Adventures in Desktop Linux Computing - Chapter Two

This is the second article in my series on Desktop Linux Computing. You can read the original article here.

It's been well over a month since I install CentOS 6 on my mother-in-law's PC - and so far I've only had to make one service call - to install Skype.

Many people have asked me why I didn't install Fedora or Ubuntu. The answer is that I trust the stability of CentOS better, since it's an open source clone of Red Hat Enterprise.

When I was asked to install Skype on her laptop - apparently she had first researched and tried to do it herself - but because she was downloading the wrong package, CentOS wouldn't allow the install to continue.

One of the biggest problems normally present with family members' PCs is trying to find a balance between preventing the install of "crapware" and making sure the family member can still do everything they need to. I believe that by using CentOS 6, I've managed to find that balance.

I suspect that the next service call I receive will probably be to install OpenOffice - but I haven't received that call yet.

Stay Tuned! I will continue to post updates as they occur.

Target Customers' Credit Cards Now Available on Black Market

If you shopped at Target any time between November 27th and December 15th, cancel your card now. Target is giving very bad advice that you won't be held responsible for any fraudulent transactions. Even if caught, fraudulent transactions could quickly become a complete nightmare, resulting in the inability to pay bills or buy groceries.

As an update to my post  Target Should Offer Free Credit Monitoring for Impacted Customers, customer credit cards have now been posted to the black market.

This is in complete contrast to statements previously made by Target claiming that there is no reason to cancel your credit cards.



Target is now claiming they will offer free credit monitoring services for everyone affected. If you shopped at Target during this time period with your credit or bank card, you should hold them to their word on this.



Target is also offering a 10% discount to customers who shop on the 20th and 21st. Personally I think this is a slap in the face to their customers, and many will have a hard time shopping and they probably won't have a credit card anymore, since they should cancel their card and have the bank issue a new one.

Target Should Offer Free Credit Monitoring for Impacted Customers

In case you haven't heard, Target has been the victim of a massive network breach potentially impacting all credit card customers who shopped between November 27 and December 15 of this year, including Black Friday.

Normally when this happens, organizations try to make amends with their customers, often with free credit monitoring and identity theft protection for a year.

However, Target has chosen to take a potentially more damaging route (from a PR perspective), and simply direct customers to monitor their own accounts and request a free credit report.

Now it is understandable that Target is hesitant to do so, since credit monitoring services could potentially cost between $100 and $200 per person. Since 40 million customers are affected, this means Target would need to take a loss between $4 and $8 billion. According to MarketWatch Target's yearly profit has been approx. $20 billion. This would significantly impact their bottom line - but the potential loss of customers could be even more damaging.

Target - the ball is in your court. This could potentially make or break your company. Do you want to do the right thing and provide credit protection for customers? Or do you want to risk tarnishing the Target brand forever?

For historical reference, T.J. Maxx was forced to provide credit monitoring for customers.

Note: The blog author's family is most likely included in the list of affected customers.


Security Explorer Trial Download

The following is external content provided as a free resource for blog readers.





Dell Security Explorer searches Windows servers to see who has rights to resources enterprise wide. It also provides management, recovery and reporting features at no extra cost.

  • Instantly shows who has permissions to resources

  • Displays permissions across file servers, Exchange, SharePoint and more

  • Removes deleted AD accounts from Microsoft servers


Security Explorer centralizes permission management into one integrated console. Get your free trial.



Request Free!

Computer Code Could Potentially Infect Biological DNA via @SPTHvx

A research paper recently posted to Pastebin titled "Infection of biological DNA with digital Computer Code" claims a theoretical method which could be used by self-replicating malware to alter DNA.

The infection vector is somewhat similar to Stuxnet - infect computer systems then alter "fasta" files containing DNA information. When the altered files are synthesized, the computer code makes the transition into the biological realm as bacteria, where it continues to self replicate as a living organism.

I am by no means a microbiologist (and neither is the author of the paper), so I can't very easily confirm or deny the paper's contents. It sounds plausible, but then again it could have easily been created by modifying a paper generated by the CS Paper Generator.

The paper author is on twitter @SPTHvx.

Apparently a proof of concept virus is on SPTHvx's website.

Analysis of the proof of concept virus available at the following locations:

VirusTotal: https://www.virustotal.com/en/file/9aea60ee1796d711d166397a8407bef081a78849c6904ab9baf377155fb6630a/analysis/1387340634/

Anubis: http://anubis.iseclab.org/?action=result&task_id=17ea94fb60cbfe2a4ed4924b31e1ae344

The Essentials of Information Security Kit: Includes a Free PC Security Handbook - 2nd Edition eBook

The following is external content provided as a free resource for blog readers.





