Sekiur My Thoughts

MUST SEE. SIMPLY AWESOME.

Related articles by Zemanta

• Apple unveils new iPhone without Steve Jobs (mycompuquest.blogspot.com)

Tim Ferriss and Kevin Rose discuss their top 5 Must Read Books.

Random w/ Tim and Kevin – Ep3 from Glenn McElhose on Vimeo.

I endorse the following:

• The 22 Immutable Laws of Marketing
  
• Getting Real
• The Tipping Point: How Little Things Can Make a Big Difference

Other books on my reading list this year.

• The Knack
• The Integrity Dividend: Leading by the Power of Your Word
• The Trophy Kids Grow Up: How the Millennial Generation is Shaking Up the Workplace
• Mastering the Hype Cycle: How to Choose the Right Innovation at the Right Time (Gartner)
• Talent Is Overrated: What Really Separates World-Class Performers from Everybody Else
• Inside Drucker’s Brain
• Tribes: We Need You to Lead Us
• High Altitude Leadership: What the World’s Most Forbidding Peaks Teach Us About Success
• Plugged In: The Generation Y Guide to Thriving at Work
• Content Nation: Surviving and Thriving as Social Media Changes Our Work, Our Lives, and Our Future
• Smart Networking: Attract a Following In Person and Online
• Making Technology Investments Profitable: ROI Road Map to Better Business Cases
• Strategic Alliances: Three Ways to Make Them Work (Memo to the Ceo)
• Reward Systems: Does Yours Measure Up? (Memo to the CEO)
• Wargaming for Leaders : Strategic Decision Making from the Battlefield to the Boardroom

Seven ways to achieve customer service.

Do you know any others?

1. Focus on the wants of the customer
2. Make your effort about fulfilling their need, not having them do what you want
3. Listen don’t hear
4. Determine what action(s) you need to perform to fulfill the customer’s expectations
5. Go above and beyond what is necessary to get the job done
6. Follow-up to ensure the customer is satisfied with the result you have achieved
7. Determine if there is there anything else you can do to make the customer happier?

So funny. MUST SEE.

As professionals in security we are constantly researching new technologies to keep our skills sharp. The Internet Storm Center was formed to assist with keeping our peers aware of the fast paced changes in vulnerabilities, patches, hacks, worms, Trojans and threats in general.

How we communicate these risks to our key decision makers sometimes can be a challenge. A recent example would be the Conficker April 1st situation. It was important for us to convey the sense of urgency we felt to have MS08-067 patched, as well as cross checking all our systems for updates being rejected, anti-virus definitions up-to-date and so on. My question to you is “did you communicate the risk effectively”? Were you able to give a complete and accurate risk assessment to your management?

Remember that risk assessment is the process of identifying a threat, understanding how that threat relates (vulnerability) to your organization, assessing the cost and providing that information to management. The formula is simple, let’s break it down.

Risk = Threat x Vulnerability x Cost

1. State the threat in language that is easily understood. It is your job to decrypt the threat for your management team.
2. Portray clearly and accurately what the threat could do and how it would possibly perform in your environment.
3. Identify the number of assets which may be affected by the threat. What is percentage of vulnerable devices in relation to the total devices? (Servers, workstations, operating systems, Internet exposure)
4. Identify the corrective measures which are available to be taken.
5. Calculate the SLE (Single Loss Expectancy). What is the dollar value of the cost that equals the total cost of the risk?
6. State how the remediation would lower the exposure to the organization and give a cost for those actions.
7. Recalculate the SLE with projected remediation included.
8. Provide status of the protection mechanisms already in place (anti-virus definitions, IPS signature detections, patching statistics).
9. Then allow management to make an educated decision based on risk to the enterprise, not just the security event itself.

By utilizing this concrete methodology, we can lessen the influence of media hype and provide a professional cost based opinion to those best equipped to make enterprise decisions.

Source:  http://www.dshield.org/diary.html?storyid=6223 by Mari Nichols

Related articles by Zemanta

• Top Ten Ways to Know If You Have the Conficker Virus (ethelthefrog.com)

In just under a minute I migrated a couple of GrandCentral account to Google Voice and I am very exited to see a transcript of a voicemail show up in my Inbox.

I will definitely miss the GrandCentral interface as its much more intuitive than the new Google Voice GUI.

A limitation currently in place on both platforms is the capability to have 2 different accounts ring one same number. I particularly like this to have a personal and a business number both ring my cell and landlines. The workaround for the moment is leaving an account with GrandCentral and on one Google Voice. Lets see how long that lasts.!

One thing that I have seen more and more recently is my GrandCentral dropping calls on me. Maybe its Google’s way of getting users migrated.

