ictsolutions number 11 - October 2014
ict advice for managers
Is your company at risk from cyber attacks? Risks and remedies
Proximus Explore Security Security at all levels Digital information boards What’s involved? Interview with the Veritas fashion chain: “Security plays a role in various ways”
01_ICTsol11_cover_ENG.indd 3
3/11/14 10:38
A new chapter begins
From now on we are offering you our network based ICT solutions, connectivity, fixed and mobile telephony and digital media under the brand name Proximus. We are ready to begin a new chapter, together with you. You are the person in your company responsible for ensuring a quality service – whatever happens. We want to make sure that thanks to the Proximus quality you can be in close proximity of who and what is important to you: your activities, your clients, your suppliers, your employees, your partners and your family. Discover all our solutions and services on our new website www.proximus.be
proximus_launch_advert_ict solutions_single.indd 1
16/10/14 12:10
EDITO
In this number 03 Editorial 04 Dossier – IT security Is your company at risk of cyber-attacks? Cyber-criminality increasingly hits smaller companies. Are you at risk? 08 Dossier – IT security Better IT security: a three-pronged approach In the modal SME a global IT security solution is more than a single product. If you take these three things into account you will be on the right track. 09 Case - Torfs Wifi in the shoe shop 11 Infographics Risks, attacks and solutions at a glance 12 Interview “Security manifests itself at various levels” Interview with the IT Manager of the fashion chain Veritas. 13 Solution Proximus Security Services 360° The backbone of every company is its ICT infrastructure. But what about system security? 14 Tested Displaying efficient digital information Along the street, in shopping centres, offices and schools: it is impossible to imagine any of them without digital information signs. 15 Solution Unified Threat management: All-in-one security for SMEs 16 Digitip Where do you go with your data? Store it yourself or rely on a cloud provider? 18 Solution Put your company on a solid footing: Proximus Explore’s security solutions lay the basis for the best network 19 Books David and Goliath; Dog Fight 19 Digitip Better WiFi in the workplace
Welcome to Proximus
T
oday we are delighted to present the first-ever ICT Solutions in the new layout and corporate house style, following our switch to the new name Proximus as a uniform brand. We hope that reading the magazine, after this makeover, is now even more enjoyable! Bringing all of our brands under the brand name Proximus goes much deeper than just a simple name change. It is the turning of a new page for the whole company. We have adapted our operations to suit the dynamics of the market. We are becoming faster and more versatile. What we have definitely kept is our desire to assist you by taking care of all your ICT needs. We guarantee that you and your clients will have fast access to your services and applications everywhere, 24/7. This is only possible if your ICT infrastructure is always operational. And we can give you firm guarantees that we will support you in that. A secure ICT environment is a minimum requirement for constant service provision in the online world. Not only must your data be secure, but your infrastructure too. IT security is an important focus for everyone, including users. In this Issue, we examine various aspects in more depth and, as you have come to expect from us, we offer you real and lasting solutions too. Enjoy. Dominique Leroy Chief Executive Officer, Belgacom
Any questions? For questions about specific ICT solutions, please contact our account managers or our network of Proximus ICT Experts (www.proximus-ict-experts.be).
A publication of the Belgacom Group | Number 11, October 2014 | Editor: Bart Van Den Meersche, Koning Albert II-laan 27, 1030 Brussels | Contact: Charline Briot charline.briot@belgacom.be | Design and production: Minoc Media Services bvba, Steenweg op Antwerpen 26, 2300 Turnhout | www.minoc.com october 3
03_ICTSol11_edito_inhoud_ENG.indd 3
3/11/14 10:42
DOSSIER
Make sure you protect your data
Is your company at risk of cyber attacks? A lot of companies, including the smaller ones, have problems with cyber threats. Not just viruses and malware, but also hackers or even government spyware are ravaging the digital world. What does the world of cyber security look like? And most importantly: are you in danger?
4 www.ictnews.be
04_06_ICTSol11_sec_gevaren_ENG.indd 4
3/11/14 10:42
DOSSIER
D
igital technology dominates the world. Whether you board a plane, enter your hotel room or use your telephone to call someone. There are computers everywhere, making sure that what you do goes as smoothly as possible. There is a flip side to this too, of course. Everything can be hacked and hackers – both those who want to increase security and those who want to get rich with it – are constantly looking for new opportunities. The perpetrators are more diverse than ever before – not so much the lonely (young) computer criminals as gangs of thieves, individuals, other companies, activists, States, script kiddies experimenting and cyber terrorists. This is very different from the old days, when massive virus attacks were mainly about attracting attention and fame. These days it is mainly about making money, with the result that many attacks or situations stay under the radar. It also has to do with the sort of attack, too. They are not massive virus attacks but precision attacks that target your data for the most part. Every attack starts with tracing your company data. Own employees Any business soon has a constant stream of sensitive data, ranging from credit card numbers to confidential documents. These days, instead of targeting companies, hackers aim for individual employees. Data security company Imperva made a study of the (five) phases of which this type of targeted attack consists. In the first phase the attacker sets its sights on the company. Then it searches the social networks, like Facebook or LinkedIn, for people that indicate in their profile that they work for it. Once an employee has been found the
Major risks Besides spear-phishing and Trojans there are other risks too that are very relevant to businesses, such as malware on mobile devices with company information, (too) weak passwords, bank Trojans, ransomware and weak spots in company websites.
