Adobe Flash End of Life: Adobe is Retiring Flash and You Should Too

adobe flash end of life adobe is retiring flash and you should too

Adobe Flash, once one of the most utilized pieces of software on the Internet, is being retired by the software giant. Support will stop on December 31, 2020. Like any other piece of retired software, you should remove it from any system you have that still runs it.

Adobe first deprecated the software in 2017 but has announced that it will no longer offer support. This means that soon after the first of the year, the software will begin to show vulnerabilities. Thus, anyone still using it will significantly increase their risk of attack.

We are suggesting that any place where you would find Adobe Flash Player, such as your internet browsers, your mobile browsers, and mobile OSs, be checked to ensure that Flash isn’t still installed on the device.

Chances are that you haven’t used Flash Player in a while as modern coding has evolved. Thus, Flash isn’t as useful as it once was. It was once the predominant multimedia platform found on Internet browsers and other applications. However, it was about to be nothing more than a liability.

Any legacy software that uses Flash may no longer function properly. However, there isn’t much that can be done. Adobe has set a hard deadline for you to get the software off of your system.

If you would like to talk to one of our consultants about how to properly remove software and keep your systems free from obvious vulnerabilities, call (877) 771-2384 today.

What You Need to Know About Containers Security

what you need to know about containers security

Containerization has revolutionized software deployment. It allows faster deployment cycles, easier scalability, and consistency across environments. It’s a standard part of the DevOps process. Containers provide clear benefits in security, but they offers their own challenges.

Making a containerized environment run smoothly and securely requires specialized expertise and experience. Bluwater provides the management and support to keep the software running and minimize the risks.

Understanding Containers

Software applications have many dependencies. They use runtime environments, subroutine libraries, and system services. They need to adapt to the operating system on which they run. The container puts all the dependencies into a single package that’s deployed as a unit. The software on which the application depends will always be the same.

For instance, suppose an application runs on a Java Virtual Machine (JVM). Containerization ensures that each instance runs on the same version of the JVM, no matter where it’s deployed. The developers and admins don’t have to worry about having to run under an outdated or unpatched JVM.

However, a container isn’t a monolith that does everything the application needs. More commonly, it’s split up into services, each of which has its own container. Services communicate through APIs.

You can deploy many container instances on one machine. These numbers can be scaled up or down to meet current needs. Each one runs independently of the others. However, a container isn’t the same as a virtual machine. All the containers on the host run under the same instance of the operating system. Containers aren’t as fully isolated from each other as VMs are.

Security Benefits and Concerns

Containerization isn’t a total solution to all security problems. It makes some issues easier to deal with but introduces its own concerns. The NIST Application Container Security Guide gives a detailed summary of the issues and best practices.

Benefits

The big advantage of containers, from a security standpoint, is control. A software release contains tested and trusted versions of all supporting libraries and runtimes. When you keep them up to date, they will be up to date wherever you install the release. You only need to ensure that the latest patches are included once.

When software has to run in a diverse environment, it’s harder to test all the cases. Bugs can slip through, opening the way to attacks. Containers offer a consistent environment that we can test more exhaustively. There’s less need to worry about special cases.

Concerns

The negative side is that containers offer a consistent, predictable target. If a container has a vulnerability, every deployed instance has it. This simplifies the job of anyone trying to attack it.

Containers aren’t as isolated from each other as VMs are. Depositing malware into one container could mean easy proliferation of all the others on the same host. They can re-infect each other unless we take down all compromised instances simultaneously.

How to Heep Containers Secure

With proper management, a containerized environment can maintain a high-security level. The old techniques don’t always work, though. The NIST guide recommends a set of practices for keeping risks low. Here are a few tips based on it.

  • Use an OS tailored for containerization. Containers contain everything they need, so they don’t require many standard operating system components and services. Using a distribution that trims them down to a minimum reduces the attack surface.
  • Use security tools that are designed for a container environment. Developers often do not design standard anti-malware tools to handle large numbers of identical processes that appear and disappear. Ensure that your security software has a rating for containerized deployments.
  • Group only related containers under the same host. Having just one application (including all its services) running on a host reduces the opportunities for cross-application attacks.
  • Use hardware-based security to isolate containers. The less visible containers are to each other, the harder it is for infections to spread.

