Was recently at one of my customers.  My typical customer requires  that  I  have a badge or should be escorted while visiting their facility.  In this case I was issued a "visitor badge" which was nothing more than a small sticker with their logo, my name, and the current date.   It also stated I must be "escorted" at all times.

This particular day I was joined by 3 co-workers.  We left the customers office for a brief lunch.  On our return we were waiting in the elevator lobby for our escort to take us to his office.  While standing there we were "offered" access to the office area several times by employees entering or exiting for lunch.  They stood their politely holding the door us.  Our "visitor badge" was in plain sight.  We politely refused the offer knowing the rules.

On the way out I felt funny since I was not being escorted out.   I opened the door and there was an employee approaching the door.  He flashed his badge at me and passed me as I was exiting.  Hopefully their employee educational program covers data security policies better then their visitor policies.

-- Frank

We were challenged recently to demonstrate the capabilities of our Sun Ray 2 technology with the embedded VPN feature to several customers that required wireless networking.  So here is what was done to showcase this technology.

We had on hand a Sun Ray 270 thin client which had the latest firmware that allows configuration of the integrated VPN.  We employed the help of a LinkSys Wireless-G Access Point  model number WAP54G revision 3.1 with firmware version  V3.04, dated December 27, 2007.  The WAP was configured via the web interface to function as a "access point client" prior to connection to the Sun Ray 270.   By doing so it allows a hard wired Ethernet device to plug in and participate on a wireless network.  To put the WAP in "access point client" mode a MAC address of the remote access point is required.  The LinkSys WAP web interface has the facility to conduct a site survey to determine existing access points and allows for the selection of a remote access point.

• Insure you have a Sun Ray 2 or 270 thin client with the latest firmware with VPN capabilities.
  
• Get and configure a wireless access point (WAP) via another computer.
• Verify connection to the wireless network with that computer. 
• Connect the WAP to the Sun Ray.
• Power on the Sun Ray. 
• If previously configured to access a VPN you will be prompted for a username and a one time password generated via a secure id device.















• Your internal login screen will be displayed.
• If you have deployed smart cards insert it at this point.







• If a previous session exists you will be displayed a lock screen, Enter your password.
  
• The Sun Ray should come to life and your desktop through the VPN should be displayed with the applications you had previously started.

-- Frank

I just received a brand new Sun Ray 270 thin client.  I have been using one at home since January 2007.   I have had one on my desk since 2000 and have used them in many of the Sun Offices across the US.   The purpose of this new unit is to replace an aging Sun Ray 150 which had been used for years to show off Sun Microsystems thin client technology at various marketing events.   We also use a  Sun Ray 150 in our conference room for customer meetings and product briefings.

--Frank

One of the up and coming computer based solutions in the security space is video surveillance.  You may say to yourself "hey video surveillance isn't new".  Well it's not.  It's what is being done with the video after it leaves the camera that is new.  Commonly call CCTV or Closed Circuit Television these cameras have been analog based.  The cameras are connected to a central location via coax cable.  One cable per camera to the central location.  The cameras also require electric power to function.  Far more than 90% of the surveillance systems installed today are analog based.  Similar to the VCR technology rather tan DVR technology. Technology in this space is changing vary rapidly.

A new breed of camera is available by nearly ten vendors which offer  IP connectivity with many other advanced features. IP being "Internet Protocol" which is commonly spoken between computers on a network.  These new cameras include low light adjusting, infrared, remote control pan and zoom.  They can be set to record only when motion is detected.   These new video cameras are even powered by the Ethernet network that they are connected to.  That translates into lower wiring costs.   Some based on a small internal PC board can store up video and send it as requested.  Some hove wireless network interfaces too.

When the total cost of a solution is examined analog cameras cost $2K to $3K each while a similar digital solution would cost $1.5 to $2K per camera.  The initial purchase costs are higher then traditional CCTV cameras but the new features are extensive.

I have found that the market space is young but the players in the space are in some cases very mature.  Many have existing analog based solutions.    For more information on  Sun Microsystems Video Surveillance Solutions follow the link.

-- Frank

A friend of mine has pointed out that if you are using an older version of the browser Mozilla or Fire Fox you have the ability to save the page you are viewing as postscript. Then with any old text editor you can go into the postscript file and change the information as you see fit.

