Category Archives: National Security

US Secret Service Recent Promo / Congrats to Graduating Class

I am very impressed with the Secret Service or any branch of military or government body that produces fine men and women in service to the US. I am all for it. Almost went myself a few times but got old. I’m a fan of Jesse Ventura or any Navy Seal for that matter (He’s just more vocal/flare). However, in a recent LinkedIn Recruiting / Promotional post featured below, a few of us wise and sympathetic patriots noticed that maybe not the best delivery. Some thought showing the faces was not so secret anymore. Read below.

us_ss

My comment after my friend and former CT House Representative 47th District, Chris Coutu posted his about not being so secret, was the following.

us_ss_chris_kevin_response

So I get the promotional thing but aren’t all the documentaries online shadowing and muffling face and voices respectively to protect our active agents in the field ?! (Rhetorical) Moving on…OK so now we have our graduating class. Great, I’m happy for them and I hope they do well. Now after this I actually clicked on the link to see the youtube channel for the Secret Service. I watched one video posted here I watched a few clips and noticed a few things. Starters I like the car drill but we get past that and see them running or lifting weights and…tires. I see that the requirement for SS is not being in shape before you attend. I see that there are stomachs jiggling around the track/building and lifting a barbell. In the same clip we see last names on the back of the agents. While not giving a lot of information, still some information is showing. The reporter mentions a ballet dancer whom I think is probably in better shape than anyone as one of the recruits. Diversity is great and thats what makes the USA a great place, I think personal care of ones health is job number one. Looks like these guys eat whatever they want and work out vs sacrificing that donut, bread on a sandwich. and soda. The following video shows guys lifting a log over their heads in unison and I noticed more bellies. The narrator mentions if sitting on the couch is what you have done and are thinking of joining you might consider something else. “Sorry buddy, off the couch I can run 3 miles and not get winded, no training 100% pure genetics.” Also, it looks like potatoes and fries in the video.

us_ss30_bodyfat

I’m sorry but that my friend is not respect for one’s body. eat ice and drink water cold water and lots of water to fight that urge to eat what you should not. Also, you should just get involved doing something else to keep you busy or mind off eating if thats the case. Become a gym addict….but apathy never won anything.

So my advice to the Secret Service…..raise the bar, define physical requirements (I think the state Police used to). It does take more than physical fitness to be in any of that line of work, don’t get me wrong, its just the videos are not as inspiring as they could be. On the other side it also means that you or I could be there if we were committed to the cause. So this blog is not a review but one that looks at what is being presented based off perception of what we think Secret Service and public service are all about. In addition what must be done to qualify for that service details. Also to protect the safety of those that serve, photographs, last names, and interviews shouldn’t be presented. The only thing I can think of in all of this is that all the people that are posted in the pics, videos and interviews are all actors. Then this post means nothing.

Why use a Cloud when you can Build Your OWNCLOUD and Btsync Backup Server

Anyone wishing to retain rights and privacy to their information without relying on cloud services like Google, iCloud, or even other services Western Digital My Cloud. Look no further. Netwerk Guardian LLC can install your OWNCLOUD and Btsync server just for you. Small businesses are enjoying backups now over encrypted TCP or UDP with Btsync. It has been around for almost 2 years. We have the technology here for you so you can backup your data and content your way and to whoever you want to see it.

  • OWNCLOUD is free we just install it for you and set you up.
  • Btsync is free
  • Bring your own hardware, or will provide for you (Best option, purpose built).
  • You are now free! Come join a million strong as we take back our privacy with your data. We install, educate, and if you want, we can manage it or teach you how.

    bittorrent_sync_logo

    owncloud_logo

    Snowden Picking Info Off the NSA Network – What Went Wrong

    As agreed I’d revisit this article from Computer World

    The story is just screaming some basic fundamental but glaring omissions in the security practice. In the CISSP study material by lesson 3 or in the beginning they address least privilege roles and mandatory and discretionary controls. Where is the payoff of hiring someone with a CISSP working for the NSA who failed to demonstrate this practice? Why is it that we can see when people access certain shares and yet the big machine cannot?

