You can't secure what you don't acknowledge.SM

Friday, March 21, 2008

My security content from this week

Here's my latest stuff:

Metasploit 3.1 updates improve Windows penetration testing

Making the Business Case for Information Security
[This is an interactive issue of the magazine. You'll need to click on Current Issue, then Contents, then the Contents graphic. You'll see my article listed. Click on it to go to it.]

...and a related article:
The Business Case for Information Security - What businesses are up against and why it is needed

Finally, a podcast:
Mobile Security Basics for Physical Security Pros

For all of my past information security content be sure to check out www.principlelogic.com/resources.html.

Enjoy!


Thursday, March 20, 2008

Thought for the day on effecting change

I just came across this great quote by Anthony Robbins which can apply to your security career or to your organization's overall security - really anything in life:

"If you do what you've always done, you'll get what you've always gotten."

Love it!

Tuesday, March 18, 2008

Breaking News! Windows Vista SP1 is here...

...and I'm praying that it'll fix my Vista woes! Click here for the download page.

The book that started it all for me

I've gotten several inquiries from people lately regarding what book or books they should read to help get them started down the information security career path. Well, believe it or not, here's the one book that really got the ball rolling for me:



Yep - I learned the basics of TCP/IP during many a lunch break way back when this book was in its first edition...and I *still* use that stuff.

Sure, information security is MUCH more than knowing TCP/IP - but this is a great place to start. So, check it out if getting started in security is on your radar. And check out my audio program Getting Started in Security as well which covers all the essentials for starting career in this field.

Ever wonder how real-time imaging software works?

I use Acronis TrueImage Echo for my backups. It's a really handy way of performing live backups and I hear from a lot of folks how they love it. If you've ever wondered how the software is actually able to make backups of the live Windows system without having to reboot into a DOS-like interface, here's how it's done. This is from Acronis support engineer Michael Lee - re-printed with permission:

The SnapAPI module is in charge of all I/O operations on the hard disk of Acronis software working in Windows. It also allows to create backups under running Windows with a lot of files being open for reading and writing without any necessity to reboot the computer in DOS or any other special mode.

Once Acronis True Image initializes the backup process of a volume (which logically corresponds to a single partition, if there are no Dynamic Disks), Acronis Snapshot Manager flushes the file system mounted to that volume temporarily freezing all the operations on the system volume. Immediately thereafter, the Snapshot Manager driver creates a point-in-time view of the system volume and a bitmap describing the used sectors on this volume. Once the bitmap is created, the filter driver unfreezes the I/O operations on the system volume. It generally takes just several seconds to create a point-in-time view of the volume. After that, the operating system continues working as the imaging process is under way.

Acronis True Image reads the sectors on the system volume according to the created bitmap. Once a sector is read, the appropriate bit in the bitmap is reset. In its turn, the Acronis driver continues working to hold the point-in-time view of the system volume. Whenever the driver sees a write operation directed at the system volume, it checks whether these sectors are already backed-up, if they are not, the driver saves the data on the sectors that will be overwritten to a special buffer created by the software, then it allows the sectors to be overwritten.

Acronis True Image backs up the sectors from the special buffer, so that all the sectors of the point-in-time view of the system volume will be backed up intact. Meanwhile, the operating system continues working and the user will not notice anything unusual in the operating system functionality.

Monday, March 17, 2008

Internet and "global warming" founder to speak at VoiceCon this week

Al Gore, the founder/creator of both the Internet and "global warming" - I mean "climate change" (the updated term) - is speaking at VoiceCon in Orlando on Wednesday. Going green in the data center. Woohoo. Could they not have found a more compelling/realistic keynote topic - and speaker - for the show? Like how information security causes global warming? :-)

Politics under the guise of "doing what's best"...What can you do!?