The Essentials of Information Security brings together the latest in information, coverage of important developments, and expert commentary to help with your Information Security related decisions.



The following kit contents will help you get the most out of your Information Security research:

  • Cybersecurity Imperatives: Reinvent Your Network Security With Palo Alto Networks®

  • PC Security Handbook - 2nd Edition

  • Adapting Security to the Cloud






Request Free!

The Modern Malware Review: Analysis of New and Evasive Malware in Live Enterprise Networks

The following is external content provided as a free resource for blog readers.





This review provides the first analysis of malware behavior that include not only analysis of how malware behaves on an infected host, but a full application level analysis of the infecting traffic as well as all traffic generated by the malware.



Key Findings:

  • The Web Has Become the Front Line of the Fight Against Malware

  • Unknown Malware Includes Both Targeted and Generic Attacks

  • While Web-browsing is the Workhorse, FTP is Black-Ops

  • Malware Spends a Great Deal of Effort Avoiding End-Point Security






Request Free!

10 Things Your Next Firewall Must Do

The following is external content provided as a free resource for blog readers.





The 10 Things Your Next Firewall Must Do outlines the latest capabilities that a firewall should possess and helps you learn how to choose a firewall that can safely enable your business in the ever-changing world of network security. By downloading this offer, you'll find an insight and practical advice on:

  • Considerations for choosing your next firewall

  • Best practices for implementing safe application enablement policies

  • Essential firewall capabilities for battling modern threats






Request Free!

Cybersecurity Imperatives: Reinvent Your Network Security With Palo Alto Networks®

The following is external content provided as a free resource for blog readers.





Read how a new modern security platform safely enables any technology and application.

  • Learn why yesterday's methods can't handle today's cyberthreats

  • Find out if your firewall has the ability to see and control traffic, and prevent APTs

  • Discover how you can deliver modern security without compromising performance

  • Read why bolt-on security is a costly approach to security






Request Free!

La Guía Definitiva Para La Evaluación De Los Firewalls Para Redes De Empresas

The following is external content provided as a free resource for blog readers.





Tome la decisión correcta sobre qué firewall es necesario para su negocio con La Guía para compradores de firewalls.



Esta guía le da:

  • Los fundamentos de la tecnología moderna del firewall

  • Los 10 requisitos de negocios críticos que su nuevo firewall debería tener en cuenta

  • Información sobre cómo crear un (RFP)

  • Un plan de pruebas funcional para ayudar en su proceso de selección de firewall






Request Free!

Hidden Lynx Professional Hackers for Hire

The following is external content provided as a free resource for blog readers.





Symantec has identified a highly organized and sophisticated professional hacking group, made up of 50 to 100 individuals attacking a broad range of industries.



Watch this recorded webinar and learn how:

  • This group of attackers provides customized attacks for their clients

  • Zero-day vulnerabilities, watering hole attacks and different level of stealth in the malware get created for "customized attacks"

  • These sophisticated and persistent attackers have broken into systems that were thought to be completely locked down

  • To protect yourself and your business from these state-of-art attackers






Request Free!

Macs, Malware and Security Myths

The following is external content provided as a free resource for blog readers.





Download this on-demand webinar and Security, Threat and Response Expert, Kevin Haley, will take a closer look at Macs, Malware and Security Myths:

  • The history of Mac malware and the tools of modern cyber-criminals

  • Dispelling the myth of Mac invulnerability

  • What the rapid adoption of workplace Macs means for security

  • Providing proactive protection for both Windows and Macs






Request Free!

It's Time for Enterprises to Secure Mac Computers

The following is external content provided as a free resource for blog readers.





The Mac population has grown over the past few years as have Mac malware and development toolkits. Macs are also vulnerable to targeted attacks like APTs. For these reasons, CISOs should move beyond any lingering argument: It's time for Mac security in the enterprise.



Request Free!

Beware of Paul Walker Malware Emails

With the death of Paul Walker, be on the lookout for emails containing malware exploiting the news of the celbrity's death.

Often these emails will claim to have "leaked photos" etc.

Be vigilant.

Hacker Academy and Pwnie Express Partner to Giveaway a Pwn Pad

The following is external content provided for readers' interest (because who doesn't like free stuff?). The blog editor is not responsible for its content.

The Hacker Academy is partnering with Pwnie Express to offer one lucky winner a Pwn Pad; a commercial grade penetration testing tablet, and a subscription to the Hacker Academy. So, how do you win? 

