Upcoming features in Sophos UTM enhances and further simplifies security in schools

One of the most important aspects of a schools internet service is it’s security. Advanced threat protection and customisable web filtering should be a given with any security solution,  but unless your able to deploy that security in the school across any device, and with a minimal amount of effort, it quickly becomes ineffective, leading to breaches in security.

At Virtue, simplicity is our mantra – you have complete control over all the security features you need in one place, with none of the complexity. To strengthen and simplify the security of our internet solutions we’ll be delivering the following enhancements to the Unified Threat Management (UTM) Appliances installed as part of our internet solution.

Transparent Single Sign-on

All the possibilities the internet provides makes it difficult to ensure end users exercise great judgement about where they are browsing, hence we deploy filtering in our schools –  this can be as simple as blocking the seedier side of the internet, or limiting browsing to education-related content. However, the Sophos UTM makes it simple to enforce a range of different policies for different users. For example, you can manage what students can access whilst still enabling teachers and staff some leeway to make use of important sites.

These user-based web policies aren’t new, however, they have been known to come with headaches. During the planning stages, we discussed with customers their experiences and how they can be improved. The main issue that rang out was having to install a User Agent on all endpoints to enable enforced user-based policies. Therefore, Sophos engineers have come up with a truly simple solution: transparent single sign-on.

The transparent single sign-on works by transparently communicating with the browser to authenticate with the UTM in the background, without impacting the user. The browser sends the user’s AD credentials with the UTM recording the traffic and applying the right policy on a per user basis , with no extra software agents.

Device-Specific Authentication

Another challenge we’re seeing in our schools is enabling the safe use of mobile devices. Staff and students want to bring and use their own smartphones and tablets at school.

Whilst the Sophos UTM recognizes iOS, Mac, Blackberry, Android and a range of other device types unfortunately these devices can’t always make use of the same authentication protocols as PCs. Within a school, you may wish to ensure users go through a log in page before browsing to ensure security is maintained. Previously, the only option for this would be segregating various devices into different subnets, or even different Wi-Fi networks. However with BYOD rapidly becoming the norm, this approach was becoming outdated.

Upcoming changes to the UTM will analyse network streams and quickly tell what device it’s originating from. By recognising different fingerprints in the network stream, it can differentiate a Windows PC from an iPad or an Android device from a Mac. This can then be used to specify different authentication options for each device, without having to re-structure the network.

Transparent single sign-on and device-specific authentication are just two of the many features that help ensure the protection of your staff and students with our internet service. We’re currently testing the new functionality in our lab and as soon as that’s complete the service department will be in contact with all our customers to schedule the upgrades.

Virtue at the Sophos Security Council


Virtue Technologies was yesterday invited to attend the Sophos Partner Security Council. Attendees included just a small handful of key partners with Sophos represented by the UK Channel Manager, VP Product Management and Senior VP and General Manager for Network Security.

Sophos arranged this event for two main reasons;

1. Sophos want to enable key partners to feedback  what we and  our customers want to see in future product releases or changes to existing products – it also gives us a chance to discuss any issues. The new acquisition of CyberRoam was discussed to provide some insight as to how the two companies and their products were going to merge.

2. Sophos then provided visibility of the product roadmaps for SophosCloud, Endpoint Security, Network Security (UTM) and MDM.

Keep an eye on our blog as there are some very interesting developments on the way…

Sophos acquires Cyberoam Technologies

cyberoam sophos logo

It was announced recently that Sophos has acquired Cyberoam, a leading UTM company headquartered in Ahmedabad, India.

This acquisition combines two highly successful companies in network security and positions both companies to succeed further whilst enabling Sophos to increase on their commitment to your network security. Cyberoam will provide complementary technologies expanding on Sophos’ already significant product portfolio.

