Network Sentry Blog

Certifications

info — Thu, 21 Jul 2011 09:21:38 +0000

Let me start off by saying I love SANS. I love the content, I love the teachers and I love the excellent knowledge I get out of the classes. It’s straight up technical and immediately usable. Like they say, it’s like drinking from the fire hose.

I just got an email that my GCIA is going to expire in 23 months. I can pay $$ to take the exam or I can accrue maintenanance units. Unlike CISSP where you can go to trainings, events, etc. and get credits without necessarily paying ISC^2. With SANS I can get credits with work experience and other trainings/events like CISSP but not enough to renew the cert. The only option I see is to take at least two days worth of classes OR a one day class and SANS/GIAC community participation. So at a minimum, one SANS class.

Grrr.

Microsoft letting Win2k and XP users fend for themselves?

info — Wed, 09 Sep 2009 02:54:08 +0000

Read through the MS09-048 advisory. See anything out of the ordinary? Read through it again. Notice the asterisks? Looking for a patch for Windows 2000 SP4? Sorry, “No update available”. Need a patch for Windows XP SP2, SP3 or Windows XP x64 SP2? You don’t need one because it’s not vulnerable. Or is it? There’s an asterisk – “Default configuration not affected”.

In Microsoft’s defense, patching Win2k would require the OS to be rearchitected which may introduce stability issues with existing software. But still – if you ask me, the product is under support and now has three unpatched remote exploits. Hopefully on tomorrow’s call they can clarify the issue. Maybe it’s not as bad as it seems, but as it stands it sounds like Win2k can be DoSed remotely if even a single TCP port is listening – firewalled or not.

They have no defense for Windows XP. Most XP systems I’ve seen have listening ports. Maybe in the office you are firewalled, but what about road warriors using a hotspot? Can a malicious person head to his/her local Panera and plant a back door on all the Windows machines?

The most important aspect of this post is “what can I do to protect myself?” Well:

If your platform has a patch, apply it.
If you can afford it, upgrade machines to a platform that is supported.
If you have an unsupported platform, use a host firewall to block inbound connecti0ns.
If you have road warriors, make it a priority to educate them on this issue, how to utilize the firewall when on a public/untrusted network and how to conduct business while out of the office.

Hopefully tommorrow Microsoft will offer more details on this and it won’t be as bad as it seems. I can think of a few ways of protecting devices but again, the dust needs to settle first. In the meantime, firewall off as many devices as you can and use host firewalls to your advantage.

Small Business Information Security Fundamentals

info — Fri, 28 Aug 2009 02:14:12 +0000

Today I read about a new DRAFT document published by NIST (National Institute of Standards and Technology) titled “Small Business Information Security: The Fundamentals“. I must say that this is a great document and if you are a small business, please take a look at it. It attempts to explain in plain language some of Information Security’s best practices.

If you’ve read Brian Krebs’ blog about the increasing occurrence of small businesses being targets of money theft from Eastern European criminals, the stats in the NIST document’s overview section really drives home the importance of Infosec for small business. These businesses are vital to our economy and unfortunately lack the resources of larger businesses who do invest in information security. If small businesses don’t act to protect themselves, their customers or their employees, we’re headed down a dangerous path.