How to access your Mac or Windows PC remotely from your iPad


The iPad has been a great boon for mobile computing, but unfortunately, it might not have all the files or applications needed to run your business. While it might do everything from web browsing to email, it will not run your Sage accountancy package or your AutoCAD design suite. This can be an inconvenience.

Picture the scene. You’re away from your office and for the sake of traveling light have only brought your iPad with you. But when on-site with a client you discover an important file needed for a presentation or meeting is residing back in your office on your iMac (or MacBook or Windows PC). This could mean making an SOS call to a colleague or family member to email you the file. Worst case scenario, you have to postpone your meeting. Neither of which solution is ideal.

Thankfully, Splashtop Business allows you to quickly and securely log in to your MacBook, iMac, Mac Mini or Windows system just using your iPad. The process is relatively easy. You install Splashtop on each system which you would like to access remotely (and of course on the iPad itself). When you need to log in, all it takes is a few clicks and you are virtually in front of your office computer. You can open up applications, make changes, perform file transfers and even video streaming. Data transmission is secured using end-to-end TLS 256-bit encryption and Splashtop is fully HIPPA compliant.

A very neat app which can save you time and potentially a lot of hassle.

What Irish small businesses can learn from the Mossack Fonseca (Panama Papers) data leak.


A couple of weeks ago on 3rd April the world became aware of an alleged cyber-attack on the law firm of Mossack Fonseca in Panama. A couple of days later, it emerged that the attacker leaked over 2.6TB of data including over 4.8 million emails, 2.1 million .PDF files, 1.1 million images and 320,166 text files into the public domain. The files contained confidential financial information belonging to prominent politicians, actors, lawyers and business people.It was interesting to read the media coverage of this case. A lot of general media commentators cited the firms’ failure to update its WordPress and Drupal content management systems. While this did possibly contribute to the ease of access which the hacker(s) had, the roots of this hack lie a lot deeper.

Firstly, the data which Mossack Fonseca was holding was not encrypted. Given its confidentiality and headline worthiness, this was an egregious mistake. Storing confidential personally identifiable information in plain-text format is far from best practice. It should have been protected using AES whole-disk encryption or at a bare minimum stored using file-level encryption.

Next mistake was having a public-facing mail server dual-purposing as a document server. This means that a hacker having compromised their website could – with a little more work – hack into emails and then their documents. Easy peasy. Their mail server should have been in their DMZ protected by an external and internal firewall. The document server should have been put on an ultra-secure subnet, with stringent logging (monitored by experienced IT professionals who can spot anomalies quickly) and protected by an APT detection system.

Once they had their network structure secure, they could have then worried about the technicalities at the presentation and application layer of their network. Why was their email was not using TLS? Why was WordPress (with its one-click update function) or Drupal not updated? Why were their WordPress plugins not updated etc? (In other words, the stuff that Sky News talk about after there has been a cyber attack)

Lastly, for a business dealing with such confidential information of such prominent people, from media reports at least, there appeared to be a very low level of cyber-risk awareness present among senior or lower ranking staff. It might have just taken one employee to notice something was awry when 2.6TB of data was going into the ether.

As a result of failing to have a secure IT infrastructure and a cyber risk-aware culture in place, Mossack Fonseca got worldwide negative publicity and severe reputational damage to their business.

When Time Machine Won’t Backup


Reliable Time Machine functionality is essential in any Apple environment. In most cases, Time Machine is a reliable backup application but can occasionally develop glitches. It is important not to ignore Time Machine errors or put them on the “long finger” because Murphy’s Law dictates it will be the very time your hard drive will crash and you might risk losing important data. The following is a brief (non-exhaustive) checklist on what to do when Time Machine will not backup.

Make sure your Time Machine disk using the GUID or Apple Partition Map. Most external hard drives come pre-formatted with NTFS (which is designed for Windows OS). This needs to be changed to HFS+ Journaled with GUID.

Time Machine might not be backing up because your Time Machine or Time Capsule disk is running out of space. This is a common issue for users who decide to use a single backup disk for various TM backups from different machines. This is not considered best practice, especially when using USB external drives because it often leads to confusion when it comes to restoring a disk in an emergency. To delete TM backups, use the Time Machine browser by clicking on the Time Machine icon on your dock. Locate the TM backup you want to delete via the Timeline. Control-Click the item and select “Delete Backup”.

