As posted by MSNBC (http://www.msnbc.msn.com/id/23117523/), CNN (http://money.cnn.com/2008/02/11/technology/rimm_blackberry/index.htm?cnn=yes) and even ISC SANS (http://isc.sans.org/diary.html?storyid=3970) Research In Motion has taken it on the chin today as their North American services have faultered. Time to dust off those older cell phones and enable SMS messaging for a short time.
What are folks DR plans for mobile email outages? Does your company use just one mobile email solution? Do they support more than one solution? How critical is it to your company?
All, I know is thank goodness I have a Treo.
Good luck RIM and sorry to all those admins that have lost their mobile mail solution - may it be restored quickly and the messages not pile up.
2008/02/11
What's in (or on) a domain name...
I was actually thinking about this earlier this morning and it was brought up at work - but what do you do with domain names of non-trusted sites? If you work at a large ISP that does hosting or supplies access to customers, how do you differentiate your corporate assets from your customer assets? This came to me a while back reviewing some GPO changes to allow ActiveX to run in a less secure setting and the initial request to allow any site with the second level domain to run at this permission level. Then I realized our customers share that domain name. Now, granted DNS isn't what you should depend on for security, but you can't go around very well and allow everything by IP either, and I do trust to relatively good extent our internal DNS servers.
So what exactly am I talking about? At my company, we have customer who have an IP say at 128.128.128.128 and based on their location and customer ID number we might give them a DNS name of c123456srv01x.stl.company.com. Now we also have a portal site for our customers which is at portal.company.com. Now our wonder ful developers in the past have implemented javascript and other mobile code that might require people to set looser permissions in their browser than desired. With that, if done improperly, and if their tricked into visiting a hostile customer address, could be infected, XSS or other such means to get information.
So now, we ask, what do we do? Well there are a few courses of action:
- Use a different second level domain for your customers
- Ensure that the security folks are adding the FQDN in for the sites that need the extended permissions to prevent the customer asset from allowing them to attack
- Train your TAC/NOC/Helpdesk to know when this type of an attack, might be going on (although this might not be 100% effective)
- Cross your fingers (ok, this really provides no effective defense, but could give that feelgood vibe to upper management)
I'm sure there are other options out there, post a few that you have that others might want to know. The few that I mentioned aren't always the easiest, but I'm one who likes a good defining line of seperation.
Good luck defending your network assets.
So what exactly am I talking about? At my company, we have customer who have an IP say at 128.128.128.128 and based on their location and customer ID number we might give them a DNS name of c123456srv01x.stl.company.com. Now we also have a portal site for our customers which is at portal.company.com. Now our wonder ful developers in the past have implemented javascript and other mobile code that might require people to set looser permissions in their browser than desired. With that, if done improperly, and if their tricked into visiting a hostile customer address, could be infected, XSS or other such means to get information.
So now, we ask, what do we do? Well there are a few courses of action:
- Use a different second level domain for your customers
- Ensure that the security folks are adding the FQDN in for the sites that need the extended permissions to prevent the customer asset from allowing them to attack
- Train your TAC/NOC/Helpdesk to know when this type of an attack, might be going on (although this might not be 100% effective)
- Cross your fingers (ok, this really provides no effective defense, but could give that feelgood vibe to upper management)
I'm sure there are other options out there, post a few that you have that others might want to know. The few that I mentioned aren't always the easiest, but I'm one who likes a good defining line of seperation.
Good luck defending your network assets.
2008/02/10
Welcome to my experiment...
As any security person tends to do, they experiment. This is one of mine. I've wanted to find a way to share my views, opinions and insights with folks and am trying this method first.
What perhaps is my first topic? Who knows - maybe you should suggest one. We've got numerous things going on - Fiber cuts in the Mediterranean region, the TSA changing rules procedures based on blog posting, new versions of Metasploit appearing, Quicktime and Adobe vulnerabilities. I'm sure there will be many things we can discuss.
So what's your top security topic for now? See if you can get me started before I see something interesting to post about - we'll call this a challenge!
Have a day and take care protecting your network assets.
What perhaps is my first topic? Who knows - maybe you should suggest one. We've got numerous things going on - Fiber cuts in the Mediterranean region, the TSA changing rules procedures based on blog posting, new versions of Metasploit appearing, Quicktime and Adobe vulnerabilities. I'm sure there will be many things we can discuss.
So what's your top security topic for now? See if you can get me started before I see something interesting to post about - we'll call this a challenge!
Have a day and take care protecting your network assets.
Subscribe to:
Posts (Atom)