As if anyone needed more proof.

In my quest to find the world's best computer keyboard (here in Part1 and Part2), I've recently settled on my IBM SpaceSaver II and Logitech G9 Laser mouse combination. The mouse is great - but as I wrote earlier - the key action on the keyboard was just a little off - feeling a bit 'plasticy'. Some keys were actually a little stiff and squeaky as well (it's at least five years old - purchased second hand from e-Bay).

I figured there must be at least one other IBM SpaceSaver II owner out there that has taken their keyboard apart, cleaned it up, lubricated the keys and put it back together again - and I was right.

I found this page... How to Clean, Upgrade, Repair, Mod, Disassemble an IBM Computer Keyboard, with the two links below at the bottom of the page... in Japanese.

The Illustrated link at Neko's Keyboard room saved me... because there are two hidden screws under the scroll button on the keyboard.

With the following explanation of how to remove the middle button...

既に有名な話ですが、Space Saver II Keyboard の 筐体を開ける際にはトラックポイントのスクロールボタンの下にもネジも外します。 これを知らないと最悪力任せに「ベキッ」ですので注意です。 センターボタンは下からマイナスドライバをつっこんで、テコのように外します。

This is the amazing part... thanks to Yahoo Babel Fish... the above translates into...

Already, it is famous story, but the case where the frame of Space Saver II Keyboard is opened you remove also the screw even under the scroll button of the track/truck point. Unless this is known, because “[bekitsu]” is in the worst power leaving, it is note. Thrusting 0 driver from under, like the lever you remove the center button.

Which with some creative interpretation means...

"It's really really important that you know that there are two hidden screws under the scroll button or you will never get the front panel of your keyboard off! By carefully placing a thin slot screwdriver under the front of the scroll button - it will pop off, and you can remove the screws :-)"

Not sure about "bekitsu" - but that looks like the perfect place to insert your preferred expletive.

So there was one other person out there - somewhere on the planet, that had already done what I was trying to do... and that person was in Japan. Thanks to his post, the Internet, and Babel Fish - not only did I find him.. but I discovered something valuable in the process.

Incredible.

Update: 28-11-2008 - Microsoft have released an update - v3 of the SDL Threat Modelling Tool - which is DFD based as opposed to use case driven. Check it out at The Microsoft SDL Threat Modeling Tool v3

Original post....

In my first year on the MSc programme at RHUL ISG,  I completed a course on security management, and while that hardly makes me an expert (since I'm still new to the world of information security), the course was excellent, and I learned a lot about the fundamentals of building an information security management system.

At its most basic level, information security management is about attempting to estimate the probability and impact of unwanted events; events that may effect the confidentiality, availability or integrity of information assets. Estimates about the risks associated with these events can then be used to make decisions about what measures (if any) an organisation will choose to implement as part of its overall information security management strategy.

The process of estimating and assessing risk should be guided by an information security policy that, among other things, will state the aims, values and objectives of an organization with regards to risk. The policy, when combined with legal, businesses and moral responsibilities will (or at least should) influence the choices that are made in managing risk within an organization (the ISO 27000 series of documents is the place to start if you'd like to know more about building an information security management system (ISMS)).

The process of producing risk estimates is called risk assessment, and while there are different techniques for performing a risk assessment, the  common goal of each is to produce a metric that allows risks to be weighed. Weighting risks allows an organization to make appropriate decisions about how to prioritise and manage risk.

One formula that is often used to describe the calculation of risk is: risk = threat x vulnerability x impact,  which translates to: What is the level of an identified threat (how common is it, how relevant is it to the industry or asset in question), how vulnerable is the asset or system to the threat, and what is the impact if the vulnerability to a specific threat for a specific asset is realized. If any of the factors are zero - then risk is is also zero.

Acceptable choices in managing risk include: 1) accept the risk, 2) mitigate the risk, 3) transfer the risk or 4) avoid the risk.

The first task then is to work out what the threats are, creating an applicable threat model (well actually the first task is to work out what your assets are - how much they're worth to you, and what a total loss of that asset would cost you in both tangible and intangible terms - but let's assume we're at the threat identification stage).

So how are threats identified? Well I think for the most part they come from a body of knowledge and experience that exists for a given industry and its assets. For example - a jewellery shop is likely to consider the threat of theft to be relevant since it has stuff of value, and jewellers have learned, through experience, that a small percentage of the population will attempt to steal things of value, ergo.. theft is a threat. How vulnerable the jewellery shop is to theft depends on where it's located, how valuable the jewels are, and whether or not the shop has implemented any measures designed to prevent theft- like locks on cabinets, security cameras, security cards etc.

