Blog

Wireless networking is ubiquitous, and with their proliferation comes increased security concern. There’s a lot of you other there with wireless networks that are woefully insecure, or are made less secure daily by the people that use them. I’m going to take a few minutes to explain common wireless security standards, and how you can use them to remedy your wireless security problems. More »

Far to often I see folks spending thousands of dollars on new servers and network gear without consideration for improving the server room itself. This oversight can be catastrophic, and the ROI is predictable when proper implementation occurs. The most often overlooked areas, especially with smaller companies, include physical security, electrical power and climate control. More »

If you’ve ever tried to set up NFS behind a firewall, you know that it’s not trivial. NFS relies on several helper applications to do its thing. NFS relies heavily on portmap, which handles incoming NFS connections and coordinates ports for daemons like mountd, statd, and lockd. Each of these daemons listens on its own port (several ports in some cases), and they can be arbitrary in choosing those ports. This makes it next to impossible to firewall a default nfs configuration. We’ll learn how to lock ‘em down in this session, so you can firewall them easily. More »

Sometimes it’s the little things that drive you crazy.  Like when you do a tail of /var/log/messages on someone’s linux system only to find a sea of iptables log entries.  Denied DHCP broadcast queries, multicast DNS, everything.  It takes just an extra step to tack on a grep to clear out this stuff, but as any sysadmin can tell you, the little things add up to a lot of time and aggravation.  In addition, the sea of irrelevant denies does little to tell you who’s actually attempting to get into your systems.  With just a few extra switches in iptables, you can send your firewall log to its own file. More »

Regulations and standards such as HIPAA, SOX and PCI-DSS, require many organizations to evaluate their data protection measures.  Moving to the cloud has a direct impact on an organizations ability to comply with these regulations.  Let’s talk about two of the more challenging characteristics of cloud computing that can give organizations headaches while trying to maintain compliance.

More »

A few years ago I was researching IT authentication solutions for a government agency in Seattle. Biometrics was a buzzword in the industry with social and ethical implications. My research found that it wasn’t the Biometric Authentication model itself that was causing so much churn, but rather the idea that such data could be compromised and with it a person’s identity. Identity theft was already an issue then, but the risk could be mitigated, once discovered, via a password change, new credit cards issued and a few letters to credit reporting agencies.

Biometrics presented a new problem, what you are is always you and cannot be reset. More »