Srcasm

Many of us in the IT field find it very difficult to actually “go away” on vacation.  Whether we’re connected by beepers, EDGE/EVDO wireless cards, PDAs or any other type of neural connection to the mainframe, we’re always at the beck and call of the computers — I mean users.  It’s the time of year again when I take my annual trip to Florida.  This year it’s to see the grandparents (who no longer travel) and to visit the Florida Keys.  I always enjoy traveling to the warm weather this time of year even if it was 66°F yesterday in Philadelphia.

The only downside is a lack of connectivity to the outside world.  I know what most of you will tell me, “Disconnect, unplug, turn it off!”  Well, that’s easier said than done.  Being in a global company without a very large global IT staff means that I’m on call almost all the time.  Whether they call about a line down, a network break in or a simple “this system isn’t running properly”, I’m on call.  Work wouldn’t say that I was on call as I won’t have the pager that week (note: I don’t carry a beeper, I forward it to my cell phone) but I will be.  I’ll have with me my Blackberry 8820 (which I can’t go anywhere without), my HP/Compaq 2510p laptop and a wireless EDGE aircard from AT&T.  This should be enough to keep me connected, especially if I find a wifi signal near where I’ll be staying.  In between swimming with the dolphins, going snorkling on the reef and tanning/studying on the beach, I’ll check up online and see where everything is at.  A quick VPN login and browse of the systems will make me feel much better…  And I know my girlfriend will love for me to do it as well.

I ask you — How do you disconnect?  Do you cut it out cold turkey on vacation?  Do you sneak-a-peek at your email, check up on work or throw a couple Tweets out while lounging on the beach?  I know I’ll try to stay off line but it never seems to work for me.

I recently sat in a meeting to discuss our company’s laptop security practices. Now, we aren’t a publicly traded company but we should be protecting out data to the best of our abilities without impacting the user too much. There we many topics discussed in this meeting — everything from encryption of the HDs to using encrypted thumb drives to CMOS passwords/HD passwords via the CMOS. It was a fun time and explaining why certain processes would be helpful and others wouldn’t was quite a challenge.

I think we finally came to the realization that encrypting all of our hard drives was not going to be a viable option. The major issue we face is we have too many older laptops that do not offer hardware encryption on the drives. Software encryption is an option but in my experience it’s a slow and painful process that usually requires some work on the user’s end to make it function properly. Continue reading »

It’s that time of year again. The snow is starting to fall here in the Philadelphia area, it’s getting colder out each day and the wind chill is near unbearable. We all bundle up inside of our cozy offices, homes, and cars and brave the next couple of months. While you’re just chillin’ out waiting for the cold to pass, why don’t you start a list of things that you need to complete over the winter time? These few months are the best months to get things done inside since you really don’t want to get out there and shovel the walkway anyway.

I know that I started mine early — and not just in my personal life either. Here are just a few of the security projects that I’ll be looking at in the coming year. Go ahead, use these as a guideline to start to create your company’s security wishlist.

1. Network Access Control
   • This is something that I’ve been looking into here at Southco for quite a while. Something like Cisco’s NAC or FreeNAC (a free network access control system built on Linux) software would do just fine. Anything to help keep the bad guys off your network. I know that for me, I can’t be everywhere at once so I need something else that can help me figure out who’s placing unknown or unprotected devices onto my network.
2. Firewalls
   • It’s never too late to start looking at protecting your network from the outside. Keeping unwanted users and computers outside of your network out is one of the first lines of defense to any network. I look at too many networks that simply use a router without any logging or access control lists to keep people out. Also note: Make sure that you know what you’re doing before building your NAT tables and ACLs on your devices so that you don’t interrupt business too much — the C-level people usually aren’t too keen to that sort of thing.
   • Some products to look at are: Cisco’s ASAs, Juniper’s firewalls, IPCop (a free, open-source firewall)
3. Security management software
   • Nothing gets to me more than a messy security configuration — alright, dirty dishes and overflowing trash are bad too but you get the point. But second to the dirt and grime of everyday life, a security configuration on a firewall or VPN appliance that isn’t kept clean can’t make for a horrible time when it finally fails. Take for instance a firewall with 60 rules that are in no particular order, have no descriptions and are not backed up. When that firewall dies one day, you will have one hell of a time building a new one to fit your company’s business. Make sure you keep up with the access controls that you have in your organization with tools like Kiwi CatTools or if you’re a Cisco shop, Cisco’s CSM.
4. Antivirus and malware protection
   • Finally one of the most overlooked pieces of any network, antivirus and antimalware protection. It’s easy to forget that in most organizations a user can bring in documents from home on a USB drive, email themselves attachments or simply visit websites that contain malicious material. All of these are entrance points into your network for viruses and spyware and once they’re in, they can wreak havoc. If you do nothing else this year, please make sure that you have a product like AVG, McAfee or Norton installed on all of your computers, servers, appliances, and anything else you can install antivirus/malware software on in your network.

