Monday, December 17, 2012

Post 010 – CYBR 650




Anonymous continues its hack offensive against Westboro Baptist Church

Remember Westboro Baptist Church, the folks that picket the funerals of veterans and other good people and they do it in the name of the Lord Jesus Christ? 

According to this article, WBC members are on the attack radar scope of the hacktivist group, Anonymous.  Looks like WBC members are learning some valuable, badly-needed karmic lessons in the 21st century (Johnston, C., 2012)

Oh!  WBC folks, Anonymous is not the hacktivist group you want to piss off.  They will make indelible impressions on you, and when they finish with you, you will wish you were anonymous AND more well-behaved.

Reference:

Johnston, C. (2012).  Anonymous continues its hack offensive against Westboro Baptist Church.  An article published on December 17, 2012 at the Arstechnica website.  Retrieved from http://arstechnica.com/security/2012/12/anonymous-continues-its-hack-offensive-against-westboro-baptist-church/  on December 17, 2012.

Another Link is here, with a video by Anonymous:

https://www.facebook.com/photo.php?fbid=10152313873795456&set=a.206416940455.279203.867560455&type=1&theater&notif_t=like

= = = = = = = = = = = = = = = = = = = = = = =
William Favre Slater, III
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
CYBR 650 Blog: http://cybr650.blogspot.com
slater@billslater.com
williamslater@gmail.com
http://billslater.com/career
Chicago, IL
United States of America

Post 009 – CYBR 650





Iranian computers targeted by new malicious data wiper program:  Batchwiper follows the discovery of Flame and other malware targeting the region.

This newly publicized “Batchwiper” program infiltrates machines running Windows operating systems, and installs itself in the Registry of targeted computers.  It can wipe out massive amounts of data because when it executes automatically and it attacks boot partitions on hard drives.  The malware was identified, analyzed, and documented by AlienVault Labs (Goodin, D., 2012).

Hooray for AlienVault Labs.  Good job guys!

Folks, please click on the link below and read up on this Batchwiper program and avoid it:



Comments:

Hmm... Sounds like some well-crafted program from an outfit like IDF Unit 8200 partnering with some other country with lots of technical capabilities.  (Good job guys!)

Guess it makes me glad I’m not living in Iran at the moment.  I know that we have not yet seen the worst of these cyberattacks, both in intensity and sophistication.

Since the first appearance of Stuxnet, we are starting to get some idea of the capabilities and intent to use this new breed of cyberweapons .  Frankly, I am not sad to see it.  I just wish our policies were stronger to clearly indicate to the American public and to ourpotential enemies what we are capable of unleashing.

References:

AlienVault Labs. (2012). Batchwiper: Just Another Wiping Malware. Retrieved from http://labs.alienvault.com/labs/index.php/2012/batchwiper-just-another-wiping-malware/  on December 17, 2012.

Gjelten, T.  (2010).  Are 'Stuxnet' Worm Attacks Cyberwarfare? An article published at NPR.org on October 1, 2011. Retrieved from the web at http://www.npr.org/2011/09/26/140789306/security-expert-u-s-leading-force-behind-stuxnet    on December 20, 2011.

Gjelten, T.  (2010).  Stuxnet Computer Worm Has Vast Repercussions. An article published at NPR.org on October 1, 2011.  Retrieved from the web at http://www.npr.org/templates/story/story.php?storyId=130260413   on December 20, 2011.

Gjelten, T.  (2011).  Security Expert: U.S. 'Leading Force' Behind Stuxnet. An article published at NPR.org on September 26, 2011. Retrieved from the web at http://www.npr.org/2011/09/26/140789306/security-expert-u-s-leading-force-behind-stuxnet   on December 20, 2011.

Gjelten, T.  (2011).  Stuxnet Raises 'Blowback' Risk In Cyberwar. An article published at NPR.org on December 11, 2011. Retrieved from the web at http://www.npr.org/2011/11/02/141908180/stuxnet-raises-blowback-risk-in-cyberwar   on  December 20, 2011.

