27-11draft

More documents

Recommendations

Info

Reviewing Books for professionals GUN violence and what to do about it: Hacking the Hacker: Learn From the Experts Who Take Down Hackers, by Roger Grimes. Published 2017 by Wiley, ISBN 978-1- 119-39621-5, 320 pages, paperback, £20.99. Visit eu.wiley.com. These reviews in full, and others, are on the ‘reviews’ part of our website. 62 UNHAPPY ‘People’s personal data is protected by law and employees should not be helping themselves to information if they decide to set up a new business or move to a new position.’ Head of ICO Enforcement Steve Eckersley. A land of rampages and victims How did you react to the recent news of the mass shooting in Las Vegas, writes Mark Rowe. Did it shock, or leave you fatigued; despite the dozens dead and hundreds injured, you had heard it before, and will do again, from the United States? Just as the debate between reformers and the pro-gun lobby standing on their rights does not change. An insightful American book on this topic is Rampage Nation, by Louis Klarevas. It begins with the author telling how, on holiday on a Greek island, he witnessed a shooter; and (when the shooter returned to the village square hours later for a second go) helped to pacify him. That sets the tone for the book; ‘mass shootings are just as much a threat to the American public as are terrorist attacks’. The author, though an academic, isn’t just sounding off morally; he has been through it (and describes the experience, vividly). For the US You could argue that gun ownership is an issue only for the US, not Britain. In the US, their guardforces at universities for instance look like police and their police (thanks to second-hand kit from the Iraq War) look like an army. Imagine the London Bridge terror attack of June, if the terrorists had carried not knives but semi-automatic rifles. As the book came out last year, it does not cover the most recent shootings as in Orlando. Briefly, he argues that new laws, policies, to control guns would make a difference; as having guns tips the mentally unstable into going on killing sprees. As in his own Greek case, and Las Vegas and so many others, the rampages are not lunatic but lengthy and planned. Klarevas gets down to practicalities; his Greek gunman ‘only’ had a shotgun; if NOVEMBER 2017 PROFESSIONAL SECURITY he’d had a higher-powered weapon, Klarevas and others probably would have been shot dead. Or as a chapter heading puts it, ‘Guns kill, some more than others’. The US is the ‘rampage nation’, Americans are (as Klarevas was once) ‘sitting ducks’, thanks to what the author terms a ‘three-pronged calculus of unstable perpetrators, vulnerable targets, lethal weapons’. The problem, he argues is growing, and - where this book speaks most directly to private security people - emotionally disturbed people allowed to own guns are able to carry those weapons, in the case of Las Vegas into a hotel. Klarevas writes powerfully of the split-second decisions that victims take. p Rampage Nation: Securing America from Mass Shootings, by Louis Klarevas. Published 2016 by Prometheus Books, 340 pages. Visit www.prometheusbooks.com. LEARN FROM A HACKER ‘Hackers don’t have to be brilliant. I’m living proof of that,’ is a disarming remark by the author of Hacking the Hacker: Learn From the Experts Who Take Down Hackers. He introduces two dozen or more cyber-security people (mainly men, but some women), starting with the author Bruce Schneier. For the author, their stories and his own are proof that ‘the best and most intelligent hackers work for the good side’. They get to exercise their minds, and get well paid. The author soon disabuses us of the Hollywood idea that hackers are automatically bad people, who can guess or steal any passwords, living on energy drinks. Roger Grimes suggests that hackers can be good or bad, defenders or maliciously criminal, wreckers. “It’s just that the attacker usually gets more press.” Testing boundaries Hackers, Grimes argues, are people with curiosity, who test boundaries, without crossing those boundaries to do harm or commit a crime. Hackers, whether defenders or malicious, are looking for weaknesses; so they have to be persistent, until they find the weakness that undermines the whole defence perimeter. Grimes sets out how hacking is an ethical matter; like