Philosophically Secure

Have a great idea for an information security research topic? Why not write up a white paper and pitch it to the Department of Homeland Security? The DHS Cyber Security Research Development Center (that’s a mouthful) is soliciting research ideas on cutting edge security topics. Anything from combating botnets, routing protocol security, to data visualization. Of course, they’re interested in the bread and butter research of malware protection and insider threat management as well.

DHS will award up to $4.5 million for the research, which is a pretty good amount of money to get the ball rolling. Check out the actual solicitation here.

This is pretty obvious, but worth repeating. If your corporate network allows Internet P2P connections, then your confidential data is probably available on various file sharing networks. It’s just too easy to install one of these programs and let it share your My Documents folder by default. Then all someone has to do is search for .DOC files with the word “proprietary” in them and see what comes up. Unfortunately, blocking P2P networks can be tricky, since they use a variety of ports - some even actively try to evade firewalls by going through port 80.

InformationWeek: Beware P2P Networks With A Tunnel To Confidential Data

At first glance, I didn’t expect much from this InfoWorld article (probably because it had the word “manager” in its title). But it actually turned out to be rather insightful. The author discusses how there are lessons for us security types in a book about becoming a better surgeon. They are mostly common sense suggestions that we’ve heard before, but I found the comparison between two very different professions to be interesting. Also, the basic idea of having consistency is something that I espouse - not just at work, but in many aspects of my life.