************ Sponsored By Raytheon Trusted Computer Solutions ***********
Hardening operating systems to DISA STIG, PCI, or SANS CAG recommendations can be confusing and time consuming. Automate the assessment, lock down, and baselining of your systems with Security Blanket, for consistent and predictable results. **Now supporting 'targeted' SELinux policy for Red Hat Enterprise Linux. Learn more by registering for a free demonstration today!
--EURO SCADA & Process Control System Security Summit, Rome, Dec 1-2, 2011 Post-Summit Courses December 3-4, 2011 Gain the most current information regarding SCADA and Control System threats and learn how to best prepare to defend against them. http://www.sans.org/eu-scada-2011/
--SANS London 2011, London, UK, December 3-12, 2011 18 courses. Bonus evening presentations include IPv6 Challenges for Intrusion Detection and Understanding How Attackers Bypass Network and Content Restrictions. http://www.sans.org/london-2011/
--SANS CDI 2011, Washington, DC, December 9-16, 2011 27 courses. Bonus evening presentations include Emerging Trends in Data Law and Investigations, and Critical Infrastructure Control Systems Cybersecurity. http://www.sans.org/cyber-defense-initiative-2011/
--SANS Security East 2012, New Orleans, LA January 17-26, 2012 11 courses. Bonus evening presentations include Advanced VoIP Pen Testing: Current Threats and Methods; and Helping Small Businesses with Security. http://www.sans.org/security-east-2012/
--SANS Monterey 2012, Monterey, CA January 30-February 4, 2012 6 courses. Bonus evening presentations include Who Do You Trust? SSL and TLS Under Attack; and IOS Programming Demo. http://www.sans.org/monterey-2012/
--SANS Phoenix 2012, Phoenix, AZ February 13-18, 2012 7 courses. Bonus evening presentations include Desktop Betrayal: Exploiting Clients Through the Features They Demand; and Windows Exploratory Surgery with Process Hacker. http://www.sans.org/phoenix-2012/
Plus Perth, Atlanta, and Bangalore all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php **************************************************************************
TOP OF THE NEWS
Feds Say Hacking Was Not Involved in Illinois Water Pump Failure (November 23, 2011)
NIST Has Huge Impact on Cybersecurity With BIOS Special Publication
People who have long known that NIST can have a profoundly positive impact on cyber security, now have a great example and another one coming. The core challenge of the "supply chain problem" is ensuring each element can be trusted, and in most PCs and laptops, the BIOS is the most basic element where trust must be verified. NIST saw that the industry was in transition with the adoption of the Unified Extensible Firmware Interface for BIOS, and that there was an immediate opportunity to influence the next generation of systems. And they did at scale. Because of NIST Special Publication 800-147, every HP computer and many others now is delivered with a secure BIOS - something that was not true just a year ago. Very shortly NIST will release a related Special Publication on how to do integrity measurement, another critical step in the supply chain problem. -http://gcn.com/articles/2011/04/29/nist-bios-cyber-target.aspx [Editor's note (Paller): Kudos to Andrew Regenscheid, William Polk, Murugiah Souppaya and their team at NIST.
Small Legal Settlement May Open The Flood Gates For Cyber Suits (November 23, 2011)
An Illinois Appellate Court Judge has overturned a lower court ruling that ordered a newspaper publisher to divulge the email and IP addresses of an individual who made comments using an online pseudonym and ordered Comcast to reveal the individual's identity. Justice Terrence Lavin wrote in his decision that "putting publishers and website hosts in the position of 'cyber-nanny' is a noxious concept that offends our country's long history of protecting anonymous speech." -http://www.chicagotribune.com/news/local/ct-met-internet-comment-ruling-20111126 ,0,4573864.story
UK Cyber Security Strategy Includes Information Sharing Pilot Program (November 25 & 26, 2011)
Certification and Accreditation Authority Says Doctors Should Not Text Patient Orders (November 21, 2011)
The Joint Commission, a US health care organization certification and accreditation organization, has stated that health care professionals should not use text messages to share patient information. "It is not acceptable for [health care professionals ] to text orders for patients to the hospital or other health care setting ... [because it ] provides no ability to verify the identity of the person sending the text." -http://www.ihealthbeat.org/articles/2011/11/21/joint-commission-text-messages-sh ould-not-be-used-in-patient-orders.aspx -http://www.jointcommission.org/standards_information/jcfaqdetails.aspx?Standards FaqId=401&ProgramId=1 [Editor's Note (Murray): Rather than raise more barriers to electronic health records, we should be solving the problems with paper ones. Those who think that paper records are safer than electronic ones, simply do not understand paper records. (Liston): "Wait... what? Someone thought it was *okay* to send medical orders via text?" Lately I've been finding more and more of these "areas" where things just don't seem to work the way that I assumed they did. Because doctors and nurses are required to log their actions on the patient's chart, I would've thought that sending orders via text message (where confidentiality, attribution, delivery notification, etc... can be *highly* problematic) wouldn't even be considered. You know what they say about "assuming"... ]
Business Software Alliance CEO Says SOPA Goes Too Far (November 21 & 22, 2011)
John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.
Stephen Northcutt founded the GIAC certification and is President of STI, The Premier Skills-Based Cyber Security Graduate School, www.sans.edu.
Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.
Ed Skoudis is co-founder of InGuardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.
William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School.
Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.
Rohit Dhamankar is a security professional currently involved in independent security research.
Tom Liston is a Senior Security Consultant and Malware Analyst for InGuardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.
Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.
Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and served as President of the InfraGard National Members Alliance - with more than 22,000 members.
Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.
David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.
Alan Paller is director of research at the SANS Institute.
Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.
Clint Kreitner is the founding President and CEO of The Center for Internet Security.
Brian Honan is an independent security consultant based in Dublin, Ireland.
David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.
Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/
As a SysAdmin, I found this course invaluable. It not only gave me the skills I need to audit my own systems, but also gave me some insight on how to better work with external auditors. -Christoper O'Keefe, CPC