Sometimes you might see a message that the “backup volume is read only”. This can be solved by simply disconnecting and reconnecting your drive from your local computer or network. If this does resolve the issue, this error can be solved by repairing permissions using Disk Utility (or running an “fsck” command in Terminal). Please note that for best results, it is strongly advisable to copy your Sparcebundle to a local computer on which the repair will be executed instead of executing a repair over your LAN or WLAN.

When backing up to a network drive you might sometimes encounter a “back-up disk image could not be created”. This can be caused by your Mac having no “Localhosthame”. To change this, go to System Preferences>Sharing panel and then insert a name into the “computer name” box at the top of the dialog box.

Sometimes anti-virus products (like Bitdefender for Mac) can interfere with the Time Machine Backup process making it slow down to a crawl. Make sure that you add your AV application to the “safe zone” of any such products or simply use an alternative AV solution like Sophos for Mac. Also beware of third-party disk applications like WD Smartware which can interfere with TM accessing network drives.

Encrypting a Windows 10 Pro Laptop

enable bitlocker encryption it support ireland

If your Windows 10 laptop ever gets lost or stolen, you are potentially putting your data or that of your client’s at risk. The Windows login password is not enough as this can often be bypassed within minutes. Only by using a whole disk encryption application like Bitlocker can the confidentiality of your data be maintained.

To enable Bitlocker on Windows 10

  • Click Start > File Explorer > This PC. Then right-click your system drive where Windows 10 is installed, then click Turn on BitLocker.
  • Enter a password to unlock your drive; this will be an important test to ensure you can boot the system if you happen to lose the recovery key.
  • Decide how you want to back up your recovery key, you can use your Microsoft account if you have one, save it to a USB thumb drive, save it somewhere other than the local drive or print a copy.
  • The option presented asks you how much of your drive you need to encrypt. If your laptop is new select “Encrypt used disk space only”. If your laptop has already been used select “encrypt entire drive”. (make sure your laptop is securely connected to a mains power supply during this entire process)
  • You will now be asked to choose which encryption to use “new” or “compatible”. Choose “new encryption” as this uses the very secure XTS-AES algorithm.
  • The encryption process will now begin.
  • After this process has run its course, your data should be fully encrypted.


Encryption does not protect your data from failing hard disks or accidental data loss. Moreover, in rare instances, encryption applications can go corrupt rendering your data inaccessible. Therefore, it is imperative that your freqently perform data back-ups.

7 Tips to keep your Wireless Network Secure

secure eircom wireless network

Driving out of an industrial estate in south Dublin recently at around 7pm in the evening something caught my eye. I spotted a dark coloured Honda Civic with three large antennas on it’s roof parked in a lay-by of the estate. Inside were three occupants each of them tapping away furiously on their laptops. Now they could of been a harmless group of guys who just needed to check out the special offers on the  Halfords website or they could have been engaging in a bit of “wardriving”. This is the practice of people driving around actively searching for insecure wireless networks. When they do find insecure networks they will try to access them.  People think this only happens in Hollywood films but wardriving does occur, even in a grey Dublin industrial estate.

Here are a few tips to protect your wireless network from unwanted snoopers.


  • Change the default login settings of your wireless router. Each router will have default username/password settings, (like admin / admin) which most hackers know about. Changing these combinations will make their life a little more complicated. But don’t forget to record these somewhere safe.
  • Make sure the remote management functionality of your wireless router or access point is disabled. Disabling HTTP and Telnet requests is also worthwhile.
  • Your router’s firmware should be up-to-date. Reputable manufacturers continually release new firmware for their devices and some of these can help enhance security.
  • Always apply the most secure wireless security protocol to your network. WPA is no longer secure, but WPA2 is considered “secure enough” for most SME’s. Make sure that that passphrase used contains numerals, characters and symbols. For example, “blackthornroad2016” is not secure where as “$KwiOl-qnCZng%2Z4S%p6ed&Z” is much more secure.
  • Change the default SSID to something that does not readily identify your company. For example, calling your network “Blackthorn Finance Secure Network” could be a red rag to a bull for some hackers. An anodyne name like “network 57” would be much less alluring.
  • Create an isolated guest network. Visitors or contractors to your business might need to access your wireless network. It can be a good idea to have a separate “guest network”. Using VLANing a guest network can be isolated from your business network.
  • Some wireless routers or access points come with a scheduling feature where they can be disabled between certain hours e.g. between 7pm and 7am. This can reduce the window of opporitunity for potential hackers.