Come up with something creative and catchy. Create something that demonstrates COMPLETE PWNAGE. Slogans, images, funny photos, hand-drawn pictures all are fair game.

Submit your entry. Use the form found here. The “Entry” field is where you put your masterpiece (submit images as links created through imgur.com).

Twiddle your thumbs. Sit and wait for the finalists to be announced and winners to be decided. follow the contest on Twitter with the #TrainYourPwnie hash tag and look for important updates and news via our blog at blog.hackeracademy.com andhttp://www.pwnieexpress.com/blogs/pwnie.

Deadlines. Entries will be accepted until December 27, finalists announced January 6, with winner announced January 20.

The winning design will also be featured on the Hacker Academy's next t-shirt. Visit the contest website for more information and to enter. 

Using Splunk for Kippo Honeypot Log Analysis

I was recently asked how I can quickly and efficiently analyze Kippo results. The secret is generating an additional log with Kippo, and inputting the results into Splunk. Since this data could be useful for researchers everywhere, I've decided to type up a quick tutorial.


In order to have Kippo generate the needed log, you need to create a batch file or shell script designed to generate the log.

For Windows, your batch file will look something like this:
twistd.py -y kippo.tac >> "Kippo.log"

For non-Windows, logging is already enabled by default, and will be saved to:
log/kippo.log 

Once Kippo is generating logs, you can either upload these logs to Splunk manually, or use Splunk's Universal Forwarder to upload automatically.

IT Security Software Demonstration: Windows Admin Privileges and Whitelisting

The following is external content provided as a free resource for blog readers.





Monday, December 9th at 9am PT/12pm ET



In this 30-minute, live demonstration, you'll see, first-hand, how the Viewfinity technology provides everything needed for whitelisting – from trusted sources and updaters, reputation services which ranks and scores unknown executables, and how our forensics and monitoring tracks application history. And for those companies considering removing admin rights, or who have removed admin rights, we'll demonstrate how to use the same product to create policies that will elevate privileges for applications that require administrative rights in order to install/execute.



Request Free!

Developing Intrusion Detection Systems Through Behavior Analysis

Recently at the Recorded Future User Network (RFUN) conference, I had the privilege of meeting Dr. Ben Shneiderman from the University of Maryland. Dr. Shneiderman is a Computer Science professor and founding director of the Human Computer Interaction Lab (HCIL) at University of Maryland.

Dr. Shneiderman demonstrated for us several amazing data analysis tools which have been developed at the HCIL, including LifeLines and EventFlow, two tools designed for temporal analysis and visualization of events. While these tools were designed to analyze medical events around patient care, I wondered if they could also be applied to analyze patterns used by attackers against my honeypots.

The first step was to take all of my honeypot logs and turn them into something EventFlow could understand. I imported the logs into Splunk, and started identifying fields. After careful consideration, the only fields I really care about for this analysis are the session number, source IP address, and the main commands being entered by the attacker, such as "who" "ls" "rm" etc. I combined the source IP and session number to create a session ID, so that EventFlow would treat each connection by each IP address separately.


The Need for a Cyber Attack Warning System

I was recently asked to write a brief guest blog entry on Recorded Future about some of the work I've done with Threat Watch, as well as present on the topic at the Recorded Future Users Network (RFUN2013) conference.

For those interested, the blog entry has been posted on Recorded Future's blog. Also, the slides for my RFUN2013 presentation are now available here.

Crowdfunding RFID Security Research

I've been thinking about doing some research on the security of RFID tags/access cards/etc.

This is the same topic which the Mythbusters have been banned from discussing by the Discovery Channel due to concerns by the network's advertisers reasons unknown.

RFID is used by retailers for inventory control, building access control, livestock tracking, credit cards, passports, and even medical uses. And yet, there have been very few in-depth security studies of RFID technology.

Unfortunately, RFID equipment isn't cheap, and there are a lot of different RFID tags out there. So, I'm probably going to need to turn to crowdfunding to get the project going.

I've never used crowdfunding, and I'm aware there are a lot of different options. Any suggestions? I'm open to any helpful ideas.

Guest Post: Steps to Take to Ensure Your Bank Accounts Can't Be Hacked

NOTE: The following is a guest post by Courtney Gordner. The blog maintainer is not responsible for its contents.
Allowing a bank to store all of your financial information is supposed to keep it safe, but that is not always the case. Although banks generally have the best anti-hacking software available and take extra precautions to keep this information secure, things do happens that can allow these documents to fall into the wrong hands. In many cases, it is not the bank's fault, as there are things that you should be doing to protect your bank account.

Security and Compliance in the Cloud

The following is external content provided as a free resource for blog readers.





