Subscribe to This Feed

Click Here to Subscribe

Recent Posts

Categories

20 Critical Security Controls Class Debuts: Day One Highlights

By Kelli Tarala | June 22, 2009

Today we are in Washington D.C. teaching a new SANS Class based upon the Consensus Audit Guidelines (CAG) Critical Security Controls. We are very excited that the debut run sold out this week. Dr. Eric Cole in conjunction with the team at Enclave Security have been writing and fine tuning the class since February, and students provided some great feedback on the “rollup your shelves and earn some quick wins” methodology of this class.

What Makes These 20 Controls so Important?
The 20 critical controls consensus guideline was drawn up from those cyber warriors on the front lines. Federal CIOs and CISOs with direct knowledge of recent cyber attacks, Department of Defense (DoD) Blue Team members who have performed incident response efforts after cyber attacks, the FBI, DoD Red Team members who practice offensive security maneuvers to gain access to systems, as well as civilian penetration testers and experts have all contributed their expertise to this effort. These 20 controls are the high priority techniques for defending against real world, ongoing attacks.

What kind of students are in class this week?
Our students this week have a wealth of information security knowledge ranging from auditors to administrators, analysts to implementers. While each student has his and her own reasons for being in the class, the proverb rings true for them: “Give a man a fish; you have fed him for today. Teach a man to fish; and you have fed him for a lifetime.” This class provides the tools, checklists and anecdotal stories to help secure your organizations from attack.

What were some of the highlights from today?

Thanks to all of our students today. We appreciate your thought provoking questions today!

Topics: Audit, SANS Institute, Sharpen the Saw | No Comments »

Free Resource Kit e-Book from Microsoft

By Kelli Tarala | June 17, 2009

What to learn more about Unified Communications? Unified What? Microsoft Communications Server 2007 R2!  

Microsoft Press is offering a free 879 page E-book that provides a through background on Microsoft’s new united communications platform. Go check it out quick. It is available for a short time.

Microsoft Office Communications Server 2007 R2 Resource Kit

By Rui Maximo, Rick Kingslan, Rajesh Ramanathan, Nirav Kamdar with the Microsoft Office Communications Server Team
ISBN: 9780735626355

Get the definitive resource for deploying, configuring, and supporting Office Communications Server 2007—now fully updated.

http://csna01.libredigital.com/?urws8un4p7

Topics: Sharpen the Saw, Tools, Training | No Comments »

Paper-based Data Leakage Still a Concern

By Kelli Tarala | June 15, 2009

There is an intriguing article in the Saturday Washington Post about the lawsuit involving Hilton Hotels and Starwood Hotels regarding boutique hotel branding. In a suit filed in federal court in New York on April 16th, Starwood’s suit alleges that Hilton stole more than 100,000 electronic and hard copy files containing trade secrets to help it expand its luxury hotel offerings. “The large volume of confidential information taken is extraordinary,” the filing says.

This past week, as it was moving from Beverley Hills to Tyson’s Corner, Hilton Hotels decided to send boxes and boxes of Starwood documents back to the company “in an abundance of caution.” Lawyers from Hilton wrote a letter saying they found the material in the homes and offices of prominent employees recruited from Starwood. The sheer volume of paper recovered is an interesting observation in light of the availability of jump drives and CD burners.  While we spend a lot time worrying electronic files and removable media, paper is still one of the easiest ways to remove confidential information from an organization.

Some things to consider when you are writing or auditing information security policies  regarding employee access and Intellectual Property (IP).

Paper-based data leakage is still a big concern for companies and making sure that your organization addressing paper documents will help protect your organization’s  vital assets.

Topics: Acceptable Use, Audit, Data Leakage Protection (DLP) | No Comments »

Free CISA Exam Prep Resources for the Upcoming Exam

By James Tarala | June 9, 2009

I know a lot of you are diligently preparing for the CISA exam this weekend. For those of you who aren’t or you’ve never heard of the exam, read more about it here - www.isaca.org/cisa/.

