[SecurityRatty] tag: pain

Fun Reading on Logs and Log Management

Mon, 30 Jun 2008 12:09:00 +0000

I am amazed (no, AMAZED!) about how many people now write about logs; it is definitely not "the original logging evangelist" anymore :-) Here is a quick sample, useful for those struggling with logs (aka "everybody" :-))

A very fun read from Patrick Mueller (ex-Neohapsis now turned lawyer): "Facing The Monster: The Labors Of Log Management." I am happy that log management has been finally granted a monster status :-)
I am happy to see that one of the "five questions to ask before sending your data in the cloud" is "Will I have access to logging and auditing data?" This is indeed a big deal (well, it will be soon) and you will be hearing more about this. I call this "a case of log ransom," since you might need to pay the ransom to see what is "yours" - the logs
Again on leaving [some] logs behind. Remember, the point is not that "collecting all" is a good idea, it is that figuring what to pick is IMPOSSIBLE, while "collecting all" is simply very hard :-)
This is hot stuff: "Ten reasons you will be unhappy with your SIM solution" (no, I didn't write it :-), but this is mine)
Why HA for log management from our star engineer. Those thinking about the reliability of their logging systems should read it.
Fun info on web server log analysis for different purposes.
"Why Logs and Logging Matters - Part 1" and "Why Logs Matter - Part 2, A Letter" present really good intro logging for compliance and other purposes (even specifically saying "what you do with the logs that matters.")
"Smart Business Leaders Support Effective Log Management Practices and Necessary Resources" from Rebecca Herold is a nice basic piece, especially for those outside the circle of logging literati.
More from Sanford on logging standards: "Drawing Lines", an awesome post indeed.
A MUST read on SIEM and log management from Greg Shipley (I promise this is a coincidence! :-)) In this piece, Mr Neohapsis drop kicks more than a few "latest generation" SIEM tools. Guess which product review mentions "pain" 3 times on one page :-)
Finally, this is also worth a read: "Ode to Log Management" where Mr Baum laments logs being pigeonholed in to "another IT management tool" silo despite their broad relevance. He is right - but focusing on one use case after another works...

Enjoy!

Marshal automates e-mail encryption

Sun, 29 Jun 2008 20:00:00 +0000

Secure e-mail and web gateway provider Marshal has introduced an e-mail encryption system it claims takes the pain out of enforcing secure communications rules.

Latest 802.11 Standard Boosts Wi-Fi Power in New Band

Wed, 25 Jun 2008 10:01:44 +0000

The nearly finished IEEE 802.11y could make Wi-Fi more practical over longer distances: Wi-Fi is a compromise. In the unlicensed bands in which it operates, it has to deal with interference from noise sources and other networks, while using very low power, and trying not to make a pest of itself. It's done very well. In the 2.4 GHz band and parts of 5 GHz, the maximum power from the radio is 1 watt (W), and the effective power (EIRP) is 4 W on an omnidirectional antenna. (You can push far more power if you narrow the antenna's beam. And parts of the 5 GHz band restrict radio power below 1 W. I wrote a long rundown of 5 GHz issues back in Jan-2007.)

But there's this lovely new segment of lightly licensed spectrum in the U.S., the 3.65 GHz band. It's a non-exclusive licensed band available only in parts of the country that don't have pre-existing ground-to-satellite or radar uses that overlap. This omits most of the eastern seaboard and most major cities; Seattle is one exception.

The licensing mechanism allows any number of operators to obtain inexpensive licenses, and register the base stations they use by location. If interference arises among base stations, operators are required to work out the problems themselves. I wrote extensively about this band and its rules on 9-May-2008 in profiling Azulstar, formerly a metro-scale Wi-Fi firm, but now a big proponent of WiMax in 3.65 GHz. I also went over the rules for the band on 11-June-2007 when the FCC announced the arrangement.

