It is a tough call for any parent. Does one install a keylogger on their child’s computer or don’t they. Well with the never ending parade of horror stories concerning kids and social networking sites, one has to wonder. Furthermore, if you install one, do you tell your children or don’t you? With WiFi being as prevalent as it is, your kids could be upstairs out of eye site surfing on sites that you don’t approve of. There is no easy solution outside of unplugging the modem and taking it to bed with you. Installing a keylogger as distateful as it seems, is for many the only solution to protecting their children. Personally speaking, I will be purchasing a PC and putting it in on the kitchen counter. That is where my kids will do their surfing. I would just as soon not take any chances.

Technorati Tags: Keylogger, Monitoring software, Computer

Well another of WindowSecurity’s authors is in the news. Martin Kiaer’s company has won an award for a project that he worked on. Not too shabby. A job well done to Martin and his company. This is exactly the kind of innovative work that professionals such as Martin are known for.

Technorati Tags: Martin Kiaer, Microsoft Partner

Has it ever crossed your mind, in the recent past, that becoming a writer would be neat? Take myself for an example. About six or seven years ago I took stock of my career. I decided that I wanted to implement some career goals. The first was to become a computer security contractor. Problem was, just how do you go about becoming one? For me the solution was to start writing articles about computer security. This would help me reach my goal in that it would get my name and skillset out there to potential clients. Not to mention that if your writing is good enough you can also get paid for it .

Well, you can do the same thing as I did. It worked for me! Now in addition to offering this piece of advice I shall also offer something more valuable, my time. Should this sound like something that is of interest to you, then by all means drop me a line. The catch-22 of no one knowing you is all to fresh in my mind. That can, to some extent, be mitigated by pointing a potential employer or client to your online writing portfolio. Once you have some writing samples those can in turn possibly be leveraged into a book contract. Anyhow, you know where to get a hold of me .

Technorati Tags: Computer security, Writing, Skillset

Well to all of you who think that military networks are all heavily defended here is something for you to read. This really serves to make my point that by, if nothing else, statistics prove that n number of computer networks are insecure. This statistical model, well hardly a model, also applies to the US military networks. Whenever your network or networks begin to become rather large there is always that chance that something was forgotten. Whether it be a vendor patch, or poorly applied file permission something is normally amiss. Some people have commented on the articles that I have written for WindowSecurity as being unrealistic in that the network was too easily penetrated. Well for every hack out there, there was a way in. Bear that in mind, and always regularly have your networks audited by third party help.

Technorati Tags: Pen Test, Vulnerability Assessment, Computer Network

Well my GCIA is soon about to expire and I am faced with the decision of deciding whether or not I want to recertify. I have had my issues with SANS as of late and still do. The problem for me is that I invested a lot of time and effort in getting my GIAC certs. I am loathe to let them expire, but I really no longer care for the way that they are conducting business ie: having devalued the entire cert family and then flip-flopping. Like many people I am not a huge fan of the certification industry as it is largely a self-serving one. Reality is though, most of us have to maintain certs.

Technorati Tags: SANS, GIAC, Certifications

The tried and true method of going after the IRC command and control server for a botnet is coming to a slow death. Where there is money there is ingenuity, and when you combine that with organized crime, it all happens quickly. Much as is stated in the article, having an IRC server brought down is, surprisingly enough, not a simple task even when it is clearly involved in botnet activity. You can now imagine compounding that problem by the thousands as you will now have to go after the individually infected hosts. There really has to be a simpler way. For me this is simple. Get the ISP’s involved. Ratchet up the penalties levied against people convicted of controlling botnets. I’d say it’s a good start.

Technorati Tags: Botnet, IRC, Computer Security

Well the threat of the trusted insider is no urban or IT myth. It is very much real, and everpresent. Though it is tough to get statistics in relation to actual computer crimes committed by trusted insiders, it is safe to say they are under-reported. What can you do though to mitigate this? There are steps that one can take. First and foremost in my mind is having periodic audits by external ie: third party, network security personnel. While not everyone can afford to do this it will go a long ways towards keeping everyone honest. Secondly, one could also have their internal network traffic analyzed on a regular schedule. This is both cost effective and also helps diagnose the state of your network ie: any viruses, worms, malware, or other shady business going on. It is something that I for one, certainly encourage my clients to do. Food for thought.

Technorati Tags: Network security, Insider threat, Malware, Worms, Computer virus

It would seem that lately with the relative lack of system exploits for Microsoft Windows that the Redmond giant has finally gotten most of the buggy code stamped out. This though has left the exploit development community with a choice. Just what do they go after next, what technology, or platform affords them a decent attack surface. Well for a while it was the anti-virus products, and then the Microsoft Office suite. After that though it seemed that the end user became the target of choice. The attack surface there was the ubiquitous web browser. This threat vector has provided no end of exploits. Makes me wonder though, what will be the next attack surface?

Technorati Tags: Microsoft Windows, Exploits, Threat vector

Derek Melber who is one of the authors at WindowSecurity has some upcoming training sessions that some of you may be interested in. Give the below a read!

Modulo Risk Manager Spotlights Governance, Compliance and Risk Management

Extensive new version utilizes 4000+ data collectors, 11,000 controls, and 250 knowledge bases

June 27, 2007-New York, NY- Modulo, a market leader in governance, risk management, and compliance software, announced today the availability of the latest version of Risk Manager™. Modulo Risk Manager helps organizations streamline and automate processes required for in-depth risk assessment and compliance projects. An enhanced compliance module, expanded knowledge bases, and customized reports are just a few of the new features included in this latest release.

Modulo Risk Manager collects, centralizes, and generates reports relating to technology assets, such as software and equipment, as well as non-technology assets such as people, processes and physical facilities within an organization to assess risk and ensure compliance.Modulo Risk Manager can now communicate risk in several ways, integrating business and technical views and providing risk illustrations by asset, perimeter, business component, and threat as well as additional customizable options.

“We are dedicated to helping our customers effectively protect their assets while meeting regulatory compliance mandates,” said Alvaro Lima, director and co-founder of Modulo. “This enhanced version of Modulo Risk Manager assists organizations in meeting their risk assessment and compliance goals in the most efficient way possible.”

Modulo has further expanded Risk Manager to include 4,000 automatic data collectors, 11,000 controls, and 250 knowledge bases which incorporate SOX, PCI, HIPAA, ISO 17799 and 27001; COBIT, FISMA, NIST 800-53a, FIPS 199, A 130 , DOD 8500.2 and Shared Assessments compliance standards among many others. Users can now generate multiple compliance reports from the same set of data, eliminating “audit silos”, as well as generate a score and set of reports for any of the included compliance standards. Live updates, remote installation capabilities, and database integration are also included in the new version of Modulo Risk Manager.

ABOUT MODULO

Modulo is Latin America’s market leader for information security and risk assessment software and services. Founded in 1985 and employing 300 employees worldwide, Modulo Security recently expanded operations and partnership outreach to the United States, with its office headquarters in New York. Modulo’s Risk Manager Software provides organizations with the tools they need to automate the processes required for assessing and eliminating security vulnerabilities and attaining regulatory compliance. For more information on Modulo and Risk Manager, visit www.modulo.com.

Technorati Tags: Risk management, Governance, Risk assessment