Werner Schmidt
Enterprise Networking and Security Expert

Learning new technology

Our core values in order are:
  • Integrity
  • Knowledge
  • Communication
  • Passion
  • Success

Concerning knowledge, we’re constantly learning new things and improving on what we already know. We’ve become very adept with Palo Alto Networks which compliments our existing knowledge of Juniper Networks. We also added skills with Aerohive Networks in addition to our Aruba Networks wireless skills.

Lately we’ve been working a virtual appliance of LogLogic that we use internally. LogLogic is a great simple to use and highly effective log monitoring and management solution. It addresses SIM and can uniquely used to feed other SEMs. They also have a SEM component rounding out their SIEM offering and have database (not just Oracle) auditing solutions. LogLogic has very capable and scalable units, but the entry price point had been prohibitive for some of our customers. We’re very excited and pleased with their new offering of a virtual solution with enterprise capability at a lower entry price point. Whether you need it for compliance reasons, network visibility or forensics, this is a great solution to have. We feel it is the best and simplest to deploy and use.

We continue to expand our knowledge in DDI (DNS, DHCP and IP address management).

In regards to assessments, we have created our own software. Now we use best of breed hardware for collections and then our own software and expertise to analyze and report our findings and recommendations. We’ve made this easy and unobtrusive to deploy while focusing on things that matter. You can read more in our
other blog entry.

Boot Camp

Our youngest son graduated from boot camp at MCRD in San Diego! I have to congratulate the US Marine Corps on a job well done. We really enjoyed being there two days. The first day was a family day and was by far my favorite. The second day was the actual graduation. It was a brilliant decision to do it that way. During family day we got to meet him, converse and basically get reacquainted with our son. It took all the pressure off graduation day as we had already seen him the day before.

During family day we got just a small taste from the DI (Drill Instructor) of what their life was like and learned several new vocabulary words:
- Deck (floor)
- Bulkhead (wall)
- Portal (window)
- Cover (hat)
- Latrines (toilet)
- MRE (Meals Ready to Eat)

We learned about the sacred ground of the Parade Deck. We kept an ever watchful eye just waiting for someone to make the mistake and to see what happens to them. We were assured that there is good medical assistance on base to take care of the resultant injuries.

We also were trained on how to respond to various commands:
- Eyes: Stop in your tracks, look at the DI, say “Freeze Sir”
- Ears: Listen and say “Open Sir”
The rest has been removed from my memory.

We got a taste of an accelerated countdown (funny how fast a countdown goes from 100 when the 60s, 50s and 40s are skipped!) and how repeatedly folks in our group didn’t listen properly to the commands and us family folks had to do them over and over again.

My favorite part of all though was during their liberty from 1-5 p.m. We watched our son eat almost continuously. During his first three weeks we found out he had lost 16 pounds. Now, keep in mind he was fit and trim to begin with. He didn’t have 16 pounds to lose. He eventually got double rations, the biggest benefit of which was getting first in line and therefore more seconds to eat. We learned they had to eat with spoons to alleviate stabs to the mouth. We watched him eat a large lunch with second helpings of chicken and bread at a local restaurant on base, then pizza slices, ice cream, muffins, cookies, candy and protein bars. He had to sit whenever his mouth was chewing, as walking and eating are not allowed. We watched in fascination as the covers were constantly removed and put back on by him and all the men as they entered and left buildings. That evening, after all the binge eating from the men we did hear that there were issues with the latrines getting backed up that night at the base.

It was great to see a slice of America, most uplifting actually. I had a blast just people watching. There are two bases for the Marine Corps for boot camp training - MCRD in San Diego serves the West coast, mostly west of the Mississippi and then another base for the East coast. MCRD is only for men and the other base is for men and women. There were plenty of people from California and out of state, especially Texas. The uplifting part was seeing professionals and regular families from across the nation all with sons who are voluntarily serving for this nation. They all had a certain gait and air about them. Their smiles and the families were just priceless. It just felt different there.

