Hey, I love professors as much as the next Information Security guy working for a University, but sometimes they do silly things. When we first started using Microsoft System Center Configuration Manager (SCCM) to manage our machines we encountered one of those silly things. We had created an Operating System Deployment (OSD) task sequence and advertised it to a collection of computers. When the advertisement went out, a small bubble notification showed up on people's computer telling them that software was available. One of our professors clicked on that and saw our OSD task sequence. The professor then proceeded to ignore all the warnings about lost data and ran the task sequence. He was shocked when his computer rebooted itself and reinstalled everything.
Our response to this was to turn off program notification across the board to make sure this didn't happen again. That of course created other problems when we actually WANTED to notify users about programs or restart options.
But now after scouring the Internet, a solution has presented itself. And since it took me more than 15 minutes to find it, I feel obligated to put the answer on my blog for others to see. So here is how you can advertise a task sequence to all your computers without bubbles showing up and without risk of the users running the task sequence from Run Advertised Programs.
Step 1, create your task sequence and save it. Then right-click on the task sequence and go to Properties. On the advanced tab, select the options so that the task sequence can only run on some flavor of operating system that you're not planning to deploy. Since we only use task sequences to push Windows 7 and Windows XP, I selected Windows Server 2003 64 bit.
Step 2, advertise your task sequence to collections that are full of end user workstations. The machines will get the advertisement and reject it because they aren't running Windows Server 2003 64 bit.
The magic that makes this work is that when you use PXE to boot your machines or if you use boot media to start your task sequence, it ignores the operating system settings that we did in step one. Thus you can pxe boot a machine and see the OSD task sequences, but you don't have to worry about end users accidentally running one of them from Run Advertised Programs.
Showing posts with label information. Show all posts
Showing posts with label information. Show all posts
Friday, July 9, 2010
Wednesday, June 25, 2008
Information Security Jedi: Dark Side Beings
I've been running a series of blog entries comparing the practice of information security in our world to the Jedi order of the Star Wars Universe. In my previous post I talked about the light side beings of the Star Wars Universe, namely the various ranks of the Jedi order. This time I'd like to talk more about the dark side of the Force and the beings that make use of it.
The dark side of the Force is basically the evil side. It is the side of the force that is associated with anger, aggression, fear, and suffering. The powers of the dark side are typically attack oriented. For example, a Jedi might master battle techniques that focus on rallying the troops, healing people, or enhancing their own physical abilities. A dark side being might master battle techniques such as choking an opponent, shooting lightning at an opponent, or literally draining the life from an opponent.
So who were the dark side beings in the Star Wars Universe? Well there were several. The dark side equivalent of the Jedi order would be Sith, which has many parallels with the Jedi. But if you thought the Jedi were few in number, then you'll be shocked at the small number of Sith. Most of the time there were only two of them because of the Rule of Two. It turns out that when Sith really enjoy killing the hell out of each other, so when you get Sith in sufficient numbers they start killing each other and they can't focus on killing Jedi. So a bad dude named Darth Bane made up a rule that there would only be two Sith at a time. The Master and the Apprentice. That way they could focus on killing Jedi and they wouldn't spend as much time killing each other.
There were other dark side users that a Jedi had to fear besides just the Sith. The dark side of the Force tempts everyone that is sensitive to the Force, and the stronger you are with the Force, the stronger the call of the dark side will become. So one thing the Jedi had to deal with were other Jedi that fell to the dark side. They didn't formally join the Sith, but they did become corrupted and became a threat to the galaxy.
You see, the thing you have to know about the dark side is that if you give in to the temptation to use the dark side, then the call of the dark side becomes even stronger. Since you gave in to the dark side at the previous level of temptation, you now face an even greater probability of falling to the temptation a second time. And a third, and a fourth and so on. Eventually, a person can become addicted to the power of the dark side. Then some Jedi has to say "hey man, that's not cool! You need to quit with all the dark side stuff." The the corrupted Jedi says "hey screw you man, you don't know me!" Then they fight, and one of them dies.
