Win a FREE copy of BitDefender 2010

You can win a 1-year license for BitDefender Internet Security 2010. Do you like to win? Do you like free stuff? You’ve come to the right place then.

I have reviewed BitDefender Internet Security 2010 and personally I found it to be an awesome product. It provides excellent protection for your PC and has some innovative features that set the interface and user experience apart from competing products. Check out my review for more details.

Would you like your own copy of BitDefender Internet Security 2010? I am giving away a copy of the software with a 1-year license to 10 lucky winners. Here are the rules of engagement to enter to win:

  • Simply comment on the review for a chance to win. You can share your thoughts on antivirus products in general or BitDefender specifically, or you can just say ‘hi’.
  • You can earn additional entries by sharing this post on Facebook and Twitter*. Spread the word and send me an email to tony@s3kur3.com with a link to your post or tweet.
  • Ten copies of BitDefender Internet Security 2010 will be given away randomly from all entries received by midnight Monday, August 31, 2009.

*NOTE: only one entry for Facebook and one entry for Twitter per user- don’t bother spamming the Twittersphere to try and earn more entries.

Tags: Blog by Tony Bradley
13 Comments »

Give Your PC’s a Back-to-School Checkup

Summer is over. Well- Summer is over for public school students here in the Houston area. In other parts of the country Summer is winding down. In Michigan they aren’t allowed to start school until after Labor Day…so it starts the day after Labor Day- go figure.

Anyway- whether Summer is winding down or the clock has expired where you are, it might be a good time to get your student’s PC back in tip-top homework doing, hardcore studying shape. As Ray Dickenson, CTO of Authentium puts it “After a long and busy summer of playing games, downloading music and browsing Facebook, PC’s can be out of shape or downright dangerous for serious use. Here is a handy guide for giving your computers that back-to-school check-up.”

Check out his blog post: Give Your PC a Back-to-School Check-Up

Tags: Blog by Tony Bradley
1 Comment »

The Little Black Book of Computer Security – 2nd Edition

Rating: fourhalf

The Bottom Line

Joel Dubin’s Little Black Book of Computer Security is unique in its scope and content. Dubin provides the information that managers and administrators need to develop an action plan to secure their network assets. The Little Black Book of Computer Security – 2nd Edition does not provide comprehensive details, or step-by-step instructions, but is packed with outline-style checklists of information to guide you in developing information security policies and implementing effective information security controls.

Pros

  • Updated to cover new concepts and technologies affecting security
  • Comprehensive in the scope of information security topics covered
  • Notes and sidebars highlight vital information to supplement checklists
  • Small book is compact and portable

Cons

  • None – the book successfully delivers on its intended goal

Description

  • Joel Dubin is a Microsoft MVP and CISSP, and hosts an information security radio show in Chicago
  • The appendices are packed with invaluable information administrators can use
  • Excellent resource to use as ‘flashcards’ when studying for security certifications like the CISSP
  • The 2nd edition of The Little Black Book of Computer Security contains 207 pages of concise information

Review – Little Black Book of Computer Security – 2nd Edition

The Little Black Book of Computer Security – 2nd Edition does not teach you computer security. You will have to rely on other resources to teach you the nuts and bolts of information security. However, once you understand the fundamentals, Dubin’s book can be an invaluable resource to help you create an action plan and ensure you are covering all of your bases to protect your network and your data.

Dubin’s book is like a portable plan of action. Each chapter contains a few brief paragraphs with an overview of the problem and why you should protect your computer. He then provides a checklist, in outline form, that a manager can use to determine if their computers are adequately protected or identify what is missing and plug the holes.

Notes, Tips, and Sidebars scattered throughout the checklists highlight the more important information and concepts to ensure you don’t miss anything. In addition, Dubin provides references to let you know where you can find more detailed information for really important topics.

The 2nd edition of The Little Black Book of Computer Security builds on the original by including the vast changes that have occurred in information security over the past few years. Dubin includes sections specifically devoted to privacy and identity theft, regulatory compliance, and protecting Web servers from the next-generation attacks that have plagued web sites recently.

In addition, as if the checklist form of the book isn’t compact and concise enough, the book includes a variety of appendices which contain even more compact information. The list of Web Sites to Check Daily, Tools of the Trade, and Common TCP Ports are great reference tools.

There are plenty of books on all topics of computer security. Dubin’s book is unique in how it helps you apply all of the information from the other books and information resources.

Buy it here: The Little Black Book of Computer Security

Tags: J-M by Tony Bradley
4 Comments »

Book Review: The Soft Cage

I try not to be a conspiracy theorist or paranoid about “Big Brother” government spying on me. A book like this one makes you wonder though. The Soft Cage by Christian Parenti manages to make the subject of surveillance a compelling read. Parenti covers a history of surveillance in America from the mid-1800’s through post 9/11. 

