To me, a computer without Internet access feels like a car without wheels. Trotting around town with my GPRS-enabled laptop has made me realise just how many ways the Internet supplements my daily existence. Technical disputes with my kava-drinking buddies are resolved in a flash. (”Dude, railway ties are so treated with creosote. So there.”) My extended family can keep track on what their friends overseas are up to. The opportunities to learn are immense, too. (True story: someone asked me how tall a giraffe is. For the first time ever, I was able to say, “Hang on. I’ll show you.”)

That said, GPRS is far better suited to intermittent connectivity than staying online full-time. A quick facebook update here, an email there - that sort of thing. But compared to the amount of Internet available throughout most of the country (i.e. none) I’ve got to say it’s pretty darn cool to have it when you need it.

Read on for the geeky details.

NOTE: Take everything I say with a grain of salt - I’ve only just started this evaluation, so I reserve the right to be very, very wrong on some or all what follows….

1) Windows

I had mixed results getting the Nokia GPRS USB dongle working on Windows. The dongle comes with all the software you need stored on it, so all I had to do was wait for it to mount itself as a CD device and let autorun do its magic. There are some obvious security issues here, but to its credit, the Nokia device did mount as read-only, so the odds of it getting infected (or passing on malware) is low.

The first machine I installed on - a Lenovo ThinkPad laptop - went smooth as silk, although the software complained about wanting Service Pack 3.

Installing on a VMWare virtual machine (SP2) ended up causing blue screens and never worked. I attribute this to the fact that the version of Windows I was installing on is not at all up-to-date (I normally run it sandboxed with no network connection at all).

A huge problem on Windows is that so many applications install updater services that automatically start downloading stuff the moment you’re online. I found that the laptop I tried kept transferring data at a more or less constant rate. If you leave the modem connected for any length of time that could get very pricy indeed.

To its credit, the Nokia software has an always-on-top bandwidth usage monitor. It calculates the total download and upload volume, as well as the total (this is what you get billed on). There’s also a rather rudimentary usage history chart available as well which shows you a summary of all your recent sessions, but unfortunately doesn’t offer summary totals.

While the session monitoring applet claimed speeds in excess of 40 Kilobits/second, I found that the modem felt slower than my 128Kbps DSL line at home. (More on this below….)

Nonetheless, I became very popular indeed when I was able to wander around the Freswota and Namburu neighbourhoods, laptop in tow, and download photos of all my family and friends on demand. (Strictly speaking it would have been vastly less expensive and much more efficient to put them on a USB stick, but that wasn’t the point of the exercise.)

2) Linux

Getting the modem working on Linux was a little more challenging. The Modem took the same approach as it did on Windows, opening itself as a CD device and featuring a clear instruction sheet accompanied by a simple install script.

The only problem was that whoever developed the install routine just assumed that the correct kernel modules would be loaded already. It took a few hours of digging around to find out why my modem just sat there doing nothing. I’ll be submitting a bug report to Nokia to fix this.

BUT, once the kernel module issue was addressed, using the modem was actually easier in Ubuntu (9.04) than in Windows. As with so many things these days, it just worked. I plugged in the modem and Ubuntu’s Network Manager found it within seconds, dialed the connection and established a session with a single click. Very cool.

I used my conky desktop monitor script to measure total bandwidth as well as download and upload rates. I did see a very brief peak of 14Kbps at one point, but longer downloads seem to peg at about 4-6 Kpbs (much slower than dial-up). Of course, if you’re using GPRS to download large files, you’ll have other fish to fry. The costs alone might kill you.

3) Mac

Once again, the Nokia’s install routine was about as easy as it could reasonably be made. I opened a Finder window, found the USB modem already mounted. Double-clicked on the installer package, and followed the instructions. Easy Peasy.

The software interface, as with many things on the Mac, is much more polished, albeit with fewer features than the Windows version. I could always geek right out and install the same monitoring tools as I used on Linux. But even without those deep forensics, I found the experience (and performance) was much the same as on Windows and Linux, with the exception of a brief failure to finish loading one web page (probably purely coincidental, but it was the Skype.com home page).

All in all, there’s a definite case to be made for the convenience of being able to check email more or less from anywhere, and it’s nice to be able to look up information at the drop of a hat.

