| Nesting in the Gales |
|
| Thursday, 26 January 2006 | |
|
The WMF exploit story brought lots of feedback from readers. A patch was released which marks the end to this chapter in the security story. Were still inclined to use one of our favorite quotes, learn to nest in the gales. In the meantime, we thought wed tackle a question many asked about good sources of computer security information.
One problem the WMF exploit highlighted was that it can be difficult to get good security news that is current and understandable by the average user. Many people knew to check vendor sites for anti-virus and spyware updates, but weren't sure where to turn to next. Others wanted me to suggest the best site for security matters. I think detailing security threats and vulnerabilities is similar to predicting the weather. There can be monitoring stations and super computers dedicated to analysis, but its difficult to be 100% right. Just as one neighborhood could be having rain, the one next door is sunny. Similar environmental issues can occur with security researchers as one person can reproduce a problem and another cant. This variance has nothing with my reluctance to label any one site as being the best. Part of the problem arises by what people mean by security. Some people want to take a holistic approach and consider everything. Still others just wanted to know only the latest threats and preventive steps. I think both are needed. Below is a sampling of sources I use to read about security matters. My suggestion is try each and see which ones fit your style. Several sites provide quick summaries on a frequent basis while others use an audio format and cover a specific issue. US-CERTUS-CERT is a partnership established in 2003 between the National Cyber Security Division of the Department of Homeland Security and the public and private sectors. Its purpose is to protect the nations infrastructure from cyber attacks. In case you're wondering, the acronym stands for United States Computer Emergency Readiness Team. The organization offers a dedicated area for non-technical users. The scope of information is broad since they look at many threats. The site will also appeal to people who use Apple or UNIX systems. The site offers alerts, current news, preventive tips and other publications in easily digestible terms. You can also get information through email alerts and RSS. The page is nicely sectioned into four areas:
The United States isn't the only country to have such a resource. Here are a few from other countries: Centre for the Protection of National Infrastructure (CPNI) Great BritainSafeCanada Internet Safety (Canada) AusCERT (Australia)
Microsoft Security At HomeThis website is geared toward helping non-technical people understand computer security issues. As expected most content relates to Microsoft products, but its still a good resource. The site is broken into four main areas that are accessible from the left frame:
Toward the right side, your operating system is identified. In my case, it showed Windows XP SP2. Underneath, there should be a How-to article link which shows articles specific to your system. There are plenty of resources you can use ranging from web casts to trial software programs. This is also a good resource for family members since they can watch videos on many topics. You might also want to use the RSS link to keep abreast of new content. Security Now!Security Now! is a weekly half hour podcast hosted by Steve Gibson and Leo Laporte. Steve Gibson has written several security utilities and maintains the popular Shields Up port testing website. Leo Laporte is well known for both his tech almanacs and media productions. Hes the host of the TV show Call for Help. Steve stirred up a hornets nest on podcasts #22 when he stated someone at Microsoft may have coded a back door into the Windows operating system. The following episode, he told his listeners where he had erred in his testing. Conspiracy jokes aside, the shows podcasts and transcripts address important security issues consumers face. Each episode covers one topic and the two hosts try to demystify the issues. The shows are available in several audio formats and you can also view the text transcript. The shows cover an array of topics such as passwords, wireless access, virtual private networks and more. On several occasions, special podcasts have appeared for breaking news stories. I should also mention that reporting on breaking security news can be tricky. Sometimes the need to get news out quickly to protect people comes at the expense of checking all the details. This need to cover all bases is also why you can see unofficial patches appear before vendor patches. The company responsible for the software has to do a lot more testing to ensure the patch doesn't create greater harm for their customers. The bigger the application, such as an operating system, the longer it takes to test. The Security CatalystThe Security Catalyst is another site that has podcasts. The site is hosted by Michael Santarcangelo CISSP. That string of letters after his name stands for Certified Information Systems Security Professional. Recently, the site started offering a home edition of their security podcasts. These differ from the regular podcasts directed at security professionals. The series is new, but I think will appeal to non-technical users. His first episode was on home security basics and included an interview with a former hacker. Apart from the podcasts, the site also covers current threats. As I write this, there is a nice summary of the Kama Sutra worm written by Matt Yoder. (Hmmm I wonder if that worm name will impact the context sensitive Google ads on this page.) Michael is also involved in another site called Security Synergy. Although the site is designed for security professionals, the home page has a link to an eGuide titled, Protecting Your Identity in a Disaster. The guide was co-written with John Sileo who experienced identity theft. The free guide is well worth the read and offers practical advice you can use. After reading this guide, you'll think twice about the type of pen you use to sign documents. SANS Internet Storm CenterIf you want the most recent sightings, SANS is one place to start. I wouldn't categorize the site as one for the typical user. Much of the information is technical except for the color coded INFOcon banner which indicates the Internets current status. The banner color normally shows green. I would think of SANS as a leading indicator. Each day, the handlers posts one or more diary entries about various sightings or issues. These might range from announcing the latest virus to opinion pieces on security. The site also has a Reading Room section with an area dedicated to Home & Small Office. You will need the Adobe Acrobat Reader as the reports are all PDF files. Finally, don't overlook your software vendors. As mentioned earlier, most people know to go to the site of their anti-virus and spyware programs. How many of you periodically check other vendor pages for software you own? Bugs and other vulnerabilities can occur in any software package. Often times these issues are corrected in patches or updates, but if you didn't register the software, you may not be aware of an issue or the fix. Regrettably, sometimes it can be difficult to find this type of information on vendor sites. A good alternative resource is Secunia. They provide a searchable database for advisories on 6500 products including hardware items. Ive even seen references to cell phones. The results are presented with hyperlinks which provide a concise description, status and vendor information. Referenced Resources: US-CERT: www.us-cert.gov/nav/nt01/
|
|
| Last Updated ( Sunday, 30 December 2007 ) |
