Thursday, October 2, 2014

"Security" software that violates all security principles, being given out by cops

EVERYBODY: Be careful about 'free' software that schools and government agencies are handing out - most are handing it out for free: ComputerCOP.
https://www.eff.org/deeplinks/2014/09/computercop-dangerous-internet-safety-software-hundreds-police-agencies

This stuff, if installed, will literally record every single thing you type (and that means passwords and usernames), and send them UNENCRYPTED across the internet to who-knows where.

There are several agencies in many states that are sending this out. Don't fall for it. If somebody offers this to you for free - take it - then BURN THE DISC. Agencies are paying for it, so make them spend their money on nothing.

The software is supposed to protect kids, but it actually endangers them to exposing activities, login information, etc. And, if I were to be an attacker, I could see all this EXTREMELY EASILY with nothing more than a wi-fi enabled laptop.

Here is a link to a list of agencies in many states that have been known to either buy many copies, or even to distribute them.
https://www.eff.org/pages/whos-giving-out-computercop 

Friday, December 20, 2013

12/20 - Sending An Encrypted Email Easily (and Free!)

So, I figured I'd talk about how to send encrypted emails for free, and using any email program that you're already set up for. There are literally thousands of methods we can do moderately safe encryption - some for files and messages, others for full file systems (entire hard drives). There are also many algorithms and methods that are used to make the encryption harder to break.

This post will focus on messages and small files, so we will use a freely-available algorithm, called PGP. 'PGP' stands for 'Pretty Good Privacy', and is one of the most widely-adopted and freely distributed forms of encryption. In fact, it is so good that it was once considered illegal to send this algorithm overseas because it's considered a type of weapon. (Source: http://www.cypherspace.org/rsa/legal.html)


So the software I'll use for demonstration purposes is Portable PGP (http://ppgp.sourceforge.net/). Like the algorithm, this software is free, and can be downloaded from the site linked here. It's capable of signing files/messages (for integrity - proving the message hasn't been tampered with in transit), or for encrypting them (for confidentiality - so it can't be ready by unintended parties), or doing both at the same time.

Portable PGP
For windows users, there are two ways to install. You can download the USB-stick version, which you just unzip to a USB drive, which you can then use on any Windows computer. Or you can download the full setup version, and install it on a specific computer. Both look exactly the same, and operate the same way. 

The first time you run the application, it will ask you to either generate a new key pair, or import an existing one. This guide assumes this is the first time you've had a key pair. It'll open a new window, and you'll need to enter in some information. I HIGHLY recommend you use the Paranoid ElGamal option, and slide the slider towards the right. It will take a lot longer to create the key pair, but once it's created, it's done. If you like, you can also make a larger Key Size. 
Creating a Key Pair

Once that's done, the next part is allowing others to send you messages. You need to find your PUBLIC key in the lower box, and click the "Export Selected" button (it's the one that looks like a disc). Save it to your computer with an *.asc extension. It's this file you want to hand out (NOT your private key).

Now, you want to upload your public key to a key repository. Probably the best one is the PGP Global Directory: https://keyserver2.pgp.com/vkd/GetWelcomeScreen.event. You'll need to click on Publish your Key, upload the *.asc file, and assign an email address (required). Once it's uploaded, you need to verify your email by clicking on the link you'll receive. This makes the public key searchable by others; they can search by your name (or the name you gave), an/or your email address. Other people can then download your key, and import it into their installation of PGP. Whoever you're communicating with should follow all of the same steps, and upload their public key, which you'll need to search for.

Okay - now each of you has the other's public key, and your own private keys. Now what?

Well, click on the "Encrypt" button on the left, and choose "Encrypt Text" or "Encrypt a file", as desired. In the bottom drop down Target box, choose the PUBLIC key of who you are sending to. If you want to sign the message for integrity, choose YOUR private key in the "Sign" box. This doesn't transfer the key, but they must have already imported your public key already for the signing part to work.

Click on "Encrypt" in the lower right, and enter YOUR key pair's passphrase.

You will get a new window with your encrypted message. This message is what you will send to the recipient. 
Encrypted Message

Your recipient will choose the "Decrypt" option in their program, and paste the encrypted message into the program. They will be prompted for their private key passphrase. But make sure they don't paste in the readable portions (---BEGIN PGP MESSAGE----) and the version number, as well as the end pgp message tag.

