Category: Security

Work from Home Securely?

CTM Techs response to changes in our modern workforces

Over the past 5 years or so, the modern workforce has been moving towards allowing users to work from home. The lowering cost of bandwidth, improvements in VPN capabilities and of course cloud computing like Microsoft 365 allowed this.

But there has always been security concerns that need to be addressed. Enter CTM Tech’s Zero Trust Network

Lets look at the COVID-19 scenario for remote users:

Your Companies HQ – where most your workstation VPN terminates. This previously supported your ‘occasional work from home user’ and the 30 users within the office. It is now hosting the gateway for your entire workforce. Interface bottlenecks as all your users traverse across your infrastructure to reach their respective offices. VPN licensing woes as the occasional user you had planned for has turned into everyone. Its no surprise that ISPs are reporting a 50% Spike in data usage

In addition to this, there is the security concern of what that was once sat behind that big expensive corporate firewall. Is now sitting behind a consumer grade router. As a result of the bottleneck issues, you’ve now allowed machines to go out directly to the internet instead of controlling it from your HQ.

Now we have company laptops, on home networks mixed with other foreign devices. Possible Viruses/Malware lurking. Or perhaps someone malicious has already infiltrated the network and has been waiting for that perfect moment: A device that has an connection straight through a firewall onto your corporate network and access across all of your sites.

Even after covid – work from home will be a long time ambition

We only use cloud based software, we do not use VPN

The principal of the unsecure home network still remains even if its not the corporate VPN tunnel that can be exposed. A corporate device that has access to data in any shape or form. The possibility of a malicious actor exploiting other secure devices to pivot onto your machine without users being aware is still there.

The solution? CTM Tech Secure Global Network

Our Zero Trust Network architecture means that the machine becomes a encrypted entity on any network. The SGN (Secure Global Network) creates tunnels back to our datacenter where data is monitored and ‘cleaned’ before arriving at its destination. All our available Managed Services include this by default

The software based firewall keeps protection as close to the workstation as it can possibly be, and allows workstations to benefit from Intrusion Detection/Prevention, customisable content filtering and Malicious URL Defense amongst other things.

CTM Tech can provision connections into your remote sites, or into cloud services such as Azure, AWS, or GCP. This allows for secure communication directly from your workstation without any possible cross contamination.

Get in contact today and see the CTM Tech Zero Trust Network for yourself.

Data Integrity with MD5sum

One of the parts of Security of your data is the requirement to check for integrity of a file. Ultimately, this means making sure that the file has not changed from how a sender has sent the file to how you have received it. This can be checked by sending the MD5 has of a file separately to the file being sent. The recipient is able to run the same MD5sum to confirm the data integrity. MD5 hash is not dependant on OS vendor or version.

Example is as follows, I am going to create a txt file on my Windows 10 machine, send it via my Outlook O365 account to a Gmail account attached to a Ubuntu VM, confirming the hash at both ends to confirm data integrity (The hash can be sent via another form of communication, in my example. I’ll just screenshot it for ease).

On my Windows 10 VM, I create a text file named: SomeFile.txt – The file contains the following data:

Downloading the free tool: md5sums.exe – available here: http://www.pc-tools.net/win32/md5sums/ – I am able to calculate by running the md5sums.exe against the txt file as shown below. I have highlighted the command used and the Filename and Hash. Do not worry if your hash is different to mine.

I send this to my personal Gmail account which I access and download to my Ubuntu VM (I assume you already know how to download files!). MD5sum is already a available on my version of Ubuntu. So within terminal I run the MD5sum and compare the hash to that of the windows 10 machine. As you can see, the Hash is the same, this confirms that the data integrity has not been compromised during the sending/receiving of data.

Now imagine that the email file was infact intercepted between the Sender and Receiver. The txt file was manipulated to change the details spoofing your email address to look like the original source and send it onto the recipient. Now the text file received looks as follows:

Checking the hash of the same named file that is downloaded into the same location, you can clearly see the hash is completely different, so now the integrity has been compromised and the data cannot be trusted