With the emergence of consumer-driven technologies such as mobile computing devices and user-initiated cloud applications in the workplace, organizations find themselves struggling to understand how these business-enabling technologies impact the security and compliance of their critical data and systems.



NetIQ understands that the traditional approach to mitigating data security and compliance risks is no longer effective by themselves. Our suite of Identity, Access and Security Management solutions integrate seamlessly to help you:

  • Control access to cloud services and data.

  • Reduce your risk of data breaches in mixed environments.

  • Achieve compliance with industry regulations and security policies in the cloud.


Download this solution brief today!



Request Free!

The Complete Guide to Log and Event Management

The following is external content provided as a free resource for blog readers.





Security information and event management technology has existed since the late 1990s, but it has always been somewhat controversial in the security industry due to its initial promise of a "security single pane of glass" combined with slow adoption across smaller organizations. More recently, traditional SIEM has been joined by the broad use of log management technology that focuses on collecting a wide variety of logs for a multitude of purposes. In this white paper:

  • Learn about the relationship between log management and SIEM.

  • Plot your roadmap for enhancing, optimizing and expanding your log management and SIEM deployment.

  • Get a roadmap recommendation for companies that have already deployed log management and SIEM technologies.






Request Free!

Why It Pays to Take a Business-Centric Approach to Compliance

The following is external content provided as a free resource for blog readers.





A poll of CIOs and IT managers reports why departments must defend against complex internal and external threats while mitigating regulatory and compliance concerns. The results provide data about how enterprises view compliance; particularly with identity management and access governance. In this white paper learn:

  • The number one near-term compliance objective.

  • The way an access governance suite can improve your audit performance.

  • The important business benefits of using a suite-based solution.


Download this white paper to learn more.



Request Free!

VoIP Vulnerabilities

The following is external content provided as a free resource for blog readers.





Are you thinking of switching to or investing in a VoIP system for your company? VoIP offers numerous benefits -- ease of use and reduced cost being just two -- but with increased benefits can come increased risk. This complimentary white paper will honestly and succinctly assess the vulnerabilities associated with VoIP systems and then provide you with security guidelines for avoiding security threats during use.



If you're thinking of purchasing a VoIP system, read on and discover exactly how you can get the most out of a new VoIP system, while protecting yourself from vulnerabilities and security threats!



Request Free!

Data Security Strategies for Next Generation Data Warehouses

The following is external content provided as a free resource for blog readers.





Critical to any big data strategy, organizations are challenged with implementing data security strategies to protect the data warehouse.



Request Free!

Automating the SANS 20 Critical Security Controls with QualysGuard

The following is external content provided as a free resource for blog readers.





The SANS 20 Critical Security Controls are a prioritized, risk-based approach to cyber security. They are the result of a consensus process that involved a wide variety of cyber security professionals from government and industry, who were asked: “In practice, what works and where do you start?” The Critical Controls have become a blueprint to help Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) to deploy the most effective processes and tools to secure all their computer systems according to risk.



Request Free!

Continuous Security Monitoring (CSM)

The following is external content provided as a free resource for blog readers.





Given that you can't prevent all cyber attacks, you need to ensure you detect attacks as quickly as possible. The concept of continuous monitoring has been gaining momentum, driven by both compliance mandates (notably PCI-DSS) and the US Federal Government's guidance on Continuous Diagnostics and Mitigation, as a means to move beyond periodic assessment. This makes sense given the speed that cyber attacks can proliferate within your environment.



Download this white paper to learn more about security monitoring.



Request Free!

Unofficial Guide to Tor: Really Private Browsing

The following is external content provided as a free resource for blog readers.





There are equally compelling reasons that various unscrupulous people, corporations, and governments might want to do just that. The whole issue has come to a head recently with the revelation that the NSA has been illicitly spying on American citizens and others through Facebook, Google, and Skype – including, probably, you.



In a nutshell, Tor is a powerful, easy-to-use piece of software that lets you keep your online life private. This guide will provide a step-by-step guide to installing, configuring, and using Tor, and getting you started taking an active role in defending your privacy on the Internet.



With this free guide you will also receive daily updates on new cool websites and programs in your email for free courtesy of MakeUseOf.



Request Free!

How to Pass an IT Audit

The following is external content provided as a free resource for blog readers.





This guide covers the steps and procedures to passing an IT GRC audit -- as told by an enterprise end-user who deployed QualysGuard Policy Compliance. The tool allowed the audit team to be more productive by focusing time on analyzing the data and preparing for audits -- instead of administrating the tool.



Request Free!

To Outsource or Not to Outsource: That is the Network Security Question

The following is external content provided as a free resource for blog readers.





