Here is a nice little article concerning a vulnerability for laptops operating with Microsoft operating systems (as if there are all that many laptops not using windows). However the news is not bleak, and for those of you that know me personally, I've been talking about the countermeasures for a long time anyway. But here's the problem...
I don't know why everyone with a wireless enabled laptop doesn't have a firewall or routinely disable the wireless antenna. These two simple countermeasures are useful for other important reasons. First, disabling the antenna will help conserve battery life. Oh, you say you're plugged in so battery life isn't an issue. So what! Why would you have the antenna turned on if you don't need to? It's sort of like leaving a door open to your house - why do it if you really don't need to. And the firewall is like a screen door on the house. It lets you know when people are trying to get in and lets the legitimate "air" through. It's not foolproof but it's a very nice tool. Firewalls now have gotten more user friendly and are pretty lightweight in terms of consuming system resources. Granted with the antenna turned off you really don't need an active firewall, but it's not that big a deal to leave it up.
The author of the article notes that his firewall had to be disabled for the vulnerability to be properly exploited. So keep the firewall up and pay attention to any notifications that the firewall might provide for attempts at accessing your system. So just turn off the antenna if you don't need it and use a firewall. There's one bundled with the Microsoft operating system and there are free applications available on the web. You may not need a "big honkin'" firewall, just one that restricts access effectively.
Rob
/
Tuesday, January 17, 2006
Wednesday, January 11, 2006
Managing vandalism - Part II (The Response)
Let's continue on and briefly discuss responding to vandalism and managing the successful attack. Once again, this has been spurred by this recent article about events near my home revisits just how hard it can be to prevent and manage vandalism.
Once a vandal, or vandals, have successfully attacked your facility what do you do? How long will it be before it is discovered and reported? What will the police want to do and how long will it take?
First make sure that you conduct some sort of liaison with your community police officer (by whatever name this position goes by in your local department) and learn how they will respond along with a "scientifically estimated wild guess" about how long their process will take to process the crime scene. Why? Because you want the greatest amount of time to reverse the efforts of the vandal before the general public gets a glimpse. Why? Because this has two effects: one it negates the effort of the bad guy and is a symbol of defiance, and two it helps to prevent any negative press that may come from the attack. What I mean by that is the willingness of the media - and this is not an attack on their activities - to begin digging and reporting on hate groups; and possibly giving them "face time" or printing their views. Why should your loss contribute to the publicity of those that work to destroy your organization.
With that said a quick step back to the previous post... You should create the opportunity to, if not prevent the attack, identify it as early as possible - so maybe patrols every two or three hours after nightfall. This might provide a large enough window to eliminate the value of the attack. This may further work as a deterrent to future efforts because they just didn't get anything out of their efforts - which may be referred to as a "benefit denial" strategy.
But let's assume that the attack has been discovered and the police notified. What should you do? First secure the scene. Keep everyone away from anything that may have value, like footprints, trash in trash cans, tire tracks, glass shards, and so on. It's perfectly acceptable, and in my opinion essential, to begin taking pictures now and keep taking them until the clean up it complete. This is useful for insurance purposes and for documenting the effort necessary to clean up the attack. Some of these may be useful when giving presentations to the local government and petition for better policing (manpower increases, enhanced patrols, etc.) or in developing anti-hate programs. You just can't go wrong with the pictures. I'd also encourage anyone to treat these like evidence and control the camera, any picture or film processing, and the pictures themselves. Also keep the rolls of film "clean" or don't mix pictures of none related activities with the attack.
Now that the police are gone you have to get rid of the mess. The purpose of this is to reduce the value that the attacker's efforts, not because of shame or other internal concerns. This is important to communicate to your members. You must not be ashamed - you did not commit the attack, you did not ask to have it committed. Cleaning up becomes an act of defiance. It is an act that is imminently more efficient if you have materials on-hand. Keep paint, sanders and sandpaper, boards for windows, tools, and the like availabe in moderate supply. More can be obtained on relatively short notice, but you should have enough to get started.
