Differentiating mobile devices

Disclaimer: These be the thoughts and ramblings of the author, not necessarily those of his employer, management or any other fellow lackies.

When company management seeks to differentiate between devices and attempt to ban certain categories of device from the workplace they can often fail to realize that categories have merged and cannot easily be separated.

Apple mobile devices, for instance, all run the same operating system and apps So banning IPad tablets but not IPhones does nothing from a security, capability or risk standpoint. The same apps and capabilities exist on the phones as the tablets.

In fact, phone calls can be made from an iPad using google voice to any landline, so would that not make an iPad fit into the phone category?

If you say no then would you be classifying the IPad as a tablet on a mere size basis ?

Phones are getting bigger. The galaxy note 2 phone is 5.5 inches. The new iPad mini is only 7.8 inches and has a cellular radio option available. The ipod touch is only 4 inches but has no cellular radio. Which is a phone and which is a tablet ?

I would argue that the whole phone / tablet differentiation is bogus as tablets can have the same operating system , hardware and uses as a phone.

Trying to restrict tablet use only serves to alienate a subset of workers and show managements lack of a true understanding of modern mobile devices.

S. Russell Dyer BS CNE CISSP CRISC Security+ CICP
Mobile device Guru.

The wire is the key

Disclaimer: These be the authors thoughts and ramblings, no other may claim ownership of them. They are not necessarily the thoughts, policies or mindset if the authors employer, management, or fellow slaves.

The wire is the key to enterprise security. Whoever owns the wire holds the keys to the kingdom. Make sure your network security department has the tools to " own the wire".

The majority of Data leakages and breaches happen over the wire, and the wire is what we must maintain a laser focus on.

Sure, log correlation can yield valuable information in a post breach scenario, but the real time relevancy if the traffic on the wire far outweighs the patch detain of server, workstation and device logs.

Think if the fox in the henhouse. Does the farmer want his first alert of trouble to be screaming gens getting slaughtered or would he rather see the fox approaching across an open field and gave time to prevent the slaughter.

This is why a system that monitors the traffic on the wire is an enterprise imperative. Such s system can be a hard sell to executives, as it may not be a regulatory requirement, or helpful to external auditors focused on logs and reports. But the seemingly high cost of such a system pales into insignificance alongside the financial and reputation costs of even a small data breach.

So the enterprises should invest in network monitoring software which can show, alert, and capture, traffic on the wire. This allows the information security teams to identify, intercept and prevent breaches.

All information security teams prefer Prevention of breaches, but are often limited by prior management funding and system acquisition decisions to post breach analysis.

That's all for now

S. Russell Dyer BS CNE CISSP CRISC Security +

Location:Okemos Rd,Okemos,United States

BYOD 5 Commandments

The 5 commandments of Bring Your Own Device.

1. Issue an approved Tablet and Phone to every employe.

- The only way to standardize on one platform and reduce your support, Audit and training costs is to standardize on one platform. Today e options are Apples IOS or Microsofts Windows 8, or Googles Android. I'd recommend Apples IPAD and IPhone as their build quality and security are a much higher level than Android or Windows Phone.

2. Monitor Devices.

- security requires centralized monitoring, alerting and management. Invest in a mobile device management solution with a proven track record.

3. Audit Devices.

- audit regularly to ensure the security profile of the devices is maintained and patching is effective.

4. Update

- ensure devices are bing patched and over time, perhaps every 2 or three years, the devices will will need to be replaced / updated with newer, faster and more productive devices

5. Relax.

Employees are not enherently evil or criminally inclined. Allor employees a few minutes each hour to check personal email and blow off som steam. If managers walk but, don't expect mployees to b buried in work for the full tidiness the office. Expecting this will result in micromanagement impacts, like employees becoming paranoid, timekeeping taking precedence over productivity, and employee morale spiraling into the gutter. This can in turn lead to employees leaving and the dreaded brain drain.

