Saturday, July 4, 2015

Tabula Rosa Systems Blog For 7/4/15 - Happy Fourth Of July! - US Flag Etiquette

Posted by 
Nick Bert  in Ramblings from havanaherald.net
Thursday, July 2. 2015

With Independence Day Saturday, here’s a short course on U.S. Flag etiquette. Please have a safe and happy holiday.

Few of us know how to display an American flag properly; even fewer are aware of all the details of flag etiquette. It can get complicated, so we went to the source – the U.S. Flag Code – to find out the right way to handle Old Glory...

Many Americans think we are displaying our patriotic pride by wearing a U.S. flag on our sleeves, chests or elsewhere.

But the U.S. Flag Code prohibits wearing Old Glory on an article of clothing or printing its image on anything disposable, such as paper plates, napkins and
other picnic decorations.

Every day, many people violate Section 8d of United States Code Title 4, Chapter 1. Read on to learn the proper handling of the American flag…

When to Fly the U.S. Flag

Some people like to display flags 24 hours a day, year-round, but they may not be doing it right. Flag etiquette requires that a U.S. flag be properly illuminated at night and taken down during foul weather, unless it is made from all-weather material.

The American flag can be flown every day, but the government has designated certain days when flying it is especially important.

The U.S. Flag Code recommends that the flag fly from sunrise to sunset on the following holidays:
New Year’s Day, Inauguration Day, Martin Luther King Jr.’s Birthday, Lincoln’s Birthday, Washington’s Birthday, Easter Sunday, Mother’s Day, Armed Forces Day, Memorial Day, Flag Day, Independence Day, Labor Day, Patriot’s Day, Constitution Day, Columbus Day, Navy Day Veteran’s Day, Thanksgiving Day, Christmas Day.

More Flag Etiquette Tips

Here are more basic flag etiquette guidelines:
• An upside down flag is a distress signal.

• The flag of the United States should never be dipped to any person or thing.

• No flag should be torn, soiled or damaged in any way.

• No marks such as logos, insignias, letters, words, designs, or figures should be attached to the flag.

• The flag should never be used to carry or hold anything.

• Never use the United States flag for advertising. Its image should not appear on boxes, paper napkins, plates or anything made to be discarded.

• Do not use the flag for clothing or as a costume.

• The U.S. flag, when displayed with flags of other nations, should always be hoisted first and taken down last.

• Multiple flags of various nations should always fly at the same level during peacetime.

You can find out more about U.S. Flag etiquette, such as properly displaying it with other flags and at homes and businesses, flying it at half-mast, and proper disposal at various sites on the Internet. The information above came from lifescript.com.


==============================================================
**Important note** - contact our company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:

www.tabularosa.net

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications. 

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================

Tabula Rosa Systems Quotation Of The Day - Privacy And The Internet Of Things

As the Internet of Things grow, privacy will dramatically change forever. The quote below echos this.


Jim Farley, Ford Motor Company’s top sales executive, who is known for making off-the-cuff comments, told a panel at the CES: “We know everyone who breaks the law. We know when you’re doing it. We have GPS in your car, so we know what you’re doing.” Although he quickly added, “By the way, we don’t supply that data to anyone,” and later issued a full retraction, the comments, even if overblown and meant to be provocative, fueled the concerns. [NY Times, The Next Data Privacy Battle May Be Waged Inside Your Car, Jaclyn Trop, January 10, 2014]

==============================================================
**Important note** - contact our company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:

www.tabularosa.net

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications. 

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================

Friday, July 3, 2015

Tabula Rosa Systems Technical Term Of The Day - Strong Cryptography


Posted by
Margaret Rouse
Strong cryptography is used by most governments around the world to protect communications. It involves secreted and encrypted communication that is not amenable to cryptographic analysis and decryption to ensure it cannot be accessed by unauthorized entities.
Strong cryptography is secreted and encrypted communication that is well-protected against cryptographic analysis and decryption to ensure it is readable only to intended parties.
Network Security Visibility
Ensuring comprehensive network security visibility is no easy task. Uncover expert tips on how to improve network security visibility with network flow analysis tools, cloud security monitoring solutions, and anomaly-based monitoring technology.
Bottom of Form
Depending on the algorithms, protocols and implementation, a cryptographic system may be vulnerable to analysis, leading to possible cracking of the system. The ideal is an unbreakable system of which there is just one well known example: the one-time pad. The one-time pad is a system in which a randomly generated single-use private key is used to encrypt a message. The message is then decrypted by the receiver using a matching one-time pad and key. The challenge in this system is exchanging pads and keys without allowing them to be compromised.
Strong cryptography is used by most governments to protect communications. While it is increasingly available to the general public, there are still many countries where strong cryptography and encryption are kept from the general public, justified by the need to protect national security.
While the definition of strong cryptography in general may be broad, the The PCI Security Standards Council defines strong cryptography requirements for use in the payment card industry (PCI) specifically:  
“Cryptography based on industry-tested and accepted algorithms, along with strong key lengths (minimum 112-bits of effective key strength) and proper key-management practices. Cryptography is a method to protect data and includes both encryption (which is reversible) and hashing (which is not reversible, or “one way”). At the time of publication, examples of industry-tested and accepted standards and algorithms for minimum encryption strength include AES (128 bits and higher), TDES (minimum triple-length keys), RSA (2048 bits and higher), ECC (160 bits and higher), and ElGamal (2048 bits and higher).”
Demonstrating the strength of a given cryptographic system is a complex affair that requires in-depth consideration. As such, the demonstration is best achieved by a large number of collaborators. Planning tests, sharing and analyzing and reviewing of results are best conducted in a public forum.
This was first published in June 2015
Contributor(s): Matthew Haughn

==============================================================
**Important note** - contact our company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:

www.tabularosa.net

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications. 

