The Reason For Java’s Staying Power

The Reason For Java’s Staying Power: It’s Easy To Readfrom the easy-on-the-eyes dept.

jfruh writes:

Java made its public debut twenty years ago today, and despite a sometimes bumpy history that features its parent company being absorbed by Oracle, it’s still widely used. Mark Reinhold, chief architect for the Oracle’s Java platform group, offers one explanation for its continuing popularity: it’s easy for humans to understand it at a glance. “It is pretty easy to read Java code and figure out what it means. There aren’t a lot of obscure gotchas in the language … Most of the cost of maintaining any body of code over time is in maintenance, not in initial creation.”

Posted by samzenpus 3 days ago

Advertisements

10 Ways To Measure IT Security Program Effectiveness

original article

The right metrics can make or break a security program (or a budget meeting).

As CISOs try to find ways to prove ROI to higher ups and improve the overall effectiveness of security operations, the right metrics can make or break their efforts. Fortunately, infosec as an industry has matured to the point where many enterprising security leaders have found innovative and concrete measures to track performance and drive toward continual improvement. Dark Reading recently surveyed security practitioners and pundits to find out the best time-tested metrics to prove security effectiveness, ask for greater investment, and push security staff to improve their day-to-day work.

Average Time To Detect And Respond

Also referred to as mean time to know (MTTK), the average time to detect (ATD) measures the delta between an issue occurring—be it a compromise or a configuration gone wonky—and the security team figuring out there’s a problem. 

“By reducing ATD, Security Operations Center (SOC) personnel give themselves more time to assess the situation and decide upon the best course of action that will enable the enterprise to accomplish its mission while preventing damage to enterprise assets,” says Greg Boison, director of cyber and homeland security at Lockheed Martin.

Meanwhile, the mean time to resolution or average time to respond, will measure how long it takes for the security team to appropriately respond to an issue and mitigate its risk.

“Average Time to Respond (ATTR) is a metric that tells SOC management and personnel whether or not they are meeting objectives to quickly and correctly respond to identified violations of the security policy,” Boison says. “By reducing ATR, SOC personnel reduce the impact (including the cost) of security violations.”

Tracking these two metrics continuously over time can show how well a security program is improving or deteriorating. Ideally they should be growing smaller over time.

False Positive Reporting 

Tracking the False Positive Reporting Rate (FPRR) can help put the work of lower-level analysts under the microscope, making sure that the judgments they’re making on automatically filtered security event data is sifting out false positives from indicators of compromise before they escalate to others in the response team.

“Despite the implementation of automated filtering, the SOC team must make the final determination as to whether the events they are alerted to are real threats,” Boison of Lockheed Martin says. “The reporting of false positives to incident handlers and higher-level management increases their already heavy workload and, if excessive, can de-motivate and cause decreased vigilance.”

A high FPRR could indicate better training is needed from Level 1 Analysts or better tuning of analytics tools.

“All too often Level 1 analysts lack a good understanding and visibility to incidents cause and therefore escalate false alerts to Level 3 analysts,” says Lior Div, CEO of Cyberreason. “This causes waste of expensive resources.”

Mean Time To Fix Software Vulnerabilities

Whether for web, mobile, cloud-based, or internal applications, organizations that build custom software should be measuring how long it takes to remediate software vulnerabilities from the time they’re identified, says John Dickson, principal at Denim Group. 

“This measurement helps organizations understand the window of vulnerability in production software,” Dickson says. “Unfortunately, most organizations do not publish this metric internally and as a result, the most serious application vulnerabilities, like SQL injections, remain in production far too long.”

Realistically, this number may be skewed by fixes that don’t ever occur, particularly during the development process. Which is why organizations should also be tracking the number of critical defects fixed against those reported, which will show how effective static analysis is for the organization, says Caroline Wong, director of security initiatives for Cigital.

