Disabling a Camera and Video recorders from Blackberry Bold

Since from last few days we were struggling to disable the BBB Camera feature. searched lot's of forum and discussion board. Most of forum is talking about using a enterprise service. But what if your organization BB enterprise management team will work like a Gov agencies. When it’s too beurocatic that it will take 3-4 months to have this feature disabled via enterprise server. But still being a good corporate citizen and setting up an example you are interested to have this disabled.
Yes you will get suggestion like put a drop of epoxy on lenses, physically remove the camera lenses etc. But if you are taking such steps your device warranty will void. After doing a small research for three days got and easy and affordable way to disable the camera. Yes use following three command and your device camera and video recorders will be out. But remember if any user is doing the software upgrade by connecting a device on computer then you have to repeat these three steps again.

JAVALOADER -u Erase -f net_rim_bb_camera.cod

After shooting this command your device will reboot. Once it's up and running; shoot following command and then repeat the step for third time.

JAVALOADER -u Erase -f net_rim_bb_videorecorder.cod

JAVALOADER -u Erase -f net_rim_bb_mediarecorder.cod

Now be happy camera and video recorder features are disabling. javaloader is the command you can get it from BB Java Developer Tool.

10 Steps to Achive Successful DLP Implementation

DLP Implementation is having usually 9-12 process steps. Some of the process steps are sequential and some of them can be completed in parallel. They are as:-

1) Identification of what type of solution do we require? (1-3 Months based on the enterprise size and their partners agreement)

There are many different types of products on the market that promise to solve DLP such as hard drive encryption products or endpoint port control solutions. While they may address one of the ways that data loss can occur they do not address the issue as a Content-aware DLP solution will. Content-aware DLP solutions focus on controlling the content or data itself. Some of them are already in use and some of them are in phase of deployment. (Data @ Motion / Rest / Endpoint or Single Channel or Enterprise Wide etc.)

2) Identify information we are interested to protect. (Usually most expensive and time consuming step in entire deployment varies between 6 Months to 2 Years. The success stores and case studies shows that for R&D and Intellectual property protection it takes 5-8 Months, for financial data protection it takes almost 1-3 years and for healthcare and PII information protection 2-5 years). This step has three sub steps (Identification, Discovery and Classification)

Data Identification

DLP solutions include a number of techniques for identifying confidential or sensitive information (Based on metadata or signature scanning) metadata scanning for enforcement is most common deployment technique. Sometimes people are confused with discovery, data identification is a process by which organizations use a DLP technology to determine what to look for (in motion, at rest, or in use). A DLP solution uses multiple methods for deep content analysis, ranging from keywords, dictionaries, and regular expressions to partial document matching and fingerprinting. The strength of the analysis engine directly correlates to its accuracy. The accuracy of DLP identification is important to lowering/avoiding false positives and negatives. For example data sheets used in HR payroll department, Customer data sheet used by operations, company balance sheets, new business work order agreement procedure document etc.

Data Discovery

Means identify where does the data sleep?

Discovering where sensitive data lives are most important when dealing with unstructured data. If data has structure, then locating that data is only necessary for risk assessment. If the data can be detected using structured patterns on a server, file system, document repository, or other system, then that information can be discovered through a loss vector. However, with unstructured data, the information must be located first so it can be identified when it leaks. One particular challenge is file servers. The use of file servers and shares always starts with the best intentions of keeping things organized, but unless the data users are diligent in placing files in the appropriate shares, it will be difficult to identify which shares need to be protected and which can be ignored. Ideally, each group in an organization will have shares assigned around job functions and data classifications.

Document management systems are less of a challenge since they impose a certain degree of organization on their content by virtue of their structure. Browsing through the structure of a data repository and identifying the administrators for various sections should allow Us quickly to discover what documents are sensitive and which are not. Discovery of data poses lots of political challenges as compare to technical. And while defining the discovery of data following points should be considered.

Understand what is practically achievable. Rather than perfection, aim for what is achievable. Like rather than discovering and classifying every piece of potentially sensitive data, we might focus on high-risk data like credit card information, and customer data.

Involve key players early. Involving key stakeholders early in the process increases the likelihood that they will support it during implementation.

Strictly restrict the metadata removal tools in our devices. As DLP usage is increasing more and more metadata removal tools are popping up in the internet domains. Deploy strict control to restrict the usage of metadata removal tools.

