Fred Drapari - Defenders Protection Initiative

Difference between Identification, Authentication & Authorization

We all have been identified, authenticated and authorized almost everyday of our online life.
What we do not know most of the time is where each of this comes in while accessing our online platforms and we end up confusing the 3 words often using the terms identification or authorization when, in fact, they are talking about authentication.

But as long as we are able to understand what we are talking about, it has not mattered to us to get the meanings of these 3 words.

It is always better to know the meaning of the words you use, though, and sooner or later, you will run into a geek who will drive you crazy with clarifications, whether it’s authorization versus authentication, fewer or less, which or that, and so on & to be honest, you could even catch an attitude!

So what do these 3 words actually mean?

Identification occurs when a subject claims an identity (such as with a username)
Authentication occurs when a subject proves their identity such as with a password (for example, by comparing the password entered with the password stored in the database)
Authorization techniques can grant or block access to objects based on their proven. This is the function of specifying access rights/privileges to resources.”

🙂

So, now you know in what ways identification is different from authentication and authorization. One more important point: Authentication is perhaps the key process in terms of the security of your account. If you are using a weak password for authentication, your account could easily be hijacked. Therefore:

Create strong and unique passwords for all of your accounts.
If you have trouble remembering your passwords, a password manager has your back. It can help with generating passwords, too.
Activate two-factor authentication, with one-time verification codes in text messages or an authenticator application, for every service that supports it. Otherwise, some anonymous raccoon that got its paws on your password will be able to read your secret correspondence or do something even nastier.

The 3 words are so easy to confused and people always get mixed up using them. Hope this article has made it clearer now!

Http and https security certificates vector illustration. Web browser protocols isolated icons

SSL – What You Need to Know

We often hear about a padlock, green URL bar and several other ways people use to describe SSL. But the question would be, What really is SSL and how useful is to HRDs websites?

What is Secure Sockets Layer (SSL)?

SSL is a security protocol that assures users of the connection between their device and the website they are visiting. During a connection to a website so much information is shared between two computers (the visitor and there server for the website) including what may be highly confidential data such as credit card numbers, location data, user identification numbers or even passwords. Visitors have to make sure all the information passing is secure and not prompt to interception by third parties. This is why SSL has become a big deal in the cyber-powered world.

In cases where there is no SSL, the information shared between these two computers often show up as plain text. Which means, if there were to be an adversary, they would basically see all the communication and in this case, data could be stolen. SSL prevents this by encrypting this communication.

Why we need SSL?

When a visitor goes to your website and sees that you have an SSL it builds an enormours level of trust, this shows your visitors that whatever their activity on your website is secure. This trust is of more importance if it includes transactional relationship; where money is involved.

Even if not for transactional relationship, in the cyber-space of today “Data is the new Gold!” so That means everything we do online has to be secure.

To have this level of trust and security for your visitors requires the one key means – SSL. Since they assure users that the connection they have to that website is safe. For the end user, all they need to verify this is a simple icon shown on their browser (The padlock).

The padlock, or green padlock icon has become an assurance indicator to users that the website they are visiting takes their security seriously.

In case you haven’t realized the importance of having your website secured with SSL because you do not handle sensitive financial-related data, it is time to shift away from that. As mentioned earlier, hackers in these digital age would go after any data transmitted on the internet especially other personal identifying information.

Good enough, websites without SSL have been labelled “Insecure” some browsers show a red URL bar in order to protect and allow visitors to clearly identify these websites. Also, websites without SSL do not rank high on search engines as of today.

We shall be writing on how SSL works and Types of SSL to choose out from in the near future.

Pre-Legislative Scrutiny, Regional Consultative Meetings of the #HRDProtectionBill2020

Over the past few years there has been a growing concern,
both locally and internationally on the increased violations of
fundamental human rights and freedom.

The Human Rights Defenders Protection Bill tabled in Parliament

#HRDProtectionBill2020, is a journey that begun in 2014, with a study conducted by DPI “The Legislative Climate for HRDs in Uganda.” A glance at the legal excesses”, which analyzed the gaps in prevailing laws vis a vis the work of HRDs and recommended for a specific law that provides for the recognition and protection of HRDs in Uganda.

Security Enhancement Initiative for Friends of Zoka (SEI4FoZ)

Following our interaction with FoZ, her donors & partners, we identified the need for Protection and Security skilling hence the “Security Enhancement Initiatives – SEI Project.”

HRD Protection Bill 2020 Road Map

The Human Rights Defenders Protection Bill, a journey that begun in 2014, with DPI conducting a study “The Legislative Climate for HRDs in Uganda.” A glance at the legal excesses, which recommended for a specific law that provides for the recognition and protection of HRDs in Uganda.
View this blog to see the progress we have made so far

Maintain your Social Distancing

Social Distancing is a practice intended to stop or slow down the spread of the Corona Virus. The purpose is to reduce the probability of contact between persons infected with #COVID19 and others who are not infected, so as to minimize it’s transmission.

