Archive

Archive for November, 2008

An Information Security Place Podcast – Episode 10!

November 26th, 2008 Michael Farnum

 

Link to MP3

Show Notes:

Episode 10!  We are in double digits!  W00T!  Thanks to Jim for all the hard work on getting these podcasts produced, for picking the music, for doing most of the talking, for… errr, what do I do around here anyway??

Segment 1: InfoSec News Update and some discussion about pinko commies

Segment 2:

  • Geek Toys – Jim has pretty much given up on trying to please Kirk because he is talking about non-security related toys AGAIN – a review of the Popcorn Hour A-110
  • Consultants Corner- Staying diligent during holidays
  • Further ranting – Jim says “LEAVE ME ALONE – I AM BUSY” to Q4 invitations to speak at conferences

Music Notes:

  • Intro/Outro – Digital Breaks – “Therapy”
  • Segway 1 – Naked Gun – “A.D.D.”
  • Segway 2 – Kickstart – “Bouncey”

I have an "opinion" – buy my stuff

November 24th, 2008 Michael Farnum

I will start out this post by saying that I generally am a fan of SC Magazine.   Though the product reviews are not very good, they often have informative interviews with some folks whose views I respect.  But I had to guffaw a bit with the Nov 2008 edition when I got to the opinion section, and specifically the article by Richard Moulds.

The reason I LOL’ed at this article was not because the article was wrong.  Mr. Moulds talked about how enterprise encryption was the last line of defense, where if "other security and access control systems fail, if the data is encrypted – it is probably safe."  I agree with that.  I also do not disagree with his assertion that key management is "central to deployment on any encryption-based system."  Makes perfect sense.  Mr. Moulds also says that key management must protect keys but should also make them accessible and highly mobile.  Again, no disagreement.  Just about everything in the article makes sense when talking about an enterprise data encryption system.

No, I don’t agree with the content of the article.  What I disagree with is the placement of the article.  I disagree that this article should be placed in the "opinion" section of SC Magazine because Mr. Moulds is an EVP in Thales Group, which recently purchased nCipher.  And nCipher, according to their website, "provides state-of-the-art encryption management to the world’s most trusted enterprises."  So what else do we expect Mr. Moulds to say about encryption?  That it sucks?  That you shouldn’t look into it?  Sheesh.

SC Magazine’s editorial page says this about what kind of articles it will accept in the opinion page:

SC Magazine does accept vendor-neutral contributions for its monthly Last Word and Opinion sections. Offering viewpoints on timely and sometimes controversial subjects, these may also include some pragmatic advice to help readers deal with everyday problems.

If you can’t see through that smokescreen, then you need to get better fog lamps.  Please SC Magazine.  In the future, do not allow vendors to write opinions in your magazine about the very technology they sell.  It doesn’t give me much of a warm fuzzy that the writer’s opinion is genuine, and it makes me question the integrity of you publication.

Vet

Some NitroSecurity pimping

November 19th, 2008 Michael Farnum

Those of you who know the SE side of me hopefully know that I do not hold very many security products to a very high standard because I don’t expect them to perform to it.  Many products do a good job, but I really see very few that make a lasting impression on me.  So, that is the reason I generally do not review products or write about them.

But every once in a while I see something that knocks my socks off and keeps impressing me.  And one of those is NitroSecurity’s SIEM product, ESM (Enterprise Security Manager).  The interface was the first thing that caught my eye when I first saw it about a year or so ago.  It uses Flash / Flex, and it is beautiful.  And not only does it look good, it makes management and forensic research extremely easy.  Plus, the product accepts flows along with events, so correlation is superior.  AND, it has a REALLY fast database, enabling high performance testing while not sacrificing the number of events coming in and being captured.  Basically, you don’t miss stuff because you are trying to look up and investigate OTHER stuff.  And that last point is something that has, remarkably, gotten better.

Now, to be honest, I have not experienced this.  I have only talked to some internal people at Nitro about it.  So the press release below from Nitro gets your knowledge to the same level where I sit.  But I can’t wait to see this new line if it performs like they say it does.

So, here’s the release.  Good luck Nitro people. :)

NITROSECURITY RELEASES INDUSTRY’S HIGHEST PERFORMING, MOST SCALABLE SECURITY INFORMATION & EVENT MANAGEMENT (SIEM) SOLUTION

NitroView ESM 5000 Reduces Business Risk and Increases Availability by Identifying, Correlating and Remediating Threats in Minutes

Portsmouth, NH – November 18, 2008 – NitroSecurity, Inc., a leading provider of network and information security solutions, today announced the availability of the NitroView Enterprise Security Manager (ESM) 5000 family of SIEM products that are capable of analyzing, correlating and reporting on billions of security events, network flows and logs per minute.  With NitroView ESM 5000 organizations can now mitigate risks to their information and infrastructure by responding to and eliminating security threats in minutes instead of the hours typically required with current SIEM technology.

“The true value of SIEM comes down to how much data it has access to and can handle to make accurate and timely decisions,” said Michael Leland, chief technology officer, NitroSecurity.  “SIEM effectiveness requires a data processing architecture capable of meeting increasing scalability and performance requirements.  NitroView ESM 5000, for the first time, gives organizations risk mitigation that responds in minutes to threats that have typically taken hours to identify with competing technology available today.”

The SIEM products currently on the market are mostly capable of detecting and alerting on a particular incident.  However, they do not have the high-speed processing capability to perform the in-depth forensic analysis necessary to prevent or reduce the exposure to looming threats including loss of data, DoS and DNS attacks.  Supported by the patented NitroEDB relational data management engine, NitroView ESM 5000 is capable of meeting, and in most cases exceeding, this response time. 