Every cyber attack starts with tracing your company data
attacker tries to compromise him or her with malware (phase 2), often via personalized phishing emails. If that works then he will carry out a first recce and have a look round on the company network (phase 3). Then the intruder steals usernames and passwords. In phase 4 the attacker modifies employees’ computer rights so that he becomes a ‘power user’ and can completely infect the network with malware. Eventually (phase 5) the attacker succeeds in taking possession of the ‘identity’ of a legitimate user and purloining sensitive information. Finally – in order not to rouse suspicion – he will reduce his rights on the network to the usual user settings. Protect your organization But there is also a glimmer of hope in all this bad news. Often a few simple steps are sufficient to protect your organization (see also the security solutions on page 8). Beware: no company is ever completely safe from cyber attacks. Nonetheless, taking measures to protect your own employees and sensitive information reduces the risks. Finally, two nuances: obviously it is not only small companies that are targeted but, because they are often less alert and less well equipped, hackers increasingly set their sights on them. A recent survey by Symantec confirmed that small companies are specifically being targeted at present by cyber criminals. According to Symantec, more confidence in IT and security leads to better operating profit. Secondly, there are other dangers besides the phishing attacks described above. Take, for example, malware on mobile devices on which there are bank details. Weaker passwords are a potential danger too. Indeed there are potential risks on all sides. october 5
04_06_ICTSol11_sec_gevaren_ENG.indd 5
3/11/14 10:42
DOSSIER
Hacker tips The American hackers’ collective Black Hat has been setting up camp in Las Vegas every year since 1997 to draw computer hackers, security advisors and government agents from all over the world. These are their five major worries and concerns:
1
Even bigger DDoS attacks can be expected In a DDoS attack, or Distributed Denial of Service, a huge stream of data is sent to a website in order to bring it down. The biggest ever DDoS attack took place last year and was directed against the antispam website Spamhaus. It later transpired that the brain behind it was a 15-year-old boy from London. He is now in detention. A presentation during Black Hat last year consisted of a very simple and comparable attack which, with a bit of extra effort, could be ten to a hundred times more powerful. All the ingredients of the attack are still available to hackers – and they are not easy to prevent.
2
Be wary of mail from friends and colleagues Phishing attacks pour out floods of spam to thousands if not millions of Internet users in the hope that a few will log in to a fake site and enter confidential data on it. Spear phishing, on the other hand, is a more targeted attack and is usually
focused on a single individual – someone who has access to company resources of course. To achieve this, crooks draft an email that appears to come from a source trusted by the victim. Because the mail looks trustworthy the recipient will be less hesitant about clicking on the poisoned link. On the basis of the personal information that you put on Facebook or LinkedIn, hackers could send targeted phishing mails to you.
3
A botnet with millions of web browsers In order to launch a large Distributed Denial of Service attack a bot master has to manage to get malicious software installed on thousands of computers. Researchers from White Hat Security (a bona fide hackers’ collective) managed to launch a DDoS attack on their own test server with banner advertisements that cost them less than fifty euros. As soon as the advert appeared, the browser executed a script. There was no trace of the attack.
4
Security cameras absolutely not so safe You install security cameras to improve security, but you could have exactly the opposite effect with them. Security cameras suddenly become a lot less safe if they can be hacked. One session at Black Hat subtly showed how you can first obtain manager status in order to break into four different camera systems (from popular brands). One thing and another eventually culminated in an impressive demonstration. The presenter installed a surveillance camera to protect a bottle of beer, then hacked the camera and ‘stole’ the beer. Beware: for a hacker that acquires access at this level it is not
Security cameras suddenly become a lot less safe if they can be hacked
very difficult to get access to other parts of your local network.
5
iPhone hacked No one would deny now that Android telephones are easier targets for malware than iOS devices. But our sense of security took a serious hit after a demonstration showed how you can completely take over an iPhone with a modified charging station. The attack is called Mactans – the scientific name for the black widow spider – and gives hackers complete control of your telephone, even after the device has been removed from the charger. This astonishing demonstration started with an iPhone being hacked and switched off. Then, without anyone touching the device, the telephone turned on again, passed the access code and made a phone call. The lesson is clear: never connect your phone to a charger that is not your own.