8 Tips to Secure your Office

We dwell a lot on “CyberSecurity” forgetting about the physical security for organizations. We just thought we could throw in a few tips for you to secure your office space.
Security risks are trending amongest HRDs and it is so unfortunate that many organisations do not have the necessary office security measures in place to help protect their premises & assets from possible threats.
Trending risks to organizations include but are not limited to:

Compliance with FIA Requirements for CSOs in Uganda

Non-profit Organisations (NPOs) perform a vital role in society, providing relief and support to populations in need, and at times during urgent crisis. Unfortunately, they have also been used to provide cover for the financing of terrorism. As a countermeasure, after the 9/11 bombings, the Financial Action Task (FATF) was formed.

Web hosting, cloud computing, server online data storage technology, internet concept. Flat design web banner.

Tips to Secure Web Hosting

Often when you talk of securing our web hosting, our minds are led to “Which host is can not be hacked?” But it is beyond that, some time we need to secure ourselves beyond just that. Things like, who signed up for the server? Which email was used? What name was used to register the domain?

Just before we look outside and start blaming web hosting service providers, we have to ensure that we personally take these tips to safeguard our service.

#TIP 1. Since this is your service so first thing is to have all credentials pointing towards you. Credentials such as usernames, emails that are used to identify you to your web hosting provider don’t have to belong to a third party but rather you. This makes it easy to recover your account easily.

#TIP 2. Enforce password complexity and 2 step verification. To make sure login is secure, you need to have 2FA enable and a strong password. This protects your account from being easily breached by adversaries.

#TIP 3. Avoid using insecure/unsupported third party apps. Web hosting service providers tend to avail you with a multitude of app choices to use for your services, from building your website, to accessing emails, to manipulating your databases. Some of these apps tend to be obsolete or insecure to use in the evolving technology. Therefore you need to look out on more secure applications.

#TIP 4. Update all apps or software used on your web host reguralrly, after making a good choice of what to use, make sure to update this tools regularly. Updates are a way to secure yourself with a fix of identified vulnerabilities or simply to keep abreast with new technology that has been added to a tool.

#TIP 5. Use the most secure web hosting you can find. No matter the content you are hosting or the services to expect from a hosting provider, Always lookout for services that are ideal in the present digital age. We have put together a list of tips to consider when choosing your web hosting provider just below.

Here are a few tips to consider to make a choice of a good hosting provider.

#TIP 1. Ensure the server has a backup policy. Backups no longer just apply to information in your computer but also you need to know that there is another option for your online information in case anything happens. You can control many aspects of backing up your computer data, but for websites, it can often depend on your hosting provider. Good enough, most web hosting providers do offer free backups, but these are variations on this theme. For example, some may require you to perform the backup procedure manually, while others may do it automatically and require you to contact their support team if you should need data restoration services. Ideally, look for a web hosting provider that carries out periodical automated backups and allows you to restore from them at any time on your own.

#TIP 2. Look out for servers with an automated Malware or Antivirus Scanning. Just as you may have an antivirus program on your computer which you are fully in control of. For websites, you depend on the hosting service provider to do this for you. It’s important to at least know they’re doing this and what level of information they can provide to you on potential problems. Some web hosts offer these services and you are able to see their reports and fixes or recommendation. But the very least you need to consider is to be able to restore your site from a previous version that wasn’t infected.

#TIP 3. Consider servers with Network Monitoring, Firewall and DDoS prevention systems. As websites are hosted in massive data centers, much of the controls here are automated. Make a choice on hosts having control and monitoring tools in place that keep an eye out for suspicious traffic or incidences. Firewalls are always our first line of defense from attacks from outside our systems and you need to make sure you have that wherever you are hosting your website. Whereas, Distributed Denial of Service (DDoS) attacks can be a big blow as attacker will want to flood your website with so much traffic to take it down completely from the site server.
These are often mitigated by using a good Contend Delivery Network (CDN) such as Cloudflare or website firewall such as Sucuri. Good enough, some hosting providers include this in their bundles, so look out for them!

#TIP 4. Secure File Transfer Protocol (SFTP). In circumstances where large files have to be uploaded to the website, it is more efficient to use FTP to do this, now there is SFTP which is the secure version of FTP and helps keep your data safe during transfer. While most popular web hosts offer FTP services, a handful of them only seem to offer SFTP so those handful are the ones you should look up to. Unless you do not use FTP or you don’t think of using it, you could skip this tip but we guarantee it is just as important as the rest.

#TIP 5. Spam filtering. You might be well aware of spam or junk. Just as annoying these messages can be is also how they can be a source of DDoS if you are suddenly flooded by such mail. If your host offers spam filtering, then the attack goes through its spam filters first which would be a win for you. Also, keeping spam out will help you save space in your mail folders. Most hosting providers have spam filters available, but some will require manual configuration. We’d suggest using those with automatic spam filters.

Hoping that these tips have been helpful to you, these are just to ensure that you have a smooth web service and you don’t have to be a victim of several hacks on the web. There are endless attacks on websites everyday and the best you can do is to have a secure web hosting service as the internet is an overwhelming place for resources and everyone is trying their best to utilize it in both good and bad ways.

All posts by : Fred Drapari