Related articles by Zemanta

• Google Voice Emerges from GrandCentral, Transcribes Voicemail (lifehacker.com)
• Google Voice: Bells, Whistles, and Voicemail Transcripts (blippitt.com)
• Google Voice: A New Approach to Voice Communications (littlegreenfootballs.com)
• Google Launching GrandCentral As Google Voice (searchenginewatch.com)

In an age were applications are quickly moving to the web, security threats increase the risks of a breach causing economic damage and loss of reputation to businesses.

No longer is it viable to have a firewall protecting internal resources from the outside world without knowing and inspecting the legitimate traffic coming into the network, which hackers take advantage of by climbing the OSI layer were 1st generation firewalls were not protecting.

The OSI layer is an abstract definition for layered communications between computers, starting at the bottom of the layer with the physical wire and moving to to the 7th layer called the application layer.

The first firewalls on the scene allowed the network administrator to protect up to the 3rd and 4th layer which are named the Network and Transport layers, by restricting access to certain to an IP address from a range of IP addresses or restricting access to a server only on port TCP 80 in the case of a web server.

Application aware firewalls soon surfaced but the horse power required to break down the packets for analysis and reconstruct them to send them to their destination was not there, taking a big hit on the performance of the link and even then only a few widely used applications (http, ftp, etc.) were available to perform inspection on.

A different device to address this shortfall was introduced and named IDS (Intrusion Detection System) allowing the detection of malicious attempts to access computer systems.

Later IDS (Intrusion Detection System) were able to send control signals to firewalls and routers to actively block attacks and were often used in conjunction with Honeypots which deflected attempts at unauthorized use of the systems it was protecting.

Intrusion Detection Systems (IDS) work by classifying traffic as either normal or anomalous based on rules and in order to create these rules the system must be taught to recognise normal traffic activity using artificial intelligence techniques. Once these systems were taught using neural networks or usage of the system adhering to a strict mathematical model, any traffic deviating from the norm would flagged as an attack.

This proved to be problematic with the introduction of new variables into the system/network like new applications or services that could potentially trigger a Denial of Service (DoS) by making an unwanted change to the firewall. Additionally IDS (Intrusion Detection System) would not be in-line with the firewall but rather out of band adding latency to the process handling attacks.

The IDS (Intrusion Detection System) required two major and critical areas of improvement which included moving beyond the anomaly detection to add vulnerability-based signatures and the capability to work at wire speeds to enable in-line deployment.

Vulnerability-based signatures was a way for security vendors to work proactively with software vendors in finding and patching vulnerabilities before the bad guys did, thus releasing updates to blocked specific attacks to systems which may have not been patched yet.

A device that blocked attacks and let everything else through was born and coined Intrusion Prevention System (IPS).

An Intrusion Prevention System is a network security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities. Network-based IPS, for example, will operate in-line to monitor all network traffic for malicious code or attacks . When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass. Intrusion prevention technology is considered by some to be an extension of intrusion detection (IDS) technology.

As with any inline device, the reliability and availability is of utmost importance. This is mostly addressed by a bypass feature allowing fail-open for copper ports should the device fail.

Market leaders in this space are Cisco Systems, Juniper Networks, McAfee, IBM (ISS), 3Com (Tipping Point) and Sourcefire.

So how do today’s available solutions stack up in the real world? A recent study of 170 randomly selected enterprises compares the results of real customers who use Cisco, IBM ISS, McAfee, Sourcefire, or TippingPoint in live network environments. The vendors were evaluated across eight key measures in three primary categories, including:

1. In Band Blocking: To block unwanted traffic in real time, IPS’s must be placed in-band rather than off a tap or mirror port. Only in-band devices can provide real-time, deep inspection of data packets at layers 2 through 7.
2. Filter Effectiveness: At the heart of the effectiveness of any IPS solution is how many attacks its filters can block.
3. Ease of Use: Network operators are less likely to deploy Intrusion Prevention Systems across the expanse of their networks if the solution is hard to set up and manage.

The real data are in on how leading IPS solutions perform in the real world. Tipping Point scores highest – often by large margins – on each key performance and manageability measure. The Tipping Point IPS provides superior protection against evolving network attacks – and continues to provide timely protection as new forms of attacks emerge.

The Tipping Point 210E provides 200 megabits per seconds of aggregate bandwidth with a typical latency of less than 1 millisecond while providing 10 x 10/100/1000 Ethernet copper ports divided into 5 segments in a little over 1-U package.

Initial configuration is performed by connecting via a console cable to the appliance and setting several parameters using a setup wizard. The management server running a custom version of Fedora also will need to be configured with network and user information.

Management of the appliance is done via an installable program which has 7 major components:

Events: Allows the monitoring of event based on a wide range of criteria including filters, filter taxonomy, network and segments as well as threshold filters.

