an open Wi-Fi network, do not pay any bills or make any identification, use a VPN if possible, install a security application that can detect unsafe websites and unsafe access areas, and disable automatic connection to open Wi-Fi networks.

2. Set a screen lock

Setting up a screen lock is the easiest way to protect Android when your phone or tablet falls into the wrong hands. These days you can configure a PIN lock, pattern lock, password lock and, if your device supports it, a fingerprint lock or eye scanner. It is so simple that you have no excuse. Go to Settings> Security> Screen lock to get started.

3. Block applications

You can add an additional layer of protection to your applications by blocking those that you really would not like to fall into the wrong hands, using solutions such as App Lock. This not only allows you to activate and deactivate a lock PIN for individual applications such as Facebook and Gmail, but also has a security mode to hide photos and videos that should not be seen by prying eyes.

4. Keep Android and Apps updated

Android and application updates not only bring new features, but also bug fixes and patches to security vulnerabilities. You must ensure that your applications are configured to automatically update via Wi-Fi in Google Play Settings> General> Automatically update the applications menu, and ensure that you have applied any new operating system update in Settings> About phone > System updates.

5. Do not download applications outside Google Play

By default, your Android phone or tablet does not allow you to load applications (that is, install them from anywhere other than the Google Play store), but it is easy to avoid this in Settings> Security> Device Management> Unknown sources. Google has no control over the applications that are outside its application store, so only those who really know what they are thinking about the possibility of parallel downloads and do it only from reliable sources.

6. Manage application permissions

An advantage of downloading applications only from Google Play is that it will tell you what permissions an application requires before installing it, and if it has a recent version of Android, it will also ask you to accept permissions when they are required.

There is often a good reason that applications need access to seemingly unrelated facilities on your phone, such as games that want to see your contacts (to allow you to compete against your friends) and messaging applications that want to access the camera (to send messages of photo and video). However, if you do not find any reason for an application to require a particular permit, do not install or grant access.

Since the arrival of Android Marshmallow, the ability to manage application controls and control what an application can and cannot do on the phone has been introduced, even after you have installed. If an application needs a permit that is not granted, it will ask you for permission before it does its thing. You will find Application permissions in Settings> Applications> Application permissions.

7. Set up user accounts

From Android Lollipop, we have been able to configure multiple user accounts on tablets and, more recently, on phones. If you are going to share your device with another family member, a colleague or a friend, you can give them access to only the parts of your Android that you are willing to let them see. Set up user accounts in Settings> Users> Add user. Also see: How to set parental controls on Android.

8. Beware of shared information

We have often complained that people are sharing too much information on social networks, such as advertising the fact that they go abroad for a week on Facebook and leave the home liable to be stolen. With Android you can check what information you are sharing with other people.

Android uses the Chrome browser, which may also be collecting session information from the laptop or PC. The ability to synchronize your bookmarks, passwords and more through a Google account (which is also linked and automatically signed in to your email and other Google accounts) is an incredible time saver, but it could become a problem if You lose your phone or tablet or it falls into the wrong hands. All your logins, passwords and confidential data within your emails will be available to anyone who finds the device.

You can control what data (in particular, passwords) Chrome stores when you launch the browser, by touching the three-dot icon in the upper right corner of the window and selecting Settings> Basics> Save passwords. Also open the Settings menu in Chrome, touch your account and then choose what data is synchronized.

Don’t forget Chrome’s incognito mode, which allows you to browse the web in private and will not track you.

9. Configure tracking and remote erase

Device Manager is an excellent tool for tracking and, if necessary, deleting a lost or stolen Android phone or tablet. It is a free feature for your Google Play phone or tablet, but it can also be accessed from any web browser where you sign in to a Google account.

10. Consider device insurance

Since some devices can cost more than 500 euros, it is worth considering insurance of the device given the price of many terminals, as well as a simple repair of a broken screen. Some companies offer services for less than 10 euros per month.

11. Android backup

It is not only the fact that our data can fall into the wrong hands when our device is lost, but it is also the fact that it will no longer be in our hands. Android backup is essential, and by doing so, it is possible to associate it with the Google account to retrieve information when you log in to another device.

Android backup also means that your photos and videos can be accessed through any web browser registered in your Google account, and that the next time you buy a new phone, you will not have to manually download and install all your applications usual.

12. Android virus and malware management

Android viruses are few and far between, and you are more likely to encounter problems when clicking on a dubious link in Gmail or in a text message, or by giving away too much personal information, than anything else.

Some people like to install an antivirus application such as Lookout, Avast or AVG Free, but we are not yet at the point where that is strictly necessary and, in general, all you need to do to avoid Android viruses is simply to download applications Google officers who have many downloads. Play and be careful what you click on private messages.

13. Encrypt Android

Those who want to protect their Android device will most likely have detected the encryption option in Settings> Security> Encryption. This encrypts all data on the phone (applications, media and more) until you enter the decryption password, which you must do each time you turn on the device.

Encrypting and decrypting your data takes time, and for most people it is an unnecessary step that will simply slow things down. However, if your device contains extra secure information, it is a possibility you should consider.