Disclaimer: The views xpressed in his article are those of the author, and not his employer, management or fellow worker bees.

S. Russell Dyer. BS CNE CISSP CRISC Security+

Mobile Device Guru, Security Analyst and Slave to all things Tech.

<img src="file://localhost/var/mobile/Applications/FD73DEEB-8A71-487D-B1D3-4E05250BB76A/Documents/BPImageUpload%20Image%20Uploads/2A5E0112-AC43-4F8B-95E3-103C66784DE3">Liar on the wire

Disclaimer: The views expressed in this article are those of the author and not of his employer, fellow employee lackies or friends and cohorts.

Malware and other techniques used by hackers continue to evolve and each evolution sees adaption of methods to evade attempts a detection.

How long until the bad guys integrate code to trick operating systems into generating false log entries to obviscae the real attack.

This is another reason to watch he traffic on the wire and not rely on log entry correlation as a defense.

S. Russell Dyer.  BS CE CISSP CRISC Security+

Security Analyst and I.T Guru.

What makes work suck

Disclaimer: The views expressed in this reticle are the authors alone and not of his employer, management or fellow order lackies.

Workplace paranoia is a constant battle and when workers are constantly looking over their shoulder worrying that a manager will walk by and see a worker taking a couple of minutes to check his or her ank account and assume that's all the worker is doing all day, the work environment becomes painful.

Management needs to concentrate on th big picture, and not stoop to micromanagement which kills employee morale.

When one departments employees see that thy are targeted for rules that other departments are not given, it makes for a poor working environment.

Employees need space and time to refocus during the work day and this can in several different forms.

Personal devices can be used to check personal email and share non work news with fellow workers.

Walk outside or inside of the building can be a good re-energizer.

More later,

S.Russell Dyer BS CNE CISSP CRISC Security+

Security slave to the cause.

Winston Churchill quote

1) “Success is the ability to go from failure to failure with no loss of enthusiasm.” Winston Churchill, former prime minister of Britain

<img src="file://localhost/var/mobile/Applications/FD73DEEB-8A71-487D-B1D3-4E05250BB76A/Documents/BPImageUpload%20Image%20Uploads/30DBFF4E-F2B1-4328-8D39-8EE221C6CA86">&nbsp;Enterprise security 10 commandments.

1. Define a security policy

This is the document which governs all data security within the company. Some tips? It shouldn't be too lengthy (no employee is likely to engage fully with a fifty page document); it should not demand the impossible; and it should show that you value your employees. (A further recommendation: have an executive or the HR department deliver it, rather than IT support.)

2. Make use of security technologies

These are the basis for the security of the company's data/information. A network that does not have antivirus protection, firewalling or antispam will be exposed to too many risks for other controls to cover adequately. According to data presented in the ESET Security Report Latin America, 38% of enterprises in the region were infected with malware last year.

3. Educate your users

Moreover, educate all your users. Technically adept users or the IT Department are often not included in security training, as if it were proven that they are less vulnerable to threats. According to ThreatSense.Net statistics, 45% of the threats detected in the region last year made use of social engineering, which against which technical but security-unrelated expertise may offer no defence at all.

4. Take control of physical access to information

Information security is not a problem that should be considered only in terms of "virtual" information, but should also consider the physical media where it is stored. Where are the servers? Who has access to them? Without a doubt, physical access is crucial. Printed data should also be considered in this respect. For example, physical access to offices where confidential information is held (Management, accountants etc.) or where there is access to printers (someone could take "accidentally" see or steal confidential information).

5. Maintain your software

Software vulnerabilities are the gateway to many attacks against the organization. According to the report on the state of malware in Latin America, 41% of USB devices are infected and 17% of the malware used exploitation of vulnerabilities. Keeping the operating system and other applications up to date with the latest security patches is a vital security measure.

