Josh Currier

Blogging about stuff.

Archive for the ‘General IT’ category

Blurring the lines between admin and security

June 22nd, 2010

I’ve been a network/systems admin for a long time now and just when I think I’ve got all of my responsibilities nailed down, I discover a new pile of them hiding in the corner. The latest batch has turned out to be security. Yes that’s a very, very broad scope. I’ve always been responsible for network security, being the primary manager of our firewalls and VPN platforms, but this is quickly branching into areas I’m not comfortable (yet) with.

We’re currently being audited for PCI compliance by our bank. This means that all sorts of things need to be tested and verified and that numerous configurations must be in place from the perimiter to the desktop. Lots of these things aren’t in place, mainly on the desktop side, but I was welcoming this audit as I’ve always felt that we should be better about security and I just didn’t know where to start. Well the PCI stuff is pretty straight forward, but what happened was that during the interviews I discovered that several of our internet-facing systems are allowing the submission of sensitive customer data. It turns out that some of our internal developers don’t have much sense for security and have taken some of our web applications much further than we in the IT department ever anticipated. This was a massive wakeup call. Massive. » Read more: Blurring the lines between admin and security

No comments »

Posted in General IT, Web Security

Tags: applications development security web

Let’s stop web-borne malware – Qualys

March 1st, 2010

My oh my how the landscape of malware has changed over the last 10 years. The traditional “virus” is all but dead, and the transports for new threats are evolving almost faster than the security services can adapt. The latest trend of malware is web-borne annoyance-ware like FakeAV, which tries to trick you into buying something and then essentially makes doing any task on your computer so obnoxious that you can’t even use it. Is FakeAV dangerous? That depends on how you look at it. Is FakeAV a big problem? Absolutely. » Read more: Let’s stop web-borne malware – Qualys

No comments »

Posted in General IT, Web Security

Tags: antivirus qualys symantec

Disaster Recovery Simulation

October 13th, 2009

I’ve had this problem over the years, with managing to execute even a basic DR simulation. Once I bought some huge external drives to test restores from tape. By the time I got around to doing the test, the external drives weren’t big enough to do any but the smallest of our restores. I’ve been fortunate though, and the few real disasters we’ve had were easily recovered from, but I’ve been burned a few times by smaller instances of data loss because of issues that would have been discovered during a DR Simulation. » Read more: Disaster Recovery Simulation

No comments »

Posted in Data Protection, General IT

Tags: DR

OpenDNS is DOWN!!!

October 2nd, 2009

At 3:15pm EST today I got an email from our BES that it had lost its SRP connection. This happens from time to time and I ignore it as long as it reconnects within a few minutes. Today it did not. A quick test revealed that internet connectivity was alive and well, but that external DNS resolution was not. The OpenDNS servers were unreachable, as was their website. Oh dear.

I switched the forwarders on our internal DNS servers back to our ISP-provided servers and we were back in business, but what does this mean for OpenDNS? I’ve been using them at the corporate level at several of our US sites for over a year with success, but today’s mishap has me wondering if I will continue to do so in the future. I await more information from OpenDNS and hope they have a good explanation as well as a plan to keep this from happening again in the future.

Update: A rather snide comment (below) from David Ulevitch of OpenDNS suggests that this was a Verizon issue rather than an OpenDNS issue. Given the general lack of buzz on the internet, I’m inclined to believe it, but shouldn’t this type of issue warrant some sort of communication to the public? A blog post on the OpenDNS website, or a sticky thread in the forum would go a long way toward getting the word out when problems prevent access to their services, even if said problems are not directly an OpenDNS problem.