Why should you care about this cert? Well, basically if you want to enter the audit field or if you’re an auditor and ever think you’ll want to change companies, you’ll need to have this cert. Not only did SC magazine name it to be their top infosec cert of the year, it’s also pretty well considered the entry ticket into the IS audit profession.

Ok, let’s get back to that free part…

So last night I recorded a two hour presentation on what to do this week to get ready for the exam. If you’re not already signed up for the exam, forget it, but you can try again in December later this year. The purpose of the presentation is to focus your studies the week before the exam. We try to give you a practical set of tips on areas you should be focusing on, what to do logistically to prepare, and general strategies for success.

If you want more information or want to be able to listen, you’ll have to register for it, but the best thing to do is visit this link (https://www.sans.org/registration/register.php?conferenceid=19554), register for the presentation, and enjoy the content. You’ll need to use the discount code (Review) to get it for free after you register.

Or on the other hand, just send me a tweet and ask what to do at either @jamestarala or @isaudit. Either way…
Enjoy, and good luck on the exam this weekend!

Topics: Audit, Training | No Comments »

Checklists a Day: Week in Review – June 6, 2009

By James Tarala | June 6, 2009

Each week via Twitter we post a daily audit checklist tweet for all the IS auditors and security administrators out there in the tweet-o-sphere. But, we realize not everyone is ready for Twitter, and many of you are still resisting (you can keep trying, but eventually you will give in and start tweeting, everyone will eventually…), so we’ve decided to start posting them in our blog as well.

So once each week we’ll post the audit checklists and audit tools that we posted into Twitter here in our blog as well. This way everyone will have a chance to enjoy all the audit fun!

So, from all the folks at Enclave Security, enjoy this week’s audit checklists and tools.

Audit Checklists & Security Guides:

Auditing Public Companies

Auditing Phone Systems

Auditing the Software Development Lifecycle (SDLC)

Auditing Access Controls

Auditing Home Wireless Networks

Auditing Wireless Networks

Auditing Boundary Security

Audit Tools:

Archer SmartSuite

(Audit Management Software)

WarVOX

(Phone System Audit Software)

W3AF

(Web Application Vulneraility Assessment Software)

LC6

(Password Auditing Software)

Kismac

(Wireless Auditing Software)

Vistumbler

(Wireless Auditing Software)

Nagios

(Network Management Software)

We hope everyone will enjoy and use these tools this week. If you have suggestions or ideas for future audit checklists or tools, please let us know, we’d love to hear your feedback.

Topics: Audit, Free Audit Checklists, Tools | No Comments »

Free Information Security Awareness Training from InfraGard

By Kelli Tarala | June 4, 2009

InfraGard Awareness is a FREE information security awareness course that can help individuals and small business owners understand how make their workplace more secure. It will also teach vital skills to protect yourself and your family from cybercrime and identity theft. This course is free to all individuals and small businesses under 50 employees. 

Many news articles and studies have identified employees and other insiders as the cause of the majority of data and security breaches and better security awareness and training is central to reducing these incidents. The web-based course, created by The Center for Information Security Awareness, is professionally narrated, and it consists of 14 separate lessons covering key information security issues that can impact the workplace;

·         Cyber threats to the workplace and the nation

·         understanding how employee behavior is exploited

·         The importance of regulatory compliance

·         better workplace security

·         Effective password practices

·         understanding social engineering

·         Improved email practices

·         Safer web surfing practices

·         protection of sensitive data

·         Laptop, PDA and mobile security

Go and check it out!

http://www.infragardawareness.com/

 For those who are not familiar with InfraGard, it is a Federal Bureau of Investigation (FBI) program focusing on information sharing and analysis with a wide range of members. At its most basic level, InfraGard is a partnership between the FBI and the private sector. InfraGard is an association of businesses, academic institutions, state and local law enforcement agencies that began in the Cleveland Field Office in 1996. The program expanded to other FBI Field Offices, and in 1998 the FBI assigned national program responsibility for InfraGard to the former National Infrastructure Protection Center (NIPC) and to the Cyber Division. InfraGard Chapters are geographically linked with FBI Field Office territories. Each InfraGard Chapter has an FBI Special Agent Coordinator assigned to it, and the FBI Coordinator works closely with Supervisory Special Agent Program Managers in the Cyber Division at FBI Headquarters in Washington, D.C.

