Tag Archives: INTERNET

Virtual Desktop – patches, patches and more patches

Leave a reply

JavaI fired up my virtual desktop (Windows XP) named DUMBO this morning for the first time in a few weeks.

This is the machine I generally use to remotely connect to customer networks when I’m consulting – I don’t use my personal desktop for a number of reasons. The virtual desktop runs on a HP Proliant DL360 G5 running CentOS v6.3 with KVM along with a number of other test and development guest machines.

Anyway I had to spend the better part of 60 minutes patching the machine.

  • Microsoft Security Updates (6)
  • Mozilla Firefox (v15.0)
  • Mozilla Thunderbird (v12.01)
  • Adobe Flash Update (v11.4.402.265)
  • Adobe Reader Update (v10.1.4.38)
  • Oracle Java Update (SE 6 Update 35)
  • LibreOffice (v3.5.6)

Obviously it’s critical that my desktop be clean of any unscrupulous software especially since I usually have complete access to the entire network and occasionally I’ll connect to an Active Directory resource as a Domain Administrator. I personally rely on a defense in depth approach making sure that all my software is up-to-date and employing a reputable Internet Security/Antivirus program. I’ve been using Kaspersky Internet Security for the past 3 years and it’s actually saved me on a number of occasions, usually from unscrupulous ad networks that were trying to exploit known vulnerabilities in Microsoft’s Internet Explorer or Mozilla’s Firefox.

The most recent security headline grabber was the zero-day vulnerability in Oracle’s Java software – along with the fix and patch. Many security experts are advising people to disable or uninstall Java if they don’t need it – the problem – users typically won’t really know if they need or use Java.

In February 2010 and January 2011 I wrote about a number of security threats and the alarming number of machines I was finding from neighbors and friends that were operating on the edge with either out-dated or missing Internet Security/Antivirus software. I’m sorry to say the trend hasn’t diminished at all. I’m seeing the same or worse in business and corporate networks where IT staffs are struggling to keep up with the “do more with less” mantra while security takes a back seat.

You only need to read the article entitled Inside a ‘Reveton’ Ransomware Operation by Brian Krebs and ponder the criminal possibilities.

There are a great many of us using our personal computers for electronic banking. I personally love the convenience and can’t remember the last time I was actually in a bank branch. However, with that convenience comes a lot of danger and added responsibility. If you have young kids using your personal computer I would strongly urge you to setup accounts for them without administrative access, many operating systems also have parental controls to help monitor your child’s activity.

Here’s my yearly reminder to everyone, spend a few minutes and make sure that the software on your laptop/desktop is up-to-date and that your Internet Security/Antivirus software is running properly. The few minutes (or few $$$$ renewing your Internet Security/Antivirus subscription) you spend now will likely save you from hours and days of frustration and heartache down the road.

Cheers!

References:

Secunia Personal Inspector
Secunia Online Software Inspector (requires Java)

NCAA March Madness – How’s your Internet link handling the madness?

3 Replies

It’s March again, a time for putting down fertilizer on the lawn, a time for celebrating St. Patrick’s Day, and a time to watch your Internet utilization spike through the roof.

I’m a Blue Coat ProxySG and Websense customer so I have some options at my disposal to help stem the flood from both my public/guest (WiFi) networks and my internal networks. However, even with those tools available it can be a real challenge these days to try and filter just the unwanted content out of the network, especially if you’re charged with only blocking the streaming content of the site and you are required to keep basic site access working. So there’s no blocking ncaa.com/* because that would block basic site access.

I currently have about 15,000 devices on my internal network and I average around 3,000 public devices daily on my public/guest networks. The public/guest networks routinely consume around 50Mbps of Internet traffic and the bulk of the public/guest networks are setup on our internal 802.11b/g wireless networks. So I need to be concerned about the performance of the wireless networks themselves and not just the Internet gateway/firewall.

I’m sure there are going to be dozens if not hundreds of different ways for users to find the content. I’ve already spotted a few users trying to connect via Slingbox and there are multiple apps on Google Play and the Apple Store that offer to stream the games to your mobile device over WiFi (our public/guest networks).

Here are the list of URLs that I’m starting with. I’m hoping this should help curb 50%-75% of the traffic, I’ll need to evaluate whether it will be worth the effort to go looking for the remaining 25%.

  • *.turner.ncaa.com
  • www.ncaa.com/mml

If you are a smaller organization you might want to have a look at OpenDNS. It’s very easy to implement and is very cost effective.

I’m curious what other people are doing, if anything? Do you already have your network locked down so this isn’t an issue? If you have a public/guest network do you allow access? Do you have any challenges based on the size of your network?

Cheers!

Web Goes on Strike!

Leave a reply

I know this is short notice but this site and the discussion forums will not be available on January 18th between 8AM and 8PM (GMT -5). We will be participating in the online protest to stop the Internet censorship bills, SOPA & PIPA. We’ll be joining some big name Internet sites such as Wikipedia, Reddit, Cheezburger Network, WordPress, Mozilla, Destructoid, Gog.com, Namecheap, Imgur, Electronic Frontier Foundation and thousands of blogs and web sites.

I apologize in advance for the inconvenience but we need to put a stop to this legislation.

Visit here for more information…

Cheers!