Monday, December 23, 2013

Upcoming Security Conferences

Coming off of an awesome time freezing in the cold night around a large fire pit, eating brisket with friends at David Cowen's home. Called man night, it's a time for a bunch of old hacks to tell stories of early day phone phreaking, ISP hacking, and other stuff that was usually benign and flat-out funny. Thrown in the mix, stories of partying and playing pranks at early hacker conferences. Just a fantastic group of guys.

So…  This jumped out at me while reviewing the weekly Cisco Cyber Risk Report. Here is a list of upcoming (larger) conferences that may be of interest:
  • SHMOOCON 2014: January 17–19, 2014
  • Cisco Live Milan: January 27–31, 2014
  • RSA Conference USA 2014: February 24–28, 2014
  • Cisco Live Melbourne: March 18–21, 2014
  • Black Hat Asia: March 25–28, 2014
  • Infosecurity Europe: April 29–May 1, 2014
  • Cisco Live 2014: May 18–22, 2014

Friday, July 19, 2013

Prioritizing Outlook Email with Colors

Reading Scott Lowe's blog post titled Reducing the Friction: Processing Email... Like many of you, I have found increasing value in efficiency because it fosters work-life balance. I do everything possible to remain focused and efficient during the day so that I can leave work at work. This is especially true because I remain involved in teaching, speaking, and writing outside of work as well. Automatically coloring email according to where my name is addressed helps me with processing email.
  • 1st Priority: BLUE – To: You (Email sent directly to you with nobody else on the To: line) Somebody likely expects you to respond…
  • 2nd Priority: TEAL – To: You, Others (Email sent directly to you with other people on the To: line) Somebody wants you to know, possibly respond…
  • 3rd Priority: MAROON – Cc: You (Email copied to you) Somebody wants you to keep you informed, possibly comment..
Here’s how to do this:
  1. Add conditional formatting rules:
    From the inbox, right-click From | click view settings | conditional formatting
  2. Add the rules:
    Add | choose name | click font | change color | select OK | choose Condition | select checkbox Where I am: | choose appropriate drop-down selection | select OK | add more conditions as needed…

Wednesday, June 12, 2013

Building Ninjas: Video Demos

Someone asked about hacking demonstrations… Reminded me of these 2 websites that are fantastic to get information about relatively current products and techniques. The other obvious choice is of course

Tuesday, June 11, 2013

VMware Common Criteria Update

As I've stated before, I use this blog to share interesting bits of information, and additionally make sure that I don't lose stuff that I find. Eric Betts is the man behind the curtain at VMware responsible for Common Criteria and FIPS 140-2 certifications. A few months ago, he wrote an update that he posted publicly on his blog. Fantastic information.

From Eric, "…  I maintain the following page and blog on security certs from a VMware perspective...

Tuesday, April 30, 2013

Hacking Exposed: Computer Forensics Update

We've been asked to update Hacking Exposed: Computer Forensics and bring out a 3rd edition in 2014.

Here's the proposed chapter layout:

Part 1 Fundamentals
1 The Forensics Process
2 Computer Fundamentals
3 Forensic Lab Environment Preparation

Part 2 Evidence Collection
4 Forensically Sound Evidence Collection
5 Enterprise Forensic Collections

Part 3 Forensic Analysis
6 Malware
7 Microsoft Windows Systems Analysis
8 Linux Analysis
9 Macintosh Analysis
10 Cloud Forensics
11 Memory Analysis
12 Defeating Anti-forensic Techniques
13 Enterprise Server and Storage Analysis
14 Email Analysis
15 Internet History Analysis
16 Mobile Forensics

Part 4 Presenting your findings
17 Documenting the Investigation
18 Investigations in the US Legal system
19 investigations in the Euro Legal system
20 Investigations between legal systems

Part 5 Advanced Forensics
21 External Device Analysis
22 Tracking the cloud
23 Enterprise Networks
24 Server Side Application Forensics
25 Source code analysis

A Searching Techniques

Tuesday, April 16, 2013

vSphere 5.1 Hardening Guide – Official Release

This is slowly making the rounds.

Excellent job to Mike Foley. Love that it's released in a spreadsheet only format. That's efficiency.   And it's helpful, useful.
The guide is available here.