Assuming you signed it, and assuming they type in the correct passphrase, they'll see this: 
Signature Verification

That means that the sender "signed" it, and the message hasn't been tampered with in transit. 

Once they click "OK", they'll be presented with the decrypted message:
Decrypted Message

Now, that seems like a lot of work. But after the initial setup, it's not that much. But that setup is everything. 

Sure, there are ways to do this automatically, but mostly that requires enterprise-level resources, or a LOT MORE setup, and usually full control of both machines at some point. This guide was made for the everyday user in mind, who just want to protect their privacy just a little more more.


Oh - and for those who email me, I'd prefer you to do so with my Public Key: I've made it available for download on my personal site: http://cashfamily.clanteam.com/files/rcash_pgp_pub.asc.

Monday, July 1, 2013

The Damage Caused by Clicking a Link

So our recent security awareness exercise has a lot of people thinking about everything they do on the computer. And rightfully so. Nearly 30% of my company’s users who received the email clicked on the link, and were warned that they had opened a “phishing” site. Now, the email was fake, and not harmless. But there will be cases where a real phishing email will be sent.

Let’s explain what “phishing” is. It’s a type of information-gathering technique, designed to trick people into providing valuable information for seemingly (but not) valid reasons. The techniques range from claiming a breach and that you need to change some part of your profile, or your password, or some such. Other cases may ask for seemingly innocuous information, such as your name, email address, or other data. But a basic phishing attack doesn’t need to implant a virus, Trojan or other evil code. It just gathers information and then goes to work.

So let’s take into account a basic link you click on, similar to the one in last month’s exercise. If an email like this was sent to every possible combination of “companyx.com” email addresses, clicking tells the attacker a lot of information. By clicking on the link, you have confirmed that your email address exists. From there, they know your name – after all, an email address of “jack.rock@companyx.com” makes it easier to guess that my name is “Ryan Cash”. So now, the attacker knows my name, and the company for which I work.

Next, it’s a simple matter of taking that information to LinkedIn. Very few people hide much information on LinkedIn, as a lot of professionals use it as a way to be found by recruiters. So that site shows what I do for CompanyX, my previous jobs, possibly my certifications/education, probably a picture, and at least a general idea where I live.

Scared yet? You should be. Now that they know where I live, what I look like and my name, it’s not a bad jump to go to Facebook, since a huge amount of people are on it. The attacker can look at my pictures, and if my privacy settings aren’t very well done (and routinely audited), a lot of personal information can be seen; information like children’s names, pet names, spouse names. And a HUGE amount of people (including many who are reading this article) use these items as bases for passwords, so they can more easily remember them.

Now, if the attacker has any password cracking tools (they are easy to get, and freely so), they can put this information into the tool to start running millions of guesses a second. With a child’s name of five letters, that’s five letters out of 12 that they don’t have to guess – cutting their work almost in half.

Now, we have protections against this type of password guessing scheme, but we can’t rely on those alone. And even with them in place, there are other things they can do with that same information.

So BEFORE you click on a link, or open an attachment, in an email that just seems “weird”, call the helpdesk and ask about it. If an attack is real, then clicking on a link at all is dangerous, even if you close the browser immediately.

Friday, June 7, 2013

Why I’m Afraid For You

Okay, I just got back from my first day at the Ethical Hacker class. First, let me give you a background from where I come from.

See, my very first formal IT class was for Security+. And, like many other industries, the first class you take tends to color everything you do in that field. As an example, my first martial arts school was Taekwondo, so I tend to use more kicking than, say, a karateka. So when we deal with networking, I tend to think more on how to secure them, rather than implement or fix them.

So, I’m already scared of networks and the Internet. Of course, it’s necessary to use in today’s world as an IT technician, but a certain amount of trepidation accompanies what I do at work. Keep that in mind:  a small amount of trepidation.

Today’s class was quick, and spent more on legality of ethical hacking. We spent about 15 minutes of just looking at publicly accessible items, breaking no laws, and not even TOUCHING our target site. With about five minutes, we had:

  • The webmaster’s name
  • His work phone
  • His personal mobile phone
  • His direct employer (hint: he does NOT work directly for the company)
  • How long he’s been in that position
  • What type of server the website is hosted on
  • What types of technologies were used in the website (like javascript, Java, active server pages, etc.)

