According to: SoftPedia News

TechWorld reported today that a new type of malware that could be impossible to detect by the anti-virus technologies currently on the market has been developed by security researchers and will be demonstrated at the Black Hat security event scheduled for August in Las Vegas. The same source adds that the new rootkit could prove to be incredibly hard to detect first of all due to the fact that it stays in a “protected part of the computer memory”.

Just what I needed… another reason to tell my users to “just say no” to using computers.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

To get the ball rolling, I am listing some items that I consider to be important to the infrastructure/security folks like me. I know this list is not exhaustive or complete. It is a work in progress and will need to be refined for each event since they are all different. Some of these may be done in the due-diligence but the rubber hits the road during the implementation.

So, without further ado:
Absorbing a new acquisition - to do list (general & incomplete)

• Private WAN connectivity - 30-90 days or more lead time depending on location
• flexible IP addressing scheme to absorb devices on new network(s)
• Internet firewall changes - ports, source addresses, NAT, etc.
• DNS ownership and management
  • changing registrars
  • changing DNS nameservers - use a dig tool to get information concerning current configuration - MenAndMice
• Network hygiene - how clean are the devices and what personnel habits need to be changed?
• Device inventory - what effort will it take to do this?
• Software licensing inventory
• What about handling loss of staff & knowledge?
  • Documentation of processes, procedures, configurations?
• Phone list sharing
• E-mail addressbook sharing
• E-mail system integration
  • anti-spam/anti-virus
  • calendar sharing
• ERP process integration
• Resource access permissions
• Financial reporting integration - accounts payable, receivable, tax, etc.
• Staff reporting structure
• Other HR activities - benefits, payroll, etc.

I welcome your insight and experience on the many other activities you feel is important to address during a merger/acquisition.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

The Shadowserver Foundation is an all volunteer watchdog group of security professionals that gather, track, and report on malware, botnet activity, and electronic fraud. It is the mission of the Shadowserver Foundation to improve the security of the Internet by raising awareness of the presence of compromised servers, malicious attackers, and the spread of malware.

This is a great resource to find out what’s happening “in the wild” and to help sell security protection to your organization. This is real stuff happening in the real world. For example, take a look at how detailed the blog entry is on the winzipices.cn SQL injection / malware attack. This gives you enough information to fight the threat and feel confident you understand it.  Well done to the Shadowserver Foundation!

Thanks for your time. Let’s be good network citizens together &
practice safe networking!

Laura Chappell has now gone viral after her “initial concern about being somewhat infectious”. She has launched the BitSpitters video series - fast answers to fast questions. The BitSpitters videos are hosted on YouTube right now - feel free to link to her BitSpitters page at www.wiresharktraining.com/bitspitters.html to always get the latest. After seeing the initial response from viewers, it seems more folks are interested in the humorous “How Do I Look Smarterest?” style so according to her recent Wireshark U newsletter she will be putting out some more ‘unique’ short videos for your viewing pleasure - and her newsletter has the following warning: “just wait until you see the ‘beach scene’ coming up! [Don’t even get that ‘bathing suit’ thought in your head!]“

In case you want more packet level and data networking education, I HIGHLY recommend her Master Library which you can purchase through WiresharkU. For a short time only, she is offering an dditional 50% off already discounted price. Coupon code: NLMAY Expiry: May 31, 2008.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

I have ordered the Datacom Singlestream SS102 Link Aggregation Tap. I placed the order last Friday. On Monday, my supplier said that it could take more than two weeks to receive this product. I was surprised by the lead time required for this device. I was first told that it could take 4 weeks for the product to ship. I am in more of a hurry than that and was about to change to a different higher-cost product to pressure the supplier to have a quicker delivery.  The conversation seemed to have worked.

My alternative choice was the Network Instruments nTap. However, it was almost a 50% premium over the Datacom solution. The link I need to monitor is not a high speed link so I really do not need the memory buffer that NI’s equipment offers. I was just willing to consider it if I could receive and implement the solution quicker.

