Skip to main content

Posts

Showing posts from June, 2008

Patching Strategies - Time to Rethink Conventional Wisdom?

Another 'must read' from Verizon Business Security group. Very, very interesting. Read it. It looks like it's time think about patch strategies and how they fit in with other security countermeasures. The first point to ponder"Given average current patching strategies, it would appear that strategies to patch faster are perhaps less important than strategies to apply patches more comprehensively..."Making sure that all your systems are patched and having thorough, comprehensive system coverage is more important that quickly applying patches but with less thorough system coverage. So essentially you'd be better off  ensuring that you don't miss a single computer or server than you would be by spending that same work effort on a faster deployment that leaves a few systems unpatched.And the second pointTo summarize the findings in our “Control Effectiveness Study”, companies who did a great job of patching (or AV updates) did not have statistically significa…

Verizon 2008 Data Breach Investigations Report

Verizon published a report summarizing about 500 data breaches that is worth a read for anyone who is or pretends to be interested in IT security. (Download directly from Verizon)Some interesting findingsAs Verizon notes, the percentages are likely skewed. They are reporting on what they investigated, not on what happened. It's still more than worth the read. External threats are far more frequent (73%) than internal. The old axiom that the biggest threat is from the inside seems to be archaic. Perhaps, as the report indicates, 'when mainframes ruled the computing world, internal threats were the predominant concern'. That makes sense. When mainframes ruled the world, inside threats were predominant because the mainframes were generally not attached to the outside world. We now have that thing we call the Internet. Partner threats have greatly increased over time, probably because data exchanges between partners have migrated over time from EDI-like file transfers to inher…

Naked Without Strip Charts

The strip chart. Can't live without it.The classic strip chart is the MRTG network utilization graph. MRTG and its companion RRDTool have to rank as some of the most useful system and network administration software ever written. The world is full of interesting uses for RRDTool and MRTG.As part of normal application, server and network monitoring we generate about 2500 strip charts every 5 minutes. Here's examples of how we use them:Long term trendsYep -the network load at this site follows an annual calendar, and appears to have grown quite a bit last fall. But then it leveled off this spring. The bandwidth management appliances must be doing their job.Application load Application load, as measured by HTTP hits/second, peaks on Mondays, declines dramatically on Saturday, and starts to ramp back up Sunday night. That's good to know. Sunday night is as almost busy as Friday afternoon. And of course this isn't a 'follow the sun' application. It's really only…