Then there were people that were sensitive to the Force but had never been formally trained in the ways of the Force. So they usually developed a few powers that made them a threat to other beings in the galaxy and the Jedi would have to come in and deal with them.
Now that we've talked about the dark side users in the Star Wars Universe, let's talk about the dark side users in the information security field. I think it's best to work from the bottom up on this one, so lets look at the force sensitive dark side users that have not been formally trained. I think it's not a stretch to compare these to the script kiddies that we have to deal with today. Script kiddies discovered that they have some interest in information security, but without guidance they have turned to the dark side of the Force to learn more about information security. Another untrained dark side user is the curious user on your network. They go snooping around and might damage systems in the process. For the most part, a well trained Jedi or Padawan should be able handle a script kiddie, but it would be foolish and arrogant to stop seeing them as a threat. A script kiddie can and will hurt you. They will develop more skills and because they are addicted to the dark side, they will destroy your networks just to prove to themselves that they can.
What about the dark Jedi; the ones that were once followers of the light and became corrupted? I think this is the information security professional that starts using the dark side to police the networks that he was assigned to protect. Have you ever been tempted to search a users private folders for contraband without following proper procedure? Maybe that worked for you, so now you start gathering tcpdumps of people's computers without permission (which is an illegal wiretap). Soon you've become a security threat that needs to be dealt with. Sometimes a dark Jedi can be redeemed, other times they have to be fired.
Now we start talking about the really serious threats, the Sith. In the Star Wars Universe there were only two of them at a time, but in our world there is an army of them. I like to think of the Sith Apprentices as the professional hackers that create malware, run botnets, and steal identities. They are only interested in gaining more power and money, just like a Sith lord, and they are very powerful. They will use elements of the Force not used by the dark Jedi and they will use every avenue of attack available to them. They will destroy your network if they believe that they can make more money doing so. Also, don't let yourself be fooled into thinking that a Sith Apprentice is less of a threat than a Sith Master. A well trained Sith Apprentice can be nearly as powerful as his Master, and should be dealt with as carefully as the master.
Sith Masters are rare in our world, but not as rare as they are in the Star Wars Universe. A Sith Master is probably the most dangerous black hat hacker you will ever come across in your information security career. So what makes a Master? Well, much like being a Master Jedi, I think a Sith Master is basically a Sith Apprentice that has amassed so much power that he is recognized by Jedi and Sith alike as a Master of his trade. These are truly evil people that will steal the identities of millions of people and sell them for his own personal profit. He builds giant botnets that spew spam across the Internet, threatening to eliminate the utility of this network, just to put more money in his pockets. Just like a Sith Apprentice, these Masters will use any technique available to them to increase their power. The only difference is that they already have incredible power that they can bring to bear. I would like to also point out a particular kind of Sith Master that you should be particularly fearful of. I have mentioned that Sith Masters are the pinnacle of evil in the information security world. As a Jedi you would do well to remember that evil is a point of view, and sometimes you will be viewed as the evil one. Some Sith Masters are government-sponsored hackers that are not necessarily evil people. These hackers have incredible power because they are immune from prosecution and they have the resources of a government to help them identify vulnerable targets and new avenues of attack. I say that these people are not necessarily evil people because they are attacking your network in service to their government. Most of them would probably not drain the savings accounts of retired people just to put it in their own pocket.
Hopefully this information will help you to know your enemy. You should think carefully about the information that you protect and ask yourself what kind of dark side beings you're likely to encounter. Of course, you can never be sure that the person scanning your network isn't a Sith Master, but maybe you don't need to strip search the exterminator if you're only protecting the church mailing list. Remember the lessons of the Jedi Masters that have come before you, and always heed the warning that once you give in to the dark side of the Force, you have started down a dangerous path.