Data Classification

Data classification involve very critical role is the success of DLP implementation. Most organization thinks that defining the classification label is more than enough. But organization should consider the classification tools which will allocate the metadata (also called as Meta tags in all the files used in the organization). Once classified meta tags are observed by DLP Controller it will start executing the preventive and informative policies either deny or allow rules can be defined to reduce the processing load on the system. Organization should identify and appoint the designated document management officer who should be able to address the concern regarding the classification criteria and should vouch the ambiguous documents classifications.

Now some of the members might be interested to know which product is available in market to accomplish above three. With my limited knowledge I have seen the Web sense Data Security solutions are available in the Web sense Data Security Suite* which is comprised of four, fully-integrated modules that can be deployed based on customer need:

Websense Data Discover – Discovers and classifies data distributed throughout the enterprise.

3) Establish Why the Content Needs to Be Protected? (A month time of good discussion required by different stakeholders. Second major involvement of Management group) Here we have to define why the identified data should be protected for ex. Is it for compliance reasons or for protection of Intellectual Property? This could change not only how the content is identified but also how it is reported on. For compliance, we have to ensure that we meet not only the data coverage required, like credit card numbers and other personally identifying information (PII) as required for PCI DSS compliance, but also the reporting requirements for the auditing process. This is going to be a critical step in the success of Our DLP solution, so we need to give it the time it deserves.

4) Identify How Data is Currently Lost ( Again a proper FMEA and Risk analysis give better result consider a month time for this process step too. ) Major involvement would be of technical staff. This will help us determine the type of product to use. Is it through email? Is it being uploaded to websites such as Web email or blog sites? Is it the usage of USB sticks on our endpoints? The most important advice here is not to try to solve all possibilities that we can think of for data loss. We have to remember that what we are trying to stop is the accidental loss of data. If we are trying to stop the deliberate loss of data, then that is significantly more difficult and will quite definitely have a serious impact on our business. If the user is resourceful and knowledgeable enough they will find ways to do it. An audience that many companies forget about is the remote user and the devices they use off-site. People will be more bold and daring if they are not in the office of their organization.

5) Technical DLP Policy Creation (Usually varies from 2-8 Months market research shows that consulting firm like Accenture accomplish this is 8 week time while organization like DuPont and Ranbaxy are able to define all the DLP policies in 16-18 week time frame with their DLP Experts and Partners). This is where we get down to the implementation. Once the solution is installed we now look at how we can create policy that recognizes the actual content we want to control and then how it will be controlled. The above steps that have gone through will help us what should be in the policy and how we can prevent the information from leaking out of our organization.

6) Testing (2 Months of regress testing is sufficient). Like any other IT implementation testing is a major factor for ensuring success

7) Policy Communication A step many miss but in our organization I would consider this step a crucial part for being a successful. Employees need to be brought into the project to guarantee success. It will impact their day-to-day functions, so we need to be certain they understand why these controls are in place and support its use. This can be as simple as explaining why we are implementing such a control and what could happen if we didn’t. Obtain their feedback on the controls and how we might minimise the impact on their work.

8) DLP System Policy Enforcement (2 Months sequential from testing ) Now that we have created the policy, tested it and communicated it, time has come to throw the big switch between just monitoring controls to actively implementing them. Don’t turn them all on at once. Prioritise them and release the most important and critical ones first. Ensure we have plenty of coverage to rectify any issues not found in testing as they arise, as this will impact the employees who are trying to do their job. If we are not helpful or responsive, our employees’ support will vanish.

9) Future Proofing for Organization (Ongoing) We have taken the first steps here, but don’t assume our job is done. Look for better ways of classifying content or where different types of content are saved. When new applications or systems are installed, consider how we can implement them to simplify the DLP controls required. Also continue to pay attention to the evolution of our DLP product. Keep it up to date as there will be newer and better ways of implementing the controls we have in place.

Absolutely Brilliant Interview Answers of Job Hopper !!!

Some time back one of my friend forwarded this mail to me. I was quite impressed with answers and though documented over here. Although one of my HR Manager Told me that "Don't fall in love with company where your working, don't fall in love with superior with whom you are working, fall in love with work which your doing" after 6 years of that learning when I got this mail forward I was thinking again and again abt him. And like to dedicate this to him only.

Some, rather most organizations reject his CV today because he has changed jobs frequently (10 in 14 years). My friend, the ‘job hopper’ (referred here as Mr. JH), does not mind it…. well he does not need to mind it at all. Having worked full-time with 10 employer companies in just 14 years gives Mr. JH the relaxing edge that most of the ‘company loyal’ employees are struggling for today. Today, Mr. JH too is laid off like some other 14-15 year experienced guys – the difference being the latter have just worked in 2-3 organizations in the same number of years. Here are the excerpts of an interview with Mr. JH :

Q : Why have you changed 10 jobs in 14 years?

