Monthly Archives: January 2014

Enterprise Security – A Data Centric Approach – Chapters 7 & 8

28 Tuesday Jan 2014

Posted by in Book Reviews, Books, General, Packt

2 Comments

Tags

, , , , , , , , ,

Chapters 7 and 8 of the book in many respects are the polar opposites in their nature, with Chapter 7 looking at Wireless networks in the Enterprise and technicalities of different encryption frameworks, authentication and authorization.  Then at the other end is chapter 8 facing into the difficulties of social engineering – the approach of using people’s own nature to divulge sensitive information.  Probably one of the most famous people for this sort of thing is Kevin Mitnick and to acts of social engineering are will illustrated in the influential book  Bruce Stirling’s Hacker Crackdown.

Although Chapter 7 is addressing an area many would view as the dark art of wireless network setup; it is well explained and actually worth reading by anyone who would like to better understand their own home wireless network as lot of the information (not all) is relevant even in that context. For example the benefit of supressing the visibility of the Network ID (SSID) doesn’t make the network invisible – it simply makes it harder to spot as any device such as smart phone will call out yo the network to see if it is present and this information can be picked up just as easily if you know what you’re doing.

Drilling into the social engineering aspect, the book looks at the more obvious and perhaps brute force models such as spam to increasingly subtle takes such using social media communications through the likes of linkedin to send emails loaded with malware and see the end user open them. For example pretending to be an agent with a job offer who has found you via LinkedIn. But beyond that, the amount of information being made available via social sites as it can be a means to establish a organisations’ IT fingerprint and therefore suggest the best routes to attacking IT.  The chapter addresses training, and the pros and cons of different approaches, plus mitigation strategies for the different attack strategies.

Previous blog entries:

There is also a supporting website for the book athttp://www.datacentricsec.com/
Enterprise Security - A Data Centric Approach

Gaps in Oracle’s Cloud Cover? An Update

21 Tuesday Jan 2014

Posted by in Oracle, Technology

Leave a comment

Tags

, , , ,

So having written my blog entry Gaps in Oracle’s Cloud Cover? to things have popped up on my radar.  Firstly a message via LinkedIn from epmvirtual.com indicating that they could potentially assist (although EPM’s site only currently offer solutions around Hyperion online); and then the news item of Oracle and Verizon offering SOA in the cloud which reports that Verizon’s cloud solution (currently in Beta) offers SOA middleware cloud instances that can be rented by the hour (with bring your own license or rent license as well).  Verizon’s own announcement can be read here.   Bottomline – Verizon have beaten Oracle to the punch of offering Oracle’s own middleware in the cloud.  We’ll write more when there is something to share.

Amazing Documentary on Photo Journalism – Both Uplifting & Tragic

20 Monday Jan 2014

Posted by in Photography

Leave a comment

Tags

, , , , , ,

I got to watch Cathy Pearson’s tremendous documentary on Photo Journalism called Get The Picture.  The documentary’s central narrative is around the life of the Picture Editor John G Morris.  The documentary open with John explaining  what his role as a Photo Editor was – essentially the guy who commissions photographers, and then chooses the appropriate photos to be used in a publication.  This in itself doesn’t sound remarkable until you consider both the publications he has worked for – Life, New York Times, Washington Post and the National Geographic, that’s before you even take into account the his association with the Magnum group.  John came to prominence as a Photo Editor during the second world war, and has been involved with Photo Journalism ever since, working with photographers such as Robert Capa, Henri Cartier Bresson and Werner Bischof and his relationship with these photographers and others also contributed to John’s importance. The relationships weren’t simple employer/employee but relationships grounded on mutual respect and trust and as often as not a common set of goals and values in photo journalism – get the truth out to the public of what is happening and let the picture tell its own story.

The documentary from time to time detours to look at important aspects of photo journalism, particularly the work done in conflicts by journalists – reflecting on what motivates these people to go into such dangerous circumstances, the changing conditions – until the 90s journalists where left alone as the protagonists in a conflict saw journalists as means to get their side of a conflict told and now are as much a target as anyone else because they can show the brutalities of conflict and realities of the acts committed. So you can see why I say tragic, but why uplifting?  We John has ben widowed 3 times, but managed to move on and not only find love again but embrace life, and fully appreciate what he has, something that really comes across.

If you have even a passing interest in photography, or world events – this is a very worthwhile documentary to watch. Sadly, not nominated in the Oscar’s Best Documentary Feature category this year – which is a shame as it punches a lot more effective than notable winners such as An Inconvenient Truth. On the happier side it does have some other successes.

For more information:

Robert Capa's Most Famous Photo

Robert Capa’s Most Famous Photo

Vietname Execution

Vietnam Execution

W. Eugene Smith

Henri Cartier Bresson in Russia

Henri Cartier Bresson in Russia

 

 

Gaps in Oracle’s Cloud Cover?