Addendum: A lot of SME owners ask us “why can’t you just make my wireless network invisible?”. Well, that usually means configuring the router or AP so that an SSID is not broadcast to local computers. This sounds all well and good but most hackers will be using specialised wireless sniffing software which is designed to detect hidden SSID’s.

The benefits of a streamlined email service – Dublin accountancy firm case study

outlook technical support help dublin

There are some saying that email is dying and is being supplanted by applications such as Slack.  This may be true for close-knit teams and inter-company messages, but it is still the most widely communication tool which SME’s use for external communication.

Recently, we were helping a Dublin accountancy firm with a rather precarious email setup. The firm’s owner had amassed four different email accounts and his two staff were each using two different accounts. Almost every week there would be an incident where an inbound email from a client would go missing. This was resulting in a lot of wasted time looking for lost emails or having to contact  the client again to request a resend. They asked RealClear IT support to devise a more reliable and a streamlined email system. We set them  up with a whole new hosted email solution. We setup forwarding rules on their old account so new emails would be automatically forwarded to the new platform. Their new email system had an easy and quick search facility. We then set configured it sync with their Outlook and Mac mail clients.

Other benefits of their new email platform include:

Ample Online Storage Space – Over 20GB of storage space for emails. This was a lot more than the 5GB which they had been allocated by their previous email platform.

On-the-go Email – All their email accounts could now be accessed on their mobile devices such as iPads and iPhones.

Security – Their new email platform uses an SSL-encrypted connection and uses two-factor authentication for enhanced security.

Powerful Anti-Spam – Previously, they had to trawl through approximately 100 spam emails a week. Since they migrated to the new platform, this has been whittled down by 90 per cent. The stray spam emails that they receive now go direct to their spam folders.

On follow-up ten days later, they were delighted. The stress of lost emails of lost emails had been eliminated from their workflow. They could not concentrate on offering their clients an even better accountancy service. And yes, the rumours of emails’ demise have been much exaggerated…


Mystery of slow and unreliable WiFi solved for Dublin accountancy firm

fix poor wifi dublin ireland

We recently assisted a Dublin accountancy firm with a slow and unreliable WiFi issue which was driving their staff to frustration. The WiFi network in their 8-seat office (where most users were connecting wirelessly) was performing sluggishly and the connection was intermittently dropping. In a busy accountancy practice, this was resulting in significant downtime, frustration and missed deadlines.
We went on-site to investigate. We asked the office manager about the background to the problem. They had first noticed the problem two weeks previously and the wireless network quality seemed to be deteriorating ever since. The building was divided into 5 different offices on three different floors. Our wireless site-survey revealed that the signal coverage in 4 of the offices was quite good. In the remaining basement office the signal was poor.

Diagnostics of wired network and access points

Firstly, we checked their Eir Huawei F2000 modem-router in their comms room and connected it directly to our laptops. It was getting fairly average upload and download speeds – 2.43Mbps and 17.83 Mbps respectively. A 24-port Cisco switch was connected to the modem-router and appeared to be working with no issues. They had 3 Netgear ProSafe access points which were located around their building. We logged into each one of these APs to check the data rates, channel settings and transmit power settings. They all had the latest firmware installed and appeared to be perfectly configured. The problem resided elsewhere.

Diagnostics with packet sniffer and problem diagnosis

Deploying a wireless packet sniffer called Wireshark we were able to analyse the data packet transmission on their network. This is a powerful piece of software which can see almost all network traffic on a LAN (local area connection) or WLAN (wireless LAN). Within 15 minutes, we started to see a second DHCP server appear on their network. A DHCP device is any device which automatically assigns IP addresses in a network. In the context of a SoHo (Small Office Home Office) network, there should only be one DHCP server and that function is normally assigned to the router. To confirm our findings, we logged into their Huawei modem-router again and disabled it’s DHCP functionality. As suspected, our packet-sniffer was still indicating an active DHCP service on their network. In short, there was a second router (or some other rouge DHCP server) on their network, which was causing this problem and we had to find it. Their friendly office manager recalled that two weeks previously one of their staff in their basement office brought in a device from home in order to improve the WiFi. This device sounded like the culprit. Back to the basement office and on top of a cabinet we found the source of the problem – a TP-Link router still connected to a network point.

