Ever used it?
You should check it out, www.spiceworks.com
Its free and useful if you are a comp tech on a budget. More importantly, if you can get access to an account on the AD, even a very limited one, SpiceWorks will let you see everything else on the network unobtrusively (but not silently). More important, if they are already running spice works, you can leverage that.
I am currently researching spiceworks for known security bugs, reason being that I need to be able to trust it before I consider full use of it.
I'll keep you posted if I find anything.
Monday, December 5, 2011
The Learning Curve
So you noticed another hiatus in my posts?
I got a job. A good one.
Oddly, due to the level of work required I will be learning new stuff all the time.
As such I expect my useful posts to increase, not decrease.
I got a job. A good one.
Oddly, due to the level of work required I will be learning new stuff all the time.
As such I expect my useful posts to increase, not decrease.
A guy to watch
Probably old news to the rest of the world, but this WIRED article about Chris Soghoian is a good if light read.
His new website, http://www.privacyreports.org/ (not running yet) sounds very useful and something I would really like to see.... as would every non-govt aligned security professional and IT Director in the world.
His new website, http://www.privacyreports.org/ (not running yet) sounds very useful and something I would really like to see.... as would every non-govt aligned security professional and IT Director in the world.
Thursday, November 10, 2011
Report sees safety risks in computerized medical records
OH BOY.
Im trying to reduce the snarky level of my posts so.... here goes.
I read this article and had to wonder how much was spent on a report that verifies what many computer security professionals have been saying for a while.
Generally speaking, no electronic files of any sort are without risk of compromise. (Physical record are also susceptible but they take more individualized effort and run into fundamental laws of physics reducing the scope of a successful attack.... how many file-folders can you fit in the trunk of your car?) However, the more a given set of information is worth, the more likely its theft or compromise will be.
And always remember, the largest data thefts tend to be inside jobs.
OK, now we have covered the 'background' so to speak, lets get some quotes from this article:
"Concerns about harm from the use of health (technology) have emerged," the report said. "Designed and applied inappropriately, health (technology) can add an additional layer of complexity to the already complex delivery of health care, which can lead to adverse consequences."
What I read there is that if you dont keep it simple, and make too many competing standards.... all hell will break loose. Even standardized systems can be clunky or badly setup. I have personal experience with a system set up at two nationally acclaimed children's hospitals. The same system, set up by what I believe was two different vendors. In one Hospital, the implementation was so complicated that even after six months of training and testing there were still life threatening mistakes being made on a regular basis. The other hospital, however, had a better setup with fewer default settings left in place and more reasonable and logical customization. Their system worked well.
Another Quote:
Tuesday's report is not the only flashing yellow light in the switch to computerized medical records. Previously, the Health and Human Services inspector general warned that security standards need improvement.
I've seen the warning from the HHS inspector general reported on before.
Hes right. One of the most popular software packages for small doctor's offices is built on an open source platform.... with a hardcoded default admin password. Unless the person installing it knows and cares to change it, the installation is vulnerable to remote attack of the simplest and most devastating sort.
Ok, enough babbling. Its a decent article, light on technical stuff but it has the right idea. Electronic medical files are not a panacea and will cause easily as many issues as it solves.
Im trying to reduce the snarky level of my posts so.... here goes.
I read this article and had to wonder how much was spent on a report that verifies what many computer security professionals have been saying for a while.
Generally speaking, no electronic files of any sort are without risk of compromise. (Physical record are also susceptible but they take more individualized effort and run into fundamental laws of physics reducing the scope of a successful attack.... how many file-folders can you fit in the trunk of your car?) However, the more a given set of information is worth, the more likely its theft or compromise will be.
And always remember, the largest data thefts tend to be inside jobs.
OK, now we have covered the 'background' so to speak, lets get some quotes from this article:
"Concerns about harm from the use of health (technology) have emerged," the report said. "Designed and applied inappropriately, health (technology) can add an additional layer of complexity to the already complex delivery of health care, which can lead to adverse consequences."