20 Monday Jan 2014

Posted by in General, Oracle

2 Comments

Tags

, , , , , , ,

As an Enterprise Integration Architect I need to get my hands dirty with products such as Oracle’s SOA suite and AIA Foundation Pack.  In the past, I’ve dealt with this by talking with our infrastructure team – obtaining a VM or a laptop with sufficient guts to host SOA Suite (and it doesn’t have a small footprint).  This is all well and fine, but means I have to lug a big old laptop (our current standard laptop spec’s are lovely light machines with SSD’s but just don’t pack the punch for SOA Suite when it comes to memory) or have to leap through a series of security steps to get remote access – again not a problem unless I want to share my skunk works with someone outside the organisation.  Nor, do I really want to invest chunks of time building a SOA Suite environment to work with – I don’t do it enough to be able to throw these things together quickly.  Even Oracle recognise that with the support for a prebuilt VirtualBox with SOA Suite and BPM. The only problem with VirtualBox is I’ve saved on the build time, but still need that heavy laptop or remote access.

Oracle Cloud Java

With the rise of the cloud, particularly Oracle’s big push (announcements at Open World 2013), Amazon offering small footprint dev platforms more or less for free I thought we’d be able to get a PaaS deployment of SOA Suite – after all Oracle offer a range of Fusion Apps in the cloud (built on top of SOA Suite technologies), have launched development of Java and ADF solutions in their cloud and even offer Weblogic on Microsoft’s Azure.  How I wrong could I have been.  So I started looking around, perhaps someone has an AMI ready to go – well sort of if I want 10g.  So I’ve dug around, and found the odd provider who could deliver what was needed (e.g. Titan GS) but we’re talking big bucks – not a low cost dev/skunk works environment.  

This is very surprising really, and sort of ironic, given Oracle’s recent announcement for SaaS Adapters for the likes of SalesForce and WorkDay along with convenience tooling to connect to Oracle Cloud solutions such as HCM.  I say ironic, because to use the cloud adapters you can’t have a SaaS middleware; in fact the whitepaper Oracle published on Simplifying Cloud Integration infers/assumes that you’d be hosting your own middleware.  So if a midsized business has Has HCM, Taleo etc for their staffing management, SalesForce for the Sales/CRM operations and perhaps EBis or JD Edwards to move your business into the cloud you have to either go IaaS and carry the labour of maintaining the middleware platform or self host (one of the things the adoption of SaaS is trying to free you from).

All of this seems to be a really missed opportunity for Oracle.  If the oracle wants to host the world (and I think Larry Ellison would like that) and definitely get into that midmarket sector that JDEwards particularly tries to inhabit they need to make it easy for businesses to cloud all aspects of their IT solution, that includes orchestrating specialist solutions that will be hosted by someone other than Oracle (shock, horror). All of which means SOA Suite (and ideally AIA) need to be in the cloud.

As for my problem, its either the pain of building something on Amazon or setting up several copies of the VirtualBox deployment linked to a common GIT repository, and hope those I would like to collaborate with can also get their hands on the virtualbox and connect to GIT.

Enterprise Security – A Data Centric Approach – Chapters 5 & 6

17 Friday Jan 2014

Posted by in Book Reviews, Books, General, Packt, Technology

3 Comments

Tags

, ,

Continuing with Enterprise Security: A Data-Centric Approach to Securing the Enterprise by Aaron Woody Chapter 5 gest into some of the security processes and technologies to securing you compute platforms covering topics such as:

  • anti-virus (or not),
  • network lock down through the use of local firewalls built into the OS (so people can’t then just access the server by any means they desire SSH, RDP, telnet etc)
  • user permissions
  • auditing (so you can see what is happening/happened and by whom)
  • detection of file change in parts of the system that shouldn’t change except through specific mechanisms e.g. OS files should only change when patching the OS

But more importantly the chapter links these kinds of activities to the analysis of risk and previously developed trust models. So that you can understand how much security is suitable and justifiable.  The ideas along with the pros and cons of each activity are well explained and clearly presented.

Chapter 6 takes us back to central theme of the book – data.  With our policies and models identified we need to locate the data – this is harder than it may sound, not everything is in a database (the amount of business operation that runs on spreadsheets on people’s desktops, is endlessly amazing and then compounded by how we make the data collaborative – emailing, moving with personal USB storage, cloud services and on and on). To help find, track and potentially constrain it  (prevent undue leakage) the book walks through the ideas of classification and ownership/accountability and then really starts to tie together the earlier chapters, as well as introduce some additional technology concepts such as the encryption of data when in transit and at rest. Like chapter 5, you don’t need a PhD to understand where to apply security and why – the doing maybe a different kettle of fish of course.

