The WRLR interview didn’t permit full coverage of some of the topics raised, so the following is an attempt to complete the discussion. Listen to the original interview first, as the following only covers the gaps and additional material.
Some links to items mentioned during the show:
Free tools to scan computers for malware and vulnerabilities:
https://www.kaspersky.com/downloads/free-virus-removal-tool
https://www.informationtechnologyandsecurity.com/files/FortiClientOnlineInstaller_6.0.zip
Company with excellent webinars on human behavior that leads to system compromises. Most of their webinars can also be used as podcasts for times when video is inappropriate, such as when driving.
On the Saturday 1100 show, 2020 May 16, ITS was interviewed on WRLR (98.3 FM) by hosts Lou Bruno and Bruce Becker. A variety of subjects were covered including VPNs, residential internet service, Cyber Distancing, and more. If you missed the live broadcast, or are outside the broadcast coverage area, the ITS portion of the show is available here:
The interview may be played directly using the player controls, or downloaded for listening later and/or on another device by right-clicking on the player and selecting to save the file wherever desired. Note that you will need to visit the ITS web site to gain access to the player controls and have the option to download the podcast file.
WRLR (https://wrlr.fm) plans to have ITS back for another show, so watch for the announcement to come in advance of that next show.
Single Points of Failure – any parts of a system that disable or break the system when any of those parts fail. Clearly not desired, but unfortunately frequently found, especially when they fail. Examples appear in major media almost weekly, but the pain is really felt when the example is close to home.
Avoiding SPOFs is a matter of analyzing all parts of a system to identify SPOFs and then implementing mechanisms to mitigate failures of those identified parts. It is normally far less expensive to analyze and mitigate prior to failure, than to deal with the resulting situation after a failure.
So, why are SPOFs so prevalent? Sometimes it is a result of applying funds and time to issues perceived to be more important. Sometimes it is just ignorance of the concept, and lack of experience suffering the result of a SPOF failure. However often the process of recognizing SPOFs is simply not thorough enough resulting in a false sense of proper preparation, and some dismay if a SPOF fails thus revealing the oversight. This is frequently the result of those doing the analysis being too close the systems involved, thus failing to ask all the questions that would be normal for an outsider.
The best results for good SPOF identification and mitigation usually come from outsiders who have enough knowledge of the systems involved, but who are not intimately familiar with the system being analyzed. The process is a bit time consuming, but overall quite simple in concept. The outsiders just ask questions about everything while the insiders provide detailed answers. Usually this simple process readily identifies SPOFs to all parties though the determination of how to best mitigate is often a bit of discussion and debate.
Bottom line: better to know SPOFs and make some effort to address, than to ignore and hope for the best.
If you’d like ITS to play the role of outsider, just let us know. We are happy to help you work to avoid unpleasant future surprises.
By now everyone seems to know that PPE, Personal Protective Equipment, is key to reducing the spread of human viruses. But how many know, or even consider, the equivalent CPE, Cyber Protective Equipment?
PPE typically consists of face masks, shields, gowns, and gloves. These are normally relatively inexpensive devices that provide barriers to the transmission of viruses from infected hosts to those yet uninfected. CPE is the same in the cyber world, cyber barriers to the transmission of cyber viruses.
Typical CPE would include:
This may seem like a lot of equipment, however a well designed product line can incorporate many, or even all, of these functions into a single product. Certainly the device provided by a typical residential or business ISP (Internet Service Provider) doesn’t properly implement these functions, and often lacks them completely. Fortinet is the market leader in performance and affordability, with a line of products that can protect from even the most virulent cyber threats, It is the opinion of ITS, that in today’s world, not incorporating Fortinet gear into a cyber protective strategy is a lot like shunning PPE in a hospital.