Our solution to slow and unreliable WiFi issue

The TP-Link router was added to their network by a well-intensioned staff member who thought it might improve the wireless signal strength and connected to a an unused network point. But, in SoHo network design you should never have more than one router (DHCP server) on any one network because they conflict with one another. The solution was simple. We logged into the TP-Link router and changed it from “router mode” to “access point” mode. This turns off the DHCP service and turns off NAT in order to avoid a double-NAT problem. We then gave the device an IP address outside the range of their Eir modem-router in order to avoid any IP conflicts. Finally, we secured the TP-Link device using WPA2-AES256 encryption.

Solution Follow-up

On follow-up of the problem one week later, we were pleased to hear that their WiFi network is working reliably and smoothly. The basement office team member is finally getting reliable WiFi. The whole team was now able to enjoy fast, reliable and secure WiFi and able to file tax returns on time and. Moreover, the office manager no longer has to listen to moans about slow or unreliable WiFi from frustrated staff.

The Web Summit 2015 and the limits of new media marketing

dublin web summit 2015 realclear support

Back in 2009 when the Web Summit (or Dublin Web Summit as it was known then) started the goal of it’s founders was admirable. Successful tech innovators and entrepreneurs from all over the world were invited to Dublin and share their thoughts and vision of information technology with those involved in the tech sector. It was an intimate, friendly event where those passionate about tech could get together and discuss this exciting, fascinating and fast moving industry. It was an event where you could be at the same table as the founder of Skype or Bebo over lunch. It was unlike any other technology event in Europe.

But as the organisers aimed for bigger and bigger attendee numbers, that intimacy which made the Web Summit so unique seems to have got lost in the shuffle. As the years progressed the Web Summit became less about being an “un-conference” where ideas between participants were informally exchanged and more about being another just another “pack-em-in-stack-em-high” humdrum IT conference. Speakers this year talked about “paradigm shifts”, “value chain disruption” and “perfect storms” occurring in various industries from music, to fashion to sport. This conference could could just as easily have been held in Dusseldorf or Dubai. Or you could have just tuned into one of those tech programs on CNBC or CNN and heard the same stuff. It lacked the focus and organic feel of the early years. Asking fellow attendees would they attend another Web Summit was met with a resounding “no”.

main stage dublin web summit 2015

The main stage @ Web Summit


The vision and big thinking of the organisers is to be admired. They grew the Web Summit from a paltry 1,000 attendees to nearly 25,000. They helped put Dublin on the radar of CEOs looking to set-up a European base and it bolstered Dublin’s reputation as a technology hub. This positive spin-off effect of the event is unquantifable. But with these impressive feats aside – like with any business – it all boils down to customer satisfaction and frankly, whether it was the exhibitors or attendees – most seemed less than satisfied with their Web Summit experience. Exhibitors talked about promised meetings with investors, which never transpired. While attendees talked about lacklustre speakers, crowded aisles in the exhibition halls and €20 hamburgers.

dublin web summit wifi

At the least the WiFi was working, albeit slowly.

The organisers prided themselves on their data engineering or “Big Data” techniques to promote their event. Technology such as email marketing and social media enables your business to market easily and cheaply to thousands of potential customers. The Web Summit crew used these technologies and used them very effectively. (In fact, it was almost a running joke at the event the voluminous amount of emails which the Web Summit team sent out in the months preceding the event.) But, like with any business, no matter sophisticated your marketing technology is, it all boils down to customer experience of your product or service. Customers can be easily and cheaply acquired using technology, but if your customer’s experience of your product or service has not met their expectations – no amount of data engineering or data driven marketing can get them back. No amount of technology can prevent negative feedback from informal word-of-mouth channels. Technology may change, but human nature does not.

44Con IT Security Conference London

it support dublin 2 ireland

Last month, RealClear attended the excellent 44Con IT security conference in London. The conference highlighted many of the IT security threats that abound in today’s environment and the best defenses against them.


