Essential Computer Security

Security administrators would prefer it if people would stop coming up with new technologies. Organizations were just getting a handle on general network security and email, then instant messaging got mixed in there. As soon as they figured out how to protect and manage instant messaging USB flash drives and portable storage became an issue. Its always something and it seems that things are never ’stable’ long enough for security administrators to come up for air and take a vacation in good conscience.

As this Computerworld article points out though, the solution is not to delay implementing the new technologies or to attempt to modify the functionality of the new technologies to fit into the existing security model. The article focuses on unified communications and the issues presented by merging voice and data communications.

Unified communications delivers a number of benefits and cost savings for organizations. Even in the rough climate of a declining economy many organizations are increasing budgets and moving forward with unified communications implementations because of all it represents in terms of providing the organization with the tools they need to forge a successful future. Those benefits can’t be realized though by handicapping the technology to fit the existing security model.

Companies should embrace new technologies like unified communications, but be aware of the evolving security concerns and take steps to address them. Take the time to assess the impact that new technologies have on security policies. Make sure that you understand the functionality of the tools you are using and configure the environment to maximize the inherent security featurs. Conduct security audits and penetration tests to validate security.

Tags: Blog by Tony Bradley
Comments Off

A few weeks ago at the CanSecWest security conference Charlie Miller walked away with the Pwn2Own prize for successfully compromising a fully patched Mac OS X system in a matter of seconds. Miller is making headlines again with the announcement that he has discovered that it is possible to trick the iPhone into running shellcode and expose it to attack. The ability to run shellcode essentially allows an attacker to do whatever they want to do within the iPhone operating system. Previously it has been thought that shellcode could only run on iPhones that had already been hacked or ‘jailbroken’ in some other way.

Tags: Blog by Tony Bradley
Comments Off

Recent surveys suggest that businesses are ready to embrace and deploy Windows 7 en masse as soon as Redmond makes it available. Traditionally, businesses are slow to adopt new operating systems. Its like waiting for the second model year of a new automobile make. You want some other sucker to take care of the extended Beta testing affectionately known as the initial release.

That philosophy has led many organizations to hang on to Windows XP and forego Windows Vista entirely. Some organizations simply waited for Windows Vista Service Pack 1 (SP1), but by that time Vista had gotten a lot of negative press and developed somewhat of a bad reputation. One can debate whether the press was factual or whether the reputation was deserved, but the bottom line is that many enterprises simply decided that Windows XP was comfortable and that Windows Vista wasn’t worth the risk.

Windows 7 on the other hand has been getting rave reviews since the Beta version has been available. Computer experts from all fields all the way down to consumers love the new operating system. Features such as DirectAccess and BranchCache also provide solid business justifications for upgrading and have the potential for changing the way enterprises work with their growing remote sites and roaming work force.

 Follow me on Twitter

Tags: Blog by Tony Bradley
1 Comment »

Do you live in Washington state? Are you one of the millions of Americans currently unemployed and desperately seeking a new career? Finding a new career is never easy, but given the state of the economy and the fact that it seems like for every new job opening there are three new layoffs, it is even more important to have skills that employers need and to set yourself apart from the crowd.

Microsoft feels your pain and they want to do their part to help out. Microsoft announced that they will be giving away 30,000 vouchers over the next 90 days to unemployed individuals in Washington to help them learn new skills. The vouchers will entitle people to receive free training in computer skills and even to take Microsoft certification exams for free or at a discount. The training classes may be taken online or in person.

This is just the beginning of the program which Microsoft announced earlier this year at the National Governors Conference. The plan is to continue the program and expand it to other states. So, if you don’t live in Washington just keep an eye out for the program to come to your neighborhood (a.k.a. state).

Follow me on Twitter

Tags: Blog by Tony Bradley
1 Comment »

Many organizations have branch and remote offices. They might be across town, across the country, or around the world. A common problem facing organizations like this is having all of the various sites share information and work with data. Each site can’t maintain their own files, spreadsheets, databases or other files. That would be too cumbersome to correlate and try to ensure that everyone is on the same page. The solution for that is to house the data in a centralized data repository at the headquarters location or a common data center.

That solution comes with its own issues though. Opening and working with large files over a remote network connection can be painstakingly slow. One or two users accessing data over the network from the central repository can also tie up a significant chunk of bandwidth, making the network slow and unresponsive for others as well.

Windows 7 has a solution to help remote and branch offices work with data more efficiently while reducing the impact on network bandwidth- BranchCache. Essentially, BranchCache acts as a proxy, storing (or ‘caching’) data that is accessed so that subsequent queries for the same data can be served up locally rather than being sent across the network each time. I am not really doing the feature justice though. If you really want to learn about BranchCache and understand how it can help your organization or your customers, check out the Windows 7 Feature Walkthrough for a short video overview of BranchCache.

Follow me on Twitter

Tags: Blog by Tony Bradley
Comments Off

Himanshu Dwivedi and I worked together a few years back as co-authors of Hacker’s Challenge 3. That was a fun project and I still enjoy reading the stories. That style of book – providing information or education in the guise of a fictional story – just works for me.