6. Don't just rely on IT to defend your systems

One of the most common security errors is to fail to understand that security is not purely a technological problem. There should also be a team whose sole purpose is to manage information security, and this should be given full consideration rather than ignored in favour of issues such as usability and convenience. Security is not the only business need, but it is important.

7. Don't give ordinary users administrative rights

If users don't have administrative rights they don't need, the impact of an intrusion into the system will be limited. Once again, we should emphasise the importance of implementing this control for the entire company: members of the IT department and senior management should also have limited privileges for day-to-day computer usage, using administrator accounts only where the job in hand requires them.

8. Think before you sacrifice security to save money

Security should be designed to protect business information and, therefore, the business. When investing in security, take into account the value of the information that is to be protected, the likelihood of a breach, and the likely consequences of such a breach. 

9. Don't finish a security project

That may seem a strange thing to say, but it isn't, because you shouldn't start a project either. Security must be seen as a continuum, not a process with a fixed start and end point. It is true that small implementations of security controls may need to be implemented as projects, but general protection of information protection should not be perceived as a project, but as a continuous process and ongoing business requirement.

10. Don't underestimate the importance of information security

Our last and possibly most important point is to urge you to understand the importance of well-protected busines information. One of the worst mistakes that an executive can make is to thinking that a control should not be implemented because "I don't think I happen". Many companies, especially small and medium-sized enterprises, may not recover from a severe information breach.

Low cost event correlation

Disclaimer: the views expressed in this article are those of the author and not his employer, management, fellow lackies, or family.

So you have a boat load of vents or correlate, and no big budget automated tools. Well , you may have some tools, but its likely that they aren't login up to to sales hype.

Lets look at some basic tools. Your event is typically a source IP address, a destination IP address and maybe a port number.

First off, work out the DNS names. You can use nslookup for internal IP addresses and websites such as ipvoid and speedguide.net for external addresses.

Google the port number and see what the web says are common sues of the port.

For internal windows systems, get sysinternals tools, particularly psloggedon.exe which can tell you who's logged onto the internal system.

If psloggedon doesn't work, try connecting to the c$ administrative share of the windows system and looking at the user profiles folders under the users folder.

These basic tds can get your started.

For a small network, see if you can get a security onion system or a Trisul system with is span port on the outside o you dmz. This can give you all this info and more with the click of an icon or two ifrerly configured.

Cheers and more next time.

S. Russell. Dyer BS CNE CISSP CRISC Security+ CICP

Information Security Analyst and mobile device geek.

An issue of Priorities

Disclaimer: These ramblings are the authors and his alone, and are in no way attribatible to the authors employer, management or friends. 

As we navigate the ever changing landscape of information security, we must continually balance the many priorities thrust upon us by management, other teams and external customers.

Often times, we beleive directives handed down from management should be modified to meet the goals we believe are the desired end. Whether it is through the use of differing tools than those suggested or an alternative procedure which would reduce time and improve efficiency, it is often difficult to convey this information successfully back up the management chain. When this happens, resistance and animosity can run rampant.

Management invariably gives us just the information thy beleive we need to know and this may leave us in the dark as to the true goals of a task. 

Example 1: 

Management directive for analyst eyes on glass for event monitoring with a requirement to process a certain number of events per day.

Upside: Management  needs metrics to show upper management that security is working.

Downside: in an effort to produce metrics, and indeed increase events processed we may focus on volume over quality. An event showing ssh access from another country may be logged and initial log review may show nothing suspicious, so it is filed and the analyst moves to he next event. When further investigation for a day or two may show a pattern and indicate possible progress by an attacker which could warrant defensive action.

Example 2: External influences reducing the effectiveness of the Security Team.

Other teams who are directed to resolve the findings from security team tests, may seek to limit the effectiveness of the tests by influencing the decision on the tools to be used. This can be done at upper management levels which are not visible to the security team, and may result in a task to scan certain systems with a less effective tool than others which are available, or timing parameters which limit the granularity of the testing.

