How to DIY the Zik/UE 9000/MDR-1RBT killer using Sennheiser HD 380 Pro

By now, most audiophiles would agree that Parrot Zik ($399.95), Sony MDR-1RBT ($399.99) and Logitech UE 9000 ($399.99) are the best and most advanced noise-cancelling wireless headsets one can buy in the market. They offer excellent sound compared to other wireless headsets like Creative WP-450 or conventional wired headsets like Bose AE2i and OE2i by far. But to some pure music lovers, those wireless headsets carry too much compromise to accept to please their ears. In my case, I would not choose those super-smart piece of hardware over a proper, carefully tuned wired headphone although I was very tempted to do so.

To be honest, my choice of headphones is always biased towards Sennheiser as they never let me down for picking them so as my choice of computers always being Dell. Whenever I'm looking for something new, I'd give them my first thought. So, there was no exception when I bought a Sennheiser HD 380 Pro to use during my daily commute and occasional trips. These closed cans give me the most pleasing music I could ever want from a headphone as well as passive noise cancelling as a bonus due to its well-designed earpads. Oh, did I mention that it comes with 2 year international warranty which provides better assurance than other standard local one year warranty?

Nothing's perfect and this is no surprise that HD 380 Pro isn't without some shortcomings. For starters, its 3.2-foot coiled cable is terrible. If you are in stationary position such as using with a receiver or with a laptop, the cable won't be too much of burden but if you are on the move, using the heavy headphone with coiled cable, this is unimaginably miserable having the cable hanging around or sticking out of your pocket.

So, I've got to do something about this otherwise it might just be used at home like its older brother, HD 202 accompanying TX-NR515. But one good thing about 380 is the cable is detachable and it uses standard 2.5mm plug on left earcup and 3.5mm plug to other sources. Now I have to find a shorter cable, preferably around 1m, any longer than this would give me same trouble again. I was lucky to find one such cable at local shop which cost me about five bucks and it does the job.

The straight 2.5mm end of this cable connects directly to the headphone without any modification.

At the beginning of this post, I mentioned the collection of wireless (Bluetooth) headsets which will set you back for $400 and even knowing this month is very good for shopping, $400 would make huge dent in my wallet. After I replaced the cable as necessary, I wanted to extra miles to transform this wonderful headphone to a "smart" headset. I happened to have a Sony MW600 as a gift when I purchased my last handset. This lovely Hi-Fi wireless headset can do everything that those $400 except NFC gimmick but has more practical FM radio. In simple way, this can be used as a Bluetooth receiver, remote control and inline mic.

What makes it more suitable for my little transformation project, it takes 3.5mm jack. Yes, marvelous it is, indeed. The end result is by connecting the new cable's 2.5mm end to headphone and 3.5mm end to the wireless control. Once I paired it with my handset, I instantly got a full-blown killer headset that can outperform any of those (super)pricey headsets. As a contingency plan, if the receiver's battery runs flat, I could still connect the headphone directly to all sources I want.

In the end, I've got a very nice sounding headphone converted to wireless headset. There are few things to note though. 380 Pro is a monster for MW600, reason being it is designed to drive 32Ω earphones now re-purposed to use with 54Ω. Also, 380 carries 500mW load rating so I'll be expecting shorter battery life than 8.5 hours from MW600, which is still more than enough for normal usage.

Manageable Network, Critical Security Controls and NIST SP 800

Now it is the time we are so close to leave 2012 and count down to the new year, I think this is the time when I might sum up what we've seen so far in NIST Special Publications, be it as final, revised or draft release (latest count at 25). As all security practitioners would agree, SP 800s are the definitive guidelines in order to achieve all perspectives of GRC no matter what IT, financial and legal obligations the corporations need to adhere to, such as SOX, HIPAA, PCI-DSS.

Before we get to the details of those documents, let's start from the very foundation: the enterprise network. Over the years as a network and security professional, one thing I always do on any network I have managed is the "documentation". You may have the state-of-the-art installation in top-notch data center, but without the proper and updated documentation, you are just a sitting duck. To be clear, documentation "is not" the thick user manuals you received from the vendors or other documents to serve the same purpose.

The IT network documentation should be one or more of the following documents.

• System configuration and procedure
• Asset inventory
• BC and DR
• Security policies and procedures

More granular list can be found here. So what is my point of bring up the issue of not having appropriate documentation? These are my answers to that.

1. You can't scale your infrastructure according to data growth
2. You can't protect your network if you don't know what you have
3. You can't sustain working environment if you don't have contingency plans

Having said that, implementing a successful documentation is not a mundane task if you follow a structured approach like this one published by NSA. The document (currently at version 2.2, published on 5 April 2012) itself is aptly named as The Manageable Network Plan and the page worthy of all your attention is at 3. You will see there are several milestones for you to counter.

1. Prepare to document
2. Map your network
3. Protect your network
4. Reach your network
5. Control your network
6. Manage your network, Patch Management
7. Manage your network, Baseline Management
8. Document your network

Now we can assign certain NIST SPs to each of the milestone to accomplish. These will also align with SANS 20 Critical Security Controls Version 4.0 in respective criteria.

CSIS: 20 Critical Security Controls - Version 4.0

1. Inventory of Authorized and Unauthorized Devices
2. Inventory of Authorized and Unauthorized Software
3. Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
4. Continuous Vulnerability Assessment and Remediation
5. Malware Defenses
6. Application Software Security
7. Wireless Device Control
8. Data Recovery Capability
9. Security Skills Assessment and Appropriate Training to Fill Gaps
10. Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
11. Limitation and Control of Network Ports, Protocols, and Services
12. Controlled Use of Administrative Privileges
13. Boundary Defense
14. Maintenance, Monitoring, and Analysis of Audit Logs
15. Controlled Access Based on the Need to Know
16. Account Monitoring and Control
17. Data Loss Prevention
18. Incident Response and Management
19. Secure Network Engineering
20. Penetration Tests and Red Team Exercises

The following mapping is to help you get your milestones in organized manner.

Milestone	Security Control	SP 800
Prepare to document
Map network	1	53
Protect network	5,13,19	53,94,153
Reach network		117
Control network	12,14,16	53
Patch management	4	53,40,137
Baseline management	2,3,6,10	53,121,124,147,164
Document network

Note - Mainly focused on documents released in 2012. Other related publications should be consulted too.

Voilà. Now you are on better side of the network management and you can move forward with optimizing what you have in hand. Let's split the tasks into 3 types of management:

1. Risk Management
2. Security Management
3. Governance

For each management, we can map them in same way as above milestones.
Risk Management

Milestone	Security Control	SP 800
Backup strategy	8
Incident response and disaster recovery plans	18	34,61,83
Training	9	16,50

Security Management

Milestone	Security Control	SP 800
Virus scanners and HIPS	5
BYOD/BYON	5,17	124
Data-at-rest protection	17
NAP/NAC	1,5
SIEM	14	92
Perimeter defence	11,13	41
Policies and procedures
App whitelist/blacklist	2
Remote access security	7	48,97,121

Governance

Milestone	Security Control	SP 800
Configuration and Change Management	3,10	128
Audit strategy		55

Once you arm yourself with these milestones and controls, you could tackle not only today's network-related issues but also future expansion, effectively and efficiently. You will be ready for upcoming Bring-Your-Own-Device or Bring-Your-Own-Network in Generation Z workplace with flexible and comprehensive procedures while keeping your shields up without falling victims of hacktivism.

Here we are. Merry Christmas and Happy New Year !!!