“To obtain this metric, the software security group must be performing static analysis, counting the number of defects initially found — by classification, during first scan — and counting the number of (critical) defects which are actually fixed by developers,” Wong says. “The quality of the code will not actually increase until the developer performs triage on the findings and fixes the actual software defects. The desired trend for this metric is to increase towards 100 percent.”

Patch Latency

In the same vein, patch latency can also show how effective the program is in reducing risk from the low hanging fruit.

“We need to demonstrate progress in the vulnerability patch process. For many organizations with thousands of devices, this can be a daunting task. Focus on critical vulnerabilities and report patching latency,” says Scott Shedd, security practice leader for consulting firm WGM Associates. “Report what we patched what remains unpatched and how many new vulnerabilities have been identified.”

Incident Response Volume

Tracking the total number of incident response cases opened against those closed and pending will help CISOs identify how well incidents are being found and addressed. 

“This shows that incidents are being identified along with remediation and root cause analysis,” says Shedd of WGM. “This is critical for continuous improvement of an information security program.”

Fully Revealed Incidents Rate 

This metric can also help get a bead on the effectiveness of the incident response and security analyst functions within a program. 

“What is the rate of incidents handled by security team into which they have a full understanding of the reason for the alert, the circumstances causing it, its implications, and effect?” says Div of Cybereason. 

The lower the rate compared to overall volume of opened cases will show gaps in visibility and could trigger an ask for more investment in human resources or tools.

Analytic Production Time

Is your security program suffering from information overload? Measuring the time it takes to collect data compared to when it is analyzed can help answer that question.

“Reducing the analytical timeline allows IT teams to recognize and act more quickly to prevent or detect and addresses breaches, thereby improving the organizations overall security posture,” says Christopher Morgan, president of IKANOW.

“Reducing the time it takes to analyze security data, from either internal firewall or SIEM information or outside threat intelligence feeds, requires giving data scientists the tools and time to focus on data analysis,” he says.

Percent Of Projects Completed On Time And On Budget 

CISOs can show accountability by offering the CEO, board, and CFO visibility into their spending process by offering metrics on the percent of strategic IT security projects completed on time and on budget, says Dan Lohrmann, chief strategist and chief security officer at Security Mentor. 

“This could be a project on encryption, new firewalls, or whatever the top security projects are,” Lohrmann says. “This metric ensures that security is accountable for delivering ever-increasing value and improvements to the executive team.”

Percentage Of Security Incidents Detected By An Automated Control

One way to justify spend on those shiny boxes is to start tracking just how many of the overall security incidents detected by the organizations are done through an automated tool.

“This is a good one because it not only encourages you to become familiar with how incidents are detected, it also focuses you on automation, which reduces the need for ‘humans paying attention’ as a core requirement,” says Dwayne Melancon, CTO of Tripwire. “It also makes it easier to lobby for funding from the business, since you can make the case that automation reduces the cost of security while lowering the risk of harm to the business from an unnoticed incident.”

Employee Behavior Metrics

Just how effective is all of that “soft” spending on security awareness training? Steve Santorelli of Team Cymru says there are ways to track and measure that, primarily through phishing and social engineering stress testing, where you test you staff for phishing awareness and social engineering awareness.

Basically, you run a fake phishing campaign and make a few hoax calls,” says Santorelli, director of analysis and outreach for the research firm. “Reward and publicize good results, help failures to learn from their errors, and you’ll have folks actively watching out for these attacks–for a few weeks at least.”

————–

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Who Is On My Wi-Fi?

http://www.whoisonmywifi.comimage

http://lifehacker.com/who-is-on-my-wi-fi-shows-you-who-else-is-using-your-net-1504773036?utm_campaign=socialflow_lifehacker_facebook&utm_source=lifehacker_facebook&utm_medium=socialflow

Appears to be a very useful tool, both at home and travel.  Article is worthy of a moment of attention.

