Picked up a copy of Ubuntu User 14.10 Winter 2014 issue.
I have a computer that I let my stepson use to play around with. He went through steps to install 13.10 but installed 64 bit and the computer bit the dust.
I have no idea where my 13.10 rag went... Oh well on to the new.
I want to know more about the boot process of ubuntu. Everything is treated like a file.
In the beginning there was root and root is considered a file?
I think so. Well I just found this online ebook that aswered my question directly...
http://tldp.org/LDP/intro-linux/html/sect_03_01.html
Should I read this book? Actually I think I will finish my fresh install of 14.10 and get back to this.
I am going ahead with the encrypt new Ubuntu installation and using LVM.
Decided on a security key hit install now and a couple of partitions are going to be formatted. I don't care about anything of the disk so sure...
Going to use some randomness to my naming conventions...
It has been an hour watching some netflix and we are sitting at > configuring bcmwl-kernel-source (i386)
Went to askubuntu.com. Looks like i need to make sure 'install 3rd party software' is unchecked, since I have a wireless card installed in this computer. Looks like I may need to install wireless drivers manually. Since I cannot get to a teminal, I guess I better reinstall OS. Good way to spend a Saturday. :)
Installation complete and restart...
Looks like one of the partititions for LVM was not installed correctly...
I assume at this point the encryption is too much for this system to handle.
Doing bare minimum install with no options checked.
looks like I should change my blog to private cause this is embarassing. I need to find a lighter weight Linux distribution for this old XPS system.
Saturday, December 27, 2014
Friday, September 26, 2014
Shellshock Vulnerability information and quick test.
Info was sent to me from beyondsecurity.com
A new and critical vulnerability called “shellshock” has been announced. The vulnerability is in the ‘bash’ shell application and can be remotely exploitable. There is a high chance that an Internet worm will be written to use this hole to attack systems over the Internet. A patch is available for this issue for most operating systems.
The vulnerability can be exploited over ssh, and over HTTP/HTTPS via CGI scripts.
Our team is still researching the vulnerability in order to design a test that is both reliable and non-destructive; however, due to the sensitive nature of executing commands on a live system remotely this may be difficult.
In the meantime, we recommend doing a simple check to see if the server is vulnerable. To test if your version of Bash is vulnerable to this issue, run the following command:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the output of the above command looks as follows:
--
vulnerable
this is a test
--
Then you are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to:
--
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
--
More information about this bug is available here:
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
A new and critical vulnerability called “shellshock” has been announced. The vulnerability is in the ‘bash’ shell application and can be remotely exploitable. There is a high chance that an Internet worm will be written to use this hole to attack systems over the Internet. A patch is available for this issue for most operating systems.
The vulnerability can be exploited over ssh, and over HTTP/HTTPS via CGI scripts.
Our team is still researching the vulnerability in order to design a test that is both reliable and non-destructive; however, due to the sensitive nature of executing commands on a live system remotely this may be difficult.
In the meantime, we recommend doing a simple check to see if the server is vulnerable. To test if your version of Bash is vulnerable to this issue, run the following command:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the output of the above command looks as follows:
--
vulnerable
this is a test
--
Then you are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to:
--
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
--
More information about this bug is available here:
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
Tuesday, August 26, 2014
Thursday, August 21, 2014
Friday, August 8, 2014
Researchers To Demonstrate Mobile VDI Hijacking Attack
http://www.crn.com/news/security/300073632/researchers-to-demonstrate-mobile-vdi-hijacking-attack.htm?cid=nl_sec#
Good reason that our MDM SAAS solution works best in-conjunction with an Enterprise SSL VPN Concentrator.
Good reason that our MDM SAAS solution works best in-conjunction with an Enterprise SSL VPN Concentrator.
Multipath TCP (MPTCP) Emerging networking technology used by Apple will frustrate firewalls...
http://www.networkworld.com/article/2463062/security0/emerging-networking-technology-used-by-apple-cisco-will-frustrate-firewalls.html#jump
This is a broad and new topic that is an evolving conversation, there is not a roadmap or guidance to MPTCP's effect just yet.
The issue is that “fragments” of malware or an attack can come
in through separate paths, therefore evading detection. The quotation of “fragments” is because this is not traditional fragmentation that firewalls in general usually think about or know how to deal with (per NSS labs, etc). Other
than buffering/normalizing/reconstructing content on the firewall (which SonicWall will not do), the most likely action will be to disable multi-path TCP
capability from behind the firewall. That’d be the short term
solution, and DPI technology is not yet sure what the long term solution will be.
Tuesday, August 5, 2014
Monday, August 4, 2014
Wednesday, July 30, 2014
Friday, July 25, 2014
S5000 SonicWall Sandwich
http://en.community.dell.com/techcenter/networking/m/networking_files/20439189.aspx
This is a highly scalable architecture using SonicWall firewalls and Dell Networking S5000 switch to create a high bandwidth Firewall architecture.
This is a highly scalable architecture using SonicWall firewalls and Dell Networking S5000 switch to create a high bandwidth Firewall architecture.
Thursday, July 24, 2014
File-encrypting Android ransomware 'Simplocker' targets English-speaking users
Malware was updated to use FBI-themed alerts and encrypt backup files, researchers from ESET said
The malware installer masquerades as a Flash video player application and requests to be granted device administrator permissions.
The malware installer masquerades as a Flash video player application and requests to be granted device administrator permissions.
