Srcasm

When it comes to keeping your office/computer/network secure, it can be a confusing time. How much security is too much security? How do I even tell if my system(s) is/are secure? Am I really in that bad of shape if I don’t improve the security in my environment? These are all questions that get asked in the beginning of a security audit. I hope to cover a few of these basic questions in this blog post. Don’t worry, I’ll make sure I’ll try to keep it shorter than the last one.

1. How much security is too much security?
I know that this sounds like a silly question to ask — I mean is there such a thing as too much security? Of course there is. Unfortunately there is not clear-cut answer to this question but I have a guideline that I like to follow. Since I come from a security background I always ask myself, before implementing a new policy, product or system, “Would that degrade from my normal, everyday work performance?” It’s a simple question to ask yourself (or poll the audience if you have a life line or two left) but it’s powerful and important. At the end of the day, unless you own a company that sells “security” (which I hope none of you claim to be) then your first priority has to be your business. At Southco, we sell latches and fasteners. While installing card readers and fingerprint scanners at every door would greatly increase security, it would also degrade from the speed at which we could discuss, engineer and manufacture the parts that we sell. This would cause a greater impact to the business than it’s worth to us.

2. How do I tell if my system(s) is/are secure?
There is a lot of technology out there today to help you check your system(s) for security holes. I’ll list a few below that are helpful in a small to mid-sized environment. This list is by no means exhaustive and if you have favorite tools for checking these types of things, please let me know.

• Trend Micro’s HouseCall - HouseCall is an outstanding, free, online virus scanner. It scans not only the file system but also at a memory level which puts it up there with the big boys like McAfee and Norton.
• Spybot Search and Destroy - S&D is one of the best adware/malware removal tools on the planet. I use this in both commercial and personal environments in order to keep my machines clean from any type of malware that I might pick up online.
• The Center for Internet Security Benchmarks and Tools - The tools provided for free from CI Security are outstanding. They work over a range of operating systems and they spit out nice, clean HTML reports that tell you exactly what you’re missing on your machine. The only downside to their tools are that sometimes they are a bit over-critical. As I explained above, you don’t need to implement every security option out there, just protect yourself.
• Tenable Network Security’s Nessus - Nessus is my number one security auditing tool. It scans over 900 different security vulnerabilities over a range of systems. It checks on ports as well and issues with the OS that’s installed. It’s quick and complete. (One word of warning, if not setup properly, Nessus can bring your network to its knees. Please learn how to use Nessus before unleashing it on your organization.)

3. Am I really in that bad of shape if I don’t improve the security of my environment?
The short answer is Yes. I know this sounds harsh as I told you above that you don’t need to implement new tools if they don’t make sense but remember, the first part to hardening your security is understanding where you’re insecure. No, I’m not talking about your figure or your weight — but rather the issues that are in your network or system(s) should not be found out when they are compromised, you should know what they are now and deal with them over time.

I hope this gave you a bit more insight on how to secure your environment. Remember that a professional security audit is always a great option as not only do you get people who specifically deal with security everyday but you also get a third party view. This is important in any organization. It’s easy to miss a problem that’s sitting right in front of you because you’re used to seeing it… Oh, that reminds me — A final security tip: Make sure you setup your desktop to auto-lock. It’s a simple and fast way of securing your information, your machine and your organization.

Helpful Informational Links:

• SecurityFocus - Conducting a Security Audit
• IT Security - Security Audits for Dummies
• Virtual Hosting Blog - Can Your Machine Be Hacked?

So, it was a grueling trial for us with the two vendors that we decided to look at, Riverbed with their Steelhead appliances and Juniper with their WXC boxes.  But we are finished.  If you want to cheat, you can skip to the end of this blog post and find out who we decided to go with — if you don’t know already — or you can read through all of the “junk” that I have to say about each product and what it had to offer us and you.

