October 17, 2007 - Volume 2, #143
Good Morning:
Let's play a little game this morning. Remember back to when you were a
kid and the technology that you had at your disposal. I was in
elementary school in the mid 70's. Cable TV was the shiny new thing, if
you could call those brown boxes shiny. We had the dual box set up,
with the "remote" (really a channel selector) being a box wired to the
2nd box (which plugged into the TV) with a 15 foot cord. I must have
tripped over that friggin' cord 50 times. Ah, the memories.
There were no cell phones. There was no Internet. And the "computer"
was the little Timex Sinclair. I did have an Atari game console to play
Pitfall and Frogger. Times were a lot simpler then. Why do I bring this
up? I guess I'm getting a little nostalgic because every so often I
discover new technology that within a month or so, I won't know how I
lived without.
Like my cell phone a few years ago. It's seriously aggravating now to
not be able to get in touch with the Boss whenever I need to. When I
was a latchkey kid, I'd be outside playing with my brother and we'd
never hear the phone. I'm sure my Mom never knew where we were when she
was working and it probably made her crazy. Today's kids are attached
to their phones. Texting everyone, but more importantly - we as parents
know where the kids are. The world is also a lot more dangerous now, so
this is real progress.
Yes there is a point to all this yearning for the simpler days/times.
Since I'm too cheap to buy a new car with a navigation system, I bought
one of those portable GPS toys because the Boss drives my car from time
to time and let's say in my family I got 150% of the sense of
direction. I figured the $270 I spent on the system will be paying
dividends for years as I don't have to take the "I'm lost, help me"
calls.
It didn't occur to me that I could take the portable GPS with me on
business trips. Until Monday. So I put this thing on the windshield of
the rental car and
miraculously it gets me to my destination. No fuss, no muss. I had a
little time before my flight on Monday night, so I figured I grab a cup
of coffee. Do a little search on my portable nav for "Starbucks" and
within 7 minutes I'm enjoying my Mocha frap light (a guy's got to watch
his weight, you know). I needed to fill up the tank before I returned
the rental car. My little friend has these cute gas icons right on the
map, so I know exactly where to go.
Will I be late for my meetings? The nav tells me when I should arrive
at my destination, so I can call to let them know where I am. Having
that kind of information made the trip far more enjoyable. No more
chicken scratch on little note cards after spending 30 minutes on
Google Maps to figure out the best path to the 3-4 meetings I do on a
travel day. The portable nav will quickly just become a part of how I
travel. I'm sure my kids will laugh at me in 10 years when I tell them
the stories of getting around before there was GPS built into every
cell phone and available on little systems you throw in your bag.
Have a great day.
Technorati: Information
Security [1], CSO [2],
Security
Mike [3], Internet
Security [4]
 [5]The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [6] |
Get Your Special Report: 6 Easy Steps to Protect Your Identity and pre-order your copy today www.securitymike.com [7]  [8] |
Top Security News
Microsoft announced their next foray into
"business communications" yesterday [9] in typical Microsoft
fashion. Big shindig, a little Clapton, Bill G on stage, and a couple
hundred lemmings announcing new products built on the Office
Communications Server platform. Cisco has been investing in this stuff
as well. Chambers did his "collaboration" stump speeches at all the big
shows earlier this year, they bought WebEx and voice and video is
clearly an area of focus within their emerging technology group.
Interestingly enough, both are paying lip service to security as a
"feature" of their communications platforms. That's right, you can't
talk about collaboration without the concept of protecting the data
baked right in. Are they there yet? Of course not, but they both are
saying the right words. Security is a feature.
Link to this [9]
This article by a Cisco engineer on
bMighty.com dealing with common switch hacks [10] is kind of the
equivalent of those old troubleshooting techniques. Many of us are so
focused on higher level application attacks, we kind of forget to make
sure the switches aren't exposed. There is good list of switch attacks
here (like targeting SNMP) and also how to prevent the issues. It's
always good to remind ourselves that if the foundation isn't secure,
you may as well build it on quicksand.
Link to this [10]
Between the Lines blog on ZDNet covered a
Gartner Symposium pitch on "Information Security on the Cheap." [11]
I'm not sure if that's what the session was actually called (and it was
presented by ATL neighbor Adam Hils), but there were some interesting
points. Evaluate patch status, use free anti-spyware and personal
firewalls, limit administrator privileges to administrators, and lots
of
other good tips. Unfortunately none of these are really free. This is
very much in line with my Security Mike [12] process for consumer
Internet Security, but unless you have less than 10 devices to manage,
will be very resource intensive for businesses. That's why for SMB, I
favor CHEAP - not free tools. I want some semblance of policy
management, even if it's simplistic. I don't want to be going around to
50 desktops to make sure they are all patched. Nor do I want to pay my
"guy" to come over once a week and check everything out. Guess I need
to add "Security Mike's Guide to SMB Security" to my To-Do list.
Link to this [12]
The Laundry List
- Intent? Evidently building a big box indicates SonicWALL's "intent" to make inroads in larger enterprises. Good luck with that. How do you intend to deal with the company that starts with a C and ends with an "isco?" - SonicWALL release [13]
- Most SMBs "exposed" to Internet Security threats. Thanks Captain Obvious. Do these reports actually help sell anything? - Webroot release [14]
- Speaking of SMB security, it seems that Anchiva thinks having more signatures will get an IT Director excited. Guess what? They don't care how many signatures are on the box. - Anchiva release [15]
- Yet another SIM vendor goes after Log Management. TriGeo announces a new box, powered by Splunk. SIM doesn't stand alone, remember you heard it here first (about 18 months ago). - TriGeo release [16]
Top Blog Postings
http://esgblogs.typepad.com/steves_it_rants/2007/10/the-end-of-the-.html [17]
Link
to this [17]
http://rationalsecurity.typepad.com/blog/2007/10/security-is-not.html [18]
Link
to this [18]
http://www.tssci-security.com/archives/2007/10/16/way-to-go-arnold-why-ab-779-was-a-lose-lose-situation-for-small-business/ [19]
Link
to this [19]
http://securitymike.blogspot.com [20]
Check out the
latest on
the Security Incite blog
http://blog.securityincite.com/ [21]
Read the
most recent Daily
Incite
http://securityincite.com/security-incite-rants/daily-incite [21]