24 NOVEMBER 2014
WWW.BLUESKY.CO.UK
WE ARE A LEADER IN NOTES AND DOMINO HOSTING
DEALING WITH POODLE WHAT IS IT AND HOW IT AFFECTS YOU
DEALING WITH THE SHELLSHOCKED BUG HOW WE PROTECT OUR CUSTOMERS
ICON 2014 THE IBM NOTES USER CONFERENCE
connect The Magazine for Blue Sky Customers | Issue Number 3
Microsoft announce Lync rebrand to ‘Skype for Business’ Microsoft has announced that they will be rebranding their business communication products to reflect their acquisition of Skype in 2011. Skype for Business and the Skype identity will replace the Lync name and logo. The underlying technology behind Lync will however remain the same and the new Skype for Business will u<lise Lync’s backbone rather than Skype’s. The Skype for Business client, server and online versions will form part of the Office 365 offering. MicrosoG has said that the look and feel of the client will be much more in line with the
Microsoft plan to enable video calling to Skype for Business with both the next onpremises and online rollouts.
Skype interface. Lync users shouldn’t worry about losing features as they will con<nue to exist and Skype users will find many familiar features available. Following on from this, MicrosoG also announced that the second half of 2015 will see the launch of
! !1
24 NOVEMBER 2014
WWW.BLUESKY.CO.UK
the latest versions of Exchange and SharePoint Servers. MicrosoG plan to enable video calling to Skype for Business with both the next on-‐premises and online rollouts. The Skype user directory will be accessible to Skype for Business so that users can look up contacts within the Skype directory. Also promised is na<ve interoperability between Skype for Business on-‐premises server and other video-‐conferencing systems without the need for addi<onal equipment to connect mul<ple systems. The second phase of the Skype-‐Lync federa<on project will happen this December 2014 and MicrosoG will be upda<ng its Skype client soGware to support the H.264 codec to provide video integra<on between Skype and Lync 2013 before the end of this year. Current Lync Server customers will be en<tled to the new Skype for Business features next year by upda<ng from Lync client 2013 and Lync Server 2013 to the new Skype for Business releases. Office 365 will include Skype for Business components next year.
What you need to know about POODLE the SSL3.0 vulnerability A new exploit impac<ng SSL connec<ons has been revealed called Padding Oracle On
Downgraded Legacy Encryp<on, or POODLE for short. It has been disclosed to the public via engineers working for Google as of the 14th of October. What is POODLE? POODLE allows for encrypted communica<on using the SSLv3 protocol to be decrypted, revealing the plaintext contents. It is slow to exploit, however with persistence it will work against any SSLv3 implementa<on using Cipher Block Chaining (CBC) ciphersuites. Technical details of the a_ack are available here and with a formal, detailed disclosure (PDF document).
Can it be patched? POODLE as an exploit cannot be patched against; it is an issue in the SSLv3 protocol’s use of CBC ciphers. Whilst there are non-‐CBC ciphersuites (such as RC4), they are now widely regarded as insecure and we have
recommended RC4 as only a fallback for some <me now.
What is being done to SSLv3? Due to the age of SSLv3 (now 18 years old), it is very unlikely that the SSLv3 protocol itself will be remediated. POODLE will likely be used as a reason for users to be pushed towards Transport Layer Security (TLS) over the now insecure Secure Socket Layer (SSL).
! !2
24 NOVEMBER 2014
WWW.BLUESKY.CO.UK
What impact does this have on Blue Sky customers? The fallout of this is that Internet Explorer version 6 on Windows XP, which only supports SSLv3 for HTTPS by default, no longer has any means of crea<ng truly secure web connec<ons without direct user interven<on. Es<mates place usage of IE6 at around 3-‐4% of world wide web traffic, however it is believed that a large propor<on of this traffic comes from countries such as China, with most countries having less that 1% of users on IE6. Newer browsers, such as Internet Explorer 7 and above, plus Google Chrome and Mozilla Firefox, can be used on Windows XP and will work with the TLS protocol. Newer versions of Internet Explorer or Google Chrome and Mozilla Firefox, are however s<ll impacted by POODLE due to TLS Downgrade A_acks, which allow malicious users to force a browser’s connec<on to use the exploitable SSLv3 protocol rather than the more secure TLS protocol. Whilst there is a draG specifica<on for a remedia<on around TLS downgrade a_acks, this will most likely not manage to work its way into produc<on deployments for a substan<al period of <me. Unlike Heartbleed before it, POODLE does not impact the private keys used for SSL/TLS Public Key encryp<on; there is no requirement to revoke, re-‐key or recreate SSL cer<ficates.
