I had a very good day on Tuesday. I went to a security vendor product launch up in London to see a new PKI key management server (I will write a separate bit about this in my next post) and as the venue was close I had the opportunity to meet a very good friend of mine for lunch so all in all a very good day.
Over lunch we got talking about the good old days when we worked together in Belgravia and how we managed to achieve so much with what little technology we had at the time. Looking back it is funny to think how we did especially when we reminisced about some of the implementations in the organisation and the now primitive features we relied on.
This got me thinking back even further to the spec of my first ever computer; it had 3K of working memory in total and used an audio tape player for storage. It was a Commodore Vic 20 and it was what made me embark on a career in computing, I have to thank my father for making the significant investment (which it was at the time) in the computer, I got bitten by the bug and have spent my entire working life in IT.
It is strange to think that I am typing this blog on my netbook whilst I sit on a train, I am online and I am taking all of this granted, it just works without me needing to worry. My netbook (let’s face it, by their very nature they are not the best spec) has 666,666.66667 times more working RAM than my first ever computer which is a massive leap in size, that is six hundred and sixty six thousand, six hundred and sixty six times more RAM, it is just mind boggling!
The first PC I worked on had a 20MB hard disk and it was cutting edge at the time, I would be amazed to see any computer OS run in less RAM than that nowadays. My little netbook has a 128GB solid state drive, 6400 times more storage that the first PC I worked on and the access times are significantly faster.
So where am I going with all of this? Well this shows how computers have evolved. It is common place now to have more RAM in a computer than you had as total storage in a computer just a few brief years ago and people now have storage in workstations measured in terabytes and for business network storage measured in petabytes.
As computers get ever more complicated, so do the threats and it is the challenge that we face to keep one step ahead in the IT security arms race that keeps my job interesting.
I find it hard to imagine what life would be like now without my computers however I also struggle to imagine what leaps and bounds that will be made that will be as significant as the last 20 years however I look forward to finding out.
Thursday 25 February 2010
Monday 22 February 2010
The endpoint is nigh
I have been playing with endpoint device control lately, different products from different vendors and I must say they offer some very good features. It has been a bit of fun deploying these tools, breaking machines and totally restricting their functionality and then working out how to make them work again.
It has been a great exercise, these products are great at controlling devices however I also get the sense of false security as they also offer the opportunity for things to slip through the net. You have to be very careful with the configuration, too tight and people can't work, too slack and there is no point in having it, it is finding that balance and the constant tuning that is required that kills this as a viable solution for me.
To me endpoint device management is quite a messy way to control your environment, after all, why do people have it? Typically to prevent things being copied that should not be, however if they have the ability to get the data as far as their machine then it is pretty much too late by that stage.
The bottom line is I can think of easier ways to prevent data loss and stop people from copying your data.
Friday 19 February 2010
The virus spreads
It is almost tragic, as I was writing my last post there was another outbreak of the Conficker worm in an NHS Trust. This time it was in the West Middlesex University Hospital NHS Trust. For a while they had no computer systems and had to rely on pen and paper resulting in delays for patients.
Again it will take up to a week to clean all of the infected machines. So here we have people having to work over the weekend as well as the normal working week in order to mop up a mess that could have been prevented by simple patching.
This is just unforgivable and must be costing a fortune to mop up the results of sloppy IT management and security, how do these people justify their positions with these results?
Again it will take up to a week to clean all of the infected machines. So here we have people having to work over the weekend as well as the normal working week in order to mop up a mess that could have been prevented by simple patching.
This is just unforgivable and must be costing a fortune to mop up the results of sloppy IT management and security, how do these people justify their positions with these results?
Tuesday 16 February 2010
Viruses found in hospital!
I was disappointed to see that there has been yet another security breech in an NHS Trust. It is getting so common place that it is no longer deemed news worthy, after all, if something happens consistently it is not a new thing and not news. In fact the NHS is the top offender in the UK on the http://datalossdb.org website.
This time it was the Leeds Trust which has been hit by the Conficker worm. Why is it so hard to patch computers? I am really frustrated when organisations don’t do something as simple as apply patches that allows this type of infection to occur, especially when it affects systems that are, by their very nature, sensitive.
I would bet that the amount of effort that has gone into the clean-up process is far more than it would have taken to patch the servers in the first place which in turn would have prevented this incident in the first place.
A statement said “they think they know the source of the infection”. In other words the source may well be not what they think it is, they are not definite. The suspected source is an old laptop that was plugged into the network.
What I find worrying is that a computer could just be plugged into the network without automated checks on the machine’s state, no quarantining of the device until it was confirmed to have current AV signatures so we end up with an infection, it was just allowed to connect and infect.
I appreciate that budgets are tight and that everything is risk based but come on, what are the chances of having people who are too lazy to patch. Quite high in this case!
