header image
How to create a security policy
March 18th, 2007 under InfoSec, rvincoletto, Technology. [ Comments: 1 ]

Technology helps us to solve problems, but they are vulnerable to several types of threats. Any kind of lost or unavailability could be too dangerous for small and big companies. So, information security is a basic investment.

But, how do you decide what kind of investments are necessary?

First of all, you must know the cost of your business’ downtime to protect it against failures.

Planning
A deep investigation of users’ access to the internet together with your data security needs will help you to begin your security policy.

  1. What do you want to protect?
  2. What are the risks?
  3. What parts of your business are relevant?
  4. What do your users expecting from their computers? What do they need for their jobs?


Defining

Now, you can start writing your security policy. The best way to develop a policy is to work from an example policy. You can find several templates of security policies in the internet. You must define the mission of information security in your company: scope, responsibilities, enforcements, revision.

You need a Continuity Plan; which will involve a lot of areas in your company, such as technology, electric power, engineering, staff planning, communication, etc. Your users must know the Security Policy and they need to be trained constantly.
Processes must be review in a constant basis, to ensure that you have the latest and most up-to-date version of a solution.

Remember that threats and vulnerabilities are constantly evolving.

Implementing

So, you make business decisions and you know how important is protect you computer data. Security systems are the implementation of those decisions. Good security system starts with careful planning and understanding company business, not robust hardware and software.

Security policies are strategic documents that guide you for security. If you don’t understand your business needs it will be difficult implement and configure those security systems.

Remember that a firewall security policy cannot exist alone. It must be accompanied by your company board support, a policy that establishes how to maintaining physical security, staff training and awareness, and other specific security controls.

Using

A firewall stands between your protected network and public internet. Its main function is to examine traffic coming from the public side to the private; to make sure it reflects your security policies before permitting that traffic to pass through your private network.

Two things you must think about implementing firewalls:

1. Acquire the right firewall for you company

There are lots of firewalls in the market, but without a solid and trustable host, your firewall will be worthless.

2. Configure your firewall to meet your security policies

You could create rules that allow your users to access local web servers but that prevent employees to access local systems such as financial, development and human resources.

When you define a strong security policy that balances your users’ needs with your business needs, you will be able to find the right combination of IT resources to implement it. Keep in mind that firewall rules comes from your business needs.


IQ Test
March 16th, 2007 under Fun, rvincoletto. [ Comments: 6 ]

I know, everybody is missing Geek Family’s IQ tests.

So, here we are: A new IQ test for you, and this one is special, it was created by my 5-yo son, Andre.

He created this afternoon while we are having our tea with crumpets and croissants.

(portugues) Para voces, fresquinho, um novo teste de QI, criado pelo Andre hoje à tarde:

Qual deve ser o proximo numero na sequencia?Which number will be the next?

16 23 28 38 49 62 70 *?

I will give you one week to solve.

For more IQ tests and Quiz click here.


Three little pigs
March 14th, 2007 under Fun, rengolin. [ Comments: 1 ]

Once upon a time three little pigs. The first pig died in coma after a car crash in New Zealand trying to drive on the wrong way of the road looking for bad hobbitsess. The second pig won the EuroMillion and went to south Asia where he bought a fishing boat and lives there until today.

The most interesting story, however, is the story of the third little pig, that had nothing of little or modest but was a huge (fat) and very intelligent pig that unfortunately lost half of his brain in a poker table after a few drinks and, sad enough had his liver removed after meting a girl when he sunk his sadness on several pints of guinnesses extra cold.

Despite of all that bad luck he managed to have a good life when, later in that year, he met another girl that didn’t take his other liver (I said he was big!) but instead, gave him three baby pigs. And for years they lived in the country side of Hertfordshire doing business with race horses and hound dogs (not the mean type I have to say).

And the story ends when his three little sons went into the wild to live on their own (apparently pushed by their mum) and they managed to rent an apartment with a rather mean and hairy guy, sometimes known as ‘wolf’, and were eaten by him, one by one. Some might argue that one of them survived because, somehow, he had a degree in civil engineering but I found it rather amusing given that they were *inside* the same brick apartment that didn’t even had a chimney.

