Again, I got some questions related to choosing the right path into InfoSec. Please, if you have different opinions, tips, or ideas, please share them in the comments below!

You may also be interested in my first post on the topic.

-------------------------

Hi Mr Roer,

I'm sorry to bother you again. I wish to ask you one question if you may kindly guide me.

How is the future of Cyber Forensics, as I have secured admission to Forensic Informatics course from Strathclyde, Glasgow. A lot of people are telling me the course is good as its more into research and is application oriented. The course also has 3 months of internship alongwith.

Can you please let me know if Forensics might limit my horizons to a particular domain or is it really upcoming and worthwhile to step into. Considering I am not a programmer what would be better for me Forensics or Security management of an organization ?

I'm thankful for all your time :)

-------------------------

My answer:

thank you very much for your continued questions! I hope I can be of help to you, today or sometime in the future. I am glad to help.

As for forensics, IMO, it is one of the more interesting areas of info sec tech. And, I truly believe it to be an up-and-coming area, as police and law enforcement really lack competence in this area, thus they need help to secure, track and identify breaches. In addition, many companies prefer to solve such issues on the "inside", thus requesting external, non-governmental forensic experts to help them secure evidence.

You may also use deep knowledge in forensics to counter attacks, and most importantly, to set up preventive matters, traps and other honey-smelling pots. In addition, you will be able to truly appreciate the value of logs, logging, and access control mechanisms; and the difference in identification, authentication and authorization.

Further, with forensics, you will be able to use your competence in a wide array of areas - including for example systems monitoring, architecture, investigation, systems design. With the development of new technology, you also have the option to specialize in narrow, specialized areas too. And with forensics in your past, you will be a valuable asset to any security management team IMO.

I do not know the course at Strathclyde, but if people say it is good, then I would suggest that they are right.

As before, this is more a question of what you would like to achieve, and then choosing a topic.

I wish you best of luck! And thank you for asking!

----------------------

Do you have any comments? Like to add something? Please share in the comments!

Do you have any questions? Please ask me! Use the contact form, or the comment fields below :)

Kyle Northcutt posted this question on LinkedIn:

Who and what should the web filter block?

Obvious malicious, lewd and illegal content aside.... should mental diversions be limited or blocked from users? Social networking, youtube, gaming, news, etc can be very distracting and hamper production, but when used sparingly can boost morale, enhance creativity and act as an employee perk in the organization.

My question is, which(if any) of these activities should be blocked? Should everyone be affected by this policy or should engineering and executives be excluded? As a bonus, how does your company handle web filtering?

There are many interesting answers to his question - ranging from "Block them all, and only open those you need", to answers like Angelos Karageorgiou, who says:


I like Angelos answer because it points to where the challenge really is - the humans. With the technology, we can do everything we can imagine. But humans. Now, that is a totally different manner. It takes a very non-technical manner to deal with those people.

In all my humbleness (right), I post my own answer below (as it is found on LinkedIn).


My LinkedIn answer:

In my experience, blocking access to internet resources soon turn your employers into a negative, less-productive bunch of unhappy sheep (lots of negativity in there, huh?)

Nothing is obvious when it comes to humans, and just blocking whatever one person finds obvious may very well upset someone else. As long as we are using technology to deal with human behaviors, we need to teach the same humans the reasons we choose to use technology instead of juts enlightening them.

There are only a few occasions I suggest using these kinds of controls:

* in controlled / secure environments where you must ensure 100% control of what is entering and leaving the area (then I always advice to set up a set of computers with access - as Internet now is a vital part of our communications)
* in restricted areas like jail and schools where motivation to follow policies are not that evident. But - this is also a very narrow path, as many kids today outsmarts the local IT-resource.
* in short time frames in departments dealing with sensitive information like annual results. Then we may close down all communication within a particular time - but never forget that there are phones, facsimiles and other techs you cannot control (that easy)

I am not a fan of closing down access. I believe that most employees are going to do their job as expected - as long as they get their perceived value in return. And face it - in today's workspace, most people will expect access to the Internet at their discretion.

Now, I am an advocate for employer controlled work environment - ie. the company set's the rules, and when you sign your contract, you agree to follow those very rules. But. As long as we are dealing with humans, we will reach much better results by understanding how psychology and organizations work and function. By using a mixture of positive incentives and negative incentives, and doing this in a clever manner, you will see much better results over time.

Face it, if you force a block, someone will be unhappy. You will start see people trying to work around those barriers. Your management will scream and expect totally different rules. Your day will become a nightmare. And what do you achieve? Less motivated, less productive employees.

I suggest the following approach that has worked a dream in the past:

* set up a QoS on your network, and on your outbound link. Tune down everything you do not like entering (streams, P2P, Skype etc). Set it so low that it is still possible to use it, but not practical anymore.
* Inform your employees regularly about how computers is a time thief (I mean, even for me now - I spend time writing this on the Internet instead of doing any productive work...), and give them tips on how to deal with it. Consider them humans and grown up, and it is amazing what you can get them to accept.
* Set up a network monitoring device, analyzing and capturing data traffic. These devices are able to tune in on, and capture only relevant data - triggered by rules and patterns you can define. Use this to figure out what is really going on, and to find that one or two rouge employees that you know are out there. Now you have evidence you can use to force this person to either follow the rules, or to kick him/her out of the organization.

In the end, you have a very efficient setup that does not intervene with day to day business, that does not make you vulnerable to updates and new "things to block", and that as a bonus makes you the hero of everyone in the organization (except the rouge ones, though...)

I have very good experience with this type of setup. Just keep in mind that you are dealing with humans - so treat them like humans to get the to do what you want!

----

What are your thoughts on webfiltering?

LinkedIn, web filtering, security