securityzed contains opinions and anecdotes about INFOSEC issues. Views expressed herein belong solely to the contributors. Not to be taken as professional advice, or internally.
The Cloud Security Alliance (CSA) just published Version 4 of the Cloud Controls Matrix (CCM). If you are involved with securing a cloud environment, I cannot recommend this tool highly enough; it works for any type of organization, in any kind of cloud deployment. Best of all, it’s my favorite price: free.
Go download it here: https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v4
So....I still run Win7. Mainly because I am a curmudgeon who refuses to evolve. A weird kind of nerd, I know-- not even a late adopter, I am a “maybe I’ll get around to adopting someday.” Luckily, I don’t feel the same way about dogs as I do tech.
Anyway, I often run into problems with the platform, and am stuck trying to puzzle out how to fix the thing by doing Web searches (as I am sure you do, too). I recently stumbled across this place, and it fixed one of my issues right up: www.sevenforums.com. Highly recommended.
1) I need to make a backup of my laptop hard drive. A full clone, so I can just hotswap it out if the drive I have in regular use dies suddenly. No big deal-- I've done this dozens of times before.
2) Order a new drive online; old drive is 1Tb, so I get a 2Tb replacement, just in case.
3) Wait one week. New drive arrives.
4) Hook up my Apricorn EZGig 3.0 housing and the new drive to the laptop. Run the EZGig software. Loves these products-- I've used Apricorn's stuff for almost 20 years. Wait six hours.
5) Come back to machine. See black screen. Move the cursor-- see the finish screen for the EZGig software. Press Exit...and the machine reboots. I wait through the sequence...boots clean. Check the new backup drive-- Windows asks me if I want to format this new, blank drive. Restrain self from crying.
6) Do Step 4 again. Same result. Try very hard not to cry.
7) Check all connections, gear, software. Go to Apricorn website and read the FAQ. Check the technical manual for troubleshooting tips. Go to online forums to see what other geeks have done in similar situations. Apricorn's site says the device may work better on large-drive backups if the copy device is run with its own power plug, instead of running off USB. Makes sense.
8) Check my previous (older) EZGig devices; none of the AC adapters fit.
9) Go online to order a new AC adapter for the backup device. Apricorn doesn't have this as an option. Try to call Apricorn to make a phone order. Christmas week. No answer for personal sales office.
10) Wait a week.
11) New Year's week. No answer.
12) Get in touch with personal sales the first week of January. VERY helpful sales rep; sees my customer history, only charges me seven bucks for the adapter, including shipping. Very cool.
13) Wait two days. Adapter arrives much earlier than expected.
14) Repeat Step 4, adding the adapter to the process. Wait six hours.
15) Same result. Honestly-- I didn’t cry.
16) Check everything over again. Realize I don’t have a USB 3.0 port on my ancient laptop. The EXGig 3.0 system uses USB 3.0. Maybe that’s the problem.
17) Repeat Step 4, this time with my older model EZGig 2.0 device. Wait six hours.
18) Same result. Not a tear, I swear.
19) Conclude it must be a problem with the size of the drives/data store in question. Go online and do multiple searches for variations of terms such as “large drive cloning problems.” Spend at least an hour. Find three or four products that might do the trick.
20) Choose a free product, EaseUS Todo Backup. Download it. Install and run it. Wait three hours.
21) Result: a copy failure notice that there are bad sectors on the original drive. Do not pull out any of my own hair.
22) Go online and do multiple searches for variations of terms such as “clone drive bad sectors.” Find three or four products that might do the trick.
23) Go to various public and industry social media sites. Make posts requesting input from colleagues/practitioners. Get very good feedback from multiple people (unprompted) about one of the products I had already found: SpinRite.
24) Confirm with many reports from industry workers online that SpinRite is a dandy solution. Check SpinRite’s website. Looks like a junior-high kid made it on MySpace in 1998. Buy it anyway. Download.
25) Have to run it from a boot disk. Have no idea if I have any blank CD/DVD-ROMs around. Have no idea if my CD/DVD evens works on the laptop. Go back online, learn how to make a bootable USB.
