Thursday, May 31, 2012

To Screenlock or Not a mobile phone

Being a security guy, I keep security in the back of mind.  Quite often, I put that knowledge to use when I least expect it.  I've had a cell phone for quite a while, many years in fact.  I've never used anything like a screen lock; be it a password or a pattern lock.  And I've got two different ways of thinking.

1.  In order to be secure, I know that I should lock my phone.  That way, should I ever lose the phone, misplace it, or, the phone gets stolen, I'll have "some" barrier (however strong) to prevent the casual person from snooping on the contents.  I know that it won't stop a determined attacker, but it should stop the low-hanging fruit masses.  I've seen different locks, both password-type locks and pattern locks.  Either one would be fine by me.

2.  The other side of my brain says "Hey, what happens if you are in an accident and EMS needs your phone?"  Does EMS do that?  Meaning, do they go to victims phones to contact someone, or for identity?  Are they allowed to.  I remember seeing the "news articles" back when cell phones were getting more popular that you should have an "ICE Contact" (that's In Case of Emergency.)

So, what's a good choice?  What balances out security with peace of mind?  Am I mis-informed about what EMS can and can not do?

What's your opinion...

Tuesday, May 22, 2012

DISA STIG updates since I last wrote

I know it has been a while since I last wrote.  And since that time, DISA has updated many of their STIGs and benchmarks.  I've included the list below.  Be aware that any item with a "*" is located in the PKI-protected area.

Here's the list:

