Tag: LinkedIn

Lenny Zeltser on Information Security — Information Security Isn't a Standalone Discipline

It’s easy for infosec professionals to become comfortable in the world of information systems, firewalls, security patches, and intrusion detection. We sometimes forget that we’re part of an ecosystem that’s supposed to help the organization achieve its corporate objectives. As Michael Cloppert put it, we should be active participants “in technical innovation, architecture, and the engineering process, making sure requirements are met in a way that balances risk with cost.”

via blog.zeltser.com

I've been thinking about this quite a lot recently. A lot of the time my work is feels like information infrastructure security than information systems security. We sometime focus too much on protection a database or an application instead of taking a look at the overall goal of it. Each of those databases and applications and firewalls is part of an enterprise information system whose ultimate goal is business. Something I intend to correct in 2011.

ShareTool - remote access for any Mac application or service that uses Bonjour

When my MobileMe account came up for renewal, I let it expire. I did not need it. I had found cheaper and better alternatives.

When Apple's $99 MobileMe service was released I was quick to register. With MobileMe I could access my mail, contacts, and calendar information in the “cloud” and keep everything in sync across my Macs, my iPod Touch (not iPhone for me as yet), and the web automatically. I could upload my photos to a web gallery and invite my friends and family to view my photo slideshow and download their favorites. iDisk allowed me to store and share files online and access them from another Mac, or from my iPod Touch or from a web browser on any computer. With iDisk Sync, I could keep a copy of my iDisk files on my local hard drive for offline editing and when I reconnected my changes would automatically sync back to my iDisk.

However, when my subscription for MobileMe came up for renewal I let it lapse. Why? I've been using the Google Mail service since it launched in 2004 and with Snow Leopard I am able to sync my Gmail to Mail.app, my Google Calendar to iCal, and my Google Contacts to AddressBook. I can access these services from any computer with a web browser (I prefer Google Chrome), any Mac on which I have an account, and from my iPod Touch (and iPhone if I had one). All for FREE!

But what about MobileMe's Gallery feature? I've had a Flickr Pro account for a few years. For just $24.95/year, Flickr provides me with unlimited uploads and storage for high-resolution original images and high-definition video. With a free Flickr account, you can upload 2 videos and 100MB worth of photos each calendar month. I can create slideshows, edit my photos, share with friends and family, or link my photos back to my blog. Don't try any of that with MobileMe.

While MobileMe provides 20GB of storage that space is used for all your email, calendar, address book, photos, and files. With my photos hosted on Flick, and my email,calendar and address book safely stored on Google's super reliable "cloud", I found that I did not need much online file storage. I started using Dropbox. Dropbox allows me to sync my files online and across multiple computers (Mac, Linux and Windows) - automatically. The free version provides 2GB of online storage, which is quite sufficient for my needs. Sharing files is simple and Dropbox provides access to my files via any web browser and my iPod Touch. Oh, and it also provides interactive photo galleries.

So, yes, I let my MobileMe account expire. And I did not miss it. My wallet felt a little heavier too. I had saved about $75.

Then a few months later I was working on my brother-in-laws Mac and needed access to files on my Mac mini. Of course, the very files I needed would not be on my Dropbox account. I had no way to access my Mac mini. It was then that I realized how useful MobielMe's "Back to My Mac" feature is.

Back to My Mac puts any Mac OS X Leopard or Snow Leopard Mac you use within easy reach. MobileMe finds your remote Mac computers over the Internet and displays them in the Finder on the Mac you’re using. With Back to My Mac Screen Sharing, you can control your remote Mac as though you’re sitting in front of it.

Fortunately my brother-in-law lives near my home but Back to My Mac would have been more convenient than driving back home, copying the files to the Dropbox folder, and driving back to my brother-in-law's home. I did not like that. I had to find a solution. A few weeks later I discovered an application from YazSoft called ShareTool. ShareTool lets you access all of the Bonjour services on your home network from anywhere. This includes iTunes Music Sharing, Screen Sharing, File Sharing, printing, and more. In effect with ShareTool I can remotely access any Mac service on my home network as though I was physically on the home network.

Screen shot 2009-12-24 at 11.16.12 AM.png

Once installed, ShareTool presents the user with two choices of operation - Connect or Share. The Share options configures a Mac to provide services over the Internet while the Connect options allows the remote Mac to connect to that share node. Click the Share button and ShareTool automatically configures your router and the current Mac with the proper network settings. To connect to a remote host over the Internet from your other Mac you'll need information about the Internet address address and port that the remote ShareTool host is using. Don't worry about writing this down as ShareTool contains a feature that will email this information to you when you setup the "Share". Simply copy that information from the email into the other ShareTool and start working.