The dark side of the Force is basically the evil side. It is the side of the force that is associated with anger, aggression, fear, and suffering. The powers of the dark side are typically attack oriented. For example, a Jedi might master battle techniques that focus on rallying the troops, healing people, or enhancing their own physical abilities. A dark side being might master battle techniques such as choking an opponent, shooting lightning at an opponent, or literally draining the life from an opponent.
So who were the dark side beings in the Star Wars Universe? Well there were several. The dark side equivalent of the Jedi order would be Sith, which has many parallels with the Jedi. But if you thought the Jedi were few in number, then you'll be shocked at the small number of Sith. Most of the time there were only two of them because of the Rule of Two. It turns out that when Sith really enjoy killing the hell out of each other, so when you get Sith in sufficient numbers they start killing each other and they can't focus on killing Jedi. So a bad dude named Darth Bane made up a rule that there would only be two Sith at a time. The Master and the Apprentice. That way they could focus on killing Jedi and they wouldn't spend as much time killing each other.
There were other dark side users that a Jedi had to fear besides just the Sith. The dark side of the Force tempts everyone that is sensitive to the Force, and the stronger you are with the Force, the stronger the call of the dark side will become. So one thing the Jedi had to deal with were other Jedi that fell to the dark side. They didn't formally join the Sith, but they did become corrupted and became a threat to the galaxy.
You see, the thing you have to know about the dark side is that if you give in to the temptation to use the dark side, then the call of the dark side becomes even stronger. Since you gave in to the dark side at the previous level of temptation, you now face an even greater probability of falling to the temptation a second time. And a third, and a fourth and so on. Eventually, a person can become addicted to the power of the dark side. Then some Jedi has to say "hey man, that's not cool! You need to quit with all the dark side stuff." The the corrupted Jedi says "hey screw you man, you don't know me!" Then they fight, and one of them dies.
Then there were people that were sensitive to the Force but had never been formally trained in the ways of the Force. So they usually developed a few powers that made them a threat to other beings in the galaxy and the Jedi would have to come in and deal with them.
Now that we've talked about the dark side users in the Star Wars Universe, let's talk about the dark side users in the information security field. I think it's best to work from the bottom up on this one, so lets look at the force sensitive dark side users that have not been formally trained. I think it's not a stretch to compare these to the script kiddies that we have to deal with today. Script kiddies discovered that they have some interest in information security, but without guidance they have turned to the dark side of the Force to learn more about information security. Another untrained dark side user is the curious user on your network. They go snooping around and might damage systems in the process. For the most part, a well trained Jedi or Padawan should be able handle a script kiddie, but it would be foolish and arrogant to stop seeing them as a threat. A script kiddie can and will hurt you. They will develop more skills and because they are addicted to the dark side, they will destroy your networks just to prove to themselves that they can.
What about the dark Jedi; the ones that were once followers of the light and became corrupted? I think this is the information security professional that starts using the dark side to police the networks that he was assigned to protect. Have you ever been tempted to search a users private folders for contraband without following proper procedure? Maybe that worked for you, so now you start gathering tcpdumps of people's computers without permission (which is an illegal wiretap). Soon you've become a security threat that needs to be dealt with. Sometimes a dark Jedi can be redeemed, other times they have to be fired.
Now we start talking about the really serious threats, the Sith. In the Star Wars Universe there were only two of them at a time, but in our world there is an army of them. I like to think of the Sith Apprentices as the professional hackers that create malware, run botnets, and steal identities. They are only interested in gaining more power and money, just like a Sith lord, and they are very powerful. They will use elements of the Force not used by the dark Jedi and they will use every avenue of attack available to them. They will destroy your network if they believe that they can make more money doing so. Also, don't let yourself be fooled into thinking that a Sith Apprentice is less of a threat than a Sith Master. A well trained Sith Apprentice can be nearly as powerful as his Master, and should be dealt with as carefully as the master.
