Its biggest issue is to my knowledge it omly works with windows, but for making life had for leakers this is probably the best bet. When you open documents your computer requests the key for ad, the benefit here is if the user cant connect to AD (i.e. They are at home) the whole process wont work. You can also define users who can decrypt data before emailing if they do meed to share the info. It works well as long as you are tied to the windows ecosystem.
I have been using pfsense for a few years now. I have been interested in this because i has an api. Long term i would like to build out something that can block ips based on elasticsearch queries using elastalert. If anyone has good or bad stories feel free to share!
I worked for a consulting firm that tracked your billability or percent of time you could bill a customer vs doing other admin overhead. The stupid thing was if you did non billable work like writing proposals on top of billing you 40 hours a week, it still messed up you billability targets. Once i got a message about my billability being too low after working over 40 hours billable and doing proposal work then your manager would need to explain it to his higher up manager. They later fixed the policy, but i couldnt understand how such a stupid policy was in place, especially since winning work through proposals was there bread and butter.
The role of an enterprise architect is to work with stakeholders, gather requirements, create time lines and then hand their work over to another team to implement and continue to provide governance. At best you might be lucky to get access to some sort of test environment. I am TOGAF certified and like you before I started didn't understand what it was before I started. The trainer I had described it as creating cartoons for executives. I still got the cert but realized it really wasn't for me. I will say that I think the role is very important and as an implementor is designed to answer the questions I often have when building something like number of users, availability requirements etc.
A TS device can have up to TS level documents, so unclass, secret, TS, etc. An unclass device can only contain unclass documents. So the device can have documents that go down. It should be physically impossible for someone on an TS device to email someone on the Internet. Therefore, if a TS document ever makes it on to an unclassified machine someone screwed up (maybe with a scanner or CD drive or something). That someone could have been either the sender or the receiver.
Bell-LaPadula. This happen all the time.. Someone could have accidentally scanned a document that was TS and sent it to her on unclassified network. This creates a spillage and there are proper ways to handle this. Granted... those ways usually assume the person isn't running their own mail server..... so there is that.
I would agree with this. Steam machine may be awesome. I just am not sure how much faith I have in Valve at producing hardware.
For the Shield, at this point Android TV is a bit lackluster... I haven't been that excited with it, but the streaming has been great. I can also emulate my older NES, SNES, N64 etc. which is pretty awesome.
Nvidia Shield does 4k streaming. I have a shield and love it (though only have a 1080p TV). I would rather have a powerful PC downstairs that I can then stream cheaply upstairs as well.
If instead of developing from the ground up they had simply invested their time and effort into enhancing an already existing project that already does more.. https://www.bro.org/
I thought they would be awesone until I realized what they were. Mostly a way to show off to higher ups. The bulk of them end up being about showing off pretty charts and dashboards no matter how useless those charts are.
How you can make these work is tell your staff that management will be hiring a pen test sometime in the next six months but they won't get any more detail. This allows you to test your staff whole making them be more on their toes in case a real attack happens.
I have been in IT for about 10 years, so I am not sure I am completely qualified to say since forever, but I would say that the issue is we are now competing with cloud providers as to the expectation of our customers. For example, Gmail offers you 15 GBs for free and IT customers wonder why they only have 2GBs at work. Most cloud services have pretty amazing up times, and people wonder why your IT dept. can't do the same thing (no matter how well staffed it is). People are seeing the consuming of resources as free and then trying to IT accordingly.
Most of these solutions require some sort of central authority to manage the security of all the routes. Sounds great until you realize that there is no one that all the users of the Internet can trust. I am not even sure that users can trust their own governments to manage this without exploiting users for the sake of surveillance let alone other countries trust one another. If you can't trust one another the best thing to do is remain insecure but watch each other like hawks for any foul play.
I have had a smart card setup for a little while. I use it for both OpenVPN and SSH access. I created the card by making my own CA and then using OpenSC to write to the card itself. There are some other cool things you can do like us it for PGP signing. I got a whole kit for about $100 bucks that came with a reader/writer, 2 cards and one USB thing.
https://www.opensc-project.org...
BS... for one thing you can get into cycling paying from the $800 - $1200 range and get a pretty decent setup. Even if you spend more (in the $2-3000 dollar range) you can get a really nice set up. Of course if you wanted to buy a used bike then all these numbers would drop. If I bought cheap used clubs for $200 (not really fair because I am looking at crappy used clubs vs. a decent bike). The cost of entry would be lower, BUT you are forgetting one very important thing. I can use my bicycle as must as I want for free after that initial cost. Golfing costs me money every time I want to go play ranging from $8-10 to hit golf balls to $40+ to actually play at a real course. A well maintained bicycle will last at least 8 years even riding it pretty hard.
