The IT Security Attaché

Meeting details here http://titssn.org/event.php?event_id=10

Look out for some hot new releases to come as a part of TITSSN v.2010.

~Brett A. Scudder~

Good day to you,

You’re invited to our October 8th group meeting which will held at the Microsoft’s Briefing Center in NYC and is hosted by The Security Attaché who will be presenting the new and enhanced version of Brett v.2010 which was released in July 2009.

This will be a personal meeting which will be taking an up close and personal look at Brett v.2010 and what makes him tick, his work, motivations/inspirations, visions and future for TITSSN. He will also be officially launching the new version of TITSSN v.2010 and its features and enhancements. There are many major changes to the organization and its structure going forward and these two critical releases will address many questions that have been asked and been floating around.

All are invited and feel free to invite your peers, associates, friends and people of interest. Food and refreshments will be provided.

Registration is open via our social network here http://titssn.org/event.php?event_id=10

Thank you and have a great day. We look forward to seeing you there.

~Brett A. Scudder~

Good day to you,

I cannot tell you how upset I was yesterday as my trip didn’t go as it should thus, I didn’t make it in on time for the meeting and my presentation. Amtrak had electrical and signal problems on their lines and 3 trains on the track before us waiting to be released past Metuchen. When they finally let us out of Penn station, we had been sitting there for an hour and then the trip was just slow, stopping every now and then and they even had the nerve to stop and let another train that was behind us go by. I was shocked when they did this but what can I say.

The only thing that made the trip less frustrating was one of the conductors who was professional and courteous enough to keep us posted and apologized for the delays. He kept us in the know and informed as things developed which eased the issues

Our scheduled 3pm train that was supposed to get in at 6:30pm didn’t get in till a little after 8. When I got to the venue it was too late and the meeting had wrapped up. We left Washington DC on the 10pm train and didn’t get to Penn station until 2am, ridiculous.

My apology to the National Information Security Group for missing the meeting and I will be rescheduling my presentation with Mr. Small for another date. I was truly disappointed.

Sincerely,

~Brett A. Scudder~

Good day to you,

I am will be out of the office for the rest of the day traveling to Washington DC to do a presentation to the DC chapter of the National Information Security Group this evening. I will be back tomorrow May 1^st and will have very limited access to email and phone while away. I will respond to messages when I get back to the office tomorrow.

Thank you and have a great day,

~Brett A. Scudder~

IT Security Attaché

Greetings,

I am working on my monthly online webcast for April about the Web 2.0 infrastructure in preparation for the upcoming v.3.0. The drastic growth of the Web 2.0 infrastructure caught many people off guard as they jumped into it not knowing what was involved and the issues associated with it. It also created many new threat vectors many of which are still not under control today as the increase of threats/attacks specifically targeting this infrastructure is growing as rapidly as the number of people using it.

The recent Conficker issues have delayed my presentation for this month as I had to be helping out in various organizations to deal with it and so I will be doing it on the 27^th.

This presentation will address the present state of the Web 2.0 infrastructure, features, privacy (yes or no), pros, cons and the security concerns associated with it. It will also provide guidance on how to stay private and secure while maximizing the full potentials of the features and capabilities of it. More importantly, I will address the upcoming Web 3.0 realm and why resistance is futile and how can and will you be secured within its realm. Lots of good stuff so please mark this on your calendars and the meeting info will be posted soon.

My May session will be on the Breach Notification Laws and I will have a legal expert joining as a co-host to address this in more legal terms. More details will be provided soon.

This is just one of the ways in which TITSSN and the IT Security Attaché are trying to enhance the education and awareness of these technology/security issues to the general public. All are invited to join.

Thank you very much and have a great day. We apprecilove your business and support and look forward to serving you more.