It gives a chilling look into how some of the gadgets we use to simplify our lives and some of the changes made under the auspices of providing better homeland security after the 9/11 terrorist attacks can also be used to track and monitor your actions. The book was written in 2003, but offers insight into things like the warrantless wiretapping by the Bush Administration or recent privacy concerns from Palm Pre or iPhone users. Book Review: The Soft Cage.

Tags: Blog by Tony Bradley
1 Comment »

The Soft Cage

Rating: fourhalf

Description

  • Well-written and researched history of surveillance techniques over the past century
  • Food for thought- conveniences like credit cards and cell phones also monitor your actions
  • May seem paranoid or conspiracy theorist at times, but this book is a compelling read

Review: The Soft Cage

Often discussions of Internet and network security turn to privacy issues as well- Des the corporation have a right to view your email? Does your ISP have a right to track the web sites you visit? Does the RIAA have a right to know what MP3 music files you have on your computer? Etc.The Soft Cage, by Christian Parenti, does not deal with computer or network security per se, but it explores the history of surveillance in America including government-sponsored monitoring of citizens.

From slave passes used to track and monitor the whereabouts of slaves in the mid 1800’s through to post 9/11 advances in technology this book explores the constant struggle to balance security with privacy.

It often happens in computer security that the features and functionality provided to make tasks easier to do and help users be more productive can also be turned against them and open up avenues for attackers to exploit their systems.

Similarly, the very gadgets we use on a daily basis to help us be more efficient and provide us convenience can be used to monitor us. Every time you use a credit card there is a time / date stamp certifying your location at that point in time. Many cell phones are equipped with GPS functionality that can pinpoint your location at any given time.

It is tough not to be paranoid when reading this book. Most of the things used to “track” you also make life easier and possibly safer. But, this book gives you a lot to think about. Read this book.

Christian Parenti takes a potentially dry subject and makes it compelling. He provides a detailed history of surveillance in America- from the slave era through post 9/11. What you learn about how gadgets and conveniences you use everyday can also be used to monitor you may frighten you. A great read.

Buy it here: The Soft Cage: Surveillance in America From Slavery to the War on Terror

Tags: S-Z by Tony Bradley
2 Comments »

TICSA Training Guide

Rating: five

The Bottom Line

Whether you are trying to prepare for the TICSA exam or jsut want to learn more about information security this is an excellent book. Well-written with practice questions and tests to help you pass.
Pros
  • Excellent resource to prepare for this exam
  • Great resource for information security concepts
  • Practice questions and exams help you prepare
Cons
  • None

Description

  • The information in the book prepares you for the exam material and then some
  • Study Strategies, Key Terms, Notes, Warnings and Fast Facts are used to reinforce the information
  • The topics covered in the book are done so in a manner that will benefit anyone- testing or not
  • Valuable resource for preparing for other security exams as well- CISSP, Security+, etc.

Review: TICSA Training Guide

The TICSA Training Guide is invaluable for anyone trying to prepare for the TruSecure ICSA Certified Security Associate certification exam (exam TU0-001). The information is explained clearly and the terms and resources in the appendix are very useful. The chapter questions and practice exam provide a good feel for the sort of questions you can expect to encounter on the exam. If you are studying for this exam, this book is a must-buy. If you are studying for a different security certification such as Security+ or CISSP, this book can still help you to reinforce the concepts you need to pass. If you aren’t taking any exam, this book is still worth the time and money to help you learn and remember key security technology and concepts.

Buy it here: TICSA Training Guide

Tags: S-Z by Tony Bradley
1 Comment »

Web Site Privacy with P3P

Rating: four

The Bottom Line

Web Site Privacy with P3P is a great introduction to the Platform for Privacy Preferences Project (P3P) written by experts who have helped shape the policy. XML code definition is included as well.
Pros
  • Introduction to Platform for Privacy Preferences
  • Syntax and examples to code P3P
  • Style is easy to read and follow
Cons
  • Good overview, but just scratches the surface

Description

  • The first book to actually show developers HOW to write code to create a P3P compliant web site
  • The style of following fictional characters helps the reader put the issues in perspective
  • Illustrates that what some consider a “feature” others consider a violation of privacy
  • Good information on spam, cookies, log files and web bugs to help readers understand these terms

Review: Web Site Privacy With P3P

I may think that having Amazon.com remember who I am and welcoming me to the site each visit along with a history of past purchases and recommendations of similar or related books I might be interested in is a GREAT feature.You may think that having Amazon.com record and retain information on you in order to provide this “feature” is a serious breach of your personal privacy and security.

The Platform for Privacy Preferences Project (P3P) represents an emerging standard developed by the World Wide Web Consortium (W3C) to help automate privacy settings on web sites to accommodate both points of view.

The Lindskog’s provide a fabulous introduction to P3P including XML tags and syntax to help developers create P3P compliant web sites.