I will let you know how the product works and any issues I encounter during implementation.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

The resources listed on this site are updated roughly quarterly. To keep current, consider subscribing to Gideon’s INFOSEC list. The lists’ primary focuses are security resources, security news, industry trends and vulnerabilities. Gideon’s list is low volume and “Distribution Only”.

This site does not accept sponsors or donations of any kind.

How many times have you encountered a situation in your organization where something needs to be done yet either IT is not able or willing to support your business related efforts. There are lots of reasons for this to happen in the business world.

One division of our business is electronics manufacturing solutions where we assemble parts designed by the customer. I recently encountered a situation where a customer has some onsite testing gear to measure QA data on devices we manufacture for them. The testing gear was not for our engineers but for the customer. According to the supporting engineer, his IT department was not interested in supporting these test devices. So, the engineer was asking my organization to support the test hosts.

Well, our side of the story now… these test devices run linux as the operating system. My IT organization typically does not support linux because our focus is on Microsoft Windows systems. So, here’s the conundrum… who supports this engineer and his manufacturing requirements? The test hosts are owned and designed by the customer, yet the hosts are at my organization’s facility.

Tough situation for sure! Right now our answer is to do our best effort in supporting this engineer and the engineer is going to talk to his in-house IT department to see if they will support his requirements. It seems to be a shame that this engineer cannot find support from his own organization. He really could use this when in the end, these test systems are there to support the quality of his organization’s product.

What are your thoughts on this situation? Does your IT organization have to support third-party systems within your facility? If so, what protections have you put into place for your organization?

Thanks for your time. Let’s be good network citizens together & practice safe networking!

What would a Dear Bill (Gates) letter website look like? Well a video documentary was produced and can be found here.  Isn’t he a charming young man? A quick Google search for “Dear Bill Gates” turned up around 452,000 hits. Lots of folks writing with some very interesting perspectives. How about an entire book written as a letter to Bill Gates? Mark Hughes did just that and you can find his book on Amazon for $16.95 (ISBN 1412014719). I wonder if writing to Mr. Gates is like writing a letter to Santa Claus. You feel excited putting words to paper but then realize that there is little chance the letter will actually be read by the intended reader.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

News Release

Gov. Perdue Signs Executive Order Strengthening Georgia’s Information Technology Security

Mar 20, 2008, News Report

Gov. Perdue today signed an executive order to protect state data by standardizing information security reporting.

“This executive order is a critical part of the larger plan I announced in December 2007 to transform the state’s technology and shore up the underpinnings we found lacking,” said Governor Sonny Perdue.  “As I stated then, technology is the foundation of a well-run, modern-day enterprise.  This action will go a long way toward addressing our security gaps and giving the state the secure IT infrastructure it requires to responsibly serve Georgia’s citizens.”

==============================================

Thanks for your time. Let’s be good network citizens together & practice safe networking!

I had to actually remove power and the battery from the laptop to get the awful racket to stop. Fortunately, the machine restarted without a glitch.

I was running the Protech ONE security ISO image (this is a nice tool for security testing and education). The VMWare Player is a great tool for running an ISO image if you want to take one for a test drive. I had tried running this same ISO image in Microsoft’s VirtualPC environment but there are issues with this particular ISO and how it handles key mapping so it was just easier to change to VMWare’s Player.

However, now my ears are ringing because of the incredibly loud beeping that my machine let loose when shutting down the guest OS. My laptop speakers are always turned to the lowest level possible so I really have no clue why shutting Protech ONE down would have created such a loud event. I guess I need to see if there is a way I can shutdown this environment without waking up my nearby neighbors in the company Tax department.

Have you ever used any application that performed odd startup or shutdown activities? What did you do to overcome those issues?

Thanks for your time. Let’s be good network citizens together & practice safe networking!