Security Advisor

A Few of My Favorite Things

So many security toys, so little time.

• By Roberta Bragg
• 12/01/2002

Scottie’s been hinting all fall that I should be spending more money on him. As a personal trainer, Scottie’s great—really; but his hints are getting quite out of hand. In October, for instance, I arrived home from Anaheim where I’d been visiting Mickey Mouse and his Microsoft friends at MEC, to find Scottie sitting silently on the kitchen floor dressed from head to toe in aluminum foil. He claims he was just trying on his Halloween costume (he said he was Baked Potato Man), but I think he was really telling me he wanted some new clothes.

November was worse, though. Scottie came to COMDEX with me (well, I’d been spending way too much time on the road and not enough time, er, exercising). While it was fun to have an escort around the Las Vegas strip, his lust for the finer things (jewelry, clothes, sculpture and rich-boy’s toys) displayed in every window got a little tiring. Then I took him on the COMDEX show floor.

This was a rather big mistake. Until then, Scottie, protesting he was a confirmed luddite, had stayed away from technology; but in Vegas, the technology tables claimed more of his time than the gaming tables. Now he thinks he has a new business career—security hardware—and he can’t wait to try out his new profession by outfitting my business with all the latest cameras, biometric building locks and so forth. The man is going to be a problem, but at least I can write off his trip expenses if he’s going to turn into a technology consultant.

I’m always getting new technology toys. If they make me happy, shouldn’t I share the love with others? Here are some gift ideas for you to add to the Scottie’s on your list: tools to keep Internet connections safe, keep notebooks and gear protected on the road, and a lot more. A wealth of stuff is out there, and much of it’s free or available at a low price. Give the gift of computer security this year. We’ll all benefit from your efforts.

You’re Never too Young to Learn About Security
The Computer Learning Foundation, www.computerlearning.org, has home and school videos, as well as a lesson plan that teaches children about using computers wisely and protecting information. The materials use puppets (Chip and Friends). It also has a wealth of material of interest to parents of elementary-school children that details responsible use of technology. I especially like the Code of Responsible Computing, posted at www.computerlearning.org/ResCode.htm. Maybe you should give a copy out at work. At home, if you want to filter access to those less-than-child-friendly sites, Net Nanny, www.netnanny.com, has a filtering program. It has a free trial and a $39.95 price tag.

Free and Less-Free Goodies

Training—Have a small-business owner on your list? Send him or her to a NIST (National Institute of Standards and Technology) Small Business Computer Security Workshop. The schedule for 2003 wasn’t posted as of the time of writing, but the information looks good. The registration fee is $50. The NIST Computer Security Resource Center is at csrc.nist.gov/.

Intrusion detection systems—Download a free intrusion-detection program from Silicon Defense, www.silicondefense.com/software/snort_windows_installer/. The version without the Windows Installer is at www.silicondefense.com/techsupport/downloads.htm. You can get Snort for your Linux systems at www.snort.org. Also, the September issue of MCP Magazine contained a cover story on IDSs along with a review of four enterprise-level products.

Wireless security—Alert management to the problems of wireless encryption and get them a copy of AirSnort. AirSnort, http://airsnort.shmoo.com, will recover the Wireless Encryption Protocol (WEP) encryption keys. You’ll need a Linux box and a specific type of wireless card, so be sure to read all the documentation before downloading.

Anti-virus tools—There are several sites that have free virus checkers, including Zero-Knowledge, www.freedom.net, and Trend Micro, www.antivirus.com. You can also get a free checker from Panda software; but be aware that, in order to update it, you must pay the $29.95 purchase price. Most anti-virus companies will also allow you to download a free trial; some, like Trend Micro, will even allow you to update until the trial runs out. Pest Patrol, www.pestpatrol.com, does more than just check for viruses. It’s also on the lookout for Trojans, spyware, mobile malicious code and other pests, with a $29.95 single-user edition available.

Personal firewalls—Every computer user should have a personal firewall. ZoneAlarm has a free one, downloadable for individual users and nonprofit organizations, at www.zonelabs.com/store/content/home.jsp. You can also get a trial version of Tiny Personal Firewall from www.tinysoftware.com; purchase price is $39.95. If encrypting e-mail is a necessity, PGP can be downloaded from PGP International, www.pgpi.org.

Hard drive erasure—To thoroughly obliterate data before assigning that hard drive to others or just be assured that sensitive information has really been removed from your machine, get BCWipe from www.jetico.com/index.htm#/bcwipe.htm. Download a free 30-day trial; a single-user license is $29.95. Another freeware alternative is UltraWipe, www.webattack.com/get/ultrawipe.shtml.