Anyway, that’s the story I’ve heard…


VI: a love story
March 10th, 2007 under rengolin, Technology, Thoughts, Unix/Linux. [ Comments: 3 ]

The first editor I’ve used on Unix was VI. Since then, I’ve been using lots of different editors for both code and text files but I still can’t find a replacement for VI.

VI, now called vim, is the most powerful and simple editor in existence (Yes! Emacs users, it *is* simpler than Emacs). Of course, there are simpler or more powerful editors around but not both. At that time (early 90’s) VI wasn’t so complete and powerful but it was simple and widely available on Unix world and that’s what made it famous.

But before using VI for coding, I used Borland’s fantastic Turbo C (for DOS) and the need for a smarter IDEs was something I always had in mind. It began, then, the search for a TC-like IDE. Borland made later several great IDEs for Windows but once coding on Unix it’s very hard to turn back and code on Windows, so I had to find a good IDE, for Linux.

Early tries

After coding for so long in VI I was feeling like it was a natural choice to use VI every time I wanted to edit a file, whatever it was. I never bothered to find other text editors (such as joe or emacs) but I did use a bit of pico (later nano) and it was terrible.

When Gnome and KDE came to substitute WindowMaker they came with lots of text editor but they were, after all, notepad clones. Later they became a bit better but still not as good as VI so, why bother change?

Well, one good reason to change was that, every time I need to edit a file I had to go to the console and open the VI. That was not such a bad thing because I always have a console open somewhere and navigating through the filesystem is easier anyway, but a few times it was annoying and I used Kate (from KDE, my WM of choice). Anyway, it was around that time that VI gained a nice brother, gvim: the graphical editor! One reason less to not use VI.

Kate was really good in fact but I found out that I had lots of “:wq” (the command to save and close VI) on my files when using any other editor. I also tried to use Quanta for HTML but it was so cluttered and I had so much “:wq” on my pages that I just gave up.

Java?

When I started programming in Java I found out the Eclipse IDE. A fantastic tool with thousands of features and extremely user friendly editor and all gadgets that a coder would want to have! And it was free and faster than any other Java IDE available at the moment. And it was free! too good to be true?

Nah, for the Java community it was *that* good, but for the rest of us it was crap. The C++ plug-in was (and still is) crap, as well as the Perl plug-in. It didn’t understand classes, inheritance and most important, didn’t have all nice features as for Java for refactoring and understanding the code.

So, why use a gigantic (still fast) IDE that doesn’t speak your language? If it’s not to speak the same language I very much prefer VI! So I went back, once again. Also, by that time, VI got a wonderful feature: tab-completion (CTRL-N in fact).

KDeveloper

The most promising rival is KDeveloper and it’s almost as good as I wanted to be, but not quite enough. It have CVS integration (not much easier as using the console), class structure information, integrated debugger, etc etc etc. But, it’s still a bit heavy (as expected) and not useful for all development projects.

VI re-birth

For a while I only used VI at work and for text files at home, specially while I was busy trying all possibilities of KDeveloper, and that’s because I still missed one very important feature of an IDE that VI didn’t have: tabs.

Editing with tabs is so much simpler than switching buffers or splitting windows. That’s why I revisited Kate a few times later than have abandoned it and that’s why I didn’t use much VI for a long time in my personal projects.

But than VI 7.0 came out, with lots of improvements and the long wanted tab support. It was like one of those amazing sunsets in the country with birds singing and all that stuff. Also, the tab-completion (still CTRL-N) is really smart, it understands includes, class, defines, typedef, everything and have a very simple interface to use.

VI, or now vim is complete! And I’m happy! ;)

Thanks Bram Moolenaar for this amazing piece of software!


 


License
Creative Commons License
We Support

WWF

EFF

National Autistic Society

Royal Society for the Prevention of Cruelty to Animals

DefectiveByDesign.org

End Software Patents

See Also
Disclaimer

The information in this weblog is provided “AS IS” with no warranties, and confers no rights.

This weblog does not represent the thoughts, intentions, plans or strategies of our employers. It is solely our opinion.

Feel free to challenge and disagree, and do not take any of it personally. It is not intended to harm or offend.

We will easily back down on our strong opinions by presentation of facts and proofs, not beliefs or myths. Be sensible.

Recent Posts