It only takes one photo to infect your computer

Saumil Shah illustrated how an innocuous looking .JPEG (photo) file can be used as a vector to infect your computer. This is achieved combining an image file with a HTML and a Javascript coder/decoder file to create single HTML+Image polyglot file. When this file, which appears as an image, is clicked on, the malicious code gets decoded, its payload is released and your computer can be infected in a matter of seconds. This insidious type of attack cannot be detected by a firewall or anti-virus software as the exploit is hidden in pixels. Moreover, it flies under the radar of the operating systems’s DEP and ASLR. So next time someone emails you that funny cat photo, you’ll never look at it in the same light again…

Phishing attacks are still prevalent and still successful

Phishing attacks (acquiring sensitive information masquerading as a trustworthy entity) are still working according to Michele Orru (of Browser Hacker’s Handbook fame). With cloud technology, phishing attacks can be executed easier than ever. For example, an infinite amount of IP addresses can now be bought on Amazon Web Services. The Telegraph (UK) newspaper tasked Orru with phishing one of their technology journalists, Sophie Curtis. (The mind boggles about the legal and ethical dimensions of this assignment, but that is another story). His attack started with a fake Linkedin invite which had a BeEf plugin surreptitiously attached to it. This helped reveal the target’s browser type, plug-ins and email client. Once these credentials had been determined, the payload could be customised. In this case, the payload included reverse HTTPS and DNS send-back mechanisms. This was all packaged up in a .RAR file (Gmail does not allow the sending of .exe files saved in .ZIP format). Then, using a file masquerading technique, the .RAR file was cloaked as a.PDF file. The next step was to send a cleverly crafted social engineering email with a subject matter which would have been of interest to the target. The email, in this case about human rights in Brazil, was sent using Sendgrid with SPF and DKIM authentication enabled to avoid the attention of spam filters. His Telegraph journalist target took the bait, opened the attachment and her computer was under this white-hat hackers control in the space of a few hours. The efficacy of this attack on a tech-savvy technology journalist was astounding.

UEFI – The backdoor to your Mac OS X and Windows systems

When most people talk about viruses or malicious code they assume that it lurks somewhere in the operating system. That assumption is mostly correct as most malicious code does reside at application or kernel level in the operating system. But most people forget that one level down from the operating system lies the UEFI (Unified Extensible Firmware Interface) which initialises when you first power on your computer. This could present a vulnerability to your Mac or Windows system as malcious code can be hidden at this level. This issue was raised in the presentation of professional “malware hunter” Pedro Vilaca. How many “in the wild” or “zero-day” UEFI rootkits are out there which have not been detected by security researchers?. It is worrying because malicious code at this level will persist across system re-installs, hard disk wiping and most dangerous of all – code at this level can circumvent full-disk encryption. As UEFI rootkits initialise before encryption applications, they can easily capture passwords as used by popular encryption applications such as FileVault, PGP and TrueCrypt. Vilaca stated “If we can’t trust hardware we are wasting a lot of time solving some software problems”.

Windows 10 – How secure is it?

There are many techniques in which you can evaluate the security of an operating system. One such lens is looking at the attack surface. This is the aggregation of all different points where an attacker can inject or extract data. Typically, the major attack surfaces on an operating system would be services and drivers. In the contexct of the latter two, James Forshaw, a researcher on Google’s Project Zero team decided to perform a comparison between Windows 7, 8 and 10. Not surprisingly perhaps, Windows 10 contains the most amount of drivers and services. But seeing that bare driver and service count can sometimes be a blunt metric for OS security evaluation, he decided to perform his analysis according to system privilege levels. Again, Windows 10 has the most number of services running at the highest system privilege level. But in terms of direct attack surface of Windows 10 drivers, he found it had the lowest area of attack.

Internet Explorer, has long been the security Achilles heel of Windows OS with the same amount of holes as a block of Emmental. Finally, Microsoft have replaced this dinosaur browser with a successor which they have called “Edge”. In short, Microsoft have taken the Trident rendering engine from IE and streamlined it. And to beef up security, they have now enabled enhanced protection mode in Edge by default. On the downside, it’s still using the ActiveX version of Flash.Does this now mean that Windows 10 is fully secure? “Windows is a complex operating system, you can always find something to break” said Forshaw.

