Skip navigation

Whether you are preparing for a career in Networking, Information Management, or Information Security, certification is one way to demonstrate your knowledge. We live in an increasingly complex and competitive world and many jobs go unfilled due to a lack of qualified candidates. Certification fills an important gap by preparing the workforce and by validating their skills. Certification validates computing excellence, in-depth knowledge, and real-world skills. It differentiates and elevates the individual from the crowd.  With a certified and skilled employee, that investment pays significant dividends. Technical certifications are distinguishing individuals. Companies in today’s advanced society will reap the benefits of your best investment, which is yourself.

Advertisements

When weighing in on personal firewall protection software, there are three important factors that should be considered prior to making a decision.   The first and most important is that the updates for the software must be continuous and be prompt to address the ever-changing hostile environment that users are accustomed to.  The second factor I would look at is load or how the software impacts the performance of my computer.  Many firewall software suites I’ve used in the past have severely hampered my performance to the point where I have even disabled the software to accomplish certain things on my system which defeats the purpose of having the software.  The last factor I take into account is how easy it is to manipulate and use the software.  When you download a software suite designed to protect you system, it needs to be “plug-n-play” type software that doesn’t require too much thought into installation and configuration.  This is especially important when you are recommending software to install to protect a family members computer.   That is unless you like to receive family tech support calls on those least opportune moments such as during one of your weekend football games.

This week’s blog I would like to address risk management an important matter that can quickly break a company if not properly implemented or simply not implemented at all.

One of the keys to protecting our information assets is to understand the risks associated with that asset and knowing out to mitigate those risks.  Risk in regards to information security is the likelihood that a threat will expose vulnerability in a system.  Once the risks have been identified, risk mitigation the second step of a risk management process involves prioritizing, evaluating, implementing and maintaining the appropriate risk reducing controls on our systems.

The elimination of all risk is impractical and/or impossible.  It is the responsibility of management to use the most cost effective approach and implement the most appropriate controls to decrease mission risk to an acceptable level, with minimal adverse impact on business resources and mission.

With the popularity of smartphones and the utilization of Bluetooth for communication and data transfer, three-quarters of mobile phone users are not even aware of the internet security risks linked to Bluetooth-equipped devices. Bluetooth is an open standard for short-range radio frequency communication. Bluetooth technology is used primarily to establish wireless personal area networks (WPANs), and it has been integrated into many types of business and consumer devices.  Utilizing Bluetooth has its risks and they can be categorized into four main semblances:

  • Bluejacking is when anonymous text messages are sent to mobile phones
  • Bluespamming is when a phone’s contacts are secretly sent text messages
  • Bluesnarfing is when hackers gain access to a mobile phone’s contacts
  • Bluebugging is when hackers have access to a handset’s commands

While each of these risks is a nuisance, Bluesnarfing and Bluebugging can be very serious. With bluesnarfing, hackers can gain access to stored data on your smartphone, such as a phonebook, calendar or they can even use the data discovered to clone your phone.

Bluebugging, on the other hand allows hackers to make phone calls from the mobile phone they control. They can write messages and send them from the phone and they can even eavesdrop on private conversations.

Even though you think it can never happen to me, you should take some simple precautions to protect yourself against Bluetooth security breaches on your mobile phone such as always disable Bluetooth functionality on your phone when it’s not in use and investing in some mobile antivirus software available for you particular phone.  Though not fool-proof, they will help to mitigate risks associated with Bluetooth communication.

When vulnerability is found within a system, an “exploit” is needed to provide access to the computer. The vulnerability can be a glitch, a bug, or even a simple design weakness within the hardware or software.  Once the weakness is discovered, an attacker can use software or commands to carry out some sort of malicious intent such as a worm, virus, or a denial-of-service attack.  On many occasions, once a vulnerability is discovered by a hacker, it is immediately posted to a website or discussed in forums so others can take advantage of it.  Even though there are no known inoculations against future exploits, patches and/or fixes are our only line of defense to protect us once a weakness is discovered.  Thus, it is very important for us to update our systems often.

For the next few blogs, I will be discussing some common terms one might encounter if they are lucky to be working within any information security capacity. The first term that I will be discussing and most are probably already familiar with is penetration testing, or often called pen testing.

Pen testing is the practice of attacking an IT system the same way a hacker might attack in order to identify security holes. The person who carries out the testing is often called a penetration tester or pentester.  Of course, this is all done with the permission of the client and also without harming the actual network.  If the client were unaware, this would be considered hacking into the system which is considered illegal.  Most pentesters would recommend that before testing begins, it is in the tester’s best interest to obtain written permission prior in order to cover their ass if questions should arise.

To become a pentester, one could be lucky to have natural talent like HD Moore.  HD Moore, who was a high-school whiz kid, started a company in 2003 that goes by the name of Metasploit.  Both him and his company have become the de facto standard for penetration testing and exploit code development.  I highly recommend you visiting his web site www.metasploit.com if you are interested in this line of work.  Of course, if you don’t have the ‘natural” skills like Moore, you could enroll in some type of formal training to help educate yourself to become a pentester.  There are many training resources available such as Rapid7, GIAC, etc…. just make sure you do your research to find one that is reputable and is also recognized by the information security community.

