Monday, 8 February 2010

Stonesoft

A quick interjection to the normal posting style - on Friday the 5th of February I attended a superb training event hosted by nViron and run by Stonesoft. Rather than a standard vendor training event which breaks down as 10% new information, 40% reading from Powerpoint slides and 50% sales hype; this was all interesting.

Stonesoft brought a test rig from their Scandinavian HQ and guided a small group of IT managers through some remote attacks using FOSS tools. They had one of their Intrusion Prevention Systems (IPS) running in passive mode, which detected the attacks without stopping them. The event was useful and enjoyable, and has made me think more highly of both nViron and Stonesoft, which is extremely rare for marketing...

If you get the opportunity to attend one of these events, do so. People without experience in using pen testing tools can learn how to perform a basic pen test, and more advanced users can really test Stonesoft's IPSs.
Posted by Philip Calvert at 2/08/2010 09:00:00 AM 0 comments
Labels: , , , , , ,

Thursday, 14 January 2010

Qualified Security

A common feeling for established professionals is that an external standard should not be applied to their field - or at least not to them personally. Various reasons are given as to why they would not benefit from a standard; it would be needlessly bureaucratic, it focuses on triviality, it wouldn't be responsive to the latest changes and anyway, they know everything that needs doing. Underlying this can also be a nagging doubt that adopting external standards would be an admission of ignorance.
Read more »
Posted by Philip Calvert at 1/14/2010 09:00:00 AM 0 comments
Labels: , , , , ,

Sunday, 20 December 2009

Can Anonymisation Still Work?

The concept of anonymising data is a simple one to grasp. For any number of different reasons real data is taken and a process applied to it, removing or obscuring any part of it deemed too sensitive for release, creating anonymised data. Most commonly this is used to create test data so that development teams can work with data similar to their live environments, but without the security constraints applied to live systems. Sometimes anonymised data is released, either to academic groups or to the public at large. As Paul Ohm has pointed out in an article on Social Science Research Network and discussion in his blog, there are major complexity problems with anonymising data from the internet.
Read more »
Posted by Philip Calvert at 12/20/2009 09:00:00 AM 0 comments
Labels: , ,

Monday, 9 November 2009

Google Apps in the Real Office

Google Apps is a set of office productivity tools from the ever expanding Mountain View investment bank named Google. Google Apps comes with Gmail for email, Google Calendar for scheduling and Google Docs for writing documents, creating spreadsheets and making presentations. These can all be accessed online through any modern browser, although they work best through Google's Chrome browser. From an IT service delivery perspective the most interesting feature is Postini, a fully featured hosted spam filter which combines with Gmail to offer a full replacement to Microsoft Exchange. Postini allows all of the standard email controls to be put in place such as automatically adding footers to outgoing emails. The mail and calendar applications integrate with Blackberry Enterprise Servers meaning that existing Blackberry smart phones can be used without any degradation in security.
Read more »
Posted by Philip Calvert at 11/09/2009 08:30:00 AM 0 comments
Labels: , , , ,
Subscribe to: Posts (Atom)