Thursday, January 31, 2008

Phil Dunkelberger on encryption

A necessity for any company, to protect its confidential data
clipped from

Security perimeter? What security perimeter?

One of the questions I'm frequently asked is, "If perimeter-based data security strategies are breaking down, why aren't more companies using encryption to protect their confidential information?"

Although I'm not sure I agree completely with the question's premise, I believe what we're seeing has less to do with the role encryption will play protecting confidential information than the rate at which enterprises can really upgrade their core information infrastructure.
complete article

blog it

The law of contracting electronically

A clear and concise summary. One thing it does not mention is the "real" electronic signature, that is, using encryption keys. It seems to be valid without it, but possibly subject to more dispute.

The Law of Contracting Electronically

Is your agreement through e-mail legally binding? Find out what kind of online communication constitutes a legal contract.

The Uniform Act applies to transactions involving business, commercial and government affairs. Each transaction must culminate in an electronic record and an electronic signature.

 blog it

Tuesday, January 29, 2008

New data security breaches come in fours

All of these breaches could have been prevented with a security audit and appropriate measures resulting from it.

January 29, 2008 (Computerworld)
What do Fallon Community Health Plan, Pennsylvania State University, OmniAmerican Bank and T. Rowe Price Group Inc. all have in common?

Each of them recently joined the seemingly never-ending parade of organizations that have disclosed security breaches resulting in the potential compromise of personal data.

Leading the pack in terms of the number of data records known to be involved was T. Rowe Price. Two weeks ago, the Baltimore-based investment management firm's retirement plan services group began notifying about 35,000 current and former participants in "several hundred" plans that their names and Social Security numbers might have been compromised, a company spokesman confirmed today.

 blog it

Using sFlow for Network Forensics

clipped from

In a previous post I gave a rundown of various software tools for collecting NetFlow data for use in network security incident response. NetFlow is pervasive in routers but another technology, sFlow, is nearly as prevalent in routers and can be collected from switches — an arena that NetFlow does not play in very much as of yet. sFlow is a packet sampling technology and can provide a depth of network visibility — a key component of network forensic and incident response — even beyond what NetFlow can offer. For more information on sFlow check out

 blog it

Friday, January 25, 2008

Deliver a Presentation like Steve Jobs

Carmine Gallo breaks down Jobs's techniques into 10-part framework. To summarize,
  1. Set the theme.
  2. Demonstrate enthusiasm.
  3. Provide an outline.
  4. Make numbers meaningful.
  5. Try for an unforgettable moment.
  6. Create visual slides.
  7. Give 'em a show.
  8. Don't sweat the small stuff.
  9. Sell the benefit.
  10. Rehearse, rehearse, rehearse.
Definitely worth reading, right here!

Wednesday, January 23, 2008

Keeping user data private

This too has appeared in EDD Blog Online, and I believe that even if lawyers do not need it, then their clients surely do.
I'm an IT administrator at a community college and am gearing up for the New Year. Many students have their social security numbers on file and also use their credit cards to pay for classes online. What approaches should I make to ensure others can't take this data and use it as their own?
My answer won't be the cure-all solution, but I am providing you with some tips that will assist you in working towards your goal.
Some of the basics you want to cover include, but are not limited to, the following:
* Using Intrusion detection/monitoring for critical applications
* Encrypting the sensitive data
* Using secure firewall(s) and current configurations
* Knowing where the sensitive data resides
* Using a DMZ to protect the internal network from the external network
* Using strong authentication on equipment
* Using virus checking with current updates
* Limiting access to the data (access management)
 blog it

Three tips for print security

This has appeared in EDD Blog Online; the assumption is that it is important for law firms.
Despite the vital role that networked printing and imaging resources play in the processes and workflows of many organisations, the imaging and printing infrastructure is often an overlooked security vulnerability. In today's office, multifunction peripherals (MFPs) can print, copy, scan to network destinations, send email attachments and handle incoming and outgoing fax transmissions. As such, MFPs have evolved to become an efficient and cost effective method of document distribution and storage and an integral part of the IT infrastructure. However, it is this network connectivity, along with hard disk and memory storage, that means that MFPs are susceptible to the same security risks as PCs and servers.
 blog it

Thursday, January 10, 2008

The Face of Cybercrime

Thanks to Jeremiah Grossman for pointing out this upcoming documentary.

Wednesday, January 9, 2008

Speaking about security

On 11/27/2007 I spoke to Greenspoint Mall Business Club members. The topic was "Computer and Network Security Simplified". This is one of the presentation topics of Top8.
The audience got into it with zest and asked a number of great questions. They even proposed answers to their question; all I had to do was listen and smile.

Evaluating Your Computer Forensic Vendor

Finding the right forensic specialist for your business isn't easy. You need an investigative response team that understands applicable federal and state laws as well as the regulatory and cultural landscape of your industry.

These recommendations, courtesy of Verizon's Stan Kang, can help your business move through the critical selection process...

Thursday, January 3, 2008

Hacking exercise

I think that every hacker should be able to go through this exercise, so readers please test yourself
clipped from
A Microsoft executive calls the ease with which two British e-crime specialists managed to hack into a Windows XP computer as both "enlightening and frightening."

The demonstration took place Monday at an event sponsored by Get Safe Online--a joint initiative of the U.K. government and industry. At the event, which was aimed at heightening security awareness among small businesses, two members of the U.K. government intelligence group Serious Organized Crime Agency connected a machine running Windows XP with Service Pack 1 to an unsecured wireless network. The machine was running no antivirus, firewall, or anti-spyware software and contained a sample target file of passwords to be stolen.

 blog it