You can't secure what you don't acknowledge.SM

Saturday, January 12, 2008

Solid backup/imaging tool worth checking out

If you're tired of the same old complex backup software or you have some select systems you can't afford to take the time to completely rebuild after a drive crash, theft/loss, etc. check out Acronis True Image. It's an imaging program like the original Ghost application from the '90s but can also perform select data backups. They have a version for Windows Servers, Linux, and SQL Server as well. The neat thing about True Image is that it will perform an image of "live" systems meaning you won't have to reboot into a controlled OS environment in order to get the image. You can perform a full image backup and keep working at the same time.

Although I haven't used it, True Image also has the ability to restore an image to a new set of hardware which is pretty slick given the complexities in doing this with the Windows registry, etc. It's simple without all the fluff features the enterprise applications have that most people never use. Right up my alley.

I've been using True Image Workstation for about five years and I must say it's gotten me out of a bind several times. It's also saved me hours of work over the years when I have to rebuild my Windows system every 6 months or so (you know the drill, right?). I just backup my current system, restore a master image I created with all my applications installed, restore the select data off the last image I made, and I'm done. Well, I'm done once I get the hundreds of new Microsoft and other vendor patches applied. I'm about to deploy their server version couple of systems. Hopefully it'll work just as well as the workstation product.

Friday, January 11, 2008

Be careful when checking for domain name availability!

Although I'm (currently) a customer of Network Solutions for a few of my Internet domain registrations, I've never been a big fan. Too much cockiness and too much money for registering domain names. Well, they've finally stepped over the line and are apparently doing something that I've often wondered was taking place with domain name registrations.

According to this NewsFactor article, Network Solutions is monitoring domain names that people are searching for, registering the names to itself, and "squatting" the domain names for four days afterwards so the original person looking to register the domain name(s) now has to register with Network Solutions. Unbelievable. Sadly it doesn't surprise me.

Once the domains become available the odds of them getting snatched up by other cybersquatters looking to capitalize on how the registration marketplace works goes up...The person with the original idea loses out. Call it Capitalism at its finest or at its worst, it's ridiculous.

No more Network Solutions for me! GoDaddy: I hope you have some room for transfers because you're about to get a few more.

Tuesday, January 8, 2008

Thought for the day on security getting in the way

Here's a great quote I was reminded of that made me chuckle thinking about how information security controls often result in the same outcome...From the business master himself:

"Most of what we call management consists of making it difficult for people to get their work done." -- Peter Drucker

Monday, January 7, 2008

Holiday shopping insight: Security for security's sake?

Over the Christmas holidays I noticed an interesting retailer procedure that strikes home with us in information security. It's manager overrides...You know when you buy something special or need to return something that requires manager approval...The cashier has to call over a manager to override what s/he is trying to do. I certainly understand the need for an override. Maybe the purchase is over $500 or there's no receipt for a returned item. Makes decent business sense: just have a policy and associated procedure where a manager has to "approve" certain transactions.

Well, I think we've all seen what happens during this so-called approval stage. Does the manager come the register and talk to you, talk to the cashier, review the item in question? Absolutely not! At least in my experience. Instead, they walk over, multi-tasking - 10 things going on at once - and punch in their secret code (that everyone can see, mind you). Hardly a single word much less a peek into what the override is actually for.

This is EXACTLY the problem that many organizations have with information security policy enforcement and procedure execution. There's no real oversight. Someone with manager designation says "YES", whatever is approved, and nothing really good has been accomplished other than showing that employees can all work together to go through the motions in order to make the auditors happy.

Why not allow the cashier to just do the override...? It'd save everyone - including customers - a ton of time added up day in and day out. Why even have the policy or procedure anyway if nothing beneficial is coming out of it? Formal processes only get in the way of doing business, right?

Perfect example of security for the sake of security...nothing more and nothing less.

2008 is the year to be in information security

Welcome to 2008!

I'm back from my holiday time off and working to get the kinds out of my hands after so many days of not typing. Well, not as much time off as I had hoped. I regret to say that I spent nearly half of my vacation setting up my new computer. I'll summarize my experience down to this: Windows Vista is nice in a lot of ways...but be careful, VERY CAREFUL in doing your homework before you upgrade your enterprise systems to it! Lots and lots of instabilities and incompatibilities! The good news is that I got it working and learned a lot about Vista's and the HP/Compaq 8510P's security features in the meantime!

This year is going to be better than ever for us all - both personally and professionally. You know why? Because there's never been a better time to work in the information security field. The demand for our skills is there, the salaries are higher than ever, and - most importantly - there's a lot of fun to be had in this type of work if you seek it out.

All the best for the new year...Stay tuned for some neat stuff with Security On Wheels.

Sincerely,
Kevin