Dwivedi has written or contributed to a number of other books as well, the latest of which is Hacking VoIP: Protocols, Attacks, and Countermeasures from No Starch Press. Voice over IP (VoIP) is one of the hottest technologies going today, and is also one of the core components of unified communications, which is also hot. Consumers and enterprises both are making the switch from traditional telephony to VoIP, but as with any new technology it seems to get deployed without regard for the security concerns.

The various protocols used to facilitate VoIP communications are vulnerable to a variety of attacks and exploits that traditional telephony did not have to worry about. Dwivedi does an excellent job of explaining the protocols, describing their weaknesses and inherent security concerns, and providing the reader with the tools to secure and protect their VoIP communications against these attacks. You can read my review of Hacking VoIP: Protocols, Attacks, and Countermeasures for more details about this title.

Tags: Blog by Tony Bradley
Comments Off

Are you following me on Twitter yet? Why not?!?!

Are you still trying to understand the value of exchanging 140-character status updates with the world? I did as well at first. I orginally created my Twitter account a while back. I followed the ‘tweets’ of a couple other people and I got to learn things like ‘flight delayed. waiting at airport. why don’t they have free wifi?’ or ‘overslept this morning. need coffee. I hate Mondays’. I then let it lay dormant because it seemed like a useless novelty.

Eventually I came back though. There is something to be said for hundreds or thousands of people sharing random thoughts. There is a social inertia to the whole thing. I also determined that while many of the tweets are random thoughts about breakfast, or stop signs, or being tired of snow and winter, Twitter is also a very useful tool for sharing more pertinent information as well. [Read more →]

Tags: Blog by Tony Bradley
Comments Off

You may have seen the ‘Breaking News’ throughout the weekend regarding the deaths in Mexico from the swine flu and the announcement by Janet Napolitano, the Secretary of the Department of Homeland Security, that the United States has declared a public health emergency after confirmed cases of the swine flu in New York, Texas, and California among other states.

Fears of a pandemic are nothing new. In 2003 we had SARS. In 2006 the world was afraid that the H5N1 strain of the bird flu could become a pandemic.

It may seem a little extreme to stoke fears of pandemic every time someone gets a flu. However, we do expect organizations like the Centers for Disease Control (CDC), World Health Organization (WHO), Department of Homeland Security, and others to be aware of the possibilities and take proactive action to both contain what outbreaks there are and to properly prepare for the potential spread of the virus.

I will exercise an appropriate amount of caution and keep my fingers crossed that this too shall pass. I’ll leave it to the medical experts to decide whether swine flu is a pandemic, or even an epidemic, and how we should respond. But, where I will intercede is to tell you to beware of the words ’swine’ and ‘flu’ in your email inbox.

Domain names related to ’swine flu’ are being snatched up and may be used to host malware, or for spam campaigns or phishing attacks. Any time there is a global headline such as ‘Swine Flu Pandemic’ it gets people’s attention and they want as much information and breaking news as possible. Attackers know this and prey on that fact to lure people into becoming victims of malware or phishing attacks or conning them into spending money in some way.

Be sure you exercise common sense when it comes to emails and file attachments related to swine flu. Follow the advice and tips from the articles below to protect yourself and your computer from being victimized by spam and phishing attacks.

Tags: Email Security by Tony Bradley
Comments Off

Windows 7 will be here before you know it. So far, Windows 7 is getting much attention and rave reviews in its Beta version. The improvements from Windows Vista to Windows 7 are exciting and the new features like DirectAccess and JumpLists have many enterprises and users chomping at the bit.

Well, you don’t need to sit by idly waiting. In fact, I recommend that you don’t. Even if the operating system was available tomorrow there is a lot of planning and preparation that has to be done before you can just deploy it on your network. Some of the features require Windows Server 2008, so if you are still using Windows Server 2003 you should start to look at migrating to Windows Server 2008 so you are ready to capitalize on the new Windows 7 features.

Another thing that you can do to prepare is to validate that the applications your business relies on will work in Windows 7. Microsoft has released ACT (Application Compatibility Toolkit) 5.5 which you can use to begin verifying your applications for Windows 7. Conducting this exercise now will give you months to work with vendors to update any applications that have issues, or allow you to find other workarounds, or replacement applications that will work with Windows 7. Check out this interview between Stephen Rose and Jeremy Chapman to learn more about the updates and changes in the Application Compatibility Toolkit.

Follow me on Twitter

Tags: Blog by Tony Bradley
Comments Off

It’s April 2nd. If you are reading this message then the Conficker apocalypse was a failure and the world as we know it did not end. Whew! Dodged that bullet.

Ok. So….now what? Do we just pretend Conficker never existed and blame 60 Minutes, Good Morning America, and the Today Show for making a much bigger deal out of it than was necessary? No. Conficker is a threat. Perhaps even a significant threat. It is just not the apocalyptic kind of threat that everyone was predicting for April 1st.

The fact is that millions of PC’s remain infected with Conficker and lie dormant awaiting instructions from their malicious master. It is a mercenary army for hire capable of launching a variety of attacks. April 1st is gone, but you need to make sure your PC is not already compromised and take steps to ensure your PC remains uncompromised. Read Surviving Conficker Worm to learn more about the threat and what you should do now.

Tags: Blog by Tony Bradley
Comments Off