Organizations today have two security options – insource their network security or outsource it to a Managed Security Service Provider (MSSP). There are pros and cons to each option (i.e., insource vs outsource), and certain organizations can dismiss one or the other out of hand. Financial institutions, retailers and healthcare organizations subject to compliance requirements may be in a perfect position to outsource network security to a service provider. Wherever you fit along the spectrum, it's critical to thoroughly evaluate your choices and optimize for security, cost-effectiveness, and compliance. Download this paper to learn the options and methodology for making critical decisions about how to tackle your network security challenges.



Request Free!

Examining a Suspect Android Apk - FCC Speed Test

Recently the FCC released a "FCC Speed Test" application for Android.

Of course, the paranoid among us will claim that the app may be designed to secretly spy on you.

Fortunately there are Android app analysis sites out there, such as Anubis. These sites will automatically analyze an application for you and tell you everything it does.

I went ahead and analyzed the FCC Speed Test application, and the report is available here.

I have to admit, looking at the results doesn't feel very reassuring. The app is supposed to measure broadband speeds and report back to the FCC. But an interesting question is, why does the app contain IP addresses used to connect to internal networks?

When Network Security Becomes a Network-management Problem

The following is external content provided as a free resource for blog readers.





When you hear about security breaches, you think about disruption of services to customers, stolen data and identities, and damage to company reputation. But there is another kind of damage that is directly impacting your network management teams, attacks on the computing infrastructure. The ability of network management teams to do their jobs, the time and resources they have available, and their ability to scale the network in order to support the business as it grows are all impacted by security threats. Security isn't just a security issue; it's a network management issue as well. This white paper explains six ways in which your network management team can make strong contributions to your company's defense against botnets, Distributed Denial of Service (DDoS) attacks, designer malware, and all the other scary things that go bump in the Ethernet.



Request Free!

Are Your DNS Servers as Secure and Available as the Rest of Your Network?

The following is external content provided as a free resource for blog readers.





In 2012, 7.8 million new malware threats emerged. Mobile threats grew by 1,000%. 865 successful breaches compromised 174 million records. According to a 2012 study by Ponemon Institute, the annual cost of malware breaches across 13 industries averaged $8.4 million. This rapidly growing threat landscape directly targets any organization's Domain Name System (DNS) servers. DNS can be a hole into an organization's security infrastructure creating channels for successful attacks. These servers are an often-overlooked weak point that traditional approaches ignore. Since DNS works unobtrusively behind the scenes, it makes an excellent vehicle for communicating with internet-based systems and exfiltrating information. The only way to plug the DNS hole in your network security is to directly address the vulnerabilities unique to DNS. Read this white paper to gain insights into critical information to safeguard against DNS security threats and disrupt malware communications to your DNS servers.



Request Free!

Compliance Management's Seven Steps to Success

The following is external content provided as a free resource for blog readers.





Organizations most often come face-to-face with compliance either when something in the network breaks or when an audit comes due. Either of those instances can send IT staff on mad scrambles to research compliance requirements and find ways of documenting that they have been fulfilled. Reliance on legacy efforts and traditional techniques to attain and maintain compliance has left many organizations failing with non-compliant networks. Compliance isn't an option, it's a requirement. Failure to meet compliance regulations can result in fines, dangerous network exposure and even damage to your company's reputation. Can your organization meet and exceed compliance requirements cost-effectively and in a timely manner? Read this white paper to learn how to get your network compliance completely under control with automated tracking, analysis and reporting.



Request Free!

Aumente la Seguridad y fiabilidad en el lugar de trabajo con Movilidad

The following is external content provided as a free resource for blog readers.





Dé un vistazo y conozca cómo las empresas en industrias de capital intensivo ya se han beneficiado de la solución móvil EAM.



Request Free!

Adventures in Desktop Linux Computing - Chapter One

Today I took a very brave step. I installed Linux on my mother-in-law's laptop.

The reason I installed Linux on her laptop is because despite my continued attempts to keep her system from getting infected with malware, she continues to be the victim of drive-by downloads.

So, to help mitigate this recurring issue, I completely wiped her PC and installed Linux.

Why Linux? Because most malware which targets home users attacks Windows or Mac systems.

Now, something to keep in mind is that this solution is not for everyone. Before I wiped her PC, I confirmed with her multiple times that there was nothing on it she needed, and that all she uses it for is web browsing. It's important to note that while most people only use their PCs for Internet and word processing, some do use specialized software, so consult with your family member before trying to replace their operating system.