26) Go back online, relearn all about iso images.
27) Go back online, relearn all about the command line instructions for mounting a drive image.
28) Boot machine to the USB. Do all the steps that need to be done to run the software. Decide to run the software in an error-detection level first, before trying to copy the drive. Run the software. Wait two hours.
29) SpinRite detects no problems. Run the software at the level for copying the drive. Wait three hours.
30) SpinRite says it’s done. I check the destination drive-- Windows asks me if I want to format the new/blank drive. Still don’t cry. Really.
31) Go back online and ask for more input from crowdsources about cloning large drives with bad sectors. Everyone suggests Linux dd. Decide to try GNU ddRescue.
32) Spend at least an hour reading about how to use Linux again.
Still haven’t pulled the trigger on trying it. Utterly convinced I will wipe the drive. Have considered that the new drive is the one that’s broken-- don’t want to think about the hassle of returning/exchanging it.
Tell me I’m not alone in thinking (quite obviously wrongly) that doing this drive cloning myself is somehow saving me time/money over the option of sending the thing off to someone who does forensics professionally, and could do the task in their sleep. Also, that every new Step in a nerding process sends me down a rabbithole of investigation/study about some arcane topic I’ll probably never use again, and really don’t need to know about for any kind of regular use. And that the process of doing a nerding fix (in this case, cloning the drive for a future possible) is somehow less time-consuming than the process of just making a clean build of the OS on a new drive, reinstalling all my software, and creating/refamiliarizing the new drive with all my various accounts for various systems/sites.
Or just tell me I’m an idiot. Because I realize that’s probably much closer to the truth.
Perhaps my greatest shortcoming as a nerd is my reluctance for early adoption of technology; I simply have no interest in the latest, bestest, newest, coolest gadgets on the market.
Yes, this can cause me to lag in my estimation of IT solutions. Yes, I am mocked (and rightly so) by students and colleagues when I tell them I still have an AOL email account. Yes, I am old and everybody should get off my lawn. But there is also an upside to late adoption:
- Huge cost savings. Huge. I can wait two years for the novelty of a thing to wear off, and get a much-reduced price when I get around to buying it. This is especially true in software, and especially especially true for games.
- I'm never involved in the proof of concept. Back when I was a young (read: stupid) man, I bought the first year-model of a new car. Within the first year of owning it, all the defects and design problems inherent in that model became quickly apparent, and there were multiple recalls. Waiting a while to buy a thing means that the first wave of customers have taken the brunt of field testing, and the thing is now ready for actual regular use.
- No false sense of security. The latest suite of products are often seen as inviolable, because they use the latest security protocols and tools; this can lead to sloppy practice and habits (like crafting and transmitting data with sensitive info, even when it could be avoided) because users feel a reliance and trust for the product. This puts them one zero-day exploit away from feeling very silly.
- Strangely enough, legacy platforms may be more secure in some ways than their new-fangled replacements...mainly because aggressors won't actually believe that those legacy products are still being used for viable purposes, and won't include legacy attack methods/gear in their toolkits. I mean, I really don't think the script-kiddies even know what AOL is, much less how to hack it. Sure, a dedicated adversary won't have a tough time getting the proper attack tools once they know a target is using a legacy system, but a dedicated adversary is going to get in eventually, regardless of the age of your platform.
- Utility/productivity is always a tradeoff with risk and security. The more I can do with a tool, the more I can lose. Losing a 256K flashstick in a hotel lobby will cause me a lot less damage than dropping a 2Tb flashstick. My old flipphone had no identifying data on it (other than some texts and a rudimentary Contacts list), in stark contrast to my smartphone (which, I think, has my DNA, cocktail preferences, innermost thoughts, and secret cookie cravings embedded in the BIOS).
No, I'm not saying that everyone should immediately regress to a Luddite position of rolling back three generations of tech in order to gain some slight advantage...but buying up the latest and greatest shiny boxes and zippy software is not the best choice, either.