Be wary when traveling

🛩 🚎 🚆

During this holiday season, people will travel by bus, boat, car, or plane to visit friend and family. While this is the time to turn off work and re-charge your batteries not everyone is afforded that luxury. If you are not afforded that luxury or feel so inclined that you need to use a work or personal device while in such a public space, please use your devices with caution.

Public spaces are precise as stated public. Many people hop on public wifi

  • Airport
  • Bus
  • Train
  • Coffee Shop

First I will address working in these spaces. If possible just don’t do it. The risk associated with connecting to the wrong network, someone shoulder surfing your screen, Laptop or Tablet are high. A simple glance by a stranger they could see a confidential email, spreadsheet, or presentation. While most people are just curious and harmless, traveling themselves to see family and friends, because you don’t know the people involved why risk leaking data accidentally. If you must work, there are mitigation’s to help keep your company and personal data safe.

  • VPN
  • Privacy Screen
  • Adjust Screen Brightness
  • Limit work/browsing session

Virtual Private Network(VPN) is a critical piece of software to ask your IT department to implement or for access if you travel. At a high level, a VPN will help provide encryption of data leaving and coming to your machine. This is important because VPN can make it harder for a malicious individual to view information going or coming into your device.

A privacy screen will help reduce the shoulder surfaces from viewing your screen. Privacy screens make your screen hard to see from certain angles. A privacy screen will not protect every viewing angle but will protect most. Computers today are smart enough to adjust the lighting of your display in comparison with the ambient light in the room. While this is great when you are at home or in the office, dimming your screen will reduce a person’s ability to eavesdrop on your screen.

Keeping your brightness at 50% or less will help protect you. Lastly, limit the type of things you work on in public. Can the presentation about financials or HR related topics wait until you are your destination? Think of the fallout of having someone report seeing that information to your company or worst the media.

Non-sensitive email or research/searching are some of the items safe to check in public places. Meaning checking out without logging into your account, or for sports news without logging into your account. Never log into any service while on public wifi. Lastly, not managing payroll, updating Github repos, checking bank statements are particular items to skip while traveling or on untrusted networks. Finally, as safe browser tip is ensuring all websites you visit are HTTPS. While HTTPS does not guarantee a website is it safe it is better than visiting any site that is HTTP. HTTPS Everywhere, by the EFF, is a great tool to help with this.

There are multitudes of other items that you could do to keep yourself safe. But the things I have listed out are just a start. Don’t have someone looking at your sales pitch, potential client list or talking points, or access to any financial information during this holiday season.

The light amount of information I have provided is helpful to a point. Choosing a VPN service or privacy screen can be troublesome. I will say I am a fan of 3M privacy screen with tabs. Tabs allow you to remove the privacy screen at your leisure, say sharing a screen during a meeting or once you get to your final destination. A VPN service is a bit more challenging. There is a multitude of things to be worried about with VPN, where are the servers located, are they really encrypting your data, how many devices can I use, connection speed, plus a plethora of other topics. I do not have a suggestion, but I will say it never hurts to do a bit of light reading:

Articles for reading:

Safe travels Cheers✌🏽

PSU Macadmins Conference 2016

PSU MacAdmins is a great conference for MacAdmins across the world to come together to talk about issues that are happening in the Mac world. This year I have the privilege to speak at the conference on a topic that I have blogged about previously Packet Firewall (PF). The talk is similar to the one I gave at MacTech 2015, with updated slides and an example of how to use the ELK stack (Elastisearch, Logstash, Kibana) to build a dashboard of pf.log data. Visualization provides a quick glance at pf data or can provide enough information to determine how often an IP address are hitting all of your clients. Here is the slide deck. 

How Packet Firewall (PF) Can Protect Your Enterprise(PSUMac 2016)


JNUC 2015 - Day 3

On Thursday was the last day of the JNUC 2015. There were quite a few talks lined up along with a couple of panels. The talks that grabbed my attention were:

  • Integrating & Automating Your Help Desk Ticketing
  • Security Matters: Making Infosec Your Friend
  • Simplifying Complex Management Infrastructures
  • Security Panel/VPP & DEP Panel

There were a multitude of other talks that grabbed my attention but alas I can only be in one place at a time. Integrating & Automating Your Help Desk Ticketing was an interesting talk. The takeaways from this talk were:

  • Develop Automation
  • Automation is proactive when done right
  • Use APIs from Casper and your Ticketing system

I had a few conversations with people about this talk and some have done this an automated even further. They assign the ticket to an technician with all the appropriate information, so there is no need to decide who will complete each newly created task.

The infosec talk caused many users to think differently about how you deal with your infosec team. At times Macadamias only think of things in terms of what we need to do in order to patch or repair a machine. If you talk or create a relationship with your infosec team you will learn about their worries or concerns on OS X.

  • Spotlight EULA, which sends results to Microsoft BING
  • Bluetooth Vulnerabilities
  • Setting EFI Password to protect machines
  • Using FileVault
  • Adobe FLASH
  • Web Browsers, keeping them up to date
  • Network Layer Attacks

By having open conversations with your infosec team you can collaborate, reduce frustrations, and provide a more secure environment for your users and employer.

Simplifying Complex Management Infrastructure provided great examples of how you can take your environment no matter the size and manage it using the Casper Suite. That is management of OS X servers and knowing all the information about what is installed, Software Updates, or updating software. OS X admins have servers located in many locations and sometimes basic updates from OS X server are not enough. The Casper Suite can provide inventory information and can automate server management tasks.

I hoped between both panels but they provided great information about each particular topic. People were able to submit questions via JAMFNation, Twitter, or in person via a JAMFer. The twitter hash tags are:

  • JNUCSecurity

Lastly, the conference ended with a wrap up session where people talked shop, said their goodbyes, and finished their conference questions for speakers. It was a great time in Minneapolis for the JNUC. Can't wait for next 2016.