14. Use a secure messaging application

Where do your text messages go once they leave the phone and others can sniff them out? It all depends on the service you are using. An instant messaging service such as WhatsApp, now offers end-to-end encryption. Another often cited secure messaging application is Signal Private Messenger, which allows you to chat freely with friends without the server being able to access communication or data. You just have to keep in mind that any message on your phone will still be visible to those who have physical access to it.

 

VPN: what is it and what is it for?

Although it is not something new, it has been in recent years when we have begun to hear about VPN connections. A term that has begun to sound louder after Netflix decided to block its use after detecting that some users used them to bypass the geographical limitations of their service.

However, the truth is that they have been used in business for years, a context that has now also been extended to give rise to other uses. But what exactly is it? What is a VPN? What can we use it for? Today we solve these questions and analyze their advantages and disadvantages.

What is a VPN?

Before entering into greater vicissitudes, we must comment that VPN responds to the acronym Virtual Private Network, a name that already a priori allows us to get a little idea of ​​what it is: a virtual private capable of connecting several devices as if they were physically in the same place, emulating local network connections. Virtual, because it connects two physical networks; and private, because only computers that are part of a local network on one side of the VPN can access.

How Does It Work?

When connecting to a VPN, we will use a kind of tunnel, a word that is used to indicate that the data is encrypted at all times, from when they enter until they leave the VPN, and that it is carried out through different protocols They protect them. Now, there is an exception with PPTP – it uses a combination of insecure algorithms such as MS-CHAP v1 / 2-.

What our system will do when trying to visit a page is to encapsulate the request and send it via the Internet to our VPN provider. This will uncapsulate them by following their usual course: they will exit through your network router and then the packet will be forwarded.

What Advantages Does It Have?

Using a VPN means that we can access virtually anywhere on the network without any geographical restriction, no matter where we are physically. The reason? That will allow us to access through several servers located in another place in the world other than the one we are.

Security and privacy are other points in your favor, especially if we need to send or receive sensitive information through the network. And while we can always opt for proxy services and tools that hide the IP of our device, by opting for a VPN we are choosing to establish a secure connection between the computer and the server.

Already in a more business context, it makes it possible for a company’s employees to remotely access their networks and servers without compromising security. Another of its virtues is that it is not too expensive services and that we even find worthwhile options for free.

Finally, they are easy to use, let us easily connect and disconnect at our whim (once configured) and works with multiple applications routing all Internet traffic.

Uses of VPN

VNP networks are also routinely used to bypass geographic restrictions of certain services. For example, let’s say that the display of video content is only available to users in the United States. Well, this type of connection will allow us to tell the web that we are in this country.

When we talk about restrictions, we cannot stop referring to those that have to do with the censorship imposed by certain totalitarian governments on their citizens. A way to see the news and information of the outside world without vetoes that, however, is not perfect (as we will see later).

As a result of this and since they allow us to hide the navigation data, they are ideal for connecting through a public Wi-Fi, in a cafeteria or hotel (for example) and that our information is intercepted. Another common use is found in P2P downloads, although we must take into account that some providers block them.

In the corporate world it is the field in which his career is more extensive. In fact, they constitute a habitual resource for multinationals that have delegations in several countries, which allow their employees to telework and access a single private network in a secure way.

Seven VPN Services

That said, we could not stop collecting some of the best VPN services that currently exist in the market, a range in which they can accommodate from free to paid. We are left with:

  • AirVPN – with real-time statistics
  • TOR and VPN support via SSL and SSH
  • VPN.ht – with integration with Popcorntime.io and AES 256 encryption.
  • VPNArea –with the same encryption and that accepts bitcoin as a payment method and up to five devices connected simultaneously
  • Hello –free as long as we do not use it for commercial purposes
  • Private Tunnel – limited to 100 MB of monthly traffic but also free and easy to use
  • Tunnel Bear – with 500 MB – are not far behind.

In any case and to opt for one or the other, we must take into account the level of speed, reliability, security and support offered by the service. The use that we are going to give it is another parameter that we will have to assess. It should be noted, on the other hand, that those of payment usually have a professionalized customer service and that they have the necessary income to invest in a wide variety of servers that guarantee that our connection is always active.

Other Considerations

Apart from the comments on Netflix, it is not the only one that blocks the use of VPNs. iPlayer, the BBC video service, began banning them at the end of October last year after eight years of operation. And so do some countries with policies to control their extreme citizens.

This is the case of China, which banned the use of these connections almost two years ago. A proposal in line with the censorship and vigilance of the Asian giant and a logical movement to maintain its cyber-sovereignty that, however and as expected, was tremendously controversial.

Likewise, we cannot lose sight of the fact that increasing our privacy and security is not infallible. In fact, using a VPN does not imply that our browsing is anonymous (ideally to achieve this would be to use it with Tor). When questioning your security, we are referring to those based on the PPTP protocol. False the location is not always possible, especially when we use it through our mobile. Speed, to finish, is another point that suffers.