A few months back I wrote an article about getting your load balanced WordPress site up and running with the Rackspace Cloud, an article that was picked up on the Rackspace blog. The focus of that article was getting everything running correctly rather than securing the data, mainly because it was a massive pain in the neck with first generation cloud servers. But since the launch of the Next Generation cloud servers and Rackspace’s Cloud Networks it has become amazingly simple to isolate your vulnerable traffic from prying eyes. I’ve been using the Rackspace Cloud Networks service since it was in beta testing, and given my experience I thought it would be a good idea to revisit this topic and add some pointers on how to quickly and efficiently secure your inter-server data in the Rackspace cloud.
I’ve been playing around with the Rackspace Cloud hosting offerings, and as of right now I’ve got this very blog running load balanced on a set of servers. And while it’s a little more complicated than just setting up a single server it really isn’t that hard. In fact, I’ll step you through the process.
Today’s “Digital Planet” program on the BBC World Service features a section about HOPE, which in and of itself is really cool.
Know what’s even cooler? You can hear me “Calling CQ” from the N2H radio station at the beginning of the segment!
Listen to the show from the BBC’s website
Download the show from my website
Here’s the slides from my talk at The Next HOPE about how to conduct a risk analysis. I’ll follow this up with the audio and video once it’s available.
Risk Analysis for Dummies (PPTX)
View the PowerPoint online
Risk Analysis for Dummies (MP3 Audio)
Risk Analysis for Dummies (MKV Video)
Video on Vimeo
For more information on how to conduct a risk analysis and other resources on the field, visit the following websites:
SARMA: Security Analysis and Risk management Association
Professor McGill’s blog (he taught me everything I know)
I HIGHLY recommend the following books on the subject:
Peter Bernstein: Against the Gods
Nassimm Taleb: The Black Swan
After speaking at The Last H.O.P.E. in 2008, I wanted to come up with another talk I could give on a topic that would interest the 2600 community. After racking my brain for some cool thing I had done that would interest them, I finally figured out what skill I possessed that I could pass on to these computer security enthusiasts, network administrators, IT professionals and people interested in security in general.
From The Full List of Talks:
Risk Analysis for Dummies
We all get that â€œgut feelingâ€ about what is risky, but how do we communicate that to managers or other people in a meaningful way? And how can we determine what risks are worse than others in a justifiable manner? How do you even define â€œrisk?â€ In this talk, youâ€™ll learn about the most up to date methods of identifying risk, evaluating risk, and communicating risk to others, as well as some models used by the U.S. government and others to identify attack targets, evaluate building security, diagram attacks, and more. And no math problems harder than simple addition, guaranteed.
Friday 2100 Bell
The synopsis doesn’t really capture what I hope this talk will be. It’s intended for IT professionals and aspiring penetration testers to understand how to take their experience and their intuition regarding what risks and vulnerabilities are int heir network and relate it in a quantifiable manner to managers and clients who may not either believe in their expertise or want to have to justify that new security staff and all those expensive security appliances. I plan to cover:
- The equation for risk
- How to scope a problem
- How to show results of an analysis
- Types of scales and how to use them
- Factor based models and their use
- The six questions of risk analysis and management
Here’s the list of other talks for Friday.
If anyone has any suggestions for topics to cover, drop me a comment.