Well, After some false starts involving problems with London Undergrounds District Line I made it to Olympia and to Infosec 2008. The event itself is a good one for picking up the latest trends in security and seeing a few demo's of various products and as always there was some good stuff to see there.
For example, Sophos have come on in leaps and bounds and I was most impressed with their new AV console. It can also do NAP (where a machine is quarantined until it means a specific criteria for patches and AV).
The Sophos solution also has a web based applet which can be deployed to guest machines (i.e. visitors). The classic here was the sales guy who was demonstrating it was telling me just how clean the solution was "It uninstall's without a trace so we don't change a THING on the users machine" he extolled. Hmm. But if it doesn't met the policy then the remediation servers will be the only ones the user can see. This allows the user to update AV definitions and patches. Now, if we can't touch a visitors machine then what's the point? It's a nice technology but worthless for that reason.
Guest machines should be in an isolated vlan with only net access. They should not only be isolated from the production network but from each other as well.
The Microsoft seminar was superficial but I did learn a few things about their NAT offering in Windows Server 2008 and it does look useful. Certainly on the "to test" list.
Overall, I came away from Infosec slightly underwhelmed. There didn't seem to be any new technologies or ideas that made me feel "yes, I like this. This is a good way forward". The last time I had that feeling was with Splunk and I still think that about the product. I do wonder if security is falling into something of a rut just waiting for the next big attack.......
Monday, April 28, 2008
Monday, April 14, 2008
nLite Automated builds
I'm a big fan of unattended builds and I've been using them for over five years now. The process of creating an unattended build can be somewhat hit and miss so using something like VMWare to test the final build is often an essential.
nLite has been around for a while but the last time I used it I found that the resultant build could be flaky and often just not work.
These issues seems to have been fixed with current version as it's remarkably easy to create a custom build and to add service packs, drivers and patches.
Overall I'm very impressed with the tool and at price tag which is free I really cannot complain!
nLite has been around for a while but the last time I used it I found that the resultant build could be flaky and often just not work.
These issues seems to have been fixed with current version as it's remarkably easy to create a custom build and to add service packs, drivers and patches.
Overall I'm very impressed with the tool and at price tag which is free I really cannot complain!
Subscribe to:
Posts (Atom)