Business Intelligence is used to find patterns and trends to spot opportunities. This is awesome technology. Databases can be modeled to look for this data, then turn it into information. The saying information is power is true. Business Intelligence allow you to peer into all the data to see your best customers, best locations for real estate, stock trends, and economic data.
It can be used to look at customer behaviour, what magazines they order, websites visited to, and much more. This is information can then be used by marketing and advertising companies or even worse spammers or telemarketers.
The future hold real time data analytics and business intelligence. Where decision's can be made on the spot. Talk about pressure.
There is a open source data mining tool called Rapid. Data mining, AI, data warehousing and analytics are interesting topics. I will be taking SQL next semester.
The government uses a similar technology for homeland security using databases to look for patterns and similarities to detect threats to our nation.
Orange County Computer Consultant
- Orange County Computer Security Consultant
- Orange County Computer Consultant helps small businesses with networking, installations and small business software.
Wednesday, September 19, 2007
Microsoft Products
It seems like everyday there is a new Microsoft software title. It's mind boggling. There is Microsoft Expression. Which is web design suite. It allows for CSS layouts and also works well with .NET. This is not a surprise. There is also something called Microsoft accounting. I found this interesting, because I need accounting program for Phuture Networks to bill my clients.
Microsoft also has something called start up center. It's a good resource covering everything from tax laws to office setup. I like the fact it has list's of things that can be needed as office supplies and then links to Kinko's and other office supply places. It's a startup portal.
They have a certification called Microsoft Small Business Specialist. This is a test that I'm planning to take. Microsoft has allot of good information.
Microsoft also has something called start up center. It's a good resource covering everything from tax laws to office setup. I like the fact it has list's of things that can be needed as office supplies and then links to Kinko's and other office supply places. It's a startup portal.
They have a certification called Microsoft Small Business Specialist. This is a test that I'm planning to take. Microsoft has allot of good information.
Tuesday, September 18, 2007
Microsoft Working with Sun on Virtualization
According to a article in CRN, Micros0ft is working with Sun to make sure that their virtualization will be compatible. This means that if I purchase a Sun server with Solaris, It should, emphasis on *should* be able to run MS Server.
Do I want this? Sure why not. I like running multiple operating systems to see what I like the best. They all have benefits and flaws. For instance MS Windows is great for the business world. i.e. applications. I love Mac OS X for it's beauty and simplicity. It is the perfect OS and system for home users.
If I want to code, I then use Linux/UNIX depending on what platform I need to try to write or debug software on. I'm no expert programmer, but can read and write some C, HTML (not a programming language) PERL and Assembly X86.
With Web 2.0 taking off. A popular buzzword. What it really is is services using AJAX. Think of applications on the web to use. Google Apps comes to mind, Facebook and Myspace.
To sum this up I think it is a smart move for Microsoft. After all Novell has Xensource.
Do I want this? Sure why not. I like running multiple operating systems to see what I like the best. They all have benefits and flaws. For instance MS Windows is great for the business world. i.e. applications. I love Mac OS X for it's beauty and simplicity. It is the perfect OS and system for home users.
If I want to code, I then use Linux/UNIX depending on what platform I need to try to write or debug software on. I'm no expert programmer, but can read and write some C, HTML (not a programming language) PERL and Assembly X86.
With Web 2.0 taking off. A popular buzzword. What it really is is services using AJAX. Think of applications on the web to use. Google Apps comes to mind, Facebook and Myspace.
To sum this up I think it is a smart move for Microsoft. After all Novell has Xensource.
Windows Vista Encryption Algorithim
A few months back I asked a Microsoft Sales Rep what encryption was used for Vista. He did not know. The encryption algorithm implemented is AES-CBC. This is Advanced Encryption Standard in cipher block chaining mode.
AES is a block cipher developed by our government. The key sizes can be 128, 192 or 256. The block size is 128bits. It can change the plain text 10, 12, 14 rounds.
To learn more detailed information. Wikipedia has a excellent article.
AES is a block cipher developed by our government. The key sizes can be 128, 192 or 256. The block size is 128bits. It can change the plain text 10, 12, 14 rounds.
To learn more detailed information. Wikipedia has a excellent article.
Artificial Intelligence
When will AI come to the point that we live in a world like IRobot. I often think of developing a massive database of information. It would be very sweet to have AI, running in the database. It would look for patterns, learn and try to make logical decision's. I read about data mining, data warehousing, and data modeling. This is all in the field of informatics.
