Tuesday, 09 December 2008

DLP and DRM Mergers

Following on from my comment on Dom's blog, the DLP and DRM mergers are interesting and likely to cause a shakeup in the market place. Gartner have released a commentary on the merger and raise a few interesting points about the RSA / MS integration, but do have a bigger impact the space in general.

In order for DLP to really work and provide a real return for the organisation, you need user buy in, and how do you get user buy in? You need to make what they are buying into as seamless as possible and asking for as little input from them as possible. 95 % of the time it should just happen, but it must be transparent (so there is no fear of big brother) and they must be able to take control.

Data classification is a must for this to work, as far as possible the organisation needs to know what data exists and then who accesses that data and for what purpose. If you know the who and what, all you need to do is configure accordingly. It has been the configure accordingly that was the problem, but just reading the Gartner report and the RSA Sales Bulletin if you can have a product that understands AD Group in terms of access to data and that understands the value of the data, you have closed a number of gaps that existed previously with just a DLP or DRM tool.

Users now have the ability to tighten the controls on the unstructured data that they are working on, but the organisation still has the default safety net behind the scenes. Data classification still becomes the key to the solution though as there is a lot that the organisation's sytems will need to know about data and the people using that data.

The Liquid Machines / McAfee works along much the same principles as above, it is also built on Microsoft's RMS, except that the RSA product will more than likely be more tightly integrated (and hopefully more seamless) into the organisations infrastructure.

Anyways, these are initial observations and I will hopefully be constructing some labs to POC all this and see how close it is to the big picture painted above.

Wednesday, 03 December 2008

Christmas Dinner for 20 @ R30 / head

Last weekend my wife and I had some people around in our new house for supper. We were talking yesterday about we are going to doing for Christmas Eve as we will be hosting it and the wife's family is on the large side. All in all we will be serving about 20 people a 3 course meal.

Doing a roast of any sort starts being expensive, at an average of a 150g of meat person you are looking at at least 3kg. Chances are the roast will bones in it so you are actually looking at 4 or 4.5kgs @ about R100/kg. Plus veg, starters and pudding and you are looking at about R1000 or R50 a head.

We will be doing a starter of roasted beetroot, rocket and feta cheese with a olive oil and balsamic dressing (R5 a head). Mains will be Black Pepper gnocchi with a goats cheese sauce (R15 a head) and pudding will be an Apple Tart Fine (R5 a head). The other R5 a head will be going to chips and dip.

The gnocchi is a version from Mr Locatelli that I have tweaked a bit until the wife declared it the best pasta ever! The Apple Tart Fine is from also tweaked from Mr Ramsay but I have not got it quite right yet, I need to work out how to make the pastry crisper. I may yet, budget depending, upgrade the pudding to Mr Ramsay's Chocolate Fondants. I made them a while ago and got them spot on first time off, not seeing the great difficulty yet.

Sensepost Hacking by Numbers Extended Edition

Last week I attended Sensepost's Cadet and Bootcamp training courses. Cadet is the introductory course and Bootcamp takes it up one notch and really makes the smoke waft out of your ears.

The Sensepost mantra for the training is that is not about the technical ability, but rather the process that one follows to discover potential vulnerabilities in systems and networks. The process that one should follow is basically why, why, why and what next. Question why something is there and then how to exploit the current scenario to get to your next step.

The difficult part for me was knowing what I needed to do next in terms of finding a channel or a user name or password, but it was the actual doing, but that'll come in time and with experience.

I can highly recommend the course, and if fact try and take your manager with you. The instructors stories from assessments that Sensepost has done will get them to take your security budget a bit more seriously.

Also, go on the training because they provide the best food and having the good coffee machine in the training room also doesn't hurt.