Other vectors for issues are purchasing decisions where the security capabilities of tools are not given sufficient weight.

So, what options are open to security teams to guide and assist their management in producing what we beleive are optimal data most efficiently and effectively.

1. Communication is the primary tool to ensuring smooth running and optimal success.

- regular meetings, say weekly, can foster success providing they are run effectively.

Meeting must be open with all team members and the team management being in attendance. Team members must be able to speak freely and openly about their thoughts on topics. Each team member should be allowed equal time and weight for their input, which can be difficult as here are often big talkers who can monopolies the discussion. It is managements task to ensure equal access during discussions.

Meeting agenda should also be available at least 2 Amy's in advance so team members can be suitable prepared. 

2. Information dissemination from management needs to include all relevant data. This is difficult for management as they often seek to limit information so the discussions reach their preconceived desired result. Sometimes confidentiality issues prevent information dissemination also. Management may also b swayed by input from other departments.

3. The information Security Team needs to present a united front externally. 

Decide on the optimal combination of tools, procedures and policies, and don't try to change tools every year or two. Because you want to have the optimal toolset, the decision on the tools needs to be a team one, and not a management directive. Take feedback from the analysts and engineers who ha used all the tools and give then the necessary weight and credence. An engineers opinion of a tool he does not use day I and out, should have very little weight when compared to an analysts advice who uses the tool every hour of every day.

Information security is not easy and at times it may seem the biggest obstacles to success are forces inside the enterprise. Yet we must use all the tools in our arsenal to improve security and prove tht security is a valuable department or the Enterprise.

That's all or now.

S. Russell Dyer BS CNE ISSP CRISC Security+ CICP

Remember the Disclaimer!

What's in a Cube

Disclaimer: The following ramblings are those of the author and we in no way the opinions, views, policies, or anything else related to the employer of the author, the authors management or fellow minions.

These days the most common work environment for company employees is an office cube. A bland space which employees endeavor to make their home away from home with pictures, keep sakes and other reminders of their family, and outside life. Office cubes are not the optimum environment but due to economies of space, thy are the best option available.

Some office cubes can be of a less private style with 4 foot walls which customer service departments often prefer. While these can Enable more over the all communication, they remove another level of self worth from the employee and seem to degrade the quality of work.

Then there is the alternative of crowding several people into a room in an effort to allow closer communication and more work output. This is a double edged sword which will invariably result in perhaps a greater volume of work output but output which is of less quality. Without the privacy and calm of their own individual workspaces which foster a deeper and more inciteful thought process the result of certain tasks is not as good.

I beleive that the full size cube is currently the best option and crowding more people in a closer working environment results in diminished productivity, lower morale of employees and in the long term, a hight turnover in staff.

Disclaimer: The abov ramblings are the Authors alon, and in no way represent the opinions of the authors employer, management, fellow employees or friends and strangers.

S. Russell Dyer BS CNE COSSP CRISC Security+ CICP

Security Analyst, Computer enthusiast and mobile device addict.

<img src="file://localhost/var/mobile/Applications/FD73DEEB-8A71-487D-B1D3-4E05250BB76A/Documents/BPImageUpload%20Image%20Uploads/661415F9-7463-4BE1-818F-191EB6481557">Metrics vs Productivity

Disclaimer: The views expressed in this article are those of the author and NOT necessarily those of his employer or management or even fellow employees.

The emphasis on metrics

As companies seek to reduce th bottom line costs and increase efficiencies, the reliance on metrics increases. Information security departments are often thought of as an overhead and drain on the bottom line and this are striving to product metrics to support their distance. This striving to show value through metrics is a doubl died sword.

On the plus side, metrics can indicate positive performance in the effort to increase the overall security posture of Enterprise.

Such metrics can be the number of tickets closed by an administrator, or he number of incidents reviewed by an analyst.

On the negative side, there can be a tendency to drop important tasks which can be hard to show metrics on and concentrate on routine tasks which are easy to produc metrics on but in reality do not enhance the overall security of the enterprise.

