Case Study 2009



About Investment Companies

Investment Companies - Education

Key Terminology



Identifying the IT systems technology, associated issues and impact areas at N and Q investments




Problems and Solutions - Meetings with Clients / Travel / Carbon Footprint


Issue as it appears in the case study booklet

Hector Byrne is an international fund manager based in Adelaide and is employed by N&Q Investments. His clients are predominantly multinational companies and he buys and sells shares to increase the value of their investment portfolios. Over the last decade Hector has developed a good rapport with his clients at face-to-face meetings, seeing a rapid growth in the number of his clients, which he believes more than compensates for the large amount of time he spends travelling.

In the last 6 months, N&Q Investments has opened new offices in Shanghai, Mumbai, Nairobi, Buenos Aires and Moscow, recruiting a number of employees to carry out duties similar to Hector’s. However, N&Q Investments is trying to reposition itself as an environmentally responsible organization and is concerned about its “carbon footprint” and the escalating travel costs, particularly with the need to train staff in the new offices. Following a number of senior management meetings, N&Q Investments is investigating a range of IT solutions to address this problem.


With the possible significant increase in staff travel, N&Q Investments is also investigating a range of alternatives to replace face-to-face meetings between staff in the established and new offices. The senior managers at N&Q Investments have proposed the use of video conferencing or virtual
meetings but Hector is concerned that the quality of the outcomes from these meetings may be compromised.




The current cost of travel

Research via the Qantas website

For N&Q Investments to maintain offices overseas it will require specific members of staff to travel to these locations on a regular basis to meet with current and prospective customers. With the head office in Adelaide, Australia, this will incur significant travel costs as the distance to be covered is relatively large regardless of where they are travelling.

For example, a trip to Nairobi, Kenya from Adelaide will cost in excess of AU $3,891.44 including economy class airfares, accommodation, care hire and average meal costs. Alternatively, travelling to Moscow, Russia another proposed location for expanding N&Q Investments would cost AU $4,802. These assume that the employee of N&Q is travelling business class and attempting to minimise costs wherever possible, however in reality this is rarely the case and therefore these form highly conservative estimates for the costs of travel, additional luxury items are also often purchased and consumed during business travel.

There are benefits to conducting business this way however. By travelling to meet with clients there is increased customer confidence and additional benefits which come with personal face-to-face interactions. Because of the type of business N&Q Investment conducts, dealing with people’s intimate funds, the reassurance of meeting the person who is in control of your money is highly valuable for N&Q Investments.

The environmental impact of N & Q doing business


If N and Q, for the purposes of creating a face-to-face meeting with clients, send an employee on an air flight, on top of the actual cost of the flight, there is a significant cost to the environment.

If N and Q investments send one employee on an airflight, from Adelaide to Buenos Aires for example, round trip, we can calculate the carbon footprint that is produced.

There are several sources of carbon footprint calculators available, and we can investigate several examples of flights that N and Q investments might undertake. Using the calculator found at http://www.carbonfund.org/Calculators

Based on the examples bellow, there is a significant impact on carbon emissions, considering these figures are for only one person, flying one round trip. If the central form of communication for N and Q investments is through face to face contact, it would require countless air flights to accomplish, due to the geographical spread of their clients.

Furthermore, some calculators have the capability to include “radiative forcing” in the calculation. Essentially, this includes an airplanes additional contribution to global warming, through the emission of water vapor in the atmosphere, which is found when flying at high altitudes, which is nearly always an issue with long international flights.

A study on business travel in Europe concluded that substituting 5-30% of current air travel by videoconferencing could avoid 5.59-33.53 million tones of C02 emissions annually. Similarly, in Australia, videoconferencing could avoid 3.4 million tones of C02 emissions, equivalent to 0.43 % of the country’s total.


Example One:

Adelaide to Buenos Aires:
15, 110 miles
7.34 tonnes of CO2


Example Two:

Adelaide to London:
20, 355 miles
9.89 tonnes of CO2


Face to Face Meeting Debate
When do we need face - to - face time?

Calculating Carbon Footprints

As Travel Costs Rise More and More Meetings go Virtual
Go Green with Virtual Meetings
WWF Research Paper on Using Virtual Meetings to Lower Carboon Footprint


Video Conferencing

One of the most effective technological solutions to the problem of extensive travelling is the implementation of a video conferencing system over the Internet. The reason that N and Q investments are an advocate for travelling to meet clients, is the quality of interaction between the client and the company. This is a form of customer service, which stimulates trust for the client, that their investments are being given ample attention. This is a much more formal form of communication and correspondence. Through the implementation of a video conferencing system, there will no longer be a need for extensive travelling, to maintain this human interaction for a higher customer service. This will reduce the need for employees to travel for the business, whilst still maintaining a high level of human interaction, in contrast to say correspondence via phone call, or email. However that being said, video conferencing is not entirely effective at conveying all subtle queues of human conversation, such as body language or eye contact. This could be incorporated at least to some extent in the operation of the company, where unimportant or non-urgent notifications between clients and the company could be made over video conferencing systems. Not only this, but the quality of their service may in fact be increased, due to the ability to conference call at any time and with great ease.

This video conferencing call could also be made between clients and the company. This would allow the company to monitor the employees more effectively. There are however, other issues, which arise with implementation of a video conferencing system, such as security of the transmitted data.


Desktop Video Conferencing - Using Skype



Skype targets businesses with new service

Microsoft Round Table



Microsoft Round Table Demo

Sony PCS-G50 Video Communication System



Cisco Telepresence - the next step in global meetings





Cisco Telepresence partnership with AT&T


What is telepresence?

Companies using video conferencing solutions:

external image aa8a5_rip-curl-logo.png Rip Curl

Rip Curl is a global surfing equipment and fashion manufacturer with over 3,000 employees across the world. They use Skype for text, voice and video communications.