Port protection—Watch your back, er, ports, with Nmap, www.insecure.org/nmap. Nmap, an open-source scanner, maps your network by detecting machines and the services they offer. A beta version for Windows is at www.nmapwin.org.

Systems scanners—Get a free security scanner for services; protocols like UDP, TCP, ICMP; Trojans; and other potential trouble spots from Sygate Technologies, scan.sygate.com.

Helpmates for the Road Warrior

Laptop bags—I spend a tremendous amount of time on the road (hence my company’s name—Have Computer, Will Travel). Anything that can help me in my travails is like gold.

The first places to look for a laptop bag are Targus, www.targus.com, or Noteworthy, www.port.com. Look for one that’s comfortable to haul and offers protection for the laptop. I recently purchased a Noteworthy backpack for its extreme padding (the most comfortable tote that I’ve found) and the fact that the model I found zips around the top instead of up and down the sides. The top unzips and flips back, which helps, as I’ve had way too many close calls with backpack side-zip models coming unzipped on their own as I rush through the airport.

Hard drive enclosures—There are a number of good sources for these. I picked up a model ME-910 USB model at my Toshiba dealer, but you can find the USB model ($59.99) online at USBGear, www.usbgear.com/usa/USB_20.html. Both USB and FireWire versions are available from Triumph, www.triumphtech.com/p/ME-910.htm. Also check out LTG Technology XtraDisk, www.xtradisk.com/cgi-bin/webc.cgi/usb.html?sid=8y4GGIOWgHMy1FM. Slap a hard drive inside, and you’ve got a portable backup system or extra hard drive, always a welcome thing for those of us with more airline miles than bucks in the bank. The advantage over traditional case and hard drive models is that, because you buy the enclosure separately, you can use it with almost any capacity drive and can change out hard drives or mount one you already have on your laptop. (Don’t forget to purchase a compatible drive.)

Locks, keys and alarms—Good locks and keys are available from Targus or APC, www.apc.com/products/family/index.cfm?id=112. My favorite security alarm is my Kryptonite (APC) Key lock ($39.99) with quick-release node. This lock comes with a little nubbin you screw into the security slot on your notebook and leave there. This makes it easier to attach the cable (ever struggle with key and lock?) and means there’s one less thing to pack.

For the ultimate in notebook security geekiness, head to www.robsecure.com/alarms.htm, and check out Mr. Robsecure. This saucer-shaped alarm (a motion-detector alarm with a twist) can be glued to the top of your laptop. You carry a remote control device separately and can arm the alarm from a distance.

For the Security Geeks

So, what about your friends who already understand the importance of security? Here are some useful tools they might enjoy:

Anonymous Internet surfing—The Anonymizer, www.anonymizer.com, keeps your identity secret when you’re on the Internet, foiling advertisers and hackers. Free trial, $29.95 for the product.

Security guide—SANS is one of the most well-known security organizations on the planet. Its security consensus guides, at store.sans.org/store_category.php?category=consguides, provide best practices and step-by-step instructions on various topics. Most are $29 and available on popular operating systems like Solaris, Linux and Windows 2000.

Security tool list—Get a top 50 security tool list free from www.insecure.org/tools.html. This was created from a survey done by Insecure in May and June 2000, in which 1,200 NMAP users from the nmap-hackers mailing list were polled to determine their favorite security tools.

Security auditing—Turn them on to Nessus, a security-auditing tool available from www.nessus.org. This tool runs on Unix, but there’s a Win2K client. Nessus doesn’t assume that a given service runs on the normal port, such as 80 for a Web server.

Security monitoring—Get them Tripwire’s evaluation kit for Windows, www.tripwire.com/downloads/index.cfm. It will teach them how to use the product for data integrity assurance. Tripwire doesn’t prevent access; it sends alerts when unauthorized changes are made to files and directories. Tripwire can also monitor network devices such as Cisco routers and Nokia firewalls.

All I Want for Christmas
I know it’s out of the price range for most of us, and really isn’t a security tool, but I’m going to ask Scottie for this one. It’s the $1,499 wearable computer from Xybernaut, www.xybernaut.com. The Poma wearable computer will allow me to look at my data, play my tunes and look weird wherever I go. I tried on the beta model at the 2001 COMDEX and had a blast. It’s got a one-inch, full-color viewing screen I can wear strapped to my head and posited right below one eye. It’s got a small, pocket-sized CPU unit to attach onto my belt and even a miniature pointing device. I can do wireless connection (add my own card) to a LAN and, hence, to the Internet to navigate my way through a Word document or anything reachable with IE. Sound is available via your own headphones. Wearable computers—can membership in the Borg be far behind? Just call me “6.5.”