Sunday, April 11, 2004

This Easter Sunday is quite different from past ones. No kids here to wake you up early. No hiding of the plastic eggs in the back yard. Not near enough chocolate around here, not to mention chocolate covered marshmallow bunnies.

We did all of that stuff last week (except the "getting up early" part), since Christine's husband's family are having their family celebration today. So we slept in this morning (no Church administrative meetings for me today), had a nice breakfast (french toast, boysenberry syrup, orange juice), and a relaxing quiet morning. I worked a bit on my special project (of which you'll hear about when it's all ready). Then went to Church this afternoon, then came home for a nice dinner of stew and homemade bread.

It's after dinner now. Pam and I are sitting on the couch doing the usual. (No, not that.) She's reading a book, and I'm using the notebook, surfing the net. Nothing new that I can see.

Other than the new entry at the bottom of the list at "www.daynotes.net" (the new site of the "Daynotes Gang"). Hmm...that name looks familiar. I wonder if that new kid realizes what he's gotten into. There are some important people on that list. Who knows why the new kid got added?

I am humbled.

Which reminds me of that old country-western song. "It's Hard to be Humble, When You're Perfect in Every Way"

But I don't think that applies to me.

I'll have to think about the significance of this new development.

I think that I'll go find myself a chocolate-covered marshmallow bunny. There better be one left.

Monday, April 12, 2004

One of the things that a computer security officer (that's me, for those that might be stopping by for the first time) is to establish policies and guidelines. One of those important policies is to inform the users that the computer system belongs to the company, and that there is no expectation of privacy of any data or mail or any other activity while using the company's network. It's important to make sure that all users are aware of that policy. It's recommended that all users acknowledge that by signing the policy. It's also recommended that you use a "login banner" with the same notification that the user will see each time they log into the network.

It is important that the users are aware of that policy. It allows the network administrators (and the security dude) to monitor the network, looking at files, email, network use, etc., when that access is part of the network administrator's job. The admin can't just wander around the network out of curiosity, there needs to be a reason for that access to files and user usage. Without the business need/requirement for that access, such access might be illegal (and a federal felony).

All of this is in one of my reports: "Is That a Felony in Your Computer?". (It's a PDF, and the link opens a new window, like all links around here ... when I remember.)

Against that background, I read an column from SecurityFocus today. In New Hampshire, it is against the law to record a conversation without the express consent of both parties. (According to the article, similar laws are in several other states.) The case involved a chat room, with an officer posing as a teenager, and an older person arranging to meet that person for illegal purposes. As part of the case evidence, the undercover officer captured the chat session, then copied the session file to another computer. That act of copying, done without the express consent of the other person. And that copying was judged as against the law, so the case was dismissed. (Here's the article.)

It's probable (one would hope) that the judgment will be overturned on appeal. But it is interesting, and worth some thought. Forget the actual case, but think about the implications of this case. There is some federal protection for a 'provider' that allows monitoring or a network (see the report). And federal trumps state law (I think). But I still find the concept interesting, especially since California is one of the states that apparently has a similar law.

Today's tasks at work involved the continuing auditing of the network with the BindView program. I also did some training for the 'production' side of the house on the email filtering software. They are finally ready to take over that job, now that the software has been in place for about a year. In all fairness, though, they are quite understaffed. They have been working on an analysis of their workload, and have found that they are running at 300% capacity. That doesn't allow projects to get done very efficiently.

Pam and I went over to the gym after dinner settled a bit. It was about 8pm when we got there, and there were still quite a few people there. I spent some time walking nowhere, then got on a bike and bicycled nowhere. It's all for a good purpose, though.

Tuesday, April 13, 2004

It's the second Tues of the month, which means that Microsoft has released their monthly patches. A couple of important patches, including a cumulative patch to roll up prior ones.

Here's the link to the main Microsoft Security announcement: http://www.microsoft.com/security/security_bulletins/200404_windows.asp . Three of the four are rated by Microsoft as "Severe" (highest rating). Interested users can look at the link for all the gory details, but they are important to install. Several of the vulnerabilities relate to allowing an attacker to run a program on your computer (or control your computer), one of them just by reading a specially crafted email message in Outlook or Outlook Express. Note that one needs to apply these updates in addition to anti-virus updates.

The recommendation from here, of course, is to get the updates immediately. Of course, if readers have followed prior advice, their computers should be set up for automatic updates (and automatic installs). All my personal systems are set up for automatic updates, some of them hourly.

The usual mantra.....(Update Windows, Update Anti-Virus, Install Firewall, Don't open attachments...etc. —- repeated three times).

What I tell you three times is true.

Tomorrow should be interesting. The Network Services guys have been working on a complete wireless solution that is very secure. There is some interest in this company-wide. On my walks around the neighborhood at work, and here at home, it is quite easy to find unsecured wireless systems. I use my new iPaq 4150, which has integrated wireless and bluetooth. A program called "PocketWinc" (from Cirond) is an inexpensive wi-fi sensor program. It's fairly easy to use, and only costs $20. The program screen shows you available wi-fi networks, and the signal strength, along with whether the site has WEP locking and other security settings. A few taps on an open network, and you are connected to that network. Whenever I wander someplace (at work or home), I bring the iPaq along to test out the program. My main purpose will be to look for rouge (or rogue; take your pick) networks at work. But I've been able to connect to the Internet in many different places.

Anyhow, tomorrow we are having a demo from a wi-fi vendor. It should be interesting. More about that later.

Tomorrow is also the monthly department meeting, along with the weekly "Change Control" meeting. A busy day.

