A virtual private network (VPN) is a tool that hides your geolocation and protects your privacy while you’re online. It does this by creating an encrypted tunnel from your home network to a VPN provider’s server.  

When you buy an internet plan, your internet service provider (ISP) gives your equipment (like your router and modem) an Internet Protocol (IP) address. Your IP address helps you communicate with the broader internet by letting a website you’re on know where data is coming from and where to send it.  

In other words, your IP address lets online companies know where you are. Most online businesses store IP addresses for data analysis, but cybercriminals can use your IP to track your activity online, steal your personal information, and target you for scams.  

A VPN reroutes your internet through a server address with a different IP than your own. That way, no one online can trace your internet activity back to you. A VPN also encrypts your internet data to protect your personal information.  

VPNs aren’t just for desktop computers, though. All sorts of devices — from iPads to smart TVs — can benefit from a VPN connection. If you’re the type of person who handles your finances or does business online using a mobile device, it’s wise to get a VPN to protect yourself.  

This article will show you how to choose and install a VPN on your iPhone.  

Why use a VPN? 

Here are a few of the main ways getting a VPN like McAfee Safe Connect VPN can benefit you:  

A VPN can help you remotely access your work intranet. An intranet is a small subsection of the internet that doesn’t connect to the larger internet. Businesses use intranets — where companies may store important internal-only files — to give their employees quick access to company work tools and improve communication.  
A VPN uses bank-grade encryption to hide your personal information and actions from cybercriminals and advertisers. This lets you shop, bank, and do everything else online without worrying about someone stealing your information, even if you’re using a public Wi-Fi network. 
A VPN can keep your browsing private. It does this by hiding your IP address, so your physical location, banking information, and credit card information are protected while you surf online.  

How to choose a VPN provider

The best VPN for you depends on your situation and what you plan to do online.  

You’ll need a VPN that’s compatible with all of your devices. Many VPNs work with Windows, Android, macOS, Linux, and iOS. However, not all VPNs are compatible with every operating system. For instance, if you have an iPhone but someone else in your home has an Android, it’s important to choose a provider with an app in the Apple App Store and the Google Play Store.  

Consider which features you’ll need:  

Will you be traveling? If so, get a VPN with server locations where you’re going.  
Do you have a large family with a lot of devices? Then, a router-based VPN can be a good choice.  
Will you use your VPN for things like streaming movies on Netflix and gaming? You’ll want a VPN with a lot of speed and bandwidth.  

Be careful when choosing a VPN service, though. Some free VPN services will still pass along your information to ad agencies. If online privacy is your main goal, you’ll want to find a VPN that doesn’t store logs of your internet activity or pass along your data.  

VPN protocols also matter, and they vary in speed and security. For example, Point-to-Point Tunneling Protocol (PPTP) is a fast protocol, but it’s not as secure as other protocols like OpenVPN or Wireguard. Some VPN providers will let you use multiple protocols.  

Finally, look for a VPN that’s easy to use. Some VPNs have convenient features like virtual setup and intuitive interfaces that make using them easier. Some providers will even give you a free trial to test out the VPN before committing to it. Be sure your VPN network also has a reliable support team to help you if you ever have problems. 

How to set up a VPN on an iPhone

We’ll show you how to complete VPN setup on your iPhone in the next few sections.  

Install the iOS app of a VPN provider

Go to the Apple App store on your iPhone and find an app for the VPN provider you’ve chosen. Tap “Get” and “Install” or double-check to install the app on your phone.  

Create an account on the VPN app

Open the VPN app. Create an account with the VPN provider. Sign up for the service.  

Open iPhone settings and connect to the VPN

You’ll have to enter your passcode after creating your account to allow a change in your phone’s VPN settings and enable the VPN.  

You might have to manually configure your VPN if you need access to a private network at a business or school. Here’s how to manually enable a VPN to work on your iPhone:  

Tap on your “Settings” app on the Home Screen of your iPhone. 
Choose “General.” 
Press “VPN.” 
Tap “Add VPN Configuration.”  
Press “Type” and pick the type of VPN protocol you’re using. It could be IKEv2, IPSec, or L2TP.  
Type in a description, remote ID, and a server for the VPN.  
Type in your username and password.  
Click “Manual” or “Auto” to enable your proxy server (if using one).  
Press “Done.” 

Use the VPN on your iPhone

After you’ve enabled the VPN on your iPhone settings, you’ll have to activate it when you want to use it. Here’s how you can make your VPN active: 

Go to the “Settings” app on your phone.  
Go to “General.”  
Choose “VPN.”  
Tap the status switch on your VPN to turn it on.  

Be sure to turn off your VPN whenever you’re not using it so it doesn’t use up your battery. It’s especially important to turn off your VPN if you’re on a limited plan from your provider.  

Keep your device safe with McAfee Security for Mobile

A VPN is a great tool for keeping your internet connection private. When you install a VPN on your iPhone, you can enjoy the internet from anywhere knowing that your personal information has an extra layer of protection against advertisers and hackers.  

Whether you use an Android or an iOS device, though, McAfee can help you stay safe online. With McAfee Security for Mobile, you can access quality security tools like a VPN and safe browsing.  

Our award-winning app allows you to connect safely and seamlessly to the digital world while keeping unwanted visitors from entering your digital space. Enjoy one of our most comprehensive security technologies while living your best life online. 

The post How to Set Up a VPN on an iPhone in 2022 appeared first on McAfee Blog.

Read More

Honda vehicles from 2021 to 2022 are vulnerable to this attack:

On Thursday, a security researcher who goes by Kevin2600 published a technical report and videos on a vulnerability that he claims allows anyone armed with a simple hardware device to steal the code to unlock Honda vehicles. Kevin2600, who works for cybersecurity firm Star-V Lab, dubbed the attack RollingPWN.