Sophos combines leading security technologies in endpoint, mobile, encryption and data protection, e-mail, web, server, and network which all focus on small/midmarket companies, schools and colleges. Combined, Sophos and Cyberoam will have more than 2,200 employees, with more than 600 focused on network security, including more than 350 in Research and Development.

This decision for the two companies to come together benefits both Sophos and Cyberoam enabling them to expand and accelerate on the success that they are already enjoying.

The Internet: Where’s your data?

It is widely known the Internet is a global resource operating everywhere, in our homes, schools, workplaces and our pockets. In fact, it can be accessed from almost every place on earth – and even locations further out into space. But what about the data being accessed? Where is that stored and who is accessing it.

When looking at this, the results are interesting.

Let’s start by investigating the users. Who they are and where they are. The world’s population is now centric towards the East in locations such as India and China, with the Western world a bit behind. This is confirmed online also with China represented by about 568 million Internet users from a population of 1.3bn, and India represented by 153 million users from a population of 1.2bn. These highly populated ‘developing’ countries have had a massive uptake on Internet usage, but they still have a way to go. On the other side of the coin however, the USA has 255m Internet users from a population of 316 million.

From this it is clear the majority of web use is in the Far East. So what are they all doing? Where is the data that they all consume each and every day?

Well, this is where it gets very interesting.

Brazil (yes Brazil) has the third largest number of Internet hosts, with 26 million. In second place is Japan with 64 million hosts. However, leading the pack by a country mile is our old friends the USA with a whopping 505 million Internet hosts. That’s more hosts, providing services to the internet than the USA has people.

This clearly shows that the USA is still very much at the forefront of web services. I don’t know for sure, but I would estimate that most of these hosts are owned by companies located in Northern California.

So what does all this mean. Well, put simply – I have absolutely no idea – other than:

  • Yes, it’s an interesting fact.
  •  Yes, the USA is still the Daddy. If you make the link between web hosting and innovation, the bulk of the web is still being developed by our friends in San Francisco Bay area.
  • The bulk of consumers are from the Far East and they are consuming services from the USA.

So, does it really matter? Well I think it does in the long-term. Countries, companies and consumers are increasingly nervous about data being stored in other countries. Whether they are worried about other governments ‘having a peak’ or issues relating to the export of data.

People increasingly want their data stored in their own country. Blackberry have suffered problems with this issue in the past when their storage of BBM data caused large scale problems in the UAE, Saudi Arabia and India, with some counties blocking all users from using BBM in protest.

This is an increasingly important consideration for our education customers. As schools look at using web hosted teaching and administration solutions, they are thinking about where their data will actually be stored.

The good news is that providers are getting smart to this, with several providers now ‘guaranteeing’ that their data will be stored in a certain region and not others. Microsoft, for example, are transparent in where Office 365 data is stored and will ensure that is stays in a region that is appropriate to you. For information, UK customers have their data stored in the EU and the backup data centres are based in Holland and Ireland.

Staying Safe On-Line

We all do loads of ‘stuff’ on-line, we book holidays, read the news, chat to our friends and even buy our groceries. Sadly, it also seems that every day there is another online company gets hacked and compromising it’s customer’s username and passwords.

So what’s the answer, should we just stop using the web? Well realistically, that just isn’t going to happen is it, especially as the Internet is cram packed full of educational tools and resources. internet use in schools is on the up and whilst there are mechanisms in place to protect users from the obvious, there will always be potential threats on the internet.

The following is my top tips to a safe on-line life:

Dodgy emails

Responding or opening emails from people you don’t know is always a risk. Be very careful with emails offering you something free, or emails that want you to click a link. Never respond to an email from your bank asking you to re-validate your user-name, password or bank details. If a bank sends you an email, they normally have a security validation with in the email, for example they will tell you the last part of your postcode in the email (something that can not be faked).

There is a whole range of what I call the ‘zip file emails’. These emails appear to be from people you mitt just deal with, such as Fedex, the Inland Revenue or your bank. They all have a zip file attached. Sadly, opening the zip file will likely bring yo a word of pain.

