Saturday, January 21, 2012

CTO of Algosec talks about my blog post to Network World

Avishai Wool, CTO of AlgoSec and a professor at Tel-Aviv University, recently discussed a blog post I did for them with Network World about conflicts between IT and Information Security. Check out his interview:

http://www.networkworld.com/newsletters/techexec/2012/012012bestpractices.html

Monday, January 9, 2012

Do Your Admins Hold the Keys To Your Kingdom?

Are your admins holding the keys to your network’s kingdom? No, this isn’t some fairy tale where the admins are dark wizards with magical powers over your enterprise, but it might as well be just as dangerous. Many administrators aren’t aware of the damage they can cause with the permissions they’ve been granted, either malicious or not, and we need the ability to monitor these privileged accounts for the risk they introduce. Read my new article for algosec.com below:

http://blog.algosec.com/2012/01/do-your-admins-hold-the-keys-to-the-kingdom.html

Wednesday, January 4, 2012

Can DLP be done right?

Okay, I know DLP (Data Loss Prevention)is a huge undertaking, but can it be done right? I think far too many companies walk into DLP projects, and think they're going to plug in a magic box that will keep them safe. WRONG!

I'm really for DLP, don't get me wrong, but its gotten a bad wrap over the past couple years that's not entirely its fault. What you hear people say the most is that there's too many false positives?

First off, did you take the time to sit with your business units and verify what data they're using? Probably not. Did you let it run in passive mode, and take the reports back to your business units, and show them what it would have blocked. I hope so.

These two things are done sometimes, but in order to get a jump start on your DLP project you need to know where, what and who has access to your data. The classification peice is so essential.

The DLP solution is going to do its job, block data, and its going to do it well, but you need to do the leg work in knowing what the data is, and who's using it. If you don't want to put in a lot of time up front, you'll put in a ton of time in the back end, and eventually it will end up as shelf-ware.

That's all.

Monday, January 2, 2012

Wireless Access Points............Oh my!!

Okay, for Christmas Santa bought me a long-range USB wireless adapter (I love that fat man), and I've been playing with it for the past couple days. I bought the adapter, I mean was given one by Santa, because I'm running Backtrack 5 in a VM and need to have an adapter local for the wireless tools to work properly

Anyway, back to the real reason I'm writing this post. I booted up Backtrack, ran Kismet and noticed a TON of networks, much more than I normally noticed when using my regular wireless adapter in my laptop. So as a test I decided to launch "inSSIDer 2.0", and drive to the food store 3 miles away. If you're running Windows 7, inSSIDer is a great graphical wireless tool to see what networks are floating around out there.

So during the 3 mile drive with inSSIDer running, and a long range USB antenna (I'm assuming had a range of around 750ft, but don't quote on me on this), I located 1081 unique wireless access points!! Wait, it gets better, well kinda of, but most of the APs were running WEP or no encryption at all. I live in NY on Long Island so we're very densely populated, but I didn't assume to catch that many signals within a 3 mile drive. The scary thing is I was driving past many department stores, and I'm assuming that if I drove around a neighborhood the count would be higher.

This is very scary for a few reasons. One, what are these wireless signals doing to our bodies? This can't be good for anything. Secondly, people are relying more, and more on wireless networks, but don't seem to know or care how to securely configure them. This was very eye opening to me. Here's a quick graph with the SSIDs removed from inSSIDer. I just want to let these people know, but it seems like its a wide spread problem.

Frontlinesentinel has been added to the "Security Bloggers Network"!!

Frontlinesentinel.com has been added to the feed for www.securitybloggers.net. The Security Bloggers Network is the largest collection of information security focused blogs and podcasts in the world.

Its a privilege to be included with these awesome blogs, and I'm looking forward an exciting 2012!!