The original slides made heavy use of the Microsoft PowerPoint animation feature. Unfortunately, SlideShare does not currently support animation. You can download the presentation and the animations will work, but I ended up modifying the slides so they are more viewable online. SlideBoom will keep the animation, but it does it by creating a video of the presentation. I decided to stick with SlideShare and spare you the resulting nine minute video. While I should add audio and make a SlideCast, this post might never be completed if I wait until I have time to create a really nice web presentation.

Merriam-Webster defines a totem as any supposed entity that watches over or assists a group of people, such as a family, clan, or tribe. In this presentation I focused on how TOTEM assists in watching over and evaluating the threat an IP represents. The idea behind TOTEM is simple: compare threat information from sources such as watchlists (DShield, Emerging Threats, SenderBase, etc.) to activities with the organization (IDS/IPS, flow logs, etc.) and other locations (SANS ISC, DOE federated model, etc.). As new threat information and activity sources are added, a better evaluation can be rendered.

The purpose of this presentation has been to share the basic ideas behind TOTEM with the hope that others may provide helpful insight. So far I have not disappointed. I wanted to thank everyone for I have received some very intriguing ideas.

After attending a recent meeting, it dawned on me that not all IT people are on the same page when it comes to technology and security. I knew this, but it is one of those things that you throw into the back of your mind and you do not really think about it. That is until you are trying to talk on a subject that is built on other subjects that the listeners don’t understand. Training is one way to cover the basics. Being in security is like being in a n-step program where n is ever increasing. All you can do is deal with one step, or layer, at a time. While training users will not cure all the problems of the world, helping a few people learn how to do things in a more secure manner might translate into a whole bunch of security holes that will never occur.

CERT has just released a podcast titled “The Human Side of Security Trade-Offs.” Greg Newby & Stephanie Losi tackle the issues of raising awareness and motivation, building a security conscious culture, and tackling secure software development. Listening to this podcast started me thinking about giving lunch time presentations at work. Of course, if I was to spend my time preparing such slides, I would want to share them on my blog.

Which brings us to today’s postings. Google recently added presentations to their Google Docs area. Todd Ogasawara posted a very nice writeup titled “Google Presentation vs. PowerPoint vs. Keynote?” I hope Google does listen Todd’s suggestions:

I’m hoping for to see at least three more features added in the near future. First, Google please Gear-ify Documents, Spreadsheet, and Presentation so documents can be developed and used offline. Second, allow using images from Picasaweb instead of requiring image uploads. Third, let us embed video from YouTube into Presentations.

One of Todd’s commentators, Dave, mentioned adding iPhone/Safari support. If Google can get Presentation working on the iPhone, maybe I could have lunch presentations with folks actually in restaurants having lunch. Well, that might be taking things a bit far.

Google is not your only choice. TechCrunch has done profiles on some of the other services: Zoho Show, Empressr, Teamslide, DimDim, and Thumbstacks. The problem with online presentation services is that the tools for creating presentations can be difficult to develop within the limitations of Flash and/or AJAX. TechCrunch reports, “In our reviews, we’ve seen a lot of development effort go into producing these tools, which still fall short of what’s available from desktop software. Less attention is given to the actual presentation interface, and as a result those products are, so far, less than perfect.”

SlideShare allows you to upload and share PowerPoint, Keynote, OpenOffice, or even PDF presentations. Presentations are hosted online and are available to the public. So please, do not post anything you do not want the world to see. What really interest me about SlideShare is that it would allow me to embed my presentation into my posting, making the presentation available anywhere; no special plugin required. Lindsay, over at webnamesblog.ca, did a very informative posting, “SlideShare and SlideCasting – tools to make your presentations easier.” SlideCasting provides a way to combine slides and audio (this includes podcasts). Considering the subject of this post, it would be just plain wrong not to provide a presentation on how to use SlideCasting. Thanks to Jonathan Boutelle for providing a nice example:

Please go to the site and look at some of the presentations. To help you find presentations, SlideShare just announced, “SlideShare gets a powerful search engine!:” To quote the announcement

You can now search for slideshows, users & groups. Results can be viewed in a list or a grid layout. And there is an advanced search as well for drilling deep down into the content. You can also splice the search results by 11 international languages.

SlideShare’s new search engine makes use of Ferret. Ferret is an open source, full-featured text search engine library written for Ruby and inspired by the Java Lucene project. Gregg Pollack has done a nice tutorial titled, “Acts_As_Ferret Tutorial.” Gregg’s tutorial goes over how to add rapid full-text searching to your Rails application. O’Reilly has also done a very good 94 page Short Cuts written by David Balmain on how to quickly get up and running with Ferret.

There are a few tools of the IT trade. Use them wisely and securely.