Rip Curl’s designers and manufacturers are often located in different parts of the world (Australia, Asia, California, France…) meaning different time zones and different languages. Skype’s free video calling facility is regularly used to show designs, corrections, suggestions, patterns and ideas.

As Rip Curl grew across the world, it became increasingly more difficult to get hold of people from different continents and time zones. Brian Singer discovered Skype, and introduced a global company initiative for all employees to communicate using Skype for all text, voice and video communications. Standard Skype IDs were created as a matter of course for all staff, and now Skype is the sole internal communication vehicle, be it from across a room, across a beach or across the world.

Rip Curl's designers and manufacturers are often located in different parts of the world (Australia, Asia, California, France...) meaning different time zones and different languages. Skype's free video calling facility is regularly used to show designs, corrections, suggestions, patterns and ideas. Dummies and drawings are placed in front of web cams to show off new designs and to request changes, leaving no room for misinterpretation, while saving on international travel or lengthy written and verbal explanations. Also, fast file sharing means everyone on a conference call can be sure to have the right document in front of them at the same time - and again, it's all free.

Skype is used "on the go" by Rip Curl. Staff members attending surfing events and competitions can keep in touch with the office for free from their laptop, immediately updating their colleagues by sharing files, images and video.

As previously mentioned, Rip Curl straddles different time zones. Skype's presence means everyone can immediately see when their colleagues are logged on to their computer, meaning no wasted calls or lengthy voicemails to people who are in bed.

Rip Curl is all about "The Search" - for the next big wave, the next cool surfing hot-spot and the newest and best way of doing things. Skype means Rip Curl can take advantage of their teams' creativity and immediacy without having to worry about complicated processes and systems.

Rip Curl uses Skype Video Clip

external image deloitte.jpg Deloitte Canada

Deloitte professionals provide accounting, financial advisory, consulting and tax services to clients big and small around the globe.
Deloitte Canada is taking advantage of telepresence to enhance the productivity of its professionals, reduce travel time, save costs and be more environmentally considerate. Deloitte professionals throughout the world are increasingly relying on video and teleconferencing as a critical element of the firms' green initiatives. However, its video conferencing was underutilized because the image quality was poor; the connections unreliable and the technology was difficult to manage and awkward to use.

Deloitte Canada needed a reliable, quality multimedia-based solution with around-the-clock support. They needed a service that would offer them a complete, end-to-end, telepresence experience. Deloitte Canada deployed a Nortel Multimedia Telepresence Solution in its newest Toronto office. The system is easy to use for Deloitte professionals offering web-based reservations, gateways, pre-connected and configured conferencing, proactive testing and performance monitoring, recording and playback on demand and metrics reporting. Deloitte Canada plans to rollout the system to its other offices across Canada.

Results & Benefits

With telepresence, participants forget after five minutes that they are in a videoconference; - they can read body language and turn their heads when someone speaks. According to Richard Sullivan, National Director Business Services, "Participants can take part in a meeting with colleagues from around the world and still make it home for dinner! It’s efficient, cost effective and green." Adds Richard, "From a business services perspective, the fact that this is a fully managed solution means we can rely on a support structure that will do a test call in advance, ensure that everything is in place – my staff doesn’t need to have in-depth technical training and the participants simply walk in the room and join their colleagues."

external image GE%20Logo.jpg General Electric (GE)

The General Electric Company, or GE, is a multinational American technology and services conglomerate incorporated in the State of New York. In 2009, Forbes ranked GE as the world's largest company. The company has 323,000 employees around the world. In 2005 GE launched its "Ecomagination" initiative in an attempt to position itself as a "green" company. Amongst many of its activities GE provides financial and investment services in several countries around the world.

GE install groundbreaking telepresence room


external image teliasonera.jpg Teliasonera

Teliasonera are a Nordic telecommunications company who operate across Norway, Sweden and Finland. The following file detials their experience in using the Cisco Telepresence system:



Virtual Learning Environments

Proposed solution: in order to lower the cost of travel and the environmental impacts of such associated with training of employees at N&Q investments, the use of a virtual learning environment can be implemented.

Commonly used examples of online training through the use of a Virtual Learning Environment include Moodle and Blackboard

Examples of use:

Flinders university uses blackboard for some of their staff training and student learning
The Sydney Centre for Innovation in Learning use Moodle to construct online courses for Year 11 and 12 HSC students
The University of the Southern Caribbean use Moodle for online courses and training
The University of Cincinnatti use Blackboard - Video

The main benefit of using e-learning technology is the cutting of economic and environmental costs. The company HT2 provides a calculator that allows companies, or individuals to find the carbon footprint of their education and training. As an example, for 20 N&Q staff attending a conference in London, would cost the environment 96 tonnes of carbon dioxide.

This process does have draw backs. By purchasing a generic course program, the information provided may not be specifically tailored N&Q's specifications, or needs

Furthermore, by not using a person for direct interpersonal communication, the software package may not be able to answer questions asked by a pupil with a poor grounding: "the thing with the guy in the place" or browsing the course content will be far more difficult than just asking an instructor.

Video Introductions to Moodle





Problems and Solutions - Home Networks


Issue as it appears in the case study booklet

When Hector is working from home, he often needs to access the N&Q Investments WAN. He has found that he can connect his laptop to the Internet by searching for an available unsecured wireless network or he can use the broadband cable connection on his home desktop PC but on a number of occasions has left sensitive client data saved on the hard drive. Hector often finds that working from home causes a dilemma. He has to choose between using the unsecured wireless connection or leaving sensitive data on his hard drive and can only see the problem getting worse
as his teenage children will increasingly require the home PC. To resolve this issue Hector is considering creating a home network; however, his son has warned him that there will be security issues involved in setting this up and he must first address them.


Hector and many of his colleagues work from home on a regular basis. The company is concerned that many of the home networks set up by its employees are not secure and could potentially be a route that hackers would use to access sensitive customer information.