Subnetting

ip subnet

Part 6:

Determining Broadcast Addresses And Valid IP Address Ranges For A Given Subnet

No matter the format, you can use your knowledge of binary math to solve this question. You will convert the subnet address into binary, and determine the range of valid addresses as well as the broadcast address at the same time.  Let’s examine how to best answer the “range of valid IP address” question first, and then you’ll see how to quickly determine the broadcast address as well.

address

The question: “What is the range of valid IP addresses for the subnet 210.210.210.0 /25?” As with previous sections, you will use your binary math skills to convert the subnet address and subnet mask into binary. This will allow you to quickly spot the host bits, which are key to answering this question and the broadcast address question. The host bits are those bits set to “0” in the subnet mask.

Octet 1            Octet 2            Octet 3            Octet 4

Subnet Address

210.210.210.0                         11010010        11010010        11010010        00000000

Subnet Mask

255.255.255.128(/25)              11111111        11111111        11111111        10000000

There are three basic rules to remember when determining the subnet address, broadcast address, and range of valid addresses once you’ve identified the host bits as shown above:

1. The address with all 0s for host bits is the subnet address, also referred to as the “all-zeroes” address. This is not a valid host address.

2. The address with all 1s for host bits is the broadcast address, also referred to as the “all-ones” address. This is not a valid host address.

3. All addresses between the all-zeroes and all-ones addresses are valid host addresses, unless the question specifically states otherwise.

You can quickly see that the “all-zeroes” address is 210.210.210.0.  What will the value be if those host bits are set to all 1s? Use your knowledge of binary math to determine this!  The “all-ones” address is 210.210.210.127. If you had trouble making that conversion, review Section Two, “Converting Binary To Decimal”.  This conversion actually answers two different questions. This quick conversion shows you what the range of valid IP addresses is, and also gives you the broadcast, or “all-ones”, address. The second example question, “What is the broadcast address for the subnet 210.210.210.0 /25?”, is answered by using the same method.

Let’s look at another set of examples:

“What is the range of valid IP addresses in the subnet 150.10.64.0 /18?”

“What is the broadcast address of the subnet 150.10.64.0 /18?”

Octet 1            Octet 2            Octet 3            Octet 4

Subnet Address

150.10.64.0                 11010010        00001010        01000000        00000000

Subnet Mask

255.255.192.0 (/18)     11111111        11111111        11000000        00000000

If all the host bits are “zeroes”, the address is 150.10.64.0, the subnet address itself. This is not a valid host address.  If all the host bits are “ones”, the address is 150.10.127.255. That is the broadcast address for this subnet.  All bits between the subnet address and broadcast address are considered valid addresses. This gives you the range 150.10.64.1 – 150.10.127.254. 

Again, the method used to arrive at the range of valid IP addresses is the same as that used to discover the broadcast address of a given subnet.  Let’s take a look at the other question type from the first part of this section:

“Which of the following IP addresses are found on the same subnet as the IP address 210.210.210.130 /25?”

“Which of the following IP addresses are not found on the same subnet as the IP address 210.210.210.130 /25?”

subnet

For some subnetting questions, you’re going to have to determine more than one factor before you can give the correct answer. This question looks simple enough on the surface, but to answer this question type correctly, you must determine two things:

1. On what subnet can this address be found?

2. What is the range of valid IP addresses for this subnet?

In the example, you must first determine the subnet address of the IP address in question, which you learned how to do in Section Six:

Octet 1            Octet 2            Octet 3            Octet 4

IP Address

210.210.210.130                     11010010        11010010        11010010        10000010

Subnet Mask

255.255.255.128 (/25)             11111111        11111111        11111111        10000000

Boolean AND Result              11010010        11010010        11010010        10000000

Converting The Boolean AND Into Dotted Decimal:

128      64        32        16        8          4          2          1          Total

First Octet                   1          1          0          1          0          0          1          0          210

Second Octet              1          1          0          1          0          0          1          0          210

Third Octet                 1          1          0          1          0          0          1          0          210

Fourth Octet               1          0          0          0          0          0          0          0          128

If all the host bits are 0, the all-zeroes address is 210.210.210.128. If all the host bits are 1, the all-ones address is 210.210.210.255. All addresses between these two are valid. You would now look at the different IP addresses presented by the question and then determine which ones fall in the range 210.210.210.129 – 210.210.210.254 (or which ones don’t, if that’s what the question asks for.)

