Just when I thought I've seen everything when it comes to malware, I was wrong as a PC vendor is trying to desperately position itself as one offering a feeling of security with the idea to strip its product and lower the customer price. The other day I came across to a fancy ad featuring Lenovo's ThinkVantage Virus Recovery Button, and promoting its usefulness even when there's no AV solution in place :
"Rescue and Recovery is a one button recovery and restore solution that includes a set of self recovery tools to help users diagnose, get help and recover from a virus or other system crashes quickly, even if the primary operating system will not boot and you are remote from your support team."
The video ad is indeed fascinating, and while their Embedded Security Subsystem 2.0 "locks your sensitive data behind hardware-based encryption", you'd better take advantage of their utilities options and try to avoid such a weak positioning in respect to malware. The Virus Recovery Button seems to be directly targeting the masses and totaly removing the complexity issue by introducing a button-based solution to malware -- dangerous as backups and their idea could have proven useful during the first generations of malware.
Anti virus signatures, response time, and various other proactive malware prevention approaches such as, IPS, buffer overflow protection are among today's most widely discussed approaches when dealing with malware, and of course, the principle of least privilege to user accounts. But why the anti virus button when it can be an anti-hacker one? I feel they'd better stick to their OEM agreements and find other ways to achieve competive advantage in pricing than providing a false sense of security.
In my recent "Malware - future trends" research I mentioned on the fully realistic scenario of having your security solution turn into a security problem itself. While this is nothing new, in this case we have a misjudged security proposition, as recovering to a pre-infection state doesn't necessariry mean confidentiality of sensitive personal/financial information wouldn't be breached by the time the user is aware of the infection, if it ever happens of course.
Moreover, Lenovo was recently under scrutiny as "The U.S.-China Economic Security Review Commission (USCC) argues that a foreign intelligence like that of the Communist Party of China (CPC) can use its power to get Lenovo to equip its machines with espionage devices. Lenovo has strongly declined that it is involved in any such activities", and while they eventually reached a consensus on using the machines on unclassified systems only, it doesn't mean they aren't exposed to a wide variety of threats going beyond China backdooring them, such as Zotob over border-screening systems at airports.
As a matter of fact, the rival PC/notebook propositions might still be owned by U.S companies, but are mostly assembled in China these days -- too much hype for nothing.
UPDATE - Sites that picked up the post
LinuxSecurity.com
MalwareHelp.org
Technorati tags:
Security, Malware, Anti-virus, Lenovo, Data Recovery
Thursday, April 20, 2006
The anti virus industry's panacea - a virus recovery button
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Digital forensics - efficient data acquisition devices
Digital forensics have always been a hot market segment, whereas the need for a reliable network based forensics model given main Internet's insecurities such as source address spoofing and the lack of commonly accepted security events reporting practices is constantly growing as well. Information acqusition, analysis and interpretation in the most reliable and efficient way is often among the desired outcome -- and of course figure out what has been happenning at a given historical moment in time or in real-time if applicable.
In a previous post related to "Detecting intruders and where to look for" I mentioned lots of resources regarding the topic, and tools to take advantage of, if in need. In respect to cell phones and various related privacy issues, excluding the physical forensic analysis that could be successfully performed, there's a growing discussing on whether a "suspect's" physical location should be revealed though a mobile-phone carrier -- segmented requests are the most efficient and socially-conscious ones I think.
Today I came across to "Logicube CellDEK" a portable handset data extraction kit :
"The portable CellDEK® acquires data from over 160 of the most popular cell phones and PDA's. Built to perform in the field (not just in the lab), investigators can immediately gain acces to vital information. This saves days of waiting for crucial data to come back from a crime lab. The CellDEK software automatically performs forensic extraction of the following data: Handset Time and Date, Serial Numbers (IMEI, IMSI), Dialed Calls, Received Calls, Phonebook (both handset and SIM), SMS (both handset and SIM), Deleted SMS from SIM, Calendar, Memos, To Do Lists, Pictures, Video, and Audio."