Use your instinct, if an email looks dodgy then it probably is. Just delete it.

‘Keep me signed in’

We all click the button on login to a site to ‘keep me logged in’, with so many passwords these days it just makes our life so easy. Never, ever, click this button on a shared PC, for example a PC in a classroom or library. Only use this function on your own PC – and even then, just think about the data that on the site.

It wouldn’t be great if some else sat at a PC after you and revisited the sites you were on… as you? Imagine what they could do on your Facebook account, or worse.

Keep your software up to date

Many internet threats exploit weaknesses or holes in software coding. Software vendors continually update their software to keep it secure, so make sure you keep ‘auto-update’ enabled. It might be a bit of a pain to re-boot your PC when Microsoft send you a security patch, but it will keep you safe – so just do it. It’s also important to make sure your virus signatures are up-to date, so once again keep them up-to date.

Naughty Content

If you went to a large city on holiday, there would be areas you would avoid. You would stick to the respectable areas and avoid the less-desirable parts. Guess what, the web is just the same! As soon as you go looking for free software, downloading music or movies or other porn you are entering the Internet’s Ghetto. A place where any website you visit may contain a hidden surprise such as a virus or a trojan. My best advice, stay away.

Clearly, our Internet solutions include a robust content filtering solution to manage this situation, but users with mobile devices will always use the internet away from the site.

Don’t give your Bank details away

Easier said than done, especially when you are shopping. However, once again try to stick to respectable sites. One tip is to use paypal, or a similar payment site. Using a payment site means that the end supplier never has your card details, just giving you that added level of protection.

Connecting to ‘Free Internet’ Connections

If you’re out and about with your laptop and looking to connect to the web, be careful of free wi-fi solutions. Connections with a wireless name such as ‘free internet’ should be approached with caution.

There will always be threats out there and it’s very difficult to be 100% safe, but thinking about the above and acting upon potential risks will help keep your web-world safe.

Second Hand Personal Data

A survey by the ICO discovered that over 10% of second hand computers contained personal information.
Researchers purchased second-hand computers online and were staggered by the number of computers that contained personal information, emails and pre-saved internet passwords. What’s more, some held enough personal data so as to allow identity theft.
PCs store all sorts of stuff these days, in addition to your photos and documents there’s your email (and it’s settings), your browsing history and probably a while bunch of passwords held in cookies or the browser’s keyring.
As such, the advice from everywhere is clear, when you decide to dispose of a computer make sure you delete all your data, and delete it properly. If you’re not exactly sure how to do this, here are a few pointers…
The first, simplest and most enjoyable, method is to physically ensure your data can’t be used. For most PCs this means removing the hard drive and having a few minutes of destructive fun with some screwdrivers and a big hammer. Don’t get carried away though, you only need to remove the hard drive, so the rest can still be sold – albeit at a lower price with your worries in tact. If you want to sell the full computer, or give it away a member of the family or a friend then distraction is not a good option, unless you buy a new drive.
Completely wiping the drive comes in a good second. With this method a software programme is used to fill every data storing part of the drive with guff data. One programme that I have previously used fills the drive with ’1′s, then ’0′s and then repeats this cycle 3 times. For larger drives, this will take an eternity but it does work and will certainly erase your data. ‘Boot and Nuke’ and ‘kill disk’ are popular software tools for wiping disks, but there are many out there. Some are free and some not.
If you are determined and don’t think you have the skill yourself, then there are specialist (and non-specialist) companies that can undertake the task for you. However, it does mean giving your drive to someone – which may introduce another risk. So it would probably be easier and cheaper to destroy the drive and buy a new one.
If you are selling or giving the PC away, you will need to re-install the operating system. So go hunt the original media you received or created when you get the PC.
Oh, and without teaching granny to suck eggs, don’t forget too back up or transfer your data first…