Some Quick Ideas Around Virtualization

I was doing some research recently on the various platforms available for hosting virtual machines. I found this great comparison matrix at Wikipedia.

There are now a ton of platforms available for just about every OS out there. Some are certainly friendlier than others, but this is a great place to narrow things down to a short list.

Combining VM capabilies, the availability of LiveCDs and the low cost of memory and hard disk space these days, there is little reason that just about anyone could not easily and cheaply make their own very functional virtual lab for research, training and/or development. Security teams should rush to embrace this technology, as they could really use VM labs for experimentation, application analysis, tool evaluation, forensics and ongoing training.

VM has come a long way, and with solutions starting at FREE, they make enconomical sense for a ton of situations ranging from disaster recovery to prototyping. Maybe there will even be a new line of consulting services on the horizon where experts at virtualization will make small fortunes helping organizations port their complex apps and environments over to VM platforms for reduction of hardware footprints and ease of management.

The bottom line is this – if you haven’t played with VMs in a while, now might be a good time to look at them again. Things in this space are maturing nicely….

HoneyPoint Security Server 1.50 Now Available

MSI is pleased to announce the general availability of HoneyPoint Security Server version 1.50.

The new release, an update of the HoneyPoints themselves, adds the much requested capability to ignore specific hosts such as network scanners and other known sources of network traffic that in the past would trigger unneeded events.

“Customers were so excited about the ignore capability that we have been demonstrating for them in the coming 2.00 product release, that we decided to back port that capability to the 1.XX series of HoneyPoints. This is a large advance for further reducing false positives and maintaining our industry-leading position as the simplest, more powerful way to secure network deployments.” said Brent Huston, CEO and Security Evangelist of MicroSolved. “Clearly, with the coming 2.00 release, we will further establish our emergence as a dominant security technology and easily demonstrate what customers have been telling us – that this is simply a better way to do organizational intrusion detection and security.”

For details on obtaining the 1.50 upgrades and/or to discuss the coming 2.00 release, please contact your account executive.

CUISPA Looking to be a Big Event

The CUISPA meeting for Credit Union security team members is looking to be very big event this year. The annual meeting, held in Austin, is expanding both in terms of attendees and in the overall content.

Last year was a fanstastic event, and MSI looks forward to seeing everyone at the meeting again this year. With the many challenges CUs face this year surrounding changes to the regulations, application security requirements and normal stress of the threats they deal with every day, CUISPA is an excellent chance for security teams to get some input from their peers and to learn about strategies and techniques that others are using to achieve success.

Check out our booth this year at the show, and stop by and chat with Connie. She is eager to help and to discuss our service offerings, HoneyPoint and just how easy we can make compliance with NCUA regulations. We hope to see you there!

Why Use Public Key Encryption? A User’s Perspective…

In the last year and a half we have all been affected or know someone who has been affected by leaked information.  We have begun to hear this message over and over….…Information stolen, Personal Information Compromised, Social Security Numbers Lost, etc.

We begin to ask ourselves, what can we do?  How do we protect ourselves in both our professional and personal lives and be more proactive? There are several things you can do to protect yourself and PGP/GnuPG (GPG) is one of them.

At MicroSolved, Inc. (MSI) our team uses a variety of tools and applications, PGP and GPG are just a few.  PGP/GPG are used to encrypt confidential data using public-key encryption. For example, you might use them to protect E-Mail and Data Files. They allow you to exchange files or messages with privacy, authentication and convenience.

So what is PGP?  “An abbreviation for Pretty Good Privacy; PGP is an electronic privacy program which helps you ensure privacy by letting you encrypt files and e-mail. The encryption technology employed by PGP is very strong. PGP was created by Phil Zimmermann, and depends on public key cryptography for its effectiveness. Public key cryptography is a procedure in which users exchange “keys” to send secure documents to each other. For more on PGP, go to http://www.pgp.com.”

Source:  www.redhat.com/docs/manuals/linux/RHL-7-Manual/getting-started-guide/ch-glossary.html

What is GnuPG?  “GPG is the GNU project’s complete and free implementation of the OpenPGP standard. GPG allows you to encrypt and sign your data and communication, features a versatile key management system as well as access modules for all kind of public key directories. GPG is a command line tool with features for easy integration with other applications. A wealth of front end applications and libraries are also available.”

Source: http://www.gnupg.org/

So you ask what does privacy, authentication and convenience mean?

v     Privacy means only those intended to receive a message can read it.

v     Authentication means that messages that appear to be from a particular person can only have originated from that person.

v     Convenience means that privacy and authentication are provided without the hassles of managing keys associated with conventional cryptographic software.

Whether we are protecting confidential data stored on our computers, communicating with clients or a remote office, these tools can help.

Where should you use PGP/GPG?

v     Email Security

v     File & Disk Security

v     Secure File Transfer

v     Secure Storage

v     Removable Media

v     Instant Messaging Security

Costs for the different modules and toolsets from the two products vary, but range from FREE to a few hundred dollars. They likely make for an excellent investment, either personally or for companies of any size.

Stay tuned for additional tools and ways to a more secure Internet experience.  Remember everyone has a responsibility to protect confidential data and be safe online!