Whereas Tonis Zafiropoulos, E.I.T., dutifully and meritoriously performed in the position of Co-Chairman, MSPE Information Technology Task Force.

Wheras: you have gone the EXTRA MILE for the Missouri Society of Professional Engineers in your endeavors, and its members are exceedingly grateful and wish to recognize the achievements you have made on their behalf.

This award was given because we(other co-chair was Bob Becnel) talked the MSPE organization into grabbing the domain name back in the mid nineties (1996 or so). As you can see is Missouri not MN, or MD, or MS.

Saint Louis Metropolitan area Phone: 314-504-3974 Tony Zafiropoulos - tonyz"at"
Book on Innovating with IT - Tony Zafiropoulos 01/13/2013 - Have outline and a couple of thousand words. --- TonyZ Resume
LinkedIn profile --- Twitter Feed Fixvirus

Here are all the posts from 2011 and 2012:

Be careful what you wish for: Microsoft is Cloud Expanding their product line. Including Windows Azure

Also Windows Azure Virtual machines are in the mix. It looks like Microsoft is trying to be accomodating for Linux instances.

what I did not see is an emphasis on security. And we all know Microsoft is more interested in functionality rather than security.

So buyer beware


What does it mean when one says "it is good to audit IT"?
What if it is a cloud based service - SaaS (Software as a Service)
How to audit software?

Use tools when possible to check password tables. the username and password combination is typically the first line of defense.

If there are online database queries then there must be checks on the SQL database as well. Protecting against SQL-injection attacks is important.

Each company situation is different as they have different configurations.

Acceptable risk levels are also important to consider.


IaaS = (Infrastructure as a Service) is different than SaaS (Software as a Service).

Thus, some of the key factors for management when choosing the IaaS provider are flexible performance (including scalability) and availability while achieving physical and virtual security needs. Breaking down IaaS:

  • Connectivity
  • Network services and management
  • Compute services and management
  • Data storage
  • Security

    So there can be tax advantages to not owning your own computer infrastructure. since now there is no morecapital expenditure only service.
    The IT challenges are different for IaaS.


    cloud Security is the topic today... With the has some interesting points to bring up.

    Let's define a few terms:
    First: a Cloud is an application that sits on someone elses computer infrastructure. So to make sure it is secure, one needs to know the security policies in place on the vendor with the infrastructure.

    Second: your application must have security policies in place, with password restrictions on the administrator account, including changing the password periodically (every 90days)

    Third: check the application for SQL server and script bugs which would allow unauthorized access into the system. This is a tricky analysis, as what is the correct level of security on an application? A good analyzer needs to evaluate this process and ensure that no untoward actions happen on the system.

    I will revisit this as time permits...


    When reviewing your company security procedures, the password policy is the most important aspect. As this article by arstechnica says:

    Specifically... { "The danger of weak password habits is becoming increasingly well-recognized," said Brooks, who at the time blogged about the warnings as the Program Associate for the Center for Democracy and Technology. The warnings, he told me, "show [that] these companies understand how a security breach outside their systems can create a vulnerability within their networks."

    The average Web user maintains 25 separate accounts but uses just 6.5 passwords to protect them, according to a landmark study (PDF) from 2007. As the Gawker breach demonstrated, such password reuse, combined with the frequent use of e-mail addresses as user names, means that once hackers have plucked login credentials from one site, they often have the means to compromise dozens of other accounts, too.}

    All of us have many usernames and passwords to keep track of:

  • Network
  • Home email
  • bank1
  • cell phone co
  • bank2
  • internet co
  • school acct
  • credit card co1
  • credit card co2
  • internet company accts
  • website accts

    08/23/12 Use an encrypted password program - learn how to use it to keep your passwords safe... like KeePass

    What is six sigma?

    A Black Belt is someone who teaches six sigma. Sigma is a statistical term that explains what the variation from the average is like. Essentially 2 Sigma is 95.4 within the average (mean). 6 sigma is 99.9999 within the average. So the idea is to have as few defects (or variations) as possible to reduce the problems in a process.

