Checking in

As I suspected, my demands at my employer have become more and more intensive with each passing day but I look to this with excitement rather than frustration or concern as this shows that I am well needed by my employer. At this time, I have completed three classes toward my MS in Cybersecurity but I am forced to take a summer off because my student loans were not allocated properly to support summer semester. Despite this, I am not unhappy, I will certainly enjoy taking a break for three months as my family and I are in the dead heat of trying to get our current home sold and move to a larger home in the main par

ADFS is keeping me busy

I have been neglecting this poor little blog for some time now and that’s not really fair. I do have a good reason, though. You see, I started my job at a major oil and gas company in Dec. as a result, I have been trying to not only earn my stripes as a security professional (a hat I have worn but never full time) but also to meet the crazy deadlines a company like mine has in place. As a result, I have been devoting a great deal of time and effort to learning of a mysterious piece of software known as ADFS.

To those who are not part of a MS-Centric world, the ADFS server is really what a lot of MS folks have been getting excited about. ADFS stands for Active Directory Federated Services and is something that, although it has been around for several years,  has only recently started growing at such an alarming rate. The reason behind this is that Microsoft is using the ADFS software, a tool that allows you to essentially build a trust between yourself and an MS Cloud server (likely running Azure) or any number of applications that are ‘claims-aware’. The flagship product for using this new ADFS is the Office365 application which is what has been keeping me busy.

After successfully taking ADFS from the birthing floor all the way into what is not a production level test, I have become a small-time expert on the subject. I know all about tokens-aware and claims-aware apps, I am becoming familiar with the often curious ‘SAML” language or “Security Assertion Markup Language” which is used by various “Identity Providers” (software or servers designed to understand SAML) to send ‘tokens’ (little chewy bits of SAML code…basically SAML cookies) from the IdP to the Relying Party Trust (RPT). The program has been fun to learn and I can see a lot of practical uses for the application and what it is capable of. Now, if I can only teach myself more advanced Active Directory topics that were somehow completely absent from my learning and experience in other positions I will be doing just fine. At least then I wouldn’t feel like such a n00b but that’s the way things go when you are starting a new gig, right?

Keep on keepin’ on and so will I.

Reviewing the Logitech Revue

I have been a fan of having a multimedia HTPC for many years… much longer than it has become ‘chic’ to have one but it wasn’t until recent years that the TV technology and the hardware needed to run these services finally caught up with the mainstream market. In this market, we have the AppleTV, the Roku, Boxxee, and the GoogleTV. By and large, the Roku has the highest visibility in the mainstream market and those who are part of the cult of Mac are well familiar with AppleTV. The open source community is taking notice of Boxxee but it has only a minor hold in the appliance market. The last contender is the GoogleTV system which is deployed to various Sony TV’s but also released their appliance, the Logitech Revue which I finally decided to purchase with its nice $99 price tag.

Now, I should mention that a day or two after I purchased my device, Logitech made a public announcement that they feel that the Revue was a massive failure because it didn’t sell well in the Christmas market last year. I think they might change their tune now that the price point has dropped as my favorite vendor, NewEgg, was completely sold out of these devices so I made a deal with the devil and bought mine from BestBuy, rumor has it that they are quickly running out of stock on this device too. Perhaps Logitech should have been more patient? This year might be a real winner for this device as I have already been very impressed with this and I only opened it last night.

The Revue is a small footprint device, only about 12″ by 8″ and by all extents and purchases looks like little more than a black mushroom with green lights on the front. If you check out the back, you will find a power plug, an HDMI In, and HDMI out, two IR Blaster ports, an SDPIF port, an Rj-45 jack, and a Logitech Unifying receiver. The wonderful part about this thing, in my opinion, is the simplicity of it all. You don’t have to connect it to a spare port on your TV which is awesome since my HDTV only has two HDMI ports, one of which goes to my Blu-Ray player, the other going to my cable box. You simply place this device inline with your HDMI (cable from the wall hits your cable box, HDMI out of the cable box goes IN to the HDMI on the Revue, HDMI Out on the Revue goes to my TV), they even give you a nice HDMI cable with the box. Feed your revue a network connection either RJ-45 or my choice, 802.11g Wi-Fi, and the device takes care of the rest.

When I first booted this up, I went through a very simple series of set up screens including a GMail account to link it to, information for my Wi-Fi (the key and so on) and a few other things. It downloaded an update to itself after it got a live internet connection and then rebooted. Once it rebooted, it asked me to provide it with the Make/Model of my cable box, my TV, and my home stereo system as well as the provider for my cable service. After a few inputs, it knew everything it needed to pre-program the keyboard remote control included to control these device. No joke, it searched itself for the codes (like a universal remote would do) and within a few minutes, I could control my cable box, my TV, and my stereo from this nifty little keyboard/touchpad controller. The picture was crystal clear on my HD channels and the guide button on the remote does, in fact, open the guide on my TV but that’s just the beginning of this device’s ability.

