Thursday, January 20, 2011

Filtering iTunes Traffic - Allowing Software Updates Without the iTunes Store


As many people are probably doing right now, I've been investigating ways to incorporate the iPhone Macro iPad or other tablets into our environment. It's no question why, either. They are really light, have astounding battery life, and Steve Jobs says that we should like them.

However, what happens if someone wants to use their personal iPad at work and asks for iTunes to be installed on their desktop to accompany it. Although this hasn't been tested in court as far as I know, it is the opinion of many a General Counsel that U.S. corporate entities must own a license for any copyrighted media stored on its computers whether the user of that computer has a license for it or not.  This is the main reason that we block MP3 download sites -including the iTunes store. Alternately, what if they are using their personal laptop and iPad at work (attached to our guest network, of course). We still want to block those sites on our guest network (this time for bandwidth reasons) but someone may have the need to update their iStuff.

The problem is that iTunes is required for updating the OS on iPads and iPhones, but that network traffic is identified by Websense the same as if the user were downloading Justin Bieber's latest musical masterpiece.

This raises an important question.  How do we allow people to use iTunes to update their iPhones, iPads, and iTunes itself without granting access to the iTunes Store to download movies, music, or other media?

Saturday, January 8, 2011

User Awareness - Ur doin it rong.

It's heard throughout the security community that user awareness is an important part of a security program, but I think we technical people seem to miss the mark.

We often assume -although nobody actually says it- that if the user only knew the details of a computer system or had more information about how specific threats work that they would automatically become security-minded and less vulnerable to attack.  The problem is that many of us don't know how to talk to normal people.  Because of this limitation, we either give up immediately, or, if we do get off our butts and put together a user awareness program it tends to be the type of talk that we would enjoy but dumbed down for "the peasants."

Thursday, January 6, 2011

Come on Ride the Train

No, not this one:  

This one:

I started riding the train to work in December (thank you, DART) and I've learned a couple of things that I think are important for anyone who is making the decision to do the same. 



Rules for Riding the Train to Work:

1. Don't lose your ticket.  The transit police don't believe you when you say, "Really!  I bought one!" The citation isn't cheap, either.
2. The guy talking to himself is not on a Bluetooth headset.
3. Don't get so into your book that you miss your transfer station.
4. That is not soup spilled in the corner.

This is all I have so far.  I might add a few more as I come across them.

Sunday, January 2, 2011

Is RSS Dying? Short answer: I doubt it.

Kroc Camen of CamenDesign.com made a recent blog post about RSS dying (http://camendesign.com/blog/rss_is_dying).  Although I agree with some of the points he made, I disagree with the conclusion and some of the reasoning. 

The post first assumes that the client-side browser settings are the optimal location for RSS feed configuration.

On the contrary, I am an avid RSS user that finds the local browser a really poor choice for storing RSS selections.  This is why I don't use the RSS button in Firefox.  It simply doesn't travel to other computers without reconfiguring those as well.  This is a useless choice for my needs.  When I add an RSS feed to follow, I want that setting to automatically follow me from machine to machine -- even those machines that I don't own.