I’ve been looking around for a home for my 2U server, and the cheapest I can find something for is $150/month. For a box that just does my personal web and email services, I can’t see paying it out of pocket.
Maybe I just came of age during the dotcom era, where colocation was cheap.  Maybe I’m just crazy/old/curmudgeonly.

Anyway, consider this a call to the masses:  If you offer collocation in the DC area for a 2U server with minimal bandwidth uses for $50 or so per month, drop me an email. =)

• Omigod, I’m Part of a Botnet?!?!?!
• Turning Routers into Firewalls
• Targeted Spam
• Even Better Spam
• Life Behind “The Great Big NAT in the Sky”

I was downtown teaching at the City Club of Washington.  It was my favorite day of the series: Security Test and Evaluation and Risk Management (SPs 800-42, 800-53A, and 800-30).

Earl Crane of ISM-Community fame came jumped in at the last minute (I called him the day before) and gave a good hour worth of presentation on Google hacking and the government.

One thing about the Potomac Forum FISMA Fellows program that is very important to understand:  It’s only for government employees.  The only contractors present are the instructors.  That means two things:

1. We can teach at a very surprising level of depth because we’re not training our competitors.  It leaves the instructors with a bit of a bad aftertaste when you’ve trained somebody to “eat your lunch”.  By restricting the participants to government only, I can teach people exactly how I do things and give them examples to take home in a binder.
2. Students can talk about particular scenarios in their agency without worrying that the information will go anywhere that it’s not supposed to.  There isn’t any press allowed, and no contractors trying to profit from your misfortune (I’m the world’s worst salesman).

Notice the need in there?  Each government agency is siloed into their own little information security management world and there isn’t really a community of peers among the practitioners.  That’s the niche that the FISMA Fellows program is addressing.

Secretly (Maybe not so secretly because it’s now public knowledge), I love it when people come to my classes and then go back to their agency where they become the “this is how you do it right” gadfly.  From time to time I wonder how many people hate me, even though they haven’t met me, simply because I taught their employees how to be a royal PITA.  The smart ones don’t hate me–they keep sending more people to be trained.

• Speaking Again
• FISMA Fellows Spring Cohort
• NIST Framework for FISMA Dates Announced
• C&A Seminar in August, Instructor-to-Coolness Ratio Goes Up!
• C&A Seminar, October 15th and 16th

While nobody was looking (not even myself, but that’s a topic for another day), I squeezed in a new blog.  I’m now the Linux blogger for CSOOnline.  I’ll have at least one good post on security and Linux each week, and I figure that I’ll add in the content here somewhere.

• Save a Kitten, Write SCAP Content
• Guerilla CISO Tip: Get Inside the Data Center
• Backtrack 3 USB Slides
• FIPS and the Linux Kernel
• Sir Bruce Mentions FDCC, World Goes Nuts

Good things are afoot.  DISA has a SRR Lite CD that has all of the tools that you would need.

• Our “Peace Dividend”: DISA SRR Scripts
• My Inbox this Afternoon: Best Practices Checklist
• GSA Looking for a Few Good Tools
• Save a Kitten, Write SCAP Content
• Evolution of Penetration Testing: Part 1

It’s a USB stick that simulates a mouse and at regular intervals it jiggles the cursor.  This keeps the screensaver from coming on.  It’s pretty ingenious, and it effectively counters the GPO you pushed out to activate the screensaver after 15 minutes of inactivity.

I’ve seen it in computer magazines (Federal Computer Week) but it’s almost impossible to find a description on the Interweb.  I’m halfway thinking about forbidding this in a policy statement. =)

• Declan McCullagh and Anne Broache on “Will security firms detect police spyware?”
• A Day in the Life of the Feedmaster
• Security Automation Developers Conference Slides
• QR Code Temporary Tattoos Howto
• Realistic NSTIC

When you sit down and think about it, I have a really neat user community.  Since we’re an IT services company, all of the users on my back-end infrastructure are IT architects, engineers, or operations.  That means that they are all system administrators in one way or another.  My challenge is to keep track of all these sneaky people, which is different from the usual unskilled user community, where it’s a case of “you clicked on what link and now none of your applications work?”.

We used to have this very talented network administrator working in the NOC.  Not only did he know networks, but he was CISO-savvy.  When he wanted to change something on our core switches, we played a little game that went something like this:

Me: So what VLANs are you going to change?

J: I’m going to connect switch A to switch B and trunk over VLAN 25.

Me: So what is that VLAN used for?

J: It’s a NOC server VLAN.

Me: And what else is connected to switch B?

J: Some other switches.

Me: And what is connected to those switches?

J: Stuff.

Me:  And what would “stuff” entail?

J: Some routers.

Me: And what do those routers connect?

And we would go on like this for a couple of minutes until I felt comfortable with most what was going on.  The funny thing was that most of the time he was up-front with what he was doing, because he didn’t want to do anything bad, either.  It’s when he started to get non-detailed that I knew something was up.
Now the fun part of this is that I have 200 people like this to contend with.  It sounds worse to say it than it actually is, but it’s one of the threats that I live with.

• Omigod, I’m Part of a Botnet?!?!?!
• My Favorite Conspiracy Theory
• CISO Trick: Know the Hiding Places
• A Step Inside the Guerilla CISO’s Mind
• Lions, Tigers, and VLANs Oh MY!