I won’t comment on the costs just yet, but let me assure you that this will not be a replacement for a full-time, dedicated Internet account any time soon.

The most significant reduction is the Internet Home 128 kb service that was reduced from 16,800 vt/month to 5,950 vt per month.

See the attached file(s) for details.

TVL New Internet Pricing ENGLISH (PDF File)

TVL New Internet Pricing FRENCH (PDF File)

vitus-submission-telecoms-licences

vitus-surveyresults

Survey link: http://www.surveymethods.com/EndUser.aspx?E4C0ACB4EDA6B8B5

1. Draft telecommunications licensing policy (Download here)
2. Draft standard telecommunications licence (Download here)
3. Draft application for licence (Download here)

I think that VIGNET should see if we can do a response that represents the thoughts of all members.

Responses are required by 5:00pm on Wed 17th September so there is not much time to prepare responses.

This is a senior technical position with the company, with significant responsibility.

You can get a copy of the job description here.

Contact Douglas Creevey, CTO of Digicel Vanuatu, for further information:

PMB 9103, Ellouk Plateau, Port Vila, Vanuatu

Mob +(678) 555 5008 | Fax +(678) 27865

This advertisement is offered as a public service. All employers seeking skilled technical staff and/or management are encouraged to contact VITUS. We will be happy to offer whatever assistance we can.

Attendees/Authors:

Dan McGarry

Ken Henjo (VIT)

Tom Nako (VIT)

Jack Nato (CRC Staff)

George Keithson (CRC Staff)

Simon Hilton (AYA - Vanuatu Financial Service Commission)

Noeline Bule (Save the Children)

Andrew Moli (Vanuatu Financial Service Commission)

George Petro (Wan Smolbag)

Marianne Berukilukilu (Laho Ltd.)

Craine (CRC Staff)

Dan Ken Hinge (Habitat for Humanity Vanuatu)

David Otto (Customs)

Alex Nganga (National Bank of Vanuatu)

Jackson Miake (National Bank of Vanuatu)

THE Vignetenator (?)

What is security?

* Protection against unauthorised access

* This includes access to all important information (including documents, email, databases etc.)

* This includes protection against internal and external threats

* Threats can come from a number of places: Environment, Automated threats (like viruses, trojans, spyware), Direct human threats (hacking/cracking),

* Ensuring a safe computing environment includes making sure that equipment is not likely to fail, or if it is, a plan exists to ensure that data is lost. This is known as Fault Tolerance.

* Security is a (wholistic) process

Who is responsible for security?

• Everyone is responsible for security. Everybody needs to understand their role in ensuring security. This includes backups, system maintenance, information management and site security. All the good planning in the world doesn’t help if the cleaner pulls the server’s plug out to run the vacuum!

How do we approach security?

Security needs to be approached methodically, but it requires a wholistic view. It’s not safe, for example, to decide on an anti-virus software package in isolation. Does it work with the firewall? Is it easy to use? What are the staff training requirements?

Reference Materials

The best way to stay secure is to stay informed. Here are a few sites that offer useful information on computer-related security issues.

• http://slashdot.org/ - Lots of talk and analysis on all kinds of tech-related news
• http://isc.sans.org/ - The Internet Storm Center is one of the best sources of breaking news on new Internet-based security threats.
• http://www.securityfocus.com/ - Home of the bugtraq mailing list, this is often the first place where important security issues are reported.
• http://www.ntbugtraq.com/ - A bugtraq devoted entirely to Windows exploits.
• http://www.cert.org/ - Home of the Computer Emergency Response Team, this website is a compendium of important security-related information. Recently, they’ve been rather slow to issue reports, however. They’ve become better known as a source of vendor-specific information about existing exploits.

Network Security

This section deals with network-specific security issues. It covers both the physical and logical aspects of network configuration.

Threats

• Planning

Poor planning can cause significant problems in implementation. This is especially true in terms of the logical layout of a network. Sometimes, planners don’t anticipate ways in which the network could be breached or abused. For example, a decent firewall might not stop someone from connecting a modem to their computer and gaining access to the Internet through it. USB drives and CDs are also vectors that is often forgotten when looking at information flow.

Planning requires research and consultation. The Internet community (and VIGNET!) can be very valuable in helping to anticipate problems and take advantage of features that you might not have been aware of.

