This story just made me wonder what technologies of today Shakespeare would have used in his plays.

In Hamlet, would Shakespeare have used the techniques and tools that the Ghost Hunters on Syfy use for detecting the ghost of Hamlet’s father?

In Macbeth, would the three witches have met using Cisco’s Telepresence?

Would CSI have been called in to investigate all of the deaths of King Lear’s daughters?

What technology elements or themes do you think Shakespeare would have used if he had available then what is available today?

Thanks for reading & let’s continue to be good network citizens!

There is even a video of Dr. Vinton G. Cerf, vice president and Chief Internet Evangelist for Google. He is responsible for identifying new enabling technologies and applications on the Internet and other platforms for the company. Widely known as a “Father of the Internet,” Vint is the co-designer with Robert Kahn of TCP/IP protocols and basic architecture of the Internet.

Have a great day and thanks for stopping by!

Process Monitor is an advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon, and adds an extensive list of enhancements including rich and non-destructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.

Process Monitor runs on Windows 2000 SP4 with Update Rollup 1, Windows XP SP2, Windows Server 2003 SP1, and Windows Vista as well as x64 versions of Windows XP, Windows Server 2003 SP1 and Windows Vista.

I had previously talked about the Sysinternals Live website. This update to one of the excellent tools is well worth your time in investigating. Take a look at the updated tool here. The entire Sysinternals toolset can be found here.

If you have not used these tools yet, then you are definitely missing a critical item for being successful in your IT position. Check them out… it may save your reputation some time!

LoveMyTool

There are presentations on this site like the Wireshark IO Graph for Response Time Analysis (by Ray Tompkins).This should be a great online learning experience. You will find contributors like Sake Blok, a Wireshark Core Developer and Denny K Miu of StartupforLess.org – A Survival Guide for Bootstrapping Entrepreneurs

On November 4-5, 2008 – Las Colinas, TX (near Dallas-Ft Worth airport) Laura will be holding a Troubleshooting and Security Summit.

In two full days you will walk away with more security, optimization and troubleshooting knowledge than you’d get after spending months in the field figuring this out.

Learn the best practices and most efficient tools to use to analyze wired and wireless network performance to optimize and secure network communications from Laura Chappell, Founder of Wireshark University and Protocol Analysis Institute. See the Summit 08 special pricing and group discount information below. Register today at www.chappellsummit.com.

Key points include:
* TCP Enhancements in Vista/Server 2008
* Faster File Transfers with SMBv1 vs. SMBv2
* Traffic Analysis between Virtualized Hosts
* Proven Techniques to Baseline the Network
* Latency Chokepoints
* Automatic Traffic Capture and Analysis
* Network Security and Forensics Procedures
* Key Points to Deploying Decoys
* Suspicious Traffic Signatures
* Handling Traffic Evidence

Bring Your Own Laptop (BYOL) Format
This hands-on lab-based course offers a series of demonstrations and individual hands-on labs to rapidly improve and expand your skill set. You will leave with your laptop loaded with tools, trace files and configured to improve network performance and security immediately after class.

GUEST SPEAKERS
*Gerald Combs, Creator of Wireshark – Must-Know Steps to Analyzing Virtualized Communications and the Future of Wireshark

* Tom Quilty, Cybercrime Investigator for BD Consulting and Investigation – Preparing for and Handling a Data Breach or Theft

Register Today – Seating is Limited
Register online at www.chappellsummit.com. Registration $1,295 – Early Bird $995 (ends midnight PDT Tuesday 9/30/08)

Group Discounts: Bring in two or more people from your company and receive $100 off each additional registration. Contact Brenda Czech at +1 408-378-7841 for more details.

Wireshark University Savings: Attendees receive the Wireshark University WSU03 Troubleshooting Network Communications self-paced course free with the student kits. Registered attendees also receive a 50%-off coupon on Wireshark University Self-Paced Courses.

Register today.
www.chappellsummit.com

If you go, please share some of the tips and tricks you gained with the ITKE population. Help spread the word!

Take for example the entry describing GoogleTalk. The site rates it as one of the top 5 internal threats.