Goodin, D. (2012).  Iranian computers targeted by new malicious data wiper program.  Retrieved from http://arstechnica.com/security/2012/12/iranian-computers-attacked-by-new-malicious-data-wiper-program/ on December 17, 2012.

Knapp, E D. (2011). Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems. Waltham, MA: Syngress, MA.

Kramer, F. D. (ed.), et al. (2009). Cyberpower and National Security.  Washington, DC: National Defense University.
Langer, R. (2010).   Stuxnet Technical Analysis. Retrieved from the web at http://www.langner.com/en/blog/page/6/   on December 20, 2011.

Libicki, M.C. (2009). Cyberdeterrence and Cyberwar. Santa Monica, CA: Rand Corporation.

Mayday, M. (2012).  Iran Attacks US Banks in Cyber War: Attacks target three major banks, using Muslim outrage as cover.  An article published on September 22, 2012 at Poltix.Topix.com.  Retrieved from http://politix.topix.com/homepage/2214-iran-attacks-us-banks-in-cyber-war   on September 22, 2012.

Sanger, D. E. (2012). Confront and Conceal: Obama’s Secret Wars and Surprising Use of America Power.  New York, NY: Crown Publishers.

Schell, B. H., et al. (2002). The Hacking of America: Who’s Doing It, Why, and How.  Westport, CT: Quorum Press.

Slater, W. F. (2012).  The Case for Integration of Cyberwarfare and Cyberdeterrence Strategies into the U.S. CONOPS Plan to Maximize Responsible Control and Effectiveness by the U.S.  National Command Authorities.  A technical presentation published on November 18, 2012. Retrieved from http://www.billslater.com/writing/DET_630_Week_12_Writing_Assignment_Presentation_from_W_F_Slater_v1.pdf on November 18, 2012.

Slater, W. F. (2012).  The Case for Integration of Cyberwarfare and Cyberdeterrence Strategies into the U.S. CONOPS Plan to Maximize Responsible Control and Effectiveness by the U.S.  National Command Authorities.  A technical paper published on November 18, 2012. Retrieved from http://www.billslater.com/writing/DET_630_Week_12_Writing_Assignment_6_from_W_F_Slater.pdf  on November 18, 2012.

Stiennon, R. (2010). Surviving Cyber War. Lanham, MA: Government Institutes.

Technolytics. (2011). Cyber Commander's eHandbook: The Weaponry and Strategies of Digital Conflict. Purchased and downloaded from Amazon.com on April 16, 2011.

Turzanski, E. and Husick, L. (2012). “Why Cyber Pearl Harbor Won't Be Like Pearl Harbor At All...” A webinar presentation held by the Foreign Policy Research Institute (FPRI) on October 24, 2012. Retrieved from http://www.fpri.org/multimedia/2012/20121024.webinar.cyberwar.html  on October 25, 2012.

Wikipedia Commons. (2011). Stuxnet Diagram.  Retrieved from the web at http://en.wikipedia.org/wiki/File:Step7_communicating_with_plc.svg  on December 20, 2011.

Zetter, K. (2011). How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History. An article published on July 11, 2011 at Wired.com.  Retrieved from the web at http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/all/1  on December 20, 2011.

Post 008 – CYBR 650






Latest DDoS Attacks on Banks: A Teachable Moment.

The cyberattacks that occurred against American during this past week provided some teachable moments:

1)    The banks learned that could configure their IT infrastructures against the malware attacks that they expected.
2)    The same infrastructures were not effective against DDoS attacks
3)    Their Internet Service Providers need to prepare their own infrastructures to help guard against being overwhelmed by DDoS attacks.

(Gonsalves, A., 2012)

Comments:

The first point was especially reassuring because the banks had feared attacks against customer accounts.