    The documents were kept in the portal so that NSA analysts and other officials could read and discuss them online, NSA CTO Lonny Anderson told National Public Radio in an interview Wednesday.

    As a contracted NSA systems administrator with top-secret Sensitive Compartmented Information (SCI) clearance, Snowden could access the intranet site and move especially sensitive documents to a more secure location without raising red flags, Anderson said.

    Thus, Snowden could steal the NSA Power Point slides, secret court orders and classified agency reports that he leaked to the media. “The assignment was the perfect cover for someone who wanted to leak documents,” Anderson told NPR.

    “His job was to do what he did. He wasn’t a ghost. He wasn’t that clever. He did his job,” Anderson said.

    That above mentioned quote should get a knee slap at happy hour for being duped by Snowden. While he wasn’t “clever” Ms. Anderson to hack in and get the loot he was clever enough to do it and leave before you stopped him. He went right in the front door and did it right under your nose. You’d be wise to allow only the people that need to know actually perform the technical work with the same controls mentioned below here with tagging a.k.a. similar to audit trail enabling.

    The NSA has also started “tagging” sensitive data and documents to ensure that only people with a need to see a documents can access it. The document tagging rule also lets security auditors see how individuals with legitimate access to the data are actually using it, Anderson said.

    This leads the general public to believe that you are using some Windows file share system and not a content delivery system that has audit trail turned on from design and the start of the system. This brings me back to my pharmaceutical days where there was a vendor Agilent who made a document system where one could see research and look up based on metadata. The NSA could learn a lesson here.

    The following excerpt of the article indicating a response from Eric Chiu, is one I disagree with. While role based security is nice for the group, let’s look at the individual. As stated by Mr. Chiu

    “Companies need to shift their thinking from an outside-in model of security to an inside out approach,” said Eric Chiu, founder of Hytrust, a cloud infrastructure management company.

    “Only by implementing strong access controls [like] the recent NSA ‘two-man’ rule as well as role-based monitoring, can you secure critical systems and data against these threats and prevent breaches as well as data center failures,” he said.

    Where is the detailed log of the individual user? In discretionary access control the user can make policy decisions contrary to mandatory access control. From the wiki for quick reference

    With mandatory access control, this security policy is centrally controlled by a security policy administrator; users do not have the ability to override the policy and, for example, grant access to files that would otherwise be restricted. By contrast, discretionary access control (DAC), which also governs the ability of subjects to access objects, allows users the ability to make policy decisions and/or assign security attributes. (The traditional Unix system of users, groups, and read-write-execute permissions is an example of DAC.) MAC-enabled systems allow policy administrators to implement organization-wide security policies. Unlike with DAC, users cannot override or modify this policy, either accidentally or intentionally. This allows security administrators to define a central policy that is guaranteed (in principle) to be enforced for all users.

    I believe the correct solution would be a Lattice based access control implementation where the user can only access data if their security designation is greater than the target AND there is user logging while in the system.

    Now taking this story down the rabbit hole what makes you think that glasses wearing Snowden didn’t go in and read the documentation and record it with super spy glasses? How about the cell phone camera? How about a phone call with him reading verbatim the information right off the screen? These are also fundamental physical breaches that may or may not be considered as this can be done in plain sight. Why was he accessing so many files? Why wasn’t the 6 month security access check picking up on his behavior? Why isn’t the NSA watching their own people more closely than they are watching us? How come Israeli people can detect malicious people in airports by watching and interviewing them with no mechanical screening but the old fashion way?

    XKeyscore: NSA tool collects ‘nearly everything a user does on the internet’

    Amazing in and of itself but I guess it’s fair game for thwarting terrorism. If used to target anyone with that intent of hostile acts. I would agree with the program if and only if it was used to collect data on people of interest and not just random or everyone. That being said there must be some control used in the system to do that effectively. However, it is alo just as easy to spoof email addresses and come up with rogue or false chat systems just to make the data useless. Remember a system is only as good as the data in it. So in theory, the NSA could not omit regular general public because the bad people could also be using spoofed email addresses and IRC chats etc and fake systems just to introduce false information or hide under the guise of some other legitamate system. So it is easier for them to collect data from anyone. If anyone gave enough time and effort to build a system to make this system useless, than that would be a good attack platform.

