IT education

Sep 3 2008   7:28PM GMT

Did you see (listen to) this? - Podcast on preventing spam

Posted by: Troy Tate
anti-virus, awareness, Data security, howto, DataManagement, spam, Security, Policy, reporting, risk, podcast, administration, IT education, Exchange, email, internet, metrics, Performance, tools

An audio podcast on how SPAM is generated along with an examination on the frameworks and technologies that help manage and reduce SPAM.

This may be a great tutorial for you and/or your users.

CERTStation Media - Spam-Prevent.mp3

I just ran my monthly e-mail statistics and these are the results:

97,000 msgs/day inbound

8,800 msgs/day delivered to end users - 9%

22,200 msgs/day quarantined as spam - 23%

66,000 msgs/day blocked as spam - 67%

This month had higher than normal quarantine activity. Quarantine has been running about 15% and blocking around 75%.  How does your mail stack up?

Thanks for your time. Let’s be good network citizens together & practice safe networking!

Aug 22 2008   3:46PM GMT

Trolls on ITKE - I think not!

Posted by: Troy Tate
administration, awareness, blog, design, intellectual property, CIO, IT education, Networking, internet, Security, online identity, reporting, risk, web, website, www

Here’s an interesting blog entry I came across this week. I have great respect for John Postel mentioned in the article. He contributed immensely to the design of the protocols on which we depend on for data networks. I really like his Robustness Principle. “Be conservative in what you do, be liberal in what you accept from others.”  This is a good statement for life but can be a challenge to address in the IT world. The article and follow-up postings have a lot of nuggets of great thought. Maybe add your thoughts to Mr Schwartz’s post or add some thoughts below here.

Have you had to deal with a troll? What were your challenges and how did it end up? What are your suggestions for handling this global issue?

It is quite amazing if you take a minute to think about it how the global internet provides a whole new environment for crime and abuse. There is no single legal body that can deal with this environment. There are no borders (although countries like China try to control what information crosses theirs).

I do want to commend ITKE for seeming to keeping the trolls away from this useful internet resource. I know it is a challenging job but the TechTarget folks are doing a great job! Let’s thank them for all their hard work by keeping up the knowledge sharing.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

Aug 21 2008   8:08PM GMT

IT Equipment search & seizure at the US borders

Posted by: Troy Tate
intellectual property, data loss, government, administration, awareness, blog, Data security, design, CIO, IT education, DataManagement, Mobile, Networking, internet, WAN, Security, forensics, Monitoring, Policy, online identity, policy enforcement, reporting, research, risk

I have recently been hearing some rumblings about this issue. I work for a firm with international locations and have travelled out of the country myself. So, this is a personal issue.

What I am referring to is the situation described in this article by David Jonas of The Transnational: Airport Laptop Seizures Debated in Washington. I know that I should have nothing to worry about if I do nothing wrong like any law abiding citizen of the world. However, what about the risk to an organization’s intellectual property?

Look at the comment …the laptop seizure policy is not analogous to physical searches of persons and belongings at airports: “Not only does the government get access to an unprecedented wealth of material with a laptop border search, but the government now has the ability to copy, store and analyze that information at its leisure. In traditional border searches, travelers carried their suitcases with them once they cleared customs. With laptop border searches, the government can keep everything in the computer in perpetuity.” So, who is responsible for the data once it is out of the traveller’s hands? What is the care & duty of the government with regards to a company’s intellectual capital?

This issue seems like a bureaucratic (and maybe totalitarian leaning - think “Big Brother”) nightmare! Who would be considered the appropriate person to review the data on a device? What is their liability if the device or data is damaged during their review?

I know I don’t have an easy answer to these nagging questions and it will take much better minds and skills than mine to work through the protection and liability issues for an organization. What mechanisms do you use to protect equipment and data during travel? Maybe this situation is a boon to shipping organizations. More people may be shipping their gear ahead of them when travelling across the border or use equipment at a remote site and transfer data across a network.

This situation is definitely one to watch and be concerned about as world citizens.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

Aug 18 2008   7:24PM GMT

Did you see this? - Online tools/tutorials - RingOfSaturn

Posted by: Troy Tate
administration, awareness, design, diagnostics, howto, IT education, DataCenter, DataManagement, troubleshooting, Networking, internet, LAN, network analysis, WAN, wireshark, Security, malware, Monitoring, Storage, VoIP, metrics, online identity, packet capture, Performance, reporting, research, risk, tools, web, website, www

Ok, I admit it. I’m a network tool junkie. I constantly look for neat tools to perform tasks in the easiest manner possible and give me reliable information. This website from RingofSaturn.com is definitely one of the cooler online tool websites. Check out the browser sniffer tool if you are curious about what information your browser gives up while surfing the web. You might be surprised!

Check out the TCP/IP tutorial. It’s a quick easy read that you can share with those you are trying to explain how a network works.

Checkout this website. I guarantee that if networks are in your blood, you will find something of interest here.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

Aug 14 2008   2:58AM GMT

Managing risk & vulnerability

Posted by: Troy Tate
administration, awareness, Data security, design, CIO, IT education, DataCenter, DataManagement, Security, antivirus, forensics, honeypot, malware, Monitoring, Policy, policy enforcement, vulnerability, risk

Jotting some quick thoughts here after answering a user post. Thought I would place the same information here for all to see. This list is by no means complete and your thoughts are always welcome.