Okay, it took all of about half an hour to show us this. That’s half an hour WITH explanations and questions. That means all this information could be found within less than five minutes – and the attacker would never even be detectable at this stage by the target. And would not have broken any laws at all within that period.

So keep this in mind when the world starts talking about protecting your GMail with two-factor authentication, or when your IT department requires larger and more complex passwords.

Wednesday, May 8, 2013

PC Cleaning Apps, Scams, and speeding up your PC on your own

So I'm not going to re-invent this post. A recent article on How-to-Geek has explained this concept far better than I could.

Here's the article:
http://www.howtogeek.com/162683/pc-cleaning-apps-are-a-scam-heres-why-and-how-to-speed-up-your-pc/?utm_source=newsletter&utm_medium=email&utm_campaign=080513

So there ya go. Those paid apps are next to worthless, if not outright malicious, and do next to nothing for your computer.  I've used CCleaner for years in my PCs, my clients' PCs, and have had no issues. And CCleaner's registry cleaner includes a backup option (which is on, by default), so you can undo any registry deletions you may perform, just in case the system becomes unstable.

Monday, February 25, 2013

What does the signal strength REALLY mean?

So I take a lot of calls on network issues, specifically about laptops connecting to wireless networks.

The common misconception is that signal strength equals speed. While signal strength is, indeed, a factor, it’s not the only factor nor even a major one. Signal strength is an indicator of one items – strength from your laptop/mobile device/PC/macbook to your wireless router. That’s it. Not to the internet, not to your work website, not to Google, not to ticketmaster.com, nothing.

You see, when you connect to the Internet, you’re not connecting directly to the website. You connect to your router, which connect to your modem, which connects to a backbone line, which connects to another (very high powered) router, which connects to another one, and another one, and then maybe your intended site/server. Each “hop” of this transmission takes time to jump from each step to the next, and then any information coming back takes a similar path to come back

Huh?

That means your computer sends a request to a website or other server, then that server sends back the information you requested (web page, file download, video feed, etc.). So each connection is a two-way street, encompassing at least five different sub-connections, all taking their sweet time.

So what does this have to do with signal strength, JR?

Not much, and that’s the point.

As I said above, signal strength is what people use as an argument for “my internet connection should be blazing fast”. They think that since they have four or five bars, they should have instant connection to anywhere in the world, and that’s simply not true.

It only means you have a strong (not necessarily fast) connection to your router. After that, the signal strength means nothing.

So what does it means if I have very LOW signal strength?

As I mentioned, signal strength CAN impact your speed, but not in the way you want. If you have a poor connection, indicated by a low signal strength, you can get a very low speed, as the network and your laptop have to compensate for data packets missing, etc.

Okay, so signal strength is important, to a degree. How do I improve strength if I have a low signal?

Well, understand that wi-fi, or wireless networking, is still a radio signal. Have you ever driven your car into a long roadway tunnel, and your radio started getting fuzzy, or just outright not playing at all? That’s called EMI, or “Electromagnetic Interference”. In layman’s terms: stuff that gets in the way of your radio signal.

The same thing happens to wi-fi signals. But because the broadcast strength is MUCH lower than a radio station’s, it’s easier to disrupt wi-fi. That means the metal in your walls, the wires running through them, the concrete foundation, nearby electrical appliances (TV, anyone?) can all have an impact on your router’s wireless transmissions.

So keep your wireless router away from appliances, and out of the basement. If you need wireless on more than one floor, there are ways to use TWO wireless routers or access points (APs) to cover more area.

So, what can I do if I have great signal strength, but have very slow internet?

First off, determine if it’s ALL sites that are slow, or just one or two. If the latter, it’s probably something to do with an internet backbone router, or the website’s server. In all of these cases, there’s precious little you can do about it. The items you need to troubleshoot are not in your control, and may not be in the control of the website’s owner. You can call them to see if they have issues, but if they find nothing problematic on their end, chances are you’ll have to wait until the Internet fixes itself (which it does have this ability to do).

If it’s ALL websites that are problematic, then call your ISP (Internet Service Provider). They can check for signal to your building, see if an outage is going on, etc. They can guide you through some troubleshooting, or send a tech out if it’s necessary.

Conclusion

There’s a lot that is affected by wireless signal strength, but it’s not the end-all-be-all of network speed. I’ll cover troubleshooting connection speeds in another post, so stay tuned!

Wednesday, December 19, 2012

What is "Two Factor Authentication"?