What I read there is that if you dont keep it simple, and make too many competing standards.... all hell will break loose. Even standardized systems can be clunky or badly setup. I have personal experience with a system set up at two nationally acclaimed children's hospitals. The same system, set up by what I believe was two different vendors. In one Hospital, the implementation was so complicated that even after six months of training and testing there were still life threatening mistakes being made on a regular basis. The other hospital, however, had a better setup with fewer default settings left in place and more reasonable and logical customization. Their system worked well.
Another Quote:
Tuesday's report is not the only flashing yellow light in the switch to computerized medical records. Previously, the Health and Human Services inspector general warned that security standards need improvement.
I've seen the warning from the HHS inspector general reported on before.
Hes right. One of the most popular software packages for small doctor's offices is built on an open source platform.... with a hardcoded default admin password. Unless the person installing it knows and cares to change it, the installation is vulnerable to remote attack of the simplest and most devastating sort.
Ok, enough babbling. Its a decent article, light on technical stuff but it has the right idea. Electronic medical files are not a panacea and will cause easily as many issues as it solves.
Tuesday, November 8, 2011
RTFM
A close friend of mine has been yelling that at me for years.
He's right in every way.
Even if you 'know' the system.
READ THE F-ing MANUAL.
Consider it a basic level requirement. Before you become a master, you need the basics and its (usually) all in the manual.
Boring but true.
He's right in every way.
Even if you 'know' the system.
READ THE F-ing MANUAL.
Consider it a basic level requirement. Before you become a master, you need the basics and its (usually) all in the manual.
Boring but true.
GOOGLEFU
I was thinking that I needed something small to keep me busy for the next twenty minutes.
I figured I could find a short tutorial or set of suggestions on the art of googling, aka googlefu (google fu, google-fu, google foo, etc...).
I found of course the definition, as well as this site
Which seemed like a great please to start except that this is what I found inside:
Which just brings me back to what I already knew about googling:
Know the basics. http://www.google.com/support/websearch/?hl=en
Learn the advanced stuff from the source, google.
and then there is this:
http://www.wdyl.com/#google+search
I mean.... good lord.... thats really cool and at the same time kinda scary.... I mean you could get rid of many many blogs by putting in the right search term like: http://www.wdyl.com/#learning+computer+security
I figured I could find a short tutorial or set of suggestions on the art of googling, aka googlefu (google fu, google-fu, google foo, etc...).
I found of course the definition, as well as this site
Which seemed like a great please to start except that this is what I found inside:
Know the basics. http://www.google.com/support/websearch/?hl=en
Learn the advanced stuff from the source, google.
and then there is this:
http://www.wdyl.com/#google+search
I mean.... good lord.... thats really cool and at the same time kinda scary.... I mean you could get rid of many many blogs by putting in the right search term like: http://www.wdyl.com/#learning+computer+security
Starting small - OR - Pageviews from WHERE?!?!
OK, so I know that I am just starting out. There is not enough content, let alone original content for me to be drawing big crowds yet.
In fact, the only people I expect to look at this so far are those friends I have personally told about the blog. ie, 2 friends in the DC area.
To my surprise, I'm getting page views from russia.... I am curious why.
My guess? Some sort of automated news aggregator filling dummy pages with security themed posts grabbed from google searches. I looked at one of the referring pages, its a known malware page in the .tk ccTLD (linked to the wiki article on .tk, not to the infected page) which does not make me terribly happy. Oh well, nothing I can do about it.
In fact, the only people I expect to look at this so far are those friends I have personally told about the blog. ie, 2 friends in the DC area.
To my surprise, I'm getting page views from russia.... I am curious why.
My guess? Some sort of automated news aggregator filling dummy pages with security themed posts grabbed from google searches. I looked at one of the referring pages, its a known malware page in the .tk ccTLD (linked to the wiki article on .tk, not to the infected page) which does not make me terribly happy. Oh well, nothing I can do about it.
relearning the basics - HijackThis
Ok, ok ,ok... its more like Computer Care 101 than System Security 101 but... all the same.
