Andrews Apologetics

Well I am here at Cannes France for the Cisco Networkers conference sitting in the McAfee booth.  So far, many vendors are representing, however, as it is the first day, people want to collect the “chachkies” first.  Some genuinely interested people have come by.  If you are interested stop by the McAfee booth and say ‘Hi’.  Ask for me, Andrew.

So far it is amusing to see that typical human nature come into play.  First the snacks.  Theonly point to snacks is that they are eaten, however, it was more than one time that the ice cream cart was hauled off with many containers still in the refrigerator.

We already experienced a vendor (read Cisco) which tried to blatantly take a chair that cost McAfee 50 Euros (per)…..nice try Cisco.  We got that one back.  No worries.

Thus far the experience is an interesting one.  Many people interested in NAC and how vendors on the floor are collaborating with NAC.  Interestingly, it looks like people are heading into the education sessions.  Tomorrow would be a more exciting day as I believe people will be powerpointed  to oblivion.  Stay tuned as more will be reported.  Maybe I will even post a picture, I don’t know yet.   

From Cannes, Cheers!

Well, I predict that 2007 will strongly weed out the “boutique “  security players through either mergers , aquisitions, or just belly up.  Seems like a few big security players got some interesting Christmas presents in the form of some nicely wrapped corporate presents.  

The interesting thought is, now that these companies have these “toys”, are they going to do something with them, or be like a child – play with them, then they end up on the shelf until the next year when a new toy enamours them.  Only time will tell, but it is interesting that new companies in the security space are slow to form now.  A lot of these “start ups” are ready to go public (pre-sales move?) or they are merging with others to survive. 

Alliances are also on the rise….. schools of fish mentality where strenght in numbers seems to be the “safe play”.  Remember though that if you align yourself with the wrong crowd, it could be the long term kiss of death. 

Other interesting observations are companies like Microsoft which are starting to go into the security space.  I personally have seen some of their questionaires on security…..very shallow for what they are promising to do for you.  Lets face it.  They are a software development company…nothing more, nothing less. 

Cisco?  Well, they are making security strides….but they are a hardware company. hum, that’s not it either.  Yes I know …. NAC….but upgrade your infrastructure for a cost to benefit from these technological marvels. 

No, the only true inovation as of late would be from companies that are not too big, and not start ups either.  These have enough momentum to develop and drive the industry, but nimble enough to change course and directions when necessary to drive inovation.

If you are too big in a pond, you will run out of room to grow there, and too small, well, think the lower end of a food chain.   Just my thoughts. 

Gone fishin’ 

It amazes me that the more I travel, I seem to think that airport security is inconsistent.  Many people feel that this is a problem, and feel uncomfortable and perturbed.

This may be a benefit, however!  (No I did not suffer from too much jet lag!) Here is the thought: 

IF you had consistency with very manual and subjective inspection processes, and you relied heavily on people, THEN complacency could set in with the workers, and predictability would also be prevalent so that it would be observed and circumvented.   Think about it.  If there was an air of unpredictability as to what and who would be inspected, would the terrorists have a harder time of trying to do what they did?  Just a thought.

My issue on travel is two fold: 

1) What is the purpose of publishing to the public what the criteria is for the “priviledge of having been selected for additional security screening”?  If you were a terrorist, wouldn’t you want to make sure you used that document to not be a selected candidate?

2) The TSA obviously does not heed previous memos on security.  Case in point: I went on a trip, United Airlines (again) messed up my reservations, and did not allow me to check luggage – I had to carry it in through the security screening area.  Needless to say, I had to surrender my toiletries. 

I understand that TSA had to do it, I was angry at United.  To add to insult, however, the TSA had to go through my toiletry bag.  The bag has clear plastic windows.  As they confiscate all of the liquids that are under the correct amount, they TOTALLY skipped over a nail clipper in plain sight!  Wasn’t a nail clipper listed in the previous Homeland security briefing as a bad item which should be confiscated??

I don’t get it sometimes.  Not complaining.  Just don’t get it. 

No, this is not an add for Pampers or Depends (insert appropriate trademarks and such).  What I am refering to is Data Leakage. Seems like a lot of companies are worried not just about protecting their networks, and hosts, but also their Data. 

