An Information Security Place

Douglas Haider (Accuvant wireless guru) and I went to the New Orleans ISACA chapter meeting yesterday.  Douglas was doing a talk on wireless auditing and RFID.  Douglas did his usual great job, and we made some great contacts down there.  I am probably going to be going down next month to give them my talk about using blogs for security research.

But my point to this post is the chapter itself.  These are people who had some pretty bad things happen to them not too long ago.  The city itself is still rebuilding a lot, and here is this little ISACA chapter trying to build up and become a source of information security assistance for the area.  The people trying to get it started seemed to be very dedicated to the cause and were trying to get connected to local ISSA and Infragard chapters as well (I believe they said the local ISSA chapter was in Baton Rouge - about an hour to the west of The Big Easy) to get some kind of local conference going (I mentioned TRISC and how we might be able to give them some benefit of our experience).

I was really impressed by this small group of information security and auditing professionals.  They were extremely hospitable and thankful for Doug and I coming out.  They are really interested in getting speakers out to New Orleans so they can start drawing in more members (kinda the chicken and egg thing - get better speakers to draw more people so you can draw better speakers).  If you are interested in speaking at one of their meetings (usually the second Thursday of each month), let me know and I will get your contact info to them.  They are small (there were about 20 people attending) but passionate, and I think it would be worth your while to give them a shout.

Vet

Want some training on defeating rogue AP’s? Want to learn how to defend against Google hacking. Well, you’re in luck!! Douglas Haider is a buddy of mine, and he is and one of Accuvant’s Senior Wireless Security Consultants. He is teaching some SANS courses in the Dallas and Irving areas. This dude knows his stuff. You don’t want to miss these classes. Below is the information release on the courses.

Vet

*****************************************************
The SANS Institute is pleased to bring the Stay Sharp training program
to Dallas and Irving! We invite you to participate in the following
classroom sessions with Stay Sharp Instructor Douglas Haider:

* Security 450: Defeating Rogue Access Points
Monday, May 7, 2007 - 6:00pm-9:00pm
Dallas, Texas
http://www.sans.org/info/4686

* Security 550: Google Hacking and Defense
Wednesday, May 30, 2007 - 9:00am-12:00pm
Irving, Texas
http://www.sans.org/info/4691

**SPECIAL OFFER**
Register for both of the above classes and receive a 10% discount off
your tuition fees! Please e-mail staysharp@sans.org for a discount code
BEFORE registering online as discounts are not retroactive.

Complete course descriptions and event details for these classes can be
found by clicking on the links above. Take advantage of small class
sizes and a convenient location to learn a specialized technical skill
in a single evening. Space for these classes is limited, so register
today while there are still seats available!

Alumni of SANS’ Stay Sharp Program agree on the value of this training:

“Very practical and to the point.” - Lyn Champagne, Dept of Justice

“A lot of information for an investment of just 3 hours.” - John
Broyski, Hudson Valley FCU

“Learned a great deal about tools I thought I already knew how to use.
Well worth my time.” - Frank Giachino, Rechitel

SANS Stay Sharp Program is bringing hands-on practical training right
to you! Don’t miss out on this great opportunity to build and maintain
your technical skills. We hope to see you there!
*****************************************************

I just finished a post at my Computerworld blog about grassroots security. Basically, I am talking about securing the Internet by securing the typical user. So now, I am goign to say much the same thing, but I am going to use a different metaphor. It is in the title, but I will draw it out a bit here.

Have you ever worked at an organization that takes safety seriously? Or have you ever been a firefighter? What is one of the things they teach you about putting out a fire? That’s right - you aim at the base of the fire. Spraying water at the tips of the flames don’t do jack!

So this is what the Security Catalysts group is all about. A part of that initiative (actually, a really BIG part) is teaching the regular user what is going on with security and how they can secure themselves and help secure the community. So, starting out this initiative is Michael Santarcangelo’s first production of a series of vidcasts called the Family Security Series.