    Here is an interesting tidbit from the website: {According to the Six Sigma Academy, Black Belts save companies approximately $230,000 per project and can complete four to 6 projects per year}.

    That is the reason six sigma is important and saves money.


    Why should a business audit their computers and networks? Besides giving a SPOE (Second Pair Of Eyes) a security audit can help keep a breach or other catastrophe at bay.

    itsecurity.comhas a list of audit tasks:

  • Who is in charge of security? what are the processes of security breaches?
  • How are passwords created and managed
  • Who accesses audit logs and how often?
  • What are the security practices of computer systems and Operating systems
  • Are applications audited? Are the unnecessary applications purged periodically?
  • What are the backup procedures? Has it been tested?
  • How is email security taken care of?
  • How is web security resolved?
  • Wireless security?
  • Have remote workers have been covered by the security policies?
  • How are code changes documented?


    what is a good anti-virus program? I used to use Norton (Symantec product), or McAfee, also tried AVG as an anti-virus product. The problem is when a new virus comes into the "wild" Internet and for some reason your computer downloads it. the Anti-virus programs can not protect you from that threat.

    Kaspersky is a good program, but it is too intrusive in my opinion.

    I am currently installing Microsoft Security Essentials (free) Download it here on many computers I manage.

    In case you bumped into my website looking for anti-virus advice ;)...
    Here is the review of anti-virus software. And most interesting is that the Mac platform now has anti-virus software. PCMag likes Norton Anti-virus 2012.

    One thing that I would definitely do if you are going to buy anti-virus software, make sure you are updating the whole software engine and not just paying year after year for definition file updates.


    This picture shows the different philosophies of where to place the IPS device:

    This is a Corero image - and on the left the Corero method of installing an IPS (before the firewall).


    Corero IPS solution has an interesting take on where the IPS should be placed.

    Corero believes their IPS should be placed outside of the firewall, inbetween the firewall and the ISP router.

    Many other professionals I have talked to believe this will create too high of a vulnerability, I guess we believe in the firewall acting as perimeter defense.


    Checkpoint has an IPS/firewall unit

    The UTM-1 Edge N Series has 6 ports and 1Gbps throughput at about $700, it seems to be decent system for a small business with a small budget.


    Microsoft Security Advance Bulletin Link
    3 business days before patch Tuesday (2nd Tuesday of the month) the advance bulletin explains what will be updated (on 10/11/11)

    From Microsoft links:

    Bulletin ID-- Maximum Severity Rating and Vulnerability Impact ------------------------- Affected Software

  • Bulletin 1 Critical--- Remote Code Execution----------------------------------------- Microsoft .NET Framework, Microsoft Silverlight
  • Bulletin 2 Critical--- Remote Code Execution------------------------------------------ Microsoft Windows, Internet Explorer
  • Bulletin 3 Important-- Remote Code Execution---------------------------------------- Microsoft Windows
  • Bulletin 4 Important-- Remote Code Execution---------------------------------------- Microsoft Windows
  • Bulletin 5 Important-- Remote Code Execution----------------------------------------- Microsoft Windows
  • Bulletin 6 Important-- Remote Code Execution---------------------------------------- Microsoft Forefront Unified Access Gateway
  • Bulletin 7 Important-- Elevation of Privilege------------------------------------------ Microsoft Windows
  • Bulletin 8 Important-- Denial of Service----------------------------------------------- Microsoft Host Integration Server

    Always good to know what is coming in a few days. These patches must be applied to prevent vulnerabilities in the code being taken advantage of.


    In choosing an Intrusion Prevention System keep the following 7 things in mind:
    1) Placing the IPS in the right place is very important - (behind a firewall) it has to have a significant chunk of traffic so as to inspect and protect your network.

    2) Set up or configure the IPS with the proper tuning parameters which is dependent on your network configuration (protecting web server farm for example)

    3) Remember to keep in mind the availability of your network, as the IPS can have problems as well (IBM's IPS had bypass units), in case of a reboot or other issue what should the network availability be?