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================

Tabula Rosa Systems Blog For 7/2/2015 - How Can Hospitals Protect Their Medical Equipment From Malware?



How can hospitals protect their medical equipment from malware?
 ==========================================================
Some scenarios sound like something out of a Tom Clancy novel, but are completely plausible
  
Adam Winn, June 26, 2015 healthcarenews.com

The challenges in protecting hospitals from cyber attacks are very similar to those faced in ICS and SCADA environments; the equipment used in hospitals is not user-serviceable and therefore often running out-of-date software or firmware. This creates a dangerous situation where:

The devices have known vulnerabilities that can be easily exploited by bad actors

Administrators are not likely to notice malware running on the device as long as nominal operation is maintained

The end goal of bad actors infecting a medical device is to use it as an entry and pivot point in the network. Valuable patient records are not likely to be present on the medical devices, but those devices often have some level of network connection to the systems that do contain patient records.

What exactly is a bad actor likely to do after getting a foot-hold on the network? Move laterally to find patient records that can be used for:
·         Identify theft
·         Blackmail
·         Steal research data for financial gain
·         Deploy ransomware like Cryptolocker, effectively crippling the facility unless a bribe is paid
·         Trigger widespread system malfunctions as an act of terrorism
·         Carry out a 'hit' on a specific patient
The first three items are strictly motivated by financial gain, and this has been the extent of observed attacks to date. The fourth item seems possible but unlikely, either due to morals or the relatively higher value of attacking other targets like power plants or defense facilities. The fifth item hasn't been detected yet, but that doesn't exclude the possibility that it has happened. Carrying out a silent assassination with malware would be very hard to trace back to the attacker, and could even be sold as a service (similar to DDoS as a service).

The scenario for number 5 sounds like something out of a Tom Clancy novel, but it is completely plausible. The attacker (or entity paying for the attack) would only need to know the target, have knowledge of an upcoming procedure, and know where the procedure was to take place. One caveat is that identifying which device(s) would be used with that patient, and when, could be difficult but not impossible to know.#

Real-world vulnerability examples
Billy Rios, a security researcher, recently went public with a vulnerability that affects drug pumps and could potentially be exploited to administer a fatal dose of medication to a patient. Rios notified the DHS and FDA up to 400 days ago about the vulnerability and saw no response, so he went public to put pressure on the manufacturer to fix the issue. Faced with the reality that some medical equipment manufacturers do not invest in securing their devices from exploitation, the onus of security therefore falls on the users of such equipment.

This discovery shows a real-world example of how a cyber attack could affect a medical device and potentially endanger lives. There is no question that this type of threat needs to be taken seriously. The real question is, how can hospitals effectively protect devices such as these?

It's clear that installing antivirus software on medical equipment is impractical and basically impossible. Furthermore, healthcare IT are relatively helpless to patch the software and firmware running on these devices. So considering those vulnerabilities, and the difficulty in remotely scanning these devices, the best solution is simply to prevent malware from ever getting to these devices. Thankfully this challenge has already been solved in ICS and SCADA environments.

In a recently profiled attack on hospitals, one of the infection vectors was thought to be a technician visiting a compromised website on a PC with direct access to a picture archive and communication (PACS) system. The report details that the malware was detected but not before infecting the PACS system. Due to the nature of the system it could not be scanned for malware, let alone cleaned. It was then used as a pivot point to find a system with medical records that could be exfiltrated back to the attacker.

Medical facilities share vulnerabilities with SCADA and ICS, so why shouldn't they also share protection mechanisms? Critical infrastructure providers, especially power plants, often make use of air-gapped networks as a very effective defense mechanism. Taking the above story as an example, the PC with a web browser and internet access should not have also had access to PACS. This simple step would have stopped the infection from doing any damage at all. If, for example, the technician needed to download something from the internet and transfer it to PACS then it would have to be transferred onto the air-gapped network.

How sanitization of the operating room compares to preventing cyber infections
Hospitals and their staff are very accustomed to preventing the spread of biological infections and they must now apply similar levels of prevention to preventing the spread of cyber infections. Defending against cyber infections, by comparison, is much easier. The medical industry isn't alone in fighting this threat – they don't have to invent new techniques for preventing infection, they simply need to adapt the proven strategies employed by other industries.