Bicycling
Fixed costs
$2000 for bike
$300 for clothes, shoes
Annual costs
$200 for maintenance (if you are able to do it on your own this would come down)
5 year total cost = $3300
Golf
Fixed costs:
$200 for used golf clubs just to go with your scenario
Annual Costs:
$750 for 15 rounds of golf at $50
$240 for 30 set of balls at a driving range $8
5 Year total cost : $5150
Keep in mind that with bicycling I can ride 3+ times a week. I would also argue that cycling is a better workout as well. Your crazy contrived situation is absurd. I am in a group with a number of people and all their bikes range from $600 to maybe $2000. Some of the bikes are well over 15 years old and none of us really care. The only reason you need to spend that much is if you are a) a professional or b) need to keep up with the Joneses.
Buy something like Tenable Nessus or Rapid7. Make reports very easy and works across Windows, Linux, Cisco, etc. If you get Security Center it will track changes over time and you can see trends over time with patching.
I know there is systrace, but that really isn't what I am looking for. Will there be plans to have a proper auditing daemon be able to monitor system calls in a log file? Being security centric, I would think this would be something high on the list. I know it puts a lot more load on the system and may be difficult for smaller systems, but auditd logs are considered good practice in Linux and FreeBSD. Any chance this will make it into OpenBSD at some point?
Oh ye wise and knowledgeable anonymous coward. Pray tell how would like them to store the key to verify the server on another system? If they break into your system as root who the heck cares that they can now masquerade as your system? They already have access to YOUR system so what more damage can they do by man in the middling you as well? Tell us what you would do to fix it and what benefit it would provide.
With my family it was the opposite. We printed so little that all our cartridges would dry up. The cartridges generally only last about a year assuming you don't use them up before that so we would print maybe 100 pages/year and then need to buy $70 worth of cartridges which comes to $.70 per page. An outrageous amount.
With toner I bought an all in one networked with a duplexer (black and white) for $150 and the starter cartridge will probably end up lasting us years therefore in a little over two years the printer will pay for itself. I can get refilled cartridges for about $30 that supposedly last 3K pages. Even if I buy the OEM cartridges that last 3K pages I will probably never have to buy a cartridge again at our current rate of printing before the printer breaks.
Slashdot Mirror
Its biggest issue is to my knowledge it omly works with windows, but for making life had for leakers this is probably the best bet. When you open documents your computer requests the key for ad, the benefit here is if the user cant connect to AD (i.e. They are at home) the whole process wont work. You can also define users who can decrypt data before emailing if they do meed to share the info. It works well as long as you are tied to the windows ecosystem.
I have been using pfsense for a few years now. I have been interested in this because i has an api. Long term i would like to build out something that can block ips based on elasticsearch queries using elastalert. If anyone has good or bad stories feel free to share!
If you want a real pcie slot they sell cards that put two nvme drives on them for absout 20 bucks.
I worked for a consulting firm that tracked your billability or percent of time you could bill a customer vs doing other admin overhead. The stupid thing was if you did non billable work like writing proposals on top of billing you 40 hours a week, it still messed up you billability targets. Once i got a message about my billability being too low after working over 40 hours billable and doing proposal work then your manager would need to explain it to his higher up manager. They later fixed the policy, but i couldnt understand how such a stupid policy was in place, especially since winning work through proposals was there bread and butter.
The role of an enterprise architect is to work with stakeholders, gather requirements, create time lines and then hand their work over to another team to implement and continue to provide governance. At best you might be lucky to get access to some sort of test environment. I am TOGAF certified and like you before I started didn't understand what it was before I started. The trainer I had described it as creating cartoons for executives. I still got the cert but realized it really wasn't for me. I will say that I think the role is very important and as an implementor is designed to answer the questions I often have when building something like number of users, availability requirements etc.
A TS device can have up to TS level documents, so unclass, secret, TS, etc. An unclass device can only contain unclass documents. So the device can have documents that go down. It should be physically impossible for someone on an TS device to email someone on the Internet. Therefore, if a TS document ever makes it on to an unclassified machine someone screwed up (maybe with a scanner or CD drive or something). That someone could have been either the sender or the receiver.
Bell-LaPadula. This happen all the time.. Someone could have accidentally scanned a document that was TS and sent it to her on unclassified network. This creates a spillage and there are proper ways to handle this. Granted... those ways usually assume the person isn't running their own mail server..... so there is that.
I would agree with this. Steam machine may be awesome. I just am not sure how much faith I have in Valve at producing hardware. For the Shield, at this point Android TV is a bit lackluster... I haven't been that excited with it, but the streaming has been great. I can also emulate my older NES, SNES, N64 etc. which is pretty awesome.