Thursday, April 11, 2013

Cisco Security Intelligence Operations RSS Feeds

Thinking about one of my favorite feeds, the Cisco Cyber Risk Report, and wanted to make sure to capture the relevant links. Sample report delivered every week contains a synopsis of information covering Cisco vulnerabilities, legal information, trust analysis, geopolitical issues, and upcoming security relevant events such as conferences.
Here is the list of feeds offered on Cisco's Security Intelligence Operations RSS Feeds webpage along with the direct links:

Looking for Security Product Manager to Join VCE

Looking for an extremely technical Security Product Manager to join our highly focused team. This is the best place I've worked in a decade. Great challenge, work-life balance, excellent comp, outstanding benefits, and access to EMC, VMware, and Cisco training.

What we DO want: Excellence. Experience. Execution. Collaboration. Purpose. People who want to take part in massive industry transformation. The scope of our customers and impact frankly stuns me.

What we DON'T want: Ego. Fiefdom builders. People looking for something to "try".

Learn more about the position and apply here:

I'm part of the team. Contact me for any additional information.

Chris Davis
Senior Consultant - Security and Compliance
Product Management Office

Monday, April 8, 2013

InnoTech Conference Dallas Presentation

Here's the presentation from last Thursday's Innotech Conference.

Title: No Gimmicks. Build Assurance into Cloud Computing.

Abstract: More than 150 conversations with top level executives responsible for global enterprise and government organizations have shaped this message. The situation is that every level of business and government operations are converging and streamlining infrastructure to manage cost and efficiency. The complication is that organizations must translate existing physical security controls into dense virtual infrastructures. The question is how do you manage risk exposures without compromising your security and compliance requirements. We will discuss how a secure and compliant virtual platform can enable your business with secure separation, compliance visibility, and easier management.

Tuesday, April 2, 2013

Reverse Mapped SANS 20 Critical Controls to FISMA

Greatly appreciate contact from the author of Tech-Wreck Blog who said, "I am trying to make the SANS 20 Critical Controls a bit more "fun"/interactive…"

I really like what he has done. Nice work. It's in that vein that I'm sharing a reverse mapping of the SANS 20 Critical Controls into FISMA (800-53r3) controls, using FISMA as the baseline.

You can find it here: Reverse Mapped SANS 20 Critical Controls to FISMA.

Thursday, March 28, 2013

Requirements Driven – Mandatory Solutions

Common Required Solutions
[Update: Added source mapping and original spreadsheet]

Click on the worksheet below to view a compiled checklist of mandatory security solutions, an ecosystem if you will, that supplement and enable the comprehensive technical control set required by common regulations and standards.

Requirements Mapping
Very importantly, this is 100% requirements driven and not intended to be a comprehensive approach to protecting your data. However, this solution set is a great start. The authority documents from which this solution set is derived are written with the objective of protecting data relative to their domain. That doesn't mean the objective has been successfully met. Your particular use case may fall outside of the normative expectations for which the authority documents were written. Your particular operational mission and/or risk profile may drive additional technology solutions. For example, additional monitoring tools, network management,  e-discovery, network forensics, etc.

Solution Set Requirements Map 
(Click image below to see full-size) (PDF Version)
Common Required Technical Security Solutions

Thursday, March 21, 2013

US Intelligence Community – Worldwide Threat Assessment – March 2013

Anyone remember the days of using bulletin boards? Prodigy? Something happened to this simple Texas boy who suddenly realized there was an entire world of people out there. An entire world of thought. Suddenly, I understood the power of gathering multiple points of reference to solve problems because it gave me tremendous clarity and multiple contextual views.
Your system security suffers when you fail to cover your bases and take in multiple information sources to create context. Effectiveness requires a comprehensive approach.
I subscribe to the weekly Homeland Security Digital Library digest. This week included the Statement for the Record, Worldwide Threat Assessment of the US Intelligence Community, Senate Select Committee on Intelligence, James R. Clapper, Director of National Intelligence, March 12, 2013.
Two things of interest here. First is that cyber security is the first threat listed, and the primary concern of the authors of this report. Second is the recognition of the importance of gathering and compiling information across multiple sources, and the subsequent call to arms. "In this threat environment, the importance and urgency of intelligence integration cannot be
overstated. Our progress cannot stop."

