Saturday, December 3, 2016

A concern for decentralisation ... and shadow IT

I read with interest about the article "Confirmed: Cloud no longer purchased or managed just by IT" from ComputerWorld Malaysia.

It just shows a concern I have about the growth of shadow IT , and IT dept decentralisation.

When I say shadow IT, I mean that certain IT related roles & jobs (IT services , IT systems setup & deployment, data storage , etc) are being taken & done by individual departments, without IT department consultation or knowledge.

When I say decentralisation, I mean that certain departments are taking the role of running certain systems ( example : cloud based applications, online ERP system , online office productivity & collaboraiton solutions ) from the IT department , thus decentralizing IT services.

Why the concern? The concern is simple.

When other departments run IT solutions on their own, they just want to use it to get their work done. They do not look into various aspects WHICH INCLUDES :

a) Compliance to ISO27001/2/3 or Information Security management standards, and good IT management and governance (etc COBIT).
b) Evaluation (features , requirements, suitability to users , support given, emphasis on security, infrastructure requirements & feasibility)
c) Third party assessments ( IDC, Gartner, products reviews, etc )
d) Product lifecycle & upgrade cycles .
e) Comparison between various vendor offerings, and possible internal IT & cloud solutions provided by parent companies / HQ (features, deliverables, cost).
f) Return on investment of product (ROI) and fulfillment inline with company business goals.
g) Compatibility with existing IT systems (if not it will become a silo system).

..............And the list goes on.

These aspects are usually evaluated and filtered by the IT department.

If these are not evaluated, they could end up giving more cost (or risk) to the company, and not getting what you want with the money spent.

And if something goes wrong, or there was an data loss / security incident, or there is incompliance, they fall back to the IT department, who had no role in it, in the first place.

This can create additional workload for IT department, in terms of troubleshooting, compliance and compatibility integration of this new system to the current IT systems. More of often than not, business owners would want data from the new system to be integrated with existing IT systems, which may not be readily compatible. Not only that , in the case of incidents of data loss , leakage, or security breach , IT department would need to do investigations and countermeasures, which includes additional costs.

In the article, it is mentioned that "84 percent of respondents now also believe the IT department should be responsible for helping other lines of business to drive innovation and must set the strategic direction and be accountable for security".


If so, how can IT department be accountable for something they were not involved in?

The solution is simple : In driving towards innovation and business goals, it is important to have IT department on board , all the way, not half the way.


Based on the article "IT Centralization or Decentralization? - Harvard Business Review" , it mentions that "Decisions rights define who makes what decisions about IT. In allocating rights, a loose rule of thumb is that line managers should have authority over what services are delivered and IT should have authority over how the services are delivered."


Put it simply, business related departments should state what services are required , and IT will handle how it is delivered.


In the article "Following both sides of the decentralized vs. centralized IT debate - SearchDataCenter", there is some good points in the debate between a centralized & decentralized IT. Centralized IT benefits includes (i) to meet centralized compliance requirements, (ii) reduces data processing costs by server consolidation by merging systems and virtualization, (iii)  reduces hardware and software costs through bulk purchases & discounts, (iv) centralized functions and reduces redundant IT staffing, & (v) cost effective maintenance. All this can lead to faster & effective service delivery, under one authority , that is IT.


All in all, despite the growth and automation offered by cloud platform solutions , centralized IT dept is STILL the way to go in the long term.


Reference :
a. Confirmed: Cloud no longer purchased or managed just by IT - ComputerWorld Malaysia - http://www.computerworld.com.my/resource/applications/confirmed-cloud-no-longer-purchased-or-managed-just-by-it/

b. IT Centralization or Decentralization? - Harvard Business Review (July 2008) - https://hbr.org/2008/07/it-centralization-or-decentral

c. Following both sides of the decentralized vs. centralized IT debate - SearchDataCenter - http://searchdatacenter.techtarget.com/opinion/Following-both-sides-of-the-decentralized-vs-centralized-IT-debate

Sunday, November 20, 2016

The antivirus has failed ....... a survey opinion, and points on countermeasures.

I was reading in shock , concerning this article "Antivirus Fails to Stop Ransomware 100% of the Time" from InfoSecurity Magazine website.

It seems , in general IT survey opinion , that antivirus on all times, fails to contain the ransomware infection. It also states that the firewall, the anti-malware , the email filtering and security awareness also were not good at repelling ransomware.

Also worth noting is that despite the attacks, the companies involved did not alter / countermeasure much on the ongoing threat.



