Excerpted from Global Knowledge White Paper: Security on a Budget

Security is expensive. Many organizations struggle to deploy sufficient security defenses on a shoestring budget. No security defense is perfect, and you often get what you pay for. However, just because something is expensive does not mean it is great; likewise, just because something is cheap or free does not mean it is worthless. With these suggestions, you may be able to improve your security without breaking the IT budget.

Use What You Have

Most security can be summed up with only a few key components, namely: firewall, IDS, anti-malware, authentication, authorization, and auditing. Once these are appropriately addressed, there is often little need for significant additional or specialized components for most organizations. Just like many consumers, we in IT have fallen prey to the notion that buying something new is the way to fix or smooth over a problem. All too commonly, we have a sufficient security solution already on hand if we modify, tune, or configure it properly.

Leverage Your Knowledge Base

If your staff is already knowledgeable about a product, product line, operating system, etc., then it is often in your best interest to select a new product that will fall within their existing areas of expertise. This allows the security staff to become fully versed on the new product quicker; shorten the installation, tuning and testing phases; and get your new defenses rolled out quickly and with solid results.

Consider the Use of Open Source Solutions

Open source is not the only solution, nor is it always the right one either. But it is often overlooked or at least not properly considered. When looking for a new solution to a security problem, especially before purchasing a new commercial product, you should explore the open source options. From operating systems to malware scanning, the open source community has many amazing products that often rival their commercial competition.

Re-Purpose Old Hardware

As your company expands, you need new equipment. In many cases, previous years’ desktop or server computers can be re-purposed for a variety of uses. Most hardware manufactured in the last five years can be redeployed as highly functional client or server systems. Primarily, the solutions I’m alluding to are variations on the Linux platform. You can find an amazing variety of open source Linux builds that take “obsolete” hardware and transform it into powerful systems serving as clients, file servers, routers, SAN/NAS servers, Web servers, firewalls, and more.

Hire Interns Instead of Professionals

When it becomes time to increase staff, look into hiring interns or fresh-out-of-college workers who are looking to get started in an IT career. Obviously, if you fill a position that requires high levels of expertise or experience, you can’t just hire anyone with a heartbeat. However, you may be able to promote from within and subsequently fill the lower, vacant positions with new personnel eager to get started but who may need a bit of training and guidance.

Review Your Policies

Most of the benefits of saving money on security are done as a long-term, consistent security management process. Another area where this notion applies is the organization’s security policy. It should be a yearly activity to review the security policy. You may find that the policies themselves prescribe processes or solutions that are overly expensive. You should evaluate each element of prescribed security as to its cost/benefit versus its actual expenditure.

Re-Assess Your Threats

In addition to a regular review of your security policy, you should also re-perform a risk assessment on a yearly basis. You should recall that the basic steps of risk assessment are: inventory assets, inventory threats, then evaluate costs and risks. By re-performing this process, you may be able to determine whether a risk identified in the past is still present or whether a new threat has appeared that needs to be addressed.

Cut Out the Fluff

Re-evaluate each component of your security policy and deployed security infrastructure. Any element that is showy or flashy is likely suspect of being of little substance. If the security product is easily fooled, bypasses, or ignored, then it is a solid candidate for disposal.

Spend Money to Save Money

Often, when it comes to security, spending money properly now will save money later. The logic is as follows: if there is a real threat and you fail to defend against it, when the risk is realized and loss occurs, the loss will often cost the organization more than the defense would have cost. Thus, once you have identified real threats that are likely to occur, you will save money by implementing the proper security defenses before the breach.

Use Public Resources

Deploying and maintaining security is often an expensive business task. However, there are ways of keeping those costs under control, especially in the area of configuration and troubleshooting. The Internet has made an astounding amount of knowledge available at one’s fingertips. Just about any topic, especially related to computers, networking, and security, is freely available for anyone to access. The next time your staff needs access to specific information that is perceived to be accessed only through a paid consultant or pay-as-you-go technical support, look into free public resources.

Consider Outsourcing

Not every aspect of your company’s IT or security has to be performed by your own staff. There may be some circumstances where outsourcing to a service company or consulting group is less expensive than doing it yourself. From staffing, to training, to equipment, to licensing, often, outsourced solutions provide high-quality services at a lower price than you could provide for yourself.

Evaluate Your Insurance Options

Another aspect of security that many IT workers overlook is insurance. One type of insurance to consider is that of hacker or malware insurance. A few insurance companies are beginning to offer this type of specialized IT security insurance. However, be aware that insurance companies are not in the business to pay claims — they are in the business of collecting premiums. So, you may find that the offered options for hacker or malware insurance are not favorable enough for the expense.

