:::: MENU ::::
Browsing posts in: how-to

Client Data Security – Why and How

I have finally decided to break the jinx of not keeping my blog updated. I shall update it once a week. Here’s the post for this week.

In today’s fast changing business world, regulations related to security are pervasive, so much so that with every new project (whether in the same or a different geographical region as that of the client), comes a whole set of laws to carry out (to the letter) as far as client data is concerned. If there is anything that the law misses, it is covered in the contract.

The next question is – why do client put these clauses (related to their data privacy) in their contracts?
They put it there because if the information leaks/gets modified, the client is liable to suffer monetary & intangible losses (lawsuits, fines from government, damaged image, lost clients, etc.).

Hence, in order to make sure that we understand and commit to the security and privacy of client information, they put the relevant clauses in the contract.

Bottom line – client data is sacred, and any security issue related to it can come back to haunt us (legally and otherwise). Hence, it makes business sense to protect our client data.

This poses some challenges.

The challenge is – No one, in their right minds, would want to put client data at risk. However, by virtue of our work & our focus towards it, security sometimes takes a back seat. This is reflected in our activities (we can also call them habits, as they keep happening from time to time). Some of them are (the list below is indicative):-

1. Noting some crucial information on a piecec of paper and keeping it at a public place;
2. Sharing password so that any client information that you have is now easily accessible to others;
3. Not keeping your anti-virus software updated;
4. Clicking on a link in mail without checking it first;
5. Discussing/sharing sensitive client information with people who do not need it to do their work;

Human beings are creatures of habit. Habits are very important in security. If i have a habit of sharing my password, there is a high chance that people near me (with good or bad intentions) can get access to it; further, if i have a habit of not locking my machine while going away, it is possible for someone to look at a crucial information (of client or personal) & make use of it.

Below are some habits that are found to be helpful in increasing the security quotient of a project, and should be used by all to ensure that we do not compromise the security of client information:-

1. Secure your passwords
While it is not always practically possible to remember a password that resembles Garnier Fructis (Long and Strong), one should understand that once you put a sensitive information like password somewhere other than your brain, you should protect it, lest it get into someone else’s hands.

2. Do not share your passwords
Once a password is shared, it is no more yours. If you have to share it (due to project requirements), make sure that you do not re-use that password for any other purposes and that you change it as soon as possible.

3. Keep your anti-virus software updated
While anti-virus software usually are put on auto-update by default, it pays to be vigilant and update it manually if the update gets failed (e.g., due to bad network conditions).

4. Be careful while clicking a link
Most of the bad code (virus/trojan/worm, etc.) require your effort (unknowingly, of course) to get onto your machine. We do so by clicking on some link without checking it first, thereby getting a bad code on our machine.
Always check a link (by putting your mouse over it, not clicking) before clicking it. If the link is pointing to a direction (e.g., an IP address or some mis-spelt address), do not click it.

5. Do not share client information with anyone who does not need it
Now this is tricky! How to find out if the person who is asking it needs it? A rule of thumb is – if the person does not belong to your project and is not authorized by your respective manager / superior, he/she should not have that information.

6. Lock your machine while leaving it unattended
Leaving your machine un-attended is a dangerous habit as almost all the access rights/privileges are attached to our machine identities. As one moves up the corporate ladder (and sometimes depending on the project requirements), one gets access to information that is confidential in nature. This habit of leaving the system/desktop/laptop unattended & unlocked may prove disastrous (Think someone-stealing-a-file-that-your-VP-sent-for-your-eyes-only)!


Remove the blogger navbar

You must have noticed the blogger navbar (also called navigation bar) on top of almost every blog (on blogger, of course!). It looks like this (part of it):-

a portion of blogger navbar

I will tell you why is it not visible on my blog (oops, site!), and also why is it not visible on many other blogger blogs. The reason is, they disable it using a CSS trick, which is neat. Take a look at this blog on blogger for a step-by-step procedure on how to make the navbar go poof (dresdain files, anyone?). I used the steps mentioned in the blog, and it worked like a charm. Also, it completes the deception (as far as my website is concerned 😉 ).


