Practical Information Security

Recently the state of Nevada created a law that mandates the controls in the PCI standard as the requirement for companies that do business with credit cards in the state. Here is a good blog post with some info about this. http://www.boazgelbord.com/2009/06/nevada-mandates-pci-standard.html Does this effect you? This shouldn't be a surprise, but it does change the game a little. Instead of possibly having to deal with the card companies in the event of non-compliance, this now becomes a legal matter.

So we continue the journey with the next evolution of "information security". At this point (1999 - 2000) the motivators for implementing security were small and very little time, effort, and money was spent either on tools, technical training or in preparedness. 1999 was a banner year for malware (viruses, worms, etc.) with most environments being subject to at least one of the major outbreaks (Melissa, Sub7, etc.). Melissa was an interesting one, like many malware infestations to follow, the impact of the worm was that it spread exponentially and impacted the services running on the affected systems. For the first time (for most IT teams) there was an actual outage or impact to having Malware in the environment (other than having to spend the time, to clean it up). This got the attention of (some) execs, and they started to ask the questions like "what could we have done to prevent this?" and "how do we deal with the next virus like this?". Alas ...

So one of the cool things I learned in my SANS-508 class a couple years back was how to identify and carve files out of a network capture file. I had knew it was possible, and I have seen other folks do it before, but up until then I hadn't pulled out entire files from network captures. I think a good network security/forensic security professional should have that skill (to be able to look at a PCAP and locate the files and be able to extract them manually) but many times it is somewhat tedious to do this, and it may be prone to error. Recently SANS published a list of tools for doing this (including Foremost which was also used in the SANS 508 training). http://isc.sans.org/diary.html?storyid=6961 Here is the article: Published: 2009-08-13, Last Updated: 2009-08-16 00:42:14 UTC by Jim Clausing (Version: 2) Often in the course of investigating a compromised machine or when analyzing malware in a sandnet or honeynet, I will have a complete capture of all the network activity in a...

Sometimes the best way of trying to do something or explain what you want to do is to give it some analysis. Let's take a look at "Information Security" for a little bit today and see what that means to practitioners and companies at this point in time (2010). First lets start with a trip in the way back machine - Set the way back to 1999! 1999 - The Internet (although not officially new) is "new" to many people and businesses as corporate America and the world begins a love affair with e-mail, "the web", and all things Inter/net/web. Speed and cool whiz-bang ideas are all the rage, few people care or think to care about the risks associated with allowing everyone to see/access most everything. The only folks who are concerned are mostly government officials, people with law enforcement mentalities/backgrounds, and paranoid sysadmins who have been fighting to preserve their systems for years. In 1999 if you asked "what does Information Security...