Determine in advance how you will respond to media inquiries for vandalism, then tailor your plan accordingly. Do you denounce the action, express forgiveness, seek punishment... Decide in advance when the emotions are not quite as strong. This first message after an attack may be crucial to how your congregation is portrayed in the media and in the community.
Just one last word... The goal is to prevent and not respond, but make sure that your response is planned in advance. Emotions can cause kneejerk reactions that are more detrimental than helpful, so plan your response and respond with your plan.
Rob
/
Once a vandal, or vandals, have successfully attacked your facility what do you do? How long will it be before it is discovered and reported? What will the police want to do and how long will it take?
First make sure that you conduct some sort of liaison with your community police officer (by whatever name this position goes by in your local department) and learn how they will respond along with a "scientifically estimated wild guess" about how long their process will take to process the crime scene. Why? Because you want the greatest amount of time to reverse the efforts of the vandal before the general public gets a glimpse. Why? Because this has two effects: one it negates the effort of the bad guy and is a symbol of defiance, and two it helps to prevent any negative press that may come from the attack. What I mean by that is the willingness of the media - and this is not an attack on their activities - to begin digging and reporting on hate groups; and possibly giving them "face time" or printing their views. Why should your loss contribute to the publicity of those that work to destroy your organization.
With that said a quick step back to the previous post... You should create the opportunity to, if not prevent the attack, identify it as early as possible - so maybe patrols every two or three hours after nightfall. This might provide a large enough window to eliminate the value of the attack. This may further work as a deterrent to future efforts because they just didn't get anything out of their efforts - which may be referred to as a "benefit denial" strategy.
But let's assume that the attack has been discovered and the police notified. What should you do? First secure the scene. Keep everyone away from anything that may have value, like footprints, trash in trash cans, tire tracks, glass shards, and so on. It's perfectly acceptable, and in my opinion essential, to begin taking pictures now and keep taking them until the clean up it complete. This is useful for insurance purposes and for documenting the effort necessary to clean up the attack. Some of these may be useful when giving presentations to the local government and petition for better policing (manpower increases, enhanced patrols, etc.) or in developing anti-hate programs. You just can't go wrong with the pictures. I'd also encourage anyone to treat these like evidence and control the camera, any picture or film processing, and the pictures themselves. Also keep the rolls of film "clean" or don't mix pictures of none related activities with the attack.
Now that the police are gone you have to get rid of the mess. The purpose of this is to reduce the value that the attacker's efforts, not because of shame or other internal concerns. This is important to communicate to your members. You must not be ashamed - you did not commit the attack, you did not ask to have it committed. Cleaning up becomes an act of defiance. It is an act that is imminently more efficient if you have materials on-hand. Keep paint, sanders and sandpaper, boards for windows, tools, and the like availabe in moderate supply. More can be obtained on relatively short notice, but you should have enough to get started.
Determine in advance how you will respond to media inquiries for vandalism, then tailor your plan accordingly. Do you denounce the action, express forgiveness, seek punishment... Decide in advance when the emotions are not quite as strong. This first message after an attack may be crucial to how your congregation is portrayed in the media and in the community.
Just one last word... The goal is to prevent and not respond, but make sure that your response is planned in advance. Emotions can cause kneejerk reactions that are more detrimental than helpful, so plan your response and respond with your plan.
Rob
/
Managing vandalism - Part I
This recent article about events near my home revisits just how hard it can be to prevent and manage vandalism. Although the article gives no details of the attack, we really don't need to know those to discuss the difficulties with managing the potential, or continuing, threat of vandalism at any House of Worship. To better cover this topic we'll look at if from a couple of different perspectives including environmental knowledge, specific preventive and mitigative efforts, and finally the response.
We'll start a little out of order with preventing and mitigating these attacks...
Designing a plan to manage vandalism revolves around a couple of key points that rely on specific behavioral assumptions. First there must be some degree of privacy for the attackers to feel comfortable; that is comfortable that they will not be discovered, observed or caught. If they attackers do not fear discovery or capture then the entire dynamic of the management efforts must be altered. Second, there is an assumption that someone will see the fruit of the vandal's efforts. This is the psychological part of the attack. The physical damage to the facility may be annoying and expensive, but it is the specific nature of any messages left behind that causes the greatest impact.