Juniper - The trouble child of the group…
I’ll begin with the Juniper box.  The WXC appliance and I got started on the wrong foot.  We decided to try to use their multi-pathing feature and our network design simply would not support it without a lot of work.  We spent days trying to figure out a way to connect the two routers and two VPN concentrators behind the box (on the WAN side) for redundant pathing with no luck.  We decided to go ahead without this test and figured that we would look into it later.

After we got over this hurdle, the WXC was simple to setup.  It provided us great value-add features such as QOS and reporting that was exactly what we needed.  The downside to the setup of the Juniper was that we had to specify subnets that were in front of the box (on the LAN side) and then also choose who we wanted to accelerate traffic with.  This would be great in some environments and control is key but in a meshed environment like we are moving to (MPLS), this was a headache.  Figuring out which subnets sat where and making sure that we didn’t miss any was a pain.   Other than these few issues that I ran into, the WXC was a great box.  It seemed to work well and saved us quite a bit of bandwidth of the trial.  Below is a screen capture of the numbers that we saved.  I was pleasantly impressed with this solution.

Riverbed - It was love at first site, sort of…
Riverbed was my choice from the beginning.  All of the reports that I had read and studies that I had gone over said that Riverbed was the solution for us.  Gartner puts them at the top-right of their 4-square rating system which was great for us.  During the sales pitch, Riverbed came out and showed us an in-house demo of the system.  They give you a stop watch and let you time the transfers and wait for your amazed look on your face and a blank check in hand.  We didn’t really have either since we knew what we were getting into.  We decided to delve deeper into this product and to bring a demo in line in a few of our sites.  We loaded up the gear, two for Corporate, one for Worcester, UK and one for Honoeye Falls, NY and set out on our journey.

After the setup of the first Riverbed box took a mere 7 minutes to boot up, configure and reboot to save the configuration changes and make sure it was running properly, I was impressed.  There were no tunnels to setup, no subnets to configure and when placed in line there was almost no downtime involved.  The beautiful part of this setup came when the UK put their box in line a few days later.  Since they’re 5 hours ahead of us here on the east coast, they put theirs in line about 0700 on a Thursday morning.  That was 0200 here on the east coast.  For the next 5 hours, they had no idea but they were compressing data, acceleration traffic and making their users lives easier.  When I came into the office, I got a call saying that the WAN had mysteriously improved exponentially.  I examined the setup and realized that not only had they put the box in line but they had booted it up.  This was great news — since it worked well — but it could have been a disaster.  Lucky for us, the Steelheads are smart enough to understand when a box is at the opposing end and they simply “make a connection”.  Below is a screen shot from the Riverbed demo showing just how well it was doing during its short life at Southco.

If you haven’t yet, you can read through the previous posts on the blog about our trials throughout this product selection process but we made our decision.  And, drum roll please…  If you didn’t figure it out by now, we decided on the Riverbed solution.  The pricing came out similar in both cases and Riverbed had an additional offering, the mobile client.  I don’t know if anyone understands how excited I am for the mobile client but I feel that it will make our users lives 100 times better while working remotely.  I have seen the client in action, I tested it out myself, and it is just as good as purchasing a $6000 appliance but it runs hidden on a computer and “just works”.

That’s all for this trial and decision.  Feel free to contact me with any questions or comments you might have and I’d be happy to give you a hand with any information you might need to better your WAN environment at your organization.

I came across an interesting request recently in my company. Someone in marketing asked me why they couldn’t send an 80 MB file via email to an outside company. After I was done laughing — as they had attempted to do this 5 times already — I set out to figure out the best way to get the file from us to them. It turns out I had a few options:

FTP
SFTP
HTTP/HTTPS file transfer solution
CD/DVD and the US postal service

Well a couple of these solutions were out of the question. FTP and HTTP are un-secure. Security should be something that ever company looks at today. Every day, no matter what type of industry you’re in, people try to break in to your systems and take information that isn’t theirs. Why make this easier for them? CDs and DVDs were also out of the question since we all know that our users want things NOW, not overnight or two-day express. This left me with SFTP and HTTPS file transfer solutions.

