Social Media, Technology•
on August 4th, 2009•
Alex Stamos of iSEC Partners recently posted a presentation that he made titled Cloud Computing Security. In the presentation, while focusing on cloud computing security, he provides a good base definition of what cloud computing is, and what it isn’t.
I recommend watching the embedded slide deck at the end of this post, however, for brevity, here are some paraphrased key points, with my additional comments in italics:
Cloud computing defined
- What it is not
- Virtualization (although it often comprises as a part of the underlying infrastructure, whether logical or physical)
- Remote backup
- What it is
- Central management
- Distributed data storage
- Ability to move applications from system to system
- (On slide 7) Marketers and sales pitch products/services by leveraging Cloud Computing term. (While I agree, the term “cloud” has become a user friendly term for defining an otherwise abstract idea. I can see the potential danger of overuse, but also can see the benefit of a key phrase/word for familiarity)
Typical services associated with the cloud
- Software as a Service (SaaS)
- Platform as a Service (PaaS)
- Infrastructure as a Service (IaaS)
Technology•
on July 14th, 2009•
Today, ISC SANS returned the Infocon status to green. They are hopeful that yesterday’s raising of the status to yellow increased awareness of the vulnerability.
Microsoft has released Windows Updates for multiple issues today, and one directly addresses the ActiveX vulnerability that caused the Infocon status to increase to yellow yesterday. Microsoft customers are recommended to deploy the new updates soon, in particular those rated with a Critical classification.
Read more about Microsoft’s latest updates along with executive summaries here, Microsoft Security Bulletin Summary for July 2009
Keenpath’s Recommended Action:
Those with Automatic Updates enabled will receive the latest updates and they will be automatically installed
For more control over how the updates are deployed, Microsoft Windows Server Update Services (WSUS) are recommended to approve and install the updates
Announcements•
on July 13th, 2009•
I have joined the Cloud Security Alliance group, as an individual member, and look forward to participating in the development and discussions of best practices for security in the cloud.
The Cloud Security Alliance a non-profit organization formed to promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.
If you are interested, click here for information on how you can join and participate in the group.
—
Click here for an article, published on Keenpath.com, I wrote as a Brief Introduction to Cloud Computing
Business, Social Media•
on April 29th, 2009•
WHO (World Health Organization) raised the influenza pandemic phase to 5, out of 6. Dr. Margaret Chan released a statement on April 29 stating ” Based on assessment of all available information, and following several expert consultations, I have decided to raise the current level of influenza pandemic alert from phase 4 to phase 5. Influenza pandemics must be taken seriously precisely because of their capacity to spread rapidly to every country in the world. On the positive side, the world is better prepared for an influenza pandemic than at any time in history.” To view a chart of the current pandemic level click here.
There is a lot of media coverage, both mainstream and social media, right now regarding H1N1 flu (swine flu), and many government, organizations and businesses are enacting their preparedness plans. There are a few things to consider relating to how the H1N1 flu affects individuals and businesses. read more
Technology•
on March 31st, 2009•
This is one well-designed piece of malware – Bruce Schneier, Schneier.com
Get started on understanding Conficker
The Conficker worm has infected millions of computers using the Microsoft Windows operating system since its debut in October 2008, and on April 1, 2009 will begin communicating using a new algorithm that has security organizations up in arms regarding what it will do next.
Consumers need to deploy basic but effective security measures
Recommendations for consumers:
- Run Windows Updates, installing the latest Critical and Security updates.
- Install and update reputable antivirus software
- Make sure the built in Windows OS firewall is enabled, or install third party firewall
A simple way to check all of the above is to go into Control Panel, then Security Center to check security end points.
Microsoft created a page for consumers on what you need to know, you can view it here. They also created a page for IT Professionals, which can be viewed here.
Technology professionals need to use advanced tools
DoxPara Research has released some tools, in collaboration with other security researchers, for technology professionals to scan their networks using simple, but effective scan tools. To download the tool from DoxPara, go here, as well to learn more information regarding some popular security tools, such as nmap’s release of the detection logic.
Add another layer of protection using OpenDNS
OpenDNS continues to live up to its mission to make your network safer, more secure, and reliable by providing Botnet Protection. Set up a free account here and help further secure your network.
Remediation software
In the event Conficker is found on your computer, utilize your antivirus software to do a full scan, but also check out this list of third party remediation (removal) software from the Internet Storm Center.
Time will tell
Time will certainly tell the effects of what this well designed malware will have on computers running Microsoft Windows. All in all, with good, basic security measures in mind and put in to practice, as well with the help of organizations combined efforts such as with the Conficker Working Group, the effects will hopefully be reduced and quarantined appropriately.
Technology•
on March 2nd, 2009•
Q: Why was the goldfish afraid of the computer?
A: He didn’t want to get caught in the Internet.
Silly joke, but it made me smile.
Are You Afraid?
Are you afraid of the Internet? Perhaps this question would have been better asked in the 1990s when the Internet was starting to make its boom. This question still has merit today due to the risks often heard about in the media regarding data theft, identity fraud, and malware. read more
