We have 5000+ users going through Google's Postini service, and up until about 6 months ago spam levels were within normal tolerances. Over the past 6 weeks we are getting CRUSHED with phishing attempts that make it through their filters. The quality of the phishing emails is excellent (they're basically just re-using an actual email from Verizon Wireless, American Express, etc, and substituting their malicious links.) Google shows absolutely no interest or concern - it seems they're looking at this as a commodity service, and trying to get everyone to move over to fully-hosted email in the cloud. Well, that's not us. We're looking at alternatives, including Cisco IronPort and Proof Point. Anyone care to weigh in on pros + cons, and also on cloud vs on premises?
Agreed - but one minor clarification: Hollywood negotiates with the theaters for profits percentages for new releases. Opening weekend, Hollywood takes 100% of ticket sales, and the theaters ONLY make money on the crap food they sell you. Several days/weeks later (depending on the release), the theater now starts getting incrementally more percentage. So they have to charge $5 for a box of popcorn to make any money.
Yes, pun intended, but seriously: many dispensaries are still getting raided by the feds, who take their computers and customer lists. Maybe a cloud-based ERP solution would be a good way to get around this, assuming you could crypto the fuck out of it. Just figure out how to remember the password before you toke up, and don't write the password down on rolling papers.
I'm sorry, I know this is
I completely understand the concept of facilitating employee communications - we have a solution for that - secure file transfer (SFT), which we implemented after our FTP server was hacked and sensitive files went god-knows-where. SFT is quantifiable, controlled, and far more secure than something like dropbox, especially when you consider the issues described in TFA.
And I disagree with the anon poster below who compares this to flash drives or CD's. Again, anybody, anywhere, can access dropbox files once you get the
And I did look at a few user's systems - large MP3 collections and yes, sensitive business documents.
I am trying to PROTECT the profitability of my company.
My IPS sensors went berzerk today after I updated my sigs from Emergingthreats.net:
emerging-all.rules:alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"ET POLICY Dropbox.com Offsite File Backup in Use"; flow:established,to_server; uricontent:"/subscribe?host_int="; uricontent:"&ns_map="; uricontent:"&ts="; content:".dropbox.com|0d 0a|"; classtype:policy-violation; sid:2012647; rev:2;)
I was shocked how many users have this installed and running on their systems. Now I just need to convince management why I should change this rule to BLOCK. TFA and the
Kudos to the folks at ET and the community that writes these sigs. Simply amazing.
My favorite: "What is your favorite color?" Answer: "Red, no blue!" (booooinnng! omitted)
Perhaps a better learning experience would be to connect the lab (or a handful of the students own computers) to the Internet, and stick a box running Snort (www.snort.org) with Emerging Threats (www.emergingthreats.net) signatures in between. If, by some miracle (or the fact that they're all Mac's) you don't have any immediate indicators of infection, then head on over to teh Googles and search for 'smiley tool bar' or 'free porn' with the I'm-Feeling-Lucky button. That ought to do the trick.
Get a full packet capture of the session so you can dissect how the virus was able to get on the machine, where it left hooks, how its similar and different to other types of malware, etc.
I agree that a review of a simple virus is a worthwhile endeavor, but perhaps that's best learned via a good book or whitepapers on the Internet. Save the demo for something that's relevant and 'live'.
And on second thought, maybe its best if you set up a demo machine to be infected. That way you can nuke it from space afterwards, just to be sure.
Many years ago I worked at a Boston-based mutual fund company. We not only had pre-meeting meetings (where the people on your "side" would all agree on what they'd say/agree to in the actual meeting), but then we started have pre-pre-meeting meetings - where a smaller subset of the people on your side would agree on what they'd say/agree to in the pre-meeting meeting, and then what they'd actually say in the actual meeting. (!!!)
Confused? You betcha. Backstabbing was considered an acceptable way to get your job done, especially if it had ANYTHING to do with the Marketing department.
Mod parent up. The other reason, still on the SLA track, is guaranteed Quality of Service. We were an early adopter for VoIP across our 100+ MPLS sites (mostly T1s or NxT1's). No way we're running enterprise voice (and now video) over "teh Internets".
They have competition, but not enough so in the enterprise market. Every year when it comes time to renew our support/licensing agreements, there is NO negotiation. They basically say "this year its $X." That's it, end of story. Pay up or else. They might as well be sticking a gun in our back. REAL competition might not get us to switch away from Microsoft, but it will at least bring them back to the table for actual discussions on price.
The other posters are correct. You only say "DAHS" if you're from Boston, as in: "Oh My Gawhd, some retahd on slashdaht is still writing DAHS bahtch files. Why don't we just fihre up Windows fah Workgroups while we're aht it."
Seriously though - I think nmap can send PCL commands via the nmap scripting engine, which is written in LUA. How about wrapping that with what some of the other posters are suggesting?
There are two things I don't understand:
1) people who are addicted to Facebook, and feel the need to post every single one of their inane thoughts on FB
2) how those inane thoughts have any marketing value and/or how it affects the users "privacy".
I understand the PII (Personally Indentifying Information) issues like birthday, hometown, etc, but does ANYONE really care that one of my friends from High School (whom I haven't spoken to in over 18 years but 'friended via FB) is proud that his daughter scored her first goal in soccer today?? (True story, btw.)
Is someone actually mining that random piece of trivia into an actionable data point that can then be used to generate revenue? I guess what I'm saying is that I'm not sure what all the fuss is about.
Racktables.org is a very good, Free / Open Source solution to your problem. From the SourceForge description:
Racktables is a nifty and robust solution for datacenter and server room asset management. It helps document hardware assets, network addresses, space in racks, networks configuration and much, much more!
It lets you lay out racks, assign IP Address to assets, yadda yadda. Live Demo here:
Last code update was 2010-02-17, and the guy seems to be good about maintaining it and adding new features. Its not "sexy" in the sense that your not looking at actual Visio diagrams of the gear in the racks. If you really need that, then I would suggest the RackWise solution (http://www.rackwise.com/), which has two offerings: 1) SaaS, where you pay by rack, at roughly $300 per rack. Its a plug-in to Visio, and your rack models are stored up in the cloud., 2) onsite appliance, where you pay through the nose (!!) but get the added benefit of integrating power management functionality into the solution.. i.e. how much power is this rack drawing, what PDU's is it attached to, etc. Option #2 is for large-ish (100+ rack) datacenters, IIRC.
There's an script in nmap that does this quite easily:
nmap --script=pjl-ready-message.nse --script-args='pjl_ready_message="your message here"'
My favorite message to use is "INSERT COIN"