private investigators, they have to decide whether they are to stay in the law (which implies knowing what it is) or not. Are you going to break into a mobile phone, or emails, or a server, because an employer or client or mate asks you to? Are you a white-hat (who does good) or a black-hat (who does unethical or illegal things) or a greyhat (someone who pretends they are a white-hat, but do black-hat things). Style As that implies, in computer matters things can be invisible. Grimes’ achievement in Hacking the Hacker, that’s true of far from all cyber books, is that besides an easy, engaging style of writing he shows us, without cinema or other illusions, people working on computer security to be thinking people like the rest of us, with choices. And, as the case of another of the two dozen shows, someone can change, start as a black-hat but become a white-hat, like famously Kevin Mitnick. Besides having the endearing trait of naming several books in the same field as his that he rates, Grimes makes a powerful and useful case that ‘the defenders are the smartest hackers’; they are the really impressive ones, who not only have to know what the malicious hackers might do, but are builders, and closers of holes in code. As someone doing penetration testing for a living, Grimes broke into every network he was hired to try to break; but only so as to better defend it against others. To break in out of malice or for criminal purposes is not only wrong; Grimes makes the arguably more compelling case that it’s not personally or professionally satisfying. Grimes, then, does take us through computer issues such as connected cars and cryptography, firewalls, DDoS attacks and ‘intrusion detection’, but is mercifully light on computing terms; instead he talks in more human terms, of ‘social engineering’ and penetration testing. The only hitch is that in the case of Schneier and Brian Krebs, you can read for free their blogs. It would be a pity not to do something as oldfashioned as buy Grimes’ book, and offer it to a young man or woman who shows an aptitude for computers. p www.professionalsecurity.co.uk p62 Books <strong>27</strong>-11.indd 1 10/10/2017 16:31
Installers, Alarms what next for response? Tag team: Evolution Retail has been appointed the European agent for the new STPLUS1 Tag, an Electronic Article Surveillance (EAS) product. It has a locking mechanism that requires a bespoke releasing tool. The English inventor Glen Garner was at Evolution’s retail event in London last month; as were Vista CCTV. p Disk move: The distributor DVS is standardising on WD Purple hard drives for all its digital video recorders. With the increase of 4K recording, reliability of storage media becomes a concern, the firms say, pointing out that WD Purple drives are made for high resolution digital surveillance. Scott Douglas, Sales Director at DVS, said: “As the expansion of 4K recording continues, the requirement for high-res-ready storage media will only increase.” Recorders sold by DVS will carry a ‘WD Purple Inside’ sticker. p URN RESEARCH The National Security Inspectorate (NSI) has commissioned research into ‘Maximising the public benefits of automated alarms’, by Perpetuity Research. NSI’s Chief Executive Richard Jenkins, pictured, said: “The well proven URN [Unique Reference Number] police response process has long been a great unsung mainstay in private-public sector collaboration, and over the last ten to 15 years has contributed dramatically to public safety, and increasing efficiency for police at a time when pressures on resources have never been higher. But technology marches on and the opportunities are there for moving the success of the police URN to another level. This study is about crystallising the possibilities from amongst all stakeholders, and envisioning the added benefits that could be realised Hold-up systems guide The trade body the BSIA has contributed to a guide which aims to help installers of Hold-Up Alarm (HUA) systems to reduce the number of false alarms. Developed by the National Police Chiefs’ Council (NPCC) Security Systems Group, the document covers the impact that false alarms have and recommends how installers can help to reduce them. For instance: take HUA systems out of service before work starts and remember to return them to full service afterwards; ensure fixings