Nothing surprising as there are many other freeware applications/ways to do cell phone forensics (full list can be found at Sergio Hernando's blog), but what made me an impression was its usefulness by covering over 160 models, portability due to its size and capabilities, and that up to 40 adapters may be stored in the system’s built-in rack. Some challenges I see to today's forensic investigators are the sophistication of publicly available encryption/steganographic tools, the Internet acting as a online HDD opening opportunities for dead-drop places, and communications that went over covert channels.
On my wislist however, has always been the company's Forensic MD5, as it basically "swallows" data in a timely manner -- a bad toy in the hands of a insider going beyond average types of removable media, and in moments where minutes count. As a matter of fact, a forensic investigator's sophistication and expertise doesn't really count when the Mafia is still catching up on how to encrypt. Still, I'm convinced how some of his "operatives" are into far more sophisticated methods of communication than he is.
Check out some more resources, and case studies on the topic as well :
How to Become a Cyber-Investigator
SANS Reading Room - Forensics
Digital Forensics Tool Testing Images
Computer Forensics for Lawyers
Forensic Analysis of the Windows Registry
Forensic Computing from a Computer Security perspective
Guidelines on PDA Forensics
Forensic Examination of a RIM (BlackBerry) Wireless Device
WebMail Forensics
iPod Forensics
Digital Music Device Forensics
Forensics and the GSM mobile telephone system
List of Printers Which Do or Don't Print Tracking Dots
Metasploit Anti-forensics homepage
UPDATE - Sites that picked up the story
LinuxSecurity.com
Technorati tags:
Security, Forensics, cyber-crime, Mobile Phone
In a previous post related to "Detecting intruders and where to look for" I mentioned lots of resources regarding the topic, and tools to take advantage of, if in need. In respect to cell phones and various related privacy issues, excluding the physical forensic analysis that could be successfully performed, there's a growing discussing on whether a "suspect's" physical location should be revealed though a mobile-phone carrier -- segmented requests are the most efficient and socially-conscious ones I think.
Today I came across to "Logicube CellDEK" a portable handset data extraction kit :
"The portable CellDEK® acquires data from over 160 of the most popular cell phones and PDA's. Built to perform in the field (not just in the lab), investigators can immediately gain acces to vital information. This saves days of waiting for crucial data to come back from a crime lab. The CellDEK software automatically performs forensic extraction of the following data: Handset Time and Date, Serial Numbers (IMEI, IMSI), Dialed Calls, Received Calls, Phonebook (both handset and SIM), SMS (both handset and SIM), Deleted SMS from SIM, Calendar, Memos, To Do Lists, Pictures, Video, and Audio."
Nothing surprising as there are many other freeware applications/ways to do cell phone forensics (full list can be found at Sergio Hernando's blog), but what made me an impression was its usefulness by covering over 160 models, portability due to its size and capabilities, and that up to 40 adapters may be stored in the system’s built-in rack. Some challenges I see to today's forensic investigators are the sophistication of publicly available encryption/steganographic tools, the Internet acting as a online HDD opening opportunities for dead-drop places, and communications that went over covert channels.
On my wislist however, has always been the company's Forensic MD5, as it basically "swallows" data in a timely manner -- a bad toy in the hands of a insider going beyond average types of removable media, and in moments where minutes count. As a matter of fact, a forensic investigator's sophistication and expertise doesn't really count when the Mafia is still catching up on how to encrypt. Still, I'm convinced how some of his "operatives" are into far more sophisticated methods of communication than he is.
Check out some more resources, and case studies on the topic as well :
How to Become a Cyber-Investigator
SANS Reading Room - Forensics
Digital Forensics Tool Testing Images
Computer Forensics for Lawyers
Forensic Analysis of the Windows Registry
Forensic Computing from a Computer Security perspective
Guidelines on PDA Forensics
Forensic Examination of a RIM (BlackBerry) Wireless Device
WebMail Forensics
iPod Forensics
Digital Music Device Forensics
Forensics and the GSM mobile telephone system
List of Printers Which Do or Don't Print Tracking Dots
Metasploit Anti-forensics homepage
UPDATE - Sites that picked up the story
LinuxSecurity.com
Technorati tags:
Security, Forensics, cyber-crime, Mobile Phone
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Tuesday, April 18, 2006
Spotting valuable investments in the information security market
Back in January I mentioned the possible acqusition of SiteAdvisor in my "Look who's gonna cash for evaluating the maliciousness of the Web?" post and it seems McAfee have realized the potential of this social-networking powered concept on a wide scale, and recently acquired SiteAdvisor -- this was meant to happen one way or another and with risk of being over-enthusiastic I feel I successfully spotted this one.