• Unauthorised access

Access levels can cause problems if they’re not set properly. See also comments below on understanding and formulating a Trust Model

File systems have permissions that can be set. This needs to be done very carefully, as it can block people from accessing resources that they need, as well. Through testing is critical in this regard.

Folders and files should also be organised carefully. Unless you are a single user on an unconnected computer, My Documents is probably ‘not‘ the best place to store your files. Input is required from management and staff to create a proper file and folder structure.

Users should be organised into groups, and permissions assigned on the group level. This is very important. Managing individual user accounts is time-consuming, prone to error, and can result in problems accessing critical information.

• Viruses, Spyware, Spam, Trojan Horses (Malware)

External mail and net-based sources of damage, unauthorised access and abuse of computer infrastructure.

Words of Wisdom: There Ain’t No Such Thing As A Free Lunch Educate your users that if something looks too good to be true, it probably is.

Consider a policy which does not allow ‘anyone‘ to install software from the Internet, unless it’s been checked by and approved IT staff and management.

• Standards-compliance

Sometimes people make decisions based on features or performance, without considering whether the product they have chosen conforms to accepted standards. This can cause problems with interoperability - that is, the ability of different systems to communicate effectively and efficiently.

• Fault tolerance

Choosing reliable, standards-compliant equipment to protect against and hardware and software failure.

It would be good if VIGNET users could compile a list of reliable hardware products available in Vanuatu.

Network Security Measures

• Planning
• Consistent and Workable Network Topology

Networks have two aspects: the physical collection of wires, devices and computers that connect computers together, and the logical collection of pathways and storage points where information flows. We therefore refer to physical and logical network topologies. Both must be designed together - it’s important to understand how the one affects the other.

• Network Acceptable Use Policy

As far as we know, there’s no AUP in use anywhere in Vanuatu (with the possible exception of the TVL client agreement). VIGNET should consider drafting one example for its members.

• Security Software Tools

Being able to view and interact with the network is a critical ability for systems admins. We’ll update this section with a list of useful tools and links in the future.

• Physical Network Security

If you can, put critical network apparatus into a locked ‘box’, off the ground and out of the way. It can save innumerable headaches.

• Systems and hardware backup
• Maintenance and Repair

Software Security

Threats

• Pirate software

Only install software from trusted sources. This is a particular challenge here in Vanuatu where licensed software is hard to find and pay for. VIGNET should consider helping to build and maintain a trusted software ‘library’.

• Unpatched/insecure software

Software that starts secure often becomes insecure with time. It’s important to remain up-to-date with patches and fixes.

Some software needs to be updated regularly. It’s not enough to simply install anti-virus and/or anti-spyware software. You must keep it up-to-date.

• Restricted software

Some software can be a powerful systems admin tool and a threat at the same time. It depends on who is running it and for what reason. Access control is important. In Linux and Unix, this is accomplished by storing certain program files in areas that are not accessible to all users. In Windows, access rights are defined on a file-by-file basis using the security tab accessed through the context menu. Right-click on the program file itself, choose properties, then click on the security tab.

• Buggy Software

Software needs to be tested before it’s deployed. Small problem can become big ones when they happen often, or damage valuable data.

Buggy software that has access to the Internet is especially dangerous. Examine your web browser, email client, music player, chat software and anything else that gets access to the Internet. If it’s a vector for viruses or exploits, consider choosing another one.

• Malicious Software

Some kinds of malware (especially spyware) often pretends to be nice, or funny or sexy. It’s not. Users need to be educated about the dangers of running software. Consider insisting that users log in to accounts that do not have the right to install software at all.

See also Network security above.

• Bloatware (software that is too resource-intensive)

Software Opportunities

• Security Software

Software firewalls, anti-virus, encryption tools all enhance data security.

We should include a list of software that VIGNET users have found useful and reliable here in Vanuatu.

• Efficiency - Automation Tools

The single biggest benefit of software is its ability to automate processes that would otherwise be time-consuming and expensive.

• Information Management Tools

Properly organised information gives greater efficiency than a new processor, a bigger hard disk or a more power server. The tools that we use to manage our information need to be well understood.

