Monday, August 21, 2006

More on your home computer

Here is a link to some sound advice on securing your home computer from the folks over at CERT at Carnegie Mellon.

Sorry folks there just wasn't much more to say about this one.

Thursday, August 17, 2006

Personal Firewalls

This article on Personal Firewalls does a really nice job of discussing the "long and the short of it."

Firewalls are a necessity, period (fullstop for those speaking the Queen's English). Folks in the security industry often speak of "Defense in Depth." In other words, you don't put everything you have in place, much like the French did prior to WWII with the Maginot Line. This incredible fortress was bypassed by the Germans, making it useless to the defense of France. Unfortunate for their history and disasterous for your data if you try it on your home computer or home network.

However, that is exactly what most folks do when they only use Anti-virus protection. And it some ways it is similar to using the same vendor for all phases of your defense. Many folks use the all-in-one packages (firewall, anti-virus, anti-spyware) from the major vendors like McAfee or Norton, but again all of the muscle is in one product. And that puts all the work on the processor of one computer as well.

My thoughts on this are simple for those with broadband internet access. Start with a hardware firewall (perimeter firewall). It's a box that is physically between your cable/DSL modem and your computer. There are several brands such as Netgear. Now do you need all the muscle it offers? Probably not, but for about $100 why not add that extra layer of protection. With this the work of your software protection products is a little less intensive. It only needs to focus on everything that gets by the hardware firewall.

Think of it this way. You keep the front door of your house open so you can speak with your neighbor across the street. Bugs tend to fly through the door and you have to spend a bunch of time and effort with a flyswatter getting rid of them. Then you install a screen door and you only have to open your door once in awhile, so your "flyswatter time" is reduced.

It think that might be enough today.

Liquid explosives? And what it means for the rest of us...

What does all this mean for everyday life? Well, it's sort of the same situation as 9/10 syndrome. The only thing that's different between today and "yesterday" is how we perceive the situation. Liquid components for explosives have been a concept for a long time; I even knew some folks in high school that toyed with them.

The difference is that we are reacting to it now. Here's the deal on flying and I don't intend this to sound like a bunch of false bravado.

Whether or not someone sneaks a bomb onto a plane is generally out of your (and my) control. Simply stay alert and help where and when you can. If all you can do is calm others that are interfering with any response then do it. Rick Rescorla did much more than this on 9/11 and he exemplifies what the security professional, but the one thing that everyone that walked past him keeps stating in interviews was his calm and his efforts to keep everyone else calm as they evacuated.

So do what you can, when you can, but remember that very little has changed since the day before the announcement, except maybe your perception.

Tuesday, August 15, 2006

A short hiatus

Sorry for the break folks, I have recently moved to Washington State for a new opportunity. Just a short move across the entire U.S. from one Washington to another.

I plan on being just a tad more regular here in the near future.

Friday, March 03, 2006

SHAC six found guilty on ALL counts!!!

I'll get links to articles up soon, but in the meantime just know that the federal jury in Trenton, New Jersey found Kevin Kjonas and the rest guilty of terrorism under the Animal Enterprise Act.
This is exceptional news and it means that it may become just a tad easier to defend your organization from such attacks.

Here is a short list of SHAC's tactics:
  • Posting executive and employee information on the web. This information sometimes went so far as to show what schools the executive's children attended. Not that it makes any difference, this was not just information about HLS employees but also that of other companies that did business with HLS.
  • Home protests - that's right they would visit an employee's home and protest outside with graphic signs. They might also canvass the neighborhood to inform their neighbors of the "horrible" things their neighbor was involved in.
  • Telephone campaigns - companies were inundated with phone calls that amounted to little more than denial of service attacks.
  • Others limited only by creativity...
Although The ALF usually claimed responsibility for other more intimidating actions they were often done in a manner that just so happened to forward the goals of SHAC. These included:
  • Vandalizing employee homes and cars - throwing paint on the houses and using etching acid to write on house and car windows. They would also use paint stripper to write in the paint on cars.
  • Booby-trapped letters were mailed to some executives - not explosives but razorblades.
  • Threatening phone calls, letters, emails and the like.
  • At least one denial of service attack on a bank.
  • Vandalizing the Marsh offices.
  • And let's not forget the Chiron and Shaklee bombings in California.
  • This is just the short list.
We will have to wait and see what the result of these convictions will be in terms of attacks and the implicit threats. We may see this whole thing move just a little more underground. That is where it largely was until the 1990's when it pretty much went mainstream and no one took too much notice. The ELF and ALF pose real threats and because they function more as "movements" than as traditional organizations it may be very difficult to shut them down. This is ever more true with the Internet since their operations manuals, manifestos, creedos, and the like will continue to be available for distribution to anyone. That is free speech and it's the price we pay for our freedom.

So, if your organization has done business with HLS in the past, is involved in any sort of animal testing in particular, or other uses of animals targeted by the Animal Rights movement it would be prudent to be prepared for random retaliatory actions.