The incident metrics often do not reflect the complexity of each incident or the result of the investigation. This can not easily be quantified and thus an emphasis on numbers and not on quality has a negative impact on the enterprise security posture.

So in summary, Metrics can be good or bad and the decision on which metrics and level / quantity of each metric needs to be carefully discussed before implementation.

DISCLAIMER: These at the authors personal views and not necessarily those of his employer.

S. Russell Dyer

BS CNE CISSP CRISC Security+ CICP

Security Analyst, And Dad to Makayla, Tristan and Michael.

The Best Defense

Disclaimer: the article represents the views of the author and not those of his employer, management or fellow minions.

Information security is evolving but on one front it still lags behind. The area of offensive defenses.

My point is at the best defense I a good offense.

Through the use of honeypots and red herring links in applications we can force web based scanners and the hackers at their controls to waste massive amounts of time and becom disinterested enough to move to an easier target.

Writing links and adding additional extra pages in applications which the end user never sees can be a great tool. These pages can b outside of user navigation paths, and can simulate login pages with links to honeypot databases and file systems with heightened logging. Using this technique the security team will have more info and time to back track attackers and analyse the evolving landscape of web based attacks.

An escalation could be these fake systems launching exploits against whoever is accessing them. Attack is a viabl defense in my opinion.

It's time to go on the offensive against hackers.

S. Russell Dyer BS CNE CISSP CRISC Security+ CICP

Security Analyst, but I'm by no means an expert  ;-)

Epic Fail

Disclaimer: The views expressed in this article are those of the author, and not his employer, management or fellow employees. 

Having worked in information security and in the IT field for 20 years, I'm struck with the frequency that systems designed to assist us end up becoming a sink hole for time, money and energy.

Lofty goals often result in the purchase of massively complicated systems with vast ranges of capabilities that should work and perform as the salesman says. Unfortunately the systems that attempt to be all things to all people are often useful things to very few people and a major pain in the butt to everyone else.

Today I'm advocating the selection of a few simple tools to cover what is needed. 

Don't try to combine log archiving and event correlation network monitoring. It's just too cough to be effective. RSA envision tries and fails and Arcsight is only for the rich.

Archive your logs by all means but don't presume that this is easily harvested and turned into events and dashboards and monitoring.

If your goal is network monitoring, then select a network monitoring tool, like net witness or the cheaper Trisul. See the events from the wire and not from logs from the past.

That's all I have to say on this for now.

KISS - keep it simple stupid, 

And avoid the Epic Fail.

S. Russell Dyer

BS CNE CISSP CRISC Security+ CICP

I.T insider, Former Network Engineer, and Security Analyst.

Personal Mobile Devices in the Enterprise

The portable device conundrum and a logical solution

Disclaimer: This article represents the observations, views, opinions and general ramblings of its author and is not the policy, opinions or views of the authors employer, management or fellow employees.

User's want the freedom to bring in personal portable devices for business and personal reasons, both of which can improve the employees overall quality of life, work and job performance.

Be of no double that this does pose a security risk, BUT when properly mitigated there can be a measurable benefit to the enterprise. Happier employees are without doubt more productive employees. They are also healthier employees which impacts the companies bottom line for health insurance coverage.

The initial thrust of personal device introduction to the enterprise came with personal cell phones. These phones are now smart phones and susceptible to attack and compromise in much the same ways as computers and laptops. 

Personal laptop computers and more recently tablets, like the IPad line from Apple, represent a more vulnerable threat vector than cell phones, but developers and IT personnel often utilize these tools for work and also for brief periods during the day to refresh their focus. Short breaks during the day can positively impact personnel performance.

A practical solution

The issue of personal devices at work can by addressed piecemeal, by a patchwork of policies and controls, or Boldly and I would argue successfully by a single, all encompassing management led solution.

