Security

Everything he says has merit. I also think that people way over-pay for IBM's services. IBM GMS has been going through some serious restructuring and cost-cutting seemingly manifesting the customer realization that there aren't any benefits to outsourcing. The whole security paradigm today is focused on instrumentation and automation but still leaves most organizations extremely exposed. Most threats are borne out of user behavior: errors, abuse, & malicious activity which can be well taken-care-of with basic monitoring and reporting. Unfortunately, it isn't sexy or sophisticated so most IT people shy away from it because it lays bare the simplicity of what can be done with plain old fashioned network awareness.

Set your celebration date this month on your calendar to Friday, July 27th, the 8th Annual System Administrator Appreciation Day.

View gift ideas to shower upon your system administrator

System Administrator Appreciation Day Photo Gallery:

Or course, my favorite photos are the system administration horror photos.

A warm thank you to Ted Kekatos, who orginiated SysAdminDay as the primary celebration of the system administration profession.

http://www.BradReese.Com

iFrame stands for inline frame not invisible frame.

Re: How big is the botnet problem?

This check authorizing company which I never knew existed is now going to cost me some bucks to close my checking account and start all over with a new supply of checks ect. I did not know that they existed but I can assure you that they will know that I exist. I will blog about this incident on every site that I encounter. Certegy(whoever the hell they are) has touched my life in a most unpleasant way. They are an irresponsible company and should be held accountable for the actions of their employees. I can wager that this Sullivan dude was never subjected to a criminal background check or fingerprinting.

Should read "unlike a worm, botvoice.A does not..." - worms exist in their own right (just like their parasite-namesake) whereas viruses can only be passed from within other programs (just as viruses infect normal cells).

Gbenga Odegbami CCIE No. 18380 Routing and Switching, CCNP, CCDA, CCNA, MCSE, MCP, CompTIA A+, Foundation Express Design Specialist CQS, Expand Compass Certified Engineer ECCE, seeks a new challenge:

Education & Qualification:

2007 - Cisco CCIE #18380 R&S
2006 - Expand Compass Certified Engineer ECCE
2006 - Foundation Express Design Specialist CQS
2006 - Cisco Certified Network Professional CCNP
2006 - Cisco Certified Design Associate CCDA
2006 - B.Sc. Electrical and Electronics Engineering, University of Lagos
2005 - Cisco Certified Network Associate CCNA
2004 - CompTIA A+ Certification
2000 - Microsoft Certified Systems Engineer MCSE
2000 - Microsoft Certified Professional MCP
1999 - Yaba College of Technology
National Diploma (OND), Ind. Maint. Engineering

View Cisco CCIE #18380 R&S online resume now!

http://www.BradReese.Com

Is there anyway that I could receive a copy of the questions asked? It definitely would be helpful.
thanks,

Re: Online bank security worsens.

I make the mistake of logging into Community last night - to discover 700 to 800 spam comments that bypassed our spam filter because each one of them consisted of a (seemingly) random string of letters in both the body and the link fields.

Read more

It's ironic that practically all the international standards and government IT security regulations all advocate for executive involvement yet here we have an article making this very suggestion.

Re: Talk to upper management about security.

Are execs too stupid to understand the implications or are they too arrogant to assume the responsibility instead delegating it to the IT team? The detachment lies at the root of overspending and relative levels of insecurity that we read about on a daily basis.

This is so ludicrous as to render me sterile. Zero-day bug with a 348 day lifespan? Most IT managers are woefully ignorant of even the most basic security elements let alone how long they've lived with a vulnerability. Patching ONLY addresses KNOWN system flaws. It DOES NOT address unknown issues nor the threat conditions that can actually cause harm. So much of the industry banter is focused on patching that people have lost focus on the true source of problems: threats. A fully-patched a properly configured network is still at-risk from abuse, data leakage, errors and malicious activity. People just have to know what is happening. Unfortunately, the complexity of most tools makes even a basic understanding difficult and expensive at the very least.

Indeed these problems can occur and can cause great stress, but before we jump in with all sorts of redress thoughts and take actions to suit our greed which might be all out of proportion to the distress caused, let us consider a few facts.

Read more

i would like to eceive lignament information on the subject of stolen personal information...

I have now got a problem with my Firefox browser; and it happened right after I let in a pop-up from the Los Angeles Angels of Anaheim Official MLB site. And now I get pop-ups from other sites. What is up with that? I don't even want them from the Angels' website, because they are just ads for junk I don't want. How do I block them once again?

When I was a wee tyke back in the Midwest, every Sunday after the show “David and Goliath” there was a show called “The Other 98.” It was about the rest of us and how we could contribute to our society. But what about the remaining 2%? Well, in this month’s edition of Consumer Reports Money Advisor (July 2007) they have a possible suggestion. According to CS, 2% of those filing for bankruptcy are claiming that the reason was identity theft!

Read more

So just how long is it going to be before a thief makes a donation to some charity which the victim dislikes (e.g., an anti-abortion victim whose card is used for a pro-choice lobbying site), and the victim sues the recipient of the donation, or accuses them of being the thief? And of course, there is the possibility of someone stealing a card in order to make the donations. Various oddball political and religious groups have been accused of such, and in at least one political campaign the charges were proven, and the perps went to jail.

More details have emerged of how Cisco will be using the gear of its IronPort acquisition, reports Tim Greene in his Network Access control newsletter. IronPort's reputation technology will be part of Cisco's NAC offering.

According to Greene:

Read more

It can be tough to upgrade older Symantec Antivirus (SAV) clients to one of the newer versions that supports advanced capabilities like rootkit detection and removal. There are some good instructions here to accomplish this now, so there isn't much of a reason for IT shops to avoid upgtrading SAV any more.

Re: Six ways to fight back against botnets.

The Department of Defense  wants to pay you $1 million to come up with a lightweight  "wearable power" battery pack for soldiers. The DoD says typical soldier going out for a four-day mission carries as much as 40 pounds of batteries and rechargers in his pack and it wants to fix that.

Read more

Not exactly what you want hear about your tax preparer: The US Justice Department this week filed a civil injunction suit seeking to bar East St. Louis, Ill., resident Mary Powell from preparing federal tax returns for others. According to the government complaint filed in U.S. District Court in East St.

Read more

I disagree with many tenets of this article.

"If the Fortune 1000 can't stop bots, smaller organizations and consumers don't have a prayer."

Re: Attack of the killer bots.

Please justify this statement with more than a passing statement. For example, I manage a single subnet, I have two IDS's, all wireless is through a VLAN and employees must VPN to gain access through wireless. All clients are patched to latest updates within 48 hours of release, typically, and each client uses ipsec and is firewalled quite well.

Read more