    Anyways…a good read into the intrigue.

    XKeyscore- NSA Tool that Collects….Everything??

    Going Black – Making it Tough for Big Brother (Series)

    Good day, I hope today finds you in perfect peace. Today we are going to talk about a new service and a new approach to keeping your data private. Recent events showing that the NSA as well as the big companies out there are profiling you. They want to store your identity and habits for future use. Netwerk Guardian is going to show you how to thwart their efforts. What good is it to the NSA or Google or any place that collects and harvests your personal profile through behavior monitoring, its information on how you think and live. They can use that information against you if they would like to have a contest of who can put more shame on whom. More likely, they will use it to see your political bias and connections. After the Snowden release, they really cannot be any more shameful than now. Therefore, we are going to show you how to give them useless data. Useless data really renders a system useless and reduces the taxpayer’s dollar (your money) to really a waste of money and time. I hope that enough people do this, maybe then they will get the picture and just stop. This will be at the end of the series. However, the evil in man and the lust for power and control will likely just make this tick them off and come up with some other regulatory way to make you commit information to them about you.

    First step in going off the grid and going black is to change everything you use to something else. Change you email address, your online profiles, if you have Facebook, MySpace or other limelight platforms…ditch them. YouTube is going to be tough to leave but granted, if another site is made that offers the same service then that too will be a success. Until then use TOR network and a VMware appliance. The best way to change your email address is buy a domain. It can cost you but what is your privacy worth?!

    Second, is buy or use free encryption software to encrypt your emails. Granted, it is going to be a bit painful in the beginning but you will sleep better knowing that it is you and the close ones around you that know who you are. There are a few places on the web you can go to get this service. However, I would rather encrypt locally. One place is while I have not used it, it seems to do the job. There is a group researching the use of a java based encryption and decryption tool that works on anything found here . I think this will carry for into the future for use on mobile devices with various platforms running. More to come on this as more software comes to mind.

    Third thing that can be done is to start using TOR network for browsing as well as proxy servers for ditching your fingerprints on the web.

    Fourth, is that you could start using another forma of currency that the Federal Reserve will not approve, BitCoin. Untraceable but holds it worth. There is movement to make this outlawed since it cannot be regulated by one particular body (Global Banks) so it obviously works.

    In the meant time if you have time, you can use some automation and start sending up erroneous web traffic data under your old Gmail account and start using Google search page.

    More to come as we investigate and get back in control of who gets access to what. Stay tuned because this service is being launched by Netwerk Guardian to accept requests to anonymize one’s identity and provide safe ways of browsing and using the internet.

    Just think…I privatized your God given right to be yourself. This peace of mind comes with a little costs but we now will have done two things, privatized anonymity and stimulated the economy in the technology and security sector.

    Keeping Your Internet and Computing Private

    Recent stories about Edward Snowden gets you thinking just how secure and private your “Personal Computer” really is. The big data companies are always promoting Google Voice, Google Chat, Gmail and all that. You have to ask yourself why is that free? What are they really trying to push? Each year you are at the edge of your seat when you hear they are allowing another free year of Google Voice. Well that is because you the public are offering free intelligence to them and willingly. We all psychologically want to be a part of something. We all like gadgets and technology as it makes our days fin and easier. Well to combat that surveillance of Big Brother or Big Sis, you use the following apps from Android Market Place.

    Orbot Proxy with TOR – Surf Anonymously with TOR project. They will never know you are coming to visit.
    TextSecure – Secure Text messaging on device and in transit
    Gibberbot – Secure chat with popular chat programs, providing the other user has Gibberbot or Pidgin and uses services like Google Chat.