~Brett A. Scudder~

The IT Security Attaché | http://theitsecurityattache.com  | Blogs http://theitsecurityattache.com/blogs

President/CEO/Chairman/Founder/Security Architect

~TITSSN ~The IT Security Suite Network~ | http://titssn.net | TITSSN’s Blogs http://titssn.net/blogs

Hey guys,

So we (Brett, Security Attaché and TITSSN) are off to I-CON for a full weekend of activities, panel discussions, workshops and presentations and we are very excited about it. We will try to keep the blogs/tweets updated. One of the highlights for us is to meet Sam from Lord of the Rings as he’s one of our favorite characters and it is one of our most loved movies. Sean “Samwaise Gamgee” Astin is a special guest at the event this year. I can’t believe it was so long ago, LOTR sits in my head as if I just watched it. Wow, time does go by huh.

Sam from Lord of the Rings

There will be a showing of all three LOTR movies at the convention so you know we’re going to be all over that.

God I love the LOTR movies.

 So anyway, we will have limited access to email and voice but will respond if/when we can. If any readers of the blogs are at the event please reach out and say hi. We’d love to meet you too.

I just got an alert of a thunderstorm for the area so my travel time is now increased. Got to get going to get there in time for the Cyber-Crime panel discussion at the Marriot at 8:30pm.

Thank you and have a great day,

~The IT Security Attaché~

Greetings,

It’s that time of the year again and now I have more of a challenge this year as I have more systems to refresh. Every 2-3 months I do a complete system wipe and rebuild of my primary systems (now 16) to give them a clean start and a fresh look and feel. During the year I test so many products and solutions from the industry and once I have tested and like something, it gets added to my approved applications list and is allowed to be installed on my primary systems. It also give me a fresh build as I get rid of old install files or hidden threats that may have been left behind and now the system breathes and runs much better.

These are different from my test boxes that I may refresh daily, weekly or after a few months depending on what i’m testing on it and the period needed to properly deal with it.

As a senior executive on various committees, boards and teams, I take my security practices very seriously as a compromise on my end could lead to mass messaging or some kind of threat coming from my network which could lead to serious issues for my recipients. I am very vigilant about keeping the best of best practices for my organizations infrastructure with regular reviews and updates. As a security professional responsible for numerous organizations infrastructure, I practice these steps to protect myself and those who I collaborate with and the responsibility to protect the people and data in them. One can never be too cautious in this time and age of new and emerging technology and threats and so I try to stay on the cutting edge of the security issues.

So it is that time and my first refresh of which I am somewhat happy for as i’m getting ready to move most of my Vista boxes over to Windows 7. I have been playing around with some new products and solutions and will be moving over to them during this refresh cycle. The timing of this new Conficker worm couldn’t be any worse (or maybe better) as i’m refreshing between March 31st-April 1st. I’m also rolling out a hot new UTM ~Unified Threat Management~ device today as well and I look forward to its protective features and enhancements.

So away I go to start prepping for my refresh and trying to keep up on this Conficker issue which has set me back a day in my schedule.

Thank you and have a great day,

~Brett A. Scudder~

The IT Security Attaché

Good day to you,

It’s that time of the year again and I-CON is here in all its glory, fan filled excitement and awesomeness. TITSSN endorses the I-CON Science and Technology Conference which is in its 28^th year, and attracting over 6000 fans from across the country by supporting its need for getting the needed contents and information out to its attendees. This year’s event will be hosted at the campus of Suffolk County Community College in Brentwood Long Island and TITSSN will be there in full swing to address the IT Security Threats Landscape in various panel discussions, workshops and open sessions. Mr. David Carlos, CEO of David Carlos Managed Information Architects and I, the IT Security Attaché, will be representing TITSSN and covering topics such as:

Cyber-Crime (Fri, Marriott, 8:30pm)

How the world of Cyber-Criminals operate – the botnets, the spam, the hackers, etc. Motivations, methods, tools (try to avoid actually teaching people to be cyber-criminals).

Military Technology (Fri, SCCC, 10pm)

General discussion of new developments in offense and defense for the military.  Ray guns, unmanned aircraft, robots, nanotech, psychological warfare, medical advances – and when some of these (more benign) things may be seen outside the military environment

Things That Make You Paranoid (Sat, Marriott, 11:30) Last year, this apparently started off with about 10 minutes of doomsday events and quickly morphed into privacy and security panel.  Description from last year: Protecting yourself in an increasing hostile technological environment. Why the OS sometimes doesn’t matter, new attack vectors (e.g. cell phones), other things to make you paranoid.

