Monthly Archives: October 2010

Information Technology Security

Posted on by
1

While most companies have several security defenses in place to guard against threats, such as firewalls and antiviral software, a very important question is still left on the table: Exactly how effective are these measures? Although it is a deceptively simple question, every company must find their own answer to this essential question. Without this critical information, your organization could be left wide open to incoming threats because of unknown vulnerabilities. Let’s investigate a few ways to effectively evaluate your organization’s data security:

Penetration Tests

A penetration test, or pentest, is basically an attempt to hack into the system from outside the network. This simulated attack analyzes the system for any potential vulnerability points that could result from configuration problems, hardware or software defects, or poor operational procedures. A penetration test will typically look for vulnerable points not only from outside attackers, but also from the inside. If an employee can view unauthorized data, it can be just as dangerous as allowing a hacker to gain access. Penetration tests can be classified as either Black Box, the tester knows nothing about the system, or White Box, the tester has complete knowledge about the system infrastructure. Of course, some installations have used modified rules and referred to it as Grey Box testing. Every system that connects to the internet or allows access from any other external source should use penetration testing on a regular basis.

Network Discovery Assessments

A network discovery assessment analyzes your network's infrastructure to identify every device that is connected to your network and search for configuration weaknesses. By clearly identifying each machine within a continuous IP address range, the system engineers can detect any new or unexpected devices that are connected to the network. While an unknown machine usually occurs because an incorrect IP address was assigned or a cabling error was made, a network discovery assessment will also point out any truly unauthorized computer, such as a hacker, that is connecting to your company's network.

Network Sniffing

A network sniffer can be either a hardware device or a piece of software that intercepts and logs traffic passing over a network in order to capture information about each packet's final destination. Some network sniffers have the ability to generate errors within the system to test for the ability to handle error conditions. Depending on the capabilities of the individual network sniffer, it can be configured in the following ways:

  • Wired Broadcast LANs - A network sniffer can monitor traffic traveling across either the entire network or on specific parts of the network from one machine. To minimize a potential bottleneck, ARP spoofing or monitoring ports can be used.
  • Wireless LANs – A network sniffer can monitor the traffic on one specific channel.
  • Promiscuous Mode – If the network sniffer supports this feature, the network adapter can be set to promiscuous mode to allow the sniffer to monitor multicast traffic sent to a group of machines that the adapter is listening to.
  • Monitor Mode - This is a step up from promiscuous mode. It allows the sniffer to process everything that it could in promiscuous mode plus packets for other service sets.

In terms of information security, network sniffers provide value by detecting network intruders, discovering network misuse by internal and external users, and isolating exploited systems. On the other side of the coin, hackers can use network sniffers to learn information to effect a network intrusion and to collect passwords or other sensitive information.

Checking Password Security

Because most users will choose a password that's easy to remember, instead of one that's hard to guess, password security is critical to overall information technology security. After all, once a hacker has a valid user id and password, much of the system is readily available. Passwords should be encrypted within the system, and rules should be put into place to reflect the potential security risk of an individual system. If the risk is low, it might be enough to require the user to create an eight-byte password with at least one character and one number that expires at 30 days. At the other end of the spectrum, the password should expire every week and require the user to use a mix of upper case, lower case, numeric, and special characters while restricting the use of any word found in a standard dictionary and consecutive keyboard characters.

Checking Wireless Security

Wireless access is a growing trend in today's business world, but it comes with huge risks for security vulnerabilities. As long as a hacker is within the zone of your company's wireless signals, they can connect to your system and attempt to login. If a wireless network adapter isn't configured properly, it can leave the door wide open to attacks, and the hacker may be able to get in with a simple admin/password sign on. In addition to securing each known wireless access point, the network should be searched for unauthorized wireless ports that may have been leftover from testing, set up by accident, or created with malicious intentions.

Will BP’s Seal Stick?

Posted on by
Reply

By Anthony Ricigliano: After having held gushing oil in place since the middle of July, crews from BP are carefully drilling a secondary relief well which, when completed, will deliver a permanent plug into the oil well that has become the biggest oil spill in U.S. history. The drilling of the last phase of the relief well must be done with extreme caution to ensure that it intersects the broken well line. It is hoped that the relief well can reinforce the initial cap and provide a permanent solution by pumping more mud and cement into the well.

With the oil stopped since July 15th, all eyes will be on the "bottom kill" operation which is designed to both permanently seal the well and allow for options on reopening it in the future. Prior to the temporary seal going in, oil flowed out of the broken well for almost three months after Deepwater Horizon rig, which BP had leased, exploded on April 20. The explosion killed 11 employees on the platform and released over 200 million gallons of oil into the Gulf. Investigations are ongoing as whether BP cut corners in their operations in order to save money in the days preceding the blowout.

The first test after the connection of the relief well will be to see if pressure gradually builds up at the point of the seal. The lines which have been releasing oil and gas to surface ships to minimize pressure on the cap would be closed to see if pressure builds naturally within the well.  Increasing pressure would indicate that the two and a half miles of casing which lines the well bore is intact which could lead to an oil capture scheme with surface ships capturing oil from the well. Estimates are that four ships could capture up to 60,000 barrels a day. If pressure does not build in the well it would indicate that the casing is damaged and testing would be halted. The relief lines which have been shut would reopen and testing of the casing would commence.

The operation to finally seal the well should provide relief to the cleanup efforts, but for many the damage has already been done. With the Fall shrimping season set to open on August 16th, many of the fishing grounds will remain closed as federal authorities monitor toxin levels in shrimp, crabs, and other seafood. The reminder of these closures was evident as the pre-season “Blessing of the Boats” ceremonies saw barbequed sausage, chicken, and other items on the menu but no sign of the shrimp and crab dishes that are the traditional fare for the celebrations.

There hasn’t been much talk about future plans for the well but it seems unlikely that it will remain closed permanently. While establishing another rig may be extremely unpopular with residents around the Gulf, the sheer volume of oil in the well and BP’s desire to recoup some of the $6.1 billion in costs related to the blowout make it likely that surface ships will eventually be replaced by another platform along the lines of Deepwater Horizon. One certainty in that situation is that it will be closely watched with highest safety standards possible. BP owes nothing less than that to everyone and everything that has been affected by this ecological disaster.

Author Anthony Ricigliano – Articles and News by Anthony Ricigliano

Sealing the Well Updated – BP

Posted on by
6

Author Anthony Ricigliano: The last time I wrote about sealing the BP well that is responsible for the biggest oil spill in U.S. history, the relief well was sitting within four feet of the blowout wellbore. Much to everyone’s surprise, it’s still sitting there After pumping 500 barrels of cement into the casing and announcing that the status of the well was “static” it appeared that the next phase of connecting the relief well to the blowout wellbore was imminent.

Since that time, there has been talk of pressure readings all over the board, a new pressure test, a lot of vague non-answers. That’s when someone is around to answer questions. Kent Wells, who has managed to provide no technical information at BP’s "Technical Briefings" hasn’t been around for almost a week.

The purpose of the "new ambient" pressure test has yet to be defined but hounding spill watchers and the Daily Kos website finally prompted BP to release some information regarding pressure readings but, true to form BP left out basic information such as “the starting point, whether the well is shut in at the surface or seafloor, the fluid in the riser, etc., so the data is pretty much useless”, similar to the other tidbits which have been released over the last four months.

What is known is that there are three aspects of the well which are of concern:

  • The flex joint, right on top of the old stack
  • The riser adapter
  • The transition spool

In every one of the tests BP has conducted, the top kill, the well integrity test, the injectivity tests, and static kill, the pressures that BP announced exceeded the rated pressures of at least one of those components. This means that one or all of these components could rupture as pressure in the well returns to normal.  The focus has now been shifted pressure readings on the blowout protector (BOP) and the talk is now centered on replacing the stack in total before doing anything else.

The changing focus, the delays, and intentional vagueness are alarming and lend to the possibility that BP still doesn’t know how to seal this well permanently. The static kill effort, which may or may not have been successful, remains a mystery as well.  It is also becoming apparent that no one has any idea where all the cement and mud went exactly.  This has complicated efforts on permanently sealing the well and added another element of uncertainty on how to proceed. It all remains to be seen. Everyone appears to be feeling the strain, including Admiral Allen, who is stuck between a public trying to learn as much as possible and BP who either doesn’t know what to say or doesn’t want to say anything at all.

By Anthony Ricigliano

What About Water?

Posted on by
Reply

By Anthony Ricigliano – News By Anthony Ricigliano: The world may never run out of water but an increasing number of people around the world could easily face an extreme shortage of drinkable water. According to Matthew Simmons, an early proponent of “peak oil”, many of the world's largest cities, with populations of more than 10 million people, are currently facing water shortages. The list of cities facing potable water shortages includes Mexico City, Beijing, and Cairo. The World Bank recently reported that 80 countries now have potable water shortages that threaten health, sanitation, and economies and that 40% of the world’s population, approximately two billion people, have no access to clean water or sanitation.

One of the primary causes of the looming global water shortage is the steadily increasing world population. This population growth and the industrial, agricultural and individual water needs which come with it are now doubling demand for water every 21 years, according to World Bank estimates. With the global population currently at six billion and United Nations’ projections for nine billion people by 2050, the justified fear is that water supplies will not be able to keep pace with demand, as populations soar and cities explode. Water supplies will continue to tighten as countries around the world continue to develop and raise their standard of living, as well. Like oil, the United States is a huge user of water on a per capita basis at 600 liters per day. Outside the U.S., the per capita usage amounts to 50 liters a day and growing.
These shortages, combined with certain geographic considerations have the potential to fuel hostility and potential warfare over this precious resource. In fact, more than a dozen countries receive more than half of their water from rivers that cross borders of neighboring countries viewed as hostile. Of those, seven countries receive 75% or more of their fresh water from rivers flowing out of often hostile upstream neighbors. These include Botswana, Bulgaria, Cambodia, the Congo, Gambia, the Sudan, and Syria.

The Middle East, a region well-known for its political and religious animosities is now witnessing heightened tensions regarding adequate water supplies as well. Israel and Syria have had recently contentious discussions about water supplies while Iraq, Syria and Turkey have exchanged verbal threats over their use of shared rivers. It’s not hard to imagine tensions rising if one country wants to dam a river for hydroelectric purposes that a neighboring country relies on.
The scramble for solutions to the problem is growing apace. One of the more promising solutions already exists in the form of desalinization plants of which there are 11,000 in operation around the world. The biggest issue with these plants is the cost per gallon of desalinized water. The answer to the cost issue could lie in the advance of alternative energy solutions which could run the plants with renewable energy sources such as solar, tidal, wind, and/or wave power.  Advances in these solutions will bring their costs down which in turn could make desalinization both a clean and cost effective proposition.

About Anthony Ricigliano