Wednesday, April 14, 2004

An interesting demo of the "Air Defense" wireless detection/monitoring product. You'll find more info at their web site, but it is a combination of access points and wireless detectors feeding information to a centralized server appliance. It allows for detection of wireless devices and connections, and policy enforcement. You can monitor wireless traffic, and much more. It seems like a good product for sensing wireless.

The one disadvantage is the infrastructure cost. It is important to have protection against wireless access to your private network. (In fact, during the demo, we found that the guy two doors down in our office had forgotten to turn off his wireless card in his laptop. With many new laptops having wireless built-in, it would be very easy for a user to inadvertently provide an access point into the network.) But you do have to put sensors in every building location, and wire it back to the server appliance. And there does seem to be a bit of administrative overhead involved in maintaining the connections.

I'd like to see a product that would be more of a 'wireless sniffer'. It would listen to network traffic, much like Intrusion Detection Systems (IDS), and be able to identify any packets that came from a wireless device. Not sure if there is a product like that, and if it would work. For instance, if the product looked for MAC addresses known to be related to a wireless device, then a hacker would just need to spoof the MAC address to a non-wireless device. So perhaps protection will require a hardware and software solution.

In the meantime, the network services guys are working on a secure configuration for wireless devices. They are making some good progress, and are on-track to have a solution by the first of next month.

I noticed today that the Internet Storm Center has noticed a worm that takes advantage of one of the vulnerabilities that was fixed with yesterday's Microsoft patches. That site is a good place to keep track of hacker activity. Here's what they say:

Today an exploit for a vulnerability on IIS became public available. This exploit targets one of the 14 vulnerabilities fixed on Microsoft MS04-011 Security Update, the SSL Vulnerability (Denial Of Service). Although this is a DoS exploit, due the amount of vulnerabilities fixed on the recent patches, exploits with remote code execution may be expected soon. " (see
http://isc.sans.org/diary.php?date=2004-04-14)

And finally, I need to reassure Brian C. that, even after the massive increase in readership (due to my inclusion in the "Daynotes Gang"), he is still in charge of apostrophe checking. (You new guys will need to look at past posts to figure that out. You can do the 'time travel' thing to get to the very beginning of these post. Just in case you are really bored.)

Thursday, April 15, 2004

The word for today is "Patch"; the alternate word is "Update". The "Internet Storm Center" guys (see yesterday's post) are worried about newly appearing exploits for the problems fixed by the Microsoft patches released this week. They aren't destructive yet, but some newer virus-writing tools are making it easier to create nastier ones.

So another important word might be 'backup'. Copying your important data to a CD-ROM might be a good idea.

We left work early today; Pam wasn't feeling well. So we got home a bit after 1pm. I spent a bit of time making a flyer for the Kubota tractor, then printed out some copies. I went up the hill (towards Auburn, CA) a bit to the local Kubota dealer, and figured out that the tractor and trailer and all the attachments is worth about $9K. A comparable new one is about $19K, so the $9k price seems like a good place to start. So I put a flyer up at the Kubota place, then a couple of feed stores nearby (that area is rural; lots of 'weekend farmers' with a couple of acres for a horse or two), and one of the local post offices.

Then home, and took a look at the front sprinklers; one of them was slightly broken, so there was a spot on the lawn that wasn't getting enough water. Another sprinkler is right under a small bush (for some reason). It can be removed, since the others are providing enough coverage. In the back yard, there is another spot with ground cover that needs a bit more water, so adding a drip sprayer is on the list for the weekend.

Later, after dinner, I worked on a flyer for the travel trailer. But the ink in the printer was getting a bit low. So I got out the ink refill kit (about $20 at Costco, and it will last for 4-5 refills). For the color cartridge, you have to pry off the lid (it's glued on), and then you can fill the three spongy color tanks. The black cartridge already has a fill hole, but you have to use a small screw eye hook to make it a bit bigger. The kit includes one bottle of each of the three colors, two bottles of blank (er, black) ink, and the syringe and a few other things. The instruction book is pretty clear, and covers lots of different types of cartridges.

So, about five minutes of work (out on the workbench in the garage), and the ink cartridges were refilled. (And I only got a few drops on my hands.) I got them back into the printer, and they work quite nicely. If I had bought new cartridges (one color, one black), it would have cost about $50. The trick is not to use up all the ink before refilling, and you can save quite a bit of money with minimal effort. You just have to work slowly so that you don't get ink all over the place.

Friday, April 16, 2004

For those of you who are regulars here (yes, you two in the back), you will recall that Brian C is the official 'apostrophe checker' for this site. And you might also surmise that there is sometimes a lack of proofreading as I write my blatherings. I usually write these things in the evenings, and I (most of the time) remember to do a quick spell-check. And Brian sends me a note whenever my apostrophes get in the wrong spot.

I guess that I am getting better at the apostrophes. Brian is branching out into new proofreading fields, as evidenced by his latest message:

Where do you get this "blank ink", and is it used for secret messages? I find that after using regular ink cartridges for some time, that they start to deliver blank ink without me actually having to buy any.

Well, at least I spelled it right. But Brian is right about how they fill the ink cartridges. It's quite apparent that there is more of the 'blank' ink than the 'black' ink, and they charge way too much for it.

The weekend is here, and it looks like a bit of shopping, a bit of garage cleaning at the in-law's house, and some preparation for a talk at church on Sunday. Should be interesting.

You are welcome to send mail if you find anything unusual here. If you are fast enough, you might even beat Brian's message.

... more later ...
Last Week	Next Week	mail	bookmark	The Digital Choke story