Privacy and Security (Sat, SCCC, 12:00)

Maintaining your privacy and the security of your personal information when everything is online.  Implications of Obama’s plans for electronic medical records.  The penalties and how they are and ARE NOT enforced for various violations.  The pros and cons of sharing/storing your medical and other information with services like Google Health.  Should you mind targeted marketing based on data web sites and loyalty programs generate?

The Security Illusion (Sat, SCCC, 5pm) How technology is used to provide a perception of security from terrorism and the technologies that exist that COULD ACTUALLY DO IT.

Supercomputing (Sat, SCCC, 6pm)

Overview and discussion of the various methods of building a supercomputer and how they work.

Security 101 (Sat, SCCC, 6pm) Conficker and the new world of security threats. Addressing today’s IT Security Threats Landscape and its effects on people

Will HAL Dream? (Sat, SCCC, 21:00)

General discussion of artificial intelligence – from SkyNet (Terminator) to the HAL9000 to Data (from Star Trek) – how close are we, will it take over the world, and how to stop it if it tries to.

Security 102 (Sun, SCCC, 1:30pm) Your biggest security concerns. Are they valid or just myths? Protecting your computers and network from those concerns.

NASA Today (Sun, SCCC, 14:00)

Discussion of NASA’s current publicly known goals, how they should be changed, improved, or re-prioritized.

Global Warming Myths and Facts (Sun, Marriott, 4pm) Discussion of global warming myths, facts, and (potentially) debate. 

Discussion could include perspectives that global warming is not happening and/or is actually progressing in a potentially “natural” way that would happen even without human activity.

This is a fun filled and educational event for the entire family and those who are serious games, anime, sci-fi, mystery and the works addicts. Different sessions, workshops, films, and activities take you through the day and into the early hours of the morning.

TITSSN would like to say a special thank you to Mr. Lee Wilbur, Director of Information Technology and Science and Technology Track Leader at I-CON and member of TITSSN for this opportunity to be a part of the event and accepting our contributions to it. We will continue to work with him and endorse the event in any way we can. Next year we will try to have more people representing the organization to help cover more IT/technology sessions.

For those who will be at CON, see you there.

More info about I-CON can be found on their website here http://iconsf.org.

Thank you very much and have a great day. We apprecilove your business and support and look forward to serving you more.

~Brett A. Scudder~

The IT Security Attaché | http://theitsecurityattache.com  | Blogs http://theitsecurityattache.com/blogs

President/CEO/Chairman/Founder/Security Architect

~TITSSN ~The IT Security Suite Network~ | http://titssn.net | TITSSN’s Blogs http://titssn.net/blogs

Brett.Scudder@titssn.net (877) 539-8614 / (718) 928-6516

We are Security – your Security – our Security – IT Security. Our Security is Safe and Secure.

A Managed Security Services/Value Added Resellers Provider (MSS/VAR-P)

My LinkedIn profile – http://www.linkedin.com/in/titssn | TITSSN’s IT Security Forum Board http://titssn.net/forum

Follow me on Twitter http://twitter.com/TITSSN | Facebook http://www.facebook.com/people/Brett-A-Scudder/1161704997

Hi all,

If your day went like mine then you must be beat, phew, what a week so far.

It’s 3am and i’m scanning the wires, net and blogs to see what’s up with Conficker so far. All is well and from the looks of things you still have time to get those patches loaded, get that anti-virus/anti-malware loaded, configured and run a full/deep scan.

I just completed a full scan of my network and double checked my logs and settings and everything looks ok. We’re still early into the day and so who knows.

For those who are saying it could be a joke/hoax and not preparing for it,

What if it isn’t?

Would you want to be prepared even if it isn’t?

I see that the anti-virus vendors have been busy. Some have released 4-6 new definition updates over the past 12 hrs and that’s a good sign. It means they are still working diligently on helping us stay secure. By the time it hits morning here in the US everyone should be running some April 1^st 2009 definitions as I expect there will be at least 1 or 2 within the first 8hrs. If you’re not running with an April 1^st def, then make sure you’re at least at March 31^st after running an auto update for definitions.