What is Blue Sky doing? With the security of our clients and their customers foremost on our minds, we will be removing SSLv3 support on the behalf of our customers as of 20th October where possible. This will remove support for legacy browsers that use SSLv3 by default to create secure connec<ons, such as Internet Explorer 6 on Windows XP, however it will secure them from any a_acks that might take place. Users on these browsers will see server error messages when they try to access a website that has SSLv3 disabled. These users can use Windows Update on their computers to download Internet Explorer 8, which has TLS enabled by default, or obtain alterna<ve web browsers, such as Google Chrome, Mozilla Firefox or Opera Browser This ac<on will also secure users of more modern browsers from possible TLS downgrade a_acks that would make them vulnerable to the POODLE exploit. These users will see no difference when accessing websites with SSLv3 disabled. If you do not wish this to happen, or if you require <me to make changes to your service and inform your users, please get in touch as soon as possible to discuss your requirements, either via email at support@bluesky.co.uk, or via phone on 0844 700 2759.
The POODLE exploit is not known to allow for users to compromise the servers themselves, nor does it allow for code execu<on on client computers; as an exploit it only impacts the security of encrypted messages sent to and from servers. This can include passwords, personal details sent as part of forms and cookies used for website logins. Finally, Macintosh users, Linux users and mobile device users are not impacted by POODLE outside of systems almost a decade and a half in age. ! !3
24 NOVEMBER 2014
WWW.BLUESKY.CO.UK
Dedicated Domino Hosting www.bluesky.co.uk/domino
Dealing with the Shellshock Bug First there was Heartbleed, the SSL vulnerability, now the Linux command applica<on named Bash has been exposed to present a security risk. This affects Linux and linux-‐like opera<ng systems that are used for a wide range of services, par<cularly web servers DHCP servers and, like Heartbleed, routers and other devices that use embedded Linux. The security risk of the Shellshock vulnerability is a threat that Blue Sky takes extremely seriously and currently has a number of engineers working to assess and remedy any poten<al risk to customers’ systems. While Shellshock is serious it is not as far reaching as Heartbleed as there needs to be certain condi<ons for the Shellshock vulnerability to become an issue. Bash has to be an exposed applica<on and would need root user permissions. In fact this is more of a serious threat to poorly managed servers. To ensure there is no
possible risk to our customers the team will apply any necessary updates to customers’ opera<ng systems. This bug also affects OSX users, however Apple are, as of wri<ng this no<ce, yet to release a soGware update to address Bash.
! !4
24 NOVEMBER 2014
WWW.BLUESKY.CO.UK
ICON UK 2014 IBM User Conference Round-up Many thanks to everyone who came to see us at ICON UK 2014 at IBM’s customer centre in Southbank, London in September. For those of you who are not familiar with ICON, it is now the leading conference day for anyone who is using IBM’s Notes and Social Collabora<on solu<ons, Xpages development tools and Domino server solu<ons.
Icon UK is an ideal opportunity to meet a diverse range of solu<on providers who are at the conference to help customers and provide advice to a_endees who want to get the most out of their investment or who are looking for a robust alterna<ve to their exis<ng solu<ons for email, groupware or team collabora<on and communica<on. IBM provided this year’s venue at their customer centre located at Southbank in London. The conference had 29 seminars for Management and
strategy, Developers, administra<on and from the conference sponsors. As a Silver Sponsor, Blue Sky was present to provide advice on our Notes and Domino
planning, implementa<on and management services. It was also a great opportunity for us to catch-‐up with fellow Silver Sponsor and partner Land2Lan who were next to us in the exhibi<on area. It was packed with customers and partners and a day of excellent seminars throughout the day. We look forward to seeing people at ICON 2015 – when it gets announced.
! !5
24 NOVEMBER 2014
WWW.BLUESKY.CO.UK
Seminar Highlight: What’s next for email? IBM’s Program Director of Messaging and Collabora<on, Sco_ Souder gave a live demonstra<on of IBM’s ambi<ous project to revolu<onise the enterprise in-‐box with Mail Next. Whilst currently in development, Souter explained the capabili<es of the Mail Next (the applica<on’s working <tle) and gave an overview of the core concepts of integra<ng social work collabora<on and priori<sa<on of emails and tasks and leverages the power of Watson into making sense of users’ in-‐boxes. We’ll go into more on this in a separate feature.
