Internet Security Tip #3: Always Be Patching

Internet Security Tip #3: Always Be Patching

Operating system vendors release updates regularly that fix problems with their software. Those problems might be something that stops the mouse from being able to click on a button (usability issue), or they might be a security hole that allows an attacker to take control of your machine.

Keep everything religiously updated, keep records of who does upgrades and when they are done. This is thankless work, but it is critical to ensure that your network is kept secure. I can’t tell you how many machines I log into which are running 5 or more year old web browsers, these machines are sitting ducks that will do nothing for the number of hours sleep you get a night.

I am not a fan of auto patching due to the potential risks it creates, however something is better than nothing, especially on a windows network.

About Me.

I am a telco & internet entrepreneur, nerd wrangler and massive lover of bacon. I was involved in the investigation of and successful conviction of David Noel Cecil – “Evil, The NBN Hacker”.

This article is written from the experiences I had before, during and since the successful execution of Operation Damara. My experiences are from a telco perspective however they are just as applicable to corporate and government networks.

I currently work with several Australian Telco’s and IT businesses, developing Incident Response Plans and helping them ensure the ongoing continuity of their mission critical infrastructure.

If your organisation doesn’t have a strategy for dealing with internet security incidents, I would love to help you out!

Shoot me an email – david@hooton.org or grab me on Social Media for more information.

Internet Security Tip #2: Have Good Backups

Internet Security Tip #2: Have Good Backups

Whether you’re a small business with 300 word documents and a terabyte of your receptionists MP3’s, or a global internet security firm serving fortune 500 companies, you need to have backups.

Backups must never be stored on the same medium as your primary data. Backups must be stored in more than one place. Backups should ideally be kept on more than one medium. Backups should ideally collect everything on every machine and device in your network including the configurations of network switches, routers and SANs.

Sometimes due to the sheer number of PC’s on a network it is cost prohibitive to back up entire PC’s. In this situation compromises need to be made, perhaps only backing up core operating system files. There are quite a few backup platforms which can store identical operating system binaries very efficiently I would strongly urge you to investigate them if you are in this position.

If you have network based backups and are storing them onto a network attached storage, make sure you’ve got more than one storage subsystem and you can take one of them offline in the event of a compromise until the investigation is complete. Backup data is an invaluable source of forensic information for both you and the police in the event of a compromise, guard it with your life!

Test your backups regularly. Know how long it takes to restore 1Tb of data.  Know how many Tb of critical data there is on your network. Do you have a plan for restoring onto different hardware in the event of your hardware failing or being seized by police?

Remember – Practice makes perfect. You need to drill this stuff frequently and know what your options are when your primary course of action fails.

About Me.

I am a telco & internet entrepreneur, nerd wrangler and massive lover of bacon. I was involved in the investigation of and successful conviction of David Noel Cecil – “Evil, The NBN Hacker”.

This article is written from the experiences I had before, during and since the successful execution of Operation Damara. My experiences are from a telco perspective however they are just as applicable to corporate and government networks.

I currently work with several Australian Telco’s and IT businesses, developing Incident Response Plans and helping them ensure the ongoing continuity of their mission critical infrastructure.

If your organisation doesn’t have a strategy for dealing with internet security incidents, I would love to help you out!

Shoot me an email – david@hooton.org or grab me on Social Media for more information.

Internet Security Tip #1: Have a Plan

Internet Security Tip #1: Have a Plan

Have an Internet Security Incident plan that is securely documented and kept offline in multiple hard copies. Make sure the plan is regularly discussed, updated and rehearsed by your key operations team.

The plan should include everything from equipment backup and build procedures through to a customer communications and media management plan. Just the act of  creating a proper incident management plan and your staff being trained in its processes can save you thousands of dollars in downtime and confusion when an incident happens.

When you are making the plan, imagine what would happen in hollywood. Think of stuff that seems inconcevable like being in the media non stop for a fortnight and your customers being unable to contact you.

Work out how to handle these worst case scenarios in the most graceful and strategically positive way possible, document it and train your people. It often makes sense to have an external facilitator who can look at your plan from an outsiders perspective.

Now you’ve got your plan, what do you do with it? Does it sit on the shelf and gather dust? I hope not, it should become a part of your daily operations. Security is not an event, it is a culture which must be trained into your whole team.

About Me.

I am a telco & internet entrepreneur, nerd wrangler and massive lover of bacon. I was involved in the investigation of and successful conviction of David Noel Cecil – “Evil, The NBN Hacker”.

This article is written from the experiences I had before, during and since the successful execution of Operation Damara. My experiences are from a telco perspective however they are just as applicable to corporate and government networks.

I currently work with several Australian Telco’s and IT businesses, developing Incident Response Plans and helping them ensure the ongoing continuity of their mission critical infrastructure.

If your organisation doesn’t have a strategy for dealing with internet security incidents, I would love to help you out!

Shoot me an email – david@hooton.org or grab me on Social Media for more information.

