Weekend updates and a small break - trip to India for 1 - 2 months
Progress on Monitoring and Alerts:
Some progress has been made on monitoring activities over the weekend. Some of the alert systems are in place. There are more alerts to be placed. The website has been down for about 3 hours during this period. Few more alerts and monitoring's would be placed this week.
Later, a client portal would be developed providing dashboard, insights into monitoring and alerts for client specific workloads, but not necessarily a priority.
Possible VPN product offering (But not confirming yet):
Business grade security but low cost custom VPN solution is being planned. If the product development happens as expected, the product would be offered as a self-hosted license based product (and there are multiple approaches for this and multiple ways of offering) for SME's to host on their own hardware, generic VPN SAAS offering for individuals and small teams, and as a dedicated isolated hosting for medium sized businesses. As usual during the beta phase there would be free trial for anyone interested. Also I would like to know specific pain points for existing VPN users. Ideas, feedback, suggestions are welcome. You can send me an email or use the contact form located at https://www.alightservices.com/contact/. I would be happy to do some brainstorming, discuss pain points and see what can be done. I would be more than happy to listen from end user's perspective, feature requests from end user's perspectives, administrator's perspective. When I used to work in the past I am familiar as an end user but at that time I didn't think much from an administrator's perspective because I was a developer. Now, as the owner of the company, monitoring, alerts of possible hacks / threats, mitigation have become far more important and I am beginning to think from both a end user perspective and an administrative perspective. Because I did not administer any commercial grade / business grade VPN's, I want to know what features are important or what are the pain points for administrators.
Some of the features that I was looking for and not available in most current VPN solutions are:
1) MFA - Some MFA's are not secure for example OTP / Authenticator are not secure. Provides some extra protection but not necessarily secure. Different forms of MFA support. OTP theft has become very common, Authenticator codes can be generated on a different device also. EMailing of few digits are also not safe. Considering the advanced spying equipment, targeted hacking etc... Some safer alternatives are hardware based authentication like FIDO or magic links in emails (Long strings of random alpha numeric characters as a query string for a URL - Even if someone is spying online they can't type fast and the browser address bar does not show the full URL. As long as your email provider allows monitoring sessions and removing sessions, this is slightly safer alternative.).
2) Passwordless Login - It's easy for hackers to guess passwords or steal passwords using advanced spying equipment online. There are certain techniques to overcome this situation. I will make a separate blog post about some of these techniques, like the hardware based MFA, Magic links etc... Yubikey is an excellent product, I personally own 5 Yubikey's for various purposes. 2 of the 5 are biometric hardware keys.
3) Logs of session activity i.e when did a session start, when did a session end, not necessarily what happened inside a session.
4) Dedicated IP address
5) Limiting the number of concurrent sessions
6) Dashboard of sessions, administrator being able to remotely terminate a connection or even block a connection for a specified period.
7) Allow connections only during a certain period such as during business hours for certain users, 24x7 for a different set of users etc... I know some people might ask "for a one person company why am I thinking about multiple users? " My answer would be I don't want to repeatedly make decisions based upon company growth. This is what I want, these are the features I want and I want these on day one.
8) Usage based fee, instead of paying heavy prices upfront, like cloud computing usage based fee. Of course in some of the forms of the product offering, usage based fee is not possible.
9) Integrations - SSO integration, Active Directory integration, Azure Active Directory etc...
10) Restrict Connections to certain IP addresses / range of addresses etc...
11) Session rotation cookies for the web application (Bank grade security). This is to prevent wifi hackers online who somehow steal session cookies and might do session hijacking. On not properly configured laptops and if the hackers know admin password, they could try to steal / manipulate through administrative shares etc... I don't know how they hack, but I disabled administrative shares and started using a Linux VirtualBox image.
Travel Plans:
I am waiting for my new BRP card to be delivered. And I have travel plans to India on the 15th of January. Hoping to receive my BRP card before the 15th. I will be in India for 1 - 2 months, but business activities would continue in a normal way. Due to the unusual delay in visa processing, I booked my flight tickets several days ago and bought only one way tickets. Thankfully Graduate Route visa got approved just in time. If I don't receive BRP before the 15th, I might consider postponing the trip for few days.
Weekend updates and a small break - trip to India for 1 - 2 months
No comments:
Post a Comment