Month: January 2010
Information Security D-List Interview: Peter Giannoulis
The first Information Security D-List interview of 2010 is my good friend Peter Giannoulis. I’ve known Peter for several years and he’s grown into one of the most knowledge information security people I know.
Q: Tell us a little about yourself.
I live in Toronto, Ontario, Canada, with my wife and two children.
I’ve been an information security consultant for over a decade specializing in the implementation of all sorts of security technologies from firewalls, IDS/IPS, vulnerability assessments, penetration testing and audits. I recently founded Source 44 Consulting Incorporated, whose goal is to provide outstanding infosec services to organizations of all sizes.
Along with some close friends, I also launched The Academy Pro (www.theacademypro.com) in March 2008. The Academy Pro is a website that was designed to provide organizations free infosec tutorials in video format.
Q: How did you get interested in information security?
It was really an accident. I was employed by an infosec consulting firm as a systems administrator. I quickly became bored with the role and brought this to the attention of the President of the company. He offered me a position as a security consultant and the rest is history.
Q: What is your educational background (e.g. formal schooling, certifications, self-learning, etc.) and did it add value to your information security career?
I have a little bit of college behind me, but I tend to grasp concepts if I study and apply them on my own. Throughout the last decade I have gained many certifications. Many have been vendor neutral based, but because of my position as a consultant, I needed to maintain vendor specific certifications as well.
Q: What did you want to be when you grew up? Would you rather be doing that?
What every geek wants to be; a rock star! While I love my current career path, I would rather be playing Good Riddance inspired punk music to thousands of people every night. There’s nothing like writing songs and performing them to a live audience.
Q: What projects (if any) are you working on right now?
Full time consulting and The Academy Pro takes up most of my time from a project perspective. However, there’s a few things that we’ll be announcing shortly from a company and website perspective.
Q: What is your favorite security conference (and why)?
I don’t frequent them often. I find there’s too many egos at some of the larger conferences.
Q: What do you like to do when you’re not “doing security”?
I love spending time with my family and I continue to play music from time to time.
Q: What area of information security would you say is your strongest? What about your weakest?
I’d say I’m a fairly good instructor. I have always scored high in this area. I also enjoy architecting solutions and performing penetration tests.
As for my weakest; I’m not much of a programmer. That’s an area I wish I took a bit more seriously years ago.
Q: Do you think the average Canadian is able to comprehend the threat that malicious attackers pose? What do we do to change the perception?
Not at all. So many parents in my neighborhood tend to ask me questions about Internet safety and than regret it after I answer. I honestly don’t try to scare people, but instead make them aware of the problem.
Something needs to be done from a larger scale in order to change the perception. I believe that education boards need to make parents aware from an early age about the dangers of the Internet by holding monthly or quarterly workshops with infosec professionals. That would be a start.
Q: Your kids are at the age where they’re getting into computers. How do you, as a parent AND a security professional, work to educate them on Internet safety?
My wife and I have made my children aware of the dangers of the Internet from an early age. Awareness is not always sufficient, so that’s where content filtering comes into play.
Q: What advice can you give to people who want to get into the information security field?
The security field is so interesting that it kind of draws you in. If you’re not looking to lose all of your time and enjoy spending time with your family and friends; don’t do it.
Q: How can people get a hold of you (e.g. blog, twitter, etc.)
Twitter: www.twitter.com/theacademypro
The Academy Pro: www.theacademypro.com
Email: peter@theacademy.ca / peter@source44.net
Getting Windows 7 to Talk to Apple Airport & Time Capsule Disks
Having just installed Windows 7, like many people since its release, I ran into a perculier problem. Windows 7 was able to detect that my Apple Time Capsule was serving up its disk and, as a result, was prompting my shiny new Windows 7 box to authenticate for access. I tried using the Airport password…nothing…I tried changing my Time Capsule to use a static password for network disk access…still nothing. It turns out that this solution fixed everything.
Here are the details:
Open the Local Security Policy MMC applet, you can do this by searching for Security in the start menu or from the command prompt by typing:
%windir%system32secpol.msc /sOnce there open the Local Policies folder, then the Security Options view. From there find “Network security: LAN Manager authentication level” – you will probably find this is set to “Send NTLMv2 response only” – change this to “Send LM & NTLM – use NTLMv2 session security if negotiated” – this does lower your security level but is pretty much required to work with anything pre-vista.
Further down you should see “Network security: Minimum session security for NTLM SSP based (including secure RPC) clients” – you may have to make sure that both require boxes there are unchecked as well.
This should get your Time Capsule, Airport Disks, and Pre-Vista SMB/CIFS shares working again!
Though this does lower the security constraints imposed by Windows 7 (for your benefit) it shouldn’t make much of a difference in a mixed, non-domain enabled, environment….plus no reboot required! 🙂
P.S. Special thanks to the DotBlag.Com blog for this little gem.