Previous blog entries:

There is also a supporting website for the book athttp://www.datacentricsec.com/
Enterprise Security - A Data Centric Approach

Ed Harcourt – Time Of Dust

09 Thursday Jan 2014

Posted by in Music, Music Reviews

Leave a comment

Tags

, , , ,

So we’re not even 2 weeks into 2014 and its time to get excited about a new album release. Ed’s latest is more of a mini album available now as a download and physical media at the end of month.

Unlike the more acoustic work of late, this release takes the piano lead performance to but leverages rich orchestral and synth layers giving a more of widescreen drama.

The widescreen drama coupled with some really amazing lyrics from the horrors of war (Parliament of Rooks) “we were only doing what the captain said, we all went down with the ship” to the safest of love songs “love is like a minor key, a jaded weeping willow tree, it hooks its claws until blood is drawn“.

Finally a bonus of Kathryn Williams on backing vocals you really can’t go wrong with your £3.49 on iTunes or £8 on Amazon for the CD and immediate auto rip download.

Ed, we want more….. Play it again Sam

Ed’s site – http://edharcourt.com/

Vinyl Junkies – Adventures In Record Collecting A Review

09 Thursday Jan 2014

Posted by in Book Reviews, Books, Music

1 Comment

Tags

, , , , , , , , ,

So I’ve been luxuriating in reading some books more for the pleasure of it (rather than technical stuff to help authors or the day job).  This book is about, record collectors, the act of record collecting and the general love for music both mainstream, obscure and just down right freaky. For the music fan this is Mills & Boon reading.  For those related or taken on the challenge of a partner who is a record collector an insight into the mind of your loved one.

The books tries to explain the passion of collecting from many different perspectives, through the eyes of collectors (some famous – like Peter Buck (of REM fame), Robert Crumb (cartoonist) and Thurston Moore (Sonic Youth), others not so famous but equally obsessed. From a psychologist point of view – clinical (relationship to low sertraline) to psychotherapy.  As a result we get discussions about the sensuality of vinyl and wonderful quotes like “CDs are like sex with a condom”.

We explore the kinds of collecting that go on – from types of records – old pre-war 78s, 1st issues of records, special prints like shaped coloured vinyl, those quickly taken out of circulation through to records that just seem to be rare and then the plain odd like albums commissioned by Listerine (the mouthwash) advocating the product’s wonders to people thinking they’re going to make it big putting out just tuneless oddities, to the child like contributions like Sammy Squirrel Teaches the Multiplication Tables (Which apparently has a publisher’s address on the cover of The Metaphysical Motivational institute, Drawer 400, Ruidoso, NM) and psychotic wonders such  as “Sit on My Face, Stevie Nicks” by the Rotters and Naughty Rock ‘n’ Roll by the P-Verts or maybe various artists on the Sugar Tits Label.

As the book progresses we get a chance to be taken on an exploration of the validity of the portrayal of collector/obsessive music fan portrayed in Nick Hornby’s book High Fidelity by the character Rob Gordon (portrayed by John Cusack in Stephen Frears‘ cinematic adaptation);  music collectors are geeky single men that can’t sustain a relationship etc.

The book is however 10 years old – and sadly doesn’t reflect how the rise in Mp3s has impacted.  As everything get ripped and becomes for ever available (legally or illegally) on the web, what is happening to the passion of the hunt for the mysterious, weird and rare?  Who knows, but its fun hearing the stories.

Vinyl Junkies

Enterprise Security – A Data Centric Approach – Chapter 4

01 Wednesday Jan 2014

Posted by in Books, General, Technology

3 Comments

Tags

, , , , , , ,

Continuing into a chapter 4 of
Enterprise Security: A Data-Centric Approach to Securing the Enterprise by Aaron Woody we start to look at some technical aspects of security and technology covering things like the capabilities of new generation of firewalls, DNS security and so on. The information is presented in a very readable manner.

As an Enterprise Technology Architect, and having security specialist friends I thought I was reasonably well informed in this aspect of IT, but the book still taught me me things. Interestingly, perhaps not intended but the chapter left me with a number of things that could be incorporated into development governance that would make the work of network security a lot easier.

The chapter continues with lots of really helpful references many, maybe all are incorporated into a series of appendices that are full of helpful information references and links. If these are made available on the book’s website (see below) it would likely become a must go to site for security resources.

It does leave me asking one question how does this all fit in when using a PaaS solution such as those offered by the likes of Amazon and Rackspace?

Previous blog entries:

The book has been published by Packt (who at the time of writing are running a promotion – more here)

There is also a supporting website for the book at http://www.datacentricsec.com/
Enterprise Security - A Data Centric Approach