Friday, December 29, 2006

Interesting Domain Tools

I came across this interesting domain tool this week in an article by Mitch Keeler in Lockergnome's Web Developers newsletter.

The tool, Ajax DNS, is a real easy to use. In fact, it's one of the easiest to use that I've seen recently and, as Mitch noted, there's a lot of tools out there. With Ajax DNS, all the user has to do is enter the domain name in the top field and click on one of the buttons. There's DNS information, both live and traversal, as well as, Whois and IP search, HTTP header information and nifty ping utility.

Other favorite tools of mine are on my personal web site. Click on Tools on the left hand navigation bar to get the list.

Here's a sampling of some of the tools on the site:

Domain Tools
Netcraft
DNS Stuff
DIG
SiteAdvisor
SEO Tools
Webmaster Toolkit

And that's just a few of the many out there!

Tuesday, December 19, 2006

Threat Watch and Other Security Dashboards

I came across this interesting dashboard of current security threats from MessageLabs, a vendor of e-mail security products. Threat Watch has four graphs with the week's trends in virus, spam and phishing attacks. Each graph is a Flash object and can be clicked to open to a page about that particular type of attack.

The site is also full of monthly reports, whitepapers and all kinds of stuff for numbers junkies on attack statistics and up-to-date trends. MessageLabs could be described as a Managed Security Service Provider (MSSP) for corporate messaging, including both e-mail and IM. Their service -- they offer no software -- protects against viruses, spam and spyware.

I have other security dashboards on my personal web site. Click on News. Next to Threat Watch, which I just added, is a complete collection of well-known dashboards from CBIZ, an accounting and consulting company. Some of these are already scattered around my site at the bottom of some pages.

My Book Available in the UK Through IT Governance

My book, The Little Black Book of Computer Security, is now available in the UK through IT Governance Ltd, a consulting company specializing in IT compliance. They offer materials and information for companies on both US, UK and European regulations. These include Sarbanes-Oxley in the US, the Turnbull Report in the UK and Basel 2 in Europe.

My book has also been available for some time in the UK through Amazon, but IT Governance is offering it as a featured item this month.

Tuesday, December 12, 2006

Latest Batch of TechTarget Ask The Expert Questions

Monday, December 11, 2006

Top 10 on SearchSMB and a Podcast

I hit the top 10 tips in 2006 for SearchSMB with the following tips this year:

Registration may be required for some of these sites.

The podcast is on the 2007 outlook for security for SMBs. It's based on an article on SearchSMB recently on the same subject.

Interesting Links from Prof. Kabay

I thoroughly enjoy the twice-weekly Security Strategies column written by Professor Mich Kabay of Norwich University in Vermont. There's always a hidden gem or two in every column, even in side comments he makes throughout the column that are easy to miss.

In a book review he did last week of Managing Cybersecurity Resources by Lawrence Gordon and Martin Loeb, he mentioned an information security writer, Robert Slade. He had a link to a fantastic list of book reviews done by Slade that I wanted to pass along. This is a gold mine for book junkies like myself who are always on the prowl for good reading in information security, among other things.

As a side note, I've always been grateful to Mich for a nice review he did of my book a year ago. After the review, Amazon sold out in one way and was backlogged with orders for two weeks. Mich helped put me and my book on the map.

Sunday, December 10, 2006

How Microsoft Handles Its Own Security

There was a fascinating article in Computer World this week about how Microsoft handles its own security.

The article described steps Microsoft uses to fight off 100,000 attacks per month. A lot of it was some simple good common sense approaches to security that any organization should take.

Among the items were the following:

  • Two-factor authentication

  • Network access control

  • Encryption and strong passwords

  • E-Mail and IM without a VPN

  • External SharePoint sites

Wednesday, December 06, 2006

Cybersecurity Checklist for the US Government

The US Cyberconsequences Unit (CCU) has recently released a cybersecurity checklist for government agencies. The CCU is funded by the Department of Homeland Security (DHS), though it hasn't yet approved the checklist.

The list has 478 questions covering a range of information security issues from the technical to the human. It doesn't just focus narrowly on perimeter security and firewalls.

A link to the checklist can be found on Gideon Rasmussen's US Security Awareness web site.

I highly recommend Rasmussen's sites for information on security awareness and education.