Before wiping a PC, it's important to make sure that all of the drivers will work with that PC. The best option is to boot the PC using a LiveCD before actually committing the install. I personally used CentOS 6 but there are many options, including Fedora or Ubuntu.

Once you have the PC up and running with the LiveCD, make sure the person can still use the PC for everything they need. Ask them to visit the Internet sites they regularly visit, and make sure they still work. Note any dependencies they might need, such as Java or Flash.

After you are comfortable that the person will be able to still use their computer, go ahead and install Linux from the LiveCD to the hard disk, so that any favorites/bookmarks the person creates will stay, as well as any dependencies you install.

Hopefully by replacing the PC's operating system with Linux, you'll have fewer visits to fix malware infections. However, don't be surprised if you have to answer a few calls on how to do something with their new OS.

I'll let you know what issues are encountered in Chapter Two!

Guest Post: Preparation: Why should I and how to start.

The following is a guest blog to kick off a new series of articles about personal security and disaster preparedness. Many thanks to Kim Walsh for providing the first article!

My journey to the preparedness world has been long and winding. Like many of my generation there was no reason to learn survival skills or think about disaster prep. We had stores aplenty right? We had easy access to everything we could ever want or need.

Then I got married. I married a man raised on hunting, survival, preparedness. Not out of any sort of paranoia like so many survival shows these days seem to imply but because it was just how his father had been raised and his father before him. I was reluctant to even open the doors at first. Who cared about edible plant or food storage or water filtration? We lived in a pretty populated place, we have never been rich but we had enough to go to the store when needed. And guns? Not needed. Violence and disaster happened to other people.

Then I got a wakeup call. An active shooter decided to shoot up our apartment complex. Our complex was situated more like a hotel. You had a secure door to buzz through and all the front doors were interior. The shooter’s apartment was not even 3 yards from my own. First I heard the pops. I brushed those off. Then I heard someone banging on my door. I was about to answer and ask them to stop as my husband was sleeping in prep for a late shift but some instinct stopped me. An hour later my husband got up for work and went onto the porch to be greeted by SWAT with guns drawn. We were asked if they could use our apartment to gain entry as the front door was glass and being watched by the shooter. Then we were evacuated. The officer who led us out said that ignoring that door probably saved my life
.
That is when I realized bad things can happen any time and any place and often do to wonderful people. So I decided to learn to shoot and to prepare for worst case. We have lived in multiple state but all were earthquake zones. One was also a volcano zone. So then my question was: How do I start?

The four real issues are: food, water, shelter, protection. So I have set about learning all I can about each in different situations. I now live in the desert on the edge of BLM land. I know where the water sources are for wildlife. I know where to find game. I also know several escape routes off the interstate if needed.


Examine where you live. What type of natural disasters can happen? If needed can you lock yourself down at home while still gaining access to food and water? If you need to get out of the area do you know the less traveled paths? Honestly it’s not about the apocalypse or aliens, it is about knowing that sometimes bad things happen. Job loss, illness, accident, fire, tornado, earthquake, hurricane, etc. Knowing that bad things are a possibility is what being prepared means. It is seeing those possibilities and doing what you can to make sure you and your family are able to weather any eventuality.  

Kim Walsh is a writer, designer, rights advocate, fribromyalgia awareness activist, wife, mother, and friend. You can check out her blog, or follow her on Facebook or Twitter.

Planning a Career Path in Cybersecurity

The following is external content provided as a free resource for blog readers.





As a society, we have all become heavily dependent on computers, network, and data stores. This in turn has exposed us to the risk of loss or compromise of those data systems. The need for personnel knowledgeable and experienced in security implementation and management has never been greater, and the need is growing.



Request Free!

Adapting Security to the Cloud

The following is external content provided as a free resource for blog readers.





A number of trends are pushing organizations to look beyond traditional approaches to IT and consider adopting cloud technology. These trends mean that organizations of all sizes can no longer keep their IT architectures strictly within the four walls of their data center.



By developing a roadmap for their IT and security infrastructure, organizations are more likely to feel confident adopting and reaping the benefits of the latest cloud technologies.



Request Free!

Hidden Lynx Professional Hackers for Hire

The following is external content provided as a free resource for blog readers.





This paper takes an in-depth look at the Hidden Lynx group, their targets and their motivations. It will look into their capabilities and attack strategies through their attack campaigns including the Bit9 incident.



Request Free!

Symantec Intelligence Report September 2013

The following is external content provided as a free resource for blog readers.





This report takes a detailed look at targeted attacks in 2013 so far. What this report found is that attackers have continued to refine their techniques, adding new tricks to attack methods such as watering holes and spear phishing in order to increase the likelihood of snaring their intended targets.