Wednesday, July 23, 2014
Best Practice Videos for SonicWALL Firewalls
Best Practices: Site to site VPN on SonicOS -
Best Practices: NAT Policies on SonicOS -
Best Practices: How firewalls and security services work together
- https://www.brighttalk.com/webcast/5052/115493
Best Practices: Optimal firmware management -
Best Practices: High Availability on Dell SonicWALL -
Secure Mobile Access - Per App VPN and VPN client Java info
First, the per app vpn Youtube video demo:
https://www.youtube.com/watch?v=1v2pm2-PJdU&feature=youtu.be&a
Per-application VPN — Mobile Connect 3.1 in combination with Secure Mobile Access OS 11.0 for Dell SonicWALL E-Class SRA appliances, enables administrators to establish and enforce policies to designate which apps on a mobile device can be granted VPN access to the network.
I found above statement in the datasheet on the mobile-connect page at sonicwall.com:
http://www.sonicwall.com/us/en/products/Mobile-Connect.html#tab=overview
Second, below statement is from our SE team on how we use Java with our VPN clients:
The Aventail Connect Tunnel client is a stand-alone native client for Windows, Mac and Linux. Java is used on Linux to display the optional GUI.
When the Connect Tunnel client is provisioned via the Aventail Workplace portal, Java is used as a provisioning mechanism for Mac and Linux workstations.
The browser based Aventail OnDemand Tunnel agent is provisioned and runs transparently behind the Workplace portal to provide layer 3 access for web based users.
Lastly, the suggested solution starts from:
mfg part # 01-SSC-8487 is SonicWALL SRA EX6000 with 25 User License Bundle.
This bundle sku includes EX6000 appliance, 25 User License, Advanced End Point Control, Connect Mobile, Native Access Modules, Advanced Reporting and a 1-year E-Class Support 24x7 contract.
The above part number has a list price of $7,995.
https://www.youtube.com/watch?v=1v2pm2-PJdU&feature=youtu.be&a
Per-application VPN — Mobile Connect 3.1 in combination with Secure Mobile Access OS 11.0 for Dell SonicWALL E-Class SRA appliances, enables administrators to establish and enforce policies to designate which apps on a mobile device can be granted VPN access to the network.
I found above statement in the datasheet on the mobile-connect page at sonicwall.com:
http://www.sonicwall.com/us/en/products/Mobile-Connect.html#tab=overview
Second, below statement is from our SE team on how we use Java with our VPN clients:
The Aventail Connect Tunnel client is a stand-alone native client for Windows, Mac and Linux. Java is used on Linux to display the optional GUI.
When the Connect Tunnel client is provisioned via the Aventail Workplace portal, Java is used as a provisioning mechanism for Mac and Linux workstations.
The browser based Aventail OnDemand Tunnel agent is provisioned and runs transparently behind the Workplace portal to provide layer 3 access for web based users.
Lastly, the suggested solution starts from:
mfg part # 01-SSC-8487 is SonicWALL SRA EX6000 with 25 User License Bundle.
This bundle sku includes EX6000 appliance, 25 User License, Advanced End Point Control, Connect Mobile, Native Access Modules, Advanced Reporting and a 1-year E-Class Support 24x7 contract.
The above part number has a list price of $7,995.
Thursday, July 17, 2014
Dell SonicWall Email Security in bound order of operations
All checks are done inside the appliance. It does not pass any traffic to any third party servers.
Thank you to Adam Zimmerer, SonicWall SE, for image.
Notification Announcing Support Portal Migration
|
Tuesday, July 15, 2014
Front Line Prospecting Staccato training notes
This sales training reminds me of training I received at Secureworks. I believe a lot has to do with attitude on the phone and your knowledge of the business solution that is being positioned. At the end of the day sales is a numbers game.
However the trainer is basing their recommendations off 1.8 million customer interactions. Referred it to a golf game. Sales people all prospect relatively the same but what if you can do something a little different that makes your stats be better than the next guy...
So prospecting is the calisthenics of selling. prospecting needs a mental change from sales to lead farming. It is activity to get more Meaningful Interactions (MIs). Organizations need your or your competitor's solution to solve a problem. They need to talk to someone. You need to unlock the social DNA of the company to make the Key Person (KP) to want to talk to you.
Prospecting is your process and approach to more than just the gatekeepers of the organization. You want them to become your tour guide to who else would need to know about your business solution.
Proper prospecting is a campaign for MIs. MIs are 20-30 minute conversations where you and the KP talk about a business solution and selling finally starts. You want to have 2-3 Touch Points (TPs) with KPs to get to a MI. 5 TPs is better than 4 but not as good as 6.
TP are referrals, quick conversations, email, voice mail, even faxes. Each TP has a pro and a con; such as a phone call; KP's pick up the phone around 5% of the time and 99% of that time the KP is doing something different than wanting a phone call.
The correct campaign to get a MI has rounds of TPs. The best wait time between rounds is every 3 business days. The first round is reaching out to the most KPs and having as many TPs as possible. The bell curve of success is around 3 to 4 rounds with 5 beginning of diminishing returns. 90% sales people do not get past second round.
Keys to Secure MIs is to disarm and disengage the KP. You can disarm the KP by identifying yourself, explain if referral, and lastly ask for help. Most company employees will want to help get you correct company information. State your purpose: set up 20-30 minute meeting at date/time. Ask question: what is best way to do that?
Prospecting is finding right contact and getting MIs. Then comes the selling. Prospecting and selling are two separate ideas. Stick to the template. People are busy and do not need to be sold during prospecting. When they ask, "what is this call about again?" it is probably b/c they were not paying attention, they are not needing more product details.