I happened across this:
http://www.bleepingcomputer.com/tutorials/how-to-use-hijackthis/
I have used HijackThis for a long time. I dont think I was using it to its fullest extent.
Damn that thing is thorough, much more useful now that I went back and learned the basics from the source.
Yeah, its unlikely it will help you nab a hacker, but it is extremely useful at finding (and to some extent cleaning) infections and bots and the like.
I personally hold to a strict "nuke and pave" rule for anything infected, so for me its more detection and identification than remedeation, but to each their own.
I happened across this:
http://www.bleepingcomputer.com/tutorials/how-to-use-hijackthis/
I have used HijackThis for a long time. I dont think I was using it to its fullest extent.
Damn that thing is thorough, much more useful now that I went back and learned the basics from the source.
Yeah, its unlikely it will help you nab a hacker, but it is extremely useful at finding (and to some extent cleaning) infections and bots and the like.
I personally hold to a strict "nuke and pave" rule for anything infected, so for me its more detection and identification than remedeation, but to each their own.
Wednesday, November 2, 2011
SNORT: a how to
Im not ACTUALLY ready for this yet. I want to do things in the right order. Everything I know about becoming an expert says that if you skip the basics to try the cool advanced stuff, you will ALWAYS be playing catchup and NEVER have a true mastery of your subject.
If anyone can suggest what basics to cover first, I'm always interested in your thoughts.
That being said, I found this and wanted to share it with anyone who might be looking for info on it.
It is by no means an exhaustive tutorial, here is the table of contents:
However it is worth looking at. Always remember that the best way to learn this stuff is by doing it. Grab an old machine and set up a snort box. Then test it. Then learn to read the logs from it and test it again.
Ill tell you what I think of it when I get there.
If anyone can suggest what basics to cover first, I'm always interested in your thoughts.
and of course defcon
OK, how many of use dont have the time or money to be at defcon/blackhat?
(ME)
How many of use wish we could still hear the amazing speakers?
(ME)
Have any of you tried watching the defcon media from the defcon media site?
(um...... me.... soon?)
Ok, I'll admit it, I have not yet done it. But as soon as I have power in my own house, I'll spend a few hours watching and learning.
Black Hat online
I dont know why I did not mention this earlier, BUT:
Black Hat has online talks with slides, mostly (all I think) free to listen to/download.
Its a great way to learn something new AND stay current.
https://www.blackhat.com/html/webcast/webcast-home.html
and now we return you to your regularly scheduled blog
AH, the loveliness of routine.
Not quite back to my routine BUT, at least i have internet for the day.
This caught my eye:
Security firm: Hackers hit chemical companies
Cyber attacks traced to China targeted at least 48 chemical and military-related companies in an effort to steal technical secrets, a U.S. computer security company said Tuesday, adding to complaints about pervasive Internet crime linked to this country.
Security experts say China is a center for Internet crime. Attacks against governments, companies and human rights groups have been traced to this country, though finding the precise source is nearly impossible. China's military is a leader in cyberwarfare research but the government has rejected allegations of cyberspying and says it also is a target.
So what can we learn from this?
well, first off that we can't trust China. On the other hand can you really trust any entity whose primary reason for existing is to ensure its own existence and supremacy? This applies to large corporations, small competitors, governments and most NGOs.
Truth is, you can't trust a group. You can trust an individual, but groups have a tendance to lose their trustworthiness pretty quickly. Its kind of mob mentality. If the Group did it, the individual is free of blame to work as they see fit for the betterment of the group.
OK, enough rant, back to security.
Take away:
Secure those items that make your company special or different. Famouse case of Intel and AMD. AMD once was the big player. One of their people defected to intel with the plans for the x86 chipset architecture. AMD had nothing in place to stop that, thus most of what we buy is made by .... INTEL. Securing your credit card sales is good business, securing the intelectual property that allows you to make the product being purchased with those credit card is ESSENTIAL business.
So again, secure those items that make your company special or different. Withut them, you have no reason for continuing in business.