Bluwater provides the most up-to-date security solutions, letting you focus confidently on your business needs. Consulting, threat detection, removal, vulnerability testing, and user security are just some of the ways we can help keep your systems safe. Each kind of environment poses its own challenges, and we have the experience and expertise to protect them all.

Contact us to learn how we can help you with your security needs.

The Deep Internet: More Than Meets the Eye

the internet more than meets the eye

The Internet as we know it today has revolutionized the way people interact with one another and how society gets along. Most people by this point cannot imagine life without having some form of internet access. Whether it be recreational, social interactions, or business/work-related activity, the internet is an integral part of most persons’ lives. However, there’s more than meets the eye to this vast database of information that we call the internet. Some may or may not have heard of the “deep internet” or “dark internet”. 

Whatever the case, there are three primary parts of the internet. The “clear internet”, which is comprised of websites and data that can be found via search engines such as Yahoo, Google, or Bing, is the most common part of the internet. The “deep internet” is composed of all data and websites not residing on the clear internet. The last and third part of the internet is called the “dark internet”, which is a subset of the deep internet.

How do people access it?

Outside of the internet as a whole, this third domain is where most of the illegal activity of the entire internet takes place. Although not all activity done through the dark internet is illegal. Use of special software is required for accessing this third part of the internet. 

Within the clear internet, for the average internet user, most tasks required to have an internet connection can be done. Since the early days of the internet, moving into the advent of search engines such as Google, internet users have grown to be more dependent on the internet in general. The internet has also proven to be extremely effective for getting day-to-day tasks done.

The deep internet does not require special software to use all of it. However, it can be advantageous to know the differences between the three primary parts of the internet. Additionally, how to use them.

Please contact us if consulting is needed in the use of the internet. 

Tip of the Day: The Power of Free Word Processors

tip of the day the power of free word processors

Computers are wonderful machines that can be our best friend or our worst enemy. If one wishes to harness the power of that friendly side of computers, it helps a great deal to understand computer word processors

In the computer world, if one wants to type a statement, letter, or some other kind of document, a word processor program will typically be used. The most common word processor program in use today is Word which is sold by Microsoft. There are some other options that may be used for typing documents that are free. OpenOffice Writer and LibreOffice Writer are free options.

Issues

The only major obstacle to using these particular free options is that the file extension (.odt) generated by the program when a document is saved might not be readable by the word processor program installed on another computer.

For example, say a document is typed and saved with a .odt file extension. Then, sent to a computer with Microsoft Word installed. Depending on which version of Microsoft Word is being used, Word might not be able to read the document. However, the free options mentioned above both have a function to convert .odt files into .pdf format. Most computers have software installed that can read .pdf file types. If no software is installed to read the .pdf file type, simply download and install a free .pdf reader program.

As implied, there is no exact science to collaborating with word processor programs. However, the benefits are many including saving money. Furthermore, the information herein only skims the surface of what word processors can do. If a business has several employees requiring the use of a word processor but there is no budget for purchasing such software, the free options could serve nicely as an alternative.

Please contact us if consultation is needed with regards to word processor options.

Protect Your Hardware and Devices from Theft

protect your hardware and devices from theft

Computer security revolves around software and encryption. Leaving an open network connection or choosing weak passwords can lead to a data breach that costs your business clients. But physical protection for your computers and mobile devices is just as crucial, maybe even more so. Take steps now to protect your hardware and prepare a plan in the event of theft or loss.

What can you do to prevent the loss of the actual devices?

If you have an office space for your small business, make sure the devices are locked or secured. You can either have employees take their laptops home or keep them in a secure drawer at night, and you can install security cameras around the exits. Installing tracking software or adding RFID stickers can also make stolen or lost devices easier to recover.

What software should you add in case of theft?

Losing a device is a little like losing a credit card: you’re unlikely to get it back, and even if you do someone can do a lot of damage in the brief window they have it. So install software that can remotely wipe a computer. This software should remove files, Internet history, and any caches, as well as any specific business information. You could also install programs that lock down a computer without erasing the data, but that’s potentially riskier.

Sometimes devices get lost, even with a small team of vigilant employees. Phones are small and constantly put on tabletops, and as business travel becomes more and more important there are just more opportunities for physical theft and loss. Prepare for the worst so you can keep your data secure, and go to Bluwater Technologies for managed IT support that can enable your security practices.