Several firms offer base station and customer premises equipment for this band now, so close to the 3.5 GHz band more commonly exclusively licensed in Europe and elsewhere. WiMax equipment is available because the 3.65 GHz band can be used with WiMax without any modifications to that protocol, although limited to just 25 MHz of the 50 MHz that the FCC set aside.

Equipment that conforms to a more stringent set of rules about contention and other factors can use the whole 50 MHz, and that's where 802.11y comes in. It's an extension of Wi-Fi to cope with the specific needs--and to open Wi-Fi technology up to 20 W EIRP, a vastly higher power output. This could allow connections over 5 km, the group says.

The Wikipedia entry on 802.11y, clearly written by someone involved with the specification, notes that three specific additions are needed: a tweak to support the way in which the FCC wants contention among competing devices to work; a method for an access point to tell a station (a connecting radio) that it's about to switch its channel or its channel's bandwidth, and the station should do likewise; and a mechanism to handle a base station allowing or revoking permission to use the spectrum without uniquely identifying the user's system or broadcasting its precise GPS-based location.

The standard is near completion and initial approval. I don't have any knowledge about whether any mainstream Wi-Fi equipment makers or metro-scale equipment makers are looking into building 802.11y into their gear.

The fact is that this could be a great technology for the mostly sub-metropolitan markets that 3.65 GHz is available in, although it has the same pain as WiMax: all new gear on the towers and all new adapters for customers.

Why don't AV vendors make it easy?

Wed, 25 Jun 2008 02:38:00 +0000

One of the newer, but very well known members of the 155+ blogs of the Security Bloggers Network, is the Errata Security blog from Dave Maynor, Rob Graham and Marisa Fagan. Dave has a post up today about his frustrations with trying to remove McAfee AV from his new mobile phone. I share his frustration. Having run Windows Mobile for over a year now and changing ROMS in addition to installing and deleting a multitude of applications, I am often frustrated by the lack of visibility you have into the files and system on Windows Mobile. if an application does not remove itself cleanly, you are hosed.

A far larger frustration for me though is removing AV vendors security from any computer, mobile or otherwise. It is not just a McAfee thing either. Symantec, CA and Microsoft are just impossible to remove with out a major pain. What is the reason? Do they make it hard because they think people might remove them by mistake? I don't think so. Like Dave says, when does AV become a virus itself?

Security Briefing: June 23rd

Mon, 23 Jun 2008 06:39:10 +0000

Not bad. I actually managed to get a good night sleep.

Click here to subscribe to Liquidmatrix Security Digest!.

And now, the news…

Google and Wildcard Domains | GNUCITIZEN
Trojan plays anti-China games for hacking | The Economic Times
Villains Getting Smarter: Are We, Too? | Korea Times
Agency Sees Theft Risk for ID Card in Medicare | NY Times
Universities urged to tighten computer security | The Arizona Daily Star
Organised e-crime targets students for recruitment | ZDNet UK
Time to dismount the hamster security wheel of pain | The Regsiter
New security awareness posters aid the battle | Cambridge Network

Tags: News, Daily Links, Security Blog, Information Security, Security News

The security sales conundrum

Wed, 18 Jun 2008 04:01:20 +0000

I spent this week on a tour of StillSecure customers speaking to them about security, their jobs and what would make their lives easier. One thing that I heard consistently from them was that they are overwhelmed with security vendors barraging them. Be email, phone or postal mail it just doesn't stop. They don't answer their phones and don't even know where these vendors get their names. Mr Bump in a recent comment on my blog about the used car salesman of NAC says this is another example of why he is just fed up with sales people.

I hear all of this loud and clear and will be sure to pass this along to our on sales and marketing teams. However, it begs the question of how are security vendors supposed to contact and sell their products? Should security vendors just sit their and wait for the phone to ring with questions or orders? Would you prefer that all sales people are highly technical and just talk bits and bytes with you? How will you find out about new products and services? For all of the bellyaching and moaning about sales and marketing overload, it would seem that if it was not successful, vendors would not do it.