Setting-up a home wireless network

Video: How to set up a home wireless network

If Hector Byrne wanted to set up a home network he would need to ensure that DHCP was enabled on his modem or router.

Using Dynamic Host Configuration Protocol (DHCP)

Servers or Routers generally have static IP addresses as they are usually always connected to an Internet. However, when an client on the network wishes to connect to the Internet, they will need a temporary IP address for the time that they are using the Net. As a result your access provider (server or router will have Dynamic Host Configuration Protocol (DHCP) enabled to assign each client with an individual IP address from a pool of addresses each time they wish to access the Internet. When each client finishes their session the IP address that they use will go back into the pool of IP addresses ready to be re-assigned. Even if you concluded your Internet session and then re-connected you may get a different IP address to the previous session.

Typically a server or router is limited in the number of individual IP addresses that it can assign to clients in a network. However, new IP addressing schemes, such as IPng (IP next generation) are increasing the number of IP addresses that servers or routers can assign at any one time.

Thus the server, router or modem may have have an IP address such as 216.244.36 but an individual computer may be assigned an address using DHCP on this network giving it the following address 216.244.36.78

This video link explains how to enable DHCP on your router: Understanding and enabling DHCP



Key steps to securing a home network

Video: Protecting you wireless home network



Step 1 - Enable encryption on your access point. Using 128-bit encryption or higher makes your Wireless Network more secure. WEP and WPA are entirely different encryption schemes. WEP has been proven insecure and can be cracked in a few minutes using free utilities that can be downloaded from the Internet. Using at least WPA is recommended, because it is much more secure, but is sometimes a bit harder to set up correctly than WEP is, and isn't completely secure.

WEP

WEP stands for Wired Equivalent Privacy, a standard for WiFi wireless network security. A WEP key is a security code used on some WiFi networks. WEP keys allow a group of devices on a local network (such as a home network) to exchange encoded messages with each other while hiding the contents of the messages from easy viewing by outsiders. A WEP key is a sequence of hexadecimal digits. These digits include the numbers 0-9 and the letters A-F. Some examples of WEP keys are:
  • 1A648C9FE2
  • 99D767BAC38EA23B0C0176D15

WEP keys are chosen by a network administrator. WEP keys are set on WiFi routers, adapters and other wireless network devices. Matching WEP keys must be set on each device for them to communicate with each other.
The length of a WEP key depends on the type of WEP security (called "encryption") utilized:
  • 40- / 64-bit WEP: 10 digit key
  • 104- / 128-bit WEP: 26 digit key

WPA (Wi-Fi Protected Access)

WPA is a security technology for wireless networks. WPA improves on the authentication and encryption features of WEP (Wired Equivalent Privacy). In fact, WPA was developed by the networking industry in response to the shortcomings of WEP.


One of the key technologies behind WPA is the Temporal Key Integrity Protocol (TKIP). TKIP addresses the encryption weaknesses of WEP. Another key component of WPA is built-in authentication that WEP does not offer. With this feature, WPA provides roughly comparable security to VPN tunneling with WEP, with the benefit of easier administration and use.

One variation of WPA is called WPA Pre Shared Key or WPA-PSK for short. WPA-PSK is a simplified but still powerful form of WPA most suitable for home Wi-Fi networking. To use WPA-PSK, a person sets a static key or "passphrase" as with WEP. But, using TKIP, WPA-PSK automatically changes the keys at a preset time interval, making it much more difficult for hackers to find and exploit them.

Step 2 - Set the router access password. Anybody who gains access to the router configuration settings can disable the security you have set up. If you forget the password, most routers have a hardware reset that will restore all of the settings to factory defaults. The best option is to use a random sequence of the maximum length of characters - you only have to type that once, so it is not a big thing. When you connect to the router via LAN cable while setting it up, you can copy and paste the password onto the router and onto your local setting, so you never need to type it again.

  • Use a secure password. Don't use easily guessed passwords for your WPA2 or router access passwords, such as "ABC123", "Password", or a string of numbers in order. Use something hard to guess that contains both upper and lowercase letters as well as numbers. Special characters such as !@#$% are not supported by some routers. The longer the key, the better, although the WPA2 key has a minimum and maximum length. Try to make a little mental effort -- good passwords might be hard to remember, but they are harder to crack.
  • If you use a weak key then even WPA and WPA2 can be easily cracked within a day using a combination of special precomputed tables and dictionary attacks. The best way to generate a secure key is to use an offline random number generator or write the entire alphabet in uppercase and lowercase and numbers 0-9 on separate pieces of paper, mix the paper up and randomly pick up pieces and return them, mixing them up again each time; each character you pull out becomes a character in your key. You can also try throwing a pair of dice and using the resulting numbers as your password.

Step 3 - Change the Service Set Identifier (the network name or "SSID") from the default to something unique. A default SSID indicates to hackers that the network was set up by a novice and that other options (such as the password) are also left as the default. Use a name you can remember and identify, as the SSID has no influence on the security of your network (not even if you choose not to broadcast it).

Step 4 - Enable MAC Address filtering on your Access Point or router. A MAC (not to be confused with the computer model 'Mac') address is a code unique to every wireless networking card in existence. MAC Address filtering will register the hardware MAC Address of your networked devices, and only allow devices with known MAC Addresses to connect to your network. However, hackers can clone MAC addresses and still enter your network, so MAC address filtering should not be used in place of proper WPA2 encryption.

Step 5 - Disable the 'SSID Broadcast'. his would make your network invisible to your neighbors, any determined hacker can still sniff out your SSID

Step 6 - Disable remote login. The first router worm brute forces its way into the router in this manner. Most default usernames are set to Admin. It isn't hard for a virus/worm to crack the password if the username is known. The good thing is that routers normally have this disabled by default. Be sure to confirm that it is disabled when you first set up your router and periodically thereafter. If you need to update your router setting remotely, only set up access for the time you are going to be connected.

