The point, going forward, is to make teaching myself security a part of my life so that the very act of living does not get in the way.
Monday, October 24, 2011
excuses excuses excuses....
LIFE.... that is my excuse. Life. Life happened and teaching myself security was not in it these past two weeks.
Wednesday, October 5, 2011
I must be missing something here....
Saw an article about a new experimental security technology
the final line of the article, which is very light on details, is:
In testing, the SICE framework generally took up approximately 3% of the system's performance overhead on multi-core processors for workloads that do not require direct network access. "That is a fairly modest price to pay for the enhanced security," Ning says. "However, more research is needed to further speed up the workloads that require interactions with the network."
Don't get me wrong, I'm all for new and innovative ways to protect our data in the cloud.... but.... this one has low overhead for data IN THE CLOUD when it is not communicating with THE NETWORK.... right, so data that is accessible ONLY over a network or the Internet is protected at low overhead costs when it IS NOT ACCESSED.... yeah.... I'm must be missing something here.
-knowmad
and now for the learning part
Let me learn you something.
A good grounding in network basics is BEYOND useful in security, and computer tech in general.
While I have a very good working knowledge, the official 'grounding' has never happened. Not in any measurable/official manner. So i asked some ex-coworkers and they suggested this 5 hour online course:
My intent is to finish it by before this weekend, write up what I learned and whether or not i suggest it to the next person. Then I will (or will not) add it to the list I am starting of training resources.
Lets see how that works out for me.
-knowmad
on physical computer security and data at rest
I have been lucky.
I have traveled the world in service to my last employer, schlepping along crates full of equipment, and have not yet had anything stolen or lost.
Several of my co-workers have not been so lucky. i-Phones were the most common items to be lost or stolen, most having simply been forgotten in cabs. A few laptops were lifted at meetings, some luggage lost or stolen. One co-worker got his car broken into twice, losing an i-Phone the first time and a laptop the second. Same mistake both time, he left them in plane sight in the car, parked on the street.
This article:
Gives a quick overview of how easy it is to get your electronics stolen, and some (but not all) of what is out there to help recover it.
My favorite quote?
"Tales of stolen phones and laptops being successfully retrieved are the exception to the rule. "
Keep that in mind. Once its been taken, getting it back is tough, REALLY tough.
In all truth, the hardware is rarely worth the effort of retrieval. Unless your talking super high end video editing laptop, or ...say..... the prototype to your brand new, not yet released, blockbuster device.... Your more likely worried about the data on the machine than the machine itself.
There are two major answers to the question of protecting data at rest (ie on the machine, not transferring over the network/Internet/tubes/what-have-you). The first is encryption, and the second is remote-wipe.
Oddly, some companies have taken a combined view of this. Apple, for instance, has instant wipe on its i-devices. This is essentially whole-disk encryption with a locally stored key, and the key is all that is wiped. Without the key, the rest of the data is theoretically beyond recall.
This sounds pretty good, fast and simple. However several security researchers have shown that its very easy to stop or reverse the wiping of the key, and then you have all the data.
Remote wipe works, generally speaking, OK for phones and other cellular devices. Laptops however, not so much.
Although I have used remote wipe to kill the odd stolen laptop, its tough to tell how well it worked. Then again, we were using a roll-your-own approach to the issue. There are purpose built programs that use dead-man's switch type activation, but then... what happens if you don't log in for a week?
Whole disk encryption is generally beter for laptops, but it is not without its own issues. First off is that it definitely causes a hit to performance. Its FAR better than it was 8 years ago when I first started working with it, but its still noticeable. It also makes supporting the device harder, but thats an annoyance to IT, not the end user. Lastly, I have all too much experience with WDE causing windows to crash and burn. This is not a windows specific issue, its just that I have more experience with it in windows than anything else.
Also, remember that the newer machines use SSDs, and there is very very good evidence that nothing is ever truly erased from them, not with a whole disk format, not when you overwrite... pretty much, its gonna take some thermite and shovel.
In the end there are no perfect answers, but at least work is being done. The most important thing is to keep in mind what is on the machine, and try not to lose it in the first place.
(easier said than done)
-knowmad
Tuesday, October 4, 2011
Who do you trust?
Sadly, whomever you trust or don't, your data is held and accessed by a lot of people you have no choice but to trust. A lot of those people are corrupt.
MOST 'hacking' and data/identity theft is done as an inside job.
Today's examples:
and
These are just the most recent ones.
Basically, you cannot simply give your data (SSN, CC#, Address, Phone number, MMN, etc) to a bank or hospital and never think on it again. Even if (and that is a BIG if) said organization takes reasonable precautions against losing your data, an internal attack is hard to see, and near impossible to completely avoid.
Lesson to learn from this? Keep a close eye on your credit reports and other records of financial activity. Know when your activity changes, why and what to do about it.
hey, that fits the motto: Baseline, Compare & Communicate.
cool.
-knowmad
Monday, October 3, 2011
Daily Reading
Lots of plans for this blog, but lets start small.
This is the first of my suggested daily reading lists that i will post. As time moves on and my skills HOPEFULLY improve, I will change the list to reflect more focused interests as well more advanced material.
First off, I listen to the pauldotcom.com podcast. Its not for everyone, but it is highly entertaining while remaining educational .... however it is vulgar, rude, childish and somewhat icky. All things that make it fun, but not for everyone.
Now, the daily reading list:
and then there are the three status pages that i check or keep open but don't "READ"
The total intention is that with the exception of when I am reading an article in depth, these ten sites plus three status pages should take no more than 40 minutes to go through.
Likely I will have to pair down my daily reading a bit. Of course, I am open to suggestions.
- knowmad
Baseline Compare & Communicate - the first post
My name is Josh, aka knowmad (long story, not for here).
I was, until recently, a senior tech-support person at an un-named (you can figure it out if you try, google-fu white belt level) international tech-related company.
I loved my job. Hated my commute, but there are worse things in life.
I worked for that company (here-after known as THEM) for three and a half years. I got to travel (three US cities, six countries, four continents and lots of frequent flier miles) and meet all kinds of people from all walks of life the world over. I worked with a team of seriously dysfunctional but exceptionally dedicated and bright people. If I had it my way, I would still be working with them.
However, I did not have it my way. My wife completed her medical training and got a job on the east coast. Her job paid a LOT more than mine, plus it would be odd to ignore 15 years of her training so I could keep my job.
So we moved.
THEM would not allow me to continue to work remotely, a decision I disagreed with but understood.
So now I find myself without a day job, three children and a house to look after, and a brain that is slowly atrophying into mush.
During my time working for THEM, I was sent to a week long class taught by John Strand of paudotcom fame. I enjoyed it immensely and took the test afterword, earning my GCIH certification. During the first two days fo the class, I coined an acronym for myself regarding what was being taught: Baseline, Compare & Communicate. This was in regard to how a security professional can best protect himself and his organisation.
I have decided that I am taking time for my kids so they get settled. During that time, I am teaching myself everything I can about good computer security, and Im keeping myself motivates by blogging about it.
I intend to post once a day something small but security related, and once a week a large lesson of what I have learned and how I am progressing.
This long winded intro does not count as todays post, but rather simply as me saying hi.
HI
knowmad
Subscribe to:
Comments (Atom)