I haven’t slept since Saturday just from prepping for today and helping people get their systems patched, updated and secured but I am surely going to catch a few zzzzzzz in a few.

The day is young, be safe than sorry, patch and secure up and rest well.

Until later when I rise,

The IT Security Attaché

This is from an email I sent out to my network distribution list today at 12 noon.

Good day to you,

This is a critical issue that has been highly overlooked and is a bigger problem than most people care to think. For those of us consultants who are responsible for our client’s infrastructure, please help them to understand where these laws apply and how it affects them. I’m bringing in someone from the attorney general’s office to do a presentation on this for us in the coming month. I’m trying to work with their schedule so stay tuned for the date of the meeting.

There are some serious new threats on the loose and the more I look at them is the easier i’m seeing the rate of success in their deliverables. Our organization speaks to these issues and we must understand what they mean for those we’re helping to understand. This new variant of the Conficker worm has some nasty new tricks to it and while following its development and path, i’m more convinced that this is a new level of sophistication way above the rogue Anti-Virus/Anti-Spyware 2008/2009 threat we encountered last year that is still being a major pain point for IT today. Whether this is an April fools days joke or not, as you can see, the financial ramifications of negligence will be heavy.

Get those system (OS, applications, devices) patches updated and current. Most people tend to patch the OS and leave vulnerable applications running with system access to the OS that even fully patched is still vulnerable. Patching is an all round process that applies to the OS, applications running on it and the devices being connected to it. Even the device drivers are a point of entry to a system today so patch them if needed. Check on those security policies and rules and ensure they are up and running. We have a few days before April 1^st so talk with your people about this and let them understand the need for being prudent about it.

Make no mistake people, this is a new age where technology rules and the threats are more real than ever before. This is not someone physically walking in and taking your data, this is someone sitting anywhere in the world and having access to it (if allowed).

I posted this on LinkedIn here http://www.linkedin.com/answers/using-linkedIn/ULI/447971-3071950 for a broader visibility from the business professional’s community. More feedback and input will be found there as well. Spread the word.

Thank you and have a great day,

~Brett A. Scudder~

State Security Breach Notification Laws

As of December 16, 2008

http://www.ncsl.org/programs/lis/cip/priv/breachlaws.htm

I got a new shipment of Windows 7 discs today from Microsoft for our hands-on workshops. Our next workshop is coming up soon and I will be giving them away. As a matter of fact, i’ll have some at the next group meeting on April 9^th as well.

Early adopters can get a quick look at it.

~The IT Security Attaché~

Hey guys,

Phil Lipkowitz, Director Channel Sales, Systems Business, North America for Microsemi Corporation, PowerDsine Systems accepted my invite to present to us on May 14^th 2009.

I just got the final word from Mr. Lipkowitz that they will be with us for our group meeting at Microsoft’s Briefing Center in NYC.

Microsemi’s Company Profile

http://www.microsemi.com/powerdsine/ 

Microsemi Corporation (Nasdaq:MSCC) is a semiconductor manufacturer specializing in system-engineered integrated circuits and high reliability semiconductors to support its steady growth and profitability.

A long-time supplier of high-reliability discrete components to military and aerospace customers, Microsemi has transformed itself into a global supplier of high performance analog, mixed-signal integrated circuits and high reliability discrete semiconductors that manage and regulate power, protect against transient voltage spikes, and transmit, receive and amplify electronic signals.

Microsemi serves premier companies in six broad markets: mobile/ connectivity, notebooks/ LCD TV/ display, medical, defense, and commercial air/space.

By working closely with other key suppliers as well as our customers ’ development teams, Microsemi is able to identify unique ways to influence future designs – beyond the scope of simple product enhancements. The resulting “system-engineered” solutions create must-have products with competitive barriers and higher margins.

Microsemi has established itself in a leadership position for managing power that lights color displays in automotive GPS systems, notebook computers, computer monitors and LCD TVs. It provides DC-DC solutions for the HDD and set top box markets. Its extensive product offering has enabled it to penetrate numerous end markets that have diversified the company revenues.

