technology

secure private cloud

secure your private data as secure as enterprises – accessing a synology nas for private or small and medium-sized businesses

authentication

enable for admin and other sensitive accounts the 2-step verification – read more @multi-factor authentication

syn_2fa

dns

add some kind of dynamic dns service to access your changing public ip address like dyndns, changeip, strato, etc.

syn_dns.png

certificate

secure encrypted connection should mandatory, at least since edward snowden leaked information about “security” agency’s

  1. redirect traffic from http to encrypted https – be aware of public wifi, read more about ssl strip @attack vectors
  2. add a public trusted certificate to your system, letsencrypt.org provide free certificates – request via control panel at your synology

This slideshow requires JavaScript.

firewall

active port forwarding for vpn connection to your nas/vpn server

sync_port.png

vpn

to access private data from remote, configure devices vpn settings or download an app, enter you external ip address or full qualified domain

This slideshow requires JavaScript.

additionally you can add higher security if you authenticate via certificate from your device – read more @blog.centurio

profile

create a vpn profile in apple configurator with you account information and connection secret, send to your apple devices

syn_profile.png

we’re done

IMG_20180620_231411.jpg

 

technology

wifi security today and attack vectors

because of current occasion …

… inside a wifi you could find your ip in android 8 settings > about > status, use unsecured services like sonos, scan for other clients, check open ports, bruteforce backend services (router, firewall)

open wifi – in 2018 none should access untrusted unsecured wireless networks anymore

wpa encryption – works with “handshake” to ensure trust between devices – wpa2 added advanced encryption standart (aes) – wpa2 is vulnerable: key reinstallation attacks – wi-fi alliance announced wpa3 with additional security features

public wifi – when accessing a wifi while shopping, your devices are redirected to a captive portal to accept policies and establish a secure connection

vpn – apps like nordvpn esablish secure connection to add another layer of security, browse incognito through the internet

business – could use radius protocol to check validity of authentification – further enroll client certificate via mdm to authenticate via 802.1x – aruba clearpass can check devices status in mdm to ensure security and trust at the entire cycle

rouge access – attacker can fake access points to start a man in the middle (mitm) attack, intercept your private data, for example this pineapple nano

ssl srip – a method to redirect traffic from https to http to force unencrypted transport – every passcode is unprotected, even it is shown as secure

secure-info.jpg

mobile devices management – is a way to protect company devices, e.g. disallow profile installation – but in a byod or mam-only scenario you can’t disable all features

mobile thread defense – mtd is for private and business devices, check behaviour and use ai to protect – like lookout as cloud service and additionally on device like zimperium, partners with mobileiron