Weekly News Review
MOREnet Security News Review -- April 16-20, 2012
We’d like your input… The call for presenters is now open for M3 – MOREnet’s NEW Megaconference -- and we want to know what topics or technologies are on the top of your list to learn about. If there’s something specific you’d like to see in October, please send an email to firstname.lastname@example.org or email@example.com.
TOP HEADLINES THIS WEEK
Looks like Google is going to have to dig a little deeper into their pockets.
Google search results sometimes display malicious web sites despite the company’s best efforts to filter them out.
Flashback is still around and now researchers believe they know how it spread …
Thinking about using Cloud services? Here are some tips for negotiating SLAs.
Do you follow SSL Best Practices?
VULNERABILITIES AND PATCHES
US-CERT Vulnerability Summary for the Week of April 9, 2012
This week Oracle released a Critical Patch Update which contains 88 new security fixes.
OpenSSL Security Advisory
Social media sites are great ways to communicate but they can be the source of security threats to your users and organization. Sophos has a Social Media Security Toolkit that contains a variety of resources to help teach users how to stay safe.
Looking for a free open-source IDS… check out OSSEC. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Network Backup -- MOREnet is offering a network backup service for members to back up mission-critical data to an off-site location. Members will have access to a hosted backup service located in a secure data facility that connects directly into the core MOREnet network.
UPCOMING TRAINING AND EVENTS
1. Cloud Security Webinar – Wednesday, May 16, 2012 3:00 – 4:00 p.m. We have been talking about "the cloud" for years and years but what is "the cloud"? What constitutes a "cloud" device or storage or offering? What questions should you be asking of your cloud provider to make sure you are protected? We will discuss all of those items and more as we talk about how to securely move into the cloud.
2. Introduction to Windows 2008 Server Administration – Tuesday June 26 through Thursday June 28, Columbia, Missouri – Designed to build a foundation in basic server administration, this class introduces students to many of Windows Server 2008 features. The class includes extensive exercises which reinforce Microsoft Windows Server 2008 network administration skills as they are learned.
3. Introduction to Windows 2008 DNS, DHCP and CSVde – Friday June 29, Columbia, Missouri - This course is designed to provide a foundation for understanding both Domain Name System and Dynamic Host Configuration Protocol. Students will install and configure these services for automated IP communications. At the end of the day the students will also use the bulk user import utility CSVde. Students must have taken Intro to Windows 2008 server to attend.
SECURITY AWARENESS TIP OF THE WEEK
Wireless security is in the news this week thanks to Google’s Street View street-mapping service which inadvertently collected data about people’s online activities from unsecured Wi-Fi networks. (If you haven’t read about it, here’s a link http://news.cnet.com/8301-1009_3-57415550-83/google-street-view-may-face-further-scrutiny/.) In the meantime… make sure your home wireless network is secure by turning on encryption. Encryption scrambles the data sent over wireless networks so it cannot be easily read by humans. We recommend you pick the strongest form of encryption that works with devices that connect to your wireless network.