Client Hosted Virtual Desktops Part II; Back to Basics

Back 
to 
Basics: 
What 
is a Client Hosted Virtual Desktop (CHVD)?

Client 
hosted virtual desktops 
refer 
to 
the 
combination 
of 
a 
management
 system
 and
 a 
hypervisor 
on 
a
 client
PC,
 utilizing 
the 
local 
resources 
to 
execute 
the 
operating
 system.


Figure 1. different desktop virtualization models segmented by central vs. distributed computing environment support and reliance on operating system

Securing the Mobile Workforce

The rising tide of mobile computing, driven by the introduction of consumer devices such as the iPhone and iPad, is crashing against the shores of many an IT shop. Most IT organizations have lived on a diet of corporate policy restrictions and liberal use of the word “No!”, unfortunately their time has come. Continue reading

Chinese Government to Ban All US-Based Technology Companies and Products

Beijing, China – April 1, 2010 – The Chinese government announced that effective immediately all US based technology firms and associated products and services will be banned from all Chinese government and state-run agency IT environments. The ban is expected to include critical infrastructure, such as military, finance, utilities, and healthcare as well as education, retail and manufacturing companies. Continue reading

Respect, Prudence, and Combatting Identity Theft

From my recent posting on Computer World UK (here)

Whenever I hear the phrase “identity theft,” I can only imagine what the late, great Rodney Dangerfield would have made of it: “Some guy in Moldova stole my identity. The FBI said, ‘…and you want it back?’ No respect!”

Despite what seems to be a public fascination with identity theft as the latest innovation in cybercrime, it isn’t really new. Even before the Internet came along, criminals could steal and manipulate identity data by modifying the magnetic strip on the back of a credit card to access a different account than the one listed on the front of the card. This would allow the thief to present a credit card and identification that matched and hope that the employee didn’t actually look at the name on the receipt.

Continue reading

Client Hosted Virtual Desktops Part 1; Own the OS

We all know that IT security and operations is becoming a more challenging and untenable problem day by day – see “Top 10 Reasons Your Security Program Sucks and Why You Can’t Do Anything About it” – The reality is that we continue to build on top of inherently insecure and fundamentally weak foundations, such as the operating systems and routing infrastructures that power much of the global economy.

We need an alternative to the current computing paradigms that all organizations struggle with.

Continue reading

Poor Design? Blame the User!

As I was traveling through Canada last week I was struck by an article in the Globe and Mail – “Track designers defend Whistler course” – in which the designers of the Winter Sliding Centre suggest that the unfortunate accident that resulted in the death of Georgian athlete Nodar Kumaritashvili was caused by human error and not any negligence of the track designers themselves (here) and (here) Continue reading

The Broken Windows Economics of IT Security

To economists, the term “Broken Windows” refers to the question that if a shopkeeper pays a glazier to repair a broken window at his store, does this deliver an economic benefit to society? Many people would say yes, because it generates demand for glass and work for the glazier.

Have you ever been witness to the fury of that solid citizen, James Goodfellow, when his incorrigible son has happened to break a pane of glass? If you have been present at this spectacle, certainly you must also have observed that the onlookers, even if there are as many as thirty of them, seem with one accord to offer the unfortunate owner the selfsame consolation: “It’s an ill wind that blows nobody some good. Such accidents keep industry going. Everybody has to make a living. What would become of the glaziers if no one ever broke a window?

Excerpt from the 1850 essay “That Which is Seen and That Which is Unseen” By Frederic Bastiat Continue reading

Cyber Warfare Needs Cyber Civil Defense

Hardly a day goes by with some news article, op ed piece, or screaming commentator on a bottom of the dial cable channel proclaiming the dire prospects of cyber war. But unlike traditional kinetic wars with identifiable enemies, overt acts of war, and some notion of what constitutes victory, we’re still at the stage where the concept of cyber war is a carnival of ambiguity, speculation, red herrings and heated debates on topics that may turn out to have no lasting importance at all.

Continue reading

Cyber Warfare: Should We Be On The Offensive?

The world needs a treaty to prevent cyber attacks becoming an all-out war, the head of the main UN communications and technology agency warned Saturday.

“A cyber war would be worse than a tsunami — a catastrophe,” the UN official said, highlighting examples such as attacks on Estonia last year Continue reading

Is Social Media Destroying Rational Debate?

(this post is dedicated to all those I have debated – poorly – on twitter and in blogs)

I must admit that I do enjoy the experience of a good debate, the adrenaline rush, the give and take with a qualified adversary, the thrill of victory and hopefully the expanse of ones views. So often though many of us fall back on cheap tricks, emotional triggers, and framing points of view in extremes or black and white terms – all of which result in polarizing, as opposed to elevating the discussion. This is not a new phenomenon and has been used through the years by some of the most prolific personalities in history. In some cases the result is for the betterment of all and sometimes it is to the detriment of many.