Screen shot 2009-12-24 at 11.18.33 AM.png

Screen shot 2009-12-24 at 11.38.20 AM.png ShareTool provides a number of other features to make accessing your Mac over the Internet both easy and secure. You can specify exactly which Bonjour services are available including, iTunes Music Sharing, iPhoto Picture, sharing, Apple File Sharing, Windows file sharing, Screen Sharing, SSH, printing or any other service running on the remote Mac that uses the Bonjour service. I have my HD TiVo set to share files with my Mac via Bonjour. From work I am able to pull up one of my recorded TV shows and watch it during my lunch hour. I'm the paranoid type and allow access to my computer over the open Internet can be scary, so I am happy that ShareTool encrypts it communication using AES-128 bit encryption and uses a unique and randomly generate key each time a connection is created. ShareTool can also be used over a VPN and provides an audit feature so I can see exactly which users are using the service.

When sharing my network I configured ShareTool to send an email with the connection information, automatically update an external DNS service, and auto launch iTunes and iPhoto. From the comfort of my desk I can listen to my entire iTunes library over the Internet. How sweet it is. When connecting to my home network from work ShareTools will show me my home network just as though I was sitting at home. I can see all my Macs in the Finder, connect to them, open and edit files, move, create or delete folder - pretty anything I could do while at home. I am able to connect to my Time Capsule over the Internet and setup Time Machine to use the remote Time Capsule for backup.

Screen shot 2009-12-24 at 12.55.11 PM.png

I am still playing around with ShareTool but I have not discovered any limitations to what I can do over the Internet. The trial copy of ShareTools limits each session to just 15 minutes but this is enough time to discover the true potential of this awesome tool. ShareTool is just $20 for a single license but you can get a discount when additional licenses are purchased.

Backblaze: Time Machine for the Cloud


BackBlaze
BackBlaze

Last year my friend had to deliver some distressing news to his wife. The external hard drive on which he had been storing their family photos failed. The problem had started a few weeks earlier when his wife mentioned that the hard drive was making some strange noises. My friend had planned on backing up the disk to DVD but being a busy IT manager he just never got around to it.
At that time I remember thinking smugly to myself, if only he had a Mac with Time Machine he would have been protected. I realized later on that I was wrong. I use Time Machine to backup three of the household Macs to Time Capsule once a day. This protects my data should the local hard drive fail but I lose ALL of my backups if the Time Capsule disk fails. I wanted a backup system that was more robust; one from which I could survive a local disk and local network storage failure. That's where Backblaze comes in.

Backblaze is a cloud based service that backs up everything on your computer except your operating system, applications, and temporary files. The service costs $5/month ($50/year) and provides three methods to recover your data. You can download your files from the Backblaze web site, order them delivered to you on DVD ($99, 4GB max) or for a $189 fee Backblaze will deliver your files on a 500GB Western Digital external USB hard drive. The 500GB seems quite reasonable to me considering that I now have 74GB of data (70GB of photos, 4GB of documents) stored on Backblaze.

After registering for the service I downloaded and installed the Mac version of the Backblaze client. The Mac client is Intel only. Backblaze also offers a client for Windows XP, Vista and Windows 7.

One of the first things I did was setup the frequency of backups. By default, Backblaze simply backs up all the time so you don't have to remember. But if you wish, you can schedule Backblaze to backup at a convenient time (like the middle of the night) or only when you click "Backup Now". I chose the "Continuously" option. I take a lot of photos during the summer and I find myself emptying the SD card from my Nikon at least once a week.

Backblaze will backup any USB or Firewire drive I have attached to my computer as long as I leave the external hard drive attached to my computer all the time. It was simple to add my 500 GB G-Drive Q Firewire HD to the backup queue. Good thing too, since this is where I keep my digital photos.

To prevent users from abusing the service network (NAS) drives, Time Machine drives , remotely mounted computers or volumes, or shared volumes do not get backed up.

From the setting screen the user can also set options to control how much local network bandwidth is dedicated to backup as alerts for failed incomplete backups.

By default Backblaze backups everything on the main hard drive except for applications and the operating system. It also does not backup files over 4GB. Backblaze claims that most users do not create files larger than 4GB. I can't disagree with that and they do make an except for iPhoto library files.

I don't really need every user folder to be backed-up. My iPhoto library are stored respectively in the Photos and Documents folders on the externally drive. Unfortunately the mechanism that Backblaze uses to mange what gets backed-up and what doesn't is not easy. I had to explicitly exclude all the folders that I did not want backed-up — on both the local and external drive. If you have more than one user on the local machine this can take considerable time.

The Backblaze console provides a fair amount of reporting including how much storage each type of file will use and which files are scheduled for backup.  This was an eye opener for me. I did not realize how large my iPhoto library had grown. A drive failure would surely be a painful experience.

I've been using the Backblaze service and software for just a few weeks and so far I have no had any problems.  Of course, the true test of service is how easy it is to service a hard drive failure.  Knowing that I can rebuild my machine and recover all my files with a single click gives me piece of mind.