Threats against computer systems and networks also require a body of knowledge in terms of historical and current threats. One approach in helping to identify threats as part of risk assessment is to use a threat library, or database of known threats. There are a few systems out there that take this approach - like a software tool called CRAMM Expert (based on the the CRAMM methodology) which includes a database of threats that you can use to create a threat model for your organisation.

This evening, during another one of those serendipitous link journeys, combined with some reading I've been doing on application lifecycle and security, led me to discover a link to the Threat Modeling Tool tool from Microsoft. While other methodologies in risk assessment cover a wide range of threats and security management issues, Microsoft's tool is geared specifically towards managing risk in software (not surprisingly) and is part of Microsoft's Security Development Lifecycle (SDL) methodology.

I think this tool (and the methodology) is pretty interesting. For starters it's free, which shows how committed Microsoft is to not only producing secure software, but to helping the community at large incorporate secure software development practices into their overall software development process.

In fact it was this post by Adam Shostack, Experiences in Threat Modeling At Microsoft (an excellent article) which led me to the SDL portal, and it was a reference in Bruce Schneier's - Crypto-Gram monthly newsletter that led me to Adam Shostack's post.

I can't claim to be an expert in using this tool after just 30 minutes of experimenting... but I was impressed. Using the the "New with wizard" option - I was able to create a rudimentary threat model in just a few minutes.

The process involved defining user roles (UR), components, service roles (SR) and data. The tool and the process is 'data centric' and as Adam Shostack points out in his article,

"... a great many software attacks involve the flow of data through the system in some way...."

Components used in service roles are also assigned relevancies (or features) like whether the component utilizes HTTP, or builds SQL queries.

Access control rules are created for the defined data entities - both for users and components.

Application Use Cases are then created which in turn are composed of application calls. The caller for each call in a use case can be a user role (UR) or a service (SR).

Threats can then be automatically generated and the tool will attempt to match a list of attacks in the attack library with the calls in a use case, creating a threat list for the given use case. The terminology here is slightly different from what I was taught - since I would have classified the threats that were produced as vulnerabilities, and the attack library as a threat library or database.

Here's an example call graph from a simple use case.

And here's a full screen-shot of the application with an automatically generated threat (vulnerability) that was created for the "Create User" use case.  I'm about to choose 'Reduce' as my Risk Response (remember I can choose to avoid, reduce, transfer or accept a risk). I've also chosen three counter-measures as the mechanisms I will use to reduce risk (click on the image for a larger version).

There is a lot in here, including being able to specify authentication mechanisms for roles (which I'm assuming is used to weight and select attacks) as well as analytics including data access matrix, component access matrix and subject object matrix reports as well as visualizations for call, data and trust flows. Other reports are divided into risk owner reports, design team reports, development team reports and test team reports. Development team reports even include code examples on how to implement selected countermeasures.

To be honest I'm not sure entirely where the Threat Analysis and Modelling tool fits into the data flow diagram (DFD) and "STRIDE per element" approach described in Adam Shostack's paper. The tool appears to be use case driven as opposed to data flow diagram driven.

Also wondering how this application might be integrated with other application design components, like logical or physical design models. There are options for importing Visual Studio Team System Deployment reports as well as exporting Team System Work Items.

I guess the ultimate test in value will be in how much effort is required to build and maintain a threat model using this application when compared to other methods. Large models in particular might be difficult to maintain, although I guess there is no reason why you couldn't use this application to create several smaller threat models with only the user/service roles, data and use cases that are specific to a given feature or iteration of development.

I think it's also worth pointing out that the Threat Analysis and Modelling tool is just one (albeit important) part of a larger process designed to create secure software. It is not a replacement for functional, performance, vulnerability (penetration) and regression testing, nor does it appear to have any risk modelling functions for assessing application deployment, configuration and change management risks.

My limited experience with both this application and a formal software security development process means that I'm not able to say how successful this application might be at helping to 'connect' the security process with application development. But it is a very interesting product, feature rich and easy to use - with zero financial risk to boot.

Managing the risks associated with software, whether developed in-house or acquired is a core component any information security management process and so any tool that helps to increase awareness and manage risk in this respect is a good thing.

Update: 09 Oct 2008 Well - I needed a decent mouse - and the Logitech G9 Laser mouse totally rocks. Downside.. couldn't work out how to swap the mouse on the Kensington Slimblade set.. since the wireless USB dongle reports both a mouse and keyboard. Luckily I'm warming up to my IBM SpaceSaver II and so that's the combination I'm using now.. SpaceSaver II and Logitech G9. Also received a Luxeed LED keyboard from the manufacturer in Korea.. err.. they were very kind and helpful in getting a keyboard to me,  so it pains me to have to report that there are some quality and manufacturing issues with this keyboard. I was getting phantom carriage returns, and the 'F' and 'G' keys were sticking down, so no go here. A real pity because the keyboard layout is perfect. Illuminated LED keys with separate colors assigned to control keys and letter keys - was the closest I've come to the perfect keyboard setup. Sigh.