Artificial Intelligence is developing intelligent systems to mimic human behavior. AI can be applied to all fields of research. There is also the thought that AI will one day take over humans. Pretty scary.
There are so many databases out there on the Net. Imagine if someone developed a intelligent spider to crawl the net looking for correlations, trends over even try to predict future events. This is already a reality.
Artificial Intelligence is developing intelligent systems to mimic human behavior. AI can be applied to all fields of research. There is also the thought that AI will one day take over humans. Pretty scary.
There are so many databases out there on the Net. Imagine if someone developed a intelligent spider to crawl the net looking for correlations, trends over even try to predict future events. This is already a reality.
VM Ware Products
Their are several products that VW Ware offers. There are products for first time virtualization users, for enterprise users, technical and programmers and products for locking down the desktop and as well as management.
For Servers there is VM Ware Server -----> VM Ware Infrastructure
For desktops there is VMWare player. You can run virtual machines on any machine. These are free downloads.
Virtual Manager allows you to create virtual machines.
VM Workstation allows developers to run multiple virtual machines for software development.
VMWare Ace is used on desktop for security, it can be used to lock down endpoints.
VMWare Infrastructure.
ESX Server is the flagship or foundation for distributed virtualization. ESX server takes care of managing memory, hardware, networking and splits them up into virtual machines. Virtual center gives you a birds eye view of your virtual machines. It also handles workloads, optimizing and it has templates.
There are several add-ons for ESX server.
VM Ware is great for Malware analysis. You can view and run the source code in the vitual machines in a controlled enviroment. There are Anti-Virus companies that use VMware and software debugging tools such as Soft Ice to look into worms and see what there are meant to do. What worms, viruses and othe Malware is contained in the payload.
For Servers there is VM Ware Server -----> VM Ware Infrastructure
For desktops there is VMWare player. You can run virtual machines on any machine. These are free downloads.
Virtual Manager allows you to create virtual machines.
VM Workstation allows developers to run multiple virtual machines for software development.
VMWare Ace is used on desktop for security, it can be used to lock down endpoints.
VMWare Infrastructure.
ESX Server is the flagship or foundation for distributed virtualization. ESX server takes care of managing memory, hardware, networking and splits them up into virtual machines. Virtual center gives you a birds eye view of your virtual machines. It also handles workloads, optimizing and it has templates.
There are several add-ons for ESX server.
VM Ware is great for Malware analysis. You can view and run the source code in the vitual machines in a controlled enviroment. There are Anti-Virus companies that use VMware and software debugging tools such as Soft Ice to look into worms and see what there are meant to do. What worms, viruses and othe Malware is contained in the payload.
Open Source Search Engine
Today while working I came across Koders. Koders is a open source search engine. This is nice. There is also Google Code search. The beauty of this is that you can search for functions and routines that other programmers have written. Why reinvent the wheel?
I also went through a hour of Microsoft licensing training. There are so many options. I'm currently working on loking for companies that need Enterprise Agreements. This can be for SQL, Windows Server, Microsoft Exchange, Server, Windows Vista all the favors. You can also get software assurance which alows you to get software upgrades. This can be valuable because Microsoft is coming out with Microsoft Exchange 2008.
I also went through a hour of Microsoft licensing training. There are so many options. I'm currently working on loking for companies that need Enterprise Agreements. This can be for SQL, Windows Server, Microsoft Exchange, Server, Windows Vista all the favors. You can also get software assurance which alows you to get software upgrades. This can be valuable because Microsoft is coming out with Microsoft Exchange 2008.
Microsoft Security Alerts for Sept 2007
Microsoft released some security alerts. There is only one critcal alert. It allows an attacker to run code remotely on your machine. This is dangerous because they can ask fr a shell back to their computer to execute commands.
Here are four of the alerts:
To update your system. Click here.
Microsoft has a ton of use full information on security.
Here is their security portal.
Microsoft also has a security response center. The one thing I wonder is why there are so many holes in the first place? There is software that will scan your source code for known vulnerabilities. This should be done before shipping the product!
Here are four of the alerts:
| • | MS07-051 - addresses a vulnerability in Windows (KB 938827) |
| • | MS07-052 - addresses a vulnerability in Visual Studio (KB 941522) |
| • | MS07-053 - addresses a vulnerability in Windows (KB 939778) |
| • | MS07-054 - addresses a vulnerability in MSN Messenger and Windows Live Messenger (KB 942099) |
To update your system. Click here.
Microsoft has a ton of use full information on security.
Here is their security portal.