Sith Masters are rare in our world, but not as rare as they are in the Star Wars Universe. A Sith Master is probably the most dangerous black hat hacker you will ever come across in your information security career. So what makes a Master? Well, much like being a Master Jedi, I think a Sith Master is basically a Sith Apprentice that has amassed so much power that he is recognized by Jedi and Sith alike as a Master of his trade. These are truly evil people that will steal the identities of millions of people and sell them for his own personal profit. He builds giant botnets that spew spam across the Internet, threatening to eliminate the utility of this network, just to put more money in his pockets. Just like a Sith Apprentice, these Masters will use any technique available to them to increase their power. The only difference is that they already have incredible power that they can bring to bear. I would like to also point out a particular kind of Sith Master that you should be particularly fearful of. I have mentioned that Sith Masters are the pinnacle of evil in the information security world. As a Jedi you would do well to remember that evil is a point of view, and sometimes you will be viewed as the evil one. Some Sith Masters are government-sponsored hackers that are not necessarily evil people. These hackers have incredible power because they are immune from prosecution and they have the resources of a government to help them identify vulnerable targets and new avenues of attack. I say that these people are not necessarily evil people because they are attacking your network in service to their government. Most of them would probably not drain the savings accounts of retired people just to put it in their own pocket.
Hopefully this information will help you to know your enemy. You should think carefully about the information that you protect and ask yourself what kind of dark side beings you're likely to encounter. Of course, you can never be sure that the person scanning your network isn't a Sith Master, but maybe you don't need to strip search the exterminator if you're only protecting the church mailing list. Remember the lessons of the Jedi Masters that have come before you, and always heed the warning that once you give in to the dark side of the Force, you have started down a dangerous path.
Wednesday, June 18, 2008
Jedi of Information Security: The Force
Obviously you can't really have a discussion about the Jedi without talking about the Force. In this post I'd like to talk about the nature of the Force and how that compares with the practice of Information Security.
In the Star Wars Universe, the Force is an energy that creates life and is in turn created by life. It surrounds all living things and binds the whole galaxy together. Individuals that are sensitive to the Force are able to tap into this energy to perform various feats, such as gaining knowledge of the future, moving objects, and healing people's bodies.
The Force was known to have two sides: the light side of the Force (which was typically just called the Force) and the dark side of the Force. The Force was associated with being passive, compassionate, and good while the Dark side was associated with aggression, power, anger, and pain.
Obviously in our world there is no such thing as the Force, although there is at least one church that I've heard of where people worship the Force. When we're talking about Information Security we're also not talking about a galaxy and we don't have an energy field that binds us all together. So what would be the equivalent to the Force when we compare the Jedi to Information Security practitioners?
My answer is that information is the Force in our world. Information is something that we all have. It is the one thing I can think of that binds all of our users and computer systems together. Like the Force, information can be used for both good and evil purposes, and if you gather enough of it you can perform incredible feats, even moving objects with your mind.
Like many religious orders, the Jedi were not all in agreement about the nature of the Force. One thing that the Jedi could not agree on was whether or not the Force was a sentient, thinking being, or just an energy field that was part of nature. Make no mistake, all Jedi respected the Force, but not all of them believed that the Force had a will of its own. For the most part, we can say that this is not true of information. I doubt that there are many of us that believe that the information that we hold has it's own agenda and is capable of its own thought, however it should be noted that there are some that believe that information wants to be free, in other words expressing that information is capable of desire at least in a figurative sense.
Another view of the Force that was not agreed upon was the concepts of light side and dark sides. Some Jedi believed that the Force didn't have good and evil powers, there was only the intentions of the practitioner. In this case I think we can again say that information does not have a light side and a dark side. So if we were Jedi of the Old Republic we would have been tossed out for being heretics!
The biggest parallel I see between information and the Force is that in both our Universe and the Star Wars Universe having strength with the Force places you in a higher social status than beings who are not. A Jedi was not likely to end up being a Nerf herder in the Star Wars Universe. In our world humans and apes have nearly identical DNA, and we are far weaker than apes in most physical characteristics. However, because we are able to collect, interpret, and create information better than apes my wife doesn't have to pick bugs off of my body and eat them. Even among humans, we mostly agree that being smart is preferable to being dumb.