6 www.ictnews.be
04_06_ICTSol11_sec_gevaren_ENG.indd 6
3/11/14 10:42
The leading converged infrastructure solution from Cisco® & NetApp® • Increase efficiency and reduce risk with a pretested, validated solution • Supports the leading hypervisors, applications and management platforms • Flexible IT architecture for today’s needs that also scales for future growth
Choose the FlexPod that’s right for you FlexPod Express for small and midsize businesses
FlexPod Datacenter for core enterprise applications
FlexPod Select for dedicated, data-intensive workloads such as Big Data
Find out more at www.netapp.com/flexpod
DOSSIER
Better IT security
A three-pronged approach In the modal SME a global IT security solution is more than a single product. If you take these three things into account you’ll be on the right track.
8 www.ictnews.be
08_10_ICTSol11_sec_oplossingen_ENG.indd 8
3/11/14 10:41
CASE
E
very month an average of 334 organizations in Belgium are faced with cyber criminality, according to figures from the government organization CERT (Cyber Emergency Team). And this is just the tip of the iceberg; the majority of cases don’t even come to the attention of the public. More important than the actual number, though, is the evolution. Attacks have tripled compared to two years ago. And, not least, SMEs are being targeted too. “Often because larger companies are already quite well secured”, says Filip Rogge who, as the former CEO of Microsoft Belux, is rather well informed about the situation in Belgian SMEs. “An SME, for example, has no cyber security officer or a specific person responsible for network security”, he says. “But you can go a long way with a few basic principles.” So how do you protect yourself against all that junk? We suggest a three pronged defense plan that should help keep you safe. Usually it involves a combination called the 3Ps: products, policy and people.
1
Security products This is the first element of our security approach: products or technology. In the first instance it is about security technology. The best known form is the antivirus program. This is actually the oldest form of security: software that is installed on employees’ individual desktops or mobile devices. These applications are managed from a central security suite. To be precise, we are actually talking about anti-malware. The term antivirus is still the most commonly used, but these days there are a lot more threats than just viruses, including phishing and spam. Besides, antivirus programs are installed on your central computers or servers. Some SMEs have a second type of security: network access. Laptops, tablets and smartphones can cause a breach of security because they are often used at home, and may come into contact with a less safe network there. The answer to that is network control. Before a laptop gets access to the network, a specific check is carried out to see whether the system is recognized or has a correctly set security suite. If not, it will get only very limited access or none at all.
WiFi in the shoe shop In 2013 Torfs Shoes decided to introduce free WiFi into its shops. “Our shops are sealed off with an extra firewall.” Torfs, a family firm with six hundred employees, noticed that more and more visitors – especially young ones – were coming to try on shoes and then buying them afterwards on the Torfs website. Sometimes customers came with their smartphone to show the shoes they wanted. The chain of shops decided to support them with free WiFi. The first task for Torfs was to have a look at the market and find a suitable solution. The choice fell on Proximus’s solution with a Fortinet Firewall and Forti Access Points. Raf De Leu, IT Network Manager at Torfs Shoes, explains why: “You can manage everything centrally and monitor it in detail. Traffic from the customers is completely separated from that of the production. You don’t just get a WiFi network; you get a firewall, virus scanning and the rest.” Sealed off The whole operation was carried out in barely ten months. “Together with an IT consultant from Proximus we set up a basic configuration. We wrote the software for it ourselves. The actual installation in the shops was done by our own electricians”, explains Raf De Leu. System security is crucial in something like this. “Our shops are sealed off with an extra firewall. The traffic from the customers goes over a separate subnet. The business traffic is routed to Proximus Explore and the customer traffic to the Internet. And, of course, they have separate IP addresses and the necessary firewall policies.” One year later the reactions from the customers are positive and they are pleased to be able to use the WiFi access. “Initially we set a limit of 50 users per day. But that soon proved to be too few. We’ve had to adapt it to 250 users per half hour.” october 9
08_10_ICTSol11_sec_oplossingen_ENG.indd 9
3/11/14 10:41
DOSSIER
So far you are reasonably well equipped for an SME, but you still need a firewall. In layman’s language that is a sort of virtual moat where incoming and outgoing traffic is screened. A firewall supports a wide range of extra services, such as monitoring, filtering, refusing or dosing Internet access per user in companies. “Some SMEs put the emphasis on the firewall, others on local anti-malware or a security suite. But, in principle, both are necessary”, says Nico Cool, a self-employed security advisor. These days security is not only on the desktops or the network of the company concerned, it is also increasingly offered as a service by an Internet provider or another external company. Some of the solutions discussed above are offered as services too (read more in the article ‘Security 360°’ on page 13). It is a trend, in line with the rise in cloud computing, that is certainly gaining in importance. More and more applications, including security applications, are moving to the cloud. Updates of existing applications Existing software can also cause security problems if you don’t install the necessary updates or patches. This is certainly necessary for certain software such as operating systems. A good example is Windows XP, for which Microsoft has recently withdrawn support. As a result there will be no more security patches available for it, so your XP desktops will be vulnerable to hackers from outside. It is noticeable, however, that Windows XP still occupies an important place as the most widely used operating system in companies. A good one in five companies in Belgium still relies on XP as the main system in its organization - more than ten years after the launch of this operating system. In the vast majority of companies at least one device still runs on Windows XP. “If you still use Windows XP in your business after April 2014 there will be no question of real security. Certainly not if the PC is connected to a network. So the message is: upgrade”, says Cool.