Why do we start with the top of the organization? You want to enable the social DNA of the organization working for you in-between campaign rounds.
http://info.frontlineselling.com/
Wednesday, July 9, 2014
SonicWall Email Security Services
What makes you better than the rest?
We have a proven and patented service for delivering email security.
Annual cost - 600 users?
-SonicWall Licensing is stackable.
Hosted (cloud):
dpn: A7489738 mfg: 01-SSC-5045 SonicWALL Hosted Email Security w/24x7 Support 500 Users (1 Year) $5,575
dpn: A7489732 mfg: 01-SSC-5039 SonicWALL Hosted Email Security w/24x7 Support 100 Users (1 Year) $1,455
Appliance (hardware or virtual):
dpn: A7489688 mfg: 01-SSC-7397 SonicWALL TotalSecure Email Subscription 500 (1 Yr) $3,265
dpn: A7489694 mfg: 01-SSC-7406 SonicWALL TotalSecure Email Subscription 100 (1 Yr) $1,300
Inhouse/cloud?
-We have either option.
If inhouse - VM/appliance?
-Yes.
Scripting language/custom rules?
-Not aware of scripting but I am aware of custom rules for compliance license and email boxes.
Filtering - inbound/outbound or both?
-Both
Outlook plugin or only web access to quarantine?
-We have a plugin you can download.
Storage quota – if so per user or aggregate?
-Not aware of… Storage is for Junk box.
Online/web based portal for users?
-Can provide access to URL optional login.
Whitelist/blacklist by administrator?
-Allow by IP address, blacklist by domain, defer list by IP, and greylist by IP.
User self-service whitelist/blacklist?
-User can have access to junk folder.
Whitelist users address list members?
-Not that I am aware of. Don’t completely understand question.
Immediate access to quarantined messages?
-Yes. We have real time reports.
RBLs – can we choose which ones are used?
-Yes, Under blacklist services.
Message retention time – can we define?
-Don’t know.
Quarantine reports – frequency – can we define?
-We offer real time reports, yes.
Quarantine reports - customizable/by user?
-There is auditing that can get you per user reports.
Quarantine - malware – can users release their own?
-I assume yes, if you give them access to their junk box.
Can users right click a message and mark as trusted/spam/release/block, etc?
-There is capability to marking messages as spam.
Image control and scanning – do you offer it?
-We do offer image control with compliance license. It is part of our TotalSecure licensing.
AD integration – do you require it/use it?
-We use LADP services or you can import your own tab-delimited user list.
What happens when an email arrives for an invalid user?
-Logged and dropped.
User account creation – automatic?
-LDAP services.
Blocked file types – can we define?
-Yes, part of compliance.
Can we bypass by user?
-This is part of the admin whitelist.
Support offering - phone/call back/email/chat?
-24x7 phone tech support. There is also an online chat and incident ticket support.
Archiving – is than an option?
-Only storage set up is Junk Box.
Policy enforcement/content control – don’t send cc #s, etc?
-Would be part of compliance licensing. It is part of our TotalSecure licensing.
Built in AV?
-Yes, We have our signatures and MacAffee AV signatures as part of TotalSecure licensing.
Language filtering support – no messages in Russian, etc?
-Yes this is an option.
We have a proven and patented service for delivering email security.
Annual cost - 600 users?
-SonicWall Licensing is stackable.
Hosted (cloud):
dpn: A7489738 mfg: 01-SSC-5045 SonicWALL Hosted Email Security w/24x7 Support 500 Users (1 Year) $5,575
dpn: A7489732 mfg: 01-SSC-5039 SonicWALL Hosted Email Security w/24x7 Support 100 Users (1 Year) $1,455
Appliance (hardware or virtual):
dpn: A7489688 mfg: 01-SSC-7397 SonicWALL TotalSecure Email Subscription 500 (1 Yr) $3,265
dpn: A7489694 mfg: 01-SSC-7406 SonicWALL TotalSecure Email Subscription 100 (1 Yr) $1,300
Inhouse/cloud?
-We have either option.
If inhouse - VM/appliance?
-Yes.
Scripting language/custom rules?
-Not aware of scripting but I am aware of custom rules for compliance license and email boxes.
Filtering - inbound/outbound or both?
-Both
Outlook plugin or only web access to quarantine?
-We have a plugin you can download.
Storage quota – if so per user or aggregate?
-Not aware of… Storage is for Junk box.
Online/web based portal for users?
-Can provide access to URL optional login.
Whitelist/blacklist by administrator?
-Allow by IP address, blacklist by domain, defer list by IP, and greylist by IP.
User self-service whitelist/blacklist?
-User can have access to junk folder.
Whitelist users address list members?
-Not that I am aware of. Don’t completely understand question.
Immediate access to quarantined messages?
-Yes. We have real time reports.
RBLs – can we choose which ones are used?
-Yes, Under blacklist services.
Message retention time – can we define?
-Don’t know.
Quarantine reports – frequency – can we define?
-We offer real time reports, yes.
Quarantine reports - customizable/by user?
-There is auditing that can get you per user reports.
Quarantine - malware – can users release their own?
-I assume yes, if you give them access to their junk box.
Can users right click a message and mark as trusted/spam/release/block, etc?
-There is capability to marking messages as spam.
Image control and scanning – do you offer it?
-We do offer image control with compliance license. It is part of our TotalSecure licensing.
AD integration – do you require it/use it?
-We use LADP services or you can import your own tab-delimited user list.
What happens when an email arrives for an invalid user?
-Logged and dropped.
User account creation – automatic?
-LDAP services.
Blocked file types – can we define?
-Yes, part of compliance.
Can we bypass by user?