Simply employing an air gap doesn't guarantee security. The point of the air gap is to create a point through which data movement is carefully controlled. Additional measures must be employed to ensure that pathogens are not allowed access. In medicine these measures consist of removing foreign material with soap and water, and disinfecting with various antimicrobial agents. It's not practical to scan doctors and nurses for bacteria, so every surface is assumed to be contaminated until sufficiently cleaned and disinfected. The control point in a data flow is comparatively easier to maintain, as there are techniques for quickly finding infections on media moving through the air gap. For extra protection, any files deemed 'clean' can still be disinfected to completely eradicate the possibility of a threat doing undetected.

==============================================================
**Important note** - contact our company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:

www.tabularosa.net

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications. 

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================

Thursday, July 2, 2015

Tabula Rosa Systems Blog Of 7/2/2015 - Cisco Releases Security Update

National Cyber Awareness System:
07/01/2015 04:17 PM EDT

Original release date: July 01, 2015
Cisco has released a security update to address a vulnerability in versions of the Unified Communications Domain Manager Platform Software prior to 10.x. Exploitation of this vulnerability may allow a remote attacker to take control of the affected system.
US-CERT recommends that users review the Cisco Security Advisory and apply the necessary update.
==============================================================
**Important note** - contact our company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:

www.tabularosa.net

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications. 

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================

Wednesday, July 1, 2015

Tabula Rosa Security Bulletin - 7/1/2015 - Apple Releases Security Updates for QuickTime, Safari, Mac EFI, OS X Yosemite, and iOS


National Cyber Awareness System:
06/30/2015 10:48 PM EDT

Original release date: June 30, 2015
Apple has released security updates for QuickTime, Safari, Mac Extensible Firmware Interface (EFI), OS X Yosemite, and iOS. Exploitation of some of these vulnerabilities may allow an attacker to obtain elevated privileges or crash applications.
Available updates include:
  • QuickTime 7.7.7 for Windows 7 and Windows Vista
  • Safari 8.0.7, Safari 7.1.7, and Safari 6.2.7 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.3
  • Mac EFI for OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5
  • OS X Yosemite 10.10.4 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10 to v10.10.3
  • iOS 8.4 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later
US-CERT encourages users and administrators to review Apple security updates HT204947, HT204950, HT204934, HT204942, HT204941 and apply the necessary updates.

===============================================
**Important note** - contact our company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:

www.tabularosa.net

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications. 

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================

Monday, June 29, 2015

Tabula Rosa Blog Of 6/29/15 - A Leap Second Will Occur Tomorrow!




 When you wake up this Tuesday, you may feel more refreshed because you will gain a second. Read below for the story and don't oversleep!
====================================================
Jun. 29, 2015 10:44am Liz Klimas
·
·    
For those who wish there were more time in the day, that wish will be granted Tuesday — technically.
Coordinated Universal Time or “Atomic Time” will add a “leap second,” making the clock on Tuesday night read 11:59:60 p.m (or 23:59:60).
NASA explained that this second is being added to account for the slowing of Earth’s rotation, which is caused by natural events like earthquakes.

Technically, the solar day is 86,400 seconds long, but due to various factors, the average length of a day is really 86,400.002 seconds. According to NASA, the solar day hasn’t really been 86,400 seconds since around 1820, which is why the leap seconds have been added since the 1970s.
“Earth’s rotation is gradually slowing down a bit, so leap seconds are a way to account for that,” Daniel MacMillan of NASA’s Goddard Space Flight Center said in a statement.
Universal Time is measured by the electromagnetic transitions in atoms of cesium, NASA explained. The length of a day on Earth based on its rotation, however, is measured using a technique called Very Long Baseline Interferometry.
As Earth’s rotation has slowed, to keep VLBI two time standards within 0.9 seconds Universal Time, the International Earth Rotation and Reference Systems Service occasionally decides to add a leap second, usually on June 30 or Dec. 31, according to NASA.
Watch this National Geographic video for more info about the leap second:
The last time a leap second was added in 2012, a few websites experienced outages. It also resulted in some flight delays.
Financial markets are preparing for the leap second in case it affects trading this time around.

“In the short term, leap seconds are not as predictable as everyone would like,” Chopo Ma, NASA geophysicist and member of the International Earth Rotation and Reference Systems Service board, said in a statement.
Google conducts a “leap smear” to make sure nothing bad happens to its site and services when these extra seconds are added:

We modified our internal [Network Time Protocol] servers to gradually add a couple of milliseconds to every update, varying over a time window before the moment when the leap second actually happens. This meant that when it became time to add an extra second at midnight, our clocks had already taken this into account, by skewing the time over the course of the day. All of our servers were then able to continue as normal with the new year, blissfully unaware that a leap second had just occurred. We plan to use this “leap smear” technique again in the future, when new leap seconds are announced by the IERS.
Judah Levine with the U.S. National Institute of Standards and Technology has provided several examples why he and some groups call for a stop to the practice of adding leap seconds.
======================================================
**Important note** - contact our company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:

www.tabularosa.net

In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:

 www.amazon.com/author/paulbabicki

 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications. 

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.
==============================================