10 Tips on Preparing for & Responding to Internet Security Incidents

Every connected business will have an internet security incident at some stage in its life, most likely many more than one. Sadly most businesses are unaware that they have been compromised until disaster strikes or they are notified by external parties.

The good news is that if you do a few very simple things you can avoid disaster and help the police to catch those responsible.

Internet Security: YOUR Responsibility

Lets address a line that businesses and IT managers use when talking about internet security:

“I don’t have anything of value on my network, I don’t need to be worried”

Even a small business with 3 PC’s, no server and 3 mobile phones is valuable to someone looking for spare CPU cycles and connectivity for their botnet. If your data is boring and useless to anyone but you, think about the value that the equipment and network your boring data is stored on could bring to someone else with 99,999 other boring networks like yours in their control.

The other side to that coin is responsibility. If your network is compromised, you may well be providing a gateway for other corporate networks with much more exciting data (like your bank or credit card provider), leaving you responsible for someone else’s pain and anguish.

Put simply, we are all responsible for security on the internet. Doing anything other than the right thing can leave you personally responsible for the outcomes, you DO need to be worried.

Internet Security: Be Prepared

Over the next 10 weeks I am going to be writing a series of 10 tips to help you prepare for & respond to internet security incidents.

Here are my top 10 tips for Internet Security Incident Readiness:

  1. Have a Plan
  2. Have Good Backups
  3. Always be Patching
  4. Backup Logs are Your Friend
  5. Network Monitoring
  6. Keep a Day Book
  7. If you notice something, don’t act
  8. Call for Help
  9. Protect Yourself
  10. Front Foot

Follow me on Twitter, Facebook or Linked-in to receive my internet security tip series every Monday for the rest of the year.

About Me.

I am a telco & internet entrepreneur, nerd wrangler and massive lover of bacon. I was involved in the investigation of and successful conviction of David Noel Cecil – “Evil, The NBN Hacker”.

This article is written from the experiences I had before, during and since the successful execution of Operation Damara. My experiences are from a telco perspective however they are just as applicable to corporate and government networks.

I currently work with several Australian Telco’s and IT businesses, developing Incident Response Plans and helping them ensure the ongoing continuity of their mission critical infrastructure.

If your organisation doesn’t have a strategy for dealing with internet security incidents, I would love to help you out!

Shoot me an email – david@hooton.org or grab me on Social Media for more information.

Word Gravity

Gravity - It's the Law

Word Gravity
Newton’s law of universal gravitation states: “Every point mass in the universe attracts every other point mass with a force that is directly proportional to the product of their masses and inversely proportional to the square of the distance between them.” In short things of great mass attract other things more and more the heavier they get or the closer they get.

Words are no different. They control our whole lives and they have a gravity to them as well. The words you use and the way you use them attract or repel people and opportunities in exactly the same way that Newton describes gravity. If you talk about how hard life is, how everyone around you is trying to rip you off and how things never get better, I’m willing to bet that your life does exactly what you say. The same goes for the opposite, if you talk about how many awesome opportunities are coming your way, how great the people around you are and how much you’re looking forward to tomorrow, guess what is going to happen…

Steering Destiny
One of the first things you get taught when you’re learning to snowboard is that you go where you look. If you look at a tree, you hit a tree. If you look at a cute girl, you’re going to run her down. The police are trained to watch where someones eyes are looking when they are driving or in a hostile situation because that is the best possible way to tell what is going on in someones mind.

Attracting People
My mum used to tell me that you become like those that you hang around. She will be ecstatic to hear me telling you that she was right. People LOVE to be around other people who agree with them, how many people have you heard running around with an idea that they are looking to push, eventually landing in a group of people who agree with them regardless of how right or wrong that idea was? This is an excellent example of words attracting an outcome. If you have it in your head that you are going to be the hottest up and coming DJ in town, you’re going to talk like it and you’re going to wind up with a group of people who agree with you. If your words are saying that your life is hard and nobody understands you, you’re going to wind up surrounded by people who make your life hard and who agree that nobody understands you.

Social Media
Social media is where word gravity is especially powerful. Social media is an amplifier of peoples words, we share levels of detail about our lives that we have never been able to before, we literally have the whole world as our audience.

If you are a small business person, this is one of the greatest opportunities or dangers that has ever existed. You can literally build or destroy your business just by the words you choose. I have seen businesses which have built a loyal cult following of willing buyers before they even opened their doors, Shoes of Prey and Posse here in Sydney are a great examples of this (22michaels.com and @rebekahposse), they have chosen to use their struggles and learnings as a very powerful marketing and educational resource that has not only helped them make money, but has helped young entrepreneurs bypass the hurdles to their own success.

Challenge for this quarter

  1. Pick something you want to achieve that will make a big difference in your life.
  2. Have a look at what you’re saying about it. If you don’t have a good understanding of what you’ve been saying, ask someone close to you or look at your social media feeds.
  3. Write down your goal and share it (Important!!).
  4. Start to do whatever is required to make that change happen.
  5. Deliberately choose to talk positively about it for the next 3 months regardless of the setbacks.

