Ok, I had to go with the “Words Starting with N” theme. Oh and by Notes, I really mean Comments. And by NICE I really mean the National Initiative for Cybersecurity Education. I had been meaning to write about this a little sooner as you can tell by the dates of the articles referenced below. And now there are less than 2 weeks left until the due date of September 12, 2011.

You can grab a copy of the draft here [PDF]. Any comments you have should be entered into their provided spreadsheet and returned to NIST by email to nicestratplan@