Next to SiteAdvisor's pros and cons that I commented on, I also provided a resourceful overview of some of the current malware crawling projects out there, to recently find out that WebRoot finally went public with the Phileas spyware crawler, and that Microsoft's Strider Crawler came up with the Typo-Control project -- great idea as a matter of fact. What are some of the current/future trends in the information security industry? Are the recent flood of acquisitions the result of cheaper hardware and the utilization of open-source software, thus cutting costs to the minimum while the idea still makes it to the market?
Have both, entry and exit barriers totally vanished so that anyone could get aspired of becoming a vendor without the brand at the first place? Excluding the big picture, it is amazing how uninformed both, end and corporate users are, yet another lack of incentive for security vendors to reach another level of solutions -- if it ain't broken, don't improve it.
Moreover, what would the effect be of achieving the utopian 100% security on both, the market and the world's economy? On one hand we have "the worst year" of cybercrime, whereas spending and salaries are booming, and they should be as the not knowing how much security is enough, but trying to achieve the most secured state is a driving factor for decades to come.
The bottom line is, the more insecurities, the more security spending, the higher the spending, the higher the growth, and with increasing purchasing power, corporate R&D, and government initiatives you have a fully working economic model -- going to war, or seeing terrorists everywhere is today's driving force for military/intelligence spending compared to the "Reds are everywhere" propaganda from both camps of course, back in the Cold War period. Fighting with inspired bureaucrats is always an issue as well.
The Ansoff's Product/Market Matrix often acts as the de-facto standard for developing business opportunities, that is, of course, if you're not lead by a visionary aim, promote an internal "everyday startup" atmosphere to stimulate creativity, or benchmark against competitors. On the majority of occassions a security vendor is looking for ways to diversify its solutions' portfolio, thus taking advantage of re-introduced product life cycles and new sources for revenues.
While there should be nothing wrong with that given a vendor is actually providing a reliable solution and support with it, I often argue on how marketable propositions centric business model is not good for the long-term competitiveness of the company in question.
It's the judgement and competitors myopia that I'm talking about. In respect to the current information security market trends, or let's pick up the anti virus solutions segment, that means loosing sight of the big picture with the help of the mainstream media -- cross refferenced malware names, "yet another" malware in the wild, or supposed to be Russian hacker selling his soul for E-gold(cut the stereotypes here and go through the majority of recent statistics to see where all that phishing, spam and malware is coming from), is a common weakness of a possible decision-maker looking for acquisitions. Focusing on both, current trends, and current competitions is the myopia that would prevent you from sensing the emerging ones, the ones that would improve your competitiveness at any time of execution of course.
The way we have been witnessing an overal shift towards a services based world economy in comparisson to a goods based one, in the informaiton security market services or solutions will inevitably profiliate in the upcoming future. When was the last time you heart someone saying "I don't need an anti-virus scanner, but an anti-virus solution, what's yours and how is it differentiated from the others I'm aware of"? Un-informed decisions, quick and cheap way to get away with the "security problem", or being totally brainwashed by a vendor's salesforce would result in enormous long-term TCO(total cost of ownership) problems, given someone actually figures a way to make the connection in here.
Some time ago, I came across a great article at CSOOnline.com "2 Vendor Megatrends and What They Mean to You" giving insight on two trends, namely, consolidation of security providers and convergence -- the interception between IT and physical security. And while it's great in respect to covering these current trends, I feel the article hasn't mentioned the 3rd one - Diversification. An excerpt :
"One trend is consolidation. "We're seeing the bigger players buying out many of the smaller companies. And I think the largest of the security firms are looking to provide a full range of enterprise services," says C. Warren Axelrod, director of global information security at Pershing, a Bank of New York Securities Group company. "The larger firms, like Internet Security Systems, Symantec and Computer Associates, are buying in many areas to complement what they have. They're basically vying for control of the security space." Axelrod is dead on, and consolidation is just as rampant among physical security vendors as it is in the IT world."