(Joseph Toara is running an iManage workshop tomorrow (Monday 27 June 2005) Hopefully he will add some useful information about the software here. In the mean time, you can check out http://www.imanage.com)

Note that where software is concerned, there is a direct relationship between ease-of-use and security. There are some things which should *not* be easy to use - or at least not easily accessible. In software, one person’s opportunity is another person’s threat.

Human Security

Threats

• Physical Threats

People can steal or damage unprotected computers and devices - especially laptops! Access needs to be balanced with physical security.

Consider creating a secure space for storing laptops, external CD drives, backup disks/tapes, projectors etc.

Also, store at least one backup offsite. Remember: Data that doesn’t exist in two places… doesn’t exist.

Remember that physical threats include environment as well. Ask yourself, will my equipment be damaged by earthquake, cyclone, volcano? How about rats? You may laugh, but consider this:

http://slashdot.org/article.pl?sid=05/06/24/0249231&tid=95&tid=133 - Rats ‘Cripple’ NZ Web Access

• Hacking/Cracking

Many of the major incidents related to network security are caused by ‘inside jobs’ - that is, staff and/or people with physical access to computer systems are responsible for security-related incidents.

• Carelessness

Failures have been caused by things as simple as pressing the wrong button. It sounds amusing, until it happens to you.

• Computer Literacy

Ignorance of how computers and networks work can often cause significant problems.

Opportunities

• Create a safe working environment for people and equipment

Keep the place neat and orderly. It benefits both staff and equipment.

• Create and enforce strong security policies

It’s not sufficient to write a password once. Passwords must be changed regularly, and they should be unique to each person.

Consider using keys instead of passwords (i.e. PGP, SSH)

• Training

Training is not a one-time event. Staff should conduct regular training as their work environment requires.

If your organisation has full-time Internet access, consider using online training. There’s a ton of material available, and it’s there when you have time, so you don’t have to change your schedule or plan down-time just to use it.

One good example: http://www.itrainonline.org/

• Trust Model

Before any new system is put in place (no matter how small or simple) you should be able to clearly describe the trust model - that is:

‘Who‘ has access to ‘What‘ data, at ‘What‘ times and for ‘What reasons. ‘How‘ will they access the data?

Network Protocols

• HTTP and CGI Explained - http://www.garshol.priv.no/download/text/http-tut.html

A clear, simple explanation of how web servers actually work.

This is one of the most useful tools I have come across in ages. It has several main benefits:

• As it is a write protected CD, nothing can infect it or comprimise it.
• As you boot from the CD, any spyware or viruses on the hard disk do not run.
• There are lots of useful tools on the CD apart from some good antivirus and antispyware tools.
• It uses the Windows PXE Environment (same as during the windows install stage before the first reboot) so it is easy and familiar to Windows users.
• It supports network access (I’ve not had any luck with wireless but wired LAN connections work fine).
• The network access allows you to connect to the Internet and upgrade the virus scanner and spyware tools. It does this by creating a RAM disk (as drive B:) and can download new virus definitions to there. Of course they get lost when you reboot. I don’t use that method as I disconnect and clean the machine before it is allowed to connect to the Internet.

Some of the disadvantages are:

• You cannot download a CD image (.iso file) of the Ultimate Boot CD for Windows. You have to build it yourself because it contains files from your XP CD and MS wouldn’t like them being distributed.
• Building the CD is a bit a hassle as it is a 230MB download and then a couple of hours to get to know how to build and configure it. After that you have to upgrade each package (using the config option) and wait for each package to download it’s virus/spyware signatures.
• Finally you get to build the package and at the end you have a .iso file that you can write to CD. You can even chhose whether you save the .iso file to burn later or just burn direct to the CD. I always save the .iso in case I want to make another copy later.
• If you use it regularly (as I do) then you will probably want to run the updates every month and write a new CD. This is the safest way to use it.

Some of the other tools include:

• Disk partitioning tools
• Disk imaging tools
• Disk defrag tools
• Disk testing/diagnostic tools
• Secure disk wiping tools
• Web browsers
• Registry editing tools
• Network tools - sniffers/scanners etc
• Password tools
• Benchmarking tools
• etc

Where can I download it?

• http://www.ubcd4win.com/

If enough people are interested then I may be able to run a short workshop one afternoon and demonstrate how to use it. email me at: daryl@datec.com.vu if you are interested.