 

You’ve just completed writing you information security policy and within that policy you place the “cut-and-paste” standard statement that indicates what the consequences are if the policy is violated.  This statement, which normally reads “Failure to comply with this policy will result in disciplinary action up to termination if severity of non-compliance dictates” is a very broad statement.  Such a broad statement can lead to those “grey areas” where employees don’t understand the boundaries specific repercussions for policy violation.  This is where more specific documented guidance would be beneficial to your organization and its employees.

Whenever you are dealing with the human aspect of an organization, it is best to look to you human resource department and if possible, your legal department to see what does and doesn’t violate your company rules as well as state and federal labor laws.  A good disciplinary policy always follows a hierarchy of severity.  This allows for personnel to make mistakes and learn from their mistakes without affecting their career.  Let’s face it, we are all not perfect and everyone makes a mistake once-in-awhile so establishing a policy where employees are dealt the most serious disciplinary action for their first offense is going to result in a hostile work environment.  My suggestion is to instead, have a policy where disciplinary action levels of severity increase and are dictated by offense and number offenses.  Here is an example of a hierarchal discipline structure:

  1. Letter counseling from management – provides feedback on what they have done wrong and how it violates policy.
  2. Letter of reprimand – Employee is warned and official notice is included in their personnel file.  Also, action will have a negative consequences when it comes to performance reviews and promotion
  3. Privileges revoked for a certain period of time provided that they are not critical to individual’s job function.  Also recommend remedial training to address policy infraction
  4. Suspension without pay – Used for multiple infractions and based on severity of violation.  Employees would be suspended for a period of time without pay.
  5. Termination – Self-explanatory Need to make sure all options have been utilized/documented and employee rights are not violated.  This is where HR and Legal would get involved

Of course, this is only an example of a hierarchy disciplinary action plan instead of the generic disciplinary statement typically seen within a security policy.  Each organization is going to be different and it is best to tailor a policy that fits your needs as well as the needs of management.

     I recently came across an interesting article on the FBI’s web site in regards to a new malware that seems to be growing in popularity by holding an unsuspecting victim’s computer for ransom.  The ransomware, known as Reveton, freezes your system and then brings up a window indicating that your IP address has violated United States federal law by participating in an illegal activity such as child pornography, illegal downloading, and or distribution of copyright content.  According to the FBI, some versions of Reveton even “turn on computer webcams and display the victim’s picture on the frozen screen.” The pop-up window goes on to say that if you want to unlock your computer, you are instructed to pay a fine upwards to $200 via a prepaid credit card or a payment service.  The geographic location of the victim’s IP address determines what payment services are offered within their area and in some cases, the pop-up window will even include a code entry box for payment.

According to the Internet Crime Complaint Center (IC3), this is one nasty virus to remove and sometimes the malware you think you have eradicated continues to operate to commit online fraud. There a few ways to remove this virus and those methods can be found on the Internet by doing your research.  That is of course if you can still access the Internet.

Stay safe and be vigilant!

As a person functioning in some sort of IT capacity you probably already have a certification from an organization like CompTIA, CISCO, Red Hat, or Microsoft.  These field specific certs are an excellent way for you to “prove” that you are fluent within those areas and are an excellent tool for career advancement.  One certification that is not in that list of notable IT certifications but is gaining popularity within the field is project management certification.  Project management certification has been around for a long time but until recently, it has not been on the radar of any techie for career advancement and placement.

According to Bureau of Labor Statistics for the U.S. Department of Labor, job outlook for information system managers who have project manager credentials is expected to grow by 18% compared to 14% for those project managers not operating in an IT environment. Also, out of the 15 advertisements for IT project manager jobs currently listed on DICE.com job board, 11 require or prefer some sort of project management certification. With the increase requirement for certification, many schools have started designing project management programs specifically for the information technology manager.  Although there are many training programs available, only those recognized by the Project Management Institute (PMI) as a Registered Education Provider (R.E.P) are eligible to train for the coveted PMI certification.

So, if you want to expand your career beyond swapping parts, writing code, and/or configuring network devices; consider a certification in project management.  A project management certification is an excellent way to set yourself apart from your peers and expand your opportunities.

Cheers!

One tool that needs to be in your security toolbox is a good management program that utilizes the Simple Network Management Protocol (SNMP).  Utilizing network management software to display all of the SNMP data being polled and sent from attached SNMP agents can provide valuable information i.e, high bandwidth/memory utilization.  These valuable network indicators can be good indication of something mischievous going on within your network. Critics will say that SNMP, as a protocol, is not very secure and therefore it is open to a variety of attacks; however, that should not detract from its use as part of a comprehensive event logging and device reporting solution which I can personally attest to.

While working as a network engineer a few years back for the Department of Defense, I finally was able to justify the procurement of network management software solution to be installed onto our network.  This particular system was in place to support the Air Force linguist training and tracking database.  After the initial install and configuration, I completed a required performance baseline to assess the “normal” characteristics of our network.  Using that baseline as a guide, I then setup alert actions to give us a “heads up” should something out-of-the-ordinary happen.  It took some tweaking due to many false alerts but once I finally got it set, it worked like a champ.  A few months later while at home, I received a few text messages from our system.  The text message indicated that the traffic was off the charts on our router directly attached to that server.  This was extremely odd for a weekend.  I immediately remote into the system from home and discovered that our SQL server was running a script utilizing two extensive text files hidden on the server for data input.  One of the files contained common passwords and the other was common logins and the script was cross-utilizing both in attempt to discover our SQL Service Account (SA) password.  Without that network management software utilizing the SNMP protocol, I would have never known about the attack that was taking place until it was probably too late.