I propose that the enterprise that wishes to solve this issue cold do so with the following simple steps which would have the added benefits of raising employee moral, reducing support costs and eliminating much of the portable device risk.

1. Give an apple IPhone and Apple IPad to every Employee. Employees who do on call support will have company subsidized devices, and other employees would have to use the phones at thier own cost. The benefits to support are that all users will become familiar with the same operating system and can gain advice and support from each other in addition to the usual channels.

2. Buy a mobile device management solution for apple devices only. 

3.  Regulate to prohibit through policies and enforcement, that use of any other devices within the confines of the enterprise in prohibited and provide a quarantine area when prohibited devices can be dropped off by users and picked up after their work day ends.

4. Add additional value by creating an apple development group and producing applications for your in house systems which customers need to access.

The main point is to standardize on a single platform and reduce support costs. It is an added bonus that Apples IOS is less exploited by hackers than windows.

S. Russell Dyer BS CISSP CRISC

Security wanderer and event handling Lackey.

DISCLAIMER: The views expressed in this article are solely those of the author and not those of his employer, company management or fellow employees. 

Scan Everything&nbsp;

Previously I proposed that monitoring the wire is vastly more effective for alerting and generating events.

Now I'll cover the other piece of he equation, Vulnerability scanning.

Disclaimer: the views and opinions in his article are entirely mine and not those of my employer, fellow employees or management. 

Back to Scanning.

Firstly, scanning has to be all encompassing, regularly repeated, and something has to be done with the results.

The first caveat of cunning is that you you can't scan when you do not know about. The network needs to be accurately documented and Visio diagrams are a must if no automated solution is in place to dynamically enumerate the network.

The second caveat is that everything gets scanned repeatedly, and preferably on a Weekly basis.

Weekly scanning will more rapidly show you what is changing and the new vulnerabilities. You can then match these vulnerabilities to traffic alerts on your network and you will know when to be concerned.

The third caveat is that you need a good scanning solution that has audits updated more than weekly, and that doesn't crash or fail you when you need results. The solution needs to be all encompassing and able to scan internal and external facing systems regardless of their operating system, level of hardening or age. Just because its only been around for a year or so is no excuse for a scanning vendor not to support scanning of it. The scanning solution must be able to do credentialed or uncredentialed scanning. A solution which can select from a list of credentials depending on the detected system type is a valuable feature.

Finally, vulnerability scanning seldom lay causes issues on target systems and limiting scans to a narrow weekend window gives no flexibility to work around other network or system changes. 

So what scanning solutions hav I used? 

1. EEye Retina and REM was ok but has stability and support issues so I cannot recommend it.

2. Tenable Nessus has a few more features and the government likes it, but alas I do not. There is a better option.

3. Core Impact. While you can in theory scan for vulnerabilities with core its a penetration testing tool and not a vu operability scanner. You may as well tie your shoe laces with mittens on. While you may have success, you won't excel and the results will be mediocre.

3. Rapis7 Nexpose. Options available to scan internal and externally facing systems. Can select credential from a list depending on system detected. Integration with Metasploit for pen testing and validation. This is the preferred commercial solution.

For a cheap alternative..... Can't think of any at the moment.

Thanks for reading and once again, these are my personal views and not those of my employer, its management or fellow employees.

S. Russell Dyer BS CSSP CRISC

Information security guru and slave to the cause of securing networks and users.

Securing the network

Disclaimer: the views expressed in this article are mine alone and do not reflect the views of my employer or fellow employees or management and are expressed because we live in the and of the free where speaking your mind usually doesn't result in beheading.

After many years of navigating the information security maze I have come to the conclusion that concentrating on event log correlation from servers, workstations and network equipment and alerting on these events is not the best path to securing the network and preventing security breaches. Indeed, I believe it's defunct and outdated and will eventually fade into oblivian.