What all of this means for your business or organisation

Good IT security no longer means that a firewall or anti-virus software gives you adequate protection. Far from it, to defeat modern threats, you need a layered approach to your security. This starts with you and your team having a awareness of risk and and a security mindset. It means having proper protection mechanisms such as firewalls and AV software in place and properly configured. It means having robust computer usage and data handling policies in your company or organisation. Should an attack occur, IT threats can be prevented or at least their damage mitigated. It also means that you can sleep at little bit sounder at night knowing your data and systems are protected.

Choosing the best firewall for your business

firewall installation and support dublin

Back in the old days (that is 6-7 years ago in the world of IT…) a firewall usually meant a device which would perform deep packet inspection on incoming data traffic. That is to say, it would examine data packets looking for protocol non-compliance, viruses and spam. But then network attacks began to get more sophisticated. Phishing scams, SQL injection attacks and drive-by-downloads started to appear. In response to this more diverse threat landscape, firewall vendors starting bringing out UTM (Unified Threat Management) devices. These would offer a much more comprehensive portfolio of protection than just a conventional firewall. For example, most UTM devices come with IPS (Intrusion Prevention System), gateway anti-virus, VPN and URL filtering. This was all well and good but all this feature-creep resulted in decreasing throughput speeds. So some UTM devices were gaining a reputation for slowing down your network. The response of firewall vendors was to bring a new security platform to the market – which they called the Next Generation Firewalls. Typically, NGFWs are not a quantum leap from UTM devices but do tend to peform security analysis in a more streamlined and co-ordinated way. For example, Dell Sonicwall devices use a technonology called Reassembly-Free Deep Packet Inspection (RFDPI) which examines traffic simultaneously across all ports on your network without causing a choke-point. Moreover, NGFW’s rather than relying on ports and protocols for accessing risk rely more on application and user awareness. They take a more semantic or context-aware view of both users and applications.
Popular models of firewall appliance on the market include offerings from Dell (SonicWall), Cyberoam, Watchguard and Fortinet.

Consideration factors when evaluating a UTM or Next Generation Firewall device

Your existing network infrastructure, number of users and required protection levels are just some of the factors you need to take into account when deciding on a firewall solution.

  • Understand the type of traffic on your network – For example, does your business do a lot of web-streaming, VoIP or Skype calls?
  • How many users are there on your network? How easily will your firewall scale with an increase or decrease in the number of users?
  • What is the average data packet size of your network? If, for example, your business works with a lot video files or architectural drawings, there will most likely be large packets. Whereas, if your business is accountancy, the average packet size will probably be a lot smaller.
  • What are the data traffic patterns like on your network? Are there sudden bursts of data or is it more of a steady trickle?
    Are the anti-spam or mail filtering policies flexible enough for your expected email traffic?
  • What is the Intrusion Prevention System like on the firewall? Usually, this feature cannot be easily gleaned from a spec sheet, but rather from the experience of your IT support company.
  • If your business or organisation requires URL filtering, how easy is it to add or remove URLs using the firewall’s management console?
  • How many simultaneous SSL / IPSEC VPN connections does your firewall allow? Does it allow for split-tunnel and tunnel-all access?
  • What is the IT skill set of your IT administrator like? Some firewalls are more complex than others to administer.
  • What kind of zoning capabilities does your firewall allow? Zoning is important as it allows you to compartmentalise security on your network.
  • How intuitive is the centralised management tool of the firewall to use and is the device’s reporting easily understood?

Beware of speed throughput specifications
When looking at firewall spec sheets many people have a tendency to look at just the “firewall” component specifications. But this will just give a very crude (and sometimes misleading) benchmark of performance. A common metric which firewall vendors use to measure the throughput of their devices is the RFC 2544 protocol, which today is a very outdated benchmark and does not reflect a modern networked office environment. Using this benchmark firewall vendors can then claim their devices have a throughput of upto 3 GB/s which is a tad optimistic.

“95% of firewall breaches are caused by firewall mis-configurations”

So you have acquired your shiny new firewall, but does that mean that your business is now protected? Far from it. Gartner, the international information technology research firm, estimates that up to 95 % of firewall breaches are caused by firewall misconfigurations and not firewall flaws. The best firewall in the world is useless if not managed correctly.

For further experienced, professional and friendly advice from RealClear – call us on 01 -685 7833.