A : To get financially sound and stable before getting laid off the second time.

Q : So you knew you would be laid off in the year 2009?

A : Well I was laid off first in the year 2002 due to the first global economic slowdown. I had not got a full-time job before January 2003 when the economy started looking up; so I had struggled for almost a year without job and with compromises.

Q : Which number of job was that?
A : That was my third job.

Q : So from Jan 2003 to Jan 2009, in 6 years, you have changed 8 jobs to make the count as 10 jobs in 14 years?

A : I had no other option. In my first 8 years of professional life, I had worked only for 2 organizations thinking that jobs are deserved after lot of hard work and one should stay with an employer company to justify the saying ‘employer loyalty’. But I was an idiot.

Q : Why do you say so?

A : My salary in the first 8 years went up only marginally. I could not save enough and also, I had thought that I had a ‘permanent’ job, so I need not worry about ‘what will I do if I lose my job’. I could never imagine losing a job because of economic slowdown and not because of my performance. That was January 2002.

Q : Can you brief on what happened between January 2003 and 2009.

A : Well, I had learnt my lessons of being ‘company loyal’ and not ‘money earning and saving loyal’. But then you can save enough only when you earn enough. So I shifted my loyalty towards money making and saving – I changed 8 jobs in 6 years assuring all my interviewers about my stability.

Q : So you lied to your interviewers; you had already planned to change the job for which you were being interviewed on a particular day?

A : Yes, you can change jobs only when the market is up and companies are hiring. You tell me – can I get a job now because of the slowdown? No. So one should change jobs for higher salaries only when the market is up because that is the only time when companies hire and can afford the expected salaries.

Q : What have you gained by doing such things?

A : That's the question I was waiting for. In Jan 2003, I had a fixed salary (without variables) of say Rs. X p.a. In January 2009, my salary was 8X. So assuming my salary was Rs.3 lakh p.a. in Jan 2003, my last drawn salary in Jan 2009 was Rs.24 lakh p.a. (without variable). I never bothered about variable as I had no intention to stay for 1 year and go through the appraisal process to wait for the company to give me a hike.

Q : So you decided on your own hike?

A : Yes, in 2003, I could see the slowdown coming again in future like it had happened in 2001-02. Though I was not sure by when the next slowdown would come, I was pretty sure I wanted a ‘debt-free’ life before being laid off again. So I planned my hike targets on a yearly basis without waiting for the year to complete.

Q : So are you debt-free now?

A : Yes, I earned so much by virtue of job changes for money and spent so little that today I have a loan free 2 BR flat (1200 sq.. feet) plus a loan free big car without bothering about any EMIs. I am laid off too but I do not complain at all. If I have laid off companies for money, it is OK if a company lays me off because of lack of money.

Q : Who is complaining?

A : All those guys who are not getting a job to pay their EMIs off are complaining. They had made fun of me saying I am a job hopper and do not have any company loyalty. Now I ask them what they gained by their company loyalty; they too are laid off like me and pass comments to me – why will you bother about us, you are already debt-free. They were still in the bracket of 12-14 lakh p.a. when they were laid off.

Q : What is your advice to professionals?

A : Like Narayan Murthy had said – love your job and not your company because you never know when your company will stop loving you. In the same lines, love yourself and your family needs more than the company's needs. Companies can keep coming and going; family will always remain the same. Make money for yourself first and simultaneously make money for the company, not the other way around.

Q : What is your biggest pain point with companies?

A : When a company does well, its CEO will address the entire company saying, ‘well done guys, it is YOUR company, keep up the hard work, I am with you.” But when the slowdown happens and the company does not do so well, the same CEO will say, “It is MY company and to save the company, I have to take tough decisions including asking people to go.” So think about your financial stability first; when you get laid off, your kids will complain to you and not your boss.

Resume, CV and Biodata (What is best suited for you)

People use the words RESUME, C.V., and BIO-DATA interchangeably for the document highlighting skills, education, and experience that a candidate submits when applying for a job. On the surface level, all the three mean the same. However, there are intricate differences. I was initiall quite confused earlier. But after knowing the difference as given below my life was quite easy.