Four golden rules for passwords l Choose a complex password l Don’t share it with others l Change it regularly l Use a different password for each application
Companies are paying more and more attention to developing a security policy
2
Security policy Technology is one thing, good agreements are another. That is why a security policy is necessary. It will describe, in a structured fashion, how your company can best protect its valuable assets, such as company data. “Companies are paying more and more attention to this type of policy”, acknowledges Cool. In fact a general security policy is rather broad. It includes both the control of physical access – who gets the keys for which buildings – and the IT policy. When it specifically concerns data protection it is usually referred to as an information security policy. This policy includes password and firewall policy, but also the way in which data is saved, who can access the company’s WiFi network and so on. A good policy should not only lay down rules but also focus attention on them. “It should keep employees alert and make them aware of security”, says Cool.
3
People Which bring us straight to the third aspect: people, or common sense. It is important for you and the users to be aware of possible risks. And that goes beyond what it says in a policy. Common sense means, for example, not clicking willy-nilly on offers in emails, not responding to spam messages and not installing software that is not intended for business purposes. And if an invitation or offer that seems too good to be true appears in your mailbox, then it usually is as well. Being careful with passwords is another typical aspect. In general the rule is: choose a complex password, don’t share it with others – certainly don’t put it on a post-it on your computer screen – and change it regularly. “How often don’t we type or use the same password?” Cool wonders. “The right approach to IT security often begins with well-considered use of passwords.”
10 www.ictnews.be
08_10_ICTSol11_sec_oplossingen_ENG.indd 10
3/11/14 10:41
INFOGRAPHICS dossier
Risks, attacks and solutions at a glance E-mail & websites 72% of all e-mail is spam. The number of phishing attacks rose by 264% in 2013.
264% increase in phishing
30% of targeted phishing attacks are targeted at companies with fewer than 250 employees.
Cybercrime 27% of data leaks occur as a result of theft or loss of computers or data carriers. Worldwide, cybercrime costs the global economy 400 billion dollars. That is six times more than the entire security market for technology and services.
1 in 566 websites are infected with malware.
27%
72%
as a result of theft or loss
Businesses and their data security
Risks
Do businesses have the following components?
An unprotected PC, without antivirus or a firewall, receives an average of 50 attacks per hour.
Firewall or UTM
82%
Desktop anti-malware or software
81% 74%
Antispam software
47%
Server-based antimalware software Encryption & digital certificates
30%
Anti-malware software on smartphones or tablets
28%
Web or URL filtering
28% 16%
Formulated security policy
14%
Security in the cloud
0%
20%
40%
60%
80%
100%
50 50 per hour
Sources: Cyren Security Yearbook, Symantec, Gartner, Smart Business Strategies and Computeridee
11_11_ICTSol11_infografiek_v2_ENG.indd 11
october 11
3/11/14 10:40
INTERVIEW
“Security is important in various ways” “Last year our headquarters burned down completely. Five days later it was business as usual for all our employees.”