The more we know about these risks the better prepared we can be. Thanks for your time. Let’s be good network citizens together & practice safe networking!

This issue has recently come to light with some of the Black Hat presentations. The actual presentation can be found here. This example actually refers to SSL VPN attacks but consider what would happen if an attacker was able to create a man-in-the-middle SSL proxy using a typosquatting domain name. For example, what if you typed https://www.mybnak.com/myaccount into your browser. The actual address should be https://www.mybank.com/myaccount. This is just a simple typographical error right? Hmmmmm… maybe not!

Consider if an attacker purchased the domain name mybnak.com. They then were able to get an SSL certificate or create a self-signed one that to an uneducated user looked ok. Have you ever seen a message like the following?

How many of you (come on, admit it now) have clicked on this or know someone who would click on this without thinking a second time? Say you did click on Yes and proceeded. The website you go to looks exactly like the one where you intended to go! This is because the address you mistyped into your browser actually goes to an SSL proxy and you just said you trusted the website. You have now fallen into the man-in-the-middle attack.

This looks like the following picture:

This attacker now takes all the traffic you send it, reads it, saves what it wants, repackages it, sends it to your intended destination and returns information back to you (keeping copies of what information is returned) without you knowing that someone is between you and your intended bank. Phishers do use a similar mechanism although a savvy consumer might actually see that the address in the address bar does not match their intended destination at all. In my example, YOU mistyped the address!

Well if this does not scare you into making sure you can type addresses or keep accurate bookmarks then read some of the following and make up your own mind:

Mozilla SSL Policy Considered Bad for the Web

SSL VPN might not be as secure as you think

Black Hat 2008 Aftermath

But, on the other side of this argument consider this story about how a MITM attack saved Columbian hostages.

The internet is not a place to be ignorant about your surroundings. Users must be vigilent and savvy about its use. Maybe there should be internet driver testing and licences?

Thanks for your time. Let’s be good network citizens together & practice safe networking!

What I am referring to is the situation described in this article by David Jonas of The Transnational: Airport Laptop Seizures Debated in Washington. I know that I should have nothing to worry about if I do nothing wrong like any law abiding citizen of the world. However, what about the risk to an organization’s intellectual property?

Look at the comment …the laptop seizure policy is not analogous to physical searches of persons and belongings at airports: “Not only does the government get access to an unprecedented wealth of material with a laptop border search, but the government now has the ability to copy, store and analyze that information at its leisure. In traditional border searches, travelers carried their suitcases with them once they cleared customs. With laptop border searches, the government can keep everything in the computer in perpetuity.” So, who is responsible for the data once it is out of the traveller’s hands? What is the care & duty of the government with regards to a company’s intellectual capital?

This issue seems like a bureaucratic (and maybe totalitarian leaning – think “Big Brother”) nightmare! Who would be considered the appropriate person to review the data on a device? What is their liability if the device or data is damaged during their review?

I know I don’t have an easy answer to these nagging questions and it will take much better minds and skills than mine to work through the protection and liability issues for an organization. What mechanisms do you use to protect equipment and data during travel? Maybe this situation is a boon to shipping organizations. More people may be shipping their gear ahead of them when travelling across the border or use equipment at a remote site and transfer data across a network.

This situation is definitely one to watch and be concerned about as world citizens.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

Thanks for your time. Let’s be good network citizens together & practice safe networking!

Some ways to measure risk include:

How valuable is the asset?
How much of a threat exists?
What is the impact if the system/service is exploited?
Is the vulnerability rated high/medium/low?
Can the risk be reduced?
How easily can it be reduced considering costs, technology, staffing & skills?
What is the probability of the vulnerability being exploited?

You are asking yourself:
What are you protecting?
What can happen to it? – How can it happen?
What does it mean to the business?
How can the risk be reduced?
How likely is it to happen given the existing conditions?

Risk assessment goal: identify & prioritize risks.
Risk management goal: manage risks to an acceptable level. This can be done by:

• Mitigate: select controls; implement; monitor
• Transfer: purchase insurance
• Accept: do nothing
• Avoid: discontinue activity

Thanks for your time. Let’s be good network citizens together & practice safe networking!