Security Is Not Just IT

Security is not just a computer issue. Security is a business issue. Businesses need to see security as an essential part of their organization. This idea is important, because any breach at any location throughout the organization can result in severe damage to the company as a whole, as well as the IT infrastructure.

Security Cost Is Not Just Purchase Price

The purchase price of a new security component is not the only factor that should be addressed when evaluating security costs. In fact, often the purchase or licensing fee of a product is small in comparison to other costs of maintaining security over time. You should take into consideration the expense of training administrators to install, configure, manage, maintain, and troubleshoot a product over its lifetime.

Improve Security While Reducing Costs with Training

Yet another way to stretch your IT and security budget is to spend it wisely on training. By improving the knowledge and skill base of your existing staff, you directly improve your organization’s internal ability to handle its own security issues.

Security is expensive, but not having security is even more expensive. Preventing damage from malicious attackers, stopping the infestation of malware, and preventing theft and fraud is not cheap. But failing to erect adequate protections for your organization’s level of known threat is not a cost-saving measure; it is simply a deferment of the cost until a later date. Often, that date arrives sooner than expected, and the bill is much higher than imagined. Saving money on security is about making sound decisions on the right products that provide the best security for their cost.

Some time back I posted an article regarding the use of ASDM Demo Mode. To briefly summarize, I highlighted two main advantages to its use:

1. Being able to explore the features of the ASA GUI without involving a real “live” production appliance — and —
2. Helping the student prepare for a certification exam by practicing the interface.

As is frequently the case these days, a student of mine this past summer pointed out a valuable feature of this demo mode worth sharing, which is the subject of this post.

To recap a previous post, installation of ASDM Demo mode requires the download of the .msi file from the Cisco Software Center with “demo” in the file name. Once I did this, I encountered a “snag” with trying to have multiple versions “coexist”. Somewhere between ASDM Demo versions 6.2 and 6.3, the software execution changed to the point that I was not able to incrementally install new versions without “wiping out” the old. The solution to this was as simple as merely maintaining the folders contained in the path C:\Program Files\Cisco Systems\ASDM\demo; these are labeled as shown in this screenshot:

Within these folders are subfolders containing the individual configuration scenario templates worth examining; for my test implementation I chose SSL_VPN_IPSec, which is the bottom-most folder shown below:

The final “folder” screenshot shows the area of interest, a file with the name config. What I needed to do to make this work was to do a “cut and paste” of an ASA configuration into NotePad and then save the result. Special care needs to be taken to ensure that Windows Explorer does NOT see this file as a Text File (i.e. it should truly be a file named “config” vs “config.txt”)!

If special care was taken to observe the preceding procedure, a working ASDM representation of your configuration should result:

The above screenshot is just a small fraction of what was imported into ASDM; other photos could have been taken of access-lists, object-groups, and other configuration elements, all of which were understood by the ASDM demo software. Not only can this “configuration replacement” be done but also new folders can be created with your own naming conventions. These will appear as additional choices in the ASDM Demo launch screen. The possibilities here should be encouraging to anyone wishing to examine the ASDM GUI representation of their configuration(s) offline.

Related Courses
ASA Training

1. Certificate mapping
2. Group alias
3. Group URL
4. Cannot be done

The correct answers are 1 and 2.

Every VPN user needs to be associated with a connection profile in order for the ASA to determine which set of policies to apply to the connection. If certificate based authentication is in use, the a certificate to connection profile mapping can be used. Otherwise and alias can be displayed to the user at logon to allow for selection of the appropriate profile.

Related Courses:
ASAE — ASA Essentials
FIREWALL — Deploying Cisco ASA Firewall Solutions
VPN — Deploying Cisco ASA VPN Solutions
CCNP Security — Cisco Certified Network Professional Security

If you’re not familiar with Penn and Teller, they can best be described as “magicians” or stage performers that conduct a glitzy Vegas magic show but in a way that exposes the audience to the truth about magic. 

That truth is that there is no “magic”. Penn and Teller are very clear that their show is built from a series of consistent and repeatable activities that they practice until they become second nature. Another thing that was clearly mentioned in the show was that they are very focused on continual improvement and will walk through their processes countless times to identify subtle changes that often dramatically improve the outputs produced.

That sounds familiar.  

Isn’t a process a series of activities that produces some result? When an organization practices a process through training, don’t they become better at that process until the focus shifts to the value that the process produces rather than the steps in the process? When an organization makes subtle changes to processes, do they often see significant results?

