Wednesday, January 19, 2022

How some impersonators create fake propaganda!

How some impersonators create fake propaganda!


Some people modify HOSTS file and connect to some other website or webserver and make stupid claims. Indian R&AW agents have advanced spying invisible drones capable of screenshotting, recording, whispering etc... capabilities. These R&AW spies don't reveal real identities and always live shadow other people for immigration fraud purposes. I have been targetted by some rogue R&AW agents. I have verified all the logs and all the alerting systems have been verified. It's possible that these rogue R&AW spies might have done some kind of immigration scam related to my identity - Arumilli Kanti Kalyan or my spouse - Sowjanya Konudula daughter of Baburao Konudula. There is at some other corrupted R&AW agent by the name of Sowjanya Konudula. To cover that up, they might be impersonating and might be making false allegations and fake propaganda. ALight Technology And Services Limited's VPN, web servers were not hacked nor managed by any other people nor the impersonating rogue spies. 


How some impersonators create fake propaganda!

Friday, January 14, 2022

Short trip to India!

Short trip to India!


Today, I am travelling to India. I will come back to London in 1 - 2 months. Business will continue as normal. While in India, I will be travelling between at least 3 cities. This trip is more of a personal trip rather than a business trip. However, open for gaining some clients and business while in India!


Short trip to India!

Tuesday, January 11, 2022

Mid week update, business networking event and possibly postponing of India trip

Mid week update, business networking event and possibly postponing of India trip 


Current planned monitoring and alerting system has been implemented. There are few other monitoring and alerts to be placed along with auditing and accounting that would happen in the next few weeks to few months. Right now important alerts are in place. Monitoring is happening, log collection is happening. Over the next few weeks data would be collected and monitored to analyse patterns and to raise alerts in case of abnormal activity. This is a completely home grown solution. Probably could be a separate small product for startups and small businesses with workloads in the cloud. But for now, rolling out the monitoring solution as a commercial product is not a priority. However, if anyone needs some technical guidance or implementation help, please feel free to contact me on admin@alightservices.com / kantikalyan.arumilli@alightservices.com or call on +44-07718-273-964 / +1-480-347-6849 / +91-789-362-6688 or via the contact form located at https://www.alightservices.com/contact/.

The next focused products are the planned enterprise grade VPN solution (no guarantees yet) at a reasonable price point and a simple web monitoring product. The web monitoring product is not new or complex but more of a value-added service for potential future clients and could be offered as a freemium product for external clients. Hoping to have a preview, beta up and running soon. Some of the other planned value-added services for client transparency are solutions for managing, viewing automated backups, having the ability to submit on demand full / incremental backups, being able to see errors, server health, server uptime, maintainence logs etc...

Today i.e on 12th of January 2022, I am planning to attend a business networking event at All Bar One, Bishopgate London. Yesterday, on 11th January 2022, I purchased tickets for a business networking event at Patch Bar, Carter Lane but ended up not going as I was busy wrapping up things with the monitoring system and planning the next steps.

Regarding India trip, I booked my flight tickets for January 15th. Although my Graduate Route Visa has been approve on the  7th, I am awaiting delivery of the new BRP card. Obviously, I have to postpone my trip because without the new BRP card, I won't be able to come back to London. I did buy some extra fee in anticipation of postponing / cancelling. So, I can postpone up to 4 hours prior to flight departure. I will wait until 14th evening before postponing the flight.

I am considering to start a new podcast that would be related to business, technology and ALight Technology And Services Limited and would go hand in hand with the current blog. Although I made few podcasts previously, those podcasts didn't gain much traction. The previous podcast can be found at https://anchor.fm/kanti. I might add few more episodes into the above mentioned podcast at a later point, once in a while!


Mid week update, business networking event and possibly postponing of India trip

Sunday, January 9, 2022

Weekend updates and a small break - trip to India for 1 - 2 months

Weekend updates and a small break - trip to India for 1 - 2 months

Progress on Monitoring and Alerts:

Some progress has been made on monitoring activities over the weekend. Some of the alert systems are in place. There are more alerts to be placed. The website has been down for about 3 hours during this period. Few more alerts and monitoring's would be placed this week.

Later, a client portal would be developed providing dashboard, insights into monitoring and alerts for client specific workloads, but not necessarily a priority.


