Employee Privacy

Today I got my first new Surf Control box up and running at work.  During the configuration I noticed a few things about some employees I did not want to know.  So likely I will make it policy that one IT person per site is designated as the surf control admin with their backup being the designated admin from another site.  Those folks will be trained that only if something is requested through Human Resources can personally identifiable reports be generated and given to management.  Generic usage by volume, category etc is ok.  I just do not want this to turn into a witch hunt by supervisors or managers.

If it stays an issue I may mandate we redo our installations to work only in Privacy Mode.  This requires two passwords be entered to expose user details.  This is expected to usually be a management and labor representative.


In Shock

Wow!  I am in shock.  I checked my voicemail today.  (I was at the Nashville Technology Council Conference).  Only to find a message from Dell.   They are sending me two more memory modules at no charge to fix the memory incompatibility issue.  No fight, no delay.  Just a resolution.  As near perfect as you can get short of getting it right the first time.  Kudos to them.  Now to see if this new responsible streak keeps up as other stuff is ordered.


Child Safety Flier

We refreshed our Child Safety Flier over at Friends in Tech. A download link is below. Feel free to share it with any friends, Church, School etc.  If you do share it online please link to the PDF or the FiT blog post.  This will at least help us get an idea how many downloads we have.  We derive no financial gain.  Just we either have kids or nieces/nephews etc and want to see them safe and happy online.


Dell – Does it Again

So yet again  I foolishly decide to give Dell a chance to do something right.  I gave them the service tag and got a quote for memory to double the ram in a server.  Well actually this time the memory worked.  Somewhat.  Either the new memory works or the old memory but not both.  So much for doubling the ram.  Oh I am sure its a speed issue but come on.  What is the point of a TECHNOLOGY company having these service tags if they can’t tell what memory shipped in a unit and give you the right thing when you want more.  At least they should be able to say they don’t have matching modules any more and quote you what it takes to reach the total you want.  It may not be fun to toss out older ram but at least it would be honest.

I have emailed my sales rep.  Let’s see what happens next.


eTrust – Discovery

If you use eTrust you may be confused by the ways to discover your agents. There are several types of discovery. One of which only works on r8.

  • Free Election This is directed broadcast discovery on the subnet local to the admin server. r6,7,7.1 and 8 clients are discoverable. If you followed the previous advice on cisco configuration then likely you are blocking directed broadcasts.
  • Biased Election: This is like the free election above but if the IP address specified in the network subnet settings is responding it will be the winner of the election and act as your proxy. Again blocking directed broadcasts can be a problem.
  • Specified Election Use this if you have an always reachable and on host on a remote subnet. r6,7,7.1 and 8 clients are discoverable. This is a proxy type of method where the remote host does a broadcast based discovey on its subnet. But it is not a directed broadcast.
  • Sweep Scan This does a tcp based sweep of a network range looking for agents responding on the eTrust application port. Only r8 agents are discoverable. This puts more of a load on the ITM server so I recommend you use specified election when possible.

I also recommend setting the phone home policy if you are using r8 ITM. This tells the clients to report back to your admin server without waiting to be discovered.


Out of the Office, NOT!

I keep the “Day in the Life of a Information Security Investigation” blog in my RSS Reader.  I loved this post about a CSO setting up his out of office information.  I used to work in retail loss prevention.  I learned way back then to never let anyone know when I would be coming or going.  I even once planted the story I was finally getting some time off the following week.  It was all a ploy to trick an employee I knew was stealing to do it while I was hidden and watching.  It worked too.  After all, dishonest employees want to know where and when the security guy always is.  For example I have been on vacation this past week but as you are reading it I am already back and I kept an eye on all system via my blackberry while gone just in case.  You can bet only about 5 people in the company knew I was out and knew I was watching because I chose randomly to respond to various email.

Links Mentioned:


eTrust – Realtime Driver Update

CA releases updates for the realtime scanning engine from time to time. Here are a couple of things you need to do.

First download the update. We will use the drvupdi.exe for Windows Intel systems.

Next you need to update the file in your installation source directory. This is something you would do if you use the remote install utility. Just overwrite the older drvupdi.exe with the new one.

Finally you need to run the update on all systems running eTrust. There is a silent switch which is perfect for pushing out via scripting or other tools. It won’t shutdown the realtime service but it wil not be updated till the system is rebooted.  You can use some of the batch file tricks and psexec like we talk about over in the Friends in Tech Thread.


NTC’s 7th Annual Technology Nashville Conference on May 17th

NTC Conference URL: http://www.technologycouncil.com/news.php?viewStory=1108

When: May 17th
Where: Franklin Marriott Cool Springs
What: Gathering of some of the most influential minds in IT in Middle Tennessee. Target audience includes eBusiness CEOs, Chief Technology Officer/ Chief Information Officer, Website & Software Developers AND Chief Information Security Officers

$65 – NTC Members, $90 Non-NTC Members, $50 Gov/Academic
(continental breakfast and lunch included)

The Nashville ISSA President Mark Johnson and past President Mark Burnette will be featured along with Carl Herberger of Allied InfoSecurity and Nissan North America’s CSO Fred Scholl (also Mid TN ISSA member)as part of a CISO panel at the event.

See http://www.technologycouncil.com/news.php?viewStory=1114 for more panel bios/details

They will cover topics like:

  • Examples of how your customers and business partners are demanding security.
  • Examples on how you’ve noticed that threats are on the rise.
  • How has the Tennessee Data Breach Law and other regulatory pressures affected you.
  • Is business integration and outsourcing affecting your security?
  • Discuss your budgetary process and resources – what are your challenges in this space.
  • What are your biggest concerns and comments on security partners / vendors?

Jim Phillips from Luminetx Technologies will also be speaking. Jim’s company designed the Vein Viewer Imaging Technology which reads the vein patterns of individuals for security purposes and he is also the founder of IPix Technologies which is a 360 degree security camera system used at the White House.