MOREnet Security News Review -- December 23 - 27, 2013
MOREnet is offering SANS SEC464: Hacker Guard: Security Baseline Training for IT Administrators and Operations with Continuing Education, February 25 – 26, 2014. MOREnet members are eligible for a price of $1200. Click here for registration information.
WEEKLY THREAT RESOURCE SITE
KNOW YOUR ENEMY – THREAT ID OF THE WEEK
Hardware Backdoor – Have you ever heard of a “hardware backdoor?” Hardware backdoors pose a very high risk because they are extremely difficult to detect and like software backdoors, can grant access to your computer. Check out the following links for more information.
Researchers create nearly undetectable hardware backdoor
NSA’s Own Hardware Backdoors May Still be a “Problem from Hell”
Hardware attacks, backdoors and electronic component qualification
TOP HEADLINES THIS WEEK
Study: Mobile Devices Escalating Endpoint Security Risks
Slide Show: the Coolest Hacks of 2013
Lessons from 5 Advanced Attacks of 2013
Target’s Christmas Data Breach
Video: Securing Service Accounts – Part 1
Video: Securing Service Accounts – Part 2
Lessons learned in password security 2013
Hackers Spend Christmas Break Launching Large Scale NTP-Reflection Attacks
Prevention and Detection Strategies for Backdoors and Hardware Attacks
VULNERABILITIES AND PATCHES
Virtual Servers -- MOREnet is offering a virtual server service for members to host services outside their networks ("in the cloud"). Subscribers can run many of their existing services on a remotely located server, avoiding the cost of buying and upgrading servers and increasing their server resources with a single phone call. Subscribers will have access to a virtual server environment located in a secure data facility that connects directly into the core MOREnet network. MOREnet will provide access to the virtual server control console for the subscriber to maintain their virtual server. Alternatively, MOREnet can manage the operating system of the subscriber's virtual server. Click the following link for more information on features and benefits. http://www.more.net/services/virtual-servers
UPCOMING TRAINING AND EVENTS
- Wireshark How-To Series – Personalized Profiles – Tuesday, January 7, 2014 – Online Webinar -- This is the fifth installment of our Wireshark How-To Series. In this webinar we’ll step through customizing Wireshark’s GUI Interface and capture options. We’ll cover the basics of profiles and how to customize Wireshark for specific tasks. Click here to register for this event
- Wireshark How-To Series – Using Wireshark’s Expert System – Tuesday, January 21, 2014 – Online Webinar -- This is the sixth and final installment of our first series of Wireshark How-Tos. In this webinar we’ll step through how to use Wireshark’s Expert System. We’ll cover how to launch Expert Info, colorize Expert Info elements, filter elements, and how to understand what triggers each element. Click here to register for this event
- Introduction to Windows 2008 Server Administration – Tuesday, February 4, – February 5, 2014 – MOREnet, Columbia, MO -- Designed to build a foundation in basic server administration, this class introduces students to many of Windows Server 2008 features. The class includes extensive exercises which reinforce Microsoft Windows Server 2008 network administration skills as they are learned. Click here to register for this event
- Social Media Series Part 1, Risks of Social Media – Wednesday, February 5, 2014 – Online Webinar – Does your staff or students understand the risks they take when posting comments or pictures to social media sites? Join us for a discussion of the unseen risks to innocent posts. Registration information available soon.
- Introduction to Windows 2008 DNS, DHCP and CSVde – Thursday, February 6, 2014 – MOREnet, Columbia, MO -- This course is designed to provide a foundation for understanding both Domain Name System and Dynamic Host Configuration Protocol. Students will install and configure these services for automated IP communications. At the end of the day the students will also use the bulk user import utility CSVde. Students must have taken Intro to Windows 2008 server to attend. Click here to register for this event
- Windows 2008 Group Policy – Friday February 7, 2014 – MOREnet, Columbia, MO -- This class is designed to allow students to centrally manage workstations and servers with Group Policy Objects (GPOs) within a Windows Active Directory domain. In class we will start at the beginning with defining what Group Policy is and what can be accomplished by using Group Policies within your organization. We will create simple group policies and test their effectiveness on a windows 7machine. We will explore some advanced Group Policy subjects such as redirecting user data and folders, deploying software and finish with using Group Policy Preferences to Map Drives and clean out folders. Click here to register for this event
- Social Media Series Part 2, Understanding the Privacy Settings of Popular Social Media Sites– Wednesday February 19, 2014 – Online Webinar. Even if you understand the risks associated with social media, which settings are best and how do you find them on each site? This webinar will focus primarily on Facebook privacy settings, but will include references to many other social media sites. Registration information available soon.
- SANS SEC464: Hacker Guard: Security Baseline Training for IT Administrators and Operations with Continuing Education – Tuesday, February 25 – Wednesday, February 26, 2014, MOREnet, Columbia, MO -- This educational program gives IT admins the tools and techniques to illuminate evidence of potentially malicious activity on their systems and to look deeper to determine whether the problems they see are real. It allows them to become the hacker guards for malicious activity in their organization. It uses hands-on exercises to ensure they are comfortable using the tools. MOREnet members are eligible for a price of $1200. Click here for registration information.
- Social Media Series Part 3, Understanding the Privacy Settings of Popular Devices Media – Wednesday March 5, 2014 – Online Webinar – So your social media websites are locked down, but are all settings enforced the same if the device isn’t secured? Join us for a discussion of device settings to review to protect yourself from social media and other apps. Registration information available soon.
Do you know of any upcoming security-related training events? Please send them to email@example.com for inclusion in this newsletter!
SECURITY AWARENESS TIP OF THE WEEK
It’s that time of year again… 2013 is almost over and people are starting to think about New Year’s Resolutions. Have you ever thought about making resolutions to improve your network and information security? Check out the following links for some ideas that might help you develop new or improved security habits in the coming year.