In the case of online airline check in, a security hole has been brought to my attention. Someone can display and print a boarding pass. They also can save it to a file and edit it. Changing the flight number, date and time this allows someone with a questionable background access beyond the airport security check points. Of course if an airline is using some type of scanning as part of their boarding process they should not get access to the plane.

-- Frank 

Just before the Super Bowl a friend of mine asked me what I would do if I were giving my computer away. My advice was to backup or save their files. They can save them to CD-ROMs or a thumb drive. I advised him to make sure that the media you copy it to is readable after you are complete. In other words verify you can read what was written. A testing of your backup.

I then suggested that he reformat his hard disk and reload the operating system. Once complete, verify that all of your personal information no longer exists on the computer disk(s).

This should prevent personal information from getting into the wrong hands. It may even prevent "Identity Theft" and the headache of cleaning up after someone has charged that large screen TV on your credit card.

It's your personal data. Don't spread it around.

-- Frank

I was asked to assist someone with a "computer" problem they were having recently. As soon as I sat down in front of their personal computer I noticed their personal firewall was "disabled". I questioned why it was disabled. They replied that some application they had attempted to use did not work. So they turned it off. I asked how long had it been disabled? They indicated a few days. While fixing their original problem I updated their virus protection software with the latest files. It had been many months since their virus definitions had been updated. So "Keep Your Guard Up"!

-- Frank 

So make sure you get "your" credit card back after each and every transaction.

In case you don't get your credit card back after a transaction here is a helpful pointer to the Federal Trade Commission's page on Credit, ATM and Debit Cards: What to do if They're Lost or Stolen.

-- Frank

Was in lower Manhattan yesterday between customer meetings. Walking across Cedar Street to Broadway very near Wall Street. I passed a FedEX truck with the rear door open. A stack of boxes sitting on the sidewalk. All unattended. As I passed I noticed one of the boxes was clearly marked in bold lettering Iron Mountain. I got to the end of the block before thinking of getting a photo if they were still there. So I returned to get this snapshot, the boxes still unattended.

Do you think this customer entended to have their data or backup tapes out on display for all to see on Cedar Street?  Do you think they were protected in some way?

I sure hope my personal information isn't on these tapes.

-- Frank

Was at a meeting last week where a number of participates had their laptops with them and used them extensively. Some were personally owned while others were owned by their employer. Not sure what the mix was.

I did not notice it until a colleague called it to my attention. All of the participants had left the room leaving their laptops unattended. This made for an easy grab by an untrustworthy individual. The meeting room was near an outside entrance. It was just off a restaurant lounge area which had a high volume of people traffic.

No wonder so many laptops and PDA's disappear each year. From a positive standpoint I feel confident that no one would find personal records of 30,000 employees, but I do know that company proprietary and confidential information was on every laptop. Could be very damaging to company direction and corporate image.

We have let our guard down! Think before you leave your laptop in public places or it may be your CNN moment. Don't be That Guy . . .

--Frank

Today I had to reset my password on two of my web based accounts. Managing these all to familiar accounts has become a real chore for me. The root of the problem is that I refuse to write them down on a post-it note and my memory isn't as sharp as it once was. Like most of you I too will use several variations of the same word or words. Now these new Web 2.0 based systems have started to report back that I have used this password once before, it is too similar to the current password, or has to have more then one symbol in addition to alphanumerics.

I have also found it isn't always my failing memory that has denied me access. Each time I needed to access one of my employee health benefit accounts the password I had set at last use was not excepted and had to be reset. To my surprise my wife had been using the same account and would have the password reset each time she would need to access it. How could this be?

At home recently we had a problem with the monitor on our personal computer. As I was troubleshooting the problem I moved the monitor to find my wife's own post-it note with more then a half dozen username password combinations stuck under the monitor base. So it's not just me having problems. When confronted she commented that most of the time she couldn't find her list of passwords. So good luck to some specificly looking for them.

Extremely perplexed by the situation I turned to Google for advice and to my surprise here is what the Microsoft and Sun security experts had to say:

Microsoft's Jesper Johansson

Sun's Dr. Whitfield Diffie

Well the experts say it's ok to write them down?

-- Frank