It takes a look at targeted attack trends over the last three years to get a better feel for how attackers are operating. While we've noticed is that attacks per day are lower compared to last year, attacks are up 13 percent over a three year period. This report also takes a look at the times of the year attackers are more likely to kick off targeted attack campaigns, who they're targeting, and the type of malicious payloads they're using.



Request Free!

Security and the Cloud: Perfect Match

The following is external content provided as a free resource for blog readers.





Independently, they have lots of benefits. Security protects your key devices, like PCs, and laptops, from cyber-thieves' malware, viruses and other nasty threats that can compromise, or even destroy, your business' critical information. Cloud technology, on the other hand, might seem complicated but it's really a simple way to use sophisticated software, like security technology, without the day-to-day hassles of software updates, hardware maintenance, and other expensive and time-consuming tasks.



But both are better together—especially for small and medium businesses who want to protect their key information, but don't have a full-time IT shop to support the infrastructure.



Read this white paper and learn why security and the Cloud are a perfect fit for small businesses.



Request Free!

Forbes: Protecting Your Passion

The following is external content provided as a free resource for blog readers.





To help answer this question, we interviewed 11 entrepreneurs of very small companies in seven countries across a range of industries. We asked them about the risks they face and how they manage those risks, particularly Internet security and data protection. Not one was entirely confident that his or her safeguards were adequate. Most have pieced together defenses that they recognize will need to be enhanced if their firms continue to grow.



Request Free!

Protecting Your Business Data: Five Do's and Don'ts for SMBs

The following is external content provided as a free resource for blog readers.





They have many of the same security and backup challenges as large enterprises, but fewer resources in terms of funding, time and specialized expertise. The stakes are high: Symantec's State of Information Survey 2012 gathered information from more than 2,000 IT managers at companies with between five and 250 employees. Asked about the consequences of losing business data, the managers cited loss of customers (49%), brand damage (43%), increased expenses (41%) and decreased revenues (37%).The amount of data that businesses need to protect is also increasing rapidly. In the same survey, IT managers projected data stores at small and midsized businesses will grow 178% during the next year.



Request Free!

Eight Elements of Complete Vulnerability Management

The following is external content provided as a free resource for blog readers.






This paper, "Eight Elements of Complete Vulnerability Management," provides IT departments with a way to measure their existing vulnerability management program, or an outline for building a new one. Today, external threats are the minority attack method. Attacks targeting internal systems are more lucrative financially and more effective than external attacks. SPAM, phishing, social engineering, malware, Trojans, portable media devices, and other methods are commonly used to compromise systems while completely subverting traditional security solutions such as firewalls, intrusion detection systems, and even previous external vulnerability scans. Download this paper to learn how you can stay ahead of the bad guys.






Request Free!

Five Reasons why Mobilizing Windows Applications is Simpler than You Think

The following is external content provided as a free resource for blog readers.





Mobility and consumerization are little more than buzzwords without the applications that drive business activities. A successful enterprise mobility strategy places priority on applications first, mapping their mission to the variety of use cases out in the field. Success with mobilizing Microsoft® Windows® applications also requires a broad technology approach. The right approach integrates a universal client and single sign-on with a comprehensive application delivery platform to ensure information security and a seamless user experience.



Request Free!

Top 10 Reasons to Strengthen Information Security with Desktop Virtualization

The following is external content provided as a free resource for blog readers.





New ways of working call for new ways of managing risk. Mobility, flexwork, Bring-Your-Own Device (BYOD) and increased collaboration across organizations have changed the risk profile and undermine existing IT architectures. The challenge is to allow people the flexibility they need for optimal business productivity while ensuring the security and compliance required by the enterprise.



Request Free!

Empowering Information Security with Desktop Virtualization

The following is external content provided as a free resource for blog readers.





Since the dawn of personal computers and distributed computing, IT has faced an uphill battle to manage, control and protect enterprise applications and associated data. Recent computing disruptors—including the consumerization of IT and Bring Your-Own Device (BYOD), flexwork where people shift work to optimal locations and times, broad mobility expectations and the advent of cloud computing—have further complicated the challenges of protecting sensitive enterprise information.



To control risk across the increasingly diverse computing landscape, organizations must centralize control of sensitive enterprise Windows applications, ensuring that only authorized and authenticated users have access.



Request Free!

The Highway to Hell - The 7 Deadly Sins of Email for Software Engineers and Developers

The following is external content provided as a free resource for blog readers.