RESUME
Resume Is a French word meaning "summary", and true to the word meaning, signifies a summary of one's employment, education, and other skills, used in applying for a new position. A resume seldom exceeds one side of an A4 sheet, and at the most two sides. They do not list out all the education and qualifications, but only highlight specific skills customized to target the job profile in question.
A resume is usually broken into bullets and written in the third person to appear objective and formal. A good resume starts with a brief Summary of Qualifications, followed by Areas of Strength or Industry Expertise in keywords, followed by Professional Experience in reverse
chronological order. Focus is on the most recent experiences, and prior experiences summarized. The content aims at providing the reader a balance of responsibilities and accomplishments for each position. After Work experience come Professional Affiliations, Computer Skills, and
Education

C.V CURRICULUM VITAE
C.V Is a Latin word meaning "course of life". Curriculum Vitae (C.V.) is therefore a regular or particular course of study pertaining to education and life. A C.V. is more detailed than a resume, usually 2 to 3 pages, but can run even longer as per the requirement. A C.V. generally lists out every skills, jobs, degrees, and professional affiliations the applicant has acquired, usually in chronological order. A C.V. displays general talent rather than specific skills for any specific positions.

BIO-DATA
Bio Data the short form for Biographical Data, is the old-fashioned terminology for Resume or C.V. The emphasis in a bio data is on personal particulars like date of birth, religion, sex, race, nationality, residence, martial status, and the like. Next comes a chronological listing of education and experience. The things normally found in a resume, that is specific skills for the job in question comes last, and are seldom included. Bio-data also includes applications made in
specified formats as required by the company.

A resume is ideally suited when applying for middle and senior level positions, where experience and specific skills rather than education is important. A C.V., on the other hand is the preferred option for fresh graduates, people looking for a career change, and those applying for academic positions. The term bio-data is mostly used in India while applying to government jobs, or when applying for research grants and other situations where one has to submit descriptive essays.

Resumes present a summary of highlights and allow the prospective employer to scan through the document visually or electronically, to see if your skills match their available positions. A good resume can do that very effectively, while a C.V. cannot. A bio-data could still perform this role, especially if the format happens to be the one recommended by the employer.

Personal information such as age, sex, religion and others, and hobbies are never mentioned in a resume. Many people include such particulars in the C.V. However, this is neither required nor considered in the US market. A Bio-data, on the other hand always include such personal
particulars.

Cloud Computing (It's new era or just another buzz word)

Before writing this small para I was just thinking what's a subject line. Was thinking what should I document for my future reference. But amazing as I started to jot down Ideas and concept started popping up in my mind.

Before discussing it further about my Idea let's understand what is cloud computing in very simple language.
For Technocrats : Cloud computing is a style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet.
For Financial Geeks: Style of computing where organizations CAP-Expenses are very less and Organization get the optimum OP-Expenses.
For Indians: The first academic use of this term appears to be by Indian Prof. Ramnath K. Chellappa who originally defined it as a computing paradigm where the boundaries of computing will be determined by economic rationale rather than technical limits.

Simple funda usually every one don't prefer to own a cow for milk.

Who are service providers and who are clients ?
The "big four" of cloud computing services are said to be Amazon, Google, Microsoft and Salesforce.com
Cloud computing is also being adopted by individual users through large enterprise customers including General Electric, Procter & Gamble and Valeo.

Benefits

1. Agility improves with users able to rapidly and inexpensively re-provision technological infrastructure resources.
2. Cost is claimed to be greatly reduced and capital expenditure is converted to operational expenditure.
3. Device and location independence enable users to access systems using a web browser regardless of their location or what device they are using (e.g., PC, mobile).
4. Reliability improves through the use of multiple redundant sites, which makes cloud computing suitable for business continuity and disaster recovery.
5. Scalability via dynamic ("on-demand") provisioning of resources on a fine-grained, self-service basis near real-time, without users having to engineer for peak loads.
6. Sustainability comes about through improved resource utilization, more efficient systems, and carbon neutrality.
7. Security typically improves due to centralization of data, increased security-focused resources, etc.

Aha now some one asked me is it secure, you are security professional and taking in favor of Cloud Computing ?
Believe me my first reaction was oh yes I am Security SPOC and I am not thinking abt security. But after a small research concluded that it's not actually a security issue. But perception issue. Cloud computing is not favorite of CTO's because they are not interested to let it go.


Let's take a challenges why organization/enterprises are hesitating to adopt it.
Once we will identify the challenges we will itself get an answers to those question. I am able to arrive some solutions as a concept for resolution security issues. I know after a two years theses concept will be practical and currently not able to get any published white papers in those lines. But yester years dreams are reality now . So hope some day some one consider that I also think Innovative get the answers of some of the toughest questions.
Geopolitical Issue
The Cloud spans many borders and "may be the ultimate form of globalization." As such, it becomes subject to complex geopolitical issues, and providers are pressed to satisfy myriad regulatory environments in order to deliver service to a global market.