OH GOOD LORD.......
SO, no sooner do I get things straightened out and on some sort of schedule......
EDIT:: was without power/heat/internet/etc... for 5 days. Spent the time living in the extra rooms of Family members. Vagabond lifestyle may look cool, but not with a whole family in tow.
Car Issues
Family Issues
A FREAKIN THREE STATE ICE STORM
no power, no heat, no internet.... yeah this has been fun.
all in all, blogging has not been a top priority right now.
EDIT:: was without power/heat/internet/etc... for 5 days. Spent the time living in the extra rooms of Family members. Vagabond lifestyle may look cool, but not with a whole family in tow.
Monday, October 24, 2011
excuses excuses excuses....
LIFE.... that is my excuse. Life. Life happened and teaching myself security was not in it these past two weeks.
The point, going forward, is to make teaching myself security a part of my life so that the very act of living does not get in the way.
Wednesday, October 5, 2011
I must be missing something here....
Saw an article about a new experimental security technology
the final line of the article, which is very light on details, is:
In testing, the SICE framework generally took up approximately 3% of the system's performance overhead on multi-core processors for workloads that do not require direct network access. "That is a fairly modest price to pay for the enhanced security," Ning says. "However, more research is needed to further speed up the workloads that require interactions with the network."
Don't get me wrong, I'm all for new and innovative ways to protect our data in the cloud.... but.... this one has low overhead for data IN THE CLOUD when it is not communicating with THE NETWORK.... right, so data that is accessible ONLY over a network or the Internet is protected at low overhead costs when it IS NOT ACCESSED.... yeah.... I'm must be missing something here.
-knowmad
and now for the learning part
Let me learn you something.
A good grounding in network basics is BEYOND useful in security, and computer tech in general.
While I have a very good working knowledge, the official 'grounding' has never happened. Not in any measurable/official manner. So i asked some ex-coworkers and they suggested this 5 hour online course:
My intent is to finish it by before this weekend, write up what I learned and whether or not i suggest it to the next person. Then I will (or will not) add it to the list I am starting of training resources.
Lets see how that works out for me.
-knowmad
on physical computer security and data at rest
I have been lucky.
I have traveled the world in service to my last employer, schlepping along crates full of equipment, and have not yet had anything stolen or lost.
Several of my co-workers have not been so lucky. i-Phones were the most common items to be lost or stolen, most having simply been forgotten in cabs. A few laptops were lifted at meetings, some luggage lost or stolen. One co-worker got his car broken into twice, losing an i-Phone the first time and a laptop the second. Same mistake both time, he left them in plane sight in the car, parked on the street.
This article:
Gives a quick overview of how easy it is to get your electronics stolen, and some (but not all) of what is out there to help recover it.
My favorite quote?
"Tales of stolen phones and laptops being successfully retrieved are the exception to the rule. "
Keep that in mind. Once its been taken, getting it back is tough, REALLY tough.
In all truth, the hardware is rarely worth the effort of retrieval. Unless your talking super high end video editing laptop, or ...say..... the prototype to your brand new, not yet released, blockbuster device.... Your more likely worried about the data on the machine than the machine itself.
There are two major answers to the question of protecting data at rest (ie on the machine, not transferring over the network/Internet/tubes/what-have-you). The first is encryption, and the second is remote-wipe.
Oddly, some companies have taken a combined view of this. Apple, for instance, has instant wipe on its i-devices. This is essentially whole-disk encryption with a locally stored key, and the key is all that is wiped. Without the key, the rest of the data is theoretically beyond recall.
This sounds pretty good, fast and simple. However several security researchers have shown that its very easy to stop or reverse the wiping of the key, and then you have all the data.
Remote wipe works, generally speaking, OK for phones and other cellular devices. Laptops however, not so much.
Although I have used remote wipe to kill the odd stolen laptop, its tough to tell how well it worked. Then again, we were using a roll-your-own approach to the issue. There are purpose built programs that use dead-man's switch type activation, but then... what happens if you don't log in for a week?