I launched the Applications included (appearing in a slightly annoying but not horrible screen overlay) and set up my NetFlix account, my Pandora radio account, and had the option to do the same for Amazon (don’t have one of those yet), CrunchyRoll (same story) and many others. I also really liked that the thing doesn’t interfere with anything already setup on the box, it lets me access my DVR features from my cable box, it lets me easily switch tasks with very little issue and my wife likes the fact she can use the regular TV remote if she wanted to change channels and such.

So far, I am very pleased with this thing. I think Logitech made a bigger failure by deciding to drop support for this device as it will really be awesome if it sells out everywhere this year. As far as I know, Google itself has stated publicly that it will keep supporting this device even if Logitech doesn’t. So basically, I get two bonuses, the thing keeps working and I don’t have to deal with Logitech’s often annoying tech support team. Win Win if you ask me.

Wired and Wireless Security Best Practices

All organizations doing business in the modern world require some sort of network to support the operations of the organization even if the organization is a small local business. Regardless of the size of the organization, the data on their machines is one of their most prized possessions as it can contain everything from financial data to trade secrets can be kept resident on these machines  and must be secured (Caballero, 2009, p. 237). Although wired networks and wireless networks are rather different architectures, they share many similarities in how they are secured, therefore, this discussion will begin with the specific security practices that the networks share and then will expound on the more specialized needs of wireless networks.

In order to create a strong and secure network, the first thing that must be done is to establish a firm boundary at the physical level. The server room or data center should be offered as many physical protection methods as deemed possible by the organization. Some of these safeguards include: security officers, a visible authorization system (i.e. receptionist who checks IDs before allowing building access), a two or three level authentication system such as a user name and password, or a user name, password, and biometric check, and an auditing method (either paper or electronic) that logs access to the room or datacenter. If it is financially feasible, the company should also consider installing a closed circuit security camera system (Caballero, 2009).

Once a physical boundary is established, the attention should be shifted to focusing on the network boundaries (or perimeter). A firm line should be established between where the internet ends and the private LAN begins. Much like a building, the LAN should be protected by security guards that block the entrances and exits until the data has been authenticated. In order to accomplish this, the network should be secured by a network firewall that uses a bi-directional analysis method known as ‘stateful packet filtering’ (Caballero, 2009, p. 240) as this will analyze each packet as it passed through the network. Once the data passes on to the router to enter the LAN, it is wise to include router packet filtering to examine packets to see if they meet security policies that have been implemented. If the router allows for MAC Address filtering on wired connections, these should be activated as well because this adds additional security to prevent unauthorized devices (Prowse, 2011, p. 132). Once the router has been deployed, the next layer to secure the network would be to install an inline Intrusion Detection and Prevention System (IDPS) as this will scan the network for possible intrusions using either a signature analysis system or an anomaly based system (preferably a combination of both) that will flag administrators in the event of a perceived attack (Prowse, 2011, p. 155).

The various safeguards as outlined above are some of the primary practices used to secure wired networks but to secure wireless networks additional measures must be taken. Each wireless network broadcasts to a certain range which will allow some possibility of the signal traveling beyond the physical walls of the building. Because of this flaw in the security of wireless, it is advised that organizations reduce the signal strength incrementally until the signal is no longer detected outside the organization (Valacich & Schneider, 2010, p. 203). Another broadcast item is the Security Set Identifier (SSID) or the network name of the wireless access point which is set up to broadcast itself by default, one should turn this off so as to prevent unauthorized external access to the network. All wireless access points have the capability to use some sort of passkey to permit access including WEP, WPA, and WPA2 encryption schemes, to ensure security and authentication, the WPA2 encryption scheme should be activated and a high entropy password created to secure the access point. Also, it is imperative that MAC filtering be turned on for wireless clients so that only hosts who are added to the MAC filter list are able to receive connectivity. Lastly, if the devices being connected to the wireless point are 802.1X capable, this authentication system should be activated (Vacca, 2009, p. 797).

All of the safeguards above are some of the best ways to secure a network, especially from a hardware level. Despite the best security practices, the human element can still cause challenges to a security infrastructure. Thusly, a wise information security manager will also create a comprehensive security plan for all the users at the facility to follow and remind them often. No network is completely secure but implementing items such as these will allow a decent reduction in risk.


Caballero, A. (2009). Information Security Essentials for IT Managers: Protecting Mission-Critical Systems. In J. R. Vacca, Computer and Information Security Handbook (pp. 225-254). Burlington: Morgan Kaufmann Publishers.

Prowse, D. L. (2011). CompTIA Security+ SYO-201 Cert Guide. Indianapolis: Pearson Education.

Vacca, J. R. (2009). Configuring Wireless Internet Security Remote Access. In J. R. Vacca, Computer and Information Security Handbook (pp. 795-798). Burlington: Morgan Kauffman.

Valacich, J., & Schneider, C. (2010). Information Systems Today: Managing in the Digital World. Upper Saddle River: Prentice Hall.

My First Complaint About my Alienware 17xR3

As I mentioned in an earlier post, I was very excited about my first AlienWare laptop and I was counting down the days as until it arrived. It finally arrived on Wednesday so I took a slightly longer lunch and went back to the house to pick it up (I certainly didn’t want to leave it sitting on the front porch in case a ne’er-do-well decided it looked like it was worth some money).