and covers are secure; remind users they must inform contractors on the premises that HUAs are installed and active; and remind users of the proper use of HUAs as advised by the police – for use during an attack or threat of an attack involving persons at premises protected by the HUA. Not a brawl outside premises or petty theft. p pa announcement: David Boxall’s career in the public address industry spans more than 45 years and for the past 35 he has been the ‘Boxall’ in the product manufacturer Baldwin Boxall, having set up that company with Terry Baldwin in 1982. David Boxall has designed many products, from 100V line amplifiers, hearing loop amplifiers, PA and VA, system surveillance monitoring units, automatic ambient noise sensing and level adjustment circuits to digital signal processing and routeing units. He is still very much hands on and involved with the technical direction of the company. He was nominated by Peter Mapp to be the first recipient of a new ISCE (Institute of Sound & Communications Engineers) award. Pictured are Peter Mapp, now an acoustic consultant), David Boxall and Doug Edworthy , consultants. l Baldwin Boxall are among exhibitors at Intersec 2018 in January, having recently gained ‘Civil Defence Approval’ in the Middle East. p from further enhancement.” He recalled that in 2002/3 NSI appointed Perpetuity to report on ‘the causes of false alarms’. “The findings from the report have largely stood the test of time. We are very excited now 15 years on to be re-visiting the police response model, and helping define how a modern technology can build further on the success to date.” Initial findings will be available in early summer 2018. p Connected morning The BSIA is hosting a free morning seminar on November 2 at Greswolde Arms Hotel, Knowle, Solihull which aims to inform about the cyber risks of ‘connected products’ such as access control or alarms accessed or operated remotely via the internet. Ethical hacker Gerry Grant from the Scottish Business Resilience Centre will show up what can happen. p Richard Jenkins Photo courtesy of the NSI JM Security Systems is actively seeking to acquire successful electronic security companies with a contracted client base. www.professionalsecurity.co.uk NOVEMBER 2017 PROFESSIONAL SECURITY 63 Untitled-2 1 02/09/2017 17:42 p63 Installs <strong>27</strong>-11.indd 1 12/10/2017 11:05
Page 1:
November 2017 Vol 27/11 £6.00 Idle
Page 5 and 6:
Retail partner: page 18 www.profess
Page 7 and 8:
Editor’s Comment Bright ideas and
Page 9 and 10:
EURO 46 V10 One panel, versatile se
Page 11 and 12: ...You won’t find us on the web .
Page 13 and 14: EUROPE'S LARGEST HIKVISION DISTRIBU
Page 15 and 16: Connect your life to your home and
Page 17 and 18: Spotlight feature on: to store pict
Page 19 and 20: WE MOVE with trust that our product
Page 21 and 22: Guarding london property put to tes
Page 23 and 24: C M Y M Y Y Y K Woodhouse Fields Fa
Page 25 and 26: C M Y CM MY CY MY K The Ned A new c
Page 27 and 28: Comment need to re-engineer: Safe d
Page 29 and 30: Una Says ➬ wish to pay, especiall
Page 31 and 32: They see a well secured airport. Yo
Page 33 and 34: We are the UK’s Largest Authorise
Page 35 and 36: You don’t have to be an explorer
Page 37 and 38: STAY SECURE WITH SMART ID Smart Sol
Page 39 and 40: Dallmeier_S-Panomera_A4_Montage_UK_
Page 41 and 42: Security Management annual gatherin
Page 43 and 44: Security Management On the Institut
Page 45 and 46: “More than just a Distributor”
Page 47 and 48: Spotlight feature on: KINGDOM SERVI
Page 49 and 50: Security Alarm Simple & Easy Instal
Page 51 and 52: st18 ad FT-45 FEED-THRU MODULAR PL
Page 53 and 54: MY MOTTO? TRUST WHAT SETS YOU FREE.
Page 56 and 57: IS NOW Combining thermal security c
Page 58 and 59: IS NOW Combining thermal security c
Page 60 and 61: Jobs So you want to work in televis
Page 64 and 65: TRADE ONLY CCTV DISTRIBUTOR WWW.DVS
Page 66 and 67: TRADE ONLY CCTV DISTRIBUTOR WWW.DVS
Page 68 and 69: Directory of Services access contro
Page 70 and 71: Directory of Services computer syst
Page 72 and 73: Directory of Services payroll servi
Page 74 and 75: The things you say Write to: Profes
Page 76 and 77: Training Manx courses The Universit
Page 78: Right drive, right application. NAS
show all

27-11draft

Create successful ePaper yourself

Delete template?

Save as template?