The answer to all of these questions is yes. Through training, practice, and a focus on continual improvement, organizations increase the value that they deliver through their processes.

By focusing on the “outputs” of their processes, Penn and Teller demonstrated a focus on value. The value in a magic show comes in being deceived in a controlled situation. If they did not practice and continually improve their routine, the value would be impaired. In other words, as an audience member I might see the routine steps behind their act, and if I did, I wouldn’t necessarily focus on the value produced by the act. If they weren’t focused on producing that value that the audience enjoys, they’d quickly go out of business.

Service providers face the same thing. We want our customers to focus on and enjoy the value of the process. When we deliver impaired value, we tend to invite our customers to be more involved in the behind the scenes details of the process. This takes them away from what is really important, which is achieving business outcomes.

When I attended the Penn and Teller show the business outcome I wanted was to be entertained. I was. It was a great show, and I recommend it to anyone. However, if their processes were not as efficient and as effective as they are, that value would have been impaired, which in turn might have sacrificed some or all of my overall business outcome. Penn and Teller were only able to offer a service that contributed to my desired business outcome by doing two things: responding to my preferences and managing perceptions and doing this in a predictable and repeatable manner, which ITIL discusses at length.

To answer the question that this post poses, just as there is no “magic” in a Vegas magic show, there is no “magic” in a process. The only magic in a process originates from repeatedly executing the process and improving it over time.

Phase III: Configure

Now for the fun part of the project: configuring it for actual operation. The “real” configuration tasks will be reserved for lab exercises, but some initial setup helps things run more smoothly. The tasks involved are as follows:

Step 1: Frame-Relay Switch Configuration

I have used a variety of different devices over the years for this function, from a Cisco 7010 (huge power-sucking heat generator) to the NM-8A/S module in my current lab environment. The module is a much better approach because it accomplishes the same thing while using existing hardware real estate. The only drawback is that the interfaces are lower speed (128K typically), but in a lab environment that is not problematic.

Remember for the interface naming conventions on Cisco routers, namely slot/port, and with modules the slot is usually going to be 1/X. Assuming use of the module in the parts list, the interfaces are as follows:

• Serial 1/0
• Serial 1/1
• Serial 1/2
• Serial 1/3

Configuration is fairly straightforward. You have to supply frame-relay Data Link Connection Identifiers (DLCI, the Layer 2 addresses in frame-relay) and a few other settings. For the sake of simplicity assume that Router 1 is connected to S1/0, Router 2 is connected to S1/1, and so forth.

The first step is to enable the router to perform frame-relay switching, which is configured in global configuration mode using the frame-relay switching command.  The configuration for the first port would be as follows, with annotations explaining the significance of the commands:

The concept here is simple: the router on the other end of the cable (DTE side) sends traffic tagged with one of the DLCI values (e.g., 102, 103, 104), then sends it out the interface with a new DLCI number (e.g., 201, 301, 401), and it arrives on the DTE port of the destination router.  This is basically the same logic used by service providers with enormous switches. You can do the same type of thing with ATM or MPLS configured ports, but for ATM you need specific interface types. Following this, you need to configure the rest of the ports to perform the same type of switching tasks.

Step 2: Create Basic Template Configurations

I recommend one final task just to make things easier when you want to erase configurations and start over when you start a new set of lab tasks. Create a set of basic parameters that you will use at the start of most every lab and that will remain constant. Here are the ones that I recommend:

1. Hostname — I prefer to use a single letter which describes the device: R for router, S for switch, F for firewall, etc.. Following that is a numerical value that just describes where the device sits in the topology. Sometimes I include a model number so I know the capabilities of the device. For instance, if the first router in the lab pod is a 2620, I would make the hostname R1-2620.
2. Device access — The device access ports probably will not change substantially, so setting the parameters is a good idea. Usually you only need console or telnet/SSH access but setting the AUX settings for routers is a good idea as well. Basic settings for each are suggested as follows:
   

   line con 0	Console Port
   privilege level  15	Enters privileged mode right away
   password xxxxx	Specifies a password when needed
   No login	Logs you in directly without intervention
   line aux 0	Auxiliary (modem) Port
   password xxxxx	Specifies a password to access the system
   transport input all	Allows any protocol for access (telnet, etc.)
   login	Requires a login process for access
   line vty 0	Virtual Terminal Port (remote access)
   password xxxxx	Specifies a password to access the system
   transport input all	Allows any protocol for access (telnet, etc.)
   login	Requires a login process for access