What is new is social media, such as twitter, blogs, facebooks, etc., which provide an excellent mechanism to reach a large population of geographically dispersed people – that is good. Unfortunately the speed at which information is disseminated as well as the lack of detail and time used to build an argument that can facilitate healthy communication is severally impacted in these mediums – that is bad.

I don’t know how many of you have tried to carry on a debate in 140 characters, but it is a poor forum for anything beyond where one should eat dinner and even that can quickly border on contentious if not bounded properly.

Here is an example of a bunch of recent twitter debates (modified slightly and the names have been changed to protect the silly):

Continue reading

Top 10 Reasons Your Security Program Sucks and Why You Can’t Do Anything About It

In the security industry we like to fool ourselves into thinking that we can materially impact an organizations security posture. We believe that new tools, a new framework, a new regulation, a new school of thought will lift the veil of organizational ignorance and enable us to attain the state of enlightened security practitioner.

But as we trudge through the mud and haste of our increasingly digital lives we embrace the continuity of failure that is security, only we have more of it…more threats, more tools to deal with the threats, more people to deal with the tools, more process to deal with the people, more adoption of technology leading to more threats, which of course leads to more of the same – more fail.

Maybe it is time to stop fooling ourselves and recognize that to move forward we have to know our limitations and start to question the status quo that so many others rely on for their livelihood.

So as you stare out the window, morning cup of coffee in hand, a tear rolling listlessly down toward your chin and as your sitting there pondering what went so terribly wrong take a moment to reflect on the top 10 reasons your security program sucks and why no matter how much you kick and scream it will continue to suck…

Continue reading

White House Announces New US CyberSecurity Coordinator

After what few probably realize was a tremendous amount of political posturing President Obama has finally appointed Howard Schmidt as US Cybersecurity Coordinator. Schmidt who also served as a cybersecurity adviser under President Bush will be responsible for establishing, defining and coordinating cybersecurity across public and private critical infrastructure. I have worked with Howard and know him to be a highly competent individual that will have a positive impact on this administrations Cybersecurity efforts. Congratulations Howard and best of luck in your new role! Continue reading

Climategate, TSA Leaks, A National Data Breach Notification Bill and The Law of Inevitable Disclosure

Riddle me this: When one does not know what it is, then it is something; But when one knows what it is, then it is nothing…what is it?

Recently we have witnessed a series of high-profile leaks, this in and of itself is nothing new we have been experiencing an orgy of disclosure since the early part of the decade, but the latest “disclosures” highlight the law of inevitable disclosure, which goes something like – if more than one person knows it then it will at some point in time be disclosed. Continue reading

AT&T Wages Holy War Against Data…


AT&T has openly admitted that their data coverage sucks (here) and all but admitted defeat in the telcom data wars. although they are the sole service provider of the iPhone – the world’s most pervasive handheld data device – AT&T has decided that for them to maintain the service quality (which already blows) they will need to implement new fees to encourage folks to limit their use of the iPhone. Wow, seriously, so they suck even more than I thought when I first railed against AT&T (here). Continue reading

Note to Self: 2009 Holiday Gift List

From Computer World UK (here)

Black Friday and Cyber Monday have come and gone. Now it’s time for Amrit Wednesday, or Thursday, or Friday—oh, whatever—to pay our industry back for all the dubious cheer it spread in 2009. Believe me, when it comes to this list, it’s much better to give than receive. Here goes:

Continue reading

Gartner Magic Quadrant Under Fire – Lawsuit Alleges Defamation and more

Gartner Magic Quadrant

A storm is brewing throughout the analyst community as one of the largest and most influential technology analyst firms comes under fire for one of their highest prized research artifacts – The Gartner Magic Quadrant (MQ) – ZL Technologies has filed a lawsuit alleging damages from Gartner’s Email and Archiving MQ and the MQ process as a whole, in which ZL has been positioned as a Niche player since 2005.

From ZL technologies website (here)…

ZL Technologies, a San Jose-based IT company specializing in cutting-edge enterprise software solutions for e-mail and file archiving, is challenging Gartner Group and the legitimacy of Gartner’s “Magic Quadrant.” In a complaint filed on May 29, 2009, ZL claims that Gartner’s use of their proprietary “Magic Quadrant” is misleading and favors large vendors with large sales and marketing budgets over smaller innovators such as ZL that have developed higher performing products.

The complaint alleges: defamation; trade libel; false advertising; unfair competition; and negligent interference with prospective economic advantage.

For those unfamiliar with analysts, Gartner and the Magic Quadrant let me provide a quick overview:

Continue reading

50th “Beyond The Perimeter” Podcast HighLights

btp2

Not too long ago I embarked on a creating a podcast series that would provide more regularity than the blog. Beyond the Perimeter has been a tremendous amount of fun and as we just posted our 50th podcast I wanted to reflect on some of the highlights and wonderful guests we have been honored to have joined us.

Beyond the Perimeter iTunes subscription

Beyond the Perimeter Direct XML Feed

Continue reading