“As business needs evolve, so do SIEM capabilities, which is important if vendors wish to remain cutting-edge,” said Jon Oltsik, senior analyst, Enterprise Security Group.  “One of the biggest things we have noticed is that there is a direct correlation between the amount of data available to a SIEM and the value it provides to an organization that has implemented it as part of their overall security structure.”

The NitroView ESM 5000 SIEM is able to deliver an “Order of Magnitude” increase in event, log and flow processing capability, including the ability to: 

•    Analyze and correlate months or years worth of network event, log, and flow data in minutes – down to the preserved packet level. 
•    Process a sustained input of four million events/flows/logs per second while simultaneously analyzing, correlating and reporting on 100 million record queries per second (six billion per minute).

NitroView ESM 5000 is currently available in four models with pricing starting at $39,995.  Pricing is based on models that have input and correlation rates ranging from two million events per second (eps); 25 million record queries per second to four million eps; 100 million record queries per second.

To register for a live demonstration of the NitroView ESM 5000 led by an engineer or to “test drive” this industry leading SIEM product please visit the NitroSecurity website.  For more information, you can also download NitroSecurity’s whitepaper titled, “Fundamental Requirements of SIEM.” 

About NitroSecurity
NitroSecurity is the leading supplier of information security products that protect business information and infrastructure — Edge-to-Core.  NitroSecurity solutions reduce business risk exposure and increase network and information availability by monitoring, protecting and alerting organizations about suspicious or harmful network activities from inside or outside the enterprise.  Utilizing the industry’s fastest analytical tools, NitroSecurity will identify, correlate and remediate threats in minutes instead of hours, allowing organizations to quickly mitigate risks to the organization’s information and infrastructure.

NitroSecurity serves more than 500 enterprises across many vertical markets, including healthcare, education, financial services, government, retail, hospitality and managed services.  For more information, please visit www.nitrosecurity.com.

Vet

Categories: Security Products

funny satire on MSFT and Linux – OJ Award

November 13th, 2008 Michael Farnum

image Steven J. Vaughan-Nichols is a fellow blogger at Computerworld, and typically drives me a little nuts with his "Microsoft-is-evil" / "Linux is God’s OS" posts (it drives me a little crazy when people take such a one-sided rabid stand on the OS issue – I am all for ideals, but Steven just goes too far sometimes).  However, his latest post is funny as all get out.  He posts a fake news release that is making some announcements of goings-on in the technology world where Linux doesn’t exist.  It is pure genius, and I busted a gut reading it.

So Steven, though I grind my teeth sometimes when I read your stuff, and even though I was actually drinking coke when I was reading this, you have earned a highly coveted OJ Award from An Information Security Place.  Congrats!

Vet

Categories: Fun, Linux, Microsoft, OJ Award

An Information Security Place Podcast – Episode 9

November 13th, 2008 Michael Farnum

 

Link to MP3

Show notes:

Just Jim and I today talking about news and adding some ranting (as usual).

Segment 1: InfoSec News Update and various ranting

Segment 2:

  • Geek Toys – BlueAnt SuperTooth 3 Review
  • Consultants Corner – Importance of Physical Security
  • We bid you a fond farewell

Music Notes:

  • Intro/Outro – Digital Breaks – “Therapy”
  • Segway 1 – Naked Gun – “A.D.D.”
  • Zinger – JunkTones – “Welcome To the USA”
  • Segway 2 – Kickstart – “Bouncey”

Vet

Categories: Podcasts

Happy Veteran’s Day

November 11th, 2008 Michael Farnum

Happy Veteran’s Day to all my fellow veteran’s.  Thanks for your service to our great country.

image

And happy birthday to my mom!

Vet

Categories: Security

The Matrix runs on Windows??

November 10th, 2008 Michael Farnum
Categories: Security

No more Windows 3.x licenses

November 10th, 2008 Michael Farnum

image OK, for you people still running out to Joe’s Ol’ Computer Shoppe to get spare parts for you old 386’s and licenses for your Windows 3.11 machines running a peer-to-peer network, you are screwed.  Microsoft stopped issuing licenses for Windows 3.x on Nov 1. 

Sorry.  Time to upgrade to Windows 95.  BTW, you may want to move to a 486 DX66 or something speedy like that.  At get AT LEAST 4 megs or RAM while you are at it.  And upgrade to VGA!  I might still have a VESA Local Bus card laying around with 1 meg of video RAM!  I’ll sell it cheap!

Vet

Categories: Security

Frickin’ Star Wars hologram on CNN

November 5th, 2008 Michael Farnum

OK, the hologram on CNN was kinda freakin’ me out, but it was pretty dang impressive. 

I have heard others say that it was inserted into the digital broadcast, and I have to agree.  I don’t think Wolf could actually see her and was doing some acting, but it still looked cool.  Of course, I was waiting for her to say "Yes my Master" or some other Star Wars line.  Just shows my geekiness.

Vet

Categories: Cool

Go vote

November 4th, 2008 Michael Farnum

I know everyone is saying it, but I figured it could not hurt to add my voice.  Go vote.  Do your duty.  Honor the men and women who gave you the freedom to choose your leaders.

Vet

Categories: Security

A funny way to stop website content plagiarists

November 3rd, 2008 Michael Farnum

Pretty funny and effective article on how to stop (or at least embarrass) plagiarists.

Vet

Categories: Security