Whole disk encryption is generally beter for laptops, but it is not without its own issues. First off is that it definitely causes a hit to performance. Its FAR better than it was 8 years ago when I first started working with it, but its still noticeable. It also makes supporting the device harder, but thats an annoyance to IT, not the end user. Lastly, I have all too much experience with WDE causing windows to crash and burn. This is not a windows specific issue, its just that I have more experience with it in windows than anything else.
Also, remember that the newer machines use SSDs, and there is very very good evidence that nothing is ever truly erased from them, not with a whole disk format, not when you overwrite... pretty much, its gonna take some thermite and shovel.
In the end there are no perfect answers, but at least work is being done. The most important thing is to keep in mind what is on the machine, and try not to lose it in the first place.
(easier said than done)
-knowmad
Tuesday, October 4, 2011
Who do you trust?
Sadly, whomever you trust or don't, your data is held and accessed by a lot of people you have no choice but to trust. A lot of those people are corrupt.
MOST 'hacking' and data/identity theft is done as an inside job.
Today's examples:
and
These are just the most recent ones.
Basically, you cannot simply give your data (SSN, CC#, Address, Phone number, MMN, etc) to a bank or hospital and never think on it again. Even if (and that is a BIG if) said organization takes reasonable precautions against losing your data, an internal attack is hard to see, and near impossible to completely avoid.
Lesson to learn from this? Keep a close eye on your credit reports and other records of financial activity. Know when your activity changes, why and what to do about it.
hey, that fits the motto: Baseline, Compare & Communicate.
cool.
-knowmad
Monday, October 3, 2011
Daily Reading
Lots of plans for this blog, but lets start small.
This is the first of my suggested daily reading lists that i will post. As time moves on and my skills HOPEFULLY improve, I will change the list to reflect more focused interests as well more advanced material.
First off, I listen to the pauldotcom.com podcast. Its not for everyone, but it is highly entertaining while remaining educational .... however it is vulgar, rude, childish and somewhat icky. All things that make it fun, but not for everyone.
Now, the daily reading list:
and then there are the three status pages that i check or keep open but don't "READ"
The total intention is that with the exception of when I am reading an article in depth, these ten sites plus three status pages should take no more than 40 minutes to go through.
Likely I will have to pair down my daily reading a bit. Of course, I am open to suggestions.
- knowmad
Baseline Compare & Communicate - the first post
My name is Josh, aka knowmad (long story, not for here).
I was, until recently, a senior tech-support person at an un-named (you can figure it out if you try, google-fu white belt level) international tech-related company.
I loved my job. Hated my commute, but there are worse things in life.
I worked for that company (here-after known as THEM) for three and a half years. I got to travel (three US cities, six countries, four continents and lots of frequent flier miles) and meet all kinds of people from all walks of life the world over. I worked with a team of seriously dysfunctional but exceptionally dedicated and bright people. If I had it my way, I would still be working with them.
However, I did not have it my way. My wife completed her medical training and got a job on the east coast. Her job paid a LOT more than mine, plus it would be odd to ignore 15 years of her training so I could keep my job.
So we moved.
THEM would not allow me to continue to work remotely, a decision I disagreed with but understood.
So now I find myself without a day job, three children and a house to look after, and a brain that is slowly atrophying into mush.
During my time working for THEM, I was sent to a week long class taught by John Strand of paudotcom fame. I enjoyed it immensely and took the test afterword, earning my GCIH certification. During the first two days fo the class, I coined an acronym for myself regarding what was being taught: Baseline, Compare & Communicate. This was in regard to how a security professional can best protect himself and his organisation.
I have decided that I am taking time for my kids so they get settled. During that time, I am teaching myself everything I can about good computer security, and Im keeping myself motivates by blogging about it.
I intend to post once a day something small but security related, and once a week a large lesson of what I have learned and how I am progressing.
This long winded intro does not count as todays post, but rather simply as me saying hi.
HI
knowmad
Subscribe to:
Comments (Atom)