The device is every bit as powerful as I expected it would be, even with only 8GB of RAM. Yet this brings me to my first gripe about the device. Okay… let’s consider the market for an Alienware laptop… usually a gamer who is all about squeezing as much power out of their laptop as they could possibly accomplish. Odds are, one of those things would be additional RAM. Goodness knows that is one of the things that I wanted to do. If that’s the case… why on earth did Dell make such a dumb choice in RAM placement.

You see… there are two banks of two SODIMM RAM slots on this device. The EASY ones to get to are simply done by taking out the battery, unscrewing the two little screws in the bay and then sliding the back plate off. The OTHER RAM slots require you to do the steps mentioned above as well as remove an additional series of about 8 screws to get the keyboard off, lift it up and disconnect the ZIF connector and slide the keyboard out.

Here’s your pop quiz… WHERE would you install the stock RAM on a device like this? Knowing full well that the tech buying it would likely add more RAM? Of course it is extremely logical to put the stock RAM in the EASY area so that when a gamer with a penchant for upgrading hardware wanted to add more he could… Okay. That’s right it’s NOT logical! Why on earth would you do something so ridiculous? I have no idea why but that is EXACTLY what Dell did on my device. I was expecting that I could simply add the extra RAM in the easy to reach section of the computer and all would be well. Looks like I was wrong.

Other than this obvious logical misstep in placement, I am relatively pleased with the laptop so far. Now if I can just finish this 10-12 page paper for my cyber-security class, I might actually be able to play some games on my laptop!

New Gear Heading My Way

Most IT guys, regardless of the field where they work, are somewhat geeky about gadgets, computers, and general technology. I am no different! Since I began my new Master’s program at UMUC, I have been turning the idea of purchasing a new laptop over and over in my head since my student loans were approved. Finally I made my decision.

I have an aging HP laptop that I purchased in 2008 when I started my M. Div and although it has served me well, it is starting to wear on me. The original build was designed to be Windows Vista and it is an HP Pavilion DV7 running a dual core Intel Centrino with 4GB or RAM and an nVidia GeForce dedicated video card. It works just fine on Windows Vista and I added an additional 2GB to bump it to 6GB of RAM. Once I loaded Windows 7 and updated the nVidia driver to give me the most bang for my buck. However, the dream machine became a nightmare at this point because not only did HP not provide updated features for Windows 7, there was an inherent flaw in the video card driver. If I was using the laptop on its docking station, the video drivers worked just fine but the instant I tried to use the computer off the dock, the screen would black out and then come back, reporting an error with the video card driver kernel and then it recovered from the error. However, I learned quickly that once I saw this event, I had anywhere from 5 to 10 minutes before my computer would completely lock up and require a reboot.

I called HP while on the road in Georgia to and tried to troubleshoot the issue. The technician finally told me that the laptop was designed to work with Vista only and since I was running Win7, HP wouldn’t offer any support. He had me roll back to the basic Windows Vista driver which was the ONLY thing that wouldn’t cause it to choke. That means that since I could never update the video card driver unless I was on a dock (why bother owning a laptop then?) and so my video games have all been using an old antiquated driver for these years. My Sims 3, WoW, and Bastion cannot look as awesome graphically as they are capable of because of the limitations with my hardware. This does not bode well for a man like me with geeky interests!

Last night I finally ordered my new laptop. I labored over the decision for weeks trying to decide how much I wanted to spend, how powerful of a computer I wanted to have, and what vendor to use. I considered the Dell XPS 1720 series but NewEgg has been sold out of them for a week now. I also considered the newest Asus G series laptop but for the cost of the computer and the capabilities, it wasn’t worth it to me. Finally I decided on an Alienware M17 series with an Intel i7 processor (2.o Ghz), 750GB HDD, and AMD Radeon HD video card. The only real downside was that I had not really had much luck with the quality of graphics on ATI/AMD Radeon video cards when they were installed in laptops so I was a little squeamish. However, a NewEgg reviewer posted some of their stats for performance on this machine and I saw what i needed to see. Evidently the Alienware hardware configuration works pretty well when it comes to pure power and graphics boost, the guy is getting over 65 fps on some of the hottest titles out now and his laptop isn’t even batting an eyelash. I purchased an extra 4GB stick or RAM to go with it so I will be running at 12GB when the laptop is fully configured.

I am only a part time gamer but I foresee that I will want to do much more gaming with a rig like this. My old laptop will be re-loaded with WinVista and the latest drivers so I can either use it as a backup for my main rig, or I am thinking of attaching it to my HDTV permanently and buying a new wireless keyboard and mouse so we can have a real media center device for the first time in many years. If we don’t do that, then I will set it up for my wife and then I can take her laptop that she is currently using (slightly older but still has HDMI out) and use it as the media PC. That way I can stream everything from Netflix without having to use the Wii and I can open up the various YouTube videos my daughter likes to dance to without having to struggle with the Wii Remote to type and the painfully slow Opera browser built into the Wii.