Subscribe to Blog!
Social Networks
Omguru.com Sponsors

Contact Christopher or ask a question!
This form does not yet contain any fields.
    Search OmGuru
    Omguru Recommended

    Learn Internet Marketing


    Click the Image Now to Discover The Power of The TAO 

    Shop Amazon Technology

    Omguru - Technology

     

    Wednesday
    Dec182013

    Do Companies Who Migrate to The Cloud Assume They Can Focus Less on Security?

    Do Companies Who Migrate to The Cloud Assume They Can Focus Less on Security?

     

    I was thinking this one over. Do companies, (especially small and mid-size ones still smarting from the great recession,) believe they can lower their guard security-wise if they outsource services and functions to the cloud?

     

    If I am using Google-Docs, Hosted Exchange, or Off-Site Backup services, does this mean I need not worry about parameter defense-in-depth?

     

    Of course any serious security practitioner, and NIST says no!

     

    This is a quote from: NIST Special Publication 800-146

    “Subscriber-Side Vulnerabilities. Subscribers should minimize the potential for web browsers or other client devices to be attacked by employing best practices for web browser security and patching, and seek to minimize browser exposure to possibly malicious web sites.”

     

    I wonder though if companies which are still under financial constraints and happy to have been able to operate with one less in-house support person because they went “cloud” are under the illusion they need less as opposed to more security. I can’t tell you how many times I’ve walked into offices big and small, large and satellite, only to find outdated or no security protections in place (, and sometimes the executive staff visiting questionable web-sites to boot!) With real companies being robbed left and right these days over the internet as they lose real dollars, one has to wonder what it will take to make these small businesses which make up the majority of the American economy wake-up, and install that Security device!

     

    Against this back-drop I know of many a company who has bet everything on the cloud without doing their due diligence, or assessments to determine what should be sent to a potential third-party provider and what should not be placed in the cloud. A flexible hybrid approach of on-site, public, private and community cloud strategies makes sense in many cases. Do you really want that file-server off-site in the cloud, and then if you’re a few weeks late in paying lose access to your data. Many applications make great sense to be based in the cloud, put in a Co-located felicity or partnered into a Community-Cloud, but proper upfront assessments and investigation is key to not getting burned as the cloud community is evolving so quickly.

     

    All this comes back to the NIST Special Publication in that the first line of defense begins at the user’s browser with proper security protections installed and end-user training administered.

     

    Some recommendations I always make are:

    • Have a filtering security device at the internet gateway entrance boundary. (Scan email, web-streams, blocking peer-to-peer software, etc.)
    • Use a combined security software option such as Sophos which combines end-point protection with all the standard malware software protection options. (This should be a different brand then the vendor product used at the gateway.)
    • Engage the organizations people in extensive and regular security training.
    • Conduct Regular Security Audits
    • Have a system setup to capture log-events and analyze them on a regular basis
    • Have an established internet use policy that the organizations staff signs-off on
    •  

    We can all work together to make 2013 a safe-security year by talking up security whenever we have the chance.

     

     

    Tuesday
    Sep102013

    Conduct better online searches with these suggestions

    Each and every one of us knows what it’s like to perform an online search and get results that are not even close to what we were searching for. This can be quite frustrating. Luckily, there are many simple steps you can take that can ensure more appropriate search results.

    Keep it simple

    When you’re performing online searches it is usually best to use as few words and phrases as possible, while still communicating what you’re searching for. If you’re looking for a bookstore in your area, simply type in “bookstore” and add the name of your town or your zip code. This should deliver accurate results that will likely be quite relevant.

    Learn about Boolean

    You probably learned about Boolean search terms in school, whether you know it or not. Boolean searches are based on using “and,” “not” and “or” in your searches. These words enable you to include or exclude multiple terms in your search results.

    This concept also is effective when you use pluses or minuses in your searches. If you want to include a word in your search results, simply type a “ ” before it in your search. If you want to exclude something, precede it with a “-“ when you search.

    Be precise

    When you’re conducting a search, it’s best to be as exact as possible. If you know what it is that you’re looking for, use exact phrases instead of just keywords. When you use general phrases, they can often be misunderstood by the search engine and leave you with results you don’t need.

    Using quotation marks is a great way to ensure better search results. Most search engines recognize that as a request for an exact phrase search. So, if you’re searching for a company and know the exact name, it may be in your best interest to search for it in quotes.

    All of these strategies are unbelievably simple and extremely useful. Taking these into account when you’re searching online can drastically improve your search results.

    For even more tips on performing online searches, take a look at this article.

     

    Lotus-Tech

     


     

    Monday
    Dec102012

    To demonstrate how easily passwords can be cracked, I decided to post this lab for reference.

    Here is a lab exercise in cracking passwords. This is from a class I took over the summer, (I got an A in this class.)

     

    Cracking Passwords – Lab Exercise 6-1

    Excelsior College: Class: IT-402: Network Security

    Assignment: Lab Exercise 6-1, Carr, Bailey, Snyder (2010), The Management of Network Security 

     

    Cracking Passwords

    “          On a computer, choose a dictionary—based password. Get a cracking program (LC4 in Windows) and see how long it takes to crack it. Now make a stronger password and try cracking. Continue increasing the strength of the password until the cracking program takes 5 minutes with no success.” (Carr., Bailey., Snyder. (© 2010))

     

    • Use a password cracking program to crack a dictionary password.
    • Explain the security problems associated with weak dictionary passwords.