Step 7 - Disable wireless administrating. Finally, change the setting that allows administrating the router through a wireless connection to 'off' (meaning that you need to connect with a LAN cable for administration). This disables any wireless hacking into the router! (aside from breaking into your house!).

Using Anti-Malware programs and Firewalls to protect your home network



Video: How to use a Windows Firewall

Anti-malware software is designed to detect, destroy and prevent the presence of malware such as spyware and viruses on your computer. As these malware programs are constantly evolving and getting harder to detect and remove, the malware applications must also evolve to protect against these. Malwarebytes’ Anti-malware software uses advanced heuristic scanning technology to keep a system safe, and also offer users a ‘threat centre’, which offers users information on the latest malware threats. This software is very cheap, at only $24.99 for a single user version, and updates for the software can be downloaded from the Internet once it has been bought.

Another security measure to protect against malware is to put a firewall in place in your network. A firewall is a piece of software that can block malware, preventing it from scanning your computer for weak points in an attempt to break into the system. Firewall’s can be set up both on an actual computer or on the wireless or wired network router. A challenge for these Firewall applications is distinguishing between malware and legitimate software. This is done by the firewall being programmed with a list of safe software to check, malware to block, and a dialogue box which pops up asking the user what to do in other cases. Norton Internet Security is a popular brand of firewall software which includes anti-virus and anti-spyware capabilities.

Another type of firewall, a hardware firewall, can also be installed in a network. This firewall sits in between the modem and the computer or network and uses “network address translation” (NAT) to hide the computer from the Internet so it can not be seen by hackers. An example of a hardware firewall is ZoneAlarm Secure Wireless Router, which enables secure wireless communications and intrusion detection.



Further information

How to protect your wireless network


Problems and Solutions - Working Remotely


Issue as it appears in the Case Study booklet

When working in the different N&Q Investments offices, in hotels or at home, he is required to have access to the records of clients, which are held on network servers and accessible via a WAN. When he has to make sales, purchases or fund transfers on behalf of his clients, it must be done instantaneously. Consequently Hector has to maintain contact with colleagues and clients at all times, which requires the use of wireless networks that can be accessed via hotspots at airports, hotels and other public places. When operating using a wireless network Hector is concerned that correspondence between him and the Head Office or any notes he makes about clients for his personal use should remain completely confidential.

There are issues about the levels of security of the wireless networks in some of the locations he uses. In some cases the network is unsecured and requires no username or password. Other networks, for example in airports, do not change login details for long periods of time. In some hotels, connecting to the network requires either so much time or the level of security appears so low that Hector questions whether it is a valid use of time or it creates an unnecessary risk to the confidentiality of company information. Therefore, he works offline and moves company information between his laptop, his home PC and his personal hand held device. He then sends the information by e-mail to colleagues and clients.





Technological Background

IT SYSTEM
WHAT IT DOES (Benefits for N&Q)
HOW IT WORKS
Wireless networks / Hotspots
- Individual users do not have to purchase a connection to the internet.

- Everyone has equal access.

- Internet usage can be monitored by the company.

- Establishing a network allows employees to work from outside the office and take a personal computer with work on it to and from work.

- Allows other technologies such as video-conferencing to work
- Wireless network supplies internet access to users within a range of 100-300 feet.

- This range is known as a ‘hotspot’.

- Must have wireless base-station (router), and a web server that runs the network.

- Users can access the network when they are in a hotspot by logging in using a password.


Problems
Solutions
Hacking and loss of sensitive data: wireless networks are often unsecure and any transactions made across these networks may be intercepted
- one solution is that Hector could purchase a 3G Wireless Broadband Modem, which would mean he doesn’t have to connect to hotspots and thus transactions completed over this network can be done more securely.

- Alternatively, Hector could use a Secure Socket Layer (SSL) to browse the internet and complete transactions so that his client’s data is not at stake.

- Another solution would be to use Wireless Encryption Technologies. One such technology is known as Wired Equivalency Privacy, which is a security protocol for wireless networks.

- A Virtual Local Area Network (VLAN) could be established between Hector and his business associates. Computers in a VLAN communicate and operate as if they were in a standard LAN network, regardless of their geographic location.
Reliance on IT systems – possibility for malfunction of the network, or server downtime: (particularly important if the network is being used for video-conferencing or important transactions)
This will always be an issue, but using current hardware and software, and keeping up-to-date with relevant updates to these technologies can help reduce the possibility for malfunction.

Server downtime, a period in which the server is not active and this the network is not wither, can be prevented by setting up real-time, live mirror servers and making regular back-ups of servers.
International Airport Wirless Access Guide
Wireless Security Risks in Airports

Cost of Wireless Internet, and their security issues


Generally, the cost of WiFi in airports, is based on the total number of users who access the point every day. The cost of using WiFi within airports is determined by the total cost of installing the infrastructure, being paid off over a shorter period of time.

For example, the airport in Sacramento, will spend over $110,000 to install around 12 wireless access points, and will cost 35 users a day $6.95 (Fleishman, 2003). However, this cost will get lower, as more users access it. Other airports have decided to provide free Internet to airport users. This is because there would be an extreme number of people going through airports each day, and due to the high volume of customers, the price per users becomes very low, in the region of cents per day.

However, many airports choose not to offer wireless Internet for free, and for this reason, some airlines have began to provide wireless internet, such as the airline “Qantas” in Australia. In Australia, wireless Internet is not free and the Qantas airline has created the “Qantas Club.” If a user were to join this type of club, they receive wireless Internet in many airports across the world, which has a Qantas lounge, which are relatively widespread, wherever Qantas or British Airways flights operate. For one individual, this will cost around $775 for one years worth of access (Quantas, 2009).