Tuesday, February 28, 2006

More thoughts on your home network

Here's a news story that you probably won't find as a headline, because it happens all too often... My friends house was burglarized and among his losses - possibly the least of his concerns - were his computers.

So we chatted a good bit about it and I got a little food for thought as well.

First, was the question how anyone would know that he had computers in the first place. Anyone? Anyone? Here are three quick possibilities:
  • The comings/goings of persons with "laptop cases" - we all know what they look like and it's pretty unavoidable.
  • Looking into the windows of the house. How many of us actually try to conceal our computers from the windows? Afterall, they're so common.
  • Wireless networks. That's it. Anyone with a laptop running XP that turns it on will see the network listed, unless....


So what are some solutions?

As for the laptop cases, there are some designer bags that don't "have the look," but they're pricey. I'm pretty cheap so my solution involves my favorite daybag (book backpack) and a bit of swag from my buddy at Cisco. For you, just find a bag or briefcase that you like and works for you. Then get a padded carrier for the laptop and put in inside your bag/briefcase. It may not be pretty, unless you put some time into it, but it works nicely. I like it for airports and other public places. No one would ever put a laptop in my ratty old backpack, so no one gives it a second look.

The windows problem should be pretty easy. If not, you have much larger problems. And if you problems are much larger, like you have a server rack in your kitchen, then it's time to get creative with your window treatments. Possibly frosting the lower half of window will prevent casual observation.

Wireless networks are a problem - and one that just won't go away. Most folks look at this issue in terms of encrypting data and the like. The focus is on a hacker, not a burglar. So you can turn off your SSID Broadcast to make it a little harder form someone to find your network. This has little benefit and does create some headache. While it makes the network stop broadcasting "its name" it still has to transmit the data and you must "tell" your computer the name of the wireless network it is looking for before it can get access. Keep in mind that someone with moderate skill will be able to find your network, sniff all you packets, crack you encryption and get onto your network. It's coming, but right now the average burglar probably isn't going through this trouble. If he/she did they probably wouldn't enter your home since they could steal your data remotely. So consider lowering the profile of your wireless network. Turn it off when out of the house. Turn off the SSID. Turn on the MAC filter - again, this has limited benefit with additional headache. Oh, and I should not have to mention this, but make sure you change the password to your router.

I'll stop this here, but don't worry this topic will come up often I'm sure.

Friday, February 03, 2006

You Network, Your Computer - protect it.

I know I'm a little late on this topic, but I'm really not just writing about this new threat.

There are three things that everyone should have in place on their home network.
  • A firewall
  • Anti-virus Software
  • Anti-spyware Software
Now here's why...

The firewall is a tool for separating networks. Think of it more as a doorman than a wall. I think the tech guys just thought firewall sounded better in the beginning. The doorman or receptionist's job is to keep the wrong visitors out and admit the right ones. It's not perfect and there are ways to get around it. The most common is when traffic is initiated from the inside. Like when I send you an email with a link to a website; that you dutifully click on. This tells the firewall that you wanted the communication in the first place. That is one way to get the bad stuff past the firewall - it's not foolproof. The better firewalls are on the lookout for bad data trying to get through.

It is ideal to have a firewall on your network; that is at the point of origin in your house (by the cable or DSL modem). It should be an appliance - a physical box separate from your computer. It will handle the bulk of the work and screen all sorts of bad stuff.

It is also ideal to have a software firewall on your computer - desktop or laptop. This does not need to be some robust system like Norton Internet Security because your appliance is carrying the bulk of the workload. This firewall gives you more control over who your computer tries to contact - outbound traffic. On a laptop this is an essential tool if you ever connect to public networks where such a lightweight firewall prevents many disasters. This local firewall let's you more easily keep those programs you just installed from reaching out to the web - ah you didn't know they did that, huh. Remember though, the more robust (read powerful) this firewall is the more of your computer's resources it will consume; which means slower downloads, graphics processing, etc.

Anti-virus software is like the linebacker behind the firewall. It prowls around and makes sure that anything that gets through gets special attention. It also fills the role of a free safety by making sure that everthing crossing the line is covered. In other words - for the non-football minded - this software makes sure that the code (program) that is malicious is not able to install or run. How it does this is not really important here; what is important is having it installed and running ALL THE TIME!

Anti-spyware is still evolving and is useful for preventing some of the methods used for tracking your activity on the computer. Try a few like Spybot, Adaware, Microsoft, and the others; then see which combination is best for you since none get everything.

When it doubt... Google the application that is trying to reach the web, or the term you do not understand. Google and Wikipedia are your friend and partner on this and will help choose the right programs to deny access to the web.

That's the quick and dirty. For more advice, send an email.

The Ineffective Risk Manager - A Comedy or maybe a tragedy

This in from a close friend. It took awhile to stop laughing.

