J Wolfgang Goerlich's thoughts on Information Security
The Machine Stops

By wolfgang. 28 February 2008 20:31

The BlackBerry network went down today. The outage lasted about three hours. Roughly speaking, that’s about three hundred messages, blog posts, and feed updates. I got nothing. Nothing at all. Nothing to read, nothing to learn, nothing to think about. The silence was deafening.

Yet silence did give me time to think. In our cybercentric society, connectivity is our lifeblood. Being disconnected brings a weird bloodless feeling. It reminded me of some stories I had read about the dystopian future, where mankind becomes overly dependent upon technology. What would I do if the BlackBerry network stayed disconnected?

Just as I had this thought, the connectivity picked back up. Feeds poured into my device. A hundred voices asked: have you had any ideas lately?

Back to the machine.

Tags:

Business Continuity | Security

Motive, Expertise, Opportunity

By wolfgang. 25 February 2008 13:15

The ongoing criminalization of network attacks is one of the top security concerns we face today. The breaking and entering into computer networks has become a billion dollar global industry. Yesterday’s script kiddies are fast being replaced by organized gangs with the time and resources to carry out ever sophisticated attacks.

Yet there is a lag in the public’s awareness of this change, which is another security concern. It is taking quite a while for people to develop the Internet equivalent of street smarts. That goes for everyone, mind you, from the front desk receptionist to the back office network administrator. People still make decisions that put them at the mercy of online criminals.

Of course, the relative low quality of software only helps the criminals. There are plenty of vulnerabilities waiting to be exploited. Add to this that some security technology for sale is blatantly broken (like the secure hard drive this week that turned out to be encoded rather than encrypted, XOR rather than AES). All this serves to give the criminals plenty of opportunities to do what they do best.

Now this post paints a bleak picture, to be sure. But I see it as more of a call to arms. There are lots to be done in this field to get the Internet in order.

Tags:

Security

Using Worms for Patching

By wolfgang. 20 February 2008 04:10

New Scientist has posted the article Friendly 'worms' could spread software fixes. Bruce Schneier has posted his thoughts. "Patching other people's machines without annoying them is good; patching other people's machines without their consent is not. A worm is not 'bad' or 'good' depending on its payload. Viral propagation mechanisms are inherently bad, and giving them beneficial payloads doesn't make things better. A worm is no tool for any rational network administrator, regardless of intent."

I agree that consent must be obtained before installing software. Yet this was one article in which I found myself disagreeing with Schneier. I get the impression that he, like so many others, are commenting without actually reading Milan Vojnovic’s work.

Take moment to check out the researcher and his research:

http://research.microsoft.com/~milanv/
http://research.microsoft.com/~milanv/immunology.htm

Does Vojnovic explicitly address permission? Not that I see. The focus is on rapid distribution. The key here is to build a system upon the mechanisms that worms use. Alright, so forget the sensitive term “worm”. Let us call this a distributed software delivery agent.

Such a distributed software delivery could be protected in many ways. A client side agent could provide a mechanism for the end-user to approve or deny the software package. The package itself could be code signed to mitigate tampering. Furthermore, in corporate environments, the package could come with a Kerberos ticket authorizing its distribution.

The last protection is an important one. It is not really the consent of the user that matters in corporate environments. It is the consent of the owner as delegated to the system administrator. The longer it takes the administrator, the greater the exposure is to the threat. It is difficult to patch organizations that are large, complex, subnetted, and have multiple sites. Using this distributed software delivery mechanism directly addresses these large vulnerable businesses.

Why not use a worm’s techniques to build a legitimate delivery mechanism?

Tags:

Security

CMRR Secure Erase for Hard Drives Released

By wolfgang. 18 February 2008 14:22

CMRR has released Secure Erase for hard drives.

From the readme:

"HDDerase.exe is a DOS-based utility that securely erases "sanitizes" all data on ATA hard disk drives in Intel architecture computers (PCs).  It offers the option to run the drive internal secure erase command, security erase unit, based on the ATA specification by the T13 technical committee.  To run the utility make a floppy, recordable CD-R, or USB DOS bootable disk; then copy HDDerase.exe to the bootable media.  Reboot the computer with the floppy, CD-R, or USB inserted, and type "hdderase" at the system DOS prompt.  Make sure to set the correct priority boot order in the system BIOS, such as first boot floppy, CD-R, or USB depending on which media is used to run HDDerase.exe.  HDDerase.exe must be run from an actual DOS environment and not a Window based DOS command prompt environment."

Tags:

Security Information Management | Storage

Out and About: Storage Networking World

By wolfgang. 10 February 2008 05:00

I will be out at the Storage Networking World Conference on April 7 thru 10. On Tuesday, I am holding a session in the Business Continuity/Data Protection track. The topic is Simplifying Business Continuity Planning using OS and Storage Virtualization. Hope to see you there.

Abstract: This session presents the evolution of disaster recovery. An institution responsible for billions in assets, Munder Capital Management’s information systems must be always available. Munder has been thru several BCP cycles as they went from tape to standby systems, from cold to hot sites. This session delves into the lessons learned from these DR strategies as well as presents their latest: use OS and storage virtualization to completely automate recovery.

Tags:

Business Continuity | Out and About | Storage

German YouTube Videos

By wolfgang. 9 February 2008 10:37

Tags:

General

Tiered Storage

By wolfgang. 1 February 2008 14:30

I have had the luck to work on a number of data storage projects. I have designed, tested, and re-architected San and Nas deployments. (That is, Storage Area Networks and Network Attached Storage.) Raid is always a component of these.

 

At my current position, we have a Compellent San (www.compellent.com). The Compellent offers tiered virtual storage.

 

The way this works is that there are actual Raid devices at various levels (Raid1, Raid5, Raid10). The volumes or virtual hard drives are assigned a Raid level. These virtual volumes are then carved out of the physical Raid devices. You can tier the volume so that frequently accessed data and rarely accessed data are at different Raid levels.

 

This allows different blocks on a server’s volume to be at Raid5 or Raid10. Why would you want to do this? Well, Raid10 is fast but takes up twice as much raw disk space. Thus you put the speed sensitive storage blocks on Raid10 and the rest on Raid5, maximizing your disk investment.

 

The Compellents are very cool technology. It came out in 2004, and now the idea has spread to other vendors. Still, they were the first and are our preferred vendor.

Tags:

Storage

    Log in