Hotels have also begun to offer wireless Internet to customers who stay the night. However, the number of people who will use the service, in comparison to an airport, is much lower. Furthermore, the time that users in an airport spend using wireless comparably is much shorter than in a hotel. People staying in a hotel are likely to use the internet over night, for every night they stay at the hotel, whereas users in an airport, are likely to board flights and never return, resulting in a one time use of anywhere from 1 to 8 hours. It is for this reason, that the cost of Wireless Internet in a hotel is very expensive. Research has found, that five star hotels with Internet access, charge as much as $19 an hour (Beaumont, 2009).

In addition to the exuberant cost of using a WiFi network within a hotel, there is also a significant security risk. With any wireless network, there are two main security flaws in it’s use. Firstly, there is a risk of the network itself coming under attack. This will allow hackers to eaves drop in on webmail sessions (Raywood, 2008). Secondly, the information that is being communicated wirelessly may be intercepted and read. One common form of intercepting information through wirelesses internet, is what is called “Packet Sniffing.” When your computer sends any information across the Internet, it is first broken down into smaller pieces known as ‘packets’ which are sent and reassembled at it’s destination. Any computer in range of your wireless connection, can receive these packets as it is travelling wirelessly and can read the information if it is not encrypted (Geier, 2006).


Bibliography
Beaumont, C. (2009, January 29). Travellers 'ripped off' by cost of Wi-Fi access, says study. Retrieved October 21, 2009, from The Telegraph: http://www.telegraph.co.uk/travel/travelnews/4384510/Travellers-ripped-off-by-cost-of-Wi-Fi-access-says-study.html

Fleishman, G. (2003, August 15). Sacramento Airport's Wi-Fi Price Tag. Retrieved October 21, 2009, from WiFi Net News: http://wifinetnews.com/archives/2003/08/sacramento_airports_wi-fi_price_tag.html

Geier, E. (2006, May 11). WiFi Planet. Retrieved October 21, 2009, from Wi-Fi Security Issues Up Close: http://www.wi-fiplanet.com/tutorials/article.php/3605601

Qantas. (2009, October 21). Lounge Locations. Retrieved October 21, 2009, from Qantas: http://www.qantas.com.au/travel/airlines/qantas-club-lounge-locations-africa/global/en

Raywood, D. (2008, October 13). WiFi in hotels provide security risks to users. Retrieved October 21, 2009, from SC Magazine: http://www.scmagazineuk.com/WiFi-in-hotels-provide-security-risks-to-users/article/119378/

Wireless USB Modems

Wireless Internet USB Modems are provided by a number of Mobile Phone networks and offer wireless connections to the Internet via the Mobile Phone GSM network. These often come on a plan which includes the cost of the hardware required to give access to this technology. The provision of this wireless Internet connection can cost between $39 per month (3 mobile) to $89 per month (Telstra) for a standard 5GB plan.

These wireless Internet USB modems allow users with a computer and mobile phone network coverage access to the Internet. This allows the user to send emails, and access their own VPN’s in almost any physical location.

There are however disadvantages of this form of connection. Firstly, it offers a variable speed which depends upon a number of random factors, but is always comparatively slower than a wired connection. Furthermore, the cost is dependent upon the coverage of the phone network. When moving outside the coverage of the phone network data can still be accessed through this technology at an elevated price, this is offered between $0.25c per MB (Telstra) to $0.50c per MB (3 Mobile). These costs are also incurred for downloads beyond the limit of the plan purchased. These charges must be considered when assessing the use and the cost of the plan required for the specific application.


Secure Socket Layer (SSL) Applications

Secure Socket Layer has become an industry standard encryption method for enabling secure communication sessions over an unprotected network, such as the Internet. The SSL protocol establishes secure connections at both ends of the transmission using a handshake protocol, encryption keys and a digital certificate, ensuring the privacy and integrity of the data that client and server applications exchange.

SSL is comprised of two protocols: the record protocol and the handshake protocol. The record protocol controls the flow of the data between the two and points of an SSL session. The handshake protocol authenticates both end points of the SSL session and establishes a unique symmetric key used to encrypt and decrypt data for that SSL session. A digital certificate can be assigned to each of the end points of the SSL session. This certificate contains a public key to identify it as an authentic server or user, and the other end point with which it is being authenticated must prove that it has the private key associated with this public key before the transmission is conducted.

SSL technologies are most commonly applied to Web browsing and email applications. Browsing the web over a secure socket layer ensures that spyware and other malicious attacks on your computer are prevented. A program called CubeCart can enable a user to easily configure their browser to run using
SSL in order to ensure security of sensitive data such as credit card numbers can be sent to a company when using the Internet.

In terms of email, it ensures that only the intended persons receive the email, and its transmission and the integrity of its data are ensured. SSL plug-in applications such as EasyMail.net provide business standard SSL services, allowing secure connections between client server and client to client transmissions.

Business Messenger from Concentric helps information workers communicate more easily in real-time without the security risks associated with the a public chat service. Business messenger communication can be restricted to just employees in your organisation, ensuring the organisation’s information is not leaked. All communications are SSL encrypted which promises a security level and integrity of data similar to online banking.

Virtual Private Networks (VPN's)

A technological overview of VPN’s, the technologies associated with them, and the encryption & security protocols used can be found at Microsoft VPN Overview

For N&Q Investments this serves as the ultimate solution to remote access & home networking issues. The use of a VPN tunnel allows for data to be streamed directly through the internet via an encrypted tunnel. This encrypted tunnel requires client certificates on 802.11x both ends of the tunnel which provides security form man-in-the-middle attacks in addition to the standard set of network attacks. However this solution can not protect against end-user stupidity so if the end-user decides to copy all of their data onto a publicly accessible folder on an unsecured network then there is not an awful lot that the IT administrator can do to stop this. However, the solving of the home network issues and general remote access issues makes this a viable solution.

