I will be giving a speak at the Security 2009 even in Oslo, October 1st 2009.

My topic is strategic use of information security from a top level executive point of view. I will post link etc as soon as it is available.

This is a great image of the humans extraordinary destructive creativity.

 

More great images (about humans, not security nor weapons) here: http://www.behance.net/Gallery/FM365/242634

I am spending quality time at an airport again. The bar serves one of my favorite beers - Guinness. And as in all bars in an airport, there are plenty of other people who mend their thirst with alcohol. Like this bloke across my table. I know his name, The company he is with, what he does there and similar info. He knows nothing about me. This is not uncommon, mind you. Getting people to talk is simply a matter of listening. Asking the right questions. Buying another beer. The same mechanisms you play when picking up someone on the town. So why do I care to write about it this time? This blue eyed man with light blond hair, a tendensy of loosing some of it on the top, and a face that could belong to a 25 and a 45 year old. Resting carelessly on the chair, his Dell XPS laptop on the table and his beer in his hand. Midlevel executive, perhaps big accounts sales guy. He is another security guy. And now I know his story. The story of his customers, what he did in this country, where his favorite office is and who they are currently combatting in court. I must admit it is very tempting to spill his gut all over my blog, but I do not believe he would learn anything at all. So I will only ask you - that is you, not him - to remember that keeping your mouth shut comes with te job. Even when you drink a beer at a foreign airport. Who knows - perhaps I where paid by your employer to check how much you talk? Then you would know. What if I where a competitor? A customer? Someone who see an opportunity? Awareness is not only for the others. Awareness is for us too. Right? -- Post From My iPhone

Ever since moving back to Oslo, I have had some challenges with my network access from my office. Due to walls thick as an average american (excuse me if I offend you), made out of steel enforced stone and concrete, I decided that I would use two Wifi APs and just bridge them. I have Wifi just out in the hallway, and the reception has been fine with my laptop.

Since I moved my workstation here some time ago, I have had some real challenges with accessing any segments of the net outside of my small office segment (laptop, workstation, testbench, printer). I knew that the wifi connection where to blame. And I knew I had to fix it myself. And as you know, I fix my own stuff only after I have fixed all the other stuff (I believe I am not alone in this...).

I dreaded to have to drill holes in the walls, and stretch cables (from a security point of view, I probably should), and being lazy, I just postponed it.

Until today. I just had enough of Skype dropping every other minute, downloading being impossible, and worse - not being able to use my workstation to upload changes and administer the all the secret stuff that I mess up around the mesh. (No, I will not tell you where and what, since I do not want you to know that it is me that creates the mess!!)

Since I am still lazy, I decided that I would not take the elevator down to the server room and fetch cable, connectors, drill and the rest of the bits and pieces required to mount a cable. Instead, I went out in the sunshine, and just bought myself a new AP, reasoning that the Linksys ethernet bridge that I bought back in 2005 (possibly earlier too), had finally decided to die on me, and that it was just a matter of switching it with a different box. I picked up a Jensen AP with switch included, and where able to clean my office while ditching two devices, bundles of cable and two PSUs.

The Jensen thingie is a cheap box, and after some initial fidling with the setting, connected straight to the AP in the hallway. So far, it seems to be stable, and give me a link to the net that is not going to bug me too much. I hope!

As most of my readers know, I really have a hard time with the airport security circus. So much more fun it is when it actually turns out to be a nice experience. Like today, when there where 9 sec staff waiting to intimidate me, and no line at all. I smiled, they smiled, and they where not only polite but also fun. They joked even. No, I did not try to explain that the chewing gum was really plastic explosives. I do not think they would treat me as nice if I had. -- Post From My iPhone

I am now leaving for the European Conference of Junior Chamber International, where I will conduct trainings, party and meet friends from all over the world. I might get inspired to write some posts, but then again, I may be way to busy enjoying myself!
And - I hope to get the Most Outstanding Trainer Award, as I have been nominated to get. 

This is the question asked by the Infosec Cynic. What is your opinion?

Guest post by David Aminzade – Regional Director Tufin


Three years ago I bought a house in the south of Italy and since then I have been trying to immerse myself in the local culture. It recently occurred to me that actually there was a great deal of similarity between the nuances and national characteristics of Italy and the challenges faced by security professionals today

A love of Spaghetti

A rule base that has evolved over several years with several vendors’ products and many different security administrators will certainly resemble the characteristics of spaghetti. When you start pulling on one end you never know what the consequences are.

Even in the south of Italy companies now-a-days need to improve the efficiency of their firewall operation and make what they have go faster and further as budget for hardware or software upgrades are under close scrutiny. The ability to understand which rules are most frequently used, enable the security professional to improve performance by ensuring a close match between rule ranking and rule usage. This is even more the case when non used rules and shadowed rules can be clearly identified. These classes of rules only add complexity, degrade performance and increase business continuity risk.

All road signs are only suggestions

For all of you who have driven in the south of Italy you will know that all traffic laws, which by the way are still contained in the Italian criminal not the civil code, are merely suggestions to be adhered to or ignored depending on the situation.

Such is often the case when people are writing new or changing existing security rules. We all know that we should include a comment or a clean up rule but sometimes expediency makes us ignore these good practice guidelines.

The need to meet with a growing number of compliancy requirements either internal audit reviews, external audit demands such as SOX or Basel II or from industry specific requirements such as PCI-DSS is far more costly if a history of indiscipline has existed.
It is of little use spending money to optimise your firewall infrastructure and enable automatic compliance if you do not deal stop subsequent non compliance. The ability to flag non compliance to the relevant IT/security/compliance/business manager protects your investment, maintains your firewall estate’s performance and ensures cost free ongoing compliance.



Sleeping in the afternoon

One local habit that I have taken the most easily to is sleeping in the afternoon. The opportunity to wind down and take a nap after a nice lunch is a great way to recharge your batteries. I think that this should be added as a criterion for any new security investment. “Does this investment allow me to take a nap in the afternoon?” ?

In summary it is clear to me that companies are looking for ways to remove cost from firewall administration whilst adding performance. The ever increasing demands of compliance from all quarters means that the delivery of compliance needs to be automated and assured. To ensure ongoing OPEX reduction and operational efficiency, rule changes going forward need to be assessed against and internal or external best practice standard automatically and violations flagged to the responsible manager.

Ciao Amici

I just read this very interesting post on self destructing botnets.

The post refer to security experts saying that the kill switch may be used to remove evidence, and to buy phishers time to get away with information - i.e. stealing the info, then kill the net and create havoc.

I say think like a criminal here. When you have stolen the data, there is really no need to create havoc just to postpone the discovery of the theft. Actually, I believe that by pushing the killswitch, the criminal are actually getting more attention than if he did not. If I had such a botnet installed, I would use it to gather intelligence over time. I can see only two reasons to push the kill switch:

• The botnet has served it's purpose, and you'd like to remove the evidence (still, I would put it to sleep, not kill it...
• Prove that I control the net, and can take it out unless you pay ransom. But - I would only take out a portion to prove it, and the rest only if they do not pay up.

What reasons do you think a botnet master would use to flip the killswitch?

A sweet laugh from the Infosec cynic! Finally, someone is able to get some wise words out of MJ!