Points I would like to note here :

a. I have always highlighted that cybersecurity requires proactive measures, to be successful. Constant improvements & monitoring with regards to latest threats, and updated security awareness campaign to all staffs, is crucial.

b. In my field of work, I did not leave it to chance for my antivirus & email filtering solutions to stop the ransomware threat. I did some extra measures, that is typical & latest ransomware file types were manually blocked in the email filters, as well as filename patterns & keywords. This is despite the email filter scannning was able to detect the ransomware on their own, given the chance. Those extra measures provided another layer of protection and assurance from ransomware penetration.

c. Other extra measures were tightening/removing the USB drives usage, as it is also another vector for ransomware infection. Latest antivirus solutions have features to control & limit USB drives capability, to stop USB based infections.

d. Also , autorun.inf and program execution from USB drives can be disabled by either using the antivirus solution policies, or Active Directory security group policies. This can stop auto execution of any programs (legitimate & malicious), and allow time for antivirus solution to scan he USB drive and contain any threat.

e. Contants bugs and vulnerabilities patching is a must.




I strongly believe that proper expertise in fixing the gaps and flaw is necessary, as strong knowledge can really help make good countermaeasure solutions. Knee-jerk fixes does not solve the problem, and I believe that is what was done by these companies.

"Proper deployment , constant monitoring , patching and daily updates , for combination of proven firewall/IPS & email filters & antivirus solutions can certainly go a long way in putting ransomware infections to a stop."


Prevention is better than cure .......



Reference :
http://www.infosecurity-magazine.com/news/antivirus-fails-to-stop-ransomware/
https://blog.barkly.com/ransomware-attacks-bypassing-antivirus

Sunday, October 20, 2013

My Upgraded Samsung Galaxy SII

I had problems with my Samsung Galaxy SII , where any incoming or outgoing calls will have strong static sound and I cannot hear the other side.

I needed to send my SII for repairs since it is still under warranty.  I logged the case at the Samsung Malaysia website and got a call the next day to send my phone to Samsung mobile service centre at LowYat plaza 4th floor.

I sent the SII there and was repaired within 2 working days. Service was fast and friendly,  no complaints.  But I got a pleasant surprise. ...

The service centre said the issue forced them to replace the smartphone mother board with latest SII board. The latest board ran on Android Jellybean 4.1.2 !

Wow I got a hardware and OS upgrade  !

My SII is now smoother & faster, less OS RAM memory footprint and more user RAM by 100MB, and smooth UI effects . I loved it.

The camera is faster too. My SII feels like a new smartphone!

Thank you Samsung!

Sunday, July 21, 2013

TuneIn radio app for Android

I installed the TuneIn radio app for my Android Samsung Galaxy SII so I can listen to local radio stations when I am abroad.

Its such a cool app. I love it. Clear sound.
It has choices of over 70,000 radio stations worldwide and also includes podcasts. 


I have tested the radio delay , the delay between actual broadcast time and broadcast time in the app, and it is about 1 minute delay , which is not bad.

Screenshot below shows I am tuning in to a local
Malaysian radio station .

Saturday, May 25, 2013

About Htc One & Samsung Galaxy S4

I want to pour it out........ HTC One smartphone is cool and all...... It was a good competitor to Samsung Galaxy S4 . But the 4MP camera on HTC One is the only reason I am against it and prefer S4. Why HTC put in a 4MP camera ?

It should at least have 8MP or more......... Its a letdown.

Wednesday, April 24, 2013

Truecrypt HDD encryption case study

Wow..... The security from HDD encryption ensures your data is protected from prying thiefs.

The below screenshot is taken from Wikipedia search of the term 'Truecrypt'.

Wednesday, April 3, 2013

Bitmeter OS bandwidth speed measurement

I have tried using Bitmeter OS Android app to measure a Streamyx UNIFI fibre 10Mbps line. It seems to be accurate, since it is run from an Android app from my Samsung Galaxy SII.

Thursday, July 26, 2012

High internal memory usage in my Samsung Galaxy Ace...ouch!

Topic : High memory consumption of Samsung Galaxy Ace S5830


OH BOY!
I always had a problem with my Samsung Galaxy Ace phone , with it's internal storage memory to be precise (not to be confused with the device RAM).
The internal storage memory ( which is 181MB in size) is used to store app programs data and code, other than the SD card storage.
Most apps store the data in this memory area, although some apps give option to store in SD card.
The PROBLEM WAS, this memory usage keeps increasing slowly, eventhough I uninstalled some apps. Even after that , it goes more than 150MB , max 181MB !
As a result , the phone GUI response slows down. It takes several seconds just to switch screens or exit an app. One example, just to open the Messaging SMS screen , it takes 10~12 seconds !
It got into my nerves......
I had to reboot the phone just to get it back to normal , everytime !
But that would not last long, so frequent reboots became a norm.........
I had to uninstall my Whatsapp several times, as well as other favorite apps like eBuddy and Angry Bird.