    All these applications are a step forward to guarding your mobile privacy. Start falling off the grid with these applications. Next, start using TOR network at home. Start using VMware for surfing and use your chassis computer for the local network best you can.

    There will be more tips coming in the days ahead of how to be safe and private on the web.

    #OpUSA Flops Just After #OpIsrael Flopped

    Israel_Message_OpIsrael

    Just as predicated by Netwerk Guardian LLC, the ever and over reaching arm of Anonymous just couldn’t make it happen 2X’s in a row. After a failed attempt at #OpIsrael, Anonymous decided to saddle up and hit American banks, financial institutions, and government web sites with a message that they crossed the line. Now granted there have been some issue with the leftist radical Obama Abomination administration with moves to put American freedoms and rights on the chopping block for the sake of security.

    *** NEWS FLASH *** Nothing really bad has happned lately. Oh, all these tragedies in the north east….yes say some false flag to push a more controlling and tyrannical government and same say it was real. My question is why are they always involving youth and young people to perpetrate these attacks? Why has the FBI failed to produce the video footage from the Boston attack? I digress.

    The efforts of Anonymous against Israel ended up in being no more than an inconvenience to non important sites and accounts. According this article here Israel never really even had to lend a helping hand.

    Looks Like a Power Struggle – “Israeli cyber activists attack anti-Israel hackers”

    Reported by the Jerusalem Post, Israel cyber hacktivists strike back. In an amusing blow to the groups trying to take them down. As reported

    Israeli hackers responding to a campaign to launch cyber-attacks on the country’s websites and Facebook accounts by breaking into the server hosting a major anti-Israeli hacking nerve center.

    So it looks like the ones trying to take down Israel had their own command and control center taken down. That sure tops breaking into a twitter account or defacing a website on any day. Stay tuned as we the hacks rage on.I’m betting on Israel.

    Anon Ghost – Hasn’t read His Bible Lately, Israel Isn’t Going Away

    A recent article published off Israel Today mentioned that Anon Ghost is uniting hackers all over the world to erase Israel off the planet in terms of Cyber presence. News Flash Anon Ghost, Hitler tried genocide and to burn all Bibles and guess what…….(psss, come closer)……two things, 1) The Bible is still here and I don’t see Hitler, 2) Your no Hitler.

    Today marks the resurrection of my Lord and Christ, Jesus. Who’s name is above all names, who took on all the sin of the world so that you and I could have eternal life if we just believe. Again, as it is written,

    1 Corinthians 15:55-57

    New International Version (NIV)

    55 “Where, O death, is your victory?
    Where, O death, is your sting?”[a]

    56 The sting of death is sin, and the power of sin is the law. 57 But thanks be to God! He gives us the victory through our Lord Jesus Christ.

    Jesus paid it all. He went to hell and back and took the keys for you and me. Why would you then refuse such a free and perfect gift to continue on as you are bound to your idol computer and to your vices.

    John 3:16 (New International Version)
    16 For God so loved the world that he gave his one and only Son, that whoever believes in him shall not perish but have eternal life.

    So my question to Anon Ghost, do you think you are all powerful over sin and death, create and destroy energy, be all knowing and omnipotent? You bleed just like me and to dust you will return. Your idea is feeble and has no strength because you are only able to do what God allows you to do. Feel like tempting God over His chosen people?

    Cisco ASA VPN Device Review

    Product Review
    Cisco ASA VPN device with the 8.4(5) image and ASDM 7.11. This device meets the requirements for FIPS 140-2 cryptographic requirements for federal agencies. The purpose of the device is that it ensures the confidentiality, integrity, and availability of information between networks. The device is best used between different locations offering secure communications for users, clients (DMZ), and partners (DMZ). Cisco has been in the business for creating borderless networks for some time. Overall performance and features of the device are great. It does take a little time to get used to the commands, as they are a little different from the Cisco IOS router but not as different as another vendor like 3com now, HP.
    This device provides the following features and services

