A Year of OpenDNS

It has now been a year since I signed us up and setup OpenDNS at home. I wanted to capture and share some of our DNS stats that are available as part of a paid OpenDNS account. I encourage all of my friends and family to sign-up for and set up OpenDNS since they have a free version that doesn’t offer stats. Our $19.95/year subscription is the same service only we support OpenDNS financially and we get a few stats that tickle my geek bone.

I give OpenDNS 5 stars out of 5 stars and highly recommend it. It is a great first step to basic filtering and protecting your internet activity.

TOTAL DNS REQUESTS

Screen Shot 2015-04-27 at 10.35.46 AM

 

UNIQUE DNS DOMAIN REQUESTS

Screen Shot 2015-04-27 at 10.36.32 AM

TOP 31 DNS DOMAIN REQUESTED

Screen Shot 2015-04-27 at 10.39.09 AM

TOP 10 DNS DOMAINS BLOCKED

Screen Shot 2015-04-27 at 10.40.06 AM

DNS REQUESTS BY TYPE

Screen Shot 2015-04-27 at 10.41.30 AM

Mac OS X Quick Lock Screen

Want to be able to lock your computer with a keyboard shortcut?

Since OS 8 you can put the screens to sleep using Control + Shift + Eject (⌃ + ⇧ + ⏏).

Here is how you can lock your computer from a keyboard shortcut

1. Open up your system preferences and go to Security & Privacy.

2. Check box to require password after sleep and select desired timeout.

I have mine set to require a password after 5 seconds so if my screens go to sleep while I am right there I have time to wake it up again before requiring a password.

3. Use keyboard shortcut to put monitors to sleep.

⌃ + ⇧ + ⏏

A Solution For Sharing Your Geodata on Buzz

Sharing very accurate geodata on a public Google Buzz stream is a bit unnerving especially when you are “Buzzing” from home.

So what if I still want to share my location but not let the whole world know where my front door step is?

Why not have an option to let the user choose the accuracy of the geodata being shared?

There is already the option to not include the data or to choose a known location on Google maps, like my local police department, but that’s not enough.

Why not have an option to share your location as the center of town.

Currently if you want a solution like this, you can select a location that is near you but not your front door step.

I hope to see better control over location sharing in Google Buzz in the future.

Until that time I am going to disable automatic sharing of my location and choose when to share.

What do you think about sharing your geolocation?

Why or why don’t you share it?

Do you have an idea to solve this problem?

What is ISO 17799, ISO 27000, PCI Credit Card Standard

For my System Security class we get to learn about ISO 17799, ISO 27000, and the PCI Credit Card Standard. When I first started looking up information about 17799 and 27000 I was a bit overwhelmed and confused by the information that is out there on the web. I felt much like I was trying to memorize a chart like this:
bad
Now I understand a bit better why there are so many software applications and business built around helping other businesses become compliant with these security standards.

So what are the ISO 17799, ISO 27000, and PCI Credit Card Standards?
They are a set of standards set forth by the International Organization for Standardization to ensure that consumer and customer data is kept safe. The ISO.org site says that the 17799 “contains best practices of control objectives and controls in the following areas of information security management:

security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management,  business continuity management, compliance.

In simple terms this means that businesses and organizations need to:

  • Make rules to protect their stuff and your data
  • Actually protect their stuff and workers
  • Keep others from stealing from them
  • Keep things maintained and running well
  • Keep the business running smoothly for customers
  • Make sure they are doing everything on this list correctly

I found it funny that the 17799, according to Wikipedia, is a word-for-word copy of the British Standard 7799-1. The 17799 was updated and renamed to 27002 to keep it up to date and grouped with similar documents numbered in the 27000 domain.

You can download the official ISO 2700 document from the iso website if you’re so inclined to read it or need it.

PCI Credit Card Standard

The PCI Credit Card Standard is a document outlining a standard to ensure that businesses that are taking credit card payments meet a minimum standard to ensure the safety of their customers and the associated data. The current standard covers 6 areas:

  • Have secure network
  • Keep data safe
  • Keep system up to date and secure
  • Good passwords & other access restriction measures
  • Watch network for failure and intrusion
  • Have a plan

What’s interesting to me about the PCI credit card standard is that it isn’t issued by a organization that has multi-national participation. It is run and enforced by the major credit card companies. If vendors aren’t compliant then the credit card holder is vulnerable and that isn’t good for the main credit card company because their customer will get hurt. In order for the credit card company to keep their good name and customers, they have set up a standard in hopes that their customers and money will be more protected. If a vendor isn’t compliant then the credit card company often fines or quits doing business with the vendor completely.

I think security standards are good in the fact that they push those who don’t care or who aren’t thinking about security, to do something about it. The downside to having security standards is that it creates an easy resting place for companies. It makes it easier for them to say, “I’m compliant so I don’t have to do any more than this”.  I think they can also misguide sometimes if the group making the standard focuses on a risk is in one place but an even greater risk ends up getting less attention.

Disclaimer:

This post is for a school assignment and I do not claim to be an expert by any means. I was assigned a topic I knew nothing about and tried to make sense of it and share what I learned in simple terms.

Resources:

http://www.noweco.com/risk/riske13.htm
http://www.pbandsp.com/tools/iso.html
http://en.wikipedia.org/wiki/ISO/IEC_17799http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard
http://www.pcicomplianceguide.org/
http://www.computerworld.com/s/article/102913/Credit_card_data_security_standard_goes_into_effect
http://en.wikipedia.org/wiki/ISO/IEC_27000