    Summary of experience with the password cracking program:

     

    I was impressed with how easily accessible the hacker-cracker tools can be on the internet. I downloaded Cain and Able. I tried to use it with the included word dictionary on a Windows-7 Pro system with some success. I believe Windows-7 does provide better security then XP. It was a good lesson to see how much more security an 8+ character password provides. 7 characters lasted hours, 8-9 characters can be days, and then it goes up from there. Not using dictionary words in an age when for $30 you buy a huge dictionary file, and easy crack dictionary words speaks for itself, plus the availability of huge rainbow tables too.

    What I learned about the efficiency of cracking a dictionary password, and why strong passwords should be used at all times. 

    Ultimately this lab, and the class in general, combined with recent events really brings home how we have to constantly be aware, and that security continues to be get worse before it gets better. I really shutter when I realize how most people do not realize the great risk they are in, even as their friends and associates get picked off by the bad guys, one by one.

    Going forward it’s hammered in my brain: 10-12+ character passwords of phrases, numbers, and special characters. 2-factor authentication when possible!

     

    LAB:

    Download Cain and Able:

     

     

    Verify SHA1

     

     

    Needed to download WinPcap Library

     

    Cain and Able is installed

     

     

    Created BadUser account and assigned the secret password!

     

     

    Cane and Able reading local password account

     

     

     

     

    Adding the included wordlist

     

     

     

    I was not able to change the local machine password policy for some reason even with run-as administrator to be less than 7 characters. With the “BadUser” account were trying the password “contino” which was in the included word list, however Windows-7 Pro must be fairly secure because it did not crack the password.

     

     

    With Brute Force it would take a long time! (With 15 characters)

     

    I set a 7 character password of abcde12 for the BadUser Account, and Cain’s came down to 2.3 hours from the big number of years listed above! Eventually this second password attack also failed. I didn’t have an XP box to try it out on, but I think this says a lot about better Windows-7 Security with Address Layout Randomization techniques, DEP, and better protection of the password hashes. Interestingly, going from a 7 digit password guess to an 8 space password increased guess time by 2-3 days from 2-3 hours.

    Changing plain text settings for Cain and Able resulted in a crack! It took a few hours:

    (The hacking moral: if at first you do not crack. Try another config). Some of these guys literally have nothing better to do that make cracking someone their life mission. It’s interesting that even a crappy windows-7 password does not crack immediately.

     

     

    Cracked

     

    Reference List:

    Carr, Houston, H., Bailey, Bliss, N., Snyder, Charles, A. (© 2010). The Management of Network Security, New York: Prentice Hall.

    Thursday
    Jan122012

    REMOVE Root-kits! Microsoft Standalone System Sweeper Beta

    Here is a cool link I discovered that creates a bootable Microsoft disk which you boot from and can remove root kit malware which many times can not be detected by most security packages once it has infected a live system.


    Here is a quote from the Microsoft web site:

    "Thank you for contacting Microsoft Support. You have been directed here to download and install the beta version of Microsoft Standalone System Sweeper Beta, a recovery tool that can help you start an infected PC and perform an offline scan to help identify and remove rootkits and other advanced malware. In addition, Microsoft Standalone System Sweeper Beta can be used if you cannot install or start an antivirus solution on your PC, or if the installed solution can’t detect or remove malware on your PC."


    Click here to download the ISO image and with a Vista and Windows 7 system you can right click on the file and burn a CD.

    As always feel free to send us feedback.

    Lotus-Tech



     

    Wednesday
    Jun152011

    Develop the Best Attitude for the Job!

    Develop the Best Attitude for the Job

    Having the right attitude for business is an important part of getting ahead. Succeeding in business is often just as much about hard work as it is personality, because almost all business includes dealing with people. You could even say it is a sign of hard work when a worker has an excellent work attitude. What does this mean? Simple: having the right kind of business attitude takes training. We aren’t all born with the ability to effectively interact with those around us, cultivating a successful personality takes time. Here are easy tips to consider when working on your business attitude.

    1.    Stay positive

    Staying positive is at the core of any good attitude. Research has revealed that praising your coworkers often, setting reasonable goals and consistently showing gratitude are all traits common in successful businesspeople. Thinking pessimistically fosters a negative attitude that makes seeing the positives difficult and, in turn, decreases your ability to succeed. Thinking positively lets you see the good things around you and allows you to build off of them, creating an attitude beneficial to advancement. If you’d like more tips on staying positive, take a look at this article.

    2.    Be assertive without being aggressive

    Being assertive is an excellent business trait, though when acting assertively it is easy to be overly aggressive. The key to acting assertively without acting aggressively is communication. When asserting yourself in a business setting, try not to crush or minimize other people’s perspectives. Allow other people the same amount of time to describe their needs as you’ve allowed yourself and, of course, be open to compromising your needs to meet others midway.

    Practicing these tips will make you a member of the team and make an environment that allows for your career advancement. If you’d like additional tips, please consider this article.

    3.    Approach conflict with compassion

    Interpersonal conflict is an unavoidable part of every work culture. Try approaching resolution with compassion if and when you are at odds with a coworker. Stepping into conflict resolution with an open mind instead of defensiveness will often result in a more positive outcome. Adding compassion to your business attitude will enhance your skills at resolving conflict. If you’d like to read more about being compassionate at work, take a look at this article.

    Every successful businessperson has a well-cultivated and implemented business attitude. Professional advancement is dependent on your ability to deal with other people, because all businesses readily involve personal interaction to some degree. These tips and bits of advice will be helpful when evaluating and improving your business attitude, making success far more obtainable. Keep in mind: having a good business attitude takes work. Don’t forget that a good personality is an essential business skill.

     

    - Lotus Tech