Internet Explorer 9 STIG Version 1, Release 1 - Updated May 21, 2012
Internet Explorer 9 STIG Release Memo - Updated May 21, 2012
Traditional Basic Checklist (*PKI) - Updated May 21, 2012
Traditional Common Compliance Validation Checklist (*PKI) - Updated May 21, 2012
Traditional NIPRNet Compliance Validation Checklist (*PKI) - Updated May 21, 2012
Traditional SIPRNet Compliance Validation Checklist (*PKI) - Updated May 21, 2012
IPSEC VPN Gateway STIG, Version 1, Release 1 - Updated May 21, 2012
IPSEC VPN Gateway STIG Memo - Updated May 21, 2012
IAVM to CVE Mapping Spreadsheet - Updated May 18, 2012
Policy Auditor / STIG Viewer Operational Guidance - Updated May 14, 2012
SCAP Implementation Process Guidance - Updated May 14, 2012
SCC 3.0.1 Read Me - Updated May 14, 2012
IAVM 2012 Benchmarks - Updated May 7, 2012
SCC 3.0.1 SCC DEBIAN i386 - Updated May 2, 2012
SCC 3.0.1 DEBIAN AMD64 - Updated May 2, 2012
STIG Library Compilation Bulk Download (.zip format) - Updated May 2, 2012
Windows 7 STIG, Version 1, Release 8 (*PKI) - Updated April 27, 2012
Windows 7 STIG - Version 1, Release 8 - Updated April 27, 2012
Windows 7 STIG Benchmark Version 1, Release 10 - Updated April 27, 2012
Windows 2003 STIG - Version 6, Release 1.25 - Updated April 27, 2012
Windows 2003 STIG, Version 6, Release 1.25 (*PKI) - Updated April 27, 2012
Windows 2003 DC STIG Benchmark Version 6, Release 1.25 - Updated April 27, 2012
Windows 2003 MS STIG Benchmark Version 6, Release 1.25 - Updated April 27, 2012
Windows 2008 STIG - Version 6, Release 1.18 - Updated April 27, 2012
Windows 2008 STIG - Version 6, Release 1.18 (*PKI) - Updated April 27, 2012
Windows 2008 DC STIG Benchmark Version 6, Release 1.18 - Updated April 27, 2012
Windows 2008 MS STIG Benchmark Version 6, Release 1.18 - Updated April 27, 2012
Windows 2008 R2 STIG - Version 1, Release 4 - Updated April 27, 2012
Windows 2008 R2 STIG - Version 1, Release 4 (*PKI) - Updated April 27, 2012
Windows 2008 R2 DC STIG Benchmark Version 1, Release 4 - Updated April 27, 2012
Windows 2008 R2 MS STIG Benchmark Version 1, Release 4 - Updated April 27, 2012
Windows Vista STIG, Version 6, Release 1.25 - Updated April 27, 2012
Windows Vista STIG, Version 6 Release 1.25 (*PKI) - Updated April 27, 2012
Windows Vista STIG Benchmark Version 6, Release 1.25 - Updated April 27, 2012
Windows XP STIG, Version 6, Release 1.25 - Updated April 27, 2012
Windows XP STIG, Version 6 Release 1.25 (*PKI) - Updated April 27, 2012
Windows XP STIG Benchmark Version 6, Release 1.25 - Updated April 27, 2012
z/OS ACF2 STIG - Version 6, Release 11 - Updated April 27, 2012
z/OS ACF2 STIG - Version 6, Release 11 (*PKI) - Updated April 27, 2012
z/OS RACF STIG - Version 6, Release 11 - Updated April 27, 2012
z/OS RACF STIG - Version 6, Release 11 (*PKI) - Updated April 27, 2012
z/OS TSS STIG - Version 6, Release 11 - Updated April 27, 2012
z/OS TSS STIG - Version 6, Release 11 (*PKI) - Updated April 27, 2012
zOS SRR Scripts Version 6, Release 11 (*PKI) - Updated April 27, 2012
Network Firewall - Version 8, Release 10 - Updated April 27, 2012
Network IDS/IPS - Version 8, Release 10 - Updated April 27, 2012
Network Other Devices - Version 8, Release 10 - Updated April 27, 2012
Network Policy - Version 8, Release 10 - Updated April 27, 2012
Network Infrastructure Router L3 Switch - Version 8, Release 10 - Updated April 27, 2012
Network Perimeter Router L3 Switch - Version 8, Release 10 - Updated April 27, 2012
Network L2 Switch STIG Version 8 Release 10 - Updated April 27, 2012
Internet Explorer 6 STIG - Version 4, Release 6 - Updated April 27, 2012
Internet Explorer 7 STIG - Version 4, Release 6 - Updated April 27, 2012
Internet Explorer 8 STIG - Version 1, Release 6 - Updated April 27, 2012
Internet Explorer 8 STIG Benchmark - Version 1, Release 6 - Updated April 27, 2012
Mozilla Firefox STIG - Version 4, Release 4 - Updated April 27, 2012
Microsoft Office 2010 STIG Version 1, Release 3 - Updated April 27, 2012
Microsoft Office 2007 STIG - Version 4, Release 7 - Updated April 27, 2012
Microsoft Office 2003 STIG - Version 4, Release 3 - Updated April 27, 2012
McAfee Antivirus Security Guidance - Version 4, Release 5 - Updated April 27, 2012
General Desktop Application STIG, Version 1, Release 2 - Updated April 27, 2012
General Mobile Device (Non-Enterprise Activated) STIG Version 1, Release 2 - Updated April 27, 2012
DoD Host Based Security System (HBSS) STIG - Version 3, Release 6 (*PKI) - Updated April 24, 2012
Gold Disk (*PKI) - Updated April 23, 2012
SCAP Tools (SCC 3.0.1) - Updated April 17, 2012

Tuesday, May 1, 2012

Guides for locking down Twitter, Google+, Facebook and LinkedIn

Chief Monkey put up a post the other day on locking down some of the big Social Media websites.  As the security policies change it can be harder and harder to keep track of what the actual settings are.  Read the post, it's good stuff.  Here are the direct links to the guides:

Twitter

LinkedIn

Google +

Facebook

As the Chief mentions, it will help friends and family lock down their accounts keeping people (and their information) safer.