Is shredding enough?

"You may feeling safe after tearing all those “secret” documents into tiny strips of paper using the shredding machine in the Office but wait, there’s a Windows software that can recreate the originals even from those torn noodle-like pieces." (LINK)

This application called Unshredder reconstructs the original document by analyzing the pieces of shredded paper.

I wonder if confetti cut paper could be reconstructed?

Swapping virtual servers to minimize external exposure

article: PC World, 22 June 2008, Limit Internet Attacks With Virtual Servers

"Carefully managed virtual servers can make the job of attackers more difficult by reducing the time that any one version of a server is exposed to the Internet, according to a George Mason University professor who has developed software that phases virtual servers in and out of use." (LINK)

Interesting concept of regularly replacing virtual servers to minimize the risk of server being online for extended periods. This would require someone probing the network to re-map their efforts continually.

The virtual servers could be rebuilt from images after being online handling transactions for just a short amount of time. Imagine trying to figure out what's happening on probed server that keeps changing OS and configuration every ten seconds.

"SCIT can further complicate the job of hackers by generating
replacement virtual servers that perform the same function from
different platforms. So the server being taken offline may have Linux
as an operating system and the one replacing it may have Windows. Or
one may be BIND DNS while the replacement is Microsoft DNS server. He
calls this strategy security by diversity." (LINK)

Link to George Mason University's page: SCIT: Self Cleansing Intrusion Tolerance

Can my employer take information off my home computer?

This is a question I've been posed several times. I am not an attorney, I am an IT professional. But I work with lots of legal representatives so I have to stay abreast of these topics areas.

This precedent jumped out to me as a relevant to this question.

"A District Court in Missouri became one of the first in the country to
employ the new inaccessibility analysis under Rule 26(b)(2)(B). Ameriwood v. Liberman,
2006 WL 3825291, 2006 U.S. Dist. LEXIS 93380 (E.D. Mo., Dec. 27, 2006).
The plaintiff in another trade secret theft case moved to compel the
defendants (former employees of plaintiff) to allow a complete mirror
image inspection of the hard drives on all of their computers,
including their home computers, and other portable storage devices
(like thumb drives)." (Link - e-Discovery Team, Employer Allowed To Mirror Employees’ Home Computers and Obtain Inaccessible ESI, 17 Feb 2007)

Bottom line? I don't use my personal computers to perform company tasks.

What about you? Do you do company work on personal computers? What about personal cell phones?

E-Discovery Conference - Zy-IMAGEnation Summit

Conference Title: 2008 ZyIMAGEnation Summit
Date: September 24-25, 2008
Location: Hotel Monaco in Alexandria, VA

"The theme of the conference is "Where Operational Efficiency Lives - The Confluence of Records Management, e-Discovery, and Knowledge Management." This two-day event will focus on practical, best-practice methodologies and solutions for managing an organization's accumulated knowledge, including records and e-mail management, e-discovery preparation and implementation, forms recognition, and workflow." (LINK)

Conference webpage: http://www.zyimagenation.com/

Akamai Report: The State of The Internet

Akamai has published their first 'State of the Internet' report. Good information from a company with a large global presence.

"During the first quarter, Akamai observed attack traffic originating
from 125 unique countries around the world. China and the United States were the two largest attack traffic sources, accounting for some 30% of this traffic in total. Akamai observed attack traffic targeted at 23 unique network ports. Many of the ports that saw the highest levels of attack traffic were targeted by worms, viruses, and bots that spread across the Internet several years ago. A number of major network “events” occurred during the first quarter that impacted millions of Internet users. Cable cuts in the Mediterranean Sea severed Internet connectivity between the Middle East and Europe, drastically slowing communications. Cogent’s de-peering of Telia impacted Internet communications for selected Internet users in the United States and Europe for a two-week period. A routing change by Pakistan Telecom that spread across the Internet essentially took YouTube, a popular Internet video sharing site, offline for several hours.

Akamai observed that from a global perspective, South Korea had the
highest measured levels of “high broadband” (>5 Mbps) connectivity.
In the United States, Delaware topped the list, with over 60% of connections to Akamai occurring at 5 Mbps or greater. At the other end of the bandwidth spectrum, Rwanda and the Solomon Islands topped the list of slowest countries, with 95% or more of the connections to Akamai from both countries occurring at below 256 Kbps. In the United States, Washington State and Virginia turned in the highest percentages of sub-256 Kbps connections. However, in contrast to the international measurements, these states only saw 21% and 18% of connections below 256 Kbps respectively." (LINK)

Download the full report HERE.

Information Security Links

Products

• DeviceWall - "Endpoint USB Security Solution with Encryption and full Removable Media Device Control"

Resources

Posts from this blog

• stevewatson.net, information security posts

E-Discovery Links

Reference

• The Electronic Discovery Reference Model (EDRM) - "Establishing guidelines. Setting standards."
• EDRM Wiki (pictures)

Blogs

• Electronic Discovery Law.com

Legislation

• Federal Rules of Civil Procedure, Cornell Law School page
• Federal Rules of Civil Procedure, Wikipedia page
• Current Listing of States That Have Enacted E-Discovery Rules, Electronic Discovery Law.com

Cases/Precidents

• K&L Gates, Electronic Discovery Case Database

Posts from this blog

• stevewatson.net, e-discovery posts