Collecting the vast amounts of logs and sifting through them only tells you what has happened in the past, or more importantly, what each log source thinks has happened. It is implausible to think that each system on the network has been programmed with event triggers for every concievable event and if we know what triggers events and alerts, then hackers also know this and may e able to navigate around and avoid these triggers. Collecting all the logs at a central location and then attempting to write triggers is also a monument opus waste of resources, as the network and systems on it continue to be upgraded, replaced or decommissioned, the event triggers need ever increasing maintenance, and their complexity morphs to a point where they no longer perform their originally intended task.

Compliance and Audit requirements often require us to continue collecting and storing and reporting on log data, but we should not rely on this same process for securing the network in real time. It is in reality only useful for after action analysis once an incident has been identified and contained.

The only way to truly know what's happening on the network is to see the traffic on the wire in its raw form, before its received by target systems and interpreted into log data. Assuming that this is our goal then there are several guidelines which must e followed to be successful

1: Use multiple LAN taps or span ports to see the entire picture. If you try to watch your network with one span port then you are one big fool. To know what happening on the network we need a span port on he outside of the firewall to see what's trying to get into the network. if there are multiple Links to the internet, then each needs a span port. Another span port is needed between the dmz and the workstations to see he traffic between then. Another span port for your wireless network. Always remember, unlike  federal spending, more is better when it comes to span ports. BUT also avoid duplication.

2: Centrally collect and monitor data from each spam port. While historical data is nice, don't over do it and try to store months of data. You have event log archiving for that istorical stuff and while its not perfect, it will do nicely.

3: Select the best system you can get that meets the following criteria.

 - from a recognizes vendor who has been in this space for several years

- has a central dashboard with drill down access and does not need the analyst to switch do other screens / applications to trace an event.

- the vendor supplies event trigger updates at least weekly

- reporting is customizable so management and technical staff can get the reports they need.

- integrates with other industry recognized solutions using non proprietary communication vectors.

- vendor supplies support and is in you time zone, but preferably 24/7 support.

NetWitness is a great solution and I have used it so can test to its ease of use, intuitive interface and its interfac is lightening fast. Unfortunately it's been acquired by RSA so I'm not sure what will happen with that.

Trisul. (Trisul.org) is a much cheaper solution and worth investigating. I have used this and seen its value. And if you onl want to be able to look back 3 days, it is free.

4. Assign dedicated staff to monitor, maintain, and run the system. (A note to management - If you jerk your staff around from one tool to another and expect them to be masters of all they will end up being good at none and the only jerk will be you. Sorry to be blunt, but it is what it is)

Finally, when your watching all that traffic on your network, you will need policies, published, backed up and preached to all by the executive management in order to get the traction you need to tighten up your network security.

Disclaimer again. This article represents my views and not those of my employer, an agent or my 5 year old son Michael. No matter how much they may agree or disagree.

Thank you

S. Russell Dyer BS CISSP CRISC

Security Analyst and Network watcher for over 20 years.

The election approaches

When November arrives and along with it Election Day, I'll vote for the least worst candidate along with most Americans.

The Democratic incumbent openly supports abortion and gay marriage, while testifying to being a Christian.

The Republican challenger is a Christian, but Mormon and not baptist. He republicans are also closer to big business than I would prefer.he Republican challenger is a Christian, but Mormon and not baptist. He republicans are also closer to big business than I would prefer.

When November comes Ill vote Republican because I'm a bible believing baptist and the bible says that thou shall not kill, and marriage shall be between one man and one woman.

 

 

 

Posted with Blogsy

Greenfield village<span id="selectionBoundary_1347236102968_5678466688841581" style="line-height: 0; display: none; " class="rangySelectionBoundary"></span>

Vintage cars everywhere at greenfield village

ICloud &nbsp;- a double edged sword?

iCloud - a double edged sword

There is an inherent logic to using iCloud to backup your I devices. The security of being able to restore from a recent Backup while you are on the road being a major advantage. Apple may have created a stable O/S and a great phone and Tablet, but they are still not bulletproof and my 5 year old can still send them into the dead zone with ease. Dont ask me how, but he does something to send them beyond a simple reboot to recover.