-This is part of the admin whitelist.
Support offering - phone/call back/email/chat?
-24x7 phone tech support. There is also an online chat and incident ticket support.
Archiving – is than an option?
-Only storage set up is Junk Box.
Policy enforcement/content control – don’t send cc #s, etc?
-Would be part of compliance licensing. It is part of our TotalSecure licensing.
Built in AV?
-Yes, We have our signatures and MacAffee AV signatures as part of TotalSecure licensing.
Language filtering support – no messages in Russian, etc?
-Yes this is an option.
Wednesday, July 2, 2014
Friday, June 27, 2014
reading material... (doing this title too much?)
http://www.informationweek.com/cloud/cloud-storage/dell-focuses-on-security/d/d-id/1278884
found this article in a couple different news sources. It actually has old news in it...
found this article in a couple different news sources. It actually has old news in it...
Thursday, June 26, 2014
SonicWall and Long Beach City College Better Together Webinar
Learn
how Long Beach City College was able to increase its network performance
without having to sacrifice security all while supporting 25,000 BYOD users.
Webcast: Best
Practices for Safeguarding Your Network from Today’s Rapidly Evolving
Threats
Date: Tuesday, July 8, 2014
Time: 9 a.m. PT / 12 p.m. ET
Join this informative webcast to learn
how you can:
·
Double
your network performance
·
Secure
wireless and BYOD traffic from thousands of devices
·
Significantly
reduce the number of infected computers
·
Guard
against the latest threats as they emerge
·
Use
a context-aware monitoring engine to achieve full visibility into application
and user activity
·
Leverage
a nimble threat research and response team
·
Reduce
deployment and administrative costs
Speakers:
Sathya Thammanur, Product Line Manager
Arne Nystrom, Senior Network Administrator, Long Beach City College
Arne Nystrom, Senior Network Administrator, Long Beach City College
I really respect Arne a lot when we worked together on this solution. I am registered. Please do the same.
Reading Material
Montana Department of Public Health and Human Services data breach. 1.3M personal records leaked. The hacked server helf names, addresses, birth dates, and ssn for services citizens.
PayPal has flaw in two-factor authentication. It is temporarily disabled for mobile apps while they work on a patch.
Most organizations don't know where their sensitive structured or unstructured data resides, says new Ponemon study.
PayPal has flaw in two-factor authentication. It is temporarily disabled for mobile apps while they work on a patch.
Most organizations don't know where their sensitive structured or unstructured data resides, says new Ponemon study.
Tuesday, June 24, 2014
Death by email?
I easily spent all day cleaning out my inbox for emails from last week. I had over 150 emails and got it down to below 20 by the end of the day.
I got behind on my tasks and pipeline report, but I will get caught up on that today.
The funny thing is give my email 6 hours and my inbox has doubled to over 40 emails that need to be followed up on... The endless cycle of clean, rinse, and repeat...
I got behind on my tasks and pipeline report, but I will get caught up on that today.
The funny thing is give my email 6 hours and my inbox has doubled to over 40 emails that need to be followed up on... The endless cycle of clean, rinse, and repeat...
Thursday, June 19, 2014
Reading Material
Codespaces.com is out of business; due to DDOS attack that hid the accompanied intrusion into Code Spaces' Amazon EC2 control panel.
N9500 Android smartphone manufactured by Chinese company, Star, has preloaded spyware in firmware, disguised as Google Play Store App.
Bill Wright, Symantec's director of government affairs and global cyber security partnerships, spoke at a recent government cyber security briefing at the Armed Forces Communications Electronics Association. He cited Symantec's 2014 Internet Security Threat Report. He noted that targeted attacks on mid-sized firms (those with 251 to 2,500 employees) and small firms (those with 250 employees and fewer) rose by 61% in 2013 from 2012 levels.
Symantec's 2014 Internet Security Threat Report Whitepaper.
N9500 Android smartphone manufactured by Chinese company, Star, has preloaded spyware in firmware, disguised as Google Play Store App.
Bill Wright, Symantec's director of government affairs and global cyber security partnerships, spoke at a recent government cyber security briefing at the Armed Forces Communications Electronics Association. He cited Symantec's 2014 Internet Security Threat Report. He noted that targeted attacks on mid-sized firms (those with 251 to 2,500 employees) and small firms (those with 250 employees and fewer) rose by 61% in 2013 from 2012 levels.
Symantec's 2014 Internet Security Threat Report Whitepaper.
Wednesday, June 11, 2014
SonicWall SRA OpenSSL Vulnerability Customer Communications
All,
As you are likely aware, researchers have discovered seven
new vulnerabilities in versions 1.0.1 and 1.0.2-beta of OpenSSL. Of the seven
vulnerabilities, the most serious is CVE-2014-0224 which can be exploited by a
Man-in-the-Middle (MITM) attack. In response to the discovery we are
communicating the impact and recommended actions first to our partners and
shortly thereafter to Dell SonicWALL customers with affected products. While none
of our firewalls and GMS products are
affected by the vulnerabilities, our Secure Remote Access and Email Security
products are impacted by some of the seven. We have posted a support
bulletin for the affected products on our support site.
To help you address potential questions on our SRA products,
I’m attaching three communications that are going out shortly:
·
A notice to SMB SRA 1200/1600/4200/4600
customers -
(CVE-2014-0224)
Hello,
As you may have heard, researchers
have found multiple defects including a Man-in-the-Middle (MITM) vulnerability
in versions 1.0.1 and 1.0.2-beta of OpenSSL, the cryptographic software
library. For detailed information on the Man-in-the-Middle and other vulnerabilities,
see the OpenSSL website.