[…]

In a phone call, Kevin2600 explained that the attack relies on a weakness that allows someone using a software defined radio—such as HackRF—to capture the code that the car owner uses to open the car, and then replay it so that the hacker can open the car as well. In some cases, he said, the attack can be performed from 30 meters (approximately 98 feet) away.

In the videos, Kevin2600 and his colleagues show how the attack works by unlocking different models of Honda cars with a device connected to a laptop.

The Honda models that Kevin2600 and his colleagues tested the attack on use a so-called rolling code mechanism, which means that­—in theory­—every time the car owner uses the keyfob, it sends a different code to open it. This should make it impossible to capture the code and use it again. But the researchers found that there is a flaw that allows them to roll back the codes and reuse old codes to open the car, Kevin2600 said.

Read More

Amazon Prime Day is growing in popularity as pretext for hackers

Read More

Catalogic Software has announced the latest version of its DPX enterprise data protection software, DPX 4.8.1, which now includes GuardMode for early detection of ransomware, and DPX vPlus, cloud backup support for Microsoft 365 and other open virtualization platforms.

Catalogic DPX is a proprietary data protection platform that offers the capability to backup data and applications from virtualized machines. 

According to Catalogic COO Sathya Sankaran, VMWare and HyperV make up about 80% of the virtualization hypervisor market, while the remaining 20% is attributed to a mix of players, including Microsoft 365, and various open source options such as XenServer, Oracle VM, KVM, RedHat, Acropolis, OpenStack and RHV/oVirt. Catalogic DPX vPlus will provide support for these other hypervisors that are “usually neglected” by other backup solutions, according to Sankaran.

To read this article in full, please click here

Read More

The poll is published as the UK government moves forward with its Online Safety Bill

Read More

This is the final article of the DevSecOps series and how it overlays onto DevOps lifecycle. In the first article, we discussed build and test in DevSecOps. In the second article, we covered securing the different components of the deploy and operate process. The final phases of the DevOps lifecycle are monitoring the deployed applications and eventually decommissioning when they are no longer needed.

The goal for DevSecOps is to have awareness and visibility into the entire application lifecycle to keep the system secured, healthy, and available. And when it’s time to decommission, follow the business processes to safely transition users and retire the application.

Monitoring

A system must be able to manage the failure of any application or hardware component. The goal of monitoring is to reduce the risk of failure by providing awareness and visibility into the behavior and health of applications and the overall system. When establishing a continuous monitoring program, consider the following security related items as part of the overall strategy.

The health of all applications and systems are visible through monitoring.
Understand the threats and vulnerabilities that put each application at risk.
Identify and create policies that define what security controls are needed, where they should be applied, and track gaps in controls using a risk register.
Logs and event data gathered by the tools should be segmented from the application, centrally collected, correlated, analyzed, and reported on for investigation.
All stakeholders have a role in security, and they need to be trained on how to take action to protect the organization.
Risk management must be dynamic to provide continuous monitoring and proactive resolution of security issues.

Monitoring starts with the planning phase and continues through the entire lifecycle of the application. It should be designed into the application and not an afterthought at the end of delivery. Empowering stakeholders with monitoring information can provide greater security to keep applications healthy and available throughout their lifecycle.

Decommission

The most important step when decommissioning an application is obtaining awareness and support through a transition plan and schedule with the stakeholders and users. Companies can ease the transition by having an overlap period between the new application and the one being retired. During the overlap period, users can be moved in groups to ease the efforts needed to support and troubleshoot migrating users.

Once users are transitioned and the legacy application is ready to be decommissioned, backups of the system should be performed. Any supporting infrastructure is turned down and returned to the pool of available resources. This reduces the attack surface of the organization and the administrative overhead of keeping a system secured.

Developers also have a role in decommissioning the application. The following items should be addressed as part of retiring an application.

Developers and any stakeholders with code checked out of the application source code repository need to check in their final versions and delete the code off their development workstations.
The repository should have any merge requests to feature, or the master branches denied or approved before archiving.
Developers should clean up the feature branches to reduce the size and complexity of the archived repository.
Once the source code repository is cleaned up, it should be set to read-only and access removed for everyone except the necessary] stakeholders.
Only the DevOps administrator should have access to the application code repository. In the future, the administrator can give access on a case-by-case basis.

Turning down the infrastructure and development resources for the decommissioned application reduces the company’s attack surface, helps maintain a clean DevOps environment, reduces infrastructure costs, and removes unnecessary monitoring.

Conclusion

This series has covered many of the fundamental security practices used by DevSecOps and shows how it overlays onto DevOps. The role of DevSecOps is to help the stakeholders (who ultimately own and are responsible for the risk) protect their business systems. For DevSecOps to be successful, the organization must make the cultural shift from traditional siloed groups to an integrated DevOps team. With the integrated team operating as one, digital transformation using DevOps and DevSecOps is delivered at the speed, scale, and security needed for success.

Read More

Stephanie Benoit Kurtz thought she had a good deal when, in one of her former CISO roles, she signed a three-year contract with a vendor for vulnerability management as a service.

Benoit Kurtz inked the deal thinking that her security operations program would make full use of all the offered features. But she found early into the three-year stretch that her team only used about 60% of them.

She says she was in a bind: paying for a product that wasn’t really the right fit with no way to get out of the contract.

“It’s hard to go back to the manufacturer and say, ‘I didn’t need that module so can I get my money back?” They don’t seem to want to engage in that conversation,” says Benoit Kurtz, a former security executive who is now lead faculty for the College of Information Systems and Technology at the University of Phoenix.

To read this article in full, please click here

Read More