References:

Gonsalves, A. (2012).  Latest DDoS attacks on banks: A teachable moment.  A web article published December 14, 2012 at the CSO Online website.  Retrieved from http://www.csoonline.com/article/723936/latest-ddos-attacks-on-banks-a-teachable-moment?source=CSONLE_nlt_update_2012-12-16  on  December 16, 2012.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

William Favre Slater, III 
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation 
Project Manager / Program Manager
CYBR 650 Blog: http://cybr650.blogspot.com 
slater@billslater.com 
williamslater@gmail.com 
http://billslater.com/career 
Chicago, IL
United States of America

Post 007 – CYBR 650






U.S. Banks Warned of Cyberattacks on Accounts

According to the article at the link below, it's about to get really ugly for American Banks and people who keep money in American Banks. It's fixing to go way beyond DDoS attacks. The Russians Hackers will be reaching into bank accounts.  (Watserman, 2012).


Comments:
This has the potential of creating a create deal of FUD – Fear, Uncertainty and Doubt in the American public, which has previously trusted banks.  It also shows how easy cyberattacks have become for enemies who wish to do us harm.

Mattresses, anyone?

Reference:

Waterman, S. (2012).  U.S. banks warned of cyberattack on accounts.  An article published on December 14, 2012 atthe Washington Times website.  Retrieved from
http://www.washingtontimes.com/news/2012/dec/14/us-banks-warned-of-cyber-attack-on-accounts/  on December 14, 2012.

= = = = = = = = = = = = = = = = = = = = = =

William Favre Slater, III 
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation 
Project Manager / Program Manager
CYBR 650 Blog: http://cybr650.blogspot.com 
slater@billslater.com 
williamslater@gmail.com 
http://billslater.com/career 
Chicago, IL
United States of America

Tuesday, December 11, 2012

Post 006 – CYBR 650



Week 2 Blog Assignment Description:
one of the first steps in your process should be to identify credible sources of information for threats, vulnerabilities, updates, and security news in general. As you are identifying these sources, you might start considering what should be done if sources provide conflicting information. In your blog post this week, include a list of sources you consider to be credible, and why.

My research shows that these are the most credible IT Threat Sources:




= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Internet Storm Center by SANS

Why is this a credible source?
1.        It’s one of the oldest threat sources on the Internet
2.       It’s run by career security professionals who have excellent reputations.



= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Common Vulnerabilities and Exposures by Mitre

Why is this a credible source?
1.        It’s one of the oldest threat sources on the Internet
2.       It’s run by career security professionals who have excellent reputations.



= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
National Vulnerabilities Database

Why is this a credible source?
1.        It’s one of the oldest threat sources on the Internet
2.       It’s run by career security professionals who have excellent reputations.




= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Symantec Threat Center

Why is this a credible source?
1.     It’s one of the oldest threat sources on the Internet
It’s run by career security professionals who have excellent reputations.






= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
HoneyNet Cyberattacks Project

Why is this a credible source?
1.        It’s run by career security professionals who have excellent reputations.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

    William Favre Slater, III
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
CYBR 650 Blog: http://cybr650.blogspot.com
slater@billslater.com
williamslater@gmail.com
http://billslater.com/career
Chicago, IL
United States of America







Sunday, December 9, 2012

Post 005 – CYBR 650

Figure 1 - Risk Handling

Figure 2 -  Risk Management Options


These are two of the four risk and threat management process diagrams that we were required to create for our Week 1 Assignment.  In the Week 2 Assignment, we were to critique the process diagrams of our classmates.

This was a fun assignment and I was able to draw on the experiences of work assignments from the past.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

William Favre Slater, III 
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation 
Project Manager / Program Manager
CYBR 650 Blog: http://cybr650.blogspot.com 
slater@billslater.com 
williamslater@gmail.com 
http://billslater.com/career 
Chicago, IL
United States of America




Post 004 – CYBR 650




I have a strong professional interest in an open source automated Threat and Risk Management tool call SCAP - Security Content Automation Protocol.  It has an foundational infrastructure based on some open source, well documented infrastructure features, XML, and exisiting Threat-related tools such as the CVE.  


This is the link to the book I am reading about this.  I am at the beginning of my learning experience in this area.  Security Automation Essentials:  Streamlined Enterprise Security Management and Monitoring with SCAP




As we move forward in this course, I felt strongly that there could be a big benefit if I was allowed to pursue the study and application of SCAP, where possible, and share this information with you, and my fellow students in this class.  