Johan De Witte is the IT manager at Veritas, a well-known fashion chain with 110 employees at their headquarters. Security is a broad concept there, from the Web shop to company buildings. To start with: what are Veritas’s priorities in terms of ICT? We put a lot of effort into the logistics aspect. In the short term we are very busy with the integration of a new WMS (warehouse management system). That takes care of the goods that have to reach our shops or our end-consumers via e-commerce. Last year we started a Web shop too. This was the beginning of a somewhat longer term project to integrate the ‘omnichannel’ approach into all our applications. Technically that is a very complicated project, as we work on the assumption that customers can place orders, pay for them and collect them anywhere. What role does outsourcing play in your ICT strategy? We outsource a large part of our ICT jobs. In fact we have outsourced almost everything. Good partners and good
agreements are crucial for this. We rely on Proximus for our telecom and company network. What is your strategy concerning mobile devices? These days it’s 90 per cent laptops versus 10 per cent desktops. For cellphones and smartphones the company has a BYOD strategy (Bring Your Own Device), so that everyone can exercise his own preference in terms of telephone. We support both Android and iOS platforms from our department. How mobile is your company? With 120 sites (including the shop network) I think that we are very mobile. In fact our employees can work anywhere as long as there is a network connection available. All of our shops, our headquarters and our warehouse are equipped with a wireless network that is available to employees, customers and visitors. Homeworking poses no technical problems either and lots of our employees take advantage of this opportunity. What is your greatest concern with regard to network security? There are two aspects to security. On the one hand the security of our web environment is absolutely critical. The customers entrust their personal details to us and we have an obligation to handle them with the utmost care. We invest heavily in protecting and monitoring this environment. Experts manage Veritas’s entire network infrastructure. On the other hand there are our own devices and applications. The BYOD network
is now completely separate from the company network and is linked to the Internet. At the moment, devices on this network are linked via the Net to our VPN environment in order to access, for example, email, agenda, contact details and other data. That requires a ‘2-factor’ authentication: something you know, such as a password, and something you have, such as a token or an app on a smartphone. Do you have a business continuity or disaster recovery plan and how often is this tested? Disaster recovery is the responsibility of our cloud provider and it is one of the most important elements of the contract with this supplier. The recovery time and procedures are tested regularly by reloading data and on virtual machines. Our disaster recovery capacity was thoroughly tested last year when our headquarters burned to the ground. The following day our buyers were already placing new orders with our supplier, and by day five it was business as usual for all our employees. In fact it took longer to find some items of office furniture than to get our ICT infrastructure up and running.
12 www.ictnews.be
12_13_ICTSol11_veritas_ENG.indd 12
3/11/14 10:40
SOLUTION
Proximus Security Services 360° The backbone of any company is the ICT infrastructure. No professional can function well these days without computers, intranet, the Internet, network storage, applications, a customer database, a website and a variety of devices. But what about network security?
T
he key to a good organization is a well-functioning company network - which is exactly why it is increasingly important for you to keep that network in tiptop condition, free of problems and risks. Outsiders know very well that once they are inside a company they can cause real havoc. From now on Proximus can help you with almost any security question thanks to its complete service package ‘Security Services 360°’. System security is important in any company, but also complex. Proximus’s service package is aimed at solving pretty much any problem. Imagine, for example, that you want to improve your security. There is a whole team of experts ready to guide you through from the analysis to implementation and management, till you achieve the desired result. Or would you rather optimize your existing installation and have it tested? For that too there are IT specialists ready to help with suggestions and improvements.
agement of new security solutions? They can provide training on demand, leading to the certification of your own people for major interventions.
One supplier What makes this offer unique in Belgium is that you need only knock on one door for almost any security leak. Via Proximus Security Services 360° you can rely on a wide range of specialists. They can analyze existing infrastructures in your company, independent of the technology, and explain the situation to your own professionals. Monitoring is at your service non-stop: 24/7. Or perhaps you would prefer to use your own personnel but they need training for the installation and man-
From training to management If you do important business online, it is crucially important that your website be in order. They have a series of tests for that, including ‘ethical hackers’, to test the entire set-up very thoroughly. You can be sure then that the online portal has been vetted. In total you can access more than 200 ICT courses via Proximus, so you can make sure that everyone who wants to can be up to date with the latest developments. This will keep the security risk to the absolute minimum for you and for
your company. Whether it is the network infrastructure, the integration of an existing infrastructure, the implementation, configuration or management of it or other network security issues, Proximus can provide your company with services whenever and wherever you need them.
More info For more info on security solutions please visit www.proximus.be/securityservices. For more info on our range of ICT courses, go to www.proximusictacademy.be.
october 13
12_13_ICTSol11_veritas_ENG.indd 13
3/11/14 10:40
TESTED
Digital Signage - impossible to imagine the world without it
Displaying efficient digital information It’s impossible to imagine our world without digital information signs. You see them along the street, in shopping malls, offices and schools.
D
igital signage is the technology that allows this information to be managed and steered dynamically, depending on the location, the time of day and the target audience. A digital signage system always consists of a combination of hard- and software. In general the software has two components: an authoring module and a server part. In terms of hardware, obviously, you need a display, in combination with a player, which may or may not be in-built.
ent package, which you can often install on various different platforms. You can set up a particular layout and then fill it in with the desired content. You can then manage the players (with corresponding displays) that are linked to it via the server software and distribute the layout you have made and its content to the right players at fixed times. The majority of signage packages work with their own standards, but free open source software exists too.
Central management The actual design of what is seen on the screen is usually done from an independ-
As far as the players are concerned, there are both internal and external models. The internal models can be built into specific displays. But there are external models, as well, which are compact enough to place them unobtrusively behind a screen. Make sure that the players also have internal storage capacity. As when the Internet or network connection fails, the content can only be displayed if it is available locally. Infrastructure In terms of displays, likewise, the possibilities (and associated prices) vary widely. In principle you can get away with a television with a VGA, DVI or HDMI connection, but a large LCD or LED monitor is usually more convenient for this type of use. Certainly industrial monitors mostly have a long work life (40,000 hours for example) and are intended to operate 24/7. Some models are made to withstand vandalism too.