3. LAN Settings — Most routers that you use in a lab have the capability of supporting VLAN trunking on LAN interfaces. That being the case, set the encapsulation type on the switch(es) to trunking encapsulation right off the bat, and don’t change it.
4. WAN Settings — Serial interfaces on Cisco routers default to HDLC encapsulation, so make certain that you set the ports to frame-relay encapsulation. That way, the interfaces will be up/up when you start off, and you will not have to waste time troubleshooting issues that really are not issues
5. Device Defaults — A few settings are helpful on routers and switches simply so you do not have to deal with ongoing irritating issues. A big help is to disable DNS lookups when you mistype a command, which is the no ip domain-lookup command in global configuration mode. Setting the time zone helps also.

To keep your template configurations readily available, copy them to flash memory using the copy running-config flash: command. When you are done with a lab exercise, you can issue the write erase command and reboot. Once the device completed the boot process, issue the copy flash:<filename> running-config command and then reload the configuration.

There are many other tips and tricks to creating great lab environments which I hope to share in the future!

Data can be classified as structured or unstructured based on how it is stored and managed. Structured data is organized in rows and columns in a rigidly defined format so that applications can retrieve and process it efficiently. Structured data is typically stored using a database management system (DBMS).

Data is unstructured if its elements cannot be stored in rows and columns and is therefore difficult to query and retrieve by business applications. For example, customer contacts may be stored in various forms such as sticky notes, e-mail messages, business cards, or even digital format files such as .doc, .txt, and .pdf. Due to its unstructured nature, customer contact data is difficult to retrieve using a customer relationship management application. Unstructured data may not have the required components to identify itself uniquely for any type of processing or interpretation. Businesses are primarily concerned with managing unstructured data because over 80% of enterprise data is unstructured and requires significant storage space and effort to manage.

Businesses analyze raw data in order to identify meaningful trends. On the basis of these trends, a company can plan or modify its strategy. For example, a retailer identifies customers’ preferred products and brand names by analyzing their purchase patterns and maintaining an inventory of those products.

Effective data analysis not only extends its benefits to existing businesses, but also creates the potential for new business opportunities by using the information in creative ways. Consider a job portal as an example. In order to reach a wider set of prospective employers, job seekers post their résumés on various websites offering job search facilities. These websites collect the résumés and post them on centrally accessible locations for prospective employers. In addition, companies post available positions on job search sites. Job-matching software matches keywords from résumés to keywords in job postings. In this manner, the job search engine uses data and turns it into information for employers and job seekers.

Because information is critical to the success of a business, there is an ever present concern about its availability and protection. Legal, regulatory, and contractual obligations regarding the availability and protection of data only add to these concerns. Outages in key industries, such as financial services, telecommunications, manufacturing, retail, and energy cost millions of U.S. dollars per hour.

Adapted and Excerpted from EMC’s Information Storage and Management: Storing, Managing, and Protecting Digital Information (pdf) an excerpt of which is available online. Or you can buy the complete edition here.

Provide Your Perspective in the 6^th Annual Global Study on Information Storage and Management Trends and Challenges

EMC is continuing its initiative to carry out annual research into the challenges facing the storage industry resulting from unprecedented information growth and emerging technologies such as storage virtualization, cloud computing, and big data analytics. We invite you to participate in this important survey which will identify how managers and individual professionals are responding to these challenges and help them with their planning for 2012–13 and beyond.

As a thank you for your insight and participation, the first 1000 respondents to complete the survey will receive a 2012 wall calendar (please allow 4 – 6 weeks for delivery).

1. A group that provides support for a finance application
2. A group that supports the IT infrastructure
3. A group that is a single point of contact for all user and customer requests
4. A group that supports the physical data center environment

The correct answer is 1.

A group that supports a specific product or application is an example of an Application Management function.

Related Courses
ITIL Foundation
ITIL Service Catalog

There are built in tests in the System Manager that allow you to run tests on fourteen different areas, including Session Manager. But what do you do with the results when you get them?

I am going to outline six of the most common problems and solutions when installing and implementing System and Session Manager and what steps you can take to troubleshoot and correct the problem.