The company’s RF product offering is extensive ranging from WLAN power ampliers for a rapidly growing consumer market to high power PIN diodes for an evolving medical MRI market to bipolar transistors for radar and avionics applications.

Microsemi’s product offering of high power switching products has also differentiated itself by addressing strengthening solar inverter, medical, SMPS, and other industrial applications.

Research and development investment for Microsemi’s high margin growth market products is essential to continue driving growth from its core markets.

Incorporated in 1960, Microsemi has established a consistent history of profitable operation.

Registration is open here http://www.clicktoattend.com/?id=137206 and the meeting page will be available with details shortly.

Many thanks to Mr. Lipkowitz for accepting my invite/request and I look forward to the meeting.

~Brett A. Scudder~

IT Security Attaché

Hey guys,

I just got final confirmation from Mr. Evan Fromberg, Director of Sales, Channel Partners at Fortinet, that they will be presenting their new FortiOS version 4 to us at our local group meeting in NYC on April 9^th at 6pm. He and his engineer will be there to present the OS and answer our technical questions. Sweet, i’m excited.

FortiOS provides the foundation for the operation of all FortiGate appliances, from the core kernel functions to the security processing feature sets. FortiOS provides multiple layers of security for a variety of applications and content including Web, Email, FTP, IM/P2P, NNTP, and others. The main security features of FortiOS include Firewall, Virtual Private Networking (IPsec and SSL VPN), Antivirus, Intrusion Prevention, Web filtering, and Antispam.

With the release of FortiOS 4.0, Fortinet has redefined network security again by extending the scope of consolidated security and networking capabilities within FortiGate® multi-threat network security platforms. With over 40 new features, FortiOS 4.0 delivers on its mission to enable secure business communications while offering the best security, performance, and total cost of ownership possible.

New in FortiOS 4.0

WAN Optimization
WAN optimization provides acceleration for applications traversing slower network connections – which are typically WANs. The combination of multi-threat security, traffic optimization, and VPN technologies provides cleaned, accelerated, and secured communications.

Application Control
Application control uses our dynamic application identification engine that recognizes applications based on their behavior. By coupling application control policies with sophisticated security features, administrators can achieve comprehensive protection with granular and more meaningful policies.

Data Leakage Prevention (DLP)
DLP uses a sophisticated pattern-matching and regular-expression engine to identify then prevent the communication of sensitive information outside of the network perimeter. In addition, DLP technology also provides audit trails for data and files, which can aid in legislative compliance.

SSL Inspection
SSL inspection ensures protection from malware infection that is camouflaged by secured protocols, allowing the FortiGate to decrypt the data passing through the SSL-encrypted connection. Once decrypted, the data can be passed to FortiOS security engines for inspection.

More info on the new OS here http://www.fortinet.com/products/fortios/.

Registration is open here http://www.clicktoattend.com/invitation.aspx?code=137146 and the meeting page will be available with details shortly.

Many thanks to Mr. Fromberg for accepting my invite/request and I look forward to the meeting.

~Brett A. Scudder~

IT Security Attaché

Good day to you,

So it’s another day in the box and now i’m looking at either hiring a few people or just cloning myself. So much to do, so much need, so much to lead/plan on, feeling quite happy and comfortable with myself.

Today I plan to finish up two project plans and get a few people involved. I have to start working on the office and restructuring it for opening up to training and development sessions over the next few months. I’m also opening up my security operations to the general public so they can see some of the technology and things we have going on here. I have a few vendors who are asking me to test and show off a few products and solutions so they will come in handy as well.

I have a few voicemails so will check on those today. I didn’t see any known or important numbers so this must be new connections which are always a good thing. Will reply and then cut the lines again. One never realize how much of an intrusion the ringing of a phone is until you turn it off for a day and feel the peace and calm it does for you. Wow, such subtle serenity is priceless. Bring on the IM, emails and txt messages.

So, do I clone myself or just try and find a few good people to help me with all this work I have on my plate, hmm, I ponder.

Anyway, it’s back to work and I hope I can finish up by tomorrow (which looks very much possible).

I am in need of someone with good web graphics designing skills in Flash to help me with the SecuriCity. There are a few things I want to do with it that i’m not skilled on. We’ll see what happens.