Nvidia Shield does 4k streaming. I have a shield and love it (though only have a 1080p TV). I would rather have a powerful PC downstairs that I can then stream cheaply upstairs as well.
If instead of developing from the ground up they had simply invested their time and effort into enhancing an already existing project that already does more.. https://www.bro.org/
I thought they would be awesone until I realized what they were. Mostly a way to show off to higher ups. The bulk of them end up being about showing off pretty charts and dashboards no matter how useless those charts are. How you can make these work is tell your staff that management will be hiring a pen test sometime in the next six months but they won't get any more detail. This allows you to test your staff whole making them be more on their toes in case a real attack happens.
I have been in IT for about 10 years, so I am not sure I am completely qualified to say since forever, but I would say that the issue is we are now competing with cloud providers as to the expectation of our customers. For example, Gmail offers you 15 GBs for free and IT customers wonder why they only have 2GBs at work. Most cloud services have pretty amazing up times, and people wonder why your IT dept. can't do the same thing (no matter how well staffed it is). People are seeing the consuming of resources as free and then trying to IT accordingly.
Sony's most profitable division is selling life insurance. It could be from that. http://mobile.nytimes.com/2013...
Sony's most profitable division is selling life insurance. It could be from that. http://mobile.nytimes.com/2013...
Most of these solutions require some sort of central authority to manage the security of all the routes. Sounds great until you realize that there is no one that all the users of the Internet can trust. I am not even sure that users can trust their own governments to manage this without exploiting users for the sake of surveillance let alone other countries trust one another. If you can't trust one another the best thing to do is remain insecure but watch each other like hawks for any foul play.
I have had a smart card setup for a little while. I use it for both OpenVPN and SSH access. I created the card by making my own CA and then using OpenSC to write to the card itself. There are some other cool things you can do like us it for PGP signing. I got a whole kit for about $100 bucks that came with a reader/writer, 2 cards and one USB thing. https://www.opensc-project.org...
Had to go somewhere. http://www.thoughtcrime.org/bl...
Is it really still like this? I remember this was an issue 8 years ago... I would have never thought it was still like this.
All part of the Fed Ramp program. http://cloud.cio.gov/fedramp
Probably one of the smarter things the government has done.
Bicycling
Fixed costs
$2000 for bike
$300 for clothes, shoes
Annual costs
$200 for maintenance (if you are able to do it on your own this would come down)
5 year total cost = $3300
Golf
Fixed costs:
$200 for used golf clubs just to go with your scenario
Annual Costs:
$750 for 15 rounds of golf at $50
$240 for 30 set of balls at a driving range $8
5 Year total cost : $5150
Keep in mind that with bicycling I can ride 3+ times a week. I would also argue that cycling is a better workout as well. Your crazy contrived situation is absurd. I am in a group with a number of people and all their bikes range from $600 to maybe $2000. Some of the bikes are well over 15 years old and none of us really care. The only reason you need to spend that much is if you are a) a professional or b) need to keep up with the Joneses.
Buy something like Tenable Nessus or Rapid7. Make reports very easy and works across Windows, Linux, Cisco, etc. If you get Security Center it will track changes over time and you can see trends over time with patching.
I know there is systrace, but that really isn't what I am looking for. Will there be plans to have a proper auditing daemon be able to monitor system calls in a log file? Being security centric, I would think this would be something high on the list. I know it puts a lot more load on the system and may be difficult for smaller systems, but auditd logs are considered good practice in Linux and FreeBSD. Any chance this will make it into OpenBSD at some point?
Oh ye wise and knowledgeable anonymous coward. Pray tell how would like them to store the key to verify the server on another system? If they break into your system as root who the heck cares that they can now masquerade as your system? They already have access to YOUR system so what more damage can they do by man in the middling you as well? Tell us what you would do to fix it and what benefit it would provide.
$120K is also an exaggeration. Very few people are making that kind of money in DC. *Source: I have been working in the area for a number of years.
With my family it was the opposite. We printed so little that all our cartridges would dry up. The cartridges generally only last about a year assuming you don't use them up before that so we would print maybe 100 pages/year and then need to buy $70 worth of cartridges which comes to $.70 per page. An outrageous amount.
With toner I bought an all in one networked with a duplexer (black and white) for $150 and the starter cartridge will probably end up lasting us years therefore in a little over two years the printer will pay for itself. I can get refilled cartridges for about $30 that supposedly last 3K pages. Even if I buy the OEM cartridges that last 3K pages I will probably never have to buy a cartridge again at our current rate of printing before the printer breaks.