With this in mind the greatest way to avoid much the impact is to prevent the successful completion of the attack. There may even be ways to thwart the manifestation of the threat, but we'll discuss that later in the environmental knowledge piece. Preventing a vandalism requires an effort to increase the likelihood, as well as the perception, that a vandal will be discovered and caught. This may be done a number of different ways given an ideal location with ideal conditions and we all know that each location has its own quirks and needs. As such, discovery and apprehension requires successful surveillance efforts that may be either natural or electronic. That means changing traffic patterns to ensure there is a steady flow of people that can observe activity in a specific place. I know this sounds a little silly when dealing with late night crime - even the most well illuminated locations could still be attacked simply because no one is there to see the attack. Furthermore there is an underlying assumption that those providing the natural surveillance will act on their observations - in other words that they'll care about what they are seeing. These shortcomings can be countered using electronic surveillance technologies, particularly at night or during low traffic times, and these have really come a long way in the last decade with some that are ideally suited for dealing with vandalism.
Let me preface this bit by saying that I generally discourage the purchase of equipment as a "point solution" because the cost can become onerous for any one issue, but in this case the solution has many applications besides crime loss management. Remote video monitoring. It used to be that you installed an alarm system and when it activated the police were dispatched by a central alarm monitoring station - time passed the the attack was completed - making this not much of a preventive tool. Now consider this current technology solution. The attacker approaches a "restricted" area, that may be defined as the area immediately surrounding the building, which causes a camera to become active a central monitoring station. The watch officer at the station seeing the attackers and activates a two-way intercom and reads a script that has been coordinated with the property owners. It may be something like:
"Attention! You are trespassing on private land. Your activity is being recorded and observed by live personnel. The police have been notified and are responding. Please depart immediately."
It has an amazing effect and has been used successfully at locations around the country in a variety of applications. The benefits are immense because an organization reduces the likelihood of a false alarm, which are getting expensive, and also receives the immediate interaction with the attacker. Not to mention that these systems may be tied into pretty much any alarm sensor like fire, flood, or medical assistance. Now I must admit I'm a little partial to this technology because I wrote a short paper on it while finishing my degree and it was still considered an "emerging" technology, but with that said it has real applications for this scenario. Imagine the vandal, or vandals since there is a degree of vanity and group think involved, being confronted as they prepare to committ mayhem. They just be stopped; at least stopped long enough to think about what they are about to do and the potential consequences. Besides the monetary benefit of preventing any damage, there is a real spiritual value to guiding someone away from wrongdoing rather than simply punishing them, right? Changing a thought rather than forgiving an act.
Ok, so we have natural surveillance and electronic surveillance and each can be reached differenct ways - far too numerous to cover here effectively. However, we neglected the value and method of increasing natural surveillance earlier. Natural surveillance often has the primary benefit lower cost. Let's face it, people moving around normally is, well, free. It does unfortunately breakdown when traffic is reduced. So how then can traffic be increased? Maybe by using the facility as much as possible for community events, although let me caution briefly that this creates other potential loss opportunities; or possibly security patrols can be added. This could be from a formal security service or by dedicated congregation members that will take time to check on the facility. It may also be possible to use the camera systems mentioned above on a private website with access available to congregation members. Possibly a "patrol" schedule could be created with specific members agreeing to keep an eye it. Like I said, once we get creative there just isn't enough room here for the options.
There is, at least, one other bit of technology to assit in preventing vandalism and that's vandalism resistant paint. This tool works to prevent other paints from bonding to the material permenantly. One word of caution is that the cost for materials could be as much 10x that of ordinary paint.
Here's a short article in Religious Product News on technology trends in security.
We'll start a little out of order with preventing and mitigating these attacks...