In order to increase the viability of this solution however, this should be coupled with application & desktop virtualization. Application virtualization allows for all applications to be opened in a secure window on an Microsoft™ App-v™, Citrix™ Appserv™, or Microsoft ™ terminal services™ application mode to connect a remote user to an application that is run on a single, or farm of servers. This isolates the application from vulnerabilities as it is protected by both an encrypted VPN and then a protected virtualization layer which allows for the user to only see what is going on and interact with the data on the server, not add data potentially containing malicious or unwanted code onto the server. This protects the integrity of the data, increases its reliability, and protects the security of the critical network :)

external image ssl-vpn-diagram-biguard-otp.gif


Example of working remotely using a VPN and Firewall solution - Bankpime

Bankpime have implemented the StoneGate platform (combines a firewall and a VPN) to protect its data and remote connections.


Bankpime (Banco de la Pequeña y Mediana Empresa, S.A.), a banking organisation designed to cater for the needs of small and medium-sized businesses (SMBs), was founded in Barcelona in 1978. Since then, it has also provided specialist banking services for individuals and families, as well as offering insurance packages to cover the most common risks associated with modern lifestyles. This means that the bank’s product range focuses on ensuring maximum return on savings, and supporting customers with loans and credit with help purchasing their homes and all types of goods and services (cars, home improvements, holidays, specialised medical care, etc.).

Bankpime implements Stonegate solution
About the StoneGate Firewall / VPN

Example of working remotely using a VPN solution - Transcend Services Inc

Transcend Services, Inc., (NASDAQ: TRCR) is a leading provider in delivering Web based medical dictation and transcription services. Using Internet based technology and a network of 300 home based medical transcriptionists, the company serves a nationwide customer base of clinics, hospitals, and integrated delivery networks. The company currently has over 25,000 registered physicians using its systems.

Due to the sensitivity of the data being transmitted---patient medical records---Transcend had to incorporate an encryption solution that would meet federal Health and Human Services (HHS) guidelines and healthcare privacy standards recently established under the new federal HIPAA (the Health Insurance Portability and Accountability Act).

HIPAA's privacy regulation requires that an organization ensure that patient data is kept confidential and seen only by authorized personnel---even after it has been transferred to an outside entity like Transcend.


The encryption solution Transcend Services chose was based on the Ravlin® hardware based VPN product line. According to Walsh, Ravlin had both the hardware and software they needed in a complete out­of­the­box solution. Walsh also liked the fact that Ravlin was an industry leader from whom other security vendors purchased products. Ravlin 10 is a device you can install on your network to encrypt and decrypt traffic over your WAN links. You must place a unit at each site where you want to send or receive encrypted information. The units use full 56-bit Data Encryption
external image grey_loader.gif
Standard (DES) and 112/168-bit triple DES encryption to ensure data privacy. For authentication and access control, the units use the Digital Signature Standard (DSS) and X.509 digital certificates.

Also, unlike other vendors, SonicWALL had robust channels in place insuring availability of the Ravlin devices. Ravlins are currently installed at all of Transcend's customer sites, currently 40 hospitals and clinics throughout the country. Transcend's staff of 300 transcriptionists use RavlinSoft, a client software tool, to help insure secure VPN connection when they connect to the Atlanta hub. SonicWALL provides integrated hardware and software VPN packages that ensure the privacy of information as it is transmitted across public and private networks and provides managed access to corporate resources.

The Internet based VPN solution has brought Transcend Services better margins due to eliminating the large overhead associated with operating ten offices. Transcend's telecommunications expenses is one item that has been significantly reduced. "We went from monthly bills averaging $120,000 to our current bill of $30,000," notes Walsh


Extracts taken from Transcend Services relies on Ravlin security solution to ensure confidentiality of patient data over the Internet

Problems and Solutions - Compatibility


Issue as it appears in the case study booklet

With the new organizational structure, Hector is now the line manager of Betty Gonzalez, who is based in the new Buenos Aires office. Betty will carry out duties similar to Hector’s and has been provided with a laptop computer by her local office. Unfortunately, Hector has found that her laptop has different specifications and uses different versions of software. Hector and Betty are both concerned as this will potentially cause problems in sharing and editing documents.


With continued growth, issues are arising such as the lack of compatibility between Hector’s and Betty’s laptops, so the company is considering commissioning a report from a specialist consultancy company to evaluate emerging issues relating to company practice and policies, security and data integrity.

Solutions

Due to the competitive nature of computer industries, there often arise incompatibilities to keep people from buying other kinds of software or hardware. This does create issues for people who use one form of IT technology, and wish to give something to a person using a different form, this is particularly common with operating systems and the associated file types created with programs for the different OS’s.

In regard to the case study, two employees for the same company use different computer operating systems and cannot share files effectively. Below are some possible solutions to the problem:

Policy on Hardware and Software Purchases

This may include centralised purchasing control i.e. the purchase of hardware in the organisation is left with one individual or department.

Example policy statements:

University of Washington, USA -

Georgia Southern University Technology Purchasing Policy


Buying software that does not have backward compatibility issues


In technology, for example in telecommunications and computing, a device or technology is said to be backwards (or downwards) compatible if it allows input generated by older devices. A standard, for example a data format or a communication protocol, is said to allow backward compatibility, if products designed for the new standard can receive, read, view or play older standards or formats.

NOTE: Some companies deliberately do not make software backward compatible in order to encourage people to move to the new version and therefore more profit for the software company. Although many will make something not backward compatible if they wish users to move forward with the technology being used.

The most recent example of this is with the Office 2007 suite. The Office 2007 Suite has adopted an Open XML-based file format that cannot be read by the previous versions of Microsoft Office (such as Office 2000, Office XP and Office 2003). If you have Office 2007 and you save a file in Word, Excel or Powerpoint, it will (by default) save to the Open XML-base file format. As a result, previous versions of Microsoft Office (such as Office 2000, XP and 2003) cannot open the document. You can change the Office 2007 defaults to prevent backward compatibility issues; however, it is apparent that it is Microsoft’s vision to push this new file format and for good reason(s). The Office XML Formats are designed to be more robust than the binary formats; and, therefore, helps reduce the risk of lost information due to damaged or corrupted files.