At first, it seems like a lot of work, but as with all other binary math operations, once you practice it, it will become second nature. This question seems longer to solve because it is, since two operations are needed to solve it. Since you’re well-versed in the fundamentals of binary math, this question will present no problems for you.

“Determining Broadcast Addresses” and “Determining Valid IP Address Ranges” Questions What is the valid IP address range for the subnet 222.23.48.64 /26?

Determining The All-Zeroes and All-Ones Subnet Addresses

Octet 1            Octet 2            Octet 3            Octet 4

Subnet Address

222.23.48.64               11011110        00010111        00110000        01000000

Subnet Mask

255.255.255.192         11111111        11111111        11111111        11000000

Identify The Host Bits                                                                            000000

All-Zeroes (Subnet) Address: 222.23.48.64 /26                                                                          

All-Ones (Broadcast) Address: 222.23.48.127 /26                                                                    

Valid IP address range: 222.23.48.65 – 222.23.48.126

EXAMPLE:  What is the valid IP address range for the subnet 140.10.10.0 /23?

Determining The All-Zeroes and All-Ones Subnet Addresses

Octet 1            Octet 2            Octet 3            Octet 4

Subnet Address

140.10.10.0                 10001100        00001010        00001010        00000000

Subnet Mask

255.255.254.0             11111111        11111111        11111110        00000000

All-Zeroes (Subnet) Address: 140.10.10.0 /23                                                                            

All-Ones (Broadcast) Address: 140.10.11.255 /23                                                                    

Valid IP address range: 140.10.10.1 – 140.10.11.254

See also:  Part 1, Part 2, Part 3, Part 4, Part 5, Part 6

Works Cited

Bryant, C. (2007). The Ultimate CCNA Study Package – ICND 1 And 2: Valid Hosts. In C. Bryant, The Bryant Advantage (p. 6).

Lammle, T. (2007). CCNA Cisco Certified Network Associate Study Guide. Indianapolis: Wiley Publishing, Inc.

Odom, W. (2012). Official Cert Guide ICND1 640-822. Indianapolis, IN: Cisco Press.

Odom, W. (2011). Official Cert Guide ICND2 640-816. Indianapolis, IN: Cisco Press.

Subnetting

Subnet-Mask2

Part 5:

Determining the Subnet number of a given IP Address

An example of a “determine the subnet number” question:

“What subnet is the address 200.17.49.200 /23 a member of?” or “On what subnet can the address 200.17.49.200 /23 be found?”

Subnet-Mask

This is one of those types of questions that often trips up CCNA candidates. It is because many don’t understand the Boolean AND operation, which is the only way you can properly answer this question. This segment will review the Boolean AND operation and show you how to use it in order to solve this question. As with anything else within this subject matter, once you are used to using the Boolean AND operation, everything else (of similar subject) tends to be easier.

The Boolean AND is, simply put, a bit-by-bit comparison of the IP address and a subnet mask. In this case, the Boolean AND will reveal the subnet upon which this IP address esists.  Your knowledge of binary math will be, and always is, key in you answering this question type as well, since the address and mask must be broken down into binary in order to perform the Boolean AND. 