On the heels of last Friday's post, we're going to continue our discussion of security. I know that normally today would be "Beginner Monday", but this is something that ALL users need to embrace - new, intermediate and advanced alike.

If you haven't already, please read Friday's post on passwords. We'll wait.

Done? Got it? Good. Moving on.

So what is a "factor"?

So, in terms of computer security (and most other security), there are three factors that govern security: 
  • Something you know (username, password, passphrase, PIN, secret code)
  • Something you have (decoder ring, security "dongle", smartphone, security badge, etc.)
  • Something you are (fingerprint, retinal scan, dna scan)
All security falls into one or more of these three categories. How they're implemented changes, though.

So, my username and password - that's two-factor, right?

Wrong.

See, both your username and your password are something you know. That's one factor. Even though it's two separate things to know, they're both still something known. That makes it ONE factor authentication.

So how do I use this newfangled two-factor authentimication?

So, to use two-factor authentication, you need to use at least two of three categories. Due to the high cost of implementing the last one, most consumer systems stick to Something you Know, and Something you Have. The two biggest sites using this system are Google and Facebook (arguably the two richest internet companies in the world, and definitely the two most widely used by users).

So the first factor is easiest - something you know - your username and password. You probably already go this set up. The second factor is something you typically have to activate after registration. Most systems do not have this turned on by default. 

In Google, you need to go into your account settings, under "Security", and turn on 2-factor authentication. You will need a smart phone or at least one with text messaging, to work. There are alternative ways to make this work without one, you can read about them on Lifehacker.


Monday, December 17, 2012

Why all the big hubub about passwords?

1/5/12 - 45,000 Facebook passwords compromised
2/13/12 - Millions of passwords compromised from Microsoft India's site
6/6/12 - Six million passwords were stolen from LinkedIn website, compromising these users.
6/6/12 - 1.5 million passwords were compromised of dating site, eHarmony
11/14/12 - Millions of Skype passwords compromised
11/21/12 - One password stolen, causing the state of South Carolina to "lose" tax details for over 700,000 businesses statewide
5/12/12 - Stolen password allows a compromise of 1.1 Million users' data with Nationwide Insurance
And Experian has apparently had 80+ known security breaches of passwords, causing an ongoing investigation into all three major credit reporting companies.

These are a mere fraction of the ongoing attacks worldwide to online accounts. And these are just a tiny bit of the successful ones. Passwords are big business for the unethical computer geek. 

And the weakest link? YOU.

That's right - the weakest part of any security system is the users, both administrative and end-user alike. Don't take this an an insult; take it as a lesson you need to learn, and implement NOW. You see, there's a special type of computer attack, called "Social Engineering". And the interesting part is that it doesn't actually have to use a computer at all, though it often does, as we'll see later.

The movie-myth version of a hacker (actually properly known as a "cracker") sitting in front of a keyboard, typing furiously for hours to break into a Gibson computer and bring down the company is generally erroneous. But the Hackers movie has two things right: the weak password ("God"), and when Zero Cool/Crash Override calls the security guard and gets the number to the dial-up modem.

Whoops.

Social Engineering is defined on Wikipedia as:
"...the art of manipulating people into performing actions or divulging confidential information. While it is similar to a confidence trick or simple fraud, it is typically trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victims."

In other words, they trick you into giving up some vital piece of information, often your password, or details to figure it out. Or they get you to reveal private details like your username. They might call you, email you, or text you.

In the movie, Crash Override tricks the guard into giving up a vital piece of information, allowing him to take over the TV network.

Okay, so that's Social Engineering. What about the title of this post (Passwords)?

See, passwords are often the only thing that separates crackers from getting into your account. Once that's gained, it's way too easy. 

So, you need a strong password. But what's considered "strong"? Basically, if any part of the password is found in the dictionary, it's a bad password. But you can't have a random string of characters and expect to remember it (well, most people can't, anyway). So you need a password that's hard to guess - even if the cracker has access to a 25-GPU Cluster that can make 63 billion guesses per second.

That's why it's important to make a STRONG password, not just an "okay" one.

What makes a strong password?

Generally, it's not complexity (though that's still a factor). It's LENGTH. Many systems still require only six character minimum. Some require eight. With today's technology, that's not nearly enough. Aim for TWELVE if you can. Maybe more. While most systems do have a maximum amount of characters, this number is very high (like 45+ characters), so you rarely need to worry about having too much.

