[ISN] A gift list from 'Security Claus'

From: InfoSec News (isn@private)
Date: Tue Dec 06 2005 - 22:16:41 PST


http://www.computerworld.com/securitytopics/security/story/0,10801,106807,00.html

Opinion by Ira Winkler
DECEMBER 06, 2005 
COMPUTERWORLD

It's the time of year when you need to pick out gifts for your
friends, family and co-workers. I thought I would add a little
security to your season, and maybe help you choose gifts that are
unusual but also useful. So to that end, enjoy!


Software and Gadgets

Security software suites: For about $50, you can buy a
firewall/antivirus/antispam suite. Antispyware is also a good option
as well. Sadly, many people don't have this type of software, and
frequently, if they do, they don't maintain the licenses so that the
software can update attack signature files. Without an updated
license, the software is as bad as having nothing.

Personal shredders: With identity theft being a crime that will only
continue to grow, a gift that helps to prevent identity theft should
be very welcome. Personal shredders can be found for under $30 and are
useful for everyone. You should look for cross-cut shredders that can
accommodate at least five sheets of papers with staples, if you really
like the person receiving the gift.

USB drives: Most people don't perform backups regularly, primarily
because they don't have a logistically feasible way to do it. This
puts them at risk from everything from viruses to just stupid
accidents. Without backups, you are basically screwed if something
goes wrong. The newer Universal Serial Bus drives can hold up to 2GB
and should be able to back up most people's "My Documents" directory
structure. People with a lot of pictures and music will need several
of them, but you can be one of the first to help them out.

3M Privacy Filters: For the frequent travelers on your list, 3M
Privacy Filters are great gifts. I've gathered some of my best
intelligence looking over people's shoulders on airplanes and in other
public areas. While people shouldn't do sensitive work where
"outsiders" can spy on them, they will. Just to make sure your friends
don't lose that big contract and get fired, these filters are great
gifts.

Laptop cable locks: Also for the road warriors on your list, a cable
lock can be a great gift. If you take a good look at a laptop
computer, you will see an oval hole or two that's about a half inch in
length. There are special cables that have a head that fits right into
that hole. You wrap the cable around something that isn't going to
move too easily, and then lock the head into your computer. While this
doesn't guarantee your computer can't be physically stolen, it makes
stealing your computer exponentially more difficult.


Books

Hackers Challenge and Hackers Challenge 2 (McGraw-Hill Cos., 2001 and
2002, respectively): If you're looking for a great reference for
technical computer security professionals, this is it. These books
test your computer security skills by putting you through more than 20
realistic scenarios, and see how well you would respond to them.  
You'll have a lot of problems finding a person better qualified to put
a book like this together than Mike Schiffman.

Hackers Beware (Sams, 2001): If you're not a computer security
professional but you're technically inclined and want an idea about
the intricacies of hacking, this is a good book. While the hacking
techniques presented might be somewhat dated, the fundamental concepts
are universal. You will also pick up a few security tips along the
way. Eric Cole, the author, is one of the most knowledgeable people in
the field and one of the SANS Institute 's most popular instructors.

Spies Among Us (Wiley, 2005): OK, I'm biased as far as this one goes,
but it is a good book. If you don't know why the gift recommendations
above are so important, then you definitely need the book. I wrote
this book, not for security professionals, but for the manager and the
average person. It's intended to take away the hype surrounding
computers and general security and provide practical and
cost-effective solutions to everyday security problems. The case
studies have been described as reading like spy novels. Don't take my
word for it; read the reviews at Amazon.com.

Paranoia: A Novel (St. Martin's Press, 2004): If you're looking for an
entertaining, fictional take on security, Paranoia would be it. The
plot involves industrial espionage, and Joe Finder did a great job
researching the subject and makes the book a page turner.
 

Movies

Sneakers : This movie is a security classic. While the basic plot
isn't overly realistic, it's still a great movie, and there are a lot
of security lessons to take away.

War Games : If you or your friends have never heard of this movie, you
have to see it. It is the first and best of its genre. While it is a
little idealistic of the hacker culture, the hacking techniques shown
are still in use today. It's also good for highlighting the fact that
even if computer hacking is not intended to cause damage, it can still
have disastrous effects.

Ferris Bueller's Day Off : This movie is probably one of the best
examples of social engineering, the term for conning people, you will
ever find. It's also really funny.



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.



This archive was generated by hypermail 2.1.3 : Tue Dec 06 2005 - 22:41:55 PST