You must use the skills of “Converting Dotted Decimal To Binary”, to convert the IP address to binary:

128      64       32       16        8         4          2          1

1st Octet: 200                         1          1          0          0          1          0          0          0

2nd Octet: 17             0          0          0          1          0          0          0         1

3rd Octet: 49               0          0          1          1          0          0          0         1

4th Octet: 200                         1          1          0          0          1          0          0         0

The IP address, in binary, is 11001000 00010001 00110001 11001000.  Your knowledge of prefix notation tells you that a subnet mask of /23 is 11111111 11111111 11111110 00000000. (The first 23 bits are ones).  Now that the IP address and subnet mask have been converted to binary, the subnet on which the IP address resides can be found by performing a Boolean AND. Remember, a Boolean AND is simply a bit by-bit comparison of the address and mask.

Bit 1    Bit 2    Bit 3    Bit 4    Bit 5    Bit 6    Bit 7    Bit 8

IP Address      1          1          0          0          1         0         0          0                                       Octet 1

Subnet Mask   1          1          1          1          1         1         1          1                                       Octet 1      

Note that where a bit in the same position is “1” in both the IP address and subnet mask, the Boolean AND result is also “1”. Any other combination results in the Boolean AND resulting in “0”.  And now that we’ve looked at the Boolean AND being run on a single octet, let’s run it on the entire IP address and subnet mask. This is the chart you should use on exam day to answer this question type:

Octet 1                       Octet 2            Octet 3            Octet 4

IP Address                  11001000        00010001        00110001        11001000                      200.17.49.200

Subnet Mask               11111111        11111111        11111110        00000000                      255.255.254.0 (/23)

Boolean AND            11001000        00010001        00110000        00000000                      Result

Subnet-Mask1

Once the Boolean AND result is achieved, it has to be converted into dotted decimal. Using your knowledge of converting binary to dotted decimal, you see that the IP address you were given is found on the 200.17.48.0 /23 subnet.

128      64        32        16        8          4          2          1

First Octet       1          1          0          0         1          0          0          0          200

Second Octet 0          0          0          1          0          0          0          1          17

Third Octet     0          0          1          1          0          0          0          0          48

Fourth Octet   0          0          0          0          0          0          0          0          0

You can now see where the skills you learned in earlier sections come into play in the more complex subnetting questions. When you master the fundamentals of binary math, as you have, you can answer any question Cisco gives you.

See also:  Part 1, Part 2, Part 3, Part 4, Part 5

 

Works Cited

Bryant, C. (2007). The Ultimate CCNA Study Package – ICND 1 And 2: Valid Hosts. In C. Bryant, The Bryant Advantage (p. 6).

Lammle, T. (2007). CCNA Cisco Certified Network Associate Study Guide. Indianapolis: Wiley Publishing, Inc.

Odom, W. (2012). Official Cert Guide ICND1 640-822. Indianapolis, IN: Cisco Press.

Odom, W. (2011). Official Cert Guide ICND2 640-816. Indianapolis, IN: Cisco Press.

Subnetting

ip-classes-5

Part 4:

DETERMINING THE VALID NUMBER OF HOSTS

These are examples of a “number of valid hosts” question:

“How many valid hosts exist on the 150.10.0.0 /20 subnet?”

“How many valid hosts exist on the 150.10.0.0 255.255.240.0 subnet ?”

A /20 mask indicates that the first 20 bits are set to “1”, which in expressed in dotted decimal as 255.255.240.0.  The way to determine the number of valid hosts is much like the previous section in determining the number of valid subnets, in that you must first determine how many subnet bits are present. The difference is that when determining the number of valid hosts, it is the number of host bits you’re concerned with, rather than the number of subnet bits.

Once the number of host bits is determined, use this formula to arrive at the number of valid hosts:

The number of valid hosts = (2 raised to the power of the number of host bits) – 2

In the example question, there is a Class B network, with a default mask of /16. The subnet mask is /20, indicating there are four subnet bits. Here’s where the difference comes in. There are 16 network bits and 4 subnet bits. That’s 20 out of 32 bits, meaning that there are 12 host bits. 2 to the 12th power is 4096; subtract 2 from that, and there are 4094 valid host addresses.