Believe it or not, the worst thing that can happen to your email program isn't ending up in the SPAM folder. There is an entire email underworld filled with blacklists, spam traps, hackers, and phishers that can doom even the most well intentioned email program. This guide for engineers and developers will take you down the top 7 fastest roads to email hell, and back! This guide will:

  • Present real-life stories of email programs gone awry

  • Uncover the most devastating pitfalls to avoid

  • Give advice on how to get your email program back on track

  • Prepare you to respond at the first sign of trouble






Request Free!

6 Steps to Improving Your Sender Reputation and Managing Email Authentication in the Cloud

The following is external content provided as a free resource for blog readers.





Managing a commercial email infrastructure is no easy task - and that's why hundreds of businesses rely on SendGrid's hosted solutions. If you have questions on email infrastructure, this guide has the answers you're looking for. We cover it all from SMTP, MTA's and managing IPs to handling bounces, getting on ISP Feedback loops and understanding whitelists. SendGrid's Email Infrastructure Guide will provide you with:

  • Tips to avoid costly blunders that could get your IPs blacklisted.

  • Solutions for managing your IPs and authentication records so ISPs can easily identify your legitimate, wanted email from spam.

  • Comprehensive glossary to keep you up to date with email infrastructure terms.






Request Free!

Network Protection and UTM Buyers Guide

The following is external content provided as a free resource for blog readers.





This buyers guide is designed to help you choose the right solution for your organization. It looks at the factors you should consider when evaluating solutions to ensure you have the protection and functionality you need, both now and as your business evolves.



Request Free!

Mobile Device Management Buyers Guide

The following is external content provided as a free resource for blog readers.





Mobile Device Management (MDM) solutions allow IT organizations to centrally manage, monitor and support mobile devices from smartphones to tablets. By using an MDM solution to control and protect the data and configuration settings on users' mobile devices, you can reduce support costs and security risks. In this guide, you'll learn what you need to consider to find a MDM solution that best fits your needs.



Request Free!

Endpoint Buyers Guide

The following is external content provided as a free resource for blog readers.





An endpoint protection solution is an important part of your IT security strategy to protect corporate assets. Evaluating the many components that make up an endpoint security solution may seem overwhelming. Get independent research and test results to help you determine your requirements and identify the vendor that best meets your needs.



Request Free!

Seven Virtualization DR Myths

The following is external content provided as a free resource for blog readers.





New disaster recovery and high availability technologies have emerged based on server virtualization, and many assert themselves as the best way to protect virtual machines and data. Myths about virtual server and data protection have risen from these virtual technologies, and it is time to debunk at least seven of them.



Request Free!

Sete mitos da RD da virtualizao

The following is external content provided as a free resource for blog readers.





Novas tecnologias de recuperação de desastres e alta disponibilidade surgiram baseadas na virtualização de servidores e várias alegam ser a melhor maneira de proteger máquinas e dados virtuais. Vários mitos sobre servidores virtuais e proteção de dados surgiram com essas tecnologias virtuais, e já é hora de eliminar pelo menos sete desses mitos.



Request Free!

Tips and Techniques to Pass the PMP® Exam

The following is external content provided as a free resource for blog readers.





Passing the Project Management Professional® (PMP) certification exam can seem like a daunting task when project managers first decide to take the leap. Just like a project management plan, if you carefully map out your study plan, you will be successful. You must understand several key concepts, be intimately familiar with the five process groups and ten knowledge areas, understand project management terminology, and learn to think like PMI. It is also important to set study goals, create a schedule for success, and commit fully to passing the exam in order to obtain your PMP® credential.



Request Free!

Applying the Four Standards of Security-Based CIA

The following is external content provided as a free resource for blog readers.





It's no longer about just protecting data. Businesses need to formulate coherent, systematic approaches to security by incorporating regulatory compliance, periodic assessments and the application of relevant tools to eliminate security issues. High levels of optimization help to ensure that an organization's information security approach is both well-rounded and flexible enough to meet current and future threats.



Request Free!

Seven Steps to Security

The following is external content provided as a free resource for blog readers.





After a decade of news detailing countless successful cyber-attacks, it's hard to imagine a corporation not understanding that they need a software security solution. However, building a comprehensive software security program can be overwhelming. Unlike implementing software quality assurance, the processes that go into making an application more secure are still relatively immature. Additionally, ownership for the security of software in an organization is not always consistent or clear.



Request Free!

Why You Need A Next-Generation Firewall

The following is external content provided as a free resource for blog readers.





At the same time, creative threats are coming from new angles, presenting security professionals with an ongoing challenge of protecting their organization's assets. To stay ahead of the threats, it's time for IT to embrace next-generation firewalls. This paper provides a checklist for selecting the right solution.



Request Free!