There is also the comfort of being able to locate a misplaced phone and sync data across the iPhone and iPad.

Enter the Corporate conundrum !

Trying to prevent data leakage and restrict access without inhibiting employee efficiency is a problem which dogs corporations across the globe. This balancing act becomes more difficult with the passage of time as more services and features become cloud enabled.

As a Security Analyst I used to be totally anti-cloud but this has become an untenable position as my device usage has increased.

I believe the ICloud may now represent an acceptable risk for the corporate environment....with certain caveats.

ICloud backup of iPhones will enable more support options for executives who now spend a large portion of their time out of the office, and often out of the stae or country. Being able to talk a stressed executive through an iCloud based restore is certainly preferable to having the, wait while a new device (without his or her contacts , calendars and data)is sent overnight. 

Locating a lost device is also a great feature.

The non cloud alternatives for back are insufficient in my opinion. A local iTunes backup is useless when your on the road and gone if your hard drive on your pc dies.

There will be data leakage to the iCloud for sure, but no level of policy, procedure, controls and monitoring can totally prevent cloud leakage. So the logical choice is to embrace a single cloud solution, and the best value, and most compatible is iCloud.

That's all for now.

S.Russell Dyer

BS CNE CISSP CRISC Security+

Test

Thus is just a quick test.

Political mess

Alas, with an election approaching we have no clear Obama alternative.

In a perfect world we would have a PAC free and lobbyist free Washington. You wouldn't need 50 or a hundred million dollars to run for president, and we would have more than 2 options to vote for.

Yet alas, we are destined to get either another 4 years of a speech maker who can't deliver and supports the killing of unborn babies and disenfranchising of all Americans who aren't from a minority. Or we get a rich out of touch businessman who will fail to tackle corruption and will look the other way as top business executives rake in way more money than they deserve as they increase profits by eliminating workers and reducing benefits for everyone except themselves.

All we bottom feeders can hope for is to make it to retirement with a few saved pennies to live on.

Smart password box

How about a application smart password box.

The password box knows the first character of your password or a key character.

When you need to enter a password, you can type erroneous characters but as soon as you hit that key character the box knows your real password is being entered.
So anyone observing couldn't know what your actual password is. Would that be possible ? I think so.

Location:Okemos Rd,,United States

Thursday stuff

Another busy day at work and practice tonight. Concert on Saturday.

Location:Okemos Rd,,United States

IPhone 4s remove jailbreak

Well,
Boss wants my work phone back to stock. Said jail breaking is illegal, which it is not - google jail breaking iPhone legal.

And against corp cellphone policy, which it isn't mentioned in the policy and there is no official policy.

Anyways, Bosses boss doesn't like it so it's back to stock.
:-(
I will miss sbsettings.






-Posted from my IPhone 4S

iPhone 4S Jail break

Yeah for the iOS dream team as they have released the IPhone 4s jailbreak.

My iPhone 4s us now sporting cydia and SBsettings.

Just google 4s jailbreak.



-Posted from my IPhone 4S

Xoom ICS

Running the latest Team EOS nightly for my Xoom. I'm loving ICS as it adds a big speed boost.
It's very stable also.


-Posted from my IPhone 4S

Location:Okemos Rd,,United States

Weather

The second snow for this winter. Only a couple of inches but that's all it takes to confuse and confound most drivers here.



-Posted from my IPhone 4S

Location:Okemos Rd,,United States

Microsoft smart play

Who should Microsoft buy ? Not nokia. The smart play is for Microsoft to buy RIM and transition blackberry is to windows phone 7/8. This would give Microsoft a big push into enterprise phones and also, RIM has a huge user base ready to move to IPhones. The only way to compete is an end run to buy RIM. -Posted from my IPhone 4S

Location:Okemos Rd,,United States