It’s pretty easy actually to see the progression of protection within security. Starting with networks and protecting the infrastructure.  With the prevalence of a mobile workforce using laptops, quickly malware would walk in with these devices and spread their “good cheer” to everything that computes within the network.  Sure, the network would be protected, but the malware would run rampant within the perimeter.  Enter the host protection.

Host protection in the past used to refer to Anti-Virus. Later, Desktop Firewalls were introduced as a tool to help “lock down” the host computers so they only communicate over authorized ports on the system.  It is a solid protection offering having both.  Today, however, there are hack tools which interrogate the system on which ports are being used, use those conventional ports could be exploited by “boring” (a mining term) holes through the firewall, or “tunneling” (again, using a port designated for one use and exploiting it to tunnel other data, software, attributes across it).  Enter the dragon: HIPS, or host intrusion prevention systems.  HIPS would provide inspection of the intent of code ie: keep buffer overflows in check, DDOS protection, etc.   BUT….. what happens if you do not have restrictions on USB memory sticks, burning CDs or DVDs, using instant messaging file transfers, etc?

The new security tool:  DLP (Data leakage protection).   In short, the concept is to tag your DATA so that the network or host would recognize information as something that a person does not have rights to walk out the door with by way of removal, printing, file transfer, but still be able to review the records or data if they are authorized to do so.  

A great example that I can think up is compliance audits. (OOOOh isn’t this a choice example these days?!)   When conducting audits, it truely amazes me that although companies and agencies have policies to restrict removal of confidential information or personal information, the one thing that slips by peoples radar is the auditors themselves!  Need proof?  Look at the news headlines when personal information is lost.  A CD is lost, a laptop stolen, etc.  In many cases where it was not a hack attack, the ones who lost it were the auditors!! Why?  Because there are no checks for our data to remain in our offices.  How did the people get the information?  Copied it to a CD, or through the network and loaded to their laptops.  In short.  Data Leakage.  (And this was authorized removal too!)

 Imagine that your are a financial institution, manage personal information (like what HR department doesn’t these days), or have some patent development for the next “widget” that will be the rave for next Christmas, you actually are a great candidate for this technology.  The more I learn about it, the more I see this as being on many companies shopping lists this year.  It seems like the technology would allow you to control the tagging and control of your data so that you could restrict and control the flow and copying of information in a [more] predictable and managable way.  This would also help with auditing and data controls within certain compliance requirements.  The “gotcha” [there always is one somewhere] is that you still have to identify your data and categorize it so that the systems know that it is important to you. (Truely, how would a system know without you telling it???)

 Add to DLP some risk management in a company, and you would have a strong but flexible security framework which would put some teeth to your policies.  It would be intresting to see if this holds true for 2007.

Over the holidays, it seems like the hacking element has toned it down a bit (but not too much!).  Christmas greetings and such were the targets as well as some exploits on stuff Microsoft had put out.   No suprise though as hackers will target the market share!

If 2006 is any indication of what is to come, my prediction is that in 2007 will wreak with more malware in the flavour of root kits, trojans, and tertiary vectored exploits (IM, Phone, VoIP,etc).  It is a principle taken from military observation:  A frontal assault will cost you dearly and yield less by way of an advance than a well coordinated flanking maneuver where you can obtain your target with less cost to resources, time, and manpower. 

The difference this year, in my humble opinion, will be that there will be more coordination between hackers, tighter code,  and more stealth involved.  The scary thing would be xeno type attacks, but I don’t expect to see it this year (Let’s pray to God that we don’t!!).   With the onset of Microsoft Vista, it would appear that there is more reliance on Microsoft to secure it’s own boarders (tables, libraries, etc) however, with that though process, unfortunately, it would make it a prime target.  *sigh*

I said it before, and I will post it here:  “The best security device rests between our ears.  There is no substitute for common sense.  If we apply it in what we do [security] it would infuse proper design and architecture where patching would be minimized. When and where patching IS warranted, it would not break what was already fixed!”

 And so goes my first rant on security.  Happy New Year. (I hope!).