Microsoft also has a security response center. The one thing I wonder is why there are so many holes in the first place? There is software that will scan your source code for known vulnerabilities. This should be done before shipping the product!
Monday, September 17, 2007
Cyberwar
The DOD has stated that Cyberwar is real. Our US networks have been attacked by China. I heard on CNN that our Secretary of Defense's computer was also penetrated. I do not know if this is true. President Bush says it's not.
The Air force has some of the best cyberwarriors. They have classes to train our troops on information warfare. The have a degree in Cyberwarfare. It's in the electrical and engineering department. They train on IP networks, telecommunications, radars, satellites, transportation systems, and power systems.
The NSA also does try to stop these attacks. The DOD had one of the lowest security rating's out of goverment agencies. The National Science foundation had some of the best security.
The Air force has some of the best cyberwarriors. They have classes to train our troops on information warfare. The have a degree in Cyberwarfare. It's in the electrical and engineering department. They train on IP networks, telecommunications, radars, satellites, transportation systems, and power systems.
The NSA also does try to stop these attacks. The DOD had one of the lowest security rating's out of goverment agencies. The National Science foundation had some of the best security.
Virtualization
Virtualization is hot right now. I sale VM Ware products. I'm currently studying for the VM Ware professional sales. There are plenty of other player in the field right now. There are open source solutions. Such as Virtual Box.
There is also Novell is Xensource.
Virtualization allows you to run multiple virtual machines on one computer or server. It is handy. I run Parallels here at home on my Macbook. The benefit is that I can run Mac OS X and then have Redhat Linux in another window. This allows me to focus on programming in Linux and using Mac OS X for my photos or running ITunes.
Companies can use virtualization to reduce IT cost's, There does not have to be as many desktops. You can run multiple virtual machines on the server and have clients connect with dumb terminals.
Virtualization is also good for security. A virus or worm will only stay in the virtual machine and not infect other machines, or virtual machines. Virtual machines can also be transported with VMware. This can be carried on person in a USB drive.
There is also Novell is Xensource.
Virtualization allows you to run multiple virtual machines on one computer or server. It is handy. I run Parallels here at home on my Macbook. The benefit is that I can run Mac OS X and then have Redhat Linux in another window. This allows me to focus on programming in Linux and using Mac OS X for my photos or running ITunes.
Companies can use virtualization to reduce IT cost's, There does not have to be as many desktops. You can run multiple virtual machines on the server and have clients connect with dumb terminals.
Virtualization is also good for security. A virus or worm will only stay in the virtual machine and not infect other machines, or virtual machines. Virtual machines can also be transported with VMware. This can be carried on person in a USB drive.
Microsoft Automatic Updates
It appears that Microsoft has been installing updates without our permission. Tommorow is patch Tuesday. I wonder how many holes they are going to patch?
You can view the knowledge base articles to see what they are installing on your computer there are allot of updates. It would be nice of Microsoft to let users know that they are going to be installing software. It's bad enough that I cannot see the source code. How do I really know what is in those updates? More Spy ware? This is why I love Open Source/Linux. I can view the code and run MD5 checksums to insure that the software has not been tampered with.
I was reading this article in Eweek that stated that they have been doing this for quite some time.
You can view the knowledge base articles to see what they are installing on your computer there are allot of updates. It would be nice of Microsoft to let users know that they are going to be installing software. It's bad enough that I cannot see the source code. How do I really know what is in those updates? More Spy ware? This is why I love Open Source/Linux. I can view the code and run MD5 checksums to insure that the software has not been tampered with.
I was reading this article in Eweek that stated that they have been doing this for quite some time.
AOL Instant Messenger Attack
It appears that it is possible to send HTML code to AOL messenger, to shut it down or try to gain information from the clients computer.
Here is the link to Bugtraq.
Here is the link to Bugtraq.
Cisco Adaptive Security Appliance
Every morning I get up and sign into My Yahoo and IGoogle. I have them configured to show me the days exploits and vulnerabilities. I do this to keep my clients informed. My clients consist of Network administrators, CIO's, CEO's and business owners.
Today I recommended a Cisco ASA to a client with IPS. IPS stands for intrusion prevention system. The Cisco ASA comes standard as a firewall. You can then add different modules such as VPN, Content filtering and Anti-X.
The VPN can support different users depending on the module selected. It does SSL and IPsec. There are different encryption protocols that can be utilized as well such as DES and 3DES. A VPN is a virtual private network. It allows you to login remotely form home or Starbucks securely. When you do this without a VPN, you send your data in clear text. A simple sniffer between your computer can pick up these packets and read what is in them. Encryption slows the process of reading the contents. 3DES and DES are very strong and it would take years or even longer to crack it. When you are surfing at your local Starbucks, the guy next to you can run a wireless sniffer and grab your bank account information, Yahoo Login ID, or Amazon login.