The general requirements for complexity are that you need three out of the following four categories:
  • Upper case letters (A-Z)
  • Lower case letters (a-z)
  • Numbers (0-9)
  • Special Characters (@, #, !, &, *, and so on...)
You should have all four of these categories, even if your system doesn't require it. Also, don't make semi-obvious replacements (using @ for "a", as an example). 

What other items should I avoid when making a password?

Well, avoid keyboard patterns. I work as a desktop technician, and there was one point we had to gather every field users' passwords. Since they don't handle highly sensitive data, this wasn't a major issue, but we got to see what types of passwords are being used. Here are some examples:
  • Password4
  • Password9
  • Password99
  • P@ssword1
  • <usersname>1
  • <companysname>1
  • <dogsname>1
  • Poiuytrewq1
  • pl,okmijn
So they get from absurdly simple (and UNBELIEVABLY easy to crack), to relatively easy-to-find information (user name, company's name, pet's name), to...wait...what are those last two? They appear sufficiently random, don't they?

Nope. Look at any US keyboard, and check those keys in the order given. See any patterns emerging? We saw a lot of this, and people think they're being clever. The problem is that crackers are generally more so.

So let's avoid easily-guessable patterns and standard words as password bases, mkay?

Okay, so what can we do to get a strong, but memorable password?

First off, forget the word "password". Try to think in terms of "passphrase". In fact, many Linux systems are already thinking in this capacity.

Instead of a word, try thinking of a nonsense phrase. An example is "Correct horse battery staple". That's from a now-famous strip on XKCD, talking about how what seems to be a complex password might not be. It also shows how to make something nonsensical and somehow easy to remember. Throw in a number or special character, and now it's relatively impossible to crack (I say "relatively", because no password is truly impossible to crack - it just takes a LOT longer). 

So if I choose a nonsense phrase as my password (er...sorry, passphrase), why do I need to change it periodically?

Well, this is a two-part deal. 

First, if a cracker gets access to your account and you don't know, changing your password will immediately cut them off of access. This is generally not a big issue, as most crackers won't sit around silently, allowing you to retain your access. They'll dive in, get their information, cause whatever damage they want, and get out. But the process is still sound.

The second part has to do with how long it takes to crack a password. Remember that XKCD comic? They said it could take 550 years at 1000 guesses per second. But with advanced technology, crackers have significantly reduced that time to months or weeks - perhaps even less.

So if your systems password database is stolen, the encryption takes a while to crack, but not forever. If you change your password after the database is stolen, but before it is cracked, the cracker has just wasted a large amount of his/her time, and gotten nowhere. 

But with that huge 25-GPU machine you mentioned earlier, doesn't that make all this pointless?

Yes...and no. As I mentioned, passwords are often the only line of defense for your account - but they don't have to be. We can enable (on many, but not all, sites) 2-Factor Authentication. But that's a topic for the next post.

Tuesday, December 11, 2012

How To Ask For Help From Techies...

...and nearly any other group of experts on a particularly involved topic.

NOTE: I tried to do a TL;DR version, but with the commentary, it was almost as long as the original article. I STRONGLY suggest you read the entire article linked.
You see, as a computer technician, I get a LOT of questions about computers and how to fix them. Frequently, it's a quick "how do I..." question, asked in passing at work or by friends while I'm out and about. Generally speaking, I'm okay with quick "how do I..." questions, as long as it doesn't take more than a couple of minutes to answer.
But there are always (and frequently so) the users who constantly barrage technicians like myself with issues they have on their personal or work PCs. Unfortunately a LARGE MAJORITY of these issues are the type that just irritate the hell out of me and other technicians.
So today, I bring to you a link for downtime reading. It is long and a bit brash. It's written by a "hacker". No, not one of those malicious little punks who write viruses and break into your systems (those are more accurately called "crackers"). No, he's a hacker, meaning a high-level expert in a variety of systems and computers in general.
So in this article, now about two years old in its latest iteration, he talks to end users about how to ask smart questions to techies. How to elicit better responses (hint: 'better' responses are not always what you'd think), and how to make it more likely to get a response AT ALL.
So, without further ado, the link is here (beware, this is a long, but very useful read):
http://www.catb.org/esr/faqs/smart-questions.html
(Note: reposted here in accordance with author's policy)
I urge everybody to read that - it shows how to make it more likely to get answers from very technical people on websites, and to find your answers for FREE! But bear in mind that it's not all easy work. In fact, it puts a lot of the responsibility on you, the end user. In short, it shows user and technicians alike how to LEARN.
I very much agree with the author's point of view. It is, by and large, how I learned so much about computers. I didn't keep asking question after question after question. No, I did my own research and then asked when I honestly couldn't find the answer. I still hold to that, and even teach my sysadmins a few things that they don't know (because hey - nobody knows EVERYTHING about computers).
Keep in mind that the suggestions in the above article are not just about asking for free help; it’s also a valuable set of lessons for dealing with your company’s IT support, as well. While some of the items don’t translate to in-house IT, a lot of it does (especially the part about Googling for your answers).
It’s not about lazy IT technicians not wanting to do work; it’s about technicians who want you to learn. We want you to learn how to resolve your issues; that way, when you run across the problems you can’t resolve, we’re presented with the challenges that much US learn. That’s why there’s a joke that the #1 tool for IT techs and sysadmins is Google. Here’s a hint: that’s not a joke – it’s the actual truth. In fact, that’s very frequently how many of us learned enough to become professional techs.