Speed Pitch! Pitching services is hard and pitching them in two minutes is… well a challenge. However, we were so grateful for the very warm recep<on to our very fast paced presenta<ons. The service we opted for was our Pat – well our Notes and Domino consultancy and management service to be precise, but Pat did a great job of being the face of the service on the day. In fact he did such a great job we’ve immortalised him into a comic book character. You can find out more about Pat and our Notes and Domino services over at www.bluesky.co.uk/need-‐pat/
UN continues to invest in Blue Sky We’re very pleased to confirm that the UN’s Research ins<tute for Social Development has renewed their long standing hos<ng contract with us. We provide managed IBM Domino Website Hos<ng, proving that Blue Sky is a leading provider of IBM managed domino solu<ons to not only the UK but overseas too. If you are looking for a ISO27001 cer<fied IBM partner for your domino solu<ons, get one of our team to contact you by visi<ng www.bluesky.co.uk
! !6
24 NOVEMBER 2014
WWW.BLUESKY.CO.UK
Does your IBM Notes and Domino Need Pat? We’ve produced a web icomic to give an entertaining overview of our consultancy service and there’s an opportunity to speak to the team to give your IBM Notes and Domino services a tune up. Blue Sky is a Premier Business Partner and we are specialists in IBM’s Collabora<on soGware and care about Notes – whether you’re ‘yellow’ or ‘blue users.’ See if you need a Pat… Visit www.bluesky.co.uk/need-‐pat/
! !7
24 NOVEMBER 2014
WWW.BLUESKY.CO.UK
So you think your data is secure? Why businesses and individuals should move to private UK Cloud file storage and how to become more data secure Recent high-‐profile data loss stories in the media highlight just how vulnerable company and individual data really is. Data leakage is a serious situa<on caused by either the misconfigura<on of devices or worse, the sheer arrogance of leading tech firms to not secure their systems enough. Apple Inc. has been severely cri<cised within the technology and mainstream press for allowing data to be easily intercepted and distributed online from its iCloud storage facility. The case of Jennifer Lawrence and many other female celebri<es may seem to be an issue that only affects other people, yet it actually affects millions of users of these public cloud storage solu<ons in a wide range of companies. Many people use cloud storage not just for images of cats and in<mate photos but also for far more important data such as legal and sensi<ve documents along with a vast array of other types of cri<cal data. This is not an issue simply for
individual users: with BYOD (Bring Your Own Device) widespread and lax data security policies within companies, many organisa<ons will not be aware of the full risk to their sensi<ve data.
Insecure Device Storage Shodan, the device search engine has been used to iden<fy a number of unsecured NAS (Network A_ached Storage) devices that have been incorrectly configured to open up directories to public Internet access without many owners realising that they have opened up their private data to be accessible by anyone. Using simple text queries in Shodan, it is possible to find ‘open’ storage devices and thereaGer, it would not be that difficult to obtain access to data. This also raises several legal implica<ons into the legality of accessing data that has been inadvertently leG in the public domain and also what services could poten<ally access informa<on and use it for a range of purposes.
UK Internet rights and US Patriot Act
! !8
24 NOVEMBER 2014
WWW.BLUESKY.CO.UK
The poten<al conflict between US and European law and privacy of data has come under fire many <mes over the last couple of years in regard to the US Patriot Act. In 2011, Compu<ng Magazine reported that sec<on 215 of the Act states: “ The Director of the Federal Bureau of Inves<ga<on or a designee of the Director (whose rank shall be no lower than Assistant Special Agent in Charge) may make an applica<on for an order requiring the produc<on of any tangible things (including books, records, papers, documents, and other items) for an inves<ga<on to protect against interna<onal terrorism or clandes<ne intelligence ac<vi<es.” In other words: the FBI can obtain data from European companies that have their data stored in US-‐owned datacentres, even if the datacentres are on EU soil. The BBC also reported that MicrosoG was ordered by a US Judge to hand over data stored in servers that it owned in Dublin Ireland. This has raised a number of concerns over how the US government can access data that is stored within the UK as well as Ireland. Many organisa<ons do not realise that by using any SaaS solu<ons which are provided by a US company, that it will come under the jurisdic<on of American Federal Law. In recent months this has seen many companies seek out alterna<ve solu<ons that are both more secure and fall outside of foreign jurisdic<on.