In terms of graduation day, they graduate by company and over 500 graduate every week from MCRD San Diego. In case you didn’t know, the recruits pay for almost everything (toiletries, clothes, uniforms, boots, sea bags, etc.) They even had to buy the medal they received on graduation. They are fed and housed, of course, and do get their monthly pay, but there are no hand-outs. Everything is either earned and purchased.

We also got to learn something new about our youngest son, something we never observed before. We learned how
clever and creative he can be to adjusting and adapting to his environment. I’ll give a few short samples. At one point everyone takes off their shoes, throws them in a pile and then later you have to grab them quickly for a run or whatever they did. Our son said guys would be running around with two different sized shoes on. He said he learned to tie his shoe laces together very quickly before tossing them in the pile, guaranteeing him a matched set! Another time before a big multiple day hike, they had to pack rations with MREs but had to remove any candy (e.g. Skittles) from the MREs. Many of them removed more than the candy and got rid of muffins and other related snacks. He saw the pile they had built, grabbed the allowed snack items and stashed them in his bag. Later he shared with his teammates and then was able to hold his MREs until the latter days. On a major uphill hike where he excelled, he was going so fast that he caught up with the other group in front of his. He was hoping to get an apple from that group and then wait for his and get another. That plan didn’t work, but still creative. Lesson being there’s a difference between doing what’s said or needed and knowing how to adjust to what’s still allowed and yields better results. Perhaps a lesson there in being compliant versus being secure.

Now he’s off again, this time for infantry training in Camp Pendleton. We were able to visit him on base last weekend. We don’t know yet exactly what will happen during Thanksgiving or even if we’ll get to see him for Christmas. We’re on military time now and always subject to orders and change. We were actually looking forward to having Thanksgiving on the base with the men. We won’t know until we know, to that we’ve adapted.

Altaware Assessment Offering

We have been providing assessment services for a while and gained experience in the process, mainly in terms of what people really need and can make use of. One of the greatest challenges is to be able to deliver a solution that meets our customer’s needs in terms of an assessment. It is like the Goldilocks problem of trying to find something just right.

We’ve created our own integrated combination of best of breed hardware for data collection coupled with our own software enables us to better peruse all the data and then with human review and research to try and find what’s relevant.

Another challenge of existing tools is they seem to spew a lot of information, but it isn’t really from an IT or business perspective. All the tools just spew lots of reports and charts, but what did it really tell you? When I think assessments, as an IT person, I’m concerned with:
  • What are the real observed threats (malware, viruses, spyware, phone home, etc.) and also what direction is this occurring in? Is it server to client and what about client to server? I don’t need to look at all the noise, I want to hone in on what has a high enough severity and bypassed existing controls. Knowing IP addresses or names is nice, but I’m more interested in what users were affected.
  • I need to understand how the users are consuming business resources and how casual or personal use may be conflicting with real business services that your customers may be trying to access. I’d then like to either eliminate the distractions or at least be able to identify and prioritize them accordingly to make sure there are minimal or no conflicts with key business services.
  • I want to make sure that key information assets are not leaving our digital confines. This doesn’t just mean Email, but means a whole lot of different applications that can be used to violate our systems. Whether it’s for compliance or business concerns, we need to know what can be used to harm and bypass our controls. I need to understand not just what device, but what user account was used. That also includes being more aware of encryption and how it might be used to elude our visibility.

So, that’s how we look at assessments now, at least one of our main offerings. We collect data from one or more points in the network, though typically at a gateway location. We analyze the data with our tools and personal knowledge and then we report on the observations and make recommendations on how to mitigate the risk.

Please drop me a personal note or call and lets see when we can schedule this for you. It is priced very aggressively to other offerings and yields more actionable information versus fluff and reams of reports.

Bruce Lee Style Security

The highest technique is to have no technique. My technique is a result of your technique; my movement is a result of your movement.”
– Bruce Lee

I find that quote telling for where we ought to be in security now. We still build walls and people learn how to get around the walls. Worse yet, we use brute force to prevent attacks but with DDoS (Distributed Denial of Service) we can’t always build walls strong enough to sustain an attack.

