Ever Wonder What All Those Listening Windows Services Are?

Thanks to @H.D. Moore for turning me on to this article from Microsoft.

Are You Sure You Want to Work in Cybersecurity?

In Mike Subelsky’s 08/11/11 blog posting, here’s what he has to say on the matter: “Cybersecurity, while offering lucrative job opportunities, might not be an ultimately rewarding career for Maryland technologists. I worked in this sector for about eight years as a military officer, government civilian, and government contractor in a variety of different roles, and here’s what I want to say about it.”

What do you think?

tcpdump and IPv6

Guy Bruneau over at the Internet Storm Center (ISC) has a good list of tcpdump filters to use with IPv6 traffic.

Security 101 : Security Basics in 140 Characters Or Less

October is National Cyber Security Awareness Month. In honor, Tom Liston reached out to the security community and asked folks for their feedback on what they thought Security 101 was – in 140 character-long chunks. The list is here.

U.S. Bill Mandates Pen Tests

Should be interesting to see if this bill can get any traction in the Senate.

Who to Follow on Twitter for Cyber Security Information?

This post comes from Lenny Zeltser (someone I personally follow on Twitter), “Having used Twitter for a couple of years, I can say that its role as social networking medium for members of the information security community has been steadily growing. The value Twitter offers infosec people in three-fold: it helps keep up with interesting security-related content; it offers a forum for interacting with fellow infosec professionals; and it assists in researching current security events and trends.”

Full blog posting here.

US Cyber Challenge (USCC) Cyber Quests Competition

This in from the USCC folks: “Cyber Quests are a series of fun and challenging on-line competitions allowing participants to demonstrate their knowledge in a variety of information security disciplines. Each quest features an artifact for analysis, along with a series of quiz questions. Some quests focus on a potentially vulnerable sample web server as the artifact, challenging participants to identify its flaws using vulnerability analysis skills. Other quests are focused around forensic analysis, packet capture analysis, and more. The quests have varying levels of difficulty and complexity, with some quests geared toward beginners, while others include more intermediate and ultimately advanced material.

The Cyber Quests online contests provide crucial skills development and enable us to tap into the tremendous talent across our nation to identify those with a passion for security and a desire to put their skills to good use in addressing our cyber security workforce challenges.”

Register for the August 2011 Cyber Quest.

Good Security is Really Just Good Systems Administration

“Good security is really just good systems administration” – this phrase was uttered by John Strand in his July 27 post, “The Rise of Security Monkeys.” And you know, he’s right.

Think about the basic set of countermeasures often repeated to mitigate various malware, hacker attacks, etc.:

• Disable/remove unnecessary services
• Patch systems
• Update vulnerable software
• Implement ingress/egress filtering (either at the network or host level)
• Enforce strong passwords (and provide a way for your customers/users to remember them)
• Configure user’s account to run in a lesser privileged mode

Easier said than done – I know…and sure, there’s the ninja-like offensive stuff that will win over good systems administration no matter what. But if you look at this list, these basic security tenets boil down to good systems administration. Well said John.

Cisco IOS Software Checker

Responsible for Cisco networks? Check this tool out: Cisco IOS Software Checker.

Maryland US Cyber Challenge Summer Camp: Day 5

Today is the final day of the USCC Maryland Summer Camp.

The students will be competing in an contest that combines a Quiz Bowl with networking and system administration exercises. Students from the winning team will each earn a $1,000 scholarship, courtesy of ISC2.

The awards ceremony starts at 1 PM EST. All are welcome.