The alternaFves Blue Sky has been striving over the last ten years to provide customers with reliable UK data storage solu<ons and prac<ces that enable companies to have peace of mind regarding where their data is located and how it is maintained.
Blue Sky is ISO27001 cerFfied This ISO standard tests a companies data security prac<ces and procedures and that informa<on is stored and handled correctly. Because we have this accredita<on, our customers know that we will ensure their data is not resold or sent outside
of our network without the proper authority or management. For more informa<on on our ISO27001 verifica<on visit www.bluesky.co.uk/ company/skills-‐cer<fica<on/iso27001/
IBM Notes 9 and Domino Server We have been working with IBM to implement and manage IBM’s enterprise Groupware solu<on for a wide range of organisa<ons from the UN to The Economist. IBM Notes and Domino is secure and designed with audi<ng and security services for secure email communica<on and document storage.
HosFng and Server Infrastructure The core of our server infrastructure resides within our UK datacentre partners’ facili<es. These are also ISO 27001 cer<fied as well as PCI compliant.
FileCloud – Private cloud data storage in the UK Blue Sky is a leading UK partner for Tonido FileCloud. Our File storage and sync solu<on provides a wide range of features similar to Dropbox and MicrosoG’s OneDrive, whilst keeping your data within our UK FileCloud hos<ng infrastructure. FileCloud sends data between your data securely and can be encrypted end to end. For more informa<on visit www.bluesky.co.uk/ products/filecloud
Data Backup Services All our customers’ servers are backed up and securely stored on a daily basis. We use VMware and Veeam to provide managed backup storage and audi<ng.
ConsulFng Services Our consultant team can provide strategies for your organisa<on to properly maintain data
! !9
24 NOVEMBER 2014
WWW.BLUESKY.CO.UK
security within or outside your network and setup staff computers to be safe.
What is Cloud Storage? For many Cloud storage is a cheap and now reliable backup solu<on. Solu<ons such as Dropbox, Google Drive, OneDrive and Box provide an easy to set up system to synchronise files between devices.
What is NAS? Network A_ached Storage devices are simple to setup and provide Hard Disk file and Media storage for home and business networks. They typically also provide internet access to data.
What is the USA PATRIOT Act? The Patriot Act is an Act of the United States Congress that was signed into law by President George W. Bush on October 26, 2001. The <tle of the act is a ten-‐le_er backronym (USA PATRIOT) that stands for Uni<ng and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001.
Blue Sky’s top 10 tips for securing your data 1. Know where your data is 2. Develop a data storage workflow and policy 3. Audit all your data storage loca<ons 4. Iden<fy who has access to what 5. Iden<fy what SaaS services your organisa<on uses. 6. Review the Ts & Cs of all SaaS services 7. Check Network access privileges 8. Check any Internet enabled devices and how they access and store data 9. Review Firewall policies 10. Check all backup storage procedures both on and off site
Watch the PKFI Office 365 Case Study In this video, Phil Broadbery, CIO PKF Interna<onal, Oliver Grosse-‐ Braukmann, Regional Director EMEaI, Craig Fuller, Technical Audit Account Manager and Marcus Pullen Business Director, Blue Sky Hos<ng explain the needs, process and benefits of using MicrosoG’s Office 365, SharePoint and Lync. Click here to watch.
! !1 0
24 NOVEMBER 2014
WWW.BLUESKY.CO.UK
Say ‘Hello’ to David Harris, Blue Sky’s latest addition to the family. David has joined our Messaging and Collabora<on team and is an expert in messaging system architecture. He has been responsible for suppor<ng large enterprise scale Notes and Domino playorms in the UK and Malaysia. AGer working on a large project involving Notes with a leading bank, David brings with him a wealth of experience in strategic planning, maintenance and migra<on of IBM Notes and Domino systems. David has previously worked with Blue Sky's Patrick Lavan for many years. David’s career no<ceably saw him head up a team of engineers in Malaysia for a client which operated in 80 countries but had no level 3 support in the Asia Pacific region.
His experience with other messaging services such as MicrosoG Exchange and VMware environments means that our Notes and Domino team is strengthened with an extremely experienced and skilled professional. David can be contacted on david.harris@bluesky.co.uk
David is a specialist in messaging system architecture and has been responsible for the planning and design of many Notes deployments. He is keen to help engage customers in improving their exis<ng Domino and Notes systems as well as re-‐evalua<ng their messaging and collabora<on strategy.
Do you know what Blue Sky does?
visit www.bluesky.co.uk
! !1 1