I have searched the Internet for a solution, but there is was no bulls-eye solution.......
After going to through many trials and tribulations, EUREKA !
The problem was the app cache !
I went through the all the apps installed in my Galaxy Ace, I noticed that:

a. The Gmail app cache took 10MB
b. The Youtube app cache took a whopping 30MB !
c. The builtin Android browser had cache 14MB


Next thing I did? CLEAR ALL THOSE CACHE!
After all , usage reduced from 150MB+ , to around 100MB.
The phone was smooth all the way after that...... no more slow response ! Smiley



Photobucket
Memory usage at 111MB (after memory cache clearing). Previously it went above 150MB !


Photobucket
Go to "Memory Usage" section in Settings to see which apps using memory plus cache in detail....


Photobucket
Go in each app one by one and checked it's cache usage....


Photobucket
Youtube app memory usage .... previously the cache was 30MB. It emptied to zero after pressing "Clear Cache" button ! The cache uses the internal memory as storage.


Tuesday, April 17, 2012

Mozilla Firefox SQLite database records user browsing history

Topic : Mozilla Firefox 10.0.1 history user database, Mozilla Firefox sqlite database, Mozilla Firefox user browsing forensics, Mozilla Firefox SQLite database engine


I remember reading an article about Mozilla Firefox and how IT forensics use the SQLite database within Firefox for user's web browsing history (CyberSecurity eSecurity bulletin, Vol 23, Q2/2010 - http://www.cybersecurity.my/data/content_files/12/725.pdf). For all of you, the Mozilla Firefox in your PC has a SQLite database which records all user activity, and all user profiles too. These activities include browsing history, login details ( if saved), forms input history , cooking, bookmarks and so forth. A lot of info ! Smiley

I thought of checking out Mozilla Firefox (latest version 10.0.1 as of today) in my PC for such database, and yes there is !
I used SQLite Manager add-on for Firefox to browse the contents of the databases.

Details:

a) Database location - "C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\xxxxxxxx.default" (Windows 7)
b) Tool used - SQLite Manager : Add-on for Firefox
c) Total databases - 12 databases (see screenshot below)
d) Database under review - places.sqlite (see screenshot below)


You can just browse the databases for various info such as Bookmarks info, Visited URL info, Visit history info, and Form input info. Do take note that the time format in these databases is not in a user friendly form. Use the SQL queries below to get the date/time in GMT format.

I ran the following SQL commands to get info on my browsing history
(in database places.sqlite):

i) SELECT datetime (moz_historyvisits.visit_date/1000000,"unixepoch"), moz_places.url FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.id
Gets info on the history of visits

ii) SELECT datetime (moz_places.last_visit_date/1000000,"unixepoch"), moz_places.url , moz_places.title FROM moz_places
Gets data/time, URL and page title of all recorded web sites visits

As you can see ( based on the screenshots below), there is a lot of information about your web browsing history that you can get from these databases. This can help in terms of forensics... or monitor if your roommate is using your laptop without your knowledge !

You can also use certain tools to analyze these tables, such as FoxAnalysis Plus ( see reference below ).

What a world we live in .......


Screenshots of Mozilla Firefoz SQLite database contents ( database places.sqlite )
Photobucket
List of databases for Mozilla Firefox, 12 databases in all....


Photobucket
SQL query to see browsing history using SQLite Manager for Firefox....


Photobucket
SQL query to see total browsing history (last visited) with page title using SQLite Manager for Firefox....




References
CyberSecurity eSecurity bulletin, Vol 23, Q2/2010
http://www.cybersecurity.my/data/content_files/12/725.pdf


SQLite Manager : Add-on for Firefox
https://addons.mozilla.org/en-US/firefox/addon/sqlite-manager/


FoxAnalysis Plus
http://forensic-software.co.uk/foxanalysis.aspx


Firefox Forensics
http://www.machor-software.com/firefox_forensics

Monday, March 5, 2012

Windows 8 Consumer Preview sneak peak

Topic : Windows 8 Consumer Preview sneak peak


I had the chance to download & try out the Windows 8 Consumer preview , running it as a virtual machine using a VMWare Player v4.0 Smiley

Feast your eyes for the below screenshots.... I would say there is heavy integration of social media for this Windows edition !

Photobucket
Windows 8 Consumer Preview screenshots


Photobucket
Windows 8 Consumer Preview screenshots - comes with Internet Explorer v10, not released yet....


Photobucket
Windows 8 Consumer Preview screenshots - Apps full list


Photobucket
Windows 8 Consumer Preview screenshots - Apps full list


Photobucket
Windows 8 Consumer Preview screenshots - Power, brightness, Network... and Notification?


Photobucket
Windows 8 Consumer Preview screenshots - I see a special "Share" button....


Photobucket
Windows 8 Consumer Preview screenshots (notice that there is no Start button.....)