If the player and the display are in the same location, images can be sent via a classic connection (VGA, DVI and HDMI). The content of the server can be transmitted to the players via an existing network (LAN or the Internet), which then stores the media files locally. If the player(s) and display(s) are in different locations, then CAT 5 cabling may be the answer. Applications Digital signage has many applications. Shopping malls use the technology for brand support or for the promotion of specific products at specific times. In waiting areas in restaurants or banks. Time seems to pass faster if you can watch live-streaming video while you wait. Congress centers publish up-todate room information with it. Schools use the technology to display lesson schedules, while towns feature tourist information and show all sorts of news or the local weather forecast. And, finally, in restaurants and cafĂŠs, customers now get to see the right menus, adapted to the time of day.
More info Proximus offers Digital Signage solutions to suit your company. Surf to www.proximus.be/digitalsignage for more information.
14 www.ictnews.be
14_15_ICTSol11_Digital Signage_ENG.indd 14
3/11/14 10:39
SOLUTION
All-in-one security for SMEs
Unified Threat Management The days when you could keep all Internet problems at bay with a single firewall are long gone. These days you would be better to opt for a Unified Threat Management (UTM) device and a Firewall 2.0. But what is that exactly, and what use is it to you?
U
TM is a comprehensive solution that was launched quite recently in the network security sector and has since won worldwide interest as a primary network gateway security solution for organizations. It is the evolution of the classic firewall into an all-in-one security product that can carry out several security functions within one appliance: network firewalling, prevention of network hacking and a gateway antivirus (AV), gateway antispam, VPN, content filtering and on-appliance reporting.
A company’s security strategy can be managed easily with just one UTM device A company’s security strategy can be managed easily with just one UTM device: that means there is only one device to worry about, only one source of support, only one way to maintain each aspect of your security solution. UTM is clearly the more efficient solution: its strength lies in the fact that the integrated solutions it bundles were developed to work together. Likewise, all the security solutions can be monitored and configured on a single centralized console. This makes it an almost perfect solution.
More than a firewall With a ‘Next Generation’ Firewall you can protect your network against hacking, illicit access and computer attacks by third parties or from unsafe networks. The most important part of it is, without doubt, the application control feature. This allows rules to be defined for thousands of applications that run on the network and the terminals. Web-based applications like Facebook can be detected and controlled at a microscopic level. Obviously a UTM is also an ordinary firewall. So you can quickly identify complex threats with it and block them if necessary. Most UTMs also include a certain form of hacking prevention. A Network Intrusion Prevention System (IPS) identifies and blocks attacks on internal systems and can temporarily deal with problems if the systems under attack cannot be fixed immediately. An additional advantage of a UTM is the integration of a Virtual Private Network (VPN) to guarantee users safe access remotely. Complete filter A UTM also acts against spam, viruses or spyware. It traces spam messages and malicious attachments and blocks them automatically, so that you don’t even notice them. The same with viruses. The UTM scans files of any size for viruses without affecting the performance level of your network. Even compressed files are scanned. And, finally, you can carry out
The main advantages of a UTM are: l Less complexity: one security solution, one supplier l Simplicity: no need for installation and maintenance of several software programs l Easy management: plug & play architecture and a web-based, graphical user interface (GUI) for easy management l Performance: ‘zero-hour protection’ with no effect on network performance l Troubleshooting: one support desk, offering 24/7 technical support from the supplier l Limited technical training: only one product needs to be learned l Regulatory conformity
web filtering with a UTM. Use it to prevent access to certain websites so that you have more control of your company network and the associated efficiency gains.
More info For more information on UTM solutions, please visit: www.proximus.be/securitysolutions
october 15
14_15_ICTSol11_Digital Signage_ENG.indd 15
3/11/14 10:39
DIGITIP
Relying on yourself or a cloud provider
Where should you store your data? The cloud has turned the way in which we deal with data upside down in recent years. No more emailing files to yourself or lugging USB sticks around. But what about IT security? And is it still worth having local storage?
T
he days when you saved all your photos, documents, music and films on your own hard disk are gradually becoming a thing of the past. A great many companies these days have a (paid) subscription to all kinds of cloud services. And why not? It’s convenient, you can access your files anywhere and you don’t need to worry about your hard drive filling up. If you need more space, you just take out a more expensive subscription. Trust Naturally all cloud providers jump up and down claiming that your data is in safe hands with them. Often this is indeed the case, but ‘security’ is a multidimensional concept. So anyone who sends a lot of highly sensitive or business-critical data to the cloud and wants to be absolutely certain that no one can access it must then take a great many things into consideration when choosing their provider. On the other hand, there is physical access to the data centers. Amazon, for example, (which, among other things, delivers a great deal of the infrastructure for Dropbox) prides itself on the fact that its data centers are protected in almost military fashion. The centers themselves are accommodated in anonymous buildings without any reference to Amazon and have loads of closed-circuit (CCTV) cameras everywhere. External security
firms check all personnel various times before they gain access to the workplace. All access is also extensively logged and regularly checked. That all sounds good but, as an individual user, this is naturally almost impossible to monitor. Here again, a degree of trust is involved.