Designing a plan to manage vandalism revolves around a couple of key points that rely on specific behavioral assumptions. First there must be some degree of privacy for the attackers to feel comfortable; that is comfortable that they will not be discovered, observed or caught. If they attackers do not fear discovery or capture then the entire dynamic of the management efforts must be altered. Second, there is an assumption that someone will see the fruit of the vandal's efforts. This is the psychological part of the attack. The physical damage to the facility may be annoying and expensive, but it is the specific nature of any messages left behind that causes the greatest impact.
With this in mind the greatest way to avoid much the impact is to prevent the successful completion of the attack. There may even be ways to thwart the manifestation of the threat, but we'll discuss that later in the environmental knowledge piece. Preventing a vandalism requires an effort to increase the likelihood, as well as the perception, that a vandal will be discovered and caught. This may be done a number of different ways given an ideal location with ideal conditions and we all know that each location has its own quirks and needs. As such, discovery and apprehension requires successful surveillance efforts that may be either natural or electronic. That means changing traffic patterns to ensure there is a steady flow of people that can observe activity in a specific place. I know this sounds a little silly when dealing with late night crime - even the most well illuminated locations could still be attacked simply because no one is there to see the attack. Furthermore there is an underlying assumption that those providing the natural surveillance will act on their observations - in other words that they'll care about what they are seeing. These shortcomings can be countered using electronic surveillance technologies, particularly at night or during low traffic times, and these have really come a long way in the last decade with some that are ideally suited for dealing with vandalism.
Let me preface this bit by saying that I generally discourage the purchase of equipment as a "point solution" because the cost can become onerous for any one issue, but in this case the solution has many applications besides crime loss management. Remote video monitoring. It used to be that you installed an alarm system and when it activated the police were dispatched by a central alarm monitoring station - time passed the the attack was completed - making this not much of a preventive tool. Now consider this current technology solution. The attacker approaches a "restricted" area, that may be defined as the area immediately surrounding the building, which causes a camera to become active a central monitoring station. The watch officer at the station seeing the attackers and activates a two-way intercom and reads a script that has been coordinated with the property owners. It may be something like:
"Attention! You are trespassing on private land. Your activity is being recorded and observed by live personnel. The police have been notified and are responding. Please depart immediately."
It has an amazing effect and has been used successfully at locations around the country in a variety of applications. The benefits are immense because an organization reduces the likelihood of a false alarm, which are getting expensive, and also receives the immediate interaction with the attacker. Not to mention that these systems may be tied into pretty much any alarm sensor like fire, flood, or medical assistance. Now I must admit I'm a little partial to this technology because I wrote a short paper on it while finishing my degree and it was still considered an "emerging" technology, but with that said it has real applications for this scenario. Imagine the vandal, or vandals since there is a degree of vanity and group think involved, being confronted as they prepare to committ mayhem. They just be stopped; at least stopped long enough to think about what they are about to do and the potential consequences. Besides the monetary benefit of preventing any damage, there is a real spiritual value to guiding someone away from wrongdoing rather than simply punishing them, right? Changing a thought rather than forgiving an act.
Ok, so we have natural surveillance and electronic surveillance and each can be reached differenct ways - far too numerous to cover here effectively. However, we neglected the value and method of increasing natural surveillance earlier. Natural surveillance often has the primary benefit lower cost. Let's face it, people moving around normally is, well, free. It does unfortunately breakdown when traffic is reduced. So how then can traffic be increased? Maybe by using the facility as much as possible for community events, although let me caution briefly that this creates other potential loss opportunities; or possibly security patrols can be added. This could be from a formal security service or by dedicated congregation members that will take time to check on the facility. It may also be possible to use the camera systems mentioned above on a private website with access available to congregation members. Possibly a "patrol" schedule could be created with specific members agreeing to keep an eye it. Like I said, once we get creative there just isn't enough room here for the options.
There is, at least, one other bit of technology to assit in preventing vandalism and that's vandalism resistant paint. This tool works to prevent other paints from bonding to the material permenantly. One word of caution is that the cost for materials could be as much 10x that of ordinary paint.
Here's a short article in Religious Product News on technology trends in security.
