News from PANUG/BizNix - September 17, 2003 http://panug.org - http://biznix.org TeX MEETING Sorry for the short notice on this one. Tonight (Wednesday, September 17), at 6:30 pm is a meeting that focuses on TeX, LaTeX, and related software used for desktop publishing. If you never heard of TeX, LaTeX, or LyX, this meeting is probably not for you. However, if you're looking for a way to produce professional-quality documents without having to purchase high-end commercial desktop publishing software, this meeting may be an eye opener. PANUG MEETING PANUG's September meeting is this Thursday, September 18, 2003 at 6:15 pm. The main presentation will be computer forensics. Much of computer forensics can be used to diagnose, fix, and prevent everyday computer and network data and security problems. The presenters are Dick Pilz and Robert Young. Dick will present an overview of computer forensics, which covers what it is (preservation, identification, extraction, documentation and interpretation of computer media for evidentiary and/or root cause analysis), how it is done, and some mention of tools, resources, and techniques. Robert will be discussing and demonstrating the use of EnCase for the forensic examination of computer hard drives. EnCase is the premier forensic examination tool used by police and law enforcement agencies around the world, and is increasingly being used by corporate security departments for internal investigations. Robert has been doing computer forensics work since 1988, and testified in court on the subject numerous times. FEEDBACK by Russ Washington I would also like to belatedly comment on the SANS-broadcast advice about antivirus software. My own feeling is that the comment has to be taken in the context it implies. To talk about needing to "require a uniform anti virus vendor" implies that he is talking about environments where a mishmash of approaches is at work. If a mishmash approach is applied to security already, then clearly the organization is dealing with a minor train wreck and standardization is the first thing they need to be thinking out. Nonstandardization in any deployment means no control, and no control means no security, regardless of what OS, application, or AV software you use. So in that respect, and in that context, the advice is sound at its most basic level (although many, myself included, recommend multiple tiers of protection that do not create single-vendor dependency). Outside of that context, the advice can't possibly be useful as a catchall-fixall recommendation. But I think the value of anti-virus software is also overblown. I had the recent misfortune to be involved in handling a W32.Welchia outbreak. For those familiar with the virus, it is a month old and exploits a Windows vulnerability. It is a fast mover, a fast infector, and basically the worst thing you can have in your network short of Nimda (remember that?) Well, the upshot is that a ton of time got chewed talking about whether the virus in the house was really Welchia versus some "new and unclassified virus" exploiting something Microsoft offered up a *new* patch for just two days ago. Why was this a big deal? Because the anti-virus defenses against Welchia were supposed to have been spun up a month ago and nobody wanted to be on the receiving end of the "how did this get through 30 days later" question. And in the end, the technicians who actually understood the issue and its implications were squashed. The moral of the story is that where malicious code is concerned, your OS and its native security is but one angle. The bigger question is how responsible people are going to be and how seriously they're going to take the need to be proactive. At this point in time, end users are not only complacent but downright uncooperative any time anyone suggests that they think about something other than their convenience. MS Windows is designed around this convenience-first user mentality. Then put maintaining that user base in the hands of people who can get fired for antagonizing those users and you have zero management of a real problem. Sure Windows is insecure. But consider that most of the security it *does* have is never implemented because end users get mad (with management backing), and you've got a whole other kind of problem. That, in my mind, is the real issue. And if we didn't have MS Windows to point at, somebody else would design something "usercentric" that shifted the need to be responsible off of the user and onto the guy they can get fired for telling them that security matter more than their ability to run blinking games out of emails from random senders. And we would have the same discussion all over again. DISCLAIMER PANUG and BizNix welcome contributions from all members. Member contributions do not necessarily represent the official positions of PANUG or BizNix. The views of members that contribute frequently may appear to be the official position of the group(s). If you contribute, you'll be adding vital diversity of opinion and outlook to these broadcasts.