Years ago, I studied some martial arts. It was while my kids were growing up and it looked interesting. I stayed in a while and progressed. At first I was real clumsy, then I started to learn techniques but struggled remembering the sequence. When I eventually left, I was just starting to get to a naturally reactive state. I like this description of cultivation from Bruce Lee.

The Three Stages of Cultivation - The first is the primitive stage. It is a stage of original ignorance in which a person knows nothing about the art of combat. In a fight, he simply blocks and strikes instinctively without a concern for what is right and wrong. Of course, he may not be so-called scientific, but, nevertheless, being himself, his attacks or defenses are fluid. The second stage—the stage of sophistication, or mechanical stage—begins when a person starts his training. He is taught the different ways of blocking, striking, kicking, standing, breathing, and thinking—unquestionably, he has gained the scientific knowledge of combat, but unfortunately his original self and sense of freedom are lost, and his action no longer flows by itself. His mind tends to freeze at different movements for calculations and analysis, and even worse, he might be called “intellectually bound” and maintain himself outside of the actual reality. · The third stage—the stage of artlessness, or spontaneous stage—occurs when, after years of serious and hard practice, the student realizes that after all, kung fu is nothing special. And instead of trying to impose on his mind, he adjusts himself to his opponent like water pressing on an earthen wall. It flows through the slightest crack. There is nothing to try to do but try to be purposeless and formless, like water. All of his classical techniques and standard styles are minimized, if not wiped out, and nothingness prevails. He is no longer confined.

As quoted in The Art of Expressing the Human Body (1998) edited by John R. Little, p.108-109

As I look at the security field, I see the same evolution. Not too long ago, security was in the primitive stage and frankly still is in a lot of organizations. With more robust solutions, we’re closer to the stage of mechanical or sophistication stage, but that’s about as far as we are. We need solutions to be more spontaneous and adaptive that yield, redirect and elude the enemy.

We are starting to see that, but only the early stages. Application firewalls are a great example, we offer industry best solutions for web servers and Oracle servers that are in the sophistication stage. We also now carry what I believe is the first example of spontaneous security for public facing web servers that are adept and react differently to threats based upon the perceived skill of the attacker. These tools assess the quality and skills of the opponent through ever greater challenges and elusion. I’m excited, it’s where I think security needs to go and be. If you have a critical web based application that deals with confidential information, fiscal or health related transactions or just needs to remain up and secure to advanced threats, please give me a call so we can demo the latest advancements in this arena. These are offered as virtual appliance solutions.

Pulse Mobile Security Suite

Pulse is an exciting new offering for mobile device security and access.

We all know the struggle of supporting a variety of PDAs and Smartphones. Especially when they may even be personal devices as well. We also have problems to contend with in terms of how to deal with problems when these devices are lost or stolen and contain sensitive corporate data stored in Email or documents.

Pulse tackles this problem by:
- Helping to secure mobile devices from malicious attacks
- Secure remote access for mobile users
- Connect users via secure VPN to your corporate network
- Tight enforcement controls and granular access to enterprise resources
- Mobile platform device software is no cost to users via respective application stores
- Broad platform support: Apple iOS 4.1, Google Android, RIM BlackBerry, Nokia Symbian, Windows Mobile
- Zero touch provisioning of mobile access for new users
- Deprovisioning lost or stolen devices
- Ability to enforce strong authentication

There’s more to the story and I encourage reading the documents below. Bottom line, if you have mobile corporate users and want to better control and secure the devices, this is the solution for you. If you already have SSL VPN and love the granular control, but want to include the mobile devices as clients along with your role based access, then get this solution. Call us for licensing questions in regards to the Juniper Networks SA SSL VPN.

>>> Download Datasheet Junos Pulse Security Suite
>>> Download white paper on securing the Mobile Enterprise