Monday, January 9, 2006
ELF exists!!!
There have been a series of articles, like this one, along the lines that the ELF (Earth Liberation Front) either does not exist or does not have members. This is an interesting argument that is being propagated for reasons I do not know, but the recent focus on ELF and ALF is the result of two events: the recent arrests of those accused of several arsons in the name of ELF and the FOIA document releases indicating that the FBI monitored such groups as PeTA.
First let's get the minutia out of the way...
The FBI was monitoring groups like PeTA for any number of reasons, but the best one that I can think of are the contributions PeTA made to Rod Coronado's criminal defense of roughly $70,000 so he could fight charges of arson that he eventualy plead guilty to and PeTA's contribution to the Earth Liberation Front which was stated to be for publicity. These funds were likely used just for that but it still creates enough suspicion for a little monitoring. Both of these groups, the ELF and the ALF, are considered to be terrorist organizations because they espouse the destruction of property in furtherance of their cause... And there are many arguments that they make about this being non-violence because humans are not targeted, but that is neither here nor there right now.
The problem here is the concern as to whether a person can be charged, implicated or considered a member of an organization that admittedly does not have "true" members. Anyone can claim to act on the organization's behalf as long as they abide by their rules - which can be easily found of the web. But let's attack this from another direction... There are "prisoner" support networks for both the ALF and the ELF. The North American Animal Liberation Front Support Group provides information about arrested activists and directions for making donations or sending care packages. Now if there is no organization with no members then who are these people that need support?
This point was make clear when one of the recent defendents requested that his information be removed from the support group website. This is presumably to make it harder to convince a jury that he a member of a terrorist organization rather than a lone arsonist with an ax to grind. Fine lines that could mean years difference in a sentence.
In other words, as long as an organization exists, in name or form, that encourages actions that target another they are a threat and should be treated appropriately.
With that said, keep in mind this is not some vast organization of shadowy activist but much more likely very very small handfuls of individuals getting a little worked up. Security programs should stay informed and stay focused rather than taking "knee-jerk" actions that cost unnecessary funds and damage the credibilty of the security team. Work with the local law enforcement, collect your own intel and make some sound judgements - or find someone more capable to assist you.
Rob
/
First let's get the minutia out of the way...
The FBI was monitoring groups like PeTA for any number of reasons, but the best one that I can think of are the contributions PeTA made to Rod Coronado's criminal defense of roughly $70,000 so he could fight charges of arson that he eventualy plead guilty to and PeTA's contribution to the Earth Liberation Front which was stated to be for publicity. These funds were likely used just for that but it still creates enough suspicion for a little monitoring. Both of these groups, the ELF and the ALF, are considered to be terrorist organizations because they espouse the destruction of property in furtherance of their cause... And there are many arguments that they make about this being non-violence because humans are not targeted, but that is neither here nor there right now.
The problem here is the concern as to whether a person can be charged, implicated or considered a member of an organization that admittedly does not have "true" members. Anyone can claim to act on the organization's behalf as long as they abide by their rules - which can be easily found of the web. But let's attack this from another direction... There are "prisoner" support networks for both the ALF and the ELF. The North American Animal Liberation Front Support Group provides information about arrested activists and directions for making donations or sending care packages. Now if there is no organization with no members then who are these people that need support?
This point was make clear when one of the recent defendents requested that his information be removed from the support group website. This is presumably to make it harder to convince a jury that he a member of a terrorist organization rather than a lone arsonist with an ax to grind. Fine lines that could mean years difference in a sentence.
In other words, as long as an organization exists, in name or form, that encourages actions that target another they are a threat and should be treated appropriately.
With that said, keep in mind this is not some vast organization of shadowy activist but much more likely very very small handfuls of individuals getting a little worked up. Security programs should stay informed and stay focused rather than taking "knee-jerk" actions that cost unnecessary funds and damage the credibilty of the security team. Work with the local law enforcement, collect your own intel and make some sound judgements - or find someone more capable to assist you.
Rob
/
Subscribe to:
Posts (Atom)