The introduction of the new file format is truly a good experience and will ultimately be of great benefit; HOWEVER, I have already experienced and seen problems where the people (including businesses, government agencies, educational institutions) are not adopting the file format standard and it is causing cross platform compatibility issues between Office 2007 and the previous versions of Microsoft Office. What this means is that the people, including the IT people, are not aware and educated about the new file format standard.

To address this problem, Microsoft had to release a Compatibility Pack, which users needed to install.

Version Control of software can be achieved throughout the company through policy and the implementation of a Software Asset Management (SAM) solution from Microsoft

Version control can be achieved through Software Asset Management (SAM).

Software Asset Management (SAM) is a best practice incorporating a set of proven processes and procedures for managing and optimizing your organization's IT assets. Implementing SAM protects your software investments and helps you recognize what you have, where it's running, and if your organization is using your assets efficiently.

SAM is the control of both software licenses and software versions. Version control is where the updating of software is locked out of users control and only pushed through an IT Administrator. This is done usually through a centralized management software package that is deployed on key servers throughout the network. The best example of this is the use of Microsoft™ System Center™ products. These products allow for IT Administrators to deploy updates and software products while blocking other people from deploying applications and this protects the network from issues and backwards compatibility problems as the entire network updates at the same time.

This benefits N&Q Investments as the use of version control will remove any incompatibility issues with the network as all computers are using the same version of both native windows™ software in addition to third party applications, and line of business (LOB) applications. This also means that any backwards-compatibility issues are resolved as the entire network moves forward at the same time, also reducing issues with data integrity over database and file connections. The only disadvantage of this is that the computers must be directly connected or connected via a VPN to the network. However, when sensible solutions are utilized and data intensive applications are used the data is stored on the server anyway so this does not make any difference to the effectiveness of the solution.


Education


By communicating with the people they wish to share the document with, Hector and Betty can choose what file format to create the documents in, supposing this feature exists in the software used File conversion, by obtaining a file converting program, or an online file converter such as zamzar, the document can be converted when given to each other and their co-workers. Using file converters seem to be one of the better ways, however, there always exists the risk of loss of quality of a media file, corruption of a document etc. as well as a risk of security of using an online file converter.

external image zamzar.png


Each solution has short comings which vary for each proposed action. By assimilating all users to one form of technology, if the replaced systems has benefits for a particular area and is a better choice to use in a particular role, the efficiency or the quality of the task diminished. A common example of this is the usual assimilation to windows based computers, while Mac computers have pronounced benefits in design and media editing.

Standardising the file formats used at N & Q Investments e.g. PDF's

A good solution is to ensure that all files are sent a PDF's. Free PDF readers are available such as Adobe Acrobat Reader, which all people at N & Q investments could install on their computers. Adobe Acrobat Reader is a good cross-platform application software suitable for both Mac and PC.

The problem always comes in editing the PDF's, which is not easy unless you have the source file, which may have been created in Word. Pages, Publisher etc, which may not be compatible with your computer. The company could purchase Adobe® Acrobat® 9 software, you can work directly within a PDF document to implement minor changes. Easily add or replace text and make changes to color, word spacing, character spacing, and text size. You can also move or edit objects such as images and tables. You can also save the document in Word format for further editing.

While PDF's work for more text based documents, they do not solve the problem when working with spreadsheets.

Educating people at N & Q Investments about compatibility

The education solution has drawbacks in that this ability may not be available to every instance of this problem, and if this was the problem. Similarly, not every person who will be to collaborate on a project will necessarily be known, and there may not be a single file type that can be concluded on being suitable for all parties.


Virtualisation

external image vmware_virtualization.jpg






How server vitualisation works



Cloud Computing




Cloud computing ascends the mainstream
What Cloud Computing really means
Business Week - Computing Heads of the Clouds
Definitive guide to cloud computing - Video
Why cloud computing is the future of mobile

Problems and Solutions - Using PDA's, Cell Phones and Laptops


Issue as it appears in the case study booklet

He [Hector] works offline and moves company information between his laptop, his home PC and his personal hand held device.
The company is aware of the problems that arise when employees use multiple devices such as laptops, PDAs and cell phones, which could lead to numerous different versions of the same document as well as the possible theft of these devices.



Currently the most common methods for group document (any kind of document, whether it is a word processor file, source code, etc) creation are to either write a portion of the document and pass it along (usually by email), or to have a shared directory where everyone reads and writes the document. This requires that everyone that is to work on the document has either access to the shared directory, or has access to email and everyone's address (neither of which are a great problem now).

There are two problems with this approach. The first is that it is hard to manage the amount (or lack there of) work that is put into the documents, and that everyone must use software that has filters that can read all of the documents that everyone creates. Even if one particular piece of software dominates, it is seldom that everyone has the same version (and if you do in your business, then count yourself very lucky). Even if everyone has the same software, anyone that has worked with users can confirm the problems of people sharing documents written with different versions of the software, let alone different software, or even the same software on different operating systems. Often problems such as these only show up after continued use (although sometimes they show up at the start).

Synchronisation

A solution to the storage of information on multiple devices is a concept called synchronisation, in which data on a number of different devices is synchronised as to maintain its integrity and ensure it does not become redundant. Synchronisation means that when data is changed or modified on one device, these changes are included on the other devices as well. A simple of example of data synchronisation is synching an iPod with iTunes on a computer, which means that whenever new songs are added to your iTunes they are also added to your iPod.