You can see that by means of the https for the Internet address: the “s” indicates that you have a protected http connection. If you use a separate program to communicate with your cloud provider, you had best check whether the latter also uses encryption; most cloud providers do.
Back up from backup It is also important, of course, to know how well your data has been backed up. A serious cloud provider can be expected to store various redundant copies of your data at various physical sites. If everything is in the same location and the whole place burns down or gets flooded, then you might as well not have had any backup at all. The way in which you send data to your provider must naturally also be protected; if not, there is a chance that hackers may intercept the data en route. So make sure that your web connection is encrypted.
Make it yourself Would you still prefer to do it yourself? Then make your own private cloud. The first step and simplest way to do this is probably by using NAS (Network Attached Storage). A NAS is a kind of mini-computer which keeps files and makes them available to all of its users via its own network. To do so, you must therefore have the network port of your NAS connected to your router and associated company network.
It is also important, of course, to know how well your data has been backed up.
The great advantage of having your own NAS is the fact that you get an overview of the equipment and business data (your data does not leave the building). You are namely the owner of the infrastructure inhouse as well as taking care of it. So you do not need to pay a monthly subscription to an (external) commercial cloud provider any longer but are responsible for the entire investment yourself. This is reflected in both the entry price for the hardware and in the long-term maintenance costs. In short, whether you do it yourself or externally in the cloud - the choice is yours.
16 www.ictnews.be
16_16_ICTSol11_dataopslag_ENG.indd 16
3/11/14 10:39
Twice the speed, half the cost. Love it, or your money back. The world’s fastest desktop printer1 – the HP Officejet Pro X – now comes with a money-back guarantee. Purchase any qualifying HP Officejet Pro X Series printer with HP PageWide Technology and get printing as sharp as laser at up to twice the speed2 and half the cost per page3. We’re so confident you’ll love it, we’ll give you your money back anytime within the first 90 days – no questions asked*. Learn more at hp.com/go/officejetprox.
HP Officejet Pro X Series, starting at €399**
HP PageWide Technology
Professional results with laser-quality prints. Original HP ink cartridges.
Need more information or want to order? Contact an ICT Expert near you via www.proximus-ict-experts.be!
1 Based on published fastest print speeds for the HP X551dw and X576dw models compared to laser and inkjet color desktop MFPs <€1000 and color printers <€800 as reported by Buyers Lab Inc. BliQ WW Printer Database 9th May 2014. For more information, see hp.com/go/printerspeeds. 2 Comparison based on manufacturers’ published specifications of fastest available color mode (as of August 2013) and includes the majority of color laser MFPs <€1000 and printers <€800 available August 2013 based on market share as reported by IDC as of Q2 2013 and HP internal testing of printer in fastest available color mode (sample 4-page category documents tested from ISO 24734). For more information, see hp.com/go/printerclaims. 3 Based on the majority of color laser MFPs <€1000 and color laser printers <€800 as of August 2013 as reported by IDC as of Q2 2013. CPP comparisons for laser supplies are based on published specifications of the manufacturers’ highest capacity cartridges. HP Officejet Pro X CPP based on 970XL/971XL ink cartridges estimated street price, published page yield for color prints and continuous printing. Actual prices and yields may vary. For more information, see hp.com/go/learnaboutsupplies. * Conditions apply. See complete Terms and Conditions for more details: hp.com/go/officejetprox. ** Recommended end-user price, VAT excluded. © 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP shall not be liable for technical or editorial errors or omissions contained herein.
SOLUTION
Explore: the reliable, tailor-made private network for your business
The basis for your business A corporate network is one thing, but how do you ensure data security, performance and availability between branches, customers and partners, at home or on the move? Security solutions from Proximus Explore provide a sound basis for the best possible network.
V
ia the private network ‘Proximus Explore’, which is available anywhere in Belgium, you can reliably connect the various sites of your business (and your employees) to each other, to the cloud and/or the Internet. Your Internet connection protected ‘Proximus Explore Secured Internet Access’ provides the basis for an IT security solution: a symmetrical Internet tunnel with a guaranteed speed is created to connect your private network to the outside world. A central firewall ensures a connection that is one hundred per cent filtered, secure and checked in advance. Your network is then protected from all external risks. So you don’t need to make additional investments in additional local firewalls for your network any more, even when working with multiple locations. And you can always rest assured: the firewall is main-
tained, updated and modified by a security team which operates 24/7. Proximus Explore increases the satisfaction level of your employees, customers and partners as well as improving cooperation between them because you can give them access to all business applications, whether they are working from home or on the move.