Reports: Existing templates allow the quick generation of reports on attacks, performance protection, rate limit, device traffic and traffic threshold amongst others. Customized reports can be saved and scheduled for particular times and configured to be delivered via e-mail in a variety of formats including PDF, HTML and Excel. [Download not found]

Profiles: The IPS appliance comes preset with a default profile which contains how the appliance will handle the traffic coming through its segments. All 5 segments can have a different profile making it very easy to apply a policy to a network segment and a completely different one for another network segment or even to protect a certain host.

The filters are categorized as Application Protection, Infrastructure Protection, Performance Protection and Traffic Management.

A large number of filters are set to Block/Notify under Application Protection and Infrastructure Protection leaving the action taken by the other 2 categories to be determined by the Corporate security policy.

Quarantine: This allows the IPS to block particular IP addresses or networks for a particular time. Extremely customizable.

Devices: Provides the ability to manage multiple IPS appliances from one management console providing the capability to push policies, software updates and upgrades, and digital vaccines at the click of a button.

Admin: This allows the management of users and configuration of the management server.

Dashboard: A customizable window into protection and performance metrics provided by the IPS – Intrusion Protection System.

I was surprised to see the small amount of hacking attempts across 4 class ‘C’ networks of public IP addresses coming to the conclusion that the stateful inspection firewall in place was inspecting traffic allowed on certain protocols and thus filtering many of the attacks. Traffic not inspected by the firewall was filtered by the Tipping Point 210E appliance.

A side benefit of using this appliance after customizing the profile for the Application Protection – Spyware category was detecting spyware installed on the network and it being blocked from transmitting data outside the corporate network.

Related articles by Zemanta

• Juniper Networks Positioned in Leaders Quadrant of Leading Analyst Firm’s Magic Quadrant for Network Intrusion Prevention System Appliances (it-sideways.com)
• Cybercriminals in the Cloud (mycompuquest.blogspot.com)
• Report: IT not scrimping on security during recession (arstechnica.com)
• Cisco bakes software security into new Linksys routers (arstechnica.com)
• Security Jeopardy (stillsecureafteralltheseyears.com)
• CIOs: Your networks have already been compromised (macworld.com)
• Where Does The IPS Go? (phoneboy.com)

Twenty years ago my parents knew where I was and who I was with or so they thought.

Well maybe not but basically it was much easier for parents to keep their kids on the straight and narrow and away from trouble.  It basically consisted of keeping an eye on dubious VHS/Betamax tapes and password protecting satellite channels as well as keeping tabs on friends.

With the Internet, social networks and cell phones; you as a parent basically have no insight on who your children interact with, what they see and what shenanigans they might tumble into.

The morals of spying on your kids is beyond the scope of this post, but I start on the premise that involvement in your children’s lives greatly reduces the probability of them getting into shady situations.

The Internet posed the first challenge for parents to unwanted content most of which was porn. Placing the computer in a common area and restricting access to it sufficed. With the widespread use of Instant Messaging it became harder to just restrict access to the computer and once filtering software surfaced the new challenge of unmonitored communications emerged.

Now what makes online communications so much different from phone conversations we could have had 20 years ago with a friend? Its a fact that the anonymity of the Internet may serve as a dis-inhibitor prompting kids to do things they would not have done while just talking on the phone. Chatting log applications emerged to serve this market.

As instant messaging converted to the web from applications running on the PC at home, it has become more difficult to see what’s happening on social networks and with the wide-spread adoption of smart phones by teenagers and young kids, the methods at home for filtering and monitoring communications no longer work.

Schools have put in place measures to ensure that students don’t have access to questionable content but these are useless when students arrive at school with high-bandwidth enabled iPhones.

As every sword has a double edge so does technology. Even though these devices present a new challenge for parents, it also offers unheard of possibilities 20 years ago like the capability to see where your kids are at.

Google Latitude allows a mobile phone user to allow certain other people on his or her Gmail contact list to track where he or she is. This application requires that the user share their location when Google Maps opens on a mobile phone whether using the on-board GPS or triangulation of cell towers. It will however ask the user to continue sharing their location when you exit the application so its not what you would call stealthy.

Moostrax however does run behind the scene running quietly on the options menu on Blackberries, sending location information at regular intervals to a website. Apart from live tracking on Google Maps, it offers additional nifty features like historical tracking that can be exported to a Google Earth format, GeoFences allowing someone to be notified via e-mail when the phone enters or leaves a certain pre-determined area, Location Tagging allowing the tagging of your favorite locations, and a developer API to integrated other applications.

Ronald Reagan once said: “Trust But Verify” when discussing relations with the Soviet Union

Related articles by Zemanta

• How To Trace a Mobile Phone Location with Google Latitude (makeuseof.com)
• Satnav seeks integrated solution (guardian.co.uk)
• Publish Your Location to Your Blog or Gmail Chat with Google Latitude (blippitt.com)
• Your Favorite Location-Based Mobile Apps (readwriteweb.com)
• Top 6 iPhone 3.0 Apps to Watch (mashable.com)

Tonight Show Tweeter Tracker