If you are interesting in joining InfraGard, here is a link to an application:
 http://infragard.thehandcoders.com/UserFiles/File/Contact%20Us/unified_application0104.pdf

Topics: Sharpen the Saw, Tools, Training | No Comments »

Password Assessment with LC6 – Why it Matters for Auditors

By James Tarala | June 3, 2009

Last week the researchers over at the L0phtCrack team (Christien Rioux, Chris Wysopal, and Peiter Mudge Zatko) released a new version of their famous tool – l0phtcrack, this time known as LC6. The tool has finally returned from its long slumber and is now available for download and purchase from their website (http://www.l0phtcrack.com/index.html). And can I just say to these developers, Welcome back!

The million dollar question security engineers and auditors are probably asking right now is, why would I willingly pay for a password cracking tool when there are free tools like John the Ripper, LCP, and Cain & Abel available that will do the same thing?

Well, I’m glad you asked…

LC6 has a feature called – “Display Passwords when Audited” which can be disabled.

That feature alone should make this the password cracking tool of choice for any security auditor. If you’re an auditor, do you really want to know what your users’ passwords are? Or do you simply want to know how long it takes to crack the passwords and whether they are in compliance with the organization’s password policies? It seems to me as an auditor, we want to protect our passwords and our hashes from inadvertent disclosure. What better way to do that than not displaying them at all?

Auditors, password assessment should be a part of your testing regiment, but only in a controlled manner and with proper management authorization. Although I don’t get any corporate sponsorship for saying this, I think we should consider LC6, to protect our integrity as auditors and yet still be able to test a critical system control.

Crack responsibly…

Topics: Audit, Tools | No Comments »

Open Proxies and Edit Wars on Wikipedia

By Kelli Tarala | June 2, 2009

There was an interesting article earlier this week concerning IP blocking by Wikipedia, a wildly popular online encyclopedia tool. Wikipedia’s “Arbitration Committee” of experienced volunteer editors voted to block changes from all IP addresses owned or operated by the Church of Scientology and its associates.

Is this censorship or good enforcement? Read on, and you decide.

After a lengthy internal review, the website decided that the ban was an appropriate response to the “edit wars” concerning Scientology entries. Officially, the site promotes itself as an encyclopedia with a “neutral point of view” and discourages those who edit “in order to promote their own interests” . Wikipedia also frowns on those who use the encyclopedia to advance personal agendas and ideological or religious disputes.

Multiple editors have been “openly editing [ONLY Scientology-related articles] from Church of Scientology equipment and apparently coordinating their activities,” according to evidence collected by Wiki admins. On Register.com, one Wiki admin explains that policing edits from Scientology machines has been time-consuming and challenging because multiple myriad editors hide behind a small number of IP addresses and, the IP address of each editor is constantly changing. This prevents admins from determining whether a single editor is using multiple Wikipedia accounts to abuse the system. This is known as sockpuppeting, and it is not allowed on Wikipedia. “Wikifiddlers” often hide their identity behind open proxies to foil Wiki admins.

“Our alternatives are to block them entirely, or checkuser every ‘pro-Scientology’ editor on this topic. I find the latter unacceptable,” wrote one ArbComer. “It is quite broad, but it seems that they’re funneling a lot of editing traffic through a few IPs, which make socks impossible to track.”  Most of these editors in question only edit Scientology-related articles. In Wiki talk, they are “single purpose accounts,” and these IP address may be banned as a preventative measure.

Because the multiple editors behind a small number of IP addressing, sockpuppeting, as well as advancing  religious agenda, the Arbitration Committee ruled that Scientology IPs are “to be blocked as if they were open proxies.”