Monday, December 10, 2012

Beginner Monday–More Terminology

So there’s a lot of users in the workforce that confuse terminology, and inadvertently say the wrong thing to their IT support. This post is about correcting some of those misperceptions. That way, when you talk with your Tech Support, you can say the right things (hopefully) and get them on the right path. Because if you say server, and you mean wi-fi, you can send your tech support down the wrong path (and thus take a lot longer to fix your issue).

1. Network – This is any setup that allows one computer to talk with another. Any method that allows two computers to interact is a network. There are a lot of types of network, but there are two categories that most users care about: wired (or LAN), and wireless (or WI-FI). More on these terms later.

2. Server – This refers to an actual machine type, called a server. It has a special operating system. There are three versions, Windows Server, Linux Server (which has several sub-versions, called distros), and Unix Server. Some applications are accessed on a server. Some network items are done from servers – such as your account and relevant password, anything done by Citrix, emails, websites, and much more.

3. LAN/Wired network – This is when you plug a network cable into your laptop/desktop/netbook. It uses a special type of cable, the most prolific of which is known as an “ethernet” cable, or RJ-45. It looks like a phone plug, but larger.

4. Wireless/Wi-fi – This is a huge up-and-coming technology. Like anything else in computers, there are several types. But for simplicity’s sake, we’ll leave it in general terms, and just call it “wireless”. There’s been some misconception about wireless – it only refers to networking, nothing else. For some reason, a lot of people think that it refers to wireless power (thus no need for a charging cable), which is absurd.

Wireless networking requires two items: a wireless router or wireless access point, and a wireless-capable device. The device is usually a tablet, cell phone or laptop. The “wireless” is only between these two items. Some confusion is people thinking the router didn’t need to be plugged into the wall. There still need to be power and network cables between the router/AP and the wall; just not between the router/AP and the laptop/device.

The general range of wireless is a couple of hundred feet if you’re really crazy lucky. House walls and lots of power lines and metal construction can interfere with signal. Most of the time is pushing it after 50 feet in real-world conditions.

5. Bluetooth – this is a type of wireless that requires a special mention here. It’s a type of radio signal (similar to your car radio), but with a very short range; about 35 feet. It has to be “paired” with devices, so the bluetooth-capable device has to have a passcode to connect. The most common use of bluetooth technology is between a cell phone and headphones. Though, it can be used between a computer and other devices: printers, speakers, docking stations, keyboards, mice, and even between a computer and a cell phone or another computer.

6. Internet – This is the network of all networks. It is a network of networks. Connecting to anything beyond your own building/house/structure is almost certainly going to the Internet before it gets to the destination. The Internet carries the signal from computer to websites or other buildings/cities/countries.

7. Intranet – This is an internal network, meaning it’s only accessible if you’re connected to the same network as the other device (the internet doesn’t count, as it’s not one network, it’s millions of networks). Some portions of a company’s network can only be asked if you’re on the same network; some websites, email, etc. If your intranet is not available, that doesn’t necessarily mean that your internet is down. The reverse is also the case; just because the internet is down, doesn’t mean your intranet is not working. If both are not working, then it’s a local network issue, or a problem with your PC not connecting.