Legal Issues
Concern persist about security and privacy from individual through governmental levels (e.g., the USA PATRIOT Act, the use of national security letters, and the Electronic Communications Privacy Act's Stored Communications Act, HIPPA and EU-PII etc).

Answers to concern is ?
Hybrid solution : Self Managed + cloud or Service provider 1 + Service Provider2 and ease of portability of applications and data.

Let's take an example of patient private data which contain his/her demographic, images, history and many such info. Now organization who are owners by law has to ensure that patient data is stored and transmitted securely. Solution is design a encrypted database table where each patient data stored and retrieved from cloud should require a access decryption key which is hosted in hospitals owned infrastructure. In relation to data stored on cloud just a key information is very little fraction. Once data access key is released by hospital server, Nurse/Doctor/Patient can view/modify their own records present on cloud.

It's just an example which I am able to think. If you have any other challenging question or problem I would love to discuss its solution.


Different Type of Service Offered on Cloud by Service Providers

1. IaaS : Infrastructure as a Service Include STaaS: Storage as a Service, HaaS : Hardware as a Service
   
2. SaaS : Software as a Service
3. PaaS: Platform as a Service
4. New Concept is Developing called DRaaS: Disaster Recovery as a Service

At the end of this note like to add a very good presentation on Cloud Computing @
http://www.spinnakerlabs.com/CloudComputing.pdf
http://media.govtech.net/GOVTECH_WEBSITE/EVENTS/PRESENTATION_DOCS/2008/Illinois_DGS/230CloudComputingTEOH.pdf
http://blog.processmaker.com/files/2009/02/cloud-computing-presentation-feb-09-brian-reale.pdf
http://www.ists.dartmouth.edu/docs/HannaCloudComputingv2.pdf

Funniest error handling and messages I ever encountered

From Compareindia.in.com

In Search of Perfect Datacenter Operating System

Actually There's no such thing as a perfect OS
Not too long ago, an online technology columnist wrote an incredible song about the drawbacks of every single OS available on the market today. The practical upshot is that there's no perfect OS, either for day-to-day operations or DR purposes. Let's take a look at the primary OSs in modern data centers, with a focus on the pros and cons that relate to the DR process.

UNIX (excluding Solaris and Linux)
UNIX is the original data center OS. In fact, this tried and true standby has been in use since large-scale operations were first conceived. The various types, or flavors, of UNIX offer exceptional reliability and scalability. They allow for higher-capacity server systems and tend to remain operational without crashing for longer periods of time.
The drawback, from a DR perspective, is that there are fewer DR software tools designed specifically for the UNIX environment. This is due to the reliability of these systems and the wide variety of available UNIX flavors, which makes standardization difficult at best.
Many hardware systems can easily protect UNIX systems across multiple sites, and numerous systems exist for clustering UNIX machines. They provide both High Availability (HA) and DR when necessary, but flexibility is limited.

Solaris
Technically, a flavor of UNIX, Solaris is manufactured and maintained by Sun Microsystems. It offers the same type of robustness as other versions, with the standardization you can typically only find in products that are controlled by a single entity, such as Sun. As such, there are many hardware and software solutions available with HA and DR protection for Solaris-based data systems.
The major drawback is the large price tag that's associated with a Solaris installation. Since this OS runs only on Sun Microsystems hardware, the costs incurred in a properly configured DR plan can be astronomical. This is cost-justified in some situations, but many companies are now finding less expensive alternatives.

Linux
Debate rages as to whether or not Linux is a variant of UNIX, but we'll let you draw your own conclusions on that issue. This OS is a relative newcomer to the data center and is quickly becoming a major player. Its low cost and high reliability make it very attractive for all levels of data operations.
The main drawback is the lack of software solutions that are designed to offer DR for Linux-based data systems. It's currently limited to mostly hardware-based DR solutions, but as the field continues to mature, more solutions will become available.

Windows
With the advent of Windows Server 2003 Datacenter Edition and Windows Powered NAS appliances, this formerly small system OS is becoming more prevalent in the data center. The relatively low cost of Windows, coupled with the large number of hardware vendors who support it, makes it a very flexible and cost-effective choice for many systems.
There's a large number of vendors that create both hardware and software DR systems for the Windows platform. This data center OS can be protected both in the same site and at multiple physical locations.
Windows has its share of drawbacks, as well. It's plagued with security holes and has an uncanny ability to crash with little or no warning. However, new innovations by Microsoft are making this OS a data center contender.

Whichever OS--or combination of OS platforms--you run on your systems, there are DR pros and cons that you need to consider. Only careful DR planning and implementation can ensure that the right systems, at the right price, and on the right platforms, will be present for your organization.