March 7, 2008 - Volume 3, #23
Good Morning:
17 years. Man, that's a long time. Let's see, if it's 2008, then 17
years ago was 1991. I was in my first year of employment at AMS (in
Arlington, VA) working on a 200 person project building telecom billing
systems. That was a long time ago. It's funny, I'm still in touch with
a few folks from back then. Amazingly enough, a couple have made their
way into the security field. Small world.
[1]Remembering back
to 1991 really puts 17 years into context for me and how much my life
has changed in those 17 years. So you can't really blame a guy like
Brett Favre for deciding to hang up his helmet after 17 years. It's not
like I have 300 pound defensive linemen falling on me for 7 months out
of the year. And I'm really tired. I can't even imagine what Favre
feels like.
What a legacy the guy leaves behind. Every major QB record. Three
consecutive MVP awards. A Super Bowl win (and another appearance). An
ironman streak of 253 straight regular season starts (275, if you count
the playoffs). He's going out on top, having his best season in years
in 2007. Truly amazing stuff.
Yet, the thing I like most about Brett Favre is that he's a regular
guy. Or he seems that way anyway. In the off season he's a farmer. He
showed up to his retirement
press conference in jeans. You know this morning he's back in
Mississippi on a tractor
doing some field work. There is no bling. Maybe he has a decked-out
F150, but you don't see him as being the kind of guy who buys a
Ferrari. And that's what's really cool.
Even more impressive are his charity endeavors. Sports Illustrated did a great profile of
him last year naming him Sportsman of the Year [2], and what
really resonated with me is the impact he's had on people. Another
great example of a guy really giving back. When you heard him speak at
the press conference yesterday, you got the feeling he knew how lucky
he was. He didn't want to tempt the fates any more, so he said enough.
I'm a NY Giant fan, so I was happy when the G-men beat the Pack to
march
to the Super Bowl. But truth be told, if the Pack had won, I wouldn't
have been that disappointed. I'm also a Brett Favre fan, like
the rest of the country. He's
going to lay low for a while and let the road rash of 17 years heal,
but then I suspect he'll be back in the public eye - doing good for
people. That's what regular guys, who find themselves in irregular
circumstances, do.
Thanks for the memories Brett Favre. Have a great weekend.
Photo credit: Brett Favre uploaded by Maitri [3]
Technorati: Information
Security [4], CSO [5],
Security
Mike [6], Internet
Security [7]
 [8]The Pragmatic CSO: Available Now! Read the Intro and Get "5 Tips to be a Better CSO" www.pragmaticcso.com [9] |
Get Your Special Report: 6 Easy Steps to Protect Your Identity and get access to Security Mike's Portal today www.securitymike.com [10]  [11] |
Top Security News
the tools he uses in legal (and ethical)
social engineering engagements [12]. I keep harping on the need to
test all of your defenses and I'll keep on harping on that need until
every company I talk to has a specific process centered around security
assurance. This list of stuff gives you a pretty good indication about
what social engineering is all about. Night vision goggles, lock picks,
copper tubing, you name it - it's in the bag. Ultimately it's not about
being elegant or pretty, it's about being effective and getting the
job done. The folks that are trying to penetrate your defenses don't
get paid unless they are successful, so they will be pretty creative to
that end. It also means that we (as the defenders of the free world)
need to be equally creative.
Link to this [13]
NetworkWorld coverage of a bunch of vendors
(Foundry, McAfee, Symantec, and others) that are climbing aboard the
NAP (network access protection) bandwagon [14] now that Windows
Server 2008 has hit the streets. Let's remember the score here. As much
as guys like me get a bit blinded by the cool metallic hue of my iMac
looking back at me, 85%+ of the rest of the world is looking at
Windows. That means 85% of the rest of the world will be connecting to
our networks via Windows. All those Windows devices (even XP, when SP3
ships in March) will have a NAP client. So yes sports fans, that means
if you are a NAC vendor, you need to support NAP. Will this help NAC
adoption? Nope. The reality is that client support isn't one of the
obstacles to NAC deployment. NAP will help a bit in supporting
unmanaged devices, but that's minimal. Basically there is a bandwagon,
so the security industry lemmings are jumping right on - like they
always do.
Link to this [15]
This time buying Credentica's U-Prove
technology. [16] Huh? I hadn't heard of U-Prove either, but then
again I'm far from being Captain Privacy [17]. Though I hear
Martin is being promoted, so now we need to call him Colonel Privacy.
Evidently U-Prove allows users to only disclose certain and specific
information during a web transaction. You can check out more about U-Prove
on their site [18]. Candidly, I don't get it - but that's because
I don't feel like taking the 30 minutes I'd need to internalize what
they are doing. Instead I'll draw a higher level conclusion.
Technologies that help us to protect our identities are not markets of
themselves, they are components of the underlying computing fabric. So
Microsoft is doing a good thing by continuing to integrate technologies
into their core operating systems and applications that can help
protect information. In other words, I won't pay for it - but I'll be
happy it's in the stuff I'm already using.
Link to this [19]
The Laundry List
- Must be Microsoft day, so I'll point to Michael Howard's post of his favorite security stuff in Windows Server 2008. There is also a link to the Security Guide in the post. - Michael Howard's Blog [20]
- UTM hits the S of the SMB market. Linksys adds some Trend technology to do anti-spam and web filtering on the small business routers. For twice the price, mind you. - Cisco/Linksys release [21]
- Websense announces the Prius of email security offerings, a hybrid SaaS and box based solution. Basically, this addresses the issue that SurfControl's Black Spider never did any outbound analysis in the cloud. But it's good marketing (to turn a liability into a hybrid thing), so that secret is safe with me. - Websense release [22]
- Lancope tries to tie onto the SS Cisco by aggregating NetFlow data from it's new ASR router. Is this an acknowledgment from Cisco that MARS actually has limitations? That would be novel. - Lancope release [23]
Top Blog Postings
http://www.darkreading.com/blog.asp?blog_sectionid=403&doc_id=146975
[24]Link
to this [25]
James McGovern had a lot of good points in
his post [26], which was then expanded by Hoff. LonerVamp also weighed in [27] with
some of his own. But here's the thing. No one (not of these three
anyway) is pointing the finger where I think it should be pointed. And
that is right back AT US. That's right. If your CIO doesn't get it,
it's because YOU SUCK at telling it to him (or her). If your CIO is
only
thinking about security, and not risk - it's because you don't have the
credibility to change his/her viewpoint. You can sit on your hands and
whine about it, or you can get out there and start to change their
perceptions - one person, one conversation at a time. There is no other
way to do it. A CIO has a lot of crap to worry about. If they aren't
taking security seriously or they aren't thinking along the lines that
you think they should be thinking - that isn't their problem - it's
yours.
http://rationalsecurity.typepad.com/blog/2008/02/mcgoverns-ten-m.html [28]
Link
to this [29]
http://foundread.com/2008/03/05/thought-of-the-day-failure-a-step-toward-success/ [30]
Link
to this [31]