May 26 2009 7:34PM GMT
Posted by: Troy Tate
network analysis,
protocol analysis,
packet analysis,
packet capture,
training,
education,
wireshark,
ethereal,
tcp/ip,
trace files,
Networking,
tools,
Monitoring,
reporting,
IT education,
performance monitoring,
troubleshooting,
howto,
Metrics,
analysis,
Laura Chappell
I recently posted an update about Laura Chappell’s Chappell University Online seminars. I attended one of these seminars today. What a great experience! I always try to attend Laura’s events and always pickup a tidbit that makes my life as a network manager easier. She gives you information about tools you can use to fight the battle of “the network is down”. Most of the time the network is behaving as designed. It’s poorly written applications or too high user expectations that create issues. So, if you want be the expert on fighting the network is “bad” syndrome - check out Laura’s presentations - I did and I learned something new… Continued »
May 22 2009 6:03PM GMT
Posted by: Troy Tate
Password,
Security,
authentication,
strong password,
password strength,
complex password,
information security,
tool
Passwords are the bane of security but currently and historically the primary authentication method for users. Check out this article by Roger Grimes and see how your password policy stacks up using the Excel spreadsheet tool he provides for download. You can use the to convince management how weak your password policy really is.
Roger Grimes presents a useful tool for figuring out how susceptible your network might be to a password-cracking attack
Thanks for reading & let’s continue to be good network citizens.
May 22 2009 3:24PM GMT
Posted by: Troy Tate
Center for internet security,
CIS,
Security,
information security,
information security metrics,
Metrics,
security metrics,
application security,
change management,
incident management,
patch management,
vulnerability management
As an information security manager I am always struggling with how to measure the security posture of my organization. As they say, you can’t manage what you can’t measure. There’s lots of talk out there about ROI (Return on Investment) or ROSI (Return on Security Investment). These may be business numbers for the bean counters but what do these really mean to the security posture of the organization.
The CIS worked with over 100 team members from government, private and academic organizations to design a set of metrics designed to measure security processes and outcomes. The list below shows some of the business functions covered by the current suggested list of metrics.
- Application Security
- Number of Applications
- Percentage of Critical Applications
- Risk Assessment Coverage
- Security Testing Coverage
- Configuration Change Management
- Mean-Time to Complete Changes
- Percent of Changes with Security Review
- Percent of Changes with Security Exceptions
- Financial
- Information Security Budget as % of IT Budget
- Information Security Budget Allocation
- Incident Management
- Mean-Time to Incident Discovery
- Incident Rate
- Percentage of Incidents Detected by Internal Controls
- Mean-Time Between Security Incidents
- Mean-Time to Recovery
- Patch Management
- Patch Policy Compliance
- Patch Management Coverage
- Mean-Time to Patch
- Vulnerability Management
- Vulnerability Scan Coverage
- Percent of Systems Without Known Severe Vulnerabilities
- Mean-Time to Mitigate Vulnerabilities
- Number of Known Vulnerability Instances
Take some time and visit the CIS metrics page or download the consensus security metrics (registration required). You may find some useful tools in building and supporting an information security program for your organization.
Thanks for reading & let’s continue to be good network citizens.
May 21 2009 12:57PM GMT
Posted by: Troy Tate
network analysis,
protocol analysis,
packet analysis,
packet capture,
training,
education,
wireshark,
ethereal,
tcp/ip,
trace files,
Networking,
tools,
Monitoring,
reporting,
IT education,
performance monitoring,
troubleshooting,
howto,
Metrics,
analysis
I’m a huge fan of Laura Chappell. She has a great sense of humor and is a great educator about all things packet oriented. Previous posts about Laura have included:
Is protocol analysis or network management your thing?
ARP as a network auditing tool
Did you see this? - Latest Laura Chappell Newsletter
Did you see this? - the viral bitgirl
She has now started a new online seminar series. Some of the presentation are free and others are accessible for a fee of $99. If you cannot get away for education, then this is an excellent alternative and you can gain a great amount of knowledge from this packet analysis expert. I recommend that you visit Chappell Online University and sign up for the free Wireshark Jumpstart: Master Key Tasks for Network Troubleshooting seminar to get a feel for the seminars.
Thanks for reading and let’s continue to be good network citizens!
May 19 2009 5:48PM GMT
Posted by: Troy Tate
OSI model,
tcp/ip,
Networking,
education
Here is another source for educating yourself and some of your users on what networking is all about and why fixes are not always explained in simple terms. The example that the author gives of trying to explain to a casual air traveller how all of the devices on an aircraft work together for a landing is very similar to explaining a network to a typical home user. The author of the TCP/IP networking from the wire up takes the complex subject of a network and breaks it down. Add this to your list of references on the OSI model.
If you have not visited the Microsoft Technet Blogs website, then you should take some time and check it out.
Thanks for reading and let’s continue to be good networking citizens.
May 11 2009 2:28PM GMT
Posted by: Troy Tate
disaster recovery,
disaster prepareness,
business continuity,
business continuity planning,
bcp,
dr,
information security,
standards,
education,
enterprise risk management,
erm,
risk management,
crisis management,
crisis planning,
crisis communication
If you are involved in IT you should also be involved in the disaster recovery planning and operations for your organization. There are quite a few resources to help with this activity. A very good free one just came across my desk that I wanted to share with you.
It is called the Disaster Resource Guide. It is a free quarterly publication to US mailing addresses. The guide covers six content categories:
- Planning and Management
- Human Concerns
- Information Availability and Security
- Telecom and Satcom
- Facility Issues
- Crisis Communications and Response
The guide has been published since 1995. There are three specialty issues printed each year that go deeper into a single content category. To subscribe visit http://www.disaster-resource.com/renew.
Some topics of the articles in the 2008-2009 edition:
Where Does Business Continuity Planning Belong in an Organization?
NFPA 1600 or BS25999? … Why Not Both?
Using Standards to Get Immediate Value for Your Organization
The Mouse in the Room: “Where’s the Planning for People?”
May your disaster preparations pay off but may the disaster not strike that you have not planned for. Thanks for reading & let’s continue to be good network citizens!
May 7 2009 7:33PM GMT
Posted by: Troy Tate
Midmarket security,
Unified Threat Management,
Defense in Depth,
Single Point of Failure,
UTM,
Security,
information security,
information security management,
threats,
vulnerabilities,
exploits
An ITKE poster recently asked a great question.
Experts tout unified threat management appliances as an ideal antimalware, intrusion prevention and content filtering firewall for midmarket companies. But doesn’t this counter the long-standing security practice of defense-in-depth? With a one vendor, platform, and management console, aren’t we talking about a dangerous single point of failure?
When is UTM good enough? When should we go with standalone devices?
Here’s the answer that I offered:
Actually it is defense in depth even though they are all contained on one appliance or device. Think about the layers in a bullet proof vest. They each work in tandem to prevent damage to the person wearing it. However just one type of layer by itself would likely not be enough protection against certain firearms.
Granted it is a single point of failure, but the ability to manage an entire suite of services from one console is attractive to many smaller organizations that may not be able to provide the care and feeding of single purpose devices. The ability of a vendor to patch the entire product suite against vulnerabilities is another good reason to go to a UTM device. If using multiple devices from different vendors, then the vulnerability exposure could potentially be greater if one vendor addresses a vulnerability in their appliance/service but another does not.
I would go to standalone devices if the potential threat to my organization could create capacity/performance issues on the UTM device.
How do you think about the UTM vs defense in depth issue? Do you agree with the answer I offered? What do you think?
Thanks for reading and let’s continue to be good network citizens.