I would like to hear from you. How would you like to see vendors contact you? What do you think the sales process should look like? I don't think sales people want to be a pain in the butt and for the most part don't want to blow smoke up anyones butt. What do you think? Leave a comment and be heard. The time you save dealing with annoying sales tactics may be your own.

The security sales conundrum

Wed, 18 Jun 2008 03:01:44 +0000

Loving customers frustrate security firms too

Fri, 13 Jun 2008 15:45:37 +0000

Roger Grimes has a good article up on his InfoWorld, Security Advisory blog entitled "Security firms frustrate loving customers". Roger details some specific examples of how security vendors just don't "show the love" to customers and prospective customers, with the result being lost business. Roger highlights three examples:

1. Making renewals a manual process with those annoying phone trees. I agree, when I hear the press 1 for this and press 2 for this, my blood starts to boil. There is no reason that this just can't be built into the product to renew over the web. Security or no, any software vendor not doing it this is just plain crazy.

2. Calling into a company with a sales inquiry and the sales guy never calls back. This one just kills me. When doing due diligence on potential acquisitions at a prior company I would call in or email with a sales inquiry and wait to see how long it would take for them to get back to me. It was a good indication of how well the sales organization and company functioned.

3. Killing the deal with one sided, overly legal and burdensome terms. Another one that I battle all the time. The CFO has to be able to recognize revenue so needs specific T&Cs. The lawyers want to protect the vendor against all eventualities and is doing his job. You want to make as few warranties and representations as possible to limit your liability. The result, the customer gets one sided, unfair document with fine print on maintenance pricing, renewals, SLAs, etc. Most customers don't even read the EULA. Take a lot at some of the ones with software you have bought. It may surprise you.

But in my best Fox News voice, lets be fair and balanced. So in that vein, let me give you 3 specific examples of how loving customers frustrate security firms:

1. The guys who picked the product leave and the new guy comes in and doesn't have a clue. This happens all the time, especially in the government. One guy or team buys the product for a specific reason and has all of the expertise. The new folks come in and even if they know your product is there, they don't know why or how to use it. They may feel they inherited this product and have their own favorite product in this category. They can't wait to replace you and either don't use the product at all or blame the problems of the world on it.

2. Buying the product and than "other priorities" delay implementation. A surefire recipe for shelfware. When I see this happening I tell our folks better to be a pain in the butt and force them to use the product they bought than to sit around watching the license expire on the shelf. The longer the product sits, the more it becomes a nice to have, rather than a must have, that drove the sale. Now sure, one can say that what does the vendor care, the customer paid. If he doesn't use it, less support costs. But you don't get renewals, you don't get upsells or referrals without customers using product.

3. Using the product in unintended ways. Another favorite heartburn of mine. Customers figure just because the application runs Linux underneath, why can"t I run (You Name It). We recently had a customer that was chewing up support hours like the dial at a gas pump today. It turns out the problems we all due to the all of the other software that he had put on the box, not to mention editing .conf files, database tables, etc. It is hard enough supporting the software we developed. It is a whole another story supporting software that you have written.

So Roger, yes the customer is always right and security vendors have to get their act together if they want to survive, let alone compete in these tough economic times. But customers certainly don't make the job any easier with some of the shenanigans they pull.

Im held accountable, why cant they be?

Tue, 10 Jun 2008 10:31:14 +0000

I know, Its not about computer security. But Im a American businessperson and I feel Im not being properly represented by the elected officials I voted for.
They seem to have their own interests in mind.
While the elimination of the middle class continues.

clipped from www.americansolutions.com

Drill Here. Drill Now. Pay Less

As gas prices continue to increase, Congress continues to blame others while ignoring practical steps to stop the pain Americans are feeling at the pump. To lower gasoline prices and reduce our dependence on foreign oil, we need real solutions to our energy challenges.

Providing managed backup services

Tue, 03 Jun 2008 10:03:06 +0000

Providing managed backup services has some major advantages over traditional backup, but it also has some disadvantages. Find out how it can help you address your customers' biggest backup pain points, as well as what pain points you're likely to encounter.