The firewall is maintained, updated and modified 24/7 In addition, you can also select a supplementary Security Pack. This option adds a number of smart functions to your network such as the filtering of certain websites. In this way, you can choose for yourself which websites may or may not be visited by whom so that you retain control of the traffic from and to your business network. Filtering can take place with regard to content (pornography, peer-to-peer, games, …), but also with regard to other types of content or protocols (http, FTP, chat, …). In this way, you save bandwidth, improve the response time of the applications and your employees work efficiently. Security at all levels Besides the Security Pack, Proximus also offers you the option of secure email management under the name of ‘Secure Mail’. This provides you with an antivirus and antispam filter that ensures that your mail server is kept in good working order.
The filter is more than 99 per cent effective with by far the best results on the market. Thus, you avoid all your employees’ mailboxes overflowing. This not only affects their productivity but also reduces the load on the mail server and your network. A good network is important but what if it goes wrong? In that case, you can count on the excellence of Proximus Explore at various contract levels. These always guarantee a minimum performance, availability, intervention time and recovery time. We are always with you within five hours in the event of a first-degree fault. The intervention period is between 8 a.m. and 6 p.m. on weekdays. Annual availability is approx. 99.90 per cent, which is extremely efficient. Specialists working for you The Proximus Explore network is permanently monitored, providing you with a guarantee that services remain at a high level. Proximus performs various proactive tests as standard for your comprehensive solution (network, connection, router, …). In addition, there is a professional helpdesk available to you on a free telephone number or via e-mail 24/7. So you can get help at any time of the day if you have any questions about your Proximus Explore network.
More info For more information about security solutions on Proximus Explore go to www.proximus.be/exploresecurity.
18 www.ictnews.be
18_19_ICTSol11_xplore_boek_tips_ENG.indd 18
3/11/14 10:38
BOOKS
David and Goliath
Dog Fight
The underdog gets the upper hand – more often than you think
The battle between Google and Apple
D
F
orget the unhappy childhoods, dyslexia, perceived lack of talent or diminutive company size: even in the business world, a position as the underdog can be the key to success. Or at least, that is the central idea in David and Goliath, written by the well-known American journalist and story teller Malcolm Gladwell. Unsurprisingly, the book opens with the inevitable titular tale: the way in which David defeated the seemingly invincible Goliath.
Fred Vogelstein, Dog Fight, ISBN: 9789000321599
Malcolm Gladwell, David and Goliath, ISBN:
og Fight tells of the fierce battle between two companies that have dominated the entire IT landscape for the past years: Apple and Google. The advent of mobile technology, the tech giants’ former relationship as partners in crime to prevent Microsoft from obtaining a new monopoly (this time on mobile operating systems) – and their sudden realisation that they are, in fact, direct competitors – makes for a very compelling read.
9781846145827
DIGITIP
Better Wifi in the workplace Wireless internet is a blessing until you lose your connection. There is nothing as frustrating as a Wifi connection that doesn’t work, or only partly. Ensure that your Wifi coverage is optimized.
N
owadays, Wifi is not a luxury any more but something that should be available everywhere, in every house and in every public location. For example, you only have to see for yourself how quickly you connect to the Wifi at the hotel as soon as you reach your destination. In short: we like having Wifi everywhere because we want to connect to the Internet more and more wherever we are. In public places the range is typically very great but at the office, well that is a very different matter.
terms of speed and in terms of range. You can have a healthy combination of both but that is not always easy. Sometimes you need an existing network cable, or you have to acquire additional equipment. The cheapest solution is a Wifi repeater. The only thing you have to do is to insert the repeater in the socket and enter the password. Then you can get going right away with a greater range. Many users opt for this solution precisely because of the ease of installation. Bear in mind that it is also the slowest solution.
There are two ways of optimizing your wireless network in your company: in
The best solution is an access point. For this you need a network cable which is
connected to your Wifi-router. If you don’t have that, then this solution is not for you. And that is a shame because this is by far the best way to expand your range. Furthermore, it does not affect your wireless speed and even provides a boost because you can outstrip areas with less of a range. Extension via the mains supply An excellent final solution is a powerline. Nowadays you find powerline adapters with an integrated Wifi hotspot on store shelves. You connect the adapters to the mains and you’re ready to go.
october 19
18_19_ICTSol11_xplore_boek_tips_ENG.indd 19
3/11/14 10:38
Ultra Power Saving Mode Dust & Water Resistant Fast Performance Finger Scanner Samsung KNOX SAR: 0.6 W/Kg (B)
For more info: b2btelecom@samsung.com