Illustrating the masks in binary illustrates where the host bits lie:

Default Network Mask           1st Octet          2nd Octet          3rd Octet          4th Octet

255.255.0.0                             11111111        11111111        00000000        00000000

Subnet Mask

255.255.240.0                         11111111        11111111       11110000        00000000

Remember, previously mentioned, that the bits that are set to “0” in the default mask and “1” in the subnet mask are the subnet bits?  The bits that are set to “0” in both masks are the host bits. That’s the value you need to have for the formula to determine the number of valid hosts.  Note that in both the formula for determining the number of valid hosts and valid subnets, 2 is subtracted at the end. What two hosts are being subtracted? The “all-zeroes” and “all-ones” host addresses, which are considered unusable.

How many valid host addresses exist in the 220.11.10.0 /26 subnet?

This is a Class C network, with a default mask of /24. The subnet mask is /26, indicating that there are 2 subnet bits. With 24 network bits and 2 subnet bits, that leaves 6 host bits:

Default Network Mask           1st Octet          2nd Octet          3rd Octet          4th Octet

255.255.0.0                             11111111        11111111        00000000        00000000

Subnet Mask

255.255.240.0                         11111111        11111111       11110000        00000000

(Boldfaced 11 bits are representative of the Host bits.)  2 to the 11th (211 ) power equals 2048; subtract 2 from that and 2046 valid host addresses remain.

 

See also:  Part 1, Part 2, Part 3, Part 4

Works Cited

Bryant, C. (2007). The Ultimate CCNA Study Package – ICND 1 And 2: Valid Hosts. In C. Bryant, The Bryant Advantage (p. 6).

Lammle, T. (2007). CCNA Cisco Certified Network Associate Study Guide. Indianapolis: Wiley Publishing, Inc.

Odom, W. (2012). Official Cert Guide ICND1 640-822. Indianapolis, IN: Cisco Press.

Odom, W. (2011). Official Cert Guide ICND2 640-816. Indianapolis, IN: Cisco Press.

 

 

Subnetting

ipv4-subnetting-sm

Part 3:

DETERMINING THE VALID NUMBER OF SUBNETS

1.  How many valid subnets exist on the 192.168.1.100/27 network?

OR,

2.  How many valid subnets exist on the 192.168.1.100 255.255.255.224 network?

The /27 in question one is called prefix notation and the 255.255.255.224 designation is the dotted decimal mask.  Both questions are the same, just written differently.

The /27 is an indicator as to how many ones (1s) are at the beginning of this network’s mask.  255.255.255.224, or /27, converted to decimal is 11111111 111111111 11111111 11100000.  One nice little tid-bit of information is that the number of network bits never changes.  Subnetting always borrows bits from the host bits, ALWAYS!

1st Octet 2nd Octet 3rd Octet 4th Octet
Default Classs C Network 11111111 11111111 11111111              00000000
This IP’s Subnet Mask 11111111 11111111 11111111 11100000

So, the question remains, how many valid subnets exist on the 192.168.1.100/27 network?

By comparison we can determine that a class C network has 24 network bits and therefore possess only 8 host bits.  On this network, we borrowed (remember) 3 bits from the host bits for our subnet.  [The number of valid subnets = 2x; where x is the number of set subnet bits (1’s)]  Therefore, 23 = 2 x 2 x 2 = 8, which is the number of valid subnets.

See also:  Part 1, Part 2, Part 3, Part 4

Works Cited

Lammle, T. (2007). CCNA Cisco Certified Network Associate Study Guide. Indianapolis: Wiley Publishing, Inc.

Odom, W. (2012). Official Cert Guide ICND1 640-822. Indianapolis, IN: Cisco Press.

Odom, W. (2011). Official Cert Guide ICND2 640-816. Indianapolis, IN: Cisco Press.