Use Google to host your website : For Free! – Part TWO

In my last post, i wrote about why i chose to use Google blogger to host my website. Here are the basic steps to do so:-
  1. Create a blog on Blogger;
  2. Modify the blog design;
  3. Change configurations in your DNS settings (of the domain that you own) and that of the blog.
Now let’s tackle the steps in detail.
  1. Creating a blog on blogger is not very difficult, so i won’t describe it here. However, a step by step video tutorial on how to create a blog on blogger (aka blogspot) is present on Internet. However, why two names for a blogging platform? Beats me!
  2. Now, we are going to make our blog look like a website. Please follow the steps below to do so:-
    1. Logon to blogger.com using your ID and password;
    2. Under the heading “Manage Blogs”, click on “Design” for the blog that you want to change the design of (you will see many blogs under the heading if you maintain more than one blog using one user ID. However, makes me gape at the stamina of people who maintain more than one blog! However, i digress).
    3. Click on “Template Designer”.
    4. Choose a template by clicking on it. After doing changes, click “Apply to Blog”.
    5. Click “Back to Blogger”;
    6. Click “Posting”.
    7. Click on “Edit Pages”. Click “Leave this Page” (if a windows comes asking whether you want to save any changes on this page).
    8. Click on “Create a Page”.
    9. Provide a page title and page text for the page (e.g., page title could be “About Me” and page text could be a brief description about yourself).
    10. Click “Publish Page”.
    11. Now blogger will ask you the placement for page(s). Choose the “Blog Tabs” option.
    12. Click “Save and Publish”.
    13. That’s it! You now have a blog with website-ish look!
To create and add further pages, logon to your blog, go to “New Post”, click “Edit Pages”, then click “New Page” to add another page to your site.
Now, to the most important aspect of them all – how to configure your DNS settings so that everytime someone types www.yoursite.com, it takes them to yourblog.blogspot.com without changing the address in the address bar! Yes, that is very important (we are not doing any redirection here). But before that, let me put up my gyaan hat on and deliver some very boring lecture to you (you can skip it, but then i would come to know about it and would deliver a curse that all your close relatives will be turned into gyaan-vriksh and would treat you as wanting some free gyaan. You know the results of that, won’t you!).
Basically, everytime you type a website address onto your browser’s address bar, some things happen:-
  1. Browser would try to locate the IP address of the server where this site is stored (using some hocus-pocus known as name resolution in coordination with a group of servers called DNS Servers);
  2. Once IP address is known, the browser requests the server (@ that IP address) for the website (that you requested);
  3. The server sends a copy of the website to the browser, and the browser displays it to you.
Phew, some steps! So don’t blame your browser the next time it fails to show the latest pics of some celeb who wanted her 15 seconds of fame because India won the WC, because the server might have been the culprit.
Anyways, back to the topic (men are pigs, i tell you!). Now, here, google not only allows us to use its server for our blogs, it also allows us to tell everyone about their IP address (well, not strictly, just the host name; rest all is managed by google).
To do all this, you MUST have a valid domain name that is registered to you. If you don’t have one, you can use one of the many registrar sites that sell a domain name. Use one of the them to buy a domain name of your choice.
After you have bought a domain name, visit the google help center page that details how to publish your blog under your domain name. Follow the steps below once your reach the google help center page:-
  1. Select “Host my blog on a URL that i already own”.
  2. Select “on a top level domain (www.example.com).
  3. Now you have to add something known as CNAME. Another google support page for step-wise instructions on how to do that for your domain registrar.
  4. After you are done with adding the CNAME, you have to add some IP addresses to your “A Records”. If you don’t fill “A Records”, visitors who leave “www” from your site address while looking for it, will see an error page. Basically, you will find the “A Records” on the same page on your DNS Manager provided by your hosting service.You will need to create four “A Records” pointing to the following four different Google IPs:-
    1. 216.239.32.21
    2. 216.239.34.21
    3. 216.239.36.21
    4. 216.239.38.21
  5. After you add them, you have to save your zone file (there would a button on the hosting provider’s interface somewhere to save it). Wait for an hour or so before moving onto the next step.
  6. Now, logon to the blogger, and go to “settings” > “Publishing”.
  7. Click “Custom Domain”.
  8. Write in your new URL (www.example.com), and save your settings. If you do not enter the “www,” you will receive an error message.
  9. You are done!
Some helpful notes:
  1. If your new domain isn’t taking you to your blog, wait another day or two to make sure all the DNS servers have been updated. If it still isn’t working, contact your registrar to make sure you entered the DNS settings correctly.
  2. Your original BlogSpot address will automatically forward to your new domain. That way, any existing links or bookmarks to your site will still work.

    Use Google to host your website : For Free! – Part ONE

    I had been struggling very hard (read tapping-on-keyboard-into-wee-hours-of-night) to get my website up. Now, don’t get me wrong – i know the basic rules:-

    1. Buy a domain name;
    2. Buy some space;
    3. Use some templates (given by the space provider), use your brain (no, not that one please!) and get your freaking site up!

    The problem is, i am broke most of the time (if you don’t believe, ask my family and friends :)). I somehow managed buying a domain, but when i googled, i found out that web-space was not free (well, it was in some cases, but they came with their own baggage). So i decided to write down my requirements for the website (i guess the developer in me will never die, sigh!):-

    1. Maintain my blog;
    2. Publish my resume, and to keep it updated;
    3. Tell (honker) everyone about my skill set;
    4. Keep a list of projects that i am doing currently, and to keep it updated;

    I realized a few things:-

    1. I don’t need a dynamic site for now, a static one will do;
    2. I had already started a blog, so moving the blog would be a concern (more so to a lazy bum like me);

    Around the same time, i came to know that one can use google to host his/her website. There are two ways,  Google Apps, and Blogger.

    I will not be writing about the first one because it didn’t work in my case (can’t figure out why). If someone succeeds at it, please tell me so, and i would be happy to include it (with all due credit) here.

    So, without wasting your time anymore, here are the steps that i took to put my own website up on blogger:-

    1. Create a blog on Blogger;
    2. Modify the blog design;
    3. Change configurations in your DNS settings (of the domain that you own) and that of the blog.

    That’s right! you don’t create your own site, you just modify your blog to look like a site. Then you need to modify your DNS settings a bit. After that, you need to configure the blog publishing settings, and presto!

    Check my next blog post to know how i did that …