Some ways to measure risk include:

How valuable is the asset?
How much of a threat exists?
What is the impact if the system/service is exploited?
Is the vulnerability rated high/medium/low?
Can the risk be reduced?
How easily can it be reduced considering costs, technology, staffing & skills?
What is the probability of the vulnerability being exploited?

You are asking yourself:
What are you protecting?
What can happen to it? - How can it happen?
What does it mean to the business?
How can the risk be reduced?
How likely is it to happen given the existing conditions?

Risk assessment goal: identify & prioritize risks.
Risk management goal: manage risks to an acceptable level. This can be done by:

• Mitigate: select controls; implement; monitor
• Transfer: purchase insurance
• Accept: do nothing
• Avoid: discontinue activity

Thanks for your time. Let’s be good network citizens together & practice safe networking!

Jul 8 2008   5:12PM GMT

Browser warnings - Danger Will Robinson! - or did it just cry “Wolf!”?

Posted by: Troy Tate
Data security, Google, Firefox, anti-virus, awareness, botnet, honeynet, IT education, Development, Security, antivirus, forensics, honeypot, malware, Policy, metrics, online identity, policy enforcement, reporting, web, website, www

I sometimes browse the internet using Firefox. I say sometimes because Internet Explorer is the standard browser at my company and Firefox is not supported by IT. Well, since I work in IT, sometimes you have to test things on behalf of users and also to see how certain sites are different depending on the client browser.

Well, I recently upgraded Firefox to v3. It does seem much better than v2 although some of my useful addins are now broken (when will YSlow get fixed for v3?). One of the new features of Firefox v3 is the ability to report to the user if the visited website is a known potential malware site. This is a good feature! It provides the user with some useful information and education about the dangers on the internet. However, how accurate is this feature? What if you are visiting a trusted website that you frequently visit and now get this message?

For your information, this is the message that you will see when you attempt to visit a site deemed as risky.

Reported Attack Site!

This web site at certification.xxxxxxx.org has been reported as an attack site and has been blocked based on your security preferences.

Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.

Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.

I blanked out the actual website address above. However, those of you with a bit of detective in you are likely going to figure it out.

What is interesting about this particular warning message is that it is referring to a website that has security as a guiding principle. When you see this message in Firefox, you have three options presented:

• Get me out of here!
• Why was this site blocked?
• Ignore this warning - in very tiny print at bottom of message.

I was curious as to why this site would be considered as a danger. I clicked on the Why was this site blocked? option. The report I received was interesting and as I mentioned earlier, could this be an example of someone crying “Wolf!”?

The report was as follows:

What is the current listing status for certification.xxxxxxx.org/?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 6 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 07/06/2008, and the last time suspicious content was found on this site was on 07/06/2008.

Malicious software includes 1 scripting exploit(s). Successful infection resulted in an average of 3 new processes on the target machine.

Malicious software is hosted on 3 domain(s), including lokriet.com, clrbbd.com, catdbw.mobi.

1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including catdbw.mobi.

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, certification.xxxxxxx.org/ did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

• Return to the previous page.
• If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google’s Webmaster Help Center.

This is great educational stuff, but did it really happen to this particular website? I don’t know, but apparently Google does. With the report of just one incident, does it make this site really worth the notification? How many incidents should it take before a site is considered malicious and who determines what malicious is?

Just something else to mull over in your copious time as you go perusing websites in Firefox.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

Jun 18 2008   5:26PM GMT

Did you see this? - Infosecurity Magazine RSS feed

Posted by: Troy Tate
anti-virus, awareness, botnet, Data security, DataCenter, Networking, IT education, Security, antivirus, CA, digital signatures, forensics, honeypot, malware, Monitoring, Policy, SSL, metrics, policy enforcement, reporting, RSS, research, tools, web, website, www

Infosecurity Magazine has a very good RSS feed to keep yourself up to date on events/issues and technologies. Check it out!

Jun 17 2008   2:05PM GMT

Did you see this? - Online e-book library

Posted by: Troy Tate
administration, awareness, howto, CIO, Database, DataCenter, DataManagement, Development, Exchange, Linux, Microsoft Windows, Mobile, Networking, IT education, LAN, network analysis, WAN, Oracle, SAP, Security, SQL Server, Storage, Virtualization, metrics, Performance, research, web, website

Check out this digital online library for IT professionals. Bet you can’t read just one!

Thanks for your time. Let’s be good network citizens together & practice safe networking!

May 31 2008   2:28AM GMT

Did you see this? - Noticebored - Infosec Awareness Education

Posted by: Troy Tate
anti-virus, awareness, botnet, Data security, honeynet, humor, blogging, IT education, Security, antivirus, forensics, honeypot, malware, Monitoring, Policy, metrics, online identity, policy enforcement, research, wiki

Noticebored is a great resource for information security awareness. The blogs are timely and cover a great spectrum of topics with regards to this important topic.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

May 23 2008   7:58PM GMT

Did you see this? - Security Primer for the non-technical

Posted by: Troy Tate
awareness, IT education, anti-virus, botnet, Data security, Security, antivirus, malware, Monitoring, Policy, online identity, policy enforcement, tools

This is a shout-out to fellow blogger Martin McKeay. His Security Primer for the non-technical is a blog worth sharing with friends, family and co-workers. Hence, I am sharing this with you today.

His first paragraph is a simple read and leads to a lot of valuable information.

The Internet is a dangerous place. When your (sic) connected to it, you need to make sure to protect yourself from it. Right now there are several very active worms out there, crippling systems around the world. Here are some basic steps you can take to protect yourself from the Internet.

Thanks for your time. Let’s be good network citizens together & practice safe networking!