MobileMe

external image mobileme.png

More complex data synchronisation techniques involve changes being able to be sent both ways, from client to server and server to client. One of these technologies is a service called ‘Mobile-Me’ which is available for iPhone and Mac computer users. Mobile-me encompasses a number of features, including storage capabilities, Push mail capabilities, synchronisation of address book and calendar, and password protected file sharing. Even things such as Safari bookmarks can be synchronised between two computer, for example, home and office, to ensure the same working environment at both of these locations. One of the problems with Mobile-me is that the network traffic is not encrypted, and thus is vulnerable when transmitted across the network. This can be a problem particularly for people who use publicly accessible Wi-Fi hotspots.

MobileMe Quick Tour

Microsoft Direct Push Technologies

Another solution for data synchronisation is to employ an exchange server. An exchange server can undertake many functions, containing push technologies to ensure the same data is sent and to every device in the network. When information is received by the exchange server, it makes a copy and then immediately pushes the information out to the other devices. This is different from Mobile-Me, which schedules when the information is synchronised or has to be told when to synchronise the information. Exchange servers are particularly used for email synchronisation.

What does Microsoft Direct Push Technology do exactly?

Microsoft Direct Push Technology requires two essential components: An enterprise mail server running Microsoft Exchange Server 2003 with Service Pack 2, and mobile devices running Windows Mobile with Messaging and Security Feature Pack (MSFP).

With the two components installed, Exchange Server uses IP-based notifications to instantly deliver e-mail, contacts, calendars and tasks updates to mobile devices the moment information arrives in your server. Because Microsoft ActiveSync tightly integrates your Windows Mobile-enabled devices with Exchange Server, your organization doesn't need to deploy a middleware solution or require a network operations center to relay data.



Theft of mobile devices


“Think about what resources these people have access to from the phones,” says Tom Cross, security researcher for IBM ISS X-Force. “These folks will have VPN clients where you can get into the corporate intranet and there have been cases in the past where people have actually written back doors that will run on the phone that allows a bad guy to connect from the Internet through the phone into your internal network. That is a risk you want to manage.” Organizations need better control over the devices that connect to their networks if they want to keep a tight reign over corporate data, Cross says. This means taking a proactive role over mobile devices and getting the organization to sponsor the purchase of a uniform set of devices within the enterprise.

One issue with storing information on multiple devices is the consequences of theft. Many mobile devices are small, and easy to steal. Items such as USB’s iPods and mobile phones are very alluring to the common thief. If a user is highly dependant on their mobile devices, it can be particularly devastating when the information stored on these devices is lost. Furthermore, information that is stored on these devices can be highly sensitive information about the owner. Whilst it is very difficult to ensure the security of the device itself, there are several solutions, which can reduce the impact of losing a device where information is stored.

Safety on the go


10 Best Practices for Mobile Device Security

1. Choose your device carefully

Not all devices are created equally when it comes to security. For example, iPods are built for general consumers not as concerned by security and is therefore less inherently secure than a BlackBerry device designed for enterprise users. Business should try to get mobile devices that have the best possible control and security on them and then use those mechanisms.

2. Turn On Encryption

Enforce or even set policies mandating the use of device encryption on mobile devices.

3. Require Authentication

Turn on device authentication. A survey released by Credent Technologies in September 2008 found that in just a six month period more than 31,000 New Yorkers left behind mobile devices in a taxicab. The fact of the matter is that these devices are just too easy to lose to go without proper authentication. And yet, most enterprise users don’t use the password function on their devices.

Another effective solution is to implement a two-factor authentication process on the device. This would be a combination of something like, a passkey as well as a finger print scan, or a key card scanner on the device. This combination of two authentication methods will decrease the ease in which someone can access the information on the device. If the device becomes stolen, the thief may not be able to gain entry to the device, and as a result just abandon the device. A method to increase this security even further is perhaps through Biometrics, which uses a user’s physical features such as voice pattern or fingerprint, in order to secure the device even further.

Mobile devices rely on biometric technology

4. Utilize Remote Wipe Capabilities

Another solution is the use of remote wiping on a stolen device. Remote wiping allows the user to remotely send a command to a mobile device, which will completely erase all stored information. This is generally done through an exchange server, and the benefit is that it allows the user to erase potentially sensitive information on a stolen device (Microsoft, 2006).

It is not good enough simply to have remote wipe capabilities. Organizations also need to have a procedure set for users who have lost their devices. Make it easy for them to call IT to alert staff that a device has been lost by setting up a direct line and publicize the procedure for IT notification in such an event.

6. Control Third-Party Apps

Smartphones are so dangerous because they are essentially miniature computing platforms that can accept any nature of third-party applications. Cross recommends limiting the installation of unsigned third-party applications to prevent the bad guys from requisitioning control of your devices.

One solution is the use of what is known as ‘Anti-theft’ software. This is software, which is installed on the mobile device. It allows stolen devices to upload information regarding it’s location and other forensic information which will help recover the device, whenever an internet connection is found (Solutions, 2007).

7. Set Unique Firewall Policies

Enterprises should set up unique firewall policies specifically for traffic coming from smartphones. Smartphone users don’t necessarily need access to every bit of data on the network, so it makes sense to limit exposure by only offering access to the types of data they need. Many browsers on smartphones are made for browsing financial databases etc, so it doesn't make much sense to make the database available to the smartphone user.

8. Use Intrusion Prevention Software

There are many mobile security software packages available these days Mobile Security Software Review

9. Keep an Open Mind About Anit-virus software

With a growing number of mobile smartphone users it can only be expected that viruses will soon begin to surface. Paying attention to virus developments and new anti-virus software is essential.

10. Shore Up Bluetooth

Bluetooth capabilities on today’s smartphones may make it easy to talk on a hands-free headset, but they’re also a target for hackers, who can take advantage of its default always-on, always-discoverable settings to launch attacks. In order to limit your exposure, US CERT recommends that users disable Bluetooth when it is not actively transmitting information. It also suggests switching Bluetooth devices to hidden mode. Organizations can limit exposure by making this company policy.

The Bluetooth Hack