The content filtering module allows network administrators to implement security policies. Like blocking Yahoo instant messenger, Myspace, and ESPN during work hours.
Anit-X is a anit-Malware application. It defends against viruses, trojans, key-loggers, exploit code and other goodies that attackers like to use to gain info, mess up data, and just for fun.
The IPS module is nice. It attempts to stop attacks before they happen. How? It has a signature database, the firewall does deep packet inspection. This means it looks at the content of the packets and compares it against a updated databse of known attacks. It it looks suspicious it is dropped or quarantined for later inspection.
Today I recommended a Cisco ASA to a client with IPS. IPS stands for intrusion prevention system. The Cisco ASA comes standard as a firewall. You can then add different modules such as VPN, Content filtering and Anti-X.
The VPN can support different users depending on the module selected. It does SSL and IPsec. There are different encryption protocols that can be utilized as well such as DES and 3DES. A VPN is a virtual private network. It allows you to login remotely form home or Starbucks securely. When you do this without a VPN, you send your data in clear text. A simple sniffer between your computer can pick up these packets and read what is in them. Encryption slows the process of reading the contents. 3DES and DES are very strong and it would take years or even longer to crack it. When you are surfing at your local Starbucks, the guy next to you can run a wireless sniffer and grab your bank account information, Yahoo Login ID, or Amazon login.
The content filtering module allows network administrators to implement security policies. Like blocking Yahoo instant messenger, Myspace, and ESPN during work hours.
Anit-X is a anit-Malware application. It defends against viruses, trojans, key-loggers, exploit code and other goodies that attackers like to use to gain info, mess up data, and just for fun.
The IPS module is nice. It attempts to stop attacks before they happen. How? It has a signature database, the firewall does deep packet inspection. This means it looks at the content of the packets and compares it against a updated databse of known attacks. It it looks suspicious it is dropped or quarantined for later inspection.
Sunday, September 16, 2007
Working for a VAR
I have not posted to this blog for a long time. There has been allot of good stuff going on in my life. My son Alexander was born in May. I have not had allot of time to do anything really. I started working for a value added reseller. I enjoy my work. I focus my sales on storage, security and networking products. I.m trying to gain as many certifications as possible to increase my knowledge and provide solutions to clients.
Right now I'm going for VMware sales professional. I enjoy learning, it keeps my brain going. I work with some people who dont have the drive to really learn the new technologies. They just want to make the sale. I understand that and am not putting them down. I'm different. I want to know what I'm selling and how it works. I want to see if I can make it better. It can be software that needs added functionallity or hardware that could run faster or cheaper.
In five years from now I want to be running my own business Phuture Networks full time. I'm looking to provide managed security solutions for clients. This can include remote and onsite penetration testing. Wireless assesments, web server hardening, OS hardeing and verification of firewall rulesets. Recommendations on intrusion detection systems and physical security.
Right now I'm going for VMware sales professional. I enjoy learning, it keeps my brain going. I work with some people who dont have the drive to really learn the new technologies. They just want to make the sale. I understand that and am not putting them down. I'm different. I want to know what I'm selling and how it works. I want to see if I can make it better. It can be software that needs added functionallity or hardware that could run faster or cheaper.
In five years from now I want to be running my own business Phuture Networks full time. I'm looking to provide managed security solutions for clients. This can include remote and onsite penetration testing. Wireless assesments, web server hardening, OS hardeing and verification of firewall rulesets. Recommendations on intrusion detection systems and physical security.
Friday, December 01, 2006
Computer Security News
Its Friday night. I'm listening to some techno and reading many different feeds. The one that caught my attention is about an Israeli computer security firm, discovered how to read enrypted pin traffic used by banks. The secret service is investigating this claim. It makes me wonder what type of encryption protocols are in place to protect me at my local ATM ? Are they strong ? Is there a standard or do banks get to choose ?
There were also some reports that Wall Street and other financial institutes could be attacked shortly. The goal of the terrorists is to hurt the US economy.
I also read a article today about how mainframes seem to have been forgotten. There are still IBM mainframes and I'm sure many other supporting our nations infrastructure. Security needs to be considered for all hardware and software on the network regardless of how old it is. Even printers are open season for experienced crackers.