Dell
SonicWALL SMB SRA Specific Firmware Versions Affected
SMB
Secure Remote Access
|
SMB SRA Server Side
Firmware
|
7.0.0.12-28sv and
all previous 7.0 versions
7.5.0.6-23sv and all previous 7.5 versions |
|
Impact
|
Versions above are
affected and should be patched immediately.
|
|
Recommended Action
|
Upgrade 7.5 to
7.5.0.7-24sv
Upgrade 7.0 to 7.0.0.15-32sv |
Additional
Information
The latest 7.0 and 7.5 firmware versions are available
for download on MySonicWALL
·
A notice to E-Class SRA customers -
(CVE-2014-0224)
Hello,
As you may have heard, researchers
have found multiple defects including a Man-in-the-Middle (MITM) vulnerability
in versions 1.0.1 and 1.0.2-beta of OpenSSL, the cryptographic software
library. For detailed information on the Man-in-the-Middle and other vulnerabilities,
see the OpenSSL website.
Dell
SonicWALL E-Class SRA Specific Software Versions Affected
E-Class
Secure Remote Access (Aventail)
|
E-Class SRA Server
Side Software
|
Software version
10.6.4
Software versions 10.7.0 and 10.7.1 |
|
Impact
|
Versions above are
affected and should be patched immediately.
|
|
Recommended Action
|
Apply Hotfix
10.6.4-388
For all 10.7.0 users, you must upgrade to 10.7.1 and apply the hotfix. Apply Hotfix 10.7.1-322 |
Additional
Information
The latest 10.7.1 software version is
available for download on MySonicWALL. To access the 10.6.4 and 10.7.1 hotfixes, see Knowledge Base article 11605 on the Dell
SonicWALL Support website.
Friday, June 6, 2014
Reading material
Ebay.com hacked, users asked to change passwords. No financial data, just user...
Funny: the internet of everything.
http://software.dell.com/ There is a lot of stuff on this page to know about.
If HTML5 Is The Future, What Happens To Access Control?
Funny: the internet of everything.
http://software.dell.com/ There is a lot of stuff on this page to know about.
If HTML5 Is The Future, What Happens To Access Control?
Thursday, May 29, 2014
Successful Account Executive candidate conversation
My current role as inside sales specialist, I am proactively reaching out on new leads and tasks from existing opportunities. I am reactive with quick SLA's to reply on any email requests. I have a substantial amount of tribal and product knowledge. I can have conversations that span from C-level down to admin.
When moving on to next role of being outside sales, strengths is not on many transactions, but on strengthening key relationships. I will need to be able to properly coordinate people and resources for projects. I will have to have the perceived beneficial solution that will solve a business problem. C-level buy from companies and people they trust.
I will need to be able to size and scope opportunities correctly before 4 legged sales calls. This is where there is multiple people visiting with me. Number of legs is the number of people attending meeting. Don't need to have a 4 legged sales call to an initial scope with IT admin.
Successful AE's have at least 3-5 proof of concepts at any one time. Most large opportunities require the tires to be kicked before purchase. Once POC is set up, need to coordinate SE with technical contact to hand off for a bit. However, AE is needed to step back in and round up everyone involved to sign off on PO by a desired date.
Summary: Find Opp, Quality, project manage POC, and lastly close/win. If close/lost, learn something beneficial.
Monday and Friday are typically office days to organize schedule and go through reports.
Tuesday, Wednesday, and Thursday are travel, primary work days.
Of course this schedule is tentative depending on circumstances.
There is a big caution that you can be busy but not productive.
Having time management and driving qualified leads effectively is more important than going to different free lunch events that are not your target market.
Being in an outside AE role is mostly about relationships and business acumen, instead of technical knowledge. Be expected to live in primary metro location for territory. It is also important about who you know and what contacts you have. However every candidate will have weakness. It is my job to sell my strengths.
Friday, May 23, 2014
EX6000/Aventail/SMA tech support activation
Thanks to Sean Burke for this information.
Then on the Appliance
The Aventail appliances still use a manual process to upgrade
licensing information (unlike the firewalls where they automatically “phone
home” to learn licensing info). I believe this is expected to change soon
with a future software upgrade. They’ll just need to go to www.mysonicwall.com and located their
Aventail appliance then follow the steps below to export the license key, then
import it into the Aventail appliance…
From mysonicwall.com
Deploy and Manage Chrome for EDU/ Business | Chrome MSI
Thanks to EMM, endpoint mobile management, team to share this with me.
Google allows managing
Chromebooks only from Google Admin site (or Google admin console).
Here is the list of polices you
can enforce on Chromebooks: https://support.google.com/chrome/a/answer/2657289
for Safebrowsing check Security (Safe Browsing) and Content items (Safe Search).
Tuesday, May 20, 2014
Interesting Security Articles of note
U.S. Indicts Five Chinese Army Officers for Alleged Cyberespionage Operations
Malvertising Redirecting to Microsoft Silverlight Exploits
Webcam voyeurs around the world are on edge after authorities in several nations began raiding buyers of the BlackShades remote access trojan (RAT).
LifeLock has withdrawn its Wallet App and deleted user data over concerns the technology falls short of user data protection rules under the payment card industry's Data Security Standard (PCI DSS).