Buy it here: Web Site Privacy with P3P

Tags: S-Z by Tony Bradley
1 Comment »

White-Hat Security Arsenal

Rating: threehalf

The Bottom Line

Aviel Rubin tries to fill a void with this book. White-Hat Security Arsenal attempts to fill the space between hacking theory and security practice. It succeeds fairly well and is a very good book
Pros
  • Real-world scenarios help define the issue
  • Bridges the gap from theory to practice
  • Good resource for administrators
Cons
  • Some advice and techniques are a little dated
  • Focuses a little too heavy on cryptography

Description

  • Case studies are an excellent way to get readers to relate the theory to real-world implementation
  • Good detailed description of some well-known viruses and worms, but nothing recent
  • Well-written book with many useful references to other writings if you want more detail
  • Covers most areas that a security administrator needs to be aware of- but predates IDS
  • Good “how-to” reference that explains how to implement various security tools and devices

Review: White-Hat Security Arsenal

Aviel Rubin helps readers to identify risks, learn about potential attacks and build a secure defense. Instead of just talking hacker theory, the book uses real-world examples and case studies to help relate the information to practical uses the reader can understand. The author goes into enough detail to make his point without going over the top, but refers the reader to plenty of outside references if they desire more in-depth detail on a particular subject. The section on viruses is good, but ends with the “I Love You” virus. The book covers most security technology, but misses discussing IDS and other technology since 2001. Overall it is a good book for security administrators to have in their library though and I would recommend it.

Buy it here: White-Hat Security Arsenal: Tackling the Threats

Tags: S-Z by Tony Bradley
3 Comments »

Windows 2000 Server Security for Dummies

Ratingfour

Pros •  Good foundation for Windows 2000 Server security
•  Written in understandable terms
•  Key points highlighted
Cons •  Information slightly out of date now
The Bottom Line – Paul Sanna has written a comprehensive guide to securing a Windows 2000 Server that provides anyone with a good foundation.
Product Description
Learn how to plan and configure Windows 2000 Server security
Shows you hot to monitor and audit your network to discover security breaches
Includes CD with evaluation versions of various security tools and applications

Guide Review

For a basic book aimed at Windows 2000 Server novices, Windows 2000 Server Security for Dummies provides a good foundation for any administrator. It will help you to use remote access securely and how to authenticate users before allowing them remote access. It also discusses some of the techniques used by hackers to break into your server and what steps you can take in Windows 2000 Server to make it as difficult as possible for them to get into your system.While the book is slightly dated, having been published in 2000 with many security flaws discovered and patches release since then, this book still provides a solid base of knowledge that anyone new to administering Windows 2000 Server needs to know to keep their server secure.

Buy it here: Windows 2000 Server Security for Dummies

Tags: S-Z by Tony Bradley
Comments Off

Windows Forensics and Incident Recovery

Rating: fourhalf
Harlan Carvey is a Windows security instructor who created his own 2-day, hands-on course in Windows incident response and forensic investigations. This book shares some of Carvey’s extensive knowledge and expertise in recognizing and responding to attacks on Windows systems in relatively plain English aimed at Windows system administrators. A CD is also included which contains a variety of tools including the PERL scripts described throughout the book.

The Book

The book is laid out nicely, moving from basics to more advanced topics in a way that allows the reader to keep up.The first few chapters define the scope of the book and establish a framework for the rest of the information. Chapters four and five provide a more detailed view of incident response and spell out a variety of techniques and methods to use built-in features of the Windows operating system to prevent attacks.

Carvey walks the reader through an array of tools and utilities that can be used to collect forensic evidence. He describes what he feels are the pros and cons of each and provides a number of URL’s so the reader can find the tools and do their own testing to find out which ones work for them.

In chapter 7, Carvey tells you how to look under the hood and see what makes Windows tick. He explains where to look in Windows for forensic evidence, explaining the files and folders that typically give away an attack, and the tools and methods to detect it.

The final chapters discuss Carvey’s Forensic Server Project (FSP), different scanners and sniffers, and how to use PERL, Carvey’s script language of choice, in a Windows environment.

My Review

About a year ago I was investigating a system to try and determine if it was attacked, as well as when and how if it had been. I wrote for help to a list that I am on and Harlan Carvey responded with detailed and useful information that helped me out.I asked Carvey at the time if there were a book I could get that would help me learn that stuff and he told me that he didn’t want to be cocky per se, but that there really wasn’t and that I would have to wait until his book came out. Now that I have it I think I would have to agree.

There are plenty of great books on computer forensics available, but none that go into the depth that Carvey does on the Windows operating system itself. The information he provides regarding how and where Windows hides information is invaluable for finding and recovering from an attack.

Carvey makes extensive use of PERL, rather than using the native Windows Scripting Host (WSH), and he explains that PERL is vastly more flexible and powerful than what Windows has to offer. He provides details for how to install it and the scripts from the book are on the accompanying CD.

I highly recommend this book for ALL Windows system administrators and anyone who investigates incidents on Windows systems.

Buy it here: Windows Forensics and Incident Recovery (Addison-Wesley Microsoft Technology Series)

Tags: S-Z by Tony Bradley
Comments Off

Next Page »