In other news a hacker from Romania, hacked into NASA the department of energy and the US Navy. This worries me. Were talking the Navy and DOE. What type of testing is our goverment doing to protect against these attacks ? We have the NSA who is supposed to be protecting our networks and communications. But they choose to listen to US citizens. Protect first guys.
I still don't get why people don't use encryption. You hear almost every day. they got access to all these records. Is it that its too difficult to implement. I admit my grandma does not need it but our universities and goverment sure does.
There were also some reports that Wall Street and other financial institutes could be attacked shortly. The goal of the terrorists is to hurt the US economy.
I also read a article today about how mainframes seem to have been forgotten. There are still IBM mainframes and I'm sure many other supporting our nations infrastructure. Security needs to be considered for all hardware and software on the network regardless of how old it is. Even printers are open season for experienced crackers.
In other news a hacker from Romania, hacked into NASA the department of energy and the US Navy. This worries me. Were talking the Navy and DOE. What type of testing is our goverment doing to protect against these attacks ? We have the NSA who is supposed to be protecting our networks and communications. But they choose to listen to US citizens. Protect first guys.
I still don't get why people don't use encryption. You hear almost every day. they got access to all these records. Is it that its too difficult to implement. I admit my grandma does not need it but our universities and goverment sure does.
Friday, November 17, 2006
Review of HP iPAQ hx2495
I just picked up one of these PDA's from Amazon. Im quite happy. It is a little heavy compared to my Toshiba PDA, but so much more powerfull. It has built in WiFi and Bluetooth. I connected to my corporate network with no problem at all.
I really missed having my PDA around. One day my Toshiba just quit. It was a refurbished model. I picked this up for $288.99. It was a good deal.
I really missed having my PDA around. One day my Toshiba just quit. It was a refurbished model. I picked this up for $288.99. It was a good deal.
Thursday, November 16, 2006
McAffe Secure Internet Gateway
I just done with a presentation on the McAffee Secure Internet Gateway. This is a unified threat solution. It has Anti-Virus, Anti-Spware and firewall capabilities. It also has anti SPAM system.I stayed after the presentation to ask what operating system runs on the device. It is a modified version of RedHat. It is also checked by a outside third party for any vulnerabilities.
It comes in different models like the 3100, 3200 and 3300.
These models also have web filtering capabilities. This device is capable of protecting both POP 3 and SMTP fro email security.
To find out more go to www.mcaffee.com
Wednesday, November 15, 2006
Math and computer science
I'm currently in school majoring in computer science with a focus on security. I'm really need to brush up on my math skills. I was on Slashdot and came across this post about what type of math CS majors should look into.
Article on Slashdot
Article on Slashdot
CCNA Notes
Flow Control provides data integrity prevents the sending host from overflowing the buffers of the receiving host. Sends data in segments. Synchronization and windowing is also handled at this layer.
Routing is handled at the network layer. The network layer is also responsible for routing thru the internetwork and network addressing.
Router update packets include RIP, IGRP, and OSPF.
Routing is handled at the network layer. The network layer is also responsible for routing thru the internetwork and network addressing.
Router update packets include RIP, IGRP, and OSPF.
Kevins Mitcnicks Security Advice
I came across this on Wired Magazine site. This is quoted from Kevin Mitnick. One of the most famous hackers of all time.
Here's my Top 10 list of steps you should take to protect your information and your computing resources from the bad boys and girls of cyberspace.
- Back up everything! You are not invulnerable. Catastrophic data loss can happen to you -- one worm or Trojan is all it takes.
- Choose passwords that are reasonably hard to guess -- don't just append a few numbers to a no-brainer. Always change default passwords.
- Use an antivirus product like AVG or Norton, and set it to update daily.
- Update your OS religiously and be vigilant in applying all security patches released by the software manufacturer.
- Avoid hacker-bait apps like Internet Explorer and disable automatic scripting on your e-mail client.
- Use encryption software like PGP (pretty good privacy) when sending sensitive e-mail. You can also use it to protect your entire hard drive.
- Install a spyware detection app -- or even several. Programs that can be set to run frequently, like SpyCop, are ideal.
- Use a personal firewall. Configure it to prevent other computers, networks and sites from connecting to you, and specify which programs are allowed to connect to the net automatically.
- Disable any system services you're not using, especially apps that could give others remote access to your computer (like Remote Desktop, RealVNC and NetBIOS).
- Secure your wireless networks. At home, enable WPA (Wi-Fi protected access) with a password of at least 20 characters. Configure your laptop to connect in Infrastructure mode only, and don't add networks unless they use WPA.