Author: Clapper, James R. (James Robert)
Publisher: United States. Office of the Director of National Intelligence
Date: 2013-03-12
Copyright: Public Domain
There's another interesting article referenced in the digest covering border protection using complexity theory. Interesting to note similar findings. The thesis written by Michael J Schwan at the Naval Postgraduate School, while controversial in its findings, addresses concerns over current security endeavors that are "compartmentalized, fragmented, and poorly coordinated."
Author: Schwan, Michael J.
Publisher: Naval Postgraduate School (U.S.) 
Date: 2012-12
Copyright: Public Domain

Monday, March 11, 2013

Privacy Primer: Fair Information Practice Principles

Today while reading through a blog post by Michael Daniel, titled Improving the Security of the Nations Critical Infrastructure, I was drawn into the Privacy and Civil Liberties Protections section of the Executive Order on Improving Critical Infrastructure Cybersecurity. Michael says, "the executive order directs departments and agencies to incorporate privacy and civil liberties protections into cyber security activities based upon widely-accepted Fair Information Practice Principles, and other applicable privacy and civil liberties frameworks and policies."
Clicking the link to see the Fair Information Practice Principles, I read through the 2008 privacy policy guide that I frankly have never seen nor read before this. I found the guide to be a very interesting read. The eight Fair Information Practice Principles are: Transparency, Individual Participation, Purpose Specification, Data Minimization, Use Limitation, Data Quality and Integrity, Security, and Accountability and Auditing.

I thought it would be interesting to replace DHS with ORGANIZATION and read it again. Result? A short primer to privacy safeguards.
  • Transparency: ORGANIZATION should be transparent and provide notice to the individual regarding its collection, use, dissemination, and maintenance of personally identifiable information (PII).
  • Individual Participation: ORGANIZATION should involve the individual in the process of using PII and, to the extent practicable, seek individual consent for the collection, use, dissemination, and maintenance of PII.  ORGANIZATION should also provide mechanisms for appropriate access, correction, and redress regarding ORGANIZATION’s use of PII.
  • Purpose Specification: ORGANIZATION should specifically articulate the authority that permits the collection of PII and specifically articulate the purpose or purposes for which the PII is intended to be used.
  • Data Minimization: ORGANIZATION should only collect PII that is directly relevant and necessary to accomplish the specified purpose(s) and only retain PII for as long as is necessary to fulfill the specified purpose(s).
  • Use Limitation: ORGANIZATION should use PII solely for the purpose(s) specified in the notice. Sharing PII outside the Department should be for a purpose compatible with the purpose for which the PII was collected.
  • Data Quality and Integrity: ORGANIZATION should, to the extent practicable, ensure that PII is accurate, relevant, timely, and complete.
  • Security: ORGANIZATION should protect PII (in all media) through appropriate security safeguards against risks such as loss, unauthorized access or use, destruction, modification, or unintended or inappropriate disclosure.
  • Accountability and Auditing: ORGANIZATION should be accountable for complying with these principles, providing training to all employees and contractors who use PII, and auditing the actual use of PII to demonstrate compliance with these principles and all applicable privacy protection requirements.