Possible VPN product offering (But not confirming yet):

Business grade security but low cost custom VPN solution is being planned. If the product development happens as expected, the product would be offered as a self-hosted license based product (and there are multiple approaches for this and multiple ways of offering) for SME's to host on their own hardware, generic VPN SAAS offering for individuals and small teams, and as a dedicated isolated hosting  for medium sized businesses. As usual during the beta phase there would be free trial for anyone interested. Also I would like to know specific pain points for existing VPN users. Ideas, feedback, suggestions are welcome. You can send me an email or use the contact form located at https://www.alightservices.com/contact/. I would be happy to do some brainstorming, discuss pain points and see what can be done. I would be more than happy to listen from end user's perspective, feature requests from end user's perspectives, administrator's perspective. When I used to work in the past I am familiar as an end user but at that time I didn't think much from an administrator's perspective because I was a developer. Now, as the owner of the company, monitoring, alerts of possible hacks / threats, mitigation have become far more important and I am beginning to think from both a end user perspective and an administrative perspective. Because I did not administer any commercial grade / business grade VPN's, I want to know what features are important or what are the pain points for administrators.

Some of the features that I was looking for and not available in most current VPN solutions are:

1) MFA - Some MFA's are not secure for example OTP / Authenticator are not secure. Provides some extra protection but not necessarily secure. Different forms of MFA support. OTP theft has become very common, Authenticator codes can be generated on a different device also. EMailing of few digits are also not safe. Considering the advanced spying equipment, targeted hacking etc... Some safer alternatives are hardware based authentication like FIDO or magic links in emails (Long strings of random alpha numeric characters as a query string for a URL - Even if someone is spying online they can't type fast and the browser address bar does not show the full URL. As long as your email provider allows monitoring sessions and removing sessions, this is slightly safer alternative.). 

2) Passwordless Login - It's easy for hackers to guess passwords or steal passwords using advanced spying equipment online. There are certain techniques to overcome this situation. I will make a separate blog post about some of these techniques, like the hardware based MFA, Magic links etc... Yubikey is an excellent product, I personally own 5 Yubikey's for various purposes. 2 of the 5 are biometric hardware keys.

3) Logs of session activity i.e when did a session start, when did a session end, not necessarily what happened inside a session.

4) Dedicated IP address

5) Limiting the number of concurrent sessions

6) Dashboard of sessions, administrator being able to remotely terminate a connection or even block a connection for a specified period.

7) Allow connections only during a certain period such as during business hours for certain users, 24x7 for a different set of users etc... I know some people might ask "for a one person company why am I thinking about multiple users? " My answer would be I don't want to repeatedly make decisions based upon company growth. This is what I want, these are the features I want and I want these on day one. 

8) Usage based fee, instead of paying heavy prices upfront, like cloud computing usage based fee. Of course in some of the forms of the product offering, usage based fee is not possible.

9) Integrations - SSO integration, Active Directory integration, Azure Active Directory etc...

10) Restrict Connections to certain IP addresses / range of addresses etc...

11) Session rotation cookies for the web application (Bank grade security). This is to prevent wifi hackers online who somehow steal session cookies and might do session hijacking. On not properly configured laptops and if the hackers know admin password, they could try to steal / manipulate through administrative shares etc... I don't know how they hack, but I disabled administrative shares and started using a Linux VirtualBox image.


Travel Plans:

I am waiting for my new BRP card to be delivered. And I have travel plans to India on the 15th of January. Hoping to receive my BRP card before the 15th. I will be in India for 1 - 2 months, but business activities would continue in a normal way. Due to the unusual delay in visa processing, I booked my flight tickets several days ago and bought only one way tickets. Thankfully Graduate Route visa got approved just in time. If I don't receive BRP before the 15th, I might consider postponing the trip for few days.


Weekend updates and a small break - trip to India for 1 - 2 months

Friday, January 7, 2022

Not moving to India!

Not moving to India!


Today I received an email from the Home Office of the United Kingdom mentioning that my Graduate Route Visa has been approved. So, now ALight Technology And Services Limited works as a full-time business. The office hours are no longer 4 hours per day. Full 8 hours per day. And you will see lot of things happening soon. Of course, I am still waiting on receiving the BRP card.

The focus currently is on security, internal monitoring, alerting, security logs of activities. These activities are a must for any company that would store and process customer data. SimplePass stores all the data on the users computing device, so monitoring was not a priority. But now, with a huge roadmap and plethora of products planned, security, monitoring and alerting are of highest priority.


Not moving to India!