My Goals
My goal for the next quarter is to get my back strong enough that I don’t have to keep my Osteopath rich. I’m excited about this because I have a bunch of friends who are going to help me and I know an awesome personal trainer.

So whats going on in your mind?
What do the words you broadcast to the world say about your future and the kind of opportunities you have coming to you?

You are what you say you are, tell me what you are!

Product Development – Perfection is the enemy of progress

Perfection is the enemy of progress
Perfection is the enemy of progress
Perfection is the enemy of progress

Perfection is the enemy of progress for all product development people and sadly its an enemy that many are losing their battle with. If you are a coder, hardware nerd, product developer, entrepreneur, anyone who creates products you really need to read this blog post by Andrew Chen and take it to heart.

It seems like the last year or so has increasingly thrown me into the path of people who have been afflicted by the self delusion, doubt and stalled products that Andrew’s article so eloquently discusses. This issue has become quite personal to me because I am watching so many smart people miss out on awesome opportunities with no good reason.

The first thing you need to take away from that article is that you and your customers see your products from totally different perspectives. What you see as a feature, they see as a bug and what you see as imperfection, they often don’t notice at all.

No product is a wild success on its first release. Product development requires trial, error, measurement and most importantly validation that the product is answering the needs of a large enough customer base for it to become commercially successful.

To do this you need customers! Real people who need and want your product. People who are going to give you real honest feedback in the most honest possible way – with their wallets.  If you believe that you are good enough to release a holy grail product without the failure and feedback that comes from having real customers using/breaking/loving/hating your product you’re crazy.

With the people I’ve met and spoken to so far, this behaviour comes from some or all of the following:

  • Fear of criticism
  • Lack of confidence
  • Lack of perspective
  • Inflexible assumptions

Imagine if you ran your product development process in a way that makes you the subject matter expert on your product.  You’ve spent time with and developed a group of people from your clearly defined target market (You do have one don’t you?). They have told you what ails them and what they would pay for a solution to that problem. You have bounced ideas off them and come up with a minimally featured non working pre-alpha product. They have provided you with feedback which helped you to modify your plans and release a working alpha product which they are even prepared to pay you for!  Success is surely not far off.

In this imaginary world the fears, lack of perspective and inflexible assumptions of the people I’ve been meeting don’t materialise. This is because you’ve stopped and taken the time to ensure that you’re building the right product.  You have confirmed that the problem you’re solving actually exists. You’re no longer spending your life justifying your own opinions because you know what you’re talking about and have evidence to back it.

The only thing that involving your customers doesn’t fix (at least initially) is lack of confidence. Getting out of the office and talking with customers is a critical process. Every single person who creates things must do it regularly in order to remain relevant in their role. Once you’ve done it a few times it becomes easy, you will find that the people you’re talking to become excited to talk with you because you’re helping to make their lives easier.

People with stuck or failing products more often than not have an ad-hoc and unplanned product development process and they are almost always so consumed with “doing stuff” that they miss the point of why they are building the product in the first place – to serve their customers needs. This never ends well.

If you have a product thats stalled, stop working on it now! Get out of your mums basement! Go and visit your customers! This does not mean jump on IRC and ask your mates what they think, or to email a couple of customers asking their opinion. It means physically going out to have a cup of coffee with your customers.

If you don’t know what to say, tell them you’re working on new products for your company and you’re looking for ways to make your customers lives easier. Ask them what makes their job hard or uncomfortable. Don’t offer solutions, just listen and take notes, your customers will know what you should be doing.

If you’re stuck and you need a hand breaking out of a project that just won’t finish, I have helped a bunch of businesses take products out of their mothers basements and release them into the real world. I can help you too – drop me a line.

Networking – Simple advice on a scary topic

Networking

NetworkingThe one thing that seems to make the hairs on be back of every nerds neck prickle is networking.  I don’t mean the act of making two or more computers talk to each other (cos all healthy nerds love doing that), I mean the act of getting out there and talking to actual human beings in a professional setting.

Networking is an essential tool in any business persons arsenal. If you’re going to be successful at what you love doing, you need to be able to communicate about the passion you have for your product and how it is going to change the lives of the people you’re talking to.  For that communication to be as effective as possible, you need to be able to connect with others effectively, enter networking skills.

Have a read, this stuff isn’t hard, its not always an intuitive process, but it gets easier the more you do it!

Have you tried these tips? Is networking something you find difficult? Let me know your thoughts in the comments section below.

 

Overcoming isolation – The top 10 challenges faced by a sole trader

Isolation

IsolationThe guys at Startup Smart have just published a great article on working as a sole trader. In it they talk about the major reasons why working on your own creates an environment that attracts failure and most importantly, they also talk about how to act in order to avoid failing.

This is a great article, these issues are real problems for the owner/operator and are not often understood by friends, family and others who are watching startups and small business people.  Know your enemy – and in this case time management, accountability, isolation and motivation are among the largest enemies to your success.

Great Article! 10 challenges faced by sole traders: http://www.startupsmart.com.au/sole-trader/top-10-challenges-faced-by-sole-traders.html

Did this article help you? What have your experiences been?