After asking for permission to dive into this topic, I was granted permission to study as my special topic for this course. 


One final thought, the efficiencies and thoroughness of the content that SCAP helps an organization automate and manage makes it very attractive for organizations that are resource-constrained and forced to do more with less people and smaller budgets.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

William Favre Slater, III 
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation 
Project Manager / Program Manager
CYBR 650 Blog: http://cybr650.blogspot.com  
slater@billslater.com 
williamslater@gmail.com 
http://billslater.com/career 
Chicago, IL
United States of America

Post 003 – CYBR 650



I have some other blogs related to Cybersecurity.  The links are shown below with the course numbers and titles that they are associated with.  :Note: some are more active blogs than others.



http://cis608.blogspot.com                         - CIS 608              - Information Security Management

http://cybr515.blogspot.com                      - CYBR 515          - Security Architecture and Design

http://cybr510.blogspot.com                      - CYBR 510          - Physical, Operations, and Personnel Security

http://cis537-wfs.blogspot.com                 - CIS 537              - Introduction to Cyber Ethics

http://cis607.blogspot.com                         - CIS 607              - Computer Forensics

http://cybr520.blogspot.com                      - CYBR 520          - Human Aspects of Cybersecurity

http://cybr610.blogspot.com                      - CYBR 610          - Risk Management Studies

http://cybr615.blogspot.com                      - CYBR 615          - Cybersecurity Governance and Compliance

http://cybr625.blogspot.com                      - CYBR 625          - Business Continuity Planning and Recovery

http://det630.blogspot.com                        - DET 630             - Cyber Warfare & Deterrence

http://cybr525.blogspot.com                      - CYBR 525          - Ethical Hacking and Response

http://cybr650.blogspot.com                      - CYBR 650          - Current Trends in Cybersecurity

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

http://cybersecuritymsbellevue.blogspot.com               - Master Blog with Links to Everything Above

I didn’t really do regular blogging until it was required in this program.

William Favre Slater, III
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
CYBR 650 Blog: http://cybr650.blogspot.com
slater@billslater.com
williamslater@gmail.com
http://billslater.com/career
Chicago, IL
United States of America

Post 002 – CYBR 650



My ISACA Certified Information System Auditor (CISA) certification (attached) was just renewed in December 2012 until January 31, 2016.


I needed 120 CPE points to make this possible. But thanks to the work in my M.S. in Cybersecurity and some other activities I have been involved in, I renewed with over 1200 CPE points. This required a LOT of time, effort, focus and $. It's not for the thrifty or the faint of heart or people who allergic to hard work. 

Do I think it was worth it?  Yes.  The CISA is a very prestigious certification and it helps and will continue to help in my line of work:  Cybersecurity, Data Centers, and ISO 27001.



William Favre Slater, III
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
CYBR 650 Blog: http://cybr650.blogspot.com
slater@billslater.com
williamslater@gmail.com
http://billslater.com/career
Chicago, IL
United States of America




Sunday, December 2, 2012

Post 001 - CYBR 650





This is the first post for the blog associated with CYBR 650 – Current Trends in Cybersecurity.  This is the capstone course of the M.S. in Cybersecurity program at Bellevue University.

Here are some related links to blogs and websites in which you may also be interested.


M.S. in Cybersecurity Program at Bellevue University



Mastering Security


Career


Certifications


Credentials


ISO 27001


CIS 608 Information Security Management


CYBR 515 - Security Architecture and Design


CYBR 510 Physical, Operations, and Personnel Security


CIS 537 Introduction to Cyber Ethics


CYBR 610 Risk Management Studies


CYBR 520 Human Aspects of Cybersecurity


CIS 607 Computer Forensics


CYBR 615 Cybersecurity Governance and Compliance


CYBR 625 Business Continuity Planning and Recovery


DET 630 Cyber Warfare & Deterrence


CYBR 525 Ethical Hacking and Response


CYBR 650 Current Trends in Cybersecurity




William Favre Slater, III

MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, IP v6, Cloud Computing Foundation
Project Manager / Program Manager
slater@billslater.com



Chicago, IL
United States of America