Thursday, February 21, 2013

VCE Unleash Simplicity - Major Announcements

Today, VCE announced new releases and enhancements that build on the foundations we've established in our rapid ramp up to $1 Billion. Illustrating how important this is, the announcement included the following impressive lineup:
  • Praveen Akkiraju, CEO, VCE
  • John Chambers, CEO, Cisco
  • Joe Tucci, CEO, EMC
  • Pat Gelsinger, CEO, VMware
  • Todd Pavone, EVP Product Development, VCE
  • Trey Layton, CTO, VCE
  • Phil Dawson, CEO, Skyscape Cloud Services Limited
  • Simon Hansford, CTO, Skyscape Cloud Services Limited
  • Jacques Pommeraud, CEO, Canopy
  • Siki Giunta, Global VP and GM Cloud Computing Services, CSC
Our track record includes delivering Vblock Systems that enable your IT organization to make dramatic improvements. 3x lower cost per user. 83x greater availability. 5x faster infrastructure deployment. Across hundreds of customers, not a single system hard down last year.
Summary of Our New Announcements
-        NEW: VblockTM System 100
o   Designed to meet the converged infrastructure needs of mid-sized data centers and distributed offices.
o   Pre-defined configurations built on C220 M3 Rack Servers, Catalyst 3750 networking and VNXe 3150 or VNXe 3300 Storage
o   Suited for core IT services (file, print, domain) and/or single workloads like Exchange, SharePoint, UC and VDI
o   Shipped to customer location in approximately 30 days from order
-        NEW: VblockTM System 200
o   Designed to meet the converged infrastructure needs of mid-sized data centers and distributed offices
o   Pre-defined, flexible configurations built on C220 M3 Rack Servers, Nexus 5548 switches and VNX 5500 Storage
o   Suited for core IT services (file, print, domain) and workloads like UC, VDI, Exchange, SharePoint
o   Shipped to customer location in approximately 45 days of order
-        REFRESHED: VblockTM System 300
o   Updated to Cisco UCS B-Series M3 Blades for 2X compute capacity
o   Customers can take advantage of the latest generation of Cisco, EMC and VMware technologies, faster and with less risk
o   Choice of segregated or unified networking
-        REFRESHED: VblockTM System 700
o   Updated to Cisco UCS B-Series M3 Blades for 2X compute capacity
o   Customers can take advantage of the latest generation of Cisco, EMC and VMware technologies, faster and with less risk
o   Choice of segregated or unified networking
o   Include EMC VMAX 10k, 20k or 40k storage
-        NEW: VCE VisionTM Intelligent Operations
o   Enables and simplifies converged operations, dynamically informing your management tools about your Vblock Systems
o   Native integration with key management products from VMware and also supports API-enabled integration into other standard industry tools
o   VCE Vision Intelligent Operations has six new software capabilities for Vblock systems:
§  Discovery:  Ensuring management tools constantly reflect the most current state of Vblock Systems. 
§  Identification:  Enabling the converged system view. 
§  Validation:  Providing system assurance.
§  Health Monitoring:  Expediting diagnosis and remediation. 
§  Logging:  Promoting rapid troubleshooting. 
§  Open API:  Simplifying integration
o   The software is delivered pre-installed on all new Vblock Systems, and includes:
§  The VCE Vision Intelligent Operations System Library that runs on all Vblock Systems to implement core functionality including the discovery, compliance, and the object model.
§  A plug-In for vCenter and an adapter for vCenter Operations Manager that enable native integration with these two key components of the VMware management toolset
§  A software development kit, which includes the API documentation, sample code, Java bindings and a simulator, as well as an on-line developer community to help foster innovation.
-        NEW: Specialized System for SAP HANA
o   SAP HANA on Vblock Systems is officially certified for SAP HANA 1.0 SPS5
§  Primary target: HANA Market.  IBM and HP are key players.  There is an excellent opportunity to capture significant share during the market transition to HANA.
§  Block based solutions for scale-out deployments (4 and 8 node base configurations based on Cisco UCS and EMC VNX)
§  Comprehensive cooperative support agreement with SAP extending VCE’s single support to ease deployment & on-going operations
o   VCE differentiation
§  Avoidance of file system bottlenecks of GPFS and NFS - eliminating the high overhead and cost associated with the need to copy and move data between nodes
§  Faster recovery times – alleviate node-based arrangement that consumes significant CPU resources, but also consumes bandwidth on the interconnect fabric between nodes
§  Powerful storage API - configure the system to rapidly offload CPU-intensive I/O operations to the storage system controllers, allowing the SAP HANA system to allocate all available resources to manipulating in-memory data
-        UPDATED: Catalog of Professional Services
o   3 categories of services:
§  Advisory – drive your IT strategy
§  Infrastructure – speed time-to-production
§  Managed – optimize operations through ITIL best practices
o   Across 5 Solution Areas:
§  Cloud – Planning, developing, and operating a private cloud, public cloud, hybrid cloud, or “as-a-service” environment
§  Data Center - Getting started with and deploying core Vblock Systems, migrating workloads, and performing ongoing upgrades/expansion
§  End-user Computing - Planning, designing, and implementing a virtualized desktop environment or providing mobility solutions
§  Security & Data Protection - Backup, recovery, and archiving services backed by industry-leading data protection technologies from EMC
§  Business Applications & Development - Software lifecycle automation and application-specific services (e.g. SAP, Microsoft)