    • Visibility and granular control of applications and micro-applications, with behavior-based controls
    • Robust web security
    • Advanced threat protection with a comprehensive, highly effective intrusion prevention system (IPS)
    • Highly secure remote access
    • Protection from botnets
    • Proactive, near-real-time protection against Internet threats
    VPN capabilities
    • Site to Site (l2l)
    • Remote Access (RA) AnyConnect or IPsec Client (Cisco Client)
    • Clientless VPN (webpage)
    • PKI Infrastructure for Certificate based scalable authentication

    CSD Features
    • Secure Desktop (Vault)
    • Cache Cleaner
    • Keystroke Logger Detection (KSL)
    • Host Emulation Detection
    • Advanced Endpoint Assessment (License required)
    o Provides remediation (Fixes)
     Firewall
     Antispyware

    The device is reported to be the Anti-X device that will eliminate threats and reduce risks. The extended features are nice in the brochure and work if you use the proven and tested platforms. This includes the Cisco Secure Desktop (CSD). Which as of January 17, 2013 was being developed and now has stopped? More on this later.

    This device provides protection and utilizes technology like IPsec protocol suite for authentication, encryption, and integrity of network communication. Companies can use these devices to build secure tunnels form branch offices and create that borderless network. It allows remote teleworkers the ability to work from anywhere. It also provides an implementation where partners can connect to company extranets to collaborate. The uses for this device are great and I would certify that this product be used in every deployment.

    Pros
    • Great encryption capabilities
    • Versatile Remote Access configuration down to user level settings
    • Customizable Web Portals Internet/Extranet Sites
    • Monitoring VPN activity and errors
    • CLI provides quick access to various states of the device
    • Troubleshooting Tools

    Cons
    • Troubleshooting error codes not always decipherable
    • Firewall rule configuration not as intuitive as Checkpoint. ASDM needs work

    Discussion
    Recently I have had the experience to setup and use a Checkpoint VSX appliance for building virtual firewalls. Checkpoint makes a great product and as far as I can say it is very intuitive more so than the Cisco ASA for creating firewall rules and applying them. The Cisco ASA also supports multiple context mode for firewalls and separate networks for a Managed Security Provider or ISP allocating address space to businesses. However, I have yet to really see a Cisco ASA used in this manner so I cannot comment on the performance of this used in this manner. I do know that the Checkpoint VSX security appliance can handle the bandwidth and processing. Utilizing 10 GB interfaces and a Linux OS, the Checkpoint is a very secure and powerful security appliance. Can the Checkpoint do VPN? Yes, but I have not configured that yet.

    Cisco Secure DesktopAs reported here

    “Cisco stopped developing the Secure Desktop (Vault), Cache Cleaner, Keystroke Logger Detection (KSL), and Host Emulation Detection features on November 20, 2012.” – Cisco

    CSD works only on Windows platforms and it starts to go downhill from there. When you move to 64 bit systems and more rare platforms like Mac or Linux, the capabilities of CSD keeping your network safe and the bad stuff just takes a nose dive. The implementation for features vs. benefit is not worth the product offering. Your IT Dept will spend more time fixing why users cannot connect than they will having them get and be productive. Yes, what it does sounds great in the brochure but the real safe way to prevent data leakage is to train the users.

    There has been talks lately since hacking events are on the increase as to what device offers the most security from the firmware to your data center. The move has been to shift from Checkpoint to Cisco as an American made product vs. an Israel manufactured device. This has been pure speculation and this trend will be monitored closely if it continues. I am not certain as to why based off speculation but in reality there is no difference in cryptographic service being impaired or diminished by any device Checkpoint or Cisco. I think it may be fear or the move to remove all doubt to purchase Cisco only.

    * Personal author note – KP “We live in an age not seen before. While there is nothing new under the sun, I believe this is the time we are in, where faith and moral code is replaced by another agenda. This is what might be causing the fear of a foreign made product used in Gov’t shops”.

    Purchase Point
    If you are looking for a mature and dynamic security appliance for your SMB or enterprise network, the Cisco ASA is for you. If you are looking to create a data center and offer a lot of services then maybe the Checkpoint is the way to go.