Blog

Synetec supporting SportsAid

Synetec were proud to get involved with the SportsAid Charity Golf Day this year. The event was held at the immaculate and prestigious Stoke Park.

Most importantly the day raised awareness and funds for the tremendous work and effort that SportsAid puts into helping the next generation of British sports stars by giving them financial support and recognition during the critical early years of their careers.Click here to learn more about the great work being undertaken by SportsAid.

 

The imposing Stoke Park

The challenging and gorgeous 7th hole, which was the inspiration behind the famous 16th hole at Augusta

Top 3 Tips when taking software to mobile devices

 

Introduction

Can we have a version of that for Tablet and Smartphone please? We have long since passed the point where tablets and smart phones are being used for business, the challenge is when a proprietary system has functionality that is inaccessible on these devices. This article attempts to address the key criteria to assess before taking that step forward.

Which part?

“We want to use the system on our iPad” is all well and fine, but does the entire system need to be accessible via a tablet? For example, in a CRM system, the list of clients and client contacts is viewed almost every time the user logs on, it’s a primary purpose of the system, but do they really to be able to change their user settings or schedule reports to run via a tablet version? It might make sense to take a phased approach and leave the less frequently used parts of the system for a future phase, if at all. The main objective is usually to make the frequently used parts of the system available on different devices, not to make a complete mobile version of the system, making that distinction can save an awful lot of time and money.

Which way?

The existing systems architecture will influence many of the decisions to be made and also affect what sort of effort will be required. Having the same functionality implemented on different platforms will greatly increase the effort and costs when implementing new or changing existing functionality. For example in a windows-based system, it might make sense to move all common functionality to a WCF service that can be called by both the windows application and the mobile version, this would ensure only 1 set of code and greatly increase maintainability. Thought has to go into which platforms to develop for, is both Android and iOS required? If so, can that perhaps be implemented by making a dynamic web-based version of the application (using responsive or adaptive html) that is then accessible and works across platforms. Often a change to the main application can make moving forward much easier.

Watch it!

Maintain the system’s integrity is often overlooked in these types of projects, with all the excitement of moving to a mobile platform issues such as system and data security can be overlooked and with this different type of accessibility come different types of security challenges. The usability of the system is also something that can be underestimated, to do this properly the commonly used pieces of the system need to be redesigned so that they are usable on the different devices. To get the most out of the system it will look different on a tablet from a Smartphone.

 

George Toursoulopoulos is a technology specialist and Director at Synetec, one of the UK’s leading providers of software services and solutions.

Quick Guide to Software Security

 

Security has been a priority for companies for many years now and with so many high profile companies being hacked, it’s no wonder. With brute force, dictionary and rainbow table attacks the amount of time it takes to crack a password is frighteningly quick. This guide discusses some of the methods to crack and what can be done to protect your systems against security threats.

How is the hacking done?

With massive parallel general purpose graphics processing password cracking and rainbow tables, it’s possible for hackers to produce more than 500,00,000 passwords per second, even with low end hardware. Depending on the software, rainbow tables can be used to crack 14 character alphanumeric passwords in about 160 seconds. Faster than how long my daughter takes to unlock my iPhone pass code!

Rainbow tables achieve this by comparing a password database to a table of all possible encryption keys. This requires a large amount of memory, and memory is cheap. With hardware improving a password doesn’t stand a chance. Over and above these techniques social engineering still remains a big threat, all the encryption and strong passwords in the world don’t mean a thing when the user gives out their password. Phishing tactics are getting better and are very effective, with false emails and forged websites they trick an alarming amount of people into giving up their passwords.

What are the options?

Basically it boils down to single factor or multi-factor/two-factor authentication (2FA). Single factor authentication secures a system through only one category of credentials, for example a login and a password. 2FA is where a user’s credentials are made up of two independent factors.

 

Single Factor

There are challenges with attempting to secure your system with a password. The most common one being that users either don’t understand how to make a strong and memorable password or underestimate the need for security.

The extra rules that are necessary to make passwords strong often result in users forgetting them or having problems which results in needing password resets, which often rely on help desks (see costs). Single factor does have its advantages though, it’s cost-effective, easier to manage and less things can go wrong.

There are some things that can be done in order to make it more effective though, namely:

  • Passwords need to be long enough (minimum of 8 characters), include a mixture of letters, numbers and be case-sensitive. A password meter is recommended and has been proven to help.
  • Passwords could be partially inputted, for example character 3, 5 & 7 of the password
  • Passwords should be stored in the database in an encrypted format and then the software can verify them via a decryption key
  • Where possible the login and password can be locked down by 1 or more IP addresses (although that effectively becomes 2FA)
  • Users need to be educated on how to protect themselves and their passwords

 

2FA

As mentioned before, 2FA is where a users credentials are made up of two independent factors, such as:

  • Something that the user knows (PIN, password, questions, etc…)
  • Something that the user possesses (key fob token, mobile phone, smartcard, etc…)
  • Biometric data (fingerprint, iris, voiceprint, etc…)

Obviously some of the above options are going to be more suitable than others and there is a cost implication with each of these. I would like to briefly discuss the more popular options in order to give a better understanding and also because it is unlikely that a company will protect their CRM system with an iris scan. Horses for courses.

Hardware tokens are the most prevalent, most commonly implemented with a user being given a key fob that is combined with a password. The key fob displays a pseudo-random number that changes periodically and the user inputs this number to prove that they have the token. The server that is authenticating the user must also have a copy of the each key fob’s ‘seed record’, the algorithm used and the correct time and then in turn can authenticate the user. The key fob itself contains this algorithm and the ‘seed record’ and generates the number that is verified by the server. There are different options to the key fob such as USB stick based solutions, for example YubiKey, which is being used Google, Facebook and the US Department of Defense. With such high profile customers and a cost starting from $18 per user it is understandable why it is so popular.

Software tokens are on the rise, the key fob functionality has been replicated for the Smartphone and been in use since the year 2000. The technology is exactly the same as that in use with the hardware version, however instead of needing an additional fob an app on the Smartphone is used. Different software apps are available for smartphone’s as well, products like Toopher can verify where the user (or their Smartphone) is physically located and the first time a user tries to login from a new location, they must be given permission to do so via the app. The pricing starts at $1 per month per user.

Another effective way to authenticate a user with the aid of their mobile phone is by sending them a code via text message, this code would change with every request and would expire. This is a relatively simple and cost-effective solution, with companies providing text message capabilities from a couple of pence for each message.

 

Parting Thoughts

There are many solutions to deal with an ever-increasing challenge that we all have to address in one manner or another. You don’t need a machine gun to kill a mosquito though, don’t know if that is a saying, it should be, but taking into account the various factors that influence your security requirements is key, so to speak.

The factors would be how sensitive the information is, what would be the repercussions if the system was hacked (customer confidence, regulations, etc…), the user particulars (number of, location, etc…) and costs.

 

George Toursoulopoulos is a technology specialist and CEO of Synetec, one of the UK’s leading providers of bespoke software solutions.

Page 10 of 11« First...7891011

RECENT POSTS

RECENT JOBS

ADDRESS

509 The Print Rooms
164-180 Union Street
London, SE1 0LH
Phone: 0208 1444 206
Website: synetec.co.uk
Email: info@synetec.co.uk

DISCLAIMER

Important: The information contained in this website is for general information purposes only. Any reliance you place on such information is therefore strictly at your own risk. Synetec Ltd endeavour to keep it up to date and correct.
All images are copyrighted to their respective owners.
Bitnami