The Changing Nature of Incident Response: Part 5

August 11th, 2011 No comments
I am sure that the so-called “crises” about which I have written in my last two blog postings pale in comparison to some that have occurred since. I have, for example, learned about insider attacks that have occurred in banks and other institutions that could have potentially severely disrupted the financial and operational status of the organizations in which these attacks occurred. Serving on an incident response team charged with responding to these incidents must in many ways have been the ultimate challenge.

Read more…

Categories: Network Security Tags:

AV Software Testing: Caveat Emptor

August 8th, 2011 No comments
One of the platitudes with which people attending information security awareness programs quickly become familiar is “run AV software and keep it updated.” Informing users accordingly is important. Following up to verify that they engage in actions corresponding to these platitudes is every bit as important. But are the same platitudes preached in the 1990s and early 2000s concerning AV software still true? Read more…
Categories: Network Security Tags:

Information Security Conferences Gone Awry

August 4th, 2011 No comments

I speak at more conferences every October than any other month. This month has been crazy so far, and I can scarcely remember being home more than two or three days at a time since mid-September. Many of the conferences at which I have spoken have had excellent presentations and panel discussions. At the same time, I fear that some of these conferences have gone in the wrong direction. Why?

Read more…

Categories: Network Security Tags:

Malware Detection: The Case for a New Approach

July 31st, 2011 No comments
If you have seen the not all that far-in-the-past NSSLabs evaluation of endpoint protection software, you, like myself, have probably been somewhat discouraged. NSSLabs infected systems with multitudes of viruses and other types of malware to determine the degree to which endpoint software packages can detect and remedy infections. Not many vendors’ software tools fared well, and a number of widely-purchased tools performed downright deplorably.

Read more…

Categories: Network Security Tags:

More Electronic Voting System-related Woes

July 27th, 2011 No comments
The stakes are high–if someone subverts voting systems or if voting systems do not produce valid results for some other reason, democracy itself is at risk–free voting is the foundation of a democratic society. A large proportion of the US public still remembers voting system problems in Florida and Ohio in the 2004 Presidential election that may very well have resulted in victory for a candidate who may not have been the bona fide winner.

Read more…

Categories: Network Security Tags:

A Big Kudo for NIST

July 23rd, 2011 No comments
I just went back and looked over all the blog postings I have written over the years, only to discover that I never wrote even one about the National Institute of Standards and Technology (NIST). I admit that I have some biases about NIST, and that they are all positive. When the DOE CIAC incident response team that I started and managed was a fledgling entity, no US government agency or group stood behind CIAC more than did NIST. The major players there with whom I dealt at that time included Lynn McNulty, Stu Katze, Denny Steinauer, Marianne Swanson, John Wack and Lisa Carnahan. Afterwards retired Air Force officer Tim Grance came on the scene, and he added a special dimension of leadership.

Categories: Network Security Tags:

Internet-wide Network Access Control: Are You Serious, Scott?

July 19th, 2011 No comments
In a recent posting Microsoft VP of Trustworthy Computing, Scott Charney, raised more than just a few eyebrows by proposing that only PCs with a “clean bill of health” should be able to connect to the Internet. The security condition of each PC should, according to Charney, be evaluated, and if the PC passes a health check, it should be issued a certificate attesting to its good security condition. The health check should, according to Charney, include determining whether or not the PC is up to date with respect to patches and whether or not it is infected with malware. Unpatched and/or infected PCs should be automatically patched and/or disinfected–if this proves unsuccessful, Charney says, these machines should be quarantined such that they could not connect to the Internet.

Read more…

Categories: Network Security Tags:

SANS INCIDENT RESPONSE MANAGEMENT COURSE OCT 14-15, 2011

July 13th, 2011 No comments

DR. GENE SCHULTZ WILL TEACH A NEW SANS INCIDENT RESPONSE MANAGEMENT COURSE OCT. 14-15 IN BALTIMORE

Dr. Gene Schultz, Emagined Security’s Chief Technology Officer, will be teaching a new SANS course, Incident Response Management, October 14 – 15 in Baltimore, California. If you are an incident response or information security manager or are involved in highly related functions such as business continuity or disaster recovery management or IT audit, there is a good chance that this course is for you! Its course content is as follows: Read more…

Categories: Incident Response, Network Security Tags: