Geeks in Paradise | Brian Chee » December 2006

December 22, 2006 | Comments: (0)

PocketMac SecureNOTES

TAGS: Host Security, Privacy, Review, Security, Toys and tools

The PocketMac folks sent us a copy of SecureNOTES a while back and I tossed it at one of my mac oriented students. Funny, how most of my old Linux and BSD fanatics have all gone to Mac OSx. This small application addresses the issue of how to protect sensitive information at the file level.

To Create a Card and just add the information or drag and drop the item into the needed window and hit save.

 

Will not encrypt movies due to the size of the movies

Can do Financial (credit cards, bank accounts), General items (pictures, code snippet, auto info, etc), Health & body (cloth sizes, prescriptions), identification Drives license, passport, SSN, etc), Internet (email accounts, FTP webpages, etc), Phone (emergency numbers, calling cards, etc).

In the “add card� window it is not possible to change the items on the left (lower in the heirachy), but nice to have quick links to the ones that will be used more often.

To encrypt you must go to Edit --> Encrypt Card. You will be prompted to enter a password for this Card. Once the password has been entered the encryption will take place. It is easy to determine what cards have been encrypted due to the fact the GUI changes the icon to a lock. They even provide a General Card that will take straight ascii text to use if a card doesn’t exist that is needed.

It is also possible to create a category and title it how you want. It is then possible to rearrange the cards and place them into the correct category. For example, if you wish to have all your pictures in a category, you can create a category called pictures and then place them all in it. (picture below). Not possible to encrypt entire category.

Not possible to encrypt multiple items at once. Which I think is a good idea as you can create separate passwords for each card.

Just wonder if having a new password for each card is a good idea. I mean we have enough passwords already, why not create a single password that will encrypt and decrypt all the cards?

If you click on a card it will prompt you for the password for that card. Once the password has been entered it will display it. Pictures below. In the GUI it will show it as Unlocked too. Once it has been decrypted you must encrypted again… why not automatically have this redone once the item is not being viewed anymore?

Upon launching the application, a small little icon will appear in the menu bar. Picture 8.

If you have many Cards or Categories these can be added to the Favorites windowpane. This will provide a quick link to access the data in an easy and quick fashion.

Deleting an item is as easy as highlighting it and pressing the delete icon or dragging it to the trashcan in SecureNotes.

Just for grins and giggles, we took one of the encrypted files and mounted it under Linux to see if we could bypass the password. So while it didn't ask for a password, the file was unusable anyway since it was truly encrypted. So it really does encrypt the file instead of just encrypting the headers like some other programs.

All in all a worth while utility...one of these days we'll take the time to find more programs of this ilk and do a comparison. Maybe when we visit CES in January we can hunt down some alternatives.

Pete Gross is one of my students and has just finished his masters in Computer Science. He is currently working for Spirent Communications writing Network Testing Methodologies, but is looking for a full time position...

Brian Chee is the Director of the Advanced Network Computing Laboratory (ANCL) where university students are exposed to bleeding edge technology. What a concept, students that have some experience out of the gate and have had the chance to play with emerging technology. Brian is also a Senior Contributing Editor with InfoWorld.

Posted by Brian Chee on December 22, 2006 11:05 AM

December 01, 2006 | Comments: (0)

Anywhere HotSpot: Enterprise Grade

TAGS: Testing notes, Toys and tools

SonicWall TZ-190 Generation 5 firewall with WWAN

The August 2005 issue of Popular Science documented how to turn a backpack into a mobile hotspot using the Junxion Box wireless gateway to create a solar powered backpack hotspot. However, at $700 the Junxion Box gives you basic WiFi router capabilities appropriate for the SOHO/SMB environment. The newly released TZ190 from SonicWall is a bit more expensive at $725 (Street price from Froogle, however the MSRP is $995), and like the Junxion you'll also have to purchase your Ev-DO card or HSDP/EDGE/UMTS card separately. I picked mine up from Mobile Planet for $299 for the Option GT GlobalMax HSDP/EDGE/UMTS card originating in the UK. So while capable of upwards of 1.8mb/sec, this card can only do this in europe, hope of some truly leading edge mobile networks. So while my Option GT GlobalMax card slowly winds its way from the UK, we're doing some initial testing on Sprint's EV-DO network.

Some other efforts in this market space:

http://www.stompboxnetworks.com/intro.html

http://www.dlink.com/press/pr/?prid=241

http://www.digi.com/products/cellulargateways/

http://www.kyocera-wireless.com/kr1-router/

http://www.proxicast.com/index.htm

Why enterprise grade instead of SOHO?
What sets firewalls apart is their ability to move packets through filters, manage buffers (large attachments), deep packet inspection on the fly, IPsec VPN throughput both with and without deep packet inspection, and the ability to turn away the tidal wave of malware banging at the door. The key is to do this all at the same time, and NEVER fail by letting the crud through. I've been testing quite a few firewalls using the Musecurity MU-4000 and learning just how easy it is to tip most firewalls over. One of my favorite ways to test is to build a 2gb file of worms and virae I've been collecting and toss it through the firewall as both an FTP download and as a SMTP file attachment. VERY few firewalls in the SMB/SOHO market can survive this, whereas most of the major players in the enterprise marketspace catch it.

(look for more as the testing methodology matures and we host a BIG roundup of firewalls)

Usage scenarios?
The Small Office/Branch Office (SOBO) environment isn't any less important than the home office. They still need secure remote management, they still need to integrate nicely into a unified management system, they still need to have a reasonable key management facility, they MUST be able to integrate into the enterprise authentication system, they can't let crud into the enterprise network through a side door, and most of all they need to stay up. The world is moving away from dedicated telecom (ie. Frac T-1, frame relay, etc) to public ISP's like cable modems and DSL. The downside has been the loss of the Service Level Agreement (SLA) that you got with the dedicated line. SonicWall is solving this by providing WWAN failover with dynamic DNS so that you can have a reasonable expectation that your Point of Sale (POS or any other mission critical app) isn't going down.

Ev-Do versus EDGE in the US?
Just about everyone agrees that while EDGE isn't anywhere near as fast as EV-DO, EDGE just has more coverage. I personally chose EDGE since I tend to do a bit of international travel and having a quad band EDGE/UMTS card just made a lot of sense. However if you want the speed and you're only going to use this is major metro areas, EV-DO is just plain faster at this time. Will that change, sure...will the new HSDPA standard surpass EV-DO, yeah sure someday. Keep in mind that things change...most of the US is in the 2.5G to 3.0G service range BUT ONLY in major metro areas. HSDPA is more like 3.5G and will of course suffer the same lack of coverage that EV-DO has now.

Stolen shamelessly from the folks at SonicWall...thanks to Mary McEvoy and Jeff Caldwell for this chart.
Updated December 1, 2006 by Jeff Caldwell of SonicWall, much thanks for the updated numbers.

The bottom line is that if you have a remote location that just can't afford to be out of contact, being able to automagically flip over from your DSL/Cable provider to a WWAN card can save you a whole heck of a lot of lost business. So while I may have caught your attention with the gimick of a solar powered backback HotSpot, there really are good business reasons to have a WWAN backup.

/brian chee

Brian Chee is a Senior Contributing Editor with InfoWorld Magazine and is a researcher with the University of Hawaii's School of Ocean and Earth Science and Technology (SOEST).

Posted by Brian Chee on December 1, 2006 09:33 AM