I feel consolidation is happening mainly because different market segments are constantly getting crowded and mainly because it's very, very hard to get a name in the information security market these days, so instead of run for your own IPO, compete against market players whose minor modification may ruin your entire idea, you'd better get acquired one way or another. @stake is an example of how skilled HR runs away from the acquirer, at least for me counting the HR as the driving force besides the brand.
More from the article :
"The second trend is convergence—the confluence of IT and physical security systems and vendors—which, in some sense, is another form of consolidation, only it's happening across the line that historically divided those two worlds."
Tangible security is often favored by investors as it targets the masses, and the most visible example besides perimeter based defenses are the hardware appliances themselves. These days, there isn't a single anti virus, anti spam or anti spyware solution provider without a hardware appliance, but what's to note is how their OEM agreements are still working and fully applicable, it's all about greed, or let's avoid the cliche and say profit maximization -- whatever the market requires the vendors deliver!
Very in-depth article, while I can argue that vendors are so desperate to "consolidate bids" on a national level, as they usually try to get as big part of the pie as possible. What's else to note is that the higher the market transparency, the more competitive the environment, thus greater competition which is always useful for the final user. In respect to heterogenity and homogenity of security solutions, and all-in-one propositions, the trade-offs are plain simple, cut total TCO by using a single vendor, get your entire infrastructure breached into by an attacker that would sooner or later find a vulnerability in it -- find the balance and try to avoid the myth that complexity results in insecurities, as it's a unique situation every time.
What we're witnessing acquisition-to-solution turn-around periods of several months in response to an emerging market - the IM one, mobile anti-virus scanners seem to be the "next big thing", whereas it would take quite some time for this segment to develop, still you'd better be among the first to respond to the interest and the fact that there are more mobile phones capable of getting infected with a virus, than PCs out there -- 3G, 4G, mobile banking would fuel the growth even more, and these are just among the few issues to keep in mind. In a previous post, I also mentioned on a creative use of security intelligence information in Sophos's Zombie Alert service, and a product-line extensions, namely McAfee's bot killing system. What no one pictured would happen is emerging these days - vulnerabilities turning into IP and the overal commercialization of the security vulnerabilities market, and getting paid for getting hacked is a growing trend as well -- much more's to come for sure.
The secrets to successful acquisitions?
- retain the HR that came with it, and better put something on the table at the first place
- don't try to cannibalize the culture there, Flickr is the perfect example out of the security market
- go beyond the mainstream media sources, and PR releases, use open source competitive intelligence tools in order not to miss an opportunity
- attend as much cons as possible to keep track of who's who and where's the industry heading to
- cost-effectively keep in touch with researchers, and an eye on their blogs, you never know who would be your early warning system for business development ideas
Try to stay on the top of security, not in line with it.
Technorati tags:
Security, Information Security, SiteAdvisor, McAfee, Investing, Investment, Market Trends, Economics
Next to SiteAdvisor's pros and cons that I commented on, I also provided a resourceful overview of some of the current malware crawling projects out there, to recently find out that WebRoot finally went public with the Phileas spyware crawler, and that Microsoft's Strider Crawler came up with the Typo-Control project -- great idea as a matter of fact. What are some of the current/future trends in the information security industry? Are the recent flood of acquisitions the result of cheaper hardware and the utilization of open-source software, thus cutting costs to the minimum while the idea still makes it to the market?
Have both, entry and exit barriers totally vanished so that anyone could get aspired of becoming a vendor without the brand at the first place? Excluding the big picture, it is amazing how uninformed both, end and corporate users are, yet another lack of incentive for security vendors to reach another level of solutions -- if it ain't broken, don't improve it.
Moreover, what would the effect be of achieving the utopian 100% security on both, the market and the world's economy? On one hand we have "the worst year" of cybercrime, whereas spending and salaries are booming, and they should be as the not knowing how much security is enough, but trying to achieve the most secured state is a driving factor for decades to come.