You’ll thank me later if you do only a couple of these tasks this year. When everyone else is hunting down where the Nimda virus started or how their company documents got stolen off of their servers and plastered on a torrent tracker, you’ll be sipping that hot cup of joe by the warm firewall — I mean place.

So, I just returned from an amazing security training out in San Francisco, California. It was the SANS 401 course which was much better than I could have ever imagined it would be. The course started out a little slow with Stephen Sims going over some basic networking concepts. Seeing as I’ve spent most of my life learning about networking and how TCP, UDP, and routing protocols work, it was a bit boring to me. But after we got through that the course started to get exciting. The 6 days were split up into 6 core areas that covered a wealth of information about security.

• Day 1 - Networking Concepts
• Day 2 - Defense in Depth
• Day 3 - Internet Security Technologies
• Day 4 - Secure Communications
• Day 5 - Windows Security
• Day 6 - Unix Security

Some of the highlights from the course were definitly some of the off things that Stephen Sims talked about.  He discussed an IE6 exploit with IFrames that has since been patched.  As strange as it was though, about 10 of the 18 people in the class had machines that were still susceptible to the attack.  Not only did he tell us about the exploit and show it in action but he delved into the assembly code that caused this attack to work.  It was much deeper than I ever would have imaginged a network security class would have taken it.  On top of this, we went over just how easy it is to crack WEP security (which I tell people all the time) but also the tools that are required to crack WPA using a brute-force attack. 

The scariest thing I realized in this class though was how simple it is for people to get their hands on the tools that are necessary to make out these attacks.  Things like ARP poisoning and using rainbow tables to crack LM Hash passwords are as easy to come by as a MySpace account…  Alright, maybe not that easy…  I mean some people who don’t read have MySpace accounts and unfortunatly, I don’t think these applications are made to be optimized for Text-to-Speech engines.  Someone with a few days to read up on these techniques can start cracking WEP keys, sniffing network traffic and taking your personal or business information in a matter of minutes.

I’ll write more on some of the topics that were covered in this course soon.  For now, I’ll leave you with one word of advice.  While you can not ever truly protect yourself from all forms of attacks and keep your information safe from all prying eyes, one of the best things you can do for yourself is patch and update.  Patch and update everything — from Windows to Mac OSX to Office to Mozilla Firefox, download the updates.  I know it can be a pain and take some times but it’ll be worth it.

So I finally sat down yesterday and upgraded our ePolicy architecture to version 4.0 and I couldn’t be more happy with the results of the upgrade.  After a bit of work during the upgrade of backing up the MSDE database on the server, the upgrade went off without a hitch.

ePolicy is a management system for all of McAfee’s products.  It combines customization, reporting, and control of machines in one easy-to-use interface.  This product can control McAfee’s SiteAdvisor, anti-virus product, compliance software, and more. It even controls some other software vendors’ products.  Some of the issues with the older versions of the product included very poor integration with AD and NT domains, a cluttered MMC controlled interface and very cumbersome reporting tools.  All of this is changed with version 4!

A few key additions/fixes in version 4 that make it so great to use are:

• Web enabled interface
  Not only did McAfee give us a new beautiful web interface but they completely got rid of the old MMC interface.  This means that the software runs faster, allows customized screens and has a snappy user experience.
  
• Reports and more
  McAfee also added a much needed, updated, reporting piece to their software.  You can create reports on the fly, link directly to them from other sites, and automate the reports and have them emailed off in a multitude of formats.
• Improved and redesigned AD/NT integration
  AD integration was one of the worst pieces of the old software to deal with.  It would not remove machines when they removed from AD, it would not move machines when they moved in AD and it would duplicate machines all the time.  This version provides direct integration into AD and provides the options to customize exactly what you need it to do.

The list of great new features and fixes could go on and on but I think I’ll let you decide.  Shoot on over McAfee’s site to take a look at all the great tools that they have.  And if you’re working in an organization that doesn’t manage your anti-virus, anti-spyware and compliance software today make sure you take a look at McAfee’s product.