1. Symptom: Session or System Manager tests fail hostname resolution.
   Remedy: Putty to Session Manager and log in using craft/craft01
   then, su – sroot/sroot01. Or System Manager, log in using admin/admin
   then su – root/root01 Type in cd /etc, then press enter. Type more hosts and verify the hosts table has an entry for both Session Manager and System Manager. If an entry is missing, from the location you are currently at,type vi hosts. This will bring you into edit mode for the hosts table. Position your cursor at the end of the existing entry, then press I for insert mode. Hit enter to begin a new line in the Hosts file and enter the missing entry. Upon completion of the entry. Press escape and then Type :wq! To write the file and exit the table. Go back to System Manager and run your tests from the Session Manager dashboard to verify tests will now Pass.
2. Symptom: Session Manager Security Module wont come up
   Remedy: Putty to Session Manager and log in using craft/craft01
   Then, su – sroot/sroot01. Type ifconfig >text, then type in more text and verify that ETH2 or ETH3 is set with the SIP Entity address (.xxx). If there is no entry, then type ifconfig eth2/3 xxx.xxx.xxx.xxx(IP Address) netmask xxx.xxx.xxx.xxx up, then enter. Go back to System Manager and verify the security module is up and operating at the  Session Manager Dashboard level.
3. Symptom: Calls will not route through Session Manager
   Remedy: Verify SIP ETH is up and running using the above steps.
4. Symptom: Entity Links show down or none at all
   Remedy: Verify date in Session Manager and System Manager(*).
   Type in Date at the CLI through Putty. Correct date by logging into Session or System Manager and then   typing in date –set=”12 JULY 2011 13:00:00”(Date/Time)
5. Symptom: Entity Links show down or none at all
   Remedy: Putty into Session Manager using craft/craft01, then su – sroot/sroot01. Type in initDRS to allow database replication to occur. Verify Links are up through System Manager Session Manager dashboard.
6. Symptom: Trust Management failed
   Remedy: Log into System Manager, then go to Security,Certificates, Enrollment Password and verify password is still active and valid. Next putty into Session Manager using craft/craft01, then su – sroot/sroot01 type in initTM to establish Trust Management.

Now keep in mind that these are the most commonly occurring faults you will encounter during an Install or Upgrade to your System and Session Manager. Other troubles can occur, but using this information will help you in your implementation of the Avaya System and Session Manager.

Related Courses
System Manager Administration (5U00080)
Session Manager Administration (5U00081)
Session Manager and System Manager Administration Boot Camp (5U00082)

• Management must enforce key personnel controls that deal with hiring, managing, and terminating personnel. These controls reduce information leaks or theft from careless employees whose online habits open the door to hackers or rogue employees who try to sabotage the company when they’re terminated.
• The need for controls: Controls can be preventive, detective, and corrective. Layering controls helps a company build defense in depth through an increase in cybersecurity and information protection.
• Get your employees involved. Keeping employees involved in security can help strengthen and reinforce best practices. Employees should also complete periodic security training and awareness so that they know the latest scams and risks and how to avoid them like phishing schemes in emails or malware links in social media.
• Have a third party assess your security controls. It’s good idea to have someone review your network from the outside-in and start to consider how a hacker would see your network.

Check out this article for more tips on the protection against insider attackers.

Recently we made a blog post that gave a count of the processes described by ITIL 2011. We expected that post to potentially be controversial. We weren’t disappointed.

A comment was made via Twitter. It said, ”@GKonITIL: ITIL 2011: How Many Processes? http://ow.ly/8qxXF #itil 26 + 2 — 2 = 26 but FM has 3 subprocesses, and COM has 4. I’m lost…”

First, I don’t know what “COM” means in the message, but it’s not important for this discussion. Second, although I’ve heard a number of people say it exists, I don’t see where in the strategy book it indicates that the financial management process has three sub-processes. It’s kind of like bigfoot in that regard; I’ve heard many people claim they’ve seen it, but it’s nowhere to be found. In fact, in only one case in the description of the financial management activities is the word “sub-process” mentioned, and that’s on page 239 of the Service Strategy book when it indicates that billing is a sub-process of charging.

If I wanted to I could get lost in a discussion about a sea of subordinate sub-processes. Rather than do that, I’m going to thank the ITIL 2011 authors for what they did in section 4 of the ITIL 2011 edition books. The authors were wise enough to clearly indicate what is a process by enumerating and describing it in section 4.

Section 4 of each core book in the ITIL 2011 Edition covers the processes described in that book, and by virtue of organization, the processes within that stage of the lifecycle. While sub-processes may be a useful boundary that the ITIL 2011 Edition authors sometimes use (most notably in capacity management), it is clear that sub-processes are part of the mechanism of a greater overall process.

In other words, no reading of the book indicates that sub-processes are somehow equal to processes. In fact, the term “sub-process” is not even an explicitly defined term, and it’s definitely not implicitly defined as “equal to a process”.