Google looks to unite work and pleasure by acquiring Divide for BYOD
Monday, May 19, 2014
Cryptolocker on Android phones...
http://malware.dontneedcoffee.com/2014/05/police-locker-available-for-your.html#!/2014/05/police-locker-available-for-your.html
Research link that lead to above capture:
http://www.theinquirer.net/inquirer/news/2344051/cryptolocker-ransomware-hits-android-smartphones-and-tablets-via-fake-porn-app
Threat intellegence -
https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=679
Friday, May 16, 2014
Equipment ID on SonicWall SMB SRA 7.5 End Point Control?
Thank you to my System Engineer Manager, Ed, for finding this information.
Regarding the End Point Control on the SRA appliance for your customer, we do not support creating policies tied to MAC addresses, however we can make policies that are tied to the Hard Drive Serial number. I would argue, this is probably more secure, at least on the surface.
Below is a quick explanation of how to retrieve the Equipment ID from various Windows platforms.
The EID stands for the ‘Hard driver serial number’.
For Windows 7, you can type following command to get EID:
wmic diskdrive get serialnumber
Regarding the End Point Control on the SRA appliance for your customer, we do not support creating policies tied to MAC addresses, however we can make policies that are tied to the Hard Drive Serial number. I would argue, this is probably more secure, at least on the surface.
Below is a quick explanation of how to retrieve the Equipment ID from various Windows platforms.
The EID stands for the ‘Hard driver serial number’.
For Windows 7, you can type following command to get EID:
wmic diskdrive get serialnumber
For windows XP, you may use some third-part free tool to get the
EID. This is a link of a free tool.
More SMB SRA info:
Firmware 7.5 now has EPC
abilities. Customers can create profiles looking for Anti-Virus, Anti-Malware,
Personal Firewall programs, Running applications, Client certificates, registry
keys, files, directories, domain membership, Windows Version, and device ID. (No MAC address though)
I think it's possible to create multiple profiles and lock down a user account to a device profile, but that would be a unique profile per-user (could potentially be a lot of configuration work).
So we can make sure the device that's connecting in is the right device (so you can't use a home machine or some other non-corporate asset). However, locking a specific person to one device might be a large config. Part of customer's remote access (BYOD) policy conversation needs to address level of device identification, i.e. if it's a corporate device that connects in, or make sure User A is logging in from her device, and not User B's device.
I think it's possible to create multiple profiles and lock down a user account to a device profile, but that would be a unique profile per-user (could potentially be a lot of configuration work).
So we can make sure the device that's connecting in is the right device (so you can't use a home machine or some other non-corporate asset). However, locking a specific person to one device might be a large config. Part of customer's remote access (BYOD) policy conversation needs to address level of device identification, i.e. if it's a corporate device that connects in, or make sure User A is logging in from her device, and not User B's device.
Product documentation link: http://www.sonicwall.com/us/en/support/3893.html
SonicWall threat intellegenct to Microsoft Security Advisory 2963983
I appreciate my System Engineer, TJ, for helping find this documentation.
MS article that started search: https://technet.microsoft.com/library/security/ms14-021
--FOUND THIS--
--AND THIS—
“Latest Internet Explorer
exploit patched within 24 hours”
What is
the latest web security danger found when using Internet Explorer?
When
Microsoft announced it was ending support and automatic security updates for
Windows XP, the cybercriminal community stepped up its attacks, exploiting
vulnerabilities wherever they found them. This
led to the recent attack campaign against U.S-based defense and financial
companies through a remote code execution vulnerability discovered in versions
6-11 of Internet Explorer (IE).
The
announced vulnerability in IE has become the latest headline story in the
network security industry largely based on the fact that Microsoft has not
stated when a patch for the vulnerability will be available for supported
Windows platform but more importantly implied Windows XP PCs will not receive a
patch since it has stop
support on that platform. As a result, organizations that have yet to
upgrade or invest in a new system running a more recent version of Windows will
find themselves at increased risk for hackers to exploit, ranging from simple
opportunistic attacks to highly targeted malware infection campaigns. According
to Microsoft, the danger arises from an attacker who successfully exploits the
vulnerability to gain the same user privileges as the current user to either install
programs, view, change or delete data, or create new accounts with full user
rights if the current user is logged on with full administrative user rights. As a result, Microsoft has quickly
released an out-of-band bulletin Microsoft
Security Advisory 2963983 that was
published on April 26, 2014 detailing the severity of the vulnerability and
mitigation options for users.
What does
this mean for
Dell SonicWALL customers?
As a member
of the Microsoft
Active Protections Program (MAPP), the Dell SonicWALL Threat Research Team reacted swiftly to the
Microsoft Security Advisory and created countermeasures to detect and stop all
attempted exploits with the new IPS signature IPS:
3787 Windows IE Remote Code Execution Vulnerability (CVE-2014-1776). Within
24 hours of the security advisory, the IPS (Dell SonicWALL Intrusion Prevention
Service) signature was immediately pushed to all Dell SonicWALL next-generation
firewalls owned by customers who have active security subscription services for
their firewall. Customers without an active security service should
purchase or renew their security service as soon as possible to receive IPS
signatures for the latest threats and ongoing protection against new threats as
they occur. This protection covers all Windows platforms including
Windows XP without having to implement any of the recommended Microsoft
workarounds. However, Dell SonicWALL encourages a layered security
approach when combating zero-day type vulnerabilities.
Additionally, we recommend that customers take additional security measures and
perform audits as outlined below to minimize their security risk.
