Still around

I know, I owe apologies. I tried to re-record the segment while in Geneva, but little did I know that the hotel was downtown, where the Euro Football 2008 fans were driving around honking horns when their teams won, as well as being two blocks from Hopitaux Universitaires de Geneve (Geneva University Hospital). For as calm as the Swiss are, there are ambulances running all the time.

I got back on the 14th, and was fighting jetlag the entire week. Last weekend, the kids came over to celebrate my birthday,  and this week have been in SAP training. So I will get that segment re-recorded as soon as possible, and get it out.

In production

A long time in coming, however, I have all my content collected and most of it recorded. I had a bout of jetlag last week, having jumped forward in time by 6 hours. I recorded last week, but part of the content was irrecoverable. I will re-record tomorrow night after changing hotels. I thank my loyal fans for hanging in there.

Debian/Ubuntu RNG update

I spent most of the weekend getting my keys regenerated. On the downside, it took most of the weekend, but on the plus side, tons of content for the podcast. I took the tinfoil had approach.

In essence, any keys or certs that were either compromised or unknown status and were created between Sep 2006 and May 2008 were deleted and recreated. In the immortal words of Ripley in Aliens, “I say we take off and nuke the entire site from orbit. It’s the only way to be sure.”

I will give a step-by-step of the process that I used to update in episode 1, which should be out this week.

Production finally

Episode 1 is in production. I apologize for the delays, but in addition to the new job, computer upgrades, and what not, I just spent 18 hours vacuuming the water out of my basement from the series of storms.

In any case, I will make a real effort to release the episode this week.

Episode 1 in preproduction

For all that are wondering, I am in pre-production on episode 1. I will hopefully be able to sit down and do some recording this week. Its been very busy on the new job, plus I need to put the upgraded recording machine through her paces. I will hopefully be able to get two episodes cranked out before I have to leave for Geneva.

Show notes for Episode 0

What is security? My definition of security is the art and science of risk management. Things are going to go wrong, the world is an imperfect place. Computer security is all about the prevention of things going wrong that you can prevent, and the minimization of damage when things go wrong beyond your control. According to ISC2, there are 10 areas or domains of security

• Access Control
• Application Security
• Business Continuity and Disaster Recovery Planning
• Cryptography
• Information Security and Risk Management
• Legal, Regulations, Compliance and Investigations
• Operations Security
• Physical (Environmental) Security
• Security Architecture and Design
• Telecommunications and Network Security

However, in the broader scale, I break these down into four major areas:

• Policy - Anticipating and planning for what to do when things go wrong. As the name implies, this is a definition of acceptable use of your network and computers.

• Security Engineering - Putting the tools in place to [hopefully] prevent or at least detect when things go wrong. This is the securing of your network and computers therein. This is what I refer to as the “wrench work”. These are the measures that the system administrator and the security engineer put in place to satisfy the policy requirements and IA findings.

• Information Assurance - Reviewing the policy and Security Engineering steps to insure that they are adequate to protect your investment when things go wrong. IA is the assurance of data confidentiality, integrity and availability. This is the measure of the effectiveness of the defenses in place, and recommendations for improving these defenses.

• Forensics - Figuring out why things went wrong. The art and science of data recovery and reconstructing crime scenes. Sort of like CSI, but nowhere near as sexy.

The other domains are the support infrastructure of the areas noted above. For the typical home Linux user, IA and Policy are implied, however, we will be taking a look at them in future podcasts. There is no such thing as complete security. I’ve often stated that security times usability is a constant. To get a truly secure system, you need to unplug it from the network, remove power, pack it in concrete and fire it into the sun…But then it isn’t very usable, is it? That said, your threat environment should dictate your security posture. You generally don’t see Mayberry-style small-town police forces toting automatic weapons and anti-aircraft missiles. By the same token, a sling and stones hasn’t worked in a combat environment since David’s time and he had God’s help. When planning security, one of the watchwords is ”Defense in Depth”. What does this mean? Well, it means that you should not depend on one method to detect or defend against an attack. In fact, you should have interlocking defenses. If one method fails or is defeated, this should trip another one.

Feeds fixed…[hopefully]

The feeds appear to be fixed. Thanks to LinuxChic as well as TechMonkey from the AlternaGeek podcast , we were able to get things straightened out. Several things appeared to be wrong, including problems after our recent WordPress upgrade, typos (the story of my life) and a couple of other problems.

But, it should be back on track and I can start working on episode 1.

Armored Penguin Podcast EP0 - OGG

 

 Armored Penguin Episode 0 - Ogg Vorbis: Play Now | Play in Popup | Download

Armored Penguin Podcast EP0 - MP3

 

 APP - EP0 - MP3 [12:59m]: Play Now | Play in Popup | Download

Finally! The Armored Penguin Premiere Episode

The first episode of the Armored Penguin Podcast.

 

 APP - EP0 - MP3 [12:59m]: Play Now | Play in Popup | Download

 

 APP - EP0 - OGG: Play Now | Play in Popup | Download

In this episode we talk about:

• Podcast Introduction
• Security Basics