One mistake that is frequently made when a person uses a metaphor to explain something is attempting to stretch the metaphor too far or force concepts to fit within the metaphor. I want to try to avoid this by pointing out places where my Jedi metaphor of information security doesn't fit. In this case, I don't think it quite fits that Jedi use the Force for knowledge and defense to protect people and the Republic. Information security practitioners use information to protect other information. Jedi do not use the Force to protect the Force. I'm only bringing this up to point out that my comparison of information to the Force is not perfect. For now, this is what I'm going to go with unless I think of a more appropriate comparison. Now that you have an understanding of the Force as it pertains to information security, we can start talking about the people that use the Force, and what the Force is used for.
In the Star Wars Universe, the Force is an energy that creates life and is in turn created by life. It surrounds all living things and binds the whole galaxy together. Individuals that are sensitive to the Force are able to tap into this energy to perform various feats, such as gaining knowledge of the future, moving objects, and healing people's bodies.
The Force was known to have two sides: the light side of the Force (which was typically just called the Force) and the dark side of the Force. The Force was associated with being passive, compassionate, and good while the Dark side was associated with aggression, power, anger, and pain.
Obviously in our world there is no such thing as the Force, although there is at least one church that I've heard of where people worship the Force. When we're talking about Information Security we're also not talking about a galaxy and we don't have an energy field that binds us all together. So what would be the equivalent to the Force when we compare the Jedi to Information Security practitioners?
My answer is that information is the Force in our world. Information is something that we all have. It is the one thing I can think of that binds all of our users and computer systems together. Like the Force, information can be used for both good and evil purposes, and if you gather enough of it you can perform incredible feats, even moving objects with your mind.
Like many religious orders, the Jedi were not all in agreement about the nature of the Force. One thing that the Jedi could not agree on was whether or not the Force was a sentient, thinking being, or just an energy field that was part of nature. Make no mistake, all Jedi respected the Force, but not all of them believed that the Force had a will of its own. For the most part, we can say that this is not true of information. I doubt that there are many of us that believe that the information that we hold has it's own agenda and is capable of its own thought, however it should be noted that there are some that believe that information wants to be free, in other words expressing that information is capable of desire at least in a figurative sense.
Another view of the Force that was not agreed upon was the concepts of light side and dark sides. Some Jedi believed that the Force didn't have good and evil powers, there was only the intentions of the practitioner. In this case I think we can again say that information does not have a light side and a dark side. So if we were Jedi of the Old Republic we would have been tossed out for being heretics!
The biggest parallel I see between information and the Force is that in both our Universe and the Star Wars Universe having strength with the Force places you in a higher social status than beings who are not. A Jedi was not likely to end up being a Nerf herder in the Star Wars Universe. In our world humans and apes have nearly identical DNA, and we are far weaker than apes in most physical characteristics. However, because we are able to collect, interpret, and create information better than apes my wife doesn't have to pick bugs off of my body and eat them. Even among humans, we mostly agree that being smart is preferable to being dumb.
One mistake that is frequently made when a person uses a metaphor to explain something is attempting to stretch the metaphor too far or force concepts to fit within the metaphor. I want to try to avoid this by pointing out places where my Jedi metaphor of information security doesn't fit. In this case, I don't think it quite fits that Jedi use the Force for knowledge and defense to protect people and the Republic. Information security practitioners use information to protect other information. Jedi do not use the Force to protect the Force. I'm only bringing this up to point out that my comparison of information to the Force is not perfect. For now, this is what I'm going to go with unless I think of a more appropriate comparison. Now that you have an understanding of the Force as it pertains to information security, we can start talking about the people that use the Force, and what the Force is used for.
Subscribe to:
Posts (Atom)