- Make sure IPS is enabled on the
firewall
- Use the firewall advanced
application control function to configure a policy that will block
users from accessing the internet with affected versions of IE until all
systems are patched
- Apply any workarounds as
suggested by Microsoft under the Microsoft
Security Advisory 2963983
In summary,
this is a dramatic reminder that Dell SonicWALL not only offers security
solutions that deliver a deeper level of
network protection but more importantly, that our Threat Research Team has a deep and
thorough understanding of the dynamic threat landscape and the endless dangers
it poses for networks of all sizes. With the sheer volume of
vulnerabilities that are discovered across all computing platforms, identifying
and developing the best possible countermeasures against these mutable threats
can be challenging as no two threats are exactly the same. Customers can rely
on Dell SonicWALL’s team of in-house threat research experts working around the
clock gathering, correlating and analyzing data feeds from its Global Response
Intelligent Defense (GRID) Network which now has more than one million security
sensors globally. Moreover, they conduct ongoing “in-the-wild”
investigations and work with security advisory communities such as Microsoft
MAAP to provide our next-generation firewalls and intrusion prevention systems
with the threat intelligence required to stop new threats and threat variants
with a high degree of effectiveness as they occur. Stay connected
with the latest news and security updates via Dell Security on Twitter, Facebook and LinkedIn.
--AND THIS--“April 2014 IE
Vulnerability”April 2014 IE Vulnerability
– Next steps for customers to ensure they are protectedSituationOn April 26th, Microsoft
released Microsoft Security Advisory 2963983 that
addresses a remote code execution vulnerability, CVE-2014-1776,
in Microsoft Internet Explorer (IE) versions 6 to 11. A successful exploit
of this vulnerability will cause arbitrary code to run in the context of a
current user within IE. At this time, Microsoft has not stated when a
patch for the vulnerability will be available for supported Windows platforms
but, more importantly, it is likely that Windows XP PCs will not receive a
patch due to the EOL on that platform. For a view of the broader security
implications of Microsoft Windows XP end of support read our blog published
in December.Given that IE represents
roughly one quarter of the browser share, this potentially exposes a large
number of internet users’ computers to malware attacks. Reports of
malicious sites using the vulnerability to hijack PCs surfaced immediately upon
publication of the vulnerability (ArsTechnica).
This is a very typical, and highly successful, method of obtaining access to
company data utilizing readily available malware. Traditional stateful packet
inspection firewalls are blind to these attacks. Malicious traffic utilizing
this vulnerability used to attack end users inside a network appears as 100%
legitimate traffic to stateful firewalls. On the other hand,
next-generation firewalls and unified threat management firewalls, as well as
intrusion prevention systems, are designed to protect networks from such
attacks. First Priority: Protect
your networkDell SonicWALL firewall
customers that have the Intrusion Prevention Service enabled have been
protected against this attack since Sunday, April 27th through
an automatic update pushed out over the weekend with the following update:
- IPS: 3787 Windows IE Remote Code Execution Vulnerability (CVE-2014-1776)
--AND THIS--
There was a new/different
Microsoft Advisory (also for IE) issued on Tuesday. Once again, we had
protections that very day. https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=680
Wednesday, May 7, 2014
Monday, May 5, 2014
Credit Union Times and SecureWorks IE Zero Day attack and issued recommendations
Sited source: Experts
Recommend Avoiding Internet Explorer
The credit union industry is reacting to the ongoing attack
on Microsoft’s widely used Internet Explorer software by recommending people
avoid using the browser. Security experts reported the flaw in a number of
versions of Explorer last week.
SecureWorks and others are recommending that Internet
Explorer users – individuals and companies – use the patch for IE
vulnerability just released by Microsoft as soon as possible. If unable to
do that, Ramsey recommends these steps first.
Disable Adobe Flash plugin. There is no associated
vulnerability in Flash, but it is used to create the proper memory environment
for successful exploitation and its absence will prevent infection in this
specific case.
Enable Enhanced
Protected Mode (EPM). Introduced in Internet Explorer 10, EPM provides
features that can prevent this exploit from working.
Deploy the Enhanced
Mitigation Experience Toolkit (EMET). The observed exploit contains
techniques intended to bypass common mitigation strategies such as DEP and
ASLR. EMET implements extended exploit mitigation.
Sunday, May 4, 2014
McAfee Total Protection install blue screened notebook.
This is the family notebook. It is a Dell Inspiron N5110 and
running Windows 7 Home Prem. I have it dual booting Ubuntu for my personal
computing. It has been running without any problems since purchase going on 2
years now.
My wife teaches a class for a medical university. She is
about to put class information on the computer, so I took on the task of
getting it back up to snuff. I updated Windows with the latest security
updates. Rebooted successfully. There was expired McAfee Enterprise on the
notebook from a previous semester. However it has been expired for a month, and
I would rather take care of my own computer. So I wanted to install my own
version of McAfee to manage the security. The disc instructions said to be
connected to the internet and uninstall any other non-McAfee security products.
Note: if you already have McAfee product installed, they will uninstall it
automatically...
So install disk. Made sure I had internet connection. McAfee
wanted to autorun install. I accepted.
I didn't know that McAfee was disabled. Message box popped
up to click here to reenable... I just let the install try to do its thing, but
maybe a minute later I got a blue screen.
I didn't freak out. Blue screen said if happens again boot
into safe mode. I was able to get into safe mode. Talked to my wife all her
must have files are backed up off the computer. However, I was not sure of my
next step. Just unistall McAfee from safe mode or do something with the F8
screen to boot to known good config?
I knew the computer was working fine before installing new
A/V, so decided I would do the F8 boot to last known good config. Here is the
new problem though. Since I am dual booting Win7/Ubuntu 13.10, the F8 option to
start know good config is not coming up as an option in the boot screen.
Is there a way to do this from safe mode? The answer is yes.
Good old Google search...