The bottom line is, the more insecurities, the more security spending, the higher the spending, the higher the growth, and with increasing purchasing power, corporate R&D, and government initiatives you have a fully working economic model -- going to war, or seeing terrorists everywhere is today's driving force for military/intelligence spending compared to the "Reds are everywhere" propaganda from both camps of course, back in the Cold War period. Fighting with inspired bureaucrats is always an issue as well.
The Ansoff's Product/Market Matrix often acts as the de-facto standard for developing business opportunities, that is, of course, if you're not lead by a visionary aim, promote an internal "everyday startup" atmosphere to stimulate creativity, or benchmark against competitors. On the majority of occassions a security vendor is looking for ways to diversify its solutions' portfolio, thus taking advantage of re-introduced product life cycles and new sources for revenues.
While there should be nothing wrong with that given a vendor is actually providing a reliable solution and support with it, I often argue on how marketable propositions centric business model is not good for the long-term competitiveness of the company in question.
It's the judgement and competitors myopia that I'm talking about. In respect to the current information security market trends, or let's pick up the anti virus solutions segment, that means loosing sight of the big picture with the help of the mainstream media -- cross refferenced malware names, "yet another" malware in the wild, or supposed to be Russian hacker selling his soul for E-gold(cut the stereotypes here and go through the majority of recent statistics to see where all that phishing, spam and malware is coming from), is a common weakness of a possible decision-maker looking for acquisitions. Focusing on both, current trends, and current competitions is the myopia that would prevent you from sensing the emerging ones, the ones that would improve your competitiveness at any time of execution of course.
The way we have been witnessing an overal shift towards a services based world economy in comparisson to a goods based one, in the informaiton security market services or solutions will inevitably profiliate in the upcoming future. When was the last time you heart someone saying "I don't need an anti-virus scanner, but an anti-virus solution, what's yours and how is it differentiated from the others I'm aware of"? Un-informed decisions, quick and cheap way to get away with the "security problem", or being totally brainwashed by a vendor's salesforce would result in enormous long-term TCO(total cost of ownership) problems, given someone actually figures a way to make the connection in here.
Some time ago, I came across a great article at CSOOnline.com "2 Vendor Megatrends and What They Mean to You" giving insight on two trends, namely, consolidation of security providers and convergence -- the interception between IT and physical security. And while it's great in respect to covering these current trends, I feel the article hasn't mentioned the 3rd one - Diversification. An excerpt :
"One trend is consolidation. "We're seeing the bigger players buying out many of the smaller companies. And I think the largest of the security firms are looking to provide a full range of enterprise services," says C. Warren Axelrod, director of global information security at Pershing, a Bank of New York Securities Group company. "The larger firms, like Internet Security Systems, Symantec and Computer Associates, are buying in many areas to complement what they have. They're basically vying for control of the security space." Axelrod is dead on, and consolidation is just as rampant among physical security vendors as it is in the IT world."
I feel consolidation is happening mainly because different market segments are constantly getting crowded and mainly because it's very, very hard to get a name in the information security market these days, so instead of run for your own IPO, compete against market players whose minor modification may ruin your entire idea, you'd better get acquired one way or another. @stake is an example of how skilled HR runs away from the acquirer, at least for me counting the HR as the driving force besides the brand.
More from the article :
"The second trend is convergence—the confluence of IT and physical security systems and vendors—which, in some sense, is another form of consolidation, only it's happening across the line that historically divided those two worlds."
Tangible security is often favored by investors as it targets the masses, and the most visible example besides perimeter based defenses are the hardware appliances themselves. These days, there isn't a single anti virus, anti spam or anti spyware solution provider without a hardware appliance, but what's to note is how their OEM agreements are still working and fully applicable, it's all about greed, or let's avoid the cliche and say profit maximization -- whatever the market requires the vendors deliver!
Very in-depth article, while I can argue that vendors are so desperate to "consolidate bids" on a national level, as they usually try to get as big part of the pie as possible. What's else to note is that the higher the market transparency, the more competitive the environment, thus greater competition which is always useful for the final user. In respect to heterogenity and homogenity of security solutions, and all-in-one propositions, the trade-offs are plain simple, cut total TCO by using a single vendor, get your entire infrastructure breached into by an attacker that would sooner or later find a vulnerability in it -- find the balance and try to avoid the myth that complexity results in insecurities, as it's a unique situation every time.