I decided to tackle SFTP first. I looked at two products that allowed SFTP transfers. First was JSCAPE Secure FTP Server software. JSCAPE’s software worked very well. The setup was simple and the features were numerous. It allowed remote administration, virtual file structures, HIPPA compliance, integrated web file transfers, and LDAP integration among other things. All of these were important features for us and for many of the companies out there that would use this technology. JSCAPE however had two hard things to overcome. One, it was expensive. The enterprise edition cost $5999 per server. This meant that not only did we have to spend almost $6000 for the software but we still needed to purchase a server and maintain the OS that was on it.

In the SFTP realm, I looked at GlobalSCAPE’s Secure FTP Server for Windows. GlobalSCAPE’s solution was within our price range and offered a wealth of features that we were interested in as well. The price of their solution was $690/server but required and additional $2294 for an integrated web file transfer piece and $2294 for an audit and reporting module. Both of these were important features to us as well. The software itself ran on top of another server which would need to run on Windows and would require us to maintain this server as well. While both of these solutions were viable, I decided to look into the HTTP/HTTPS file transfer solutions that were out there.

Lucky for me there were two very good options offered that I looked into. First was the SecureTransport solution by Tumbleweed Communications. This product was robust and offered numerous ways to allow connection to the appliance. It could be done via a client from Tumbleweed or SFTP, HTTPS or SSH. These were all great features but the manageability of the software was not as simple as the second option that we looked at and eventually settled on.

Accellion creates an all-in-one appliance that could provide everything that we needed and provided it with a web interface that was as close to sending an email as we could get. The users can authenticate via the web or directly in their Lotus Notes or Exchange clients and then write an email, attach files and send them on their way. The appliance would upload, virus scan, encrypt and deliver without any intervention from the user at our end or the receiving end. It automatically creates accounts for new users who need them and we got away from running just another server with a Microsoft OS loaded on them. This helped out IT department manage the things that we needed to manage. The box automatically updates itself, and keeps itself clean by automatically removing accounts and files when they are not in use and provides reports to myself and other administrators on its use. For Southco, this was the direction to go.

That’s all for now. I’ve been ill the past few days so I haven’t been writing much but hopefully this week, I’ll get back into the swing of things.

ALSO SEE: Southco Selects Accellion for Secure Transfer of Large Files

So one of the worst things for anyone who uses a computer, especially someone whos job revoles around the computer, is a catostrphic loss of data — namely a hard drive failure.  These failures come in all shapes and sizes.  Sometimes it’s as simple as some bad sectors and other times it can be bent discs or heads in the drives.  Well, this happened to me two days ago.  Lucky for me, it was my secondary laptop and I keep backups of most of my data.  Unfortunately for me, the last backup I had was from about 2 months ago.  A lot happens on my computer over the span of two months.  This is where data recovery software comes in.

It all began two years ago when a user came to me and told me that their hard drive crashed.  I was shocked to find that they had heard a clicking sound for about 3 months before the computer just “wouldn’t start” anymore.  This user was someone with a lot of pull in the company and contrary to our company policy — keep all the data on the network drive — they had all of their’s on the hard drive.  I had no option but to somehow recover this data.  I was ready to send it out to one of the big guys like DriveSavers who were going to charge me around $2000 plus another $250 to “give” me a hard drive with it.  But unfortuately it was the way that things had to be… Or so I thought.

Now before I get into the tools that I used to get this data back, I don’t want to downplay the use of a commercial data recovery specialist.  Someone like DriveSavers or OnTrack have a time and place.  They are very helpful when Joe from accounting walks over with the hard drive that was dropped in the lake, lit on fire and then run over by the four-wheeler but we are talking about a drive that just make some “small clicking sounds” as my user had put it.  And that’s where RecoverMyFiles came in.

