Technically News – 2/11
In this edition: DLT Solutions Adds AWS GovCloud To Its Cloud Services; NIST Wants Your Advice on Cybersecurity Document; Red Hat Embraces BYOD; Steps for Protecting Your Data Center After Virtualization; State of the Union to Discuss Cybersecurity.
Cybersecurity Wednesdays | Symantec Identifies & Helps Take Down Global Cyber Crime Operation
Yesterday, Symantec and Microsoft technicians, together with U.S. federal marshals, raided data centers in Manassas, VA and Weehawken, N.J., shutting down servers, preventing users from accessing the internet, and pushing the above message to an estimated one million infected computers. If you were one of those caught in the process, while it may have been inconvenient, you were playing a small part in taking down a very big global cyber crime operation known as the Bamital botnet.
Cybersecurity Lessons from the New York Times Security Breach
The New York Times selected a premier vendor of security products, Symantec Corporation, to provide antivirus software. Recently, they were attacked by hackers originating in China. After the attacks, the Times’ security consultant reported that the antivirus software did not protect the company. I consult for DLT Solutions with some of the most secure government agencies in the U.S. My primary suite of products comes from Symantec. Their security solutions are among the best in the industry. If they had fully deployed and properly utilized Symantec’s anti-virus software in their enterprise, most, if not all, of the attacks could have been prevented.
Technically News - 2/4
In this edition: Symantec Statement Regarding New York Times Cyber Attack; Red Hat's Top 10 IT Predictions for 2013; State & Local Turn to a New CIO: Chief Innovation Officer; Pentagon Expanding Cybersecurity Force to Protect Networks Against Attacks
Mobile Malware is the New PC Malware
In 2004, Cabir became the first mobile-based worm, infecting Symbian-based devices including old Samsung and Nokia models. Although it was developed as a proof-of-concept, within a year Cabir helped spawn mobile malware including the first mobile Trojan (Qdial) and mobile application hack (Skulls). Today, explosion of smartphones and tablets has spawned an entirely new hacking industry – one that has the potential to bypass your current cybersecurity strategies if you have not included mobile protection.
GovDefenders Wednesdays | Cybersecurity Legislation: Are We There Yet?
The Senate worked throughout last year to gain consensus on a cybersecurity bill. The Cybersecurity Act of 2012 sought to establish a National Cybersecurity Council to be chaired by the Secretary of the Department of Homeland Security. The thrust of this particular legislation would have been to put in place a framework for protection of so called “critical infrastructure” - power plants, refineries, chemical production installations and similar facilities.
Henry Sienkiewicz: DISA’s Vision for Cybersecurity
Last Friday, I had the privilege of hearing Henry Sienkiewicz, Vice Chief Information Assurance Executive for the Defensive Information Systems Agency (DISA), at a luncheon hosted by the Northern Virginia chapter of the Air Forces Communications and Electronics Association. In his opening remarks, Mr. Sienkiewicz identified three vectors challenging their cybersecurity delivery: budget decreases, strong demand from the services, and how cybersecurity is being conducted to defend and protect the mission. My five key takeaways are the following...
GovDefenders Wednesdays: Cybersecurity Starts at the Bottom of the Totem Pole
One of the most frequently misused quotes references the bottom of the totem pole. Many people associate it with negativity - “I’m stuck at the bottom of the totem pole.” However, the bottom is one of the places you wanted to be because it was one of the most honorable positions. It was those at the bottom who everyone relied on to hold society up. Cybersecurity is no different. Those at the bottom now must help hold those at the top.
10GB Ethernet Networks: Why It’s Time to Upgrade
One of the most common questions I get from clients is, “What are the differences between a 1GB and 10GB Ethernet network?” The two biggest are speed and security.
GovDefenders Wednesdays: Software Assurance & SQL Injections
Non-technical readers may be surprised to learn that software defects are the most common root cause of information security vulnerabilities. Whether through poor design, improper coding techniques, inadequate testing, or incorporation of third-party software modules of dubious quality; in many cases the threat vector is baked in before users install the software.