What we're witnessing acquisition-to-solution turn-around periods of several months in response to an emerging market - the IM one, mobile anti-virus scanners seem to be the "next big thing", whereas it would take quite some time for this segment to develop, still you'd better be among the first to respond to the interest and the fact that there are more mobile phones capable of getting infected with a virus, than PCs out there -- 3G, 4G, mobile banking would fuel the growth even more, and these are just among the few issues to keep in mind. In a previous post, I also mentioned on a creative use of security intelligence information in Sophos's Zombie Alert service, and a product-line extensions, namely McAfee's bot killing system. What no one pictured would happen is emerging these days - vulnerabilities turning into IP and the overal commercialization of the security vulnerabilities market, and getting paid for getting hacked is a growing trend as well -- much more's to come for sure.
The secrets to successful acquisitions?
- retain the HR that came with it, and better put something on the table at the first place
- don't try to cannibalize the culture there, Flickr is the perfect example out of the security market
- go beyond the mainstream media sources, and PR releases, use open source competitive intelligence tools in order not to miss an opportunity
- attend as much cons as possible to keep track of who's who and where's the industry heading to
- cost-effectively keep in touch with researchers, and an eye on their blogs, you never know who would be your early warning system for business development ideas
Try to stay on the top of security, not in line with it.
Technorati tags:
Security, Information Security, SiteAdvisor, McAfee, Investing, Investment, Market Trends, Economics
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Would somebody please buy this Titan 1 ICBM Missile Base?
I feel that no matter how much you try to bypass the intermediary, it would continue to remain the place for anything auction - 0day vulnerabilities, Enigma encryption machines, and now a Titan 1 ICBM Missile Base, is for sale at Ebay for the N time. Bari Hotchkiss listed the characteristics of the underground fortress as :
- Hardened buildings built to withstand One megaton nuclear blast within three thousand feet
- Wall thicknesses up to fourteen feet
- Thousands of feet of connecting tunnels
- Paved roads. Security fencing
Trying to auction it again, as he seems to own the facility, it beats The Bunker in respect to a wide range of physical/electronic attack based security possibilities, and has the potential to turn into the perfect data center with enough space for war rooms on every level.
As Gene Spafford once put it :
"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts."
and you would probably need a network connection of some kind to make use if it -- that means insecurities posed out of open and hard to control external networks.
I've once mentioned how nuclear weapons aren't the type of central military thinking problem the way they used to be during the Cold War's arms race, as there are many more emerging threats to consider, such as EMP, and Space warfare, but that's hell of an offer for a post-ColdWar underground complex, isn't it?
Some resources worth taking a look at :
19 Ways to Build Physical Security into a Data Center
Data Center : Securing Server Farms - Solution Reference Network Design
Data Center Security Associate Certificate Recommended Reading
Technorati tags:
Security, ICBM, Data Center, Missile Base
- Hardened buildings built to withstand One megaton nuclear blast within three thousand feet
- Wall thicknesses up to fourteen feet
- Thousands of feet of connecting tunnels
- Paved roads. Security fencing
Trying to auction it again, as he seems to own the facility, it beats The Bunker in respect to a wide range of physical/electronic attack based security possibilities, and has the potential to turn into the perfect data center with enough space for war rooms on every level.
As Gene Spafford once put it :
"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts."
and you would probably need a network connection of some kind to make use if it -- that means insecurities posed out of open and hard to control external networks.
I've once mentioned how nuclear weapons aren't the type of central military thinking problem the way they used to be during the Cold War's arms race, as there are many more emerging threats to consider, such as EMP, and Space warfare, but that's hell of an offer for a post-ColdWar underground complex, isn't it?
Some resources worth taking a look at :
19 Ways to Build Physical Security into a Data Center
Data Center : Securing Server Farms - Solution Reference Network Design
Data Center Security Associate Certificate Recommended Reading
Technorati tags:
Security, ICBM, Data Center, Missile Base
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Comments (Atom)