I began the process by trying to connect the drive to my machine and booting into my copy of Windows.  Unfortuantely for me, chkdisk was no help as the machine was not even recognizing the drive.  After this, I booted into a copy of Ubuntu and attempted to see if Linux would be a bit more helpful in locating the drive.  This whole time, the drive was showing up in the BIOS, just not in the OS itself.  No luck on that occasion.  Finally after a bit of search and playing with different utilities online, I came across RecoverMyFiles.  The program offered a free demo copy so I downloaded and installed in on my machine.  The program showed me a quick wizard to recover the drive or a large group of files and after a few no-brainer choices, it was on its way.  10 minutes rolled by and 40GB of data showed up in a folder on my desktop as if the drive had never even stopped.  I was in shock.  There was no problem with the drive not showing up in Windows or the fact that I couldn’t even run chkdisk on it.  It just seemed to work.  This one even caused me to immediately purchase a copy of this program.  And that leads me two years down the line to the other day…

I popped open the RecoverMyFiles software, connected the dead hard drive from my laptop and pulled down 66GB of data that was on my drive.  There was one folder that it was unable to recover but that was alright with me.  It saved me a lot of time and energy that could now be spent on more important things — like posting this entry.  This post has two morals to it, lucky you!

Number 1 - When your drive seems like it might be going (since you always run disk checking utilities and disk defragmentation weekly like a good computer savvy person), back it up and get a new one; and

Number 2 - Keep a copy of good data recovery software on hand as you’ll never know when it might come in real handy.

The Riverbed Experience - Week 1
Within the first day we, as well as our users, noticed a huge difference in WAN speed.  The users were saying that they had never seen such a fast connection back to Corporate and we were seeing upwards of 4-5 times WAN data reduction.  Since I haven’t talked about the technical workings of the Steelhead appliance yet, this seems like a great time to go over it.  The Steelhead offers three types of acceleration.  Data reduction, TCP acceleration and application acceleration.   Data reduction is the process of breaking down traffic to the bit level and caching it either on the box on a hard drive or in RAM.  This allows the device to send traffic over the WAN link with tags instead of whole data.  Second, the TCP acceleration portion helps to overcome the window sizing issues that I spoke of above.  It changes the way that TCP talks by tunneling the traffic over the WAN link.  Finally, the application acceleration piece is what Riverbed has in the bag.  It understands how applications such as MAPI, HTTP, HTTPS, and CIFS work among other protocols and accelerates these applications by sending data across that it knows that it will need.  This of it as a “type-ahead” sort of feature that you have on your cell phone.  As soon as you start to open an email, it might pre-send the commands necessary to reply to that email just in case you might want to in the near future and if you don’t it’s still compressing and accelerating the other data.

The Steelhead did an amazing job in our tests so far.  It helped the VOIP traffic a bit by not starving the line of so much bandwidth and it was able to send our Lotus Notes and CIFS traffic across the pipe at an amazing rate.  This was a sure winner in our book at this point and we knew our users and statistics would agree.

Juniper In Action - Week 1
The Juniper box works in much the same way as the Riverbed appliance.  It was able to accelerate data by using three different levels of acceleration.  It would compress data, it would accelerate TCP and it would do application acceleration.  The one thing that Juniper had over the Steelhead in the actual data it could handle was that it could work with UDP data as well.  This could be very helpful for companies that do a lot of video or voice traffic over their WAN.  We found it cause a larger headache for us though because we had not gone through the QOS setups on the devices.

The WXC worked very well though.  It gave us about the same increase in bandwidth as the Riverbed appliance and it provided an interesting additional feature.  Juniper calls it multipathing.  The idea with a multipath setup is that you can use multiple connections (such as a primary WAN connection and a DSL backup connection) to send data to the remote end at the same time.  This did not need any routing changes as it would simply tunnel the data over each connection.  This could help if you needed additional bandwidth or if you’d like to send your less important data down a different pipe (think backup data or email).  This feature does come with a price as it now causes you to create two tunnels or more to each location that you are connecting to but if additional bandwidth is important, this is a large win for Juniper.

Overall so far, both boxes have performed as we expected and in some cases even better than expected.  The setup of the Riverbed box was still simpler but the Juniper box had a nice feature that we felt would help Southco.  Well, enough for this post.  Next time I’ll go into our conclusion on this project.  Stay tuned.