To learn more about anonymous editing to Wikipedia, check out WikiScanner and the soon to be released WikiScanner2. These tools created by Virgil Griffith use a publicly searchable database that links millions of anonymous Wikipedia edits to the organizations where those edits apparently originated. WikiScanner cross-references edits with data on the owners of the associated block of IP addresses. Griffith exposed how insiders at the Central Intelligence Agency and other companies were surreptitiously deleting or changing information that was unflattering to the organization. 

http://wikiscanner.virgil.gr/

http://www.theregister.co.uk/2009/05/29/wikipedia_bans_scientology/

http://blogs.tampabay.com/breakingnews/2009/05/wikipedia-bans-scientology-from-site.html

   http://en.wikipedia.org/wiki/Wikipedia:Requests_for_arbitration/Scientology

 

Topics: George Orwell’s Big Brother, Legal & Privacy | No Comments »

Checklists a Day: Week in Review – May 30, 2009

By James Tarala | May 30, 2009

Each week via Twitter we post a daily audit checklist tweet for all the IS auditors and security administrators out there in the tweet-o-sphere. But, we realize not everyone is ready for Twitter, and many of your are still resisting (you can keep trying, but eventually you will give in and start tweeting, everyone will eventually…), so we’ve decided to start posting them in our blog as well.

So once each week we’ll post the audit checklists and audit tools that we posted into Twitter here in our blog as well. This way everyone will have a chance to enjoy all the audit fun!

So, from all the folks at Enclave Security, enjoy this week’s audit checklists and tools.

Audit Checklists & Security Guides:

Auditing Microsoft Windows Vista Systems

Auditing Unix Systems

Auditing Outsourced Business Functions

Auditing Cisco Routers

Auditing Bank ATM Machines (1)

Auditing Bank ATM Machines (2)

Auditing Change & Patch Management

Auditing Mac OS X Systems

Audit Tools:

NEWT Professional

(Inventory & Assessment Tool)

Lynis

(Unix Audit Scripts)

Netifera

(Network Assessment Tool)

Nipper

(Network Device Audit Tool)

OpenVAS

(Vulnerability Assessment Tool)

Microsoft BSA

(Windows Security Assessment Tool)

ClamXav

(Mac OS X Anti-Malware Tool)

We hope everyone will enjoy and use these tools this week. If you have suggestions or ideas for future audit checklists or tools, please let us know, we’d love to hear your feedback.

Topics: Audit, Free Audit Checklists, Tools | No Comments »

Twitter Tips for Info Sec Twerps

By Kelli Tarala | May 19, 2009

We have been spending a lot of time on Twitter here at Enclave Security and we have put together a short list of ideas for Info Sec pros who are interesting in becoming more active on Twitter. 

•    Twitter is not so much about conversations; it is about sending out the message. As you know, both can have value from a marketing perspective.

•    Twitter posts are limited in size, but use ‘tweets’ as a carrot to get people talking about your website, blog, favorite security tool, etc..

•    Twitter is a ‘teaser’. You can send short messages to colleagues and clients about interesting news articles, the next conference you are attending, or other people you follow on Twitter. 

•    Use Twitter during your non-productive time: in waiting rooms, in traffic, waiting for a lunch date, etc…

•     But, Twitter should be used with a strategy and goals in mind. Some instructors at the SANS Institute use Twitter to build awareness about the forensics and audit programs.  We use Twitter engage people on info sec topics and auditing ideas. What would you like to tell people about?

•    Twitter is a tool to building communities. There are Twitter directories that you can add yourself to. Get involved in Info Sec groups!

•    As Twitter moves away from it ’shiny object’ status, it is growing more sophisticated as a branding tool. You will see more people with customized backgrounds, deals for existing customers, and discounts for new customers.

•    In a recent survey of 432 highly involved Twitter users (who spend an average of 2 ¾ hours per day on Twitter), the top reasons they were using Twitter was “truly motivated by learning new things and getting information real-time, as it’s developing.”

•    Invest regular daily chunks of time: Many people allocate preplanned blocks of time to tweet and use tools like TweetLater.com to schedule broadcasts that can post automatically throughout the day.

•    Filter your Twitter traffic: TweetDeck allows you to set up groups and filter conversations. For example, if you’re following hundreds or thousands of people, you can set up filter groups for people such as analysts, publishers, and authors—and choose to look at their tweets

Topics: Audit, Tools | Comments Off


« Previous Entries