So museums, like other firms, high these folks called Risk Managers. Otherwise they have security or safety professionals that fill this role, and sometimes they just have to rely on an operations manager to do this job. Well here's the result when no one is observing the environment with an objective eye and taking appropriate actions to safeguard the assets.

And here is the asinine comment of the day:

"Whilst the method of displaying objects is always under review, it is important not to over-react and make the museum's collections less accessible to the visiting public," he added in a statement."

Wrong! Assets like these - that is IRREPLACEABLE - must be less accessible to the public. That doesn't mean they need to be hidden either, but some sort of barrier should prevent destructive unauthorized access.

Let's face it, it's not like these can be replaced. The insurance carrier MIGHT pay a claim, and right there is a problem. The carrier should have dictated specific safeguards to be used in the display of the asset, otherwise no claim check. But even with the money the museum is out the vases, out the exhibit, and out the patronage that the vases drew. They were a key exhibit, why weren't they protected?

The priceless vases, dating from the late 17th or early 18th century, were donated to the museum in 1948 and have become one of its most recognizable exhibits.

And here's the absolute funniest quote from the article:

Shocked but determined museum staff members have vowed to glue the shards back together again.

I guess they were all absent the day that the whole Humpty Dumpty fairytale was covered.


Here's the moral of the story... Take a step back; look at your facility; know your organization's mission; then ask what if, what if, what if, and don't stop asking until the day you retire.

Tuesday, January 17, 2006

Interesting vulnerability for Laptops with Microsoft OS

Here is a nice little article concerning a vulnerability for laptops operating with Microsoft operating systems (as if there are all that many laptops not using windows). However the news is not bleak, and for those of you that know me personally, I've been talking about the countermeasures for a long time anyway. But here's the problem...

I don't know why everyone with a wireless enabled laptop doesn't have a firewall or routinely disable the wireless antenna. These two simple countermeasures are useful for other important reasons. First, disabling the antenna will help conserve battery life. Oh, you say you're plugged in so battery life isn't an issue. So what! Why would you have the antenna turned on if you don't need to? It's sort of like leaving a door open to your house - why do it if you really don't need to. And the firewall is like a screen door on the house. It lets you know when people are trying to get in and lets the legitimate "air" through. It's not foolproof but it's a very nice tool. Firewalls now have gotten more user friendly and are pretty lightweight in terms of consuming system resources. Granted with the antenna turned off you really don't need an active firewall, but it's not that big a deal to leave it up.

The author of the article notes that his firewall had to be disabled for the vulnerability to be properly exploited. So keep the firewall up and pay attention to any notifications that the firewall might provide for attempts at accessing your system. So just turn off the antenna if you don't need it and use a firewall. There's one bundled with the Microsoft operating system and there are free applications available on the web. You may not need a "big honkin'" firewall, just one that restricts access effectively.

Rob
/


Monday, January 09, 2006

ELF exists!!!

There have been a series of articles, like this one, along the lines that the ELF (Earth Liberation Front) either does not exist or does not have members. This is an interesting argument that is being propagated for reasons I do not know, but the recent focus on ELF and ALF is the result of two events: the recent arrests of those accused of several arsons in the name of ELF and the FOIA document releases indicating that the FBI monitored such groups as PeTA.

First let's get the minutia out of the way...

The FBI was monitoring groups like PeTA for any number of reasons, but the best one that I can think of are the contributions PeTA made to Rod Coronado's criminal defense of roughly $70,000 so he could fight charges of arson that he eventualy plead guilty to and PeTA's contribution to the Earth Liberation Front which was stated to be for publicity. These funds were likely used just for that but it still creates enough suspicion for a little monitoring. Both of these groups, the ELF and the ALF, are considered to be terrorist organizations because they espouse the destruction of property in furtherance of their cause... And there are many arguments that they make about this being non-violence because humans are not targeted, but that is neither here nor there right now.

The problem here is the concern as to whether a person can be charged, implicated or considered a member of an organization that admittedly does not have "true" members. Anyone can claim to act on the organization's behalf as long as they abide by their rules - which can be easily found of the web. But let's attack this from another direction... There are "prisoner" support networks for both the ALF and the ELF. The North American Animal Liberation Front Support Group provides information about arrested activists and directions for making donations or sending care packages. Now if there is no organization with no members then who are these people that need support?

This point was make clear when one of the recent defendents requested that his information be removed from the support group website. This is presumably to make it harder to convince a jury that he a member of a terrorist organization rather than a lone arsonist with an ax to grind. Fine lines that could mean years difference in a sentence.

In other words, as long as an organization exists, in name or form, that encourages actions that target another they are a threat and should be treated appropriately.

With that said, keep in mind this is not some vast organization of shadowy activist but much more likely very very small handfuls of individuals getting a little worked up. Security programs should stay informed and stay focused rather than taking "knee-jerk" actions that cost unnecessary funds and damage the credibilty of the security team. Work with the local law enforcement, collect your own intel and make some sound judgements - or find someone more capable to assist you.

Rob
/