The Intelligence and National Security Alliance (INSA) just released a pretty good paper on Cloud Computing. I recommend you make time for a quick review.
A quick snippet:
- Cloud Computing as an adjective: A method of computing that provides IT capacity in elastic ways to expand to meet user needs and contract when demand decreases.
- Cloud Computing as a noun: An infrastructure of on-demand capabilities using virtualized resources. This involves pools of storage, network, processing, and other computational resources that can be efficiently allocated when requested and quickly provisioned in a highly automated fashion.
Fairly interesting findings and recommendations in the rest of the document as well as discussion on SaaS, PaaS and IaaS. What ideas and lessons did you glean? What do you think they missed?
One of the important things in the Information Technology field is the ability to not only understand the technology itself but to be able to expertly navigate the human network. With that said we’re taking a look at the Best of the Best in Professional Cyber Security Organizations and Conferences:
USENIX, the Advanced Computing Systems Association:
- Fosters technical excellence and innovation
- Supports and disseminates research with a practical bias
- Provides a neutral forum for discussion of technical issues
- Encourages computing outreach into the community at large
USENIX Annual Technical Conference (USENIX ATC ’12) is their main conference. USENIX ATC ’12 will take place June 12–15, 2012 in Boston.
IEEE, pronounced “Eye-triple-E”, stands for the Institute of Electrical and Electronics Engineers.
- foster technological innovation and excellence for the benefit of humanity.
- essential to the global technical community and to technical professionals everywhere, and be universally recognized for the contributions of technology and of technical professionals in improving global conditions.
IEEE Symposium on Security & Privacy is their main Cyber Security conference. IEEE SEC & PRI will take place May 20-23, 2012 in San Francisco.
ISOC, Internet Society, founded by Vint Cerf:
- world’s trusted independent source of leadership for Internet policy, technology standards, and future development.
- More than simply advancing technology, they work to ensure the Internet continues to grow and evolve as a platform for innovation, economic development, and social progress for people around the world.
Network & distributed System Security Symposium (NDSS) occured on February 5-8, 2012 in San Diego.
ACM, Association for Computing Machinery:
- widely recognized as the premier membership organization for computing professionals, delivering resources that advance computing as a science and a profession
- enables professional development
- promote policies and research that benefit society.
ACM Computer and Communications Security (ACM CSS) Conference will occur on October 16-18, 2012 in Raleigh.
[via David Brumley]
This weekend I spent a bit of time learning how to share my home internet connection with my mobile devices to make my data transport more secure. I did this in the form of a Virtual Private Network (VPN). I must say I will always ensure I’ve got something implemented to ensure my transport confidentiality after learning the Wifi Pineapple is on the loose. This little VPN endeavor was a slight challenge and requires a home internet connection, dedicated computer, and ability to understand and modify your home router rules.
Something that would mitigate the scary inside of a home router for those that chose would be the iTwin. Its ability to share your documents securely between computers is impressive. iTwin boasts that it “is like the two ends of a cable, without the cable” and with AES-256 hardware-enabled encryption they know their stuff. The current implementation requires administrator privileges to install approximately 15MBs of proprietary software on both computers and you’re off and running.
The benefits – None of your data is stored on the device. There aren’t any VPN configurations to worry about. Temporary files created are cleaned up automatically. And the device can be disabled remotely should it go missing. Password protection possible (ALWAYS have the password requirement enabled). Enable collaboration with iTwin Multi and share within dedicated groups. What these benefits allow is significant hardware based encryption that you can confine to a specific period of time (device plugged into your computer) while needing no additional protection for any stored data on the device (there is none). Very easy and effective manner in which to increase your information defense posture.
Desired improvements – Remove the software install requirement thus removing the need administrator privileges.
Great looking device that backs up its looks with well implemented guts.
Get yours via Amazon or via Bestbuy (image below).