Archive for the ‘Contingency Plan’ Category
Are you ready for …. everything?
September 6th, 2011Normally this time of year, I’d be thinkin about being ready for football season, the NASCAR chase or the kids to all finally be back in school - but over the past few weeks there’s been a number of events which have occured which brought out my “are you ready for anything that can happen?”. There’s been 3 earthquakes, a hurricane, flooding, 2 tropical storms and then the usual plethora of man made chaos in the world. So the question here is – what you are doing to be prepared.
September is National Preparedness Month (ready.gov) and typically focuses on natural disaster preperation especially as severe weather season is upon us. But the real question to any family or business is – What are you prepared for? Do you have a plan for an event which causes you to leave your house or office? Do you know who all your utility providers are and how to contact them? What about critical information around letting friends and business associates know what is happening and how to get in touch with you. There a loads of great information out there along with templates to use around organizing information and gathering all of details necessary. All of these are great ways to get oranized, but sometimes you just don’t have the time to keep up with all of the changing information. Here’s a couple of simple ways to deal with all of this:
-
Make sure your computers are backed up somewhere off-site – we call this cloud based backups – there are even some free backup plans if you have only a small amount of data, all automated
-
Use an inexpesive scanner to digitize all of your statements, receipts, etc - along with the backups, this gives you easy access to the information and allows you to get rid of the overwhelming load of paper you’ve been keeping.
-
Make sure you have a couple of essentials like cash, flashlights and gas in your car – I know it sounds simple but a lot of people just expect ATMs and gas stations to be open – the recent flooding in New Jersey towns prove how easy it is for these things to be knocked out.
-
Have a communication plan – know who to call when you have an emergency and let friends, family and business assocaites know something is going on – this way people who are worried about you at least know you have a plan and when you will get back to them.
-
Have a backup communication plan – with the east coast earthquake, the cellular network was overwhelmed and people were unable to contact others. Everything from BlackBerry Messenger, Skype, email, FaceTime, etc were all up and running as normal even though the major carriers where unable to connect phone calls.
So as you can see, almost anything can happen in a very short time frame, but if you take just a couple of minutes and make some preperations in advance, you can be ready for almost anything.
Google Users Fall Victim to Man-in-the-Middle Attack
August 30th, 2011Originally posted at Barracuda Labs Security Blog
Yesterday reports began to
trickle in that Google users in Iran were victim to a man-in-the-middle attack
through the use of an illegitimate SSL certificate issued for “*.google.com”.
This is the latest in a series of events involving a hacked Certificate
Authority, but this time there was clear evidence that the fake certificate was
being actively used. Details of the attack and consequences are being
written about extensively elsewhere, so we will give a brief overview and link
to those directly involved and others with particularly insightful analysis.
The certificate being used
was issued by a Dutch certificate authority, DigiNotar. The consequence is that
this CA has essentially been given the “death penalty”. Microsoft, Mozilla and
Google have removed the DigiNotar root certificate from their chain of trust
and certificates signed by them will have no more trust than one you generate
yourself. It is good to see that those who have the strongest position
when choosing which certificate authorities to trust are doing the right thing
here, with a technology that so many people rely on for security, privacy and
economic reason a “one strike and you’re out” system is appropriate. With
each attack similar to this one, we see that the current system of Certificate
Authorities is quite open to abuse with the combination of centralized and
opaque trust. Compromises of that trust can have severe
consequences. The system is clearly broken, and while some are working on
replacement solutions, it is what we have to use in the mean time.
Users are advised to remove
the DigiNotar root certificate.
Firefox:
http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert
Chrome:
http://googlechrometutorial.com/google-chrome-advanced-settings/Google-chrome-ssl-settings.html
IE:
Some newer versions of Windows seem to be automatically checking a CRL and
therefore are able to provide protection without a software update: “All
supported editions of Windows Vista, Windows 7, Windows Server 2008, and
Windows Server 2008 R2 use the Microsoft Certificate Trust List to validate the
trust of a certificate authority. There is no action required for users of
these operating systems because Microsoft has removed the DigiNotar root
certificate from the Microsoft Certificate Trust List.”
However older versions of
Windows do not provide automatic protection:” Microsoft will release a future
update to address this issue for all supported editions of Windows XP and
Windows Server 2003.”
http://www.microsoft.com/technet/security/advisory/2607712.mspx
The DigiNotar root will be
being removed from relevant Barracuda Networks products.
Further reading:
Google Online Security
Blog: An
Update on Attemped Man-in-the-Middle Attacks
DigiNotar Response: Diginotar
Reports Security Incident
When a country shuts down the internet, is your company at risk?
February 20th, 2011With the proliferation of short urls for use in twitter, facebook, foursquare and others, many companies are purchasing domains not in the usual .com and .net but instead using formerly country specific domains like .co, .ly, .in and lots of others. Over the past few weeks, we have all seen the unrest in Egypt, Libya and other countries which has caused some of them to shut down internet access. So where does this leave the companies who own domains controlled by these countries?
Without getting into the technical details of the internet – the short answer is: it depends. Every top level domain (TLD) name (.com, .net, .ly, .it, etc) are controlled by a specific country (.com is controlled by the US). If the main registry for the TLD goes down and the backup copies go down, then all of the domains for that TLD will be inaccessible. Some countries have started using out of country backup providers but many of the smaller ones simply haven’t gotten there yet. Last week, Libya shut down their Internet for about 16 hours, fortunately for companies like bit.ly, their domains were still cached outside of Libya and were usable until the connection was restored on Friday only to be shutdown again on Saturday.
A number of companies (posterious is one) are starting to shift over to new shortcut urls, but what a shift and disruption in their business this is causing, not to mention the engineering expense to plus the loss of brand collateral.
So what would your business do in this situation? What’s your backup plan if you own one of these domains? Currently we own ajci.co but we’re not using it for anything critical (we use it as a short url for posts instead of bit.ly links). Other domains we own with country specific TLDs we are using but only as a secondary option. If something were to happen with the internet here in the US, we do have a backup plan in place to use an alternate domain name and an alternate hosting provider. Just like every area of your business your internet presence deserves a disaster plan.
What is your business doing to ensure a single event can’t shut down your business or an outside entity can’t jepoardize how you communicate with customers? I’d love to hear your thoughts.