Original post...

This is officially part two in my never ending quest for the worlds greatest keyboard. Part one is here - In Search of The World's Best Computer Keyboard

My IBM SpaceSaver II arrived today. Not sure what to say. The keyboard layout is perfect; compact but not too small. Everything is in the right place. No number pad which is important for me (as I mentioned in the first post) and helps to keep the keyboard square with the screen. 

Pros: It just works; with no special drivers it works fine in Vista (apart from an active PS2 to USB converter) - the track-point and the middle button scrolling option also works. I'm actually able to use track-point and built in mouse buttons quite well  - which was a little bit surprising (although I will use a dedicated mouse). Looks nice too (the picture doesn't do it justice) and fits well with my black theme.

Cons: Hmm.. key action feels very cheap compared to my ThinkPad T61p keyboard (ThinkPad keyboards are still the greatest keyboards in the world). Key height, action, spacing and travel also aren't nearly as comfortable or as refined as the Kensington Slimblade.

Verdict: Good but disappointing key action - so not the world's greatest keyboard I'm afraid.

Pictured left - my current top of the pile choice - the Kensington Slimblade Media Set. My only recommendation here would be to ditch the mouse. The track-ball is too small for day to day use. Bummer.

Still it's the closest there is at the moment... however...

...there's another candidate out there - one to check out for sure.. the Luxeed LED Keyboard. This one will be fun try. Amazingly - they've gone for nearly the same keyboard layout as the SpaceSaver II (and not as mad as the Maximus Optimus - which I would also have gone for had they made the number pad detachable) . CTRL-Windows-Alt - are just the way I like them all on their own to the left of the space bar (no pesky function key). If the key action is as smooth or even close to the feel of the ThinkPad or the Kensington - this could be the winner. Will report back in Part III if I manage to get hold of one...  :-)

Awesome - my new 2.5" 320GB Hitachi 7200 rpm 16MB cache Travelstar 7K320 hard disk arrived today. The drive was actually made in Thailand - but I had to order it from Singapore... grrr...

Last March I purchased a ThinkPad T61p. I love this notebook... but I made the mistake of not putting a large enough drive in it at the time.

Here are the steps I took to swapping the drive and resizing the partitions. I had BitLocker installed - with the system volume C: encrypted, so there was a S: partition for boot (as BitLocker creates) and a D: volume where I keep all my data.

1. Backed up D:
2. Did a Complete PC Backup to an external USB drive. Control Panel, System Maintenance, Backup and Restore Center, Back up Computer. This creates an image based backup (like Ghost, or TrueImage) including all partition information. NOTE: The image backup process creates a 'decrypted' backup image so you need to keep this drive safe in the case of regular backups.
3. Swapped the drives.
4. Booted from my Vista 64 bit OS DVD - and chose "Repair your computer..." (after the date and time options) followed by "Windows Complete PC Restore" - restore completed.. and reboot.
5. After booting - launched the Computer Management snap-in (right click on My Computer and choose "Manage"). Went into Disk Management - made the C: volume the active volume (in preparation for removing the BitLocker created S: volume)..
6. Reboot - you'll see an error message that boot files cannot be found
7. Boot again from Vista OS DVD
8. Choose "Repair" - and "Startup Repair" (first option) - the boot files and MBR record will be recreated on the C: volume.
9. Reboot and go back into Disk Management. Delete the S: volume (and in my case the D: data volume too). This will make room for a contiguous extension of the C: volume.
10. Then in Disk Management right click on the C: volume and choose 'Extent Volume.."  (this was the whole point of the exercise for me - I needed to increase the size of my system volume).
11. Reboot - system should be fine booting from C:. Re-run the BitLocker drive preparation tool - and re-create the new 1.5GB S: boot volume. And then in my case re-create the D: data volume.
12. Reboot - all done - restore data to D: and re-encrypt C:.

Presto - and it worked flawlessly. Another option would have been to just use the Windows Complete PC Restore - and then use a tool like Acronis Disk Director to reorganize the partitions before re-encrypting the C: volume. However in this case - it all worked without the use of any 3rd party software. I'll give MS credit for their new image based backup system in Vista. I've used it several times now and it's always worked. :-)

Boot times are much improved as well. The previous drive was a Seagate Momentus 7200rpm 160GB disk - but it always felt sluggish to me. The new Hitachi disk is much quicker (although it's reviewed as slightly slower to the new 320GB offerings from both Seagate and Western Digital).