BTW. I have a Facebook fan page here http://www.facebook.com/pages/The-IT-Security-Attache/38575323030?ref=mf for those who are on that network and would like to follow my work.

Have a great day and I thank you for your support here on my blogs and for my organization.

~Brett A. Scudder~

The IT Security Attaché

Good day to you,

So here I am at it again since 5am. putting my thoughts, ideas, plans and concepts into fruition and getting ready to release TITSSN v.2010. As the flow of emails, IMs and text messages come in I feel such a sense of comfort as I work because I have control over how to address them and when based on severity, criticality or need. The sound of no phones ringing is a divine blessing thanks to a low call volume and the understanding of those I work with that email is my primary form of communication so they reach out to me there first.

I’ve got my music playing and running 6 systems all of which are doing different things in my master planning so i’m all set. So today I will continue to work inside the box in an effort to finish what i’ve set on my schedule. I will be releasing the ENGAGED initiative info today so look out for that.

Today is our oldest son’s birthday and after school we’re going to hang out for a while and we’re having his party this weekend. It will be fun.

By the way, anyone not yet looking at Windows 7, you better get to it now while you can. It’s an awesome OS.

Until the next update, have a great day,

~The IT Security Attaché~

Hi all

So it’s that time of the year again and the promotions and marketing have been underway for our MESS ~Mobility/Endpoint Security Summit~ coming up on May 19^th 2009 at the Microsoft Briefing Center in NYC. This year we will be getting a look at the upcoming Windows Mobile v.6.5 and 7 and some of the hot new gadgets and devices out there. With the new Netbooks and Smartphone’s a hot item on the streets we’ll be doing a feature and possible giveaways at the event.

Of course we will be having a special guest speaker and Mr. Ernie “Ghostbuster” Hudson has confirmed that he will be with us again this year. He happens to be filming a new movie in NYC at the same time so that’s even better for us. So exciting.

You won’t know unless you attend so hey, reserve your seats as soon as they become available. Registration opens on April 19^th.. Seats are limited to 250 people on a first come first serve basis so you know the deal.

Anyway, I have to start phase two of the event planning and marketing so look forward to seeing more info and updates on MESS over the coming weeks. Here is the event page http://titssn.net/mess.

The countdown begins NOW……….

Thank you and have a great day,

~Brett A. Scudder~

The IT Security Attaché

Good day to you,

I will be out of the office conducting a hands-on workshop on Windows 7 at our local Microsoft office in NYC. I will have limited access to messaging and will return call/messages upon my return.

Thank you and have a great day,

~Brett A. Scudder~

Hi all,

I made it home safely and must say that I am already missing New Orleans. Last night we went to Bourbon Street and was out till 3:30am. The sad part was, we had an early start for the day as today was the last day of the event and so we had to be up at registration by 8am.

The other sad thing is, I had a device that had not readjusted to the time zone change and so it went off at 7am which was really 6am and so I was up an hour earlier than I planned and after coming in so late I could have used the extra sleep.

Anyway, it worked out ok as the fun filled and eventful day kept me awake and we all parted ways at 1:30pm when the event ended and now i’m home safely. Yayyy.

I now have to catch up on the past 5 days of work as I had rushed out of here so fast on Friday I left my laptop behind but luckily, I have an awesome mobile device that kept me in the loop and abreast with the needed access and resources I needed.

So i’m back home and ready to go.

~The IT Security Attaché~

Hi all,

Here we are about to start the 2009 CRN Channel Champions Awards event at the Sheraton in New Orleans and it’s simply awesome.

There are so many awesome people from the industry here that it is just amazing. We had an awesome day and now we’re settling down to kick off the awards event.

Talk about doing it in style. The ambiance is just breath taking. I will try and capture a few images from my camera so I can share them with you guys. Today we had the HP and Dell World Premiere presentations and that shed some good light on the future of technology from these two great vendors.

So while i’m sitting here waiting for the start of the event I just wanted to post an update and some info about it. Talk about the power of mobility.

I love my mobile HTC Touch Pro device.

Gotta go.

The IT Security Attaché reporting from XChange 2009 in New Orleans.