This is basic stuff, patching coupled with simple network access control which is not expensive. If anything the mop up and remedial work is more expensive when you factor in the cost of disrupting all of the staff that cannot work due to the outage. It has taken them a week to sort this problem out.
I want to see a more robust approach to security, especially weak areas such as simply patching servers and allowing machines to access the network without any basic NAC . There are some tip top products out there that are not overly expensive and will do the job really well, it is just a shame organisations that hold our confidential data (and you can’t really get more confidential than health records) are not implementing them.
I think it is about time that the NHS was given a directive with serious penalties so that they actually do something about the awful state it is in. It is a bit harsh but I would like to see a few heads roll in future, that might make people in the NHS take computer security seriously.
This time it was the Leeds Trust which has been hit by the Conficker worm. Why is it so hard to patch computers? I am really frustrated when organisations don’t do something as simple as apply patches that allows this type of infection to occur, especially when it affects systems that are, by their very nature, sensitive.
I would bet that the amount of effort that has gone into the clean-up process is far more than it would have taken to patch the servers in the first place which in turn would have prevented this incident in the first place.
A statement said “they think they know the source of the infection”. In other words the source may well be not what they think it is, they are not definite. The suspected source is an old laptop that was plugged into the network.
What I find worrying is that a computer could just be plugged into the network without automated checks on the machine’s state, no quarantining of the device until it was confirmed to have current AV signatures so we end up with an infection, it was just allowed to connect and infect.
I appreciate that budgets are tight and that everything is risk based but come on, what are the chances of having people who are too lazy to patch. Quite high in this case!
This is basic stuff, patching coupled with simple network access control which is not expensive. If anything the mop up and remedial work is more expensive when you factor in the cost of disrupting all of the staff that cannot work due to the outage. It has taken them a week to sort this problem out.
I want to see a more robust approach to security, especially weak areas such as simply patching servers and allowing machines to access the network without any basic NAC . There are some tip top products out there that are not overly expensive and will do the job really well, it is just a shame organisations that hold our confidential data (and you can’t really get more confidential than health records) are not implementing them.
I think it is about time that the NHS was given a directive with serious penalties so that they actually do something about the awful state it is in. It is a bit harsh but I would like to see a few heads roll in future, that might make people in the NHS take computer security seriously.
Saturday 6 February 2010
Good or bad, I'm on the fence.
I was interested to see that Google is willing to offer a bounty of $500 per bug that people find in Chrome, Google's browser.
I am not sure if this is a good thing.
Whilst I admire them for having the confidence in their product to invite deliberate attempts to compromise it and find flaws the cynical part of me is thinking hold on, this is just a cheap way of QA'ing code.
I am in two minds and I can’t decide if this approach is a good or a bad idea. Sure, commercially it is a good idea, you get a multitude of amateur testers working in their spare time, for free, and all it costs is $500 for each flaw they find. Genius!
But I am worried that someone will decide it is cheaper to release minimally tested products and offer a bounty for finding flaws than to properly test it.
I am hoping I am just being cynical and all products that get released are secure and this is just a marketing ploy to grab headlines. Mind you, suppose their product is totally flawed, it could be more expensive than they anticipated!
I am not sure if this is a good thing.
Whilst I admire them for having the confidence in their product to invite deliberate attempts to compromise it and find flaws the cynical part of me is thinking hold on, this is just a cheap way of QA'ing code.
I am in two minds and I can’t decide if this approach is a good or a bad idea. Sure, commercially it is a good idea, you get a multitude of amateur testers working in their spare time, for free, and all it costs is $500 for each flaw they find. Genius!
But I am worried that someone will decide it is cheaper to release minimally tested products and offer a bounty for finding flaws than to properly test it.
I am hoping I am just being cynical and all products that get released are secure and this is just a marketing ploy to grab headlines. Mind you, suppose their product is totally flawed, it could be more expensive than they anticipated!
Wednesday 3 February 2010
Here comes trouble...
I am looking forward to the day when businesses finally realise that the ICO legislation is for real. It was refreshing to see the press release that came out on 13th January confirming that April 6th 2010 is D-Day. This will be the day that the ICO will be able to levy the £0.5M fines.
It will only need one prosecution to be publicised for businesses to start to take this seriously and we will finally see security taken seriously.
It is a shame that it has had to come to this but because, from my experience, a lot of organisations have always gone for the cheapest solution which doesn’t cut the mustard, it can only be a good thing and can't come soon enough.
It will only need one prosecution to be publicised for businesses to start to take this seriously and we will finally see security taken seriously.
It is a shame that it has had to come to this but because, from my experience, a lot of organisations have always gone for the cheapest solution which doesn’t cut the mustard, it can only be a good thing and can't come soon enough.
Subscribe to:
Posts (Atom)