Alright back in business... well, Win7 desktop business...
Next step: Going to uninstall McAfee Enterprise this time
before trying to install McAfee Total Protection. Going to McAfee website
looking for their uninstall tool.
McAfee Enterprise actually uninstalled fine through control
center actually. Then installed McAfee total protection, did full scan, and no
problem. I downloaded Windows critical updates again. Wife is good to go with
putting her class stuff on the computer again.
Thursday, May 1, 2014
Next-Gen Firewall Conversation
I received this list of conversation pieces that goes into the full scope and sizing of Next-Gen Firewalls from someone I highly respect. If I try to be as good as he is with his clients, I will be doing all right.
______
People
1. Name(s)?
2. Their position/role within org?
3. Try to find this out before conversation.
______________________________
Problems to Solve / Solution Topics
1. Security
2. Performance
3. Availability/Resiliency
4. Worker Productivity
5. Remote Access
6. Office to Office VPN or MPLS Failover
7. Wireless
8. BYOD
9. Compliance
10. Reporting
11. Resources & Expertise for Deployment
12. Support
--- What is the business case we are solving?
______________
Past Experience
1. Current solution?
2. Experience or perception of our solution?
3. Other options that you are considering?
____
Time
1. Why now?
2. Time to decide, time to purchase and time to implement?
______
Budget
1. Do you have an established budget?
2. When is that funding available?
3. How did you come up with that #?
Email Security Appliance (ESA) 8.0 Adding Junk box button for Outlook 2010 and 2013
To add the junk box
button to Outlook 2010 and 2013 you need to know where to download the files. It is shown in the release notes for firmware 8.0.
Pg 4 & 5
Here are the download links.
You can also find the download links off our online demo
email security box at: www.livedemo.sonicwall.com
You can find more info for email security appliance in the admin guide of 8.0:
Latest Internet Explorer exploit patched within 24 hours
The
following message is from Ken Dang, Product Manager:
All,
What is
the latest web security danger found when using Internet Explorer?
When
Microsoft announced it was ending support and automatic security updates for
Windows XP, the cybercriminal community stepped up its attacks, exploiting
vulnerabilities wherever they found them. This
led to the recent attack campaign against U.S-based defense and financial
companies through a remote code execution vulnerability discovered in versions
6-11 of Internet Explorer (IE).
The
announced vulnerability in IE has become the latest headline story in the
network security industry largely based on the fact that Microsoft has not
stated when a patch for the vulnerability will be available for supported
Windows platform but more importantly implied Windows XP PCs will not receive a
patch since it has stop
support on that platform. As a result, organizations that have yet to
upgrade or invest in a new system running a more recent version of Windows will
find themselves at increased risk for hackers to exploit, ranging from simple
opportunistic attacks to highly targeted malware infection campaigns. According
to Microsoft, the danger arises from an attacker who successfully exploits the
vulnerability to gain the same user privileges as the current user to either install
programs, view, change or delete data, or create new accounts with full user
rights if the current user is logged on with full administrative user rights. As a result, Microsoft has quickly
released an out-of-band bulletin Microsoft
Security Advisory 2963983 that was
published on April 26, 2014 detailing the severity of the vulnerability and
mitigation options for users.
What does
this mean for
Dell SonicWALL customers?
As a member
of the Microsoft
Active Protections Program (MAPP), the Dell SonicWALL Threat Research Team reacted swiftly to
the Microsoft Security Advisory and created countermeasures to detect and stop
all attempted exploits with the new IPS signature IPS:
3787 Windows IE Remote Code Execution Vulnerability (CVE-2014-1776). Within
24 hours of the security advisory, the IPS (Dell SonicWALL Intrusion Prevention
Service) signature was immediately pushed to all Dell SonicWALL next-generation
firewalls owned by customers who have active security subscription services for
their firewall. Customers without an active security service should
purchase or renew their security service as soon as possible to receive IPS
signatures for the latest threats and ongoing protection against new threats as
they occur. This protection covers all Windows platforms including
Windows XP without having to implement any of the recommended Microsoft
workarounds. However, Dell SonicWALL encourages a layered security
approach when combating zero-day type vulnerabilities.
Additionally, we recommend that customers take additional security measures and
perform audits as outlined below to minimize their security risk.
1. Make sure IPS is enabled on the
firewall
2. Use the firewall advanced
application control function to configure a policy that will block users
from accessing the internet with affected versions of IE until all systems are
patched
3. Apply any workarounds as suggested by
Microsoft under the Microsoft
Security Advisory 2963983
In summary,
this is a dramatic reminder that Dell SonicWALL not only offers security
solutions that deliver a deeper level of
network protection but more importantly, that our Threat Research Team has a deep and
thorough understanding of the dynamic threat landscape and the endless dangers
it poses for networks of all sizes. With the sheer volume of
vulnerabilities that are discovered across all computing platforms, identifying
and developing the best possible countermeasures against these mutable threats
can be challenging as no two threats are exactly the same. Customers can rely
on Dell SonicWALL’s team of in-house threat research experts working around the
clock gathering, correlating and analyzing data feeds from its Global Response
Intelligent Defense (GRID) Network which now has more than one million security
sensors globally. Moreover, they conduct ongoing “in-the-wild”
investigations and work with security advisory communities such as Microsoft
MAAP to provide our next-generation firewalls and intrusion prevention systems
with the threat intelligence required to stop new threats and threat variants
with a high degree of effectiveness as they occur. Stay connected
with the latest news and security updates via Dell Security on Twitter, Facebook and LinkedIn.
Subscribe to:
Comments (Atom)