    4) Create a way to test new blocking parameters before using on the production network environment

    5) Training and testing on the IPS is a useful and even mandatory in todays network needs

    6) Frequent upgrades require testing on a test environment - may be expensive but necessary as the systems need proper vetting before trying new tags and blocking tests.

    7) Process improvements are necessary - keep improving the train, test, and production implementation.


    TippingPoint is HP's line for Intrusion Prevention systems

    The N platform bundles have 10Gbps throughput capabilities.

    HP has not mentioned that it would get out of this business (unlike their PC line).

    The technical datasheet for HP TippingPoint.


    Sourcefire is another company that makes IPS units. Of course snort is also on their site, as they are involved in the open source snort IDS project.

    I used snort almost right after it was put together (1998 by Martin Roesch) around 2000 I downloaded it and ran a honeypot on my network.


    McAfee IPS systems website link

    A little snippet from McAfee datasheet:

    Protect your systems

    Proactive protection for unpatched systems
    Proactive protection for zero-day attacks
    System-aware intrusion prevention system (IPS) with McAfee ePO integration
    Host IPS/virus/spyware event visibility


    Here is Juniper Network IPS systems Products page

    Juniper Product IDP800 ,

    I am including this since it is the comparison with the GX5 series from IBM: IDP800 specs.

    with a 1Gbps throughput.


    Very important link to read through: IPS Intrusion FAQ

    About the different IPS systems from 6 different vendors: Cisco, McAfee, Juniper, IBM, Sourcefire and TippingPoint.

    This is definitely an interesting sentence: "These same six providers also rank highest in terms of their effectiveness on the latest Gartner report, although CIsco and IBM are considered to be challengers to the market led by the other four vendors."

    So it definitely should be read as a good overview.


    Here is a link to one of the Cisco IPS systems:
    cisco IPS solutions

    the National institute of Standards and technology have a paper on IPS systems: NIST paper


    this is a picture of a racked GX5008 and bypass unit. Bypass on top of the IPS in the rack.

    Notice that the lower Green cables on the bypass (the application ports) connect to the IPS.
    the upper cables are the network side and connect to the two devices that the IPS will inspect traffic.
    The reason the bypass device is there to ensure uptime for the network inspection link. Just in case the IPS device GX5008 has a serious problem, there is a physical 'bypass', and will of course not inspect any traffic, but there is no downtime for your network link.
    When rebooting the GX5008, there will be momentary loss of network as the bypass takes over, but the network will come back in seconds.

    Although some of the newer units like the GX6116(16 interfaces or 8 links) has a built-in bypass. Also has 5Gbps processing ability.
    For comparison the GX5008 has 1Gbps, and the GX4004 has 200Mbps throughput.


    Here is a picture of one of the IPS systems I was working with :

    Here is a wholesaler who sells GX4004 Proventia systems Proventiaworks.

    The system is actually one of the smaller systems, and only has copper interfaces. So if you need fiber, you have to go with the GX5000 series systems, and they come in many different flavors.
    Also worked with the GX5008, GX5108, and GX5208 systems.


    I am a member of the an auditing organization
    The organization's history link.
    formerly the Information Systems Audit and Control Association.

    there was an interesting Oracle presentation at the SecureWorldExpo at Americas center - downtown Saint Louis.


    Recently purchased an Evo Shift (an Android based Smart phone). With this purchase I looked into how to backup the phone data. I know the purchased apps get repopulated as they are connected to your Google account.

    Since SMS messages do not get backed up consider getting: SMS Backup application backups your SMS messges to your Google account.
    Also another app if you want to transfer your current SMS messages to another phone (in case of an upgrade or a replacement) SMS Backup and Restore

    Have been busy with a long project for an unnamed company:

    Managing Proventia Network Intrusion Prevention Systems (NIPS) by ISS - Internet Security Systems. Actually IBM has purchased ISS, so these are IBM devices now.

    Essentially these are inline network devices. they inspect all network traffic in layer 2.

    Running Linux CentOS, with proprietary systems for the inline network inspection software system.
    Here is a reseller with the GX5108, which can inspect more than 1GB/s
    Tony Zafiropoulos