Wednesday, February 22, 2012

Small/Medium Businesses: Security is at the forefront

As a IT consultant to several SMB's (Small Medium Business), I talk to owners everyday about their needs and concerns about their IT infrastructure. Most of the time the conversation is about increasing productivity through the use of technology.  Right now the hot topic there is cloud technology.  They feel they need to be  more efficient with processes and avoid creating redundancy.  The one thing that is not a big topic is security.

No offense to SMB's but I am not sure that these owners are fully aware of what is really going on with cyber-security.  A lot of small and medium shops treat their IT security as if they have nothing to worry about.  Now I am not here to say that all of them are not security aware, however they read something in the news about a security breach at a large company but think that will never happen to them.  Hackers do not discriminate.  If you have data and a internet presence you are a target.

The key to SMB security is to synergize business objectives and productivity with security.  Just because you lock down your IT infrastructure does not mean you cannot do business.  You just have to find a way that works best for your company.  Its easy to be productive if you have no controls on the infrastructure, however its the lack of those controls that could produce a security breach or incident that will cause you not to be productive.   I believe there is a way for all of these areas to coexist.

SMB security has some challenges that are different from enterprise security.  Sometimes SMB IT personnel are great administrators but may be unaware of security threats that may exist.  They are in charge of a lot of areas for the business and there is no security department like in enterprise companies to help them. Therefore while they are solving business needs and doing day to day brake it and fix there is just not the time to maintain up to date security.

So what is a SMB to do?  Where do they start?  Over the next month and a half I am going to be exploring 6 key areas for SMB security. 

Key Areas of SMB Security


1) SMB Threats and Vulnerabilities

2) Security Policy

3) Security Awareness

4) Internet Access

5) BOD (bring your own device) Security

6) Auditing Administrative, Technical, and Physical controls


Hopefully if you are a SMB this series may get you to re-evaluate your security needs and have a better understanding of your security needs.

Thank you and if you have any questions during the series please feel free to email me at wpruett@centriq.com

- Tom Pruett, Cisco & Security Expert; MCT, CTT+, CISSP, CWNA, CEH, CHFI, CCSI, CCNA, MCSE LinkIn with Tom

Bookmark and Share

Tuesday, February 14, 2012

The Need For Forensics - Finding The Why and The How In Security


Computer forensics has been around as long as computer crimes.  People have stolen money, information and disabled businesses all while thinking they are the smarter criminal since they are using an electronic device.  So what happens when law enforcement is notified of a cyber crime or IT security is notified of a security breach?  Every crime or security breach is investigated and goes through a computer forensic process.  Law enforcement and IT security are trained as computer forensic specialists to try and find out not only the why a crime or breach was committed but also how it was done.

Forensics is the first part of a good incident response plan.  It is the first action item that is performed during the IRP when a crime or breach is detected.  It is also the most crucial.  In the last 10 years computer forensics has come along way.  New tools and techniques have been developed to help not only law enforcement but also security professionals in the private sector.  Computer forensics is more than just using your troubleshooting skills or break it and fix skills. Its about using that knowledge in a methodical way to prepare a hypothesis about an event.  Maybe its finding out how someone got a password for accessing files that they were not authorized to see or even how they developed a script to change a time sheet remotely.  Regardless of the event, there is always a need for a computer forensic professional.


There are two main areas of forensics we deal with in IT security.  One is the network and the other is the host. Each area has different methodologies and tools we use to dissect the why and the how.  Also each area has its different areas of expertise and knowledge.  To understand how a security event happened in forensics you have to first understand how the network or host is suppose to work.  This is where training and experience play a crucial role in becoming a computer forensic investigator.


For over 7 years I have taught Eccouncil's Certified Hacking Forensic Investigator (ChFI) course.  In March of 2012 Eccouncil will be bringing out a
new version 8 of ChFI. This course will be bringing a fresh perspective for those interested in getting into computer forensics.  The course will have plenty of hands on learning as well as an introduction into a wealth of forensic tools.  The major premise behind using the tools in the labs is to get a base understanding of the forensic process which includes:
  1. Search and seizure
  2. Secure a crime scene
  3. Documenting the chain of custody
  4. Acquiring electronic evidence and secure transportation of evidence
  5. Examine and analyze forensic images using sound methodology 
  6. Design your review strategy of the e-evidence and interpret and draw inferences based on facts gathered from the e-evidence.
  7. Prepare a report on your analysis and findings
  8. Expert witness
So if you would like to know more about computer forensics and use those break and fix skills to find out the how and what, make sure you sign up at Centriq Training for ChFI.

Hope to see you there.

- Tom Pruett, Cisco & Security Expert; MCT, CTT+, CISSP, CWNA, CEH, CHFI, CCSI, CCNA, MCSE LinkIn with Tom

Bookmark and Share

Friday, February 10, 2012

An Analysis of Normalization Through the Eyes of the Developer - Part III


View Part II

Paraphrasing E.F. Codd’s First Normal Form, it states that there should be, “No repeating groups”.  The language column is the group in this example, below you will find the proposed design implements this rule, while the original design does not.
Original design
(Products table)
ProductID Name English Spanish French Italian
1 Ceramic tile 1 0 0 0


Proposed design
(Products table)
ProductID Name LanguageID
1 Ceramic tile 1

(Language table)
LanguageID Name
1 English
2 Spanish
3 French
4 Italian

Consider the original design and the proposed design above.  The proposed design removes all of the hindrances that the original design put into place.  Normalization frees the developer from handling issues, because those issues are simply not present.

Problem 1 solved:  Suppose the business expands into a German speaking market, in the original design a column must be added and populated with a “0” for all current and subsequent records.  In the proposed design, simply adding a fifth record to the language table is the only task that needs to be done.

Problem 2 solved:  Keeping data clean is much simpler in the proposed design.  If a product needs a different language, simply change the LanguageID field in the Product table.  In the original design, this would, as best, involve altering data in two different columns.

Problem 3 solved:  In the proposed design, there is no need to store data that is essentially keeps track of the language that the product is not.  In the proposed design, if a product is not associated with a language, a record simply does not exist.

I hope this blog has shown the benefits of simple normalization.  Making the decision to architect even your simplest of applications with normalization can guard against unforeseen complications, while keeping the focus on the business need.

- Ed Dressler, SQL Server Expert; CTT+, MCDBA, and MCITP LinkIn with Ed

Bookmark and Share

Tuesday, February 7, 2012

Cloud Intelligenece Conference: Keynote Speaker Announced!


Centriq Training is pleased to announce Paul Mattes, Microsoft U.S. Director of the Windows Azure Platform and Technical Computing, as the 2012 Cloud Intelligence Conference Keynote Speaker!

This one day conference will be held on April 12, 2012 at the Overland Park Convention Center. 

Mr. Mattes' Microsoft teams are responsible for working with customers and partners to identify and deliver solutions based on Microsoft’s cloud computing assets and High Performance Computing software. He has over 25 years experience in a diverse set of disciplines including software architecture and engineering, data center operations, enterprise sales management and strategic business consulting. Learn more about him here.

This event is ideal for IT professionals, business decision makers and executives from all types of technology backgrounds. Some topics will include Public Cloud, Private Cloud, Hybrid Strategies, Cloud Security, Virtualization, Migration and Information Architecture. Seating is limited. To learn more or register for this event, please visit www.centriq.com/CloudIntelligence.

For questions or more information on the event contact your Account Executive at 913-322-7000.

- Jessica Oliver, Director of Operations LinkIn with Jessica

Bookmark and Share