This is a very important first step in a very important project. Please think about ways you can help this effort, even if it is a local and independent movement. But I would also ask you to consider joining the Security Catalyst forums so we can pool our efforts. And even think about applying to join theTrusted Security Catalystss as well. It doesn’t cost anything. All you need is a good security background and a passion for security.

We are trying to make a difference. Consider joining the team.

Vet

So Determina released an advisory about a bug they found in IE in Vista. They ran a simple ActiveX fuzzer against it, and it crashed. They were surprised that it worked, and so am I. However, that is not the whole story.

When they mentioned the problem to MSFT, they came to the conclusion that it is just a stability problem and not worthy of fixing in a security release. Determina agreed by this statement in the advisory:

We have confirmed that this issue can be used to cause the instance of Internet Explorer to exit when viewing the specially crafted Web page. We have confirmed that there is no possibility to use the bug to do anything beyond that, e.g. execute code.

As such it is more along the lines of a stability issue and would be treated along similar issues reported into Microsoft using the Online Crash Analysis system.

OK, this just befuddles me. Since when did people start ignoring the “A” in the CIA Triad? Availability is essential to security. I made this point in an email discussion thread I am currently involved in:

Microsoft complained that the flaws that flaws HD Moore found in IE were stability problems and merely resulted in crashes rather than actual vulnerabilities. Remember the CIA triad, people. Confidentiality, Integrity, and AVAILABILITY. If a company relies on web applications for its livelihood, you can bring said company to its knees if you make IE unavailable. It is still a security problem.

Any stability problem deserves to be classified as a security problem if the possibility of denying access to data or services exists. And there are many compnaies out there that rely on web services for their livelihood.

Microsoft, FIX IT!

Determina, go take a class in security.

Sheesh.

Vet

I will be in training today and tomorrow on Bluecoat. 

I am impressed thus far, but I am having some serious trouble staying focused  because I keep getting calls on the RFP I posted about yesterday.  Oh well, the life of a pre-sales SE.

Vet 

I have decided to start putting down some of the day-to-day events with this new job.  I think it will actually help stir my mind to blog more since I have not been writing near enough lately.  So here goes.

I have actually been kinda bored since my recent job change.  Though I have been getting in contact with our vendor partners and getting setup for training on products, the real action is out there selling and designing and proposing.  I really want to get thrown into the fire. 

Part of the reason I’m not out there yet is we do not have a sales person dedicated to the Houston market.  We need someone badly because the guy selling in Houston is based in Dallas, and he has a lot to do up there as well as down here.  However, he finally got down here today, and it got crazy quickly (be careful what you ask for).

The sales guy flew in at 9am this morning at IAH (Houston Intercontinental), but he didn’t get in my car (I was chauffeur today) until 9:25am, and we had an appointment in SW Houston at 10am.  For those of you who know Houston, IAH is on the far north side of Houston, and Houston is BIG.  I made the trip in about 25 minutes, which I was proud of.

Anyway, the talk was basically an introduction to Accuvant and what we could offer.  This was my first real meeting with the sales pitch thrown to a client, so I learned a lot (I learned even more through the day).  But to be honest, I think of the term “sales pitch” as negative.  What we did today was, technically, selling Accuvant.  However, Accuvant really has differentiated itself quite a bit from most “security” companies because of the unique approach to the industry.  I have talked about it before, but Accuvant just seems to do things right.  Yes, there are always going to be internal problems, but Accuvant just seems to be a company that takes customers seriously and at face value.  We don’t want to walk in and just sell a box then walk out until it’s time for a maintenance renewal.  We want to partner and grow with our clients, and this is no BS.  I am really impressed by Accuvant, and I know this compnay is going to succeed even more in the coming years.

OK, sorry.  Anyway, the meeting went well.  We have some strong offerings in compliance and assessment, and the client seemed to take to that well (we were talking to IT risk manager and audit types, so they loved the ControlPath product we offer for keeping track of compliance, risk, etc.).

The next client is looking at implementing Infoblox, which is a pretty sweet product in my estimation.  Infoblox offers simple and secure DNS, DHCP, IPAM, and RADIUS services in an appliance.  I have seen the box and how it works.  It is very simple.  Many companies are replacing their Microsoft-based DNS, DHCP, and RADIUS with this product, and I am seeing some great results. 

The next client was a partial introduction - I had previously worked at this client, so the intro was more for the sales guy and Accuvant in broader terms.  They are a property-management company who delas almost exclusively with apartments.  They are looking at wireless access for their tenants in new complexes, which is going to be fairly daunting for a lot of reasons that I won’t get into.  Suffice it to say that they want a lot for little.

So after that client, we went to an established client that is looking into SIM / SEM (some call it SIEM) for capturing very specific events in remote offices and centralize it to corporate (insert Rothman negative comment here).  We are putting Network Intelligence in front of them for the scalability and sheer EPS (events per second).  To put it simply, I like this product.  I might get into that at a later date.

Anyway, we left that client, located in Downtown Houston, at almost exactly 5PM.  Not a good time in Houston.  The sales guy’s plane left at 7pm, so, needless to say (but I am going to say it anyway), we were a bit rushed.  However, we found out after we got on the road that, due to a LOT of storms down here today, his flight was delayed for over an hour, so we calmed down.  Then, wouldn’t you you know it, we still made it to the airport in plenty of time for the original flight time.  I guess being relaxed during the drive helped me just go with the flow better, so driving was a lot quicker than I expected.

So, that’s my day.  It was very busy and crazy, but I finally got in the mix.  I have a lot of ”action items” from these meetings, so that is going to help me get even more familiar with the products we sell.  These meetings also helped me get down our philosophy (I think that sounds better than “sales pitch”), so I will be better prepared for future meetings with clients (especially since I know I will be mostly on my own until we get a sales person down here).  Things are starting to pick up, so I got out of the house, and I am glad for that.  I love my wife and kids, and they love me (or so they tell me), but we are all getting a little tired of each other right now!

More later.

Vet

I forgot to mention that I was a guest panelist on Alan Shimel’s SSAATY podcast last night.  This was a great panel.  I had a great time, and I think we really hit some key points and offered some solutions to security admins and managers out there that need some help selling security to execs.

The panel consisted of yours truly along with Martin McKeay (Network Security Blog, ComputerWorld), Bobby Dominguez (Sykes) and Mike Rothman (SecurityIncite, NetworkWorld).  It was hosted by Alan and Mitchell, two of the best podcast hosts I know, and though I have never met either face to face, I know they are both good guys.

One person that was scheduled but ran into some emergency security management duties was Michael from mcwresearch.com.  I understand why he couldn’t be there, but I really missed his insight.  I would have loved to hear some of his horror stories.

BTW, I was VERY impressed by Bobby Dominguez.  I have never talked to Bobby, but I figured out very quickly yhat he has a vast amount of experience, expertise, and just plain ol’ smarts.  You REALLY need to listen to this guy.  Hopefully he will start a blog soon himself.  He has a lot to offer the community.

Martin is always good to have on a discussion like this because he has a lot of experience in this area.  He never ceases to impress.

And Mike Rothman, well…, he’s Mike.  What else need be said?  And we actually agreed on something in the podcast, if you can believe it!  Actually, Mike and I agree on a lot of things.  We just like to disagree to make it exciting.

And of course, there’s me.  ‘Nuff said!

Anyway, the podcast should be up soon.  Go look for it in the next few days at Alan’s blog.

Vet

Thanks to Mike Rothman for pointing this out.  Seems like McGruff is trying to take a byte out of cyber crime.  I haven’t seen McGruff around for a while, but like Mike, he is a familiar icon that was very  effective in crime education.  I am all for this.

Vet