Have A Secure Summer Vacation
With summer now here officially, many of you are most likely planning vacations, and you probably want to be able to connect to the Internet during your vacation. But how do you do this securely?
Protecting SSH From The Masses
SSH brute-force attacks are not uncommon against computer systems sitting on public IP addresses. Script kiddies and botnet-infected systems are scanning the Internet looking for low-hanging fruit (think: weak passwords) to leverage for additional attacks, website defacements, or attack-tool storage.
Keeping Data Forever vs. Data Retention
Keeping data forever vs. data retention is going to become an increasingly fierce battle. In the past data retention strategies always won but as we discussed in our first entry in the series the technology is now available to store data forever and as we discussed in the second entry the technology is there to find it when you need it.
The Failure Of Cryptography To Secure Modern Networks
For a while now, I've pointed out that cryptography is singularly ill-suited to solve the major network security problems of today: denial-of-service attacks, website defacement, theft of credit card numbers, identity theft, viruses and worms, DNS attacks, network penetration, and so on.
Android, iPhone, "Kill Switch" Capabilities
The recent security related events surrounding Google Android highlights why users must exercise constant vigilance in the applications they choose to install on their handsets, and raises questions about the ability for vendors to reach into your handset to remove potentially nasty software.
There's No (New) Internet Kill Switch
The Lieberman-Collins cybersecurity bill passed out of the Senate Homeland Security and Governmental Affairs Committee on Thursday to await consideration by the full Senate. But not everyone is satisfied with what it says.
The Types Of SSD Cache
In our last entry we discussed the value of using solid state disk (SSD) as a cache, which provides a simpler on-ramp to the accelerated world of SSD. With SSD cache there are no or limited changes needed to applications and using SSD as a cache does not require a large capacity investment in the more premium priced technology.
iPhone iOS 4 Security
Apple iPhone hit the streets today. I happened to be one of the lucky few who had his delivered by FedEx on Wednesday. So I had some time to kick around with it a bit, and took a look at its (lack) of new security features.
The Cache Value of SSD
When I speak with IT Managers about Solid State Disk (SSD) one of the most common questions is how and where should it be implemented? There are many options but an extremely simple risk free way to get started is using SSD as a large cache in front of a disk array.
Secure Web Surfing With HTTPS Everywhere
HTTPS Everywhere is a new Firefox extension that tries to make surfing the Web a little bit safer by ensuring that a secure connection is the default on many popular websites.
Stock Manipulation Botnet Surfaces
A Belgian federal investigation into an electronic bank account heist reveals a sophisticated attack designed to manipulate stock prices, a Belgian newspaper reported over the weekend.
BP And The Importance Of Calling Out Corruption
A recent article in Rolling Stone shows how the combination of a corrupt process for ensuring the safety of oil rigs, corruption of the information on the risk, the actual BP disaster -- and politics -- has resulted in the biggest environmental disaster in the country's history. It also mirrors a massive problem in IT security where political expediency, short-term financial gains, and personal benefits often trump good business practice.
Why Aren't Health Organizations Embracing Cloud Storage?
As hospitals around the world move from paper-based records to electronic systems, they cited disaster recovery as one of their top priorities. While prepping for disaster is good business, shouldn't something else be a priority on the agenda of those embracing more health IT?
Real-Life Social Engineering
Social engineering attacks are becoming so commonplace that it has become a little easier to educate users about identifying phishing e-mails and websites because they are seeing the attacks firsthand on a more regular basis. What they often don't realize is the damage that can be done, or how similar attacks might come at them, through their personal lives.
Search Google, Surf Facebook Using HTTPS
While more and more sites support encryption (Twitter, LinkedIn), sometimes even by default (Gmail), others still send your data in the clear. The new Firefox extension is just what the doctor ordered.
Porn Tops Web Watching, Gaming Growing Fast
Pornographic Web content accounted for a whopping one-third of all page views, according to security firm Optenet. Online gaming sites are also dramatically growing in popularity. If their popularity is growing with your employees, it's time to review your usage policies.
Keep Everything Forever, Part II - Indexing
In our last entry we reintroduced the idea of a keep everything forever storage retention strategy. We also touched on some of the basic capabilities like cost effective storage options and data movement options that can make a forever retention strategy realistic. In this entry we will look at what is one of the most important requirements the ability to find what you have in the archive.
There's A Recipe For That
Back in the dark ages when I was a programmer, I became horribly fascinated with a tool called make. It was a tool for dealing with the complexities of, well, making finished executable code.
Revisiting The Keep It All Forever Retention Strategy
Each day a seemingly new regulation is being placed on businesses and almost every one of these regulations adds to the data management burden in the data center. In the past I have advised against the keep it all forever mentality of data retention but now it may just be the only way left to protect the business.
Vulnerability Scanners Must Be Used Carefully
Automated network and Web app vulnerability scanners can make strengthening your business's defenses a lot simpler -- or a lot more complicated, depending on how much you and your team know about their uses. A new report looks at some of the challenges accompanying vulnerability scanning.
Snort'ing Out Anomalies
Detecting determined attackers focused on getting your data -- and getting away with it is not an easy task. To that end, many security products have been created that attempt everything from separation of privileges and tight access control to full network packet inspection and data loss prevention.
On AT&T's iPad E-mail Security Snafu
While the flaw that made it possible for onlookers to access the e-mail addresses of Apple iPad users wasn't directly Apple's fault, the incident is certainly disrupting the Jobs' Reality Distortion Field and dulling some shine of the successful iPad launch.
Cloud Is Real Culprit In iPad/AT&T Security Hole
The recent revelation that over 100,000 iPad users had their email and account information exposed to hackers due to a mistake by AT&T made a lot of news this week and caused no small amount of embarrassment for AT&T and Apple. Bu the big news isn't the security failure itself, it's the reminder that in the modern world of cloud computing, security goes well beyond personal devices.
iPad Email Hack Shows AT&T Security Sloppiness
Info on more than 100,000 iPad email addresses grabbed from AT&T by a self-proclaimed security group will cause far more problems for AT&T than for Apple. But Apple's single-mindedness about AT&T deserves more than a bit of the blame, too.
Implementing Storage Capacity Planning In The Modern Era
As discussed in our last entry, all the storage optimization strategies will impact how much capacity you will need to purchase in your next upgrade. The problem is that much of the savings are going to be dependent on your data. You will hear vendors state something like "your actual mileage will vary" and that is very true. With that as the backdrop how do you make sure you don't overshoot or worse, un
Ways To Slow An Attacker
The inevitability of failure in security has been up for discussion a lot during the past couple of years. It's a mentality that a lot of security professionals have subscribed to because of various reasons: proliferation of malware, user behavior, advanced persistent threat (APT), or simply Murphy's Law.
Massachusetts Data Privacy Standard: Comply Or Not?
In my previous position at a database security vendor, I was often asked by marketing to explain the applicability of technology to problems: how you could use assessment for PCI compliance, or why database activity monitoring was applicable to privacy laws, for example.
Does Deduplication Make Storage Capacity Planning Difficult?
With all the technologies out now, and it not just deduplication, to optimize the use of primary storage capacity, the guidelines for how you estimate how much capacity you need in a given year needs to change. In some ways storage capacity planning is more difficult than it has been in the past. It has to change to keep up with the new capabilities of storage systems like thin provisioning, compression and deduplication.
Confidela Upgrades Secure Document Solution
Watchdox, a cloud-based platform for businesses that need to share sensitive or secure documents, now has enhanced compliance features and the ability to support larger files.
Deepwater Horizon Lessons Parallel IT Risk Management
Set aside the magnitude of the loss of life, and the extraordinary costs of the BP Deepwater Horizon catastrophe to the Gulf coast region to the wildlife and the livelihood of millions. Individual IT disasters rarely would have such horrendous reach and impact. However, there are a number of eerie similarities between the BP Deepwater Horizon catastrophe and the failures within IT risk management we see all too often.
Think Your Enterprise Is Under Attack?
Well, I'm sure it's probed, prodded, and attacked every day. Sometimes by live criminal attackers, other times by curiosity seeking hackers, and quite often by automated and malicious software. But it's probably not hit as often as the Department of Defense networks. It's tough getting one's mind around these numbers.
'Dark Side' Uses For Defensive Tools
Tools used by system administrators for defensive security can often be turned around and used offensively by attackers. Microsoft Sysinternals' psexec is a great example.
SANS And RSA Say SMBs Use SIEM For Security, Not Just Compliance
According to new reports from SANS and RSA, after years of SMB investment in security information and event management (SIEM) tools as a means of confirming regulatory compliance, businesses are now buying forensic and event management tools in order to use them.
Guided Storage Analysis
Software tools that provide storage and data protection analysis are very useful. They can help inventory, monitor and bring to your attention problems in the environment. Typically there are two challenges that I see with these tools however. First, they don't provide recommendations on what to do about a problem and they don't help you prioritize and organized your addressing of the problem.
Kerio Control 7 Expands Network Security Offering
Enhanced intrusion detection and prevention, new admin console and embedded Sophos anti-virus are among the new features in Kerio Technologies latest iteration of its Kerio Control network security management product.
Facebook: Screw You, Privacy Hugger
As you know, Facebook recently overhauled its privacy controls -- or, well, overhauled the user interface to them. Upshot: Get over the privacy thing. But is that really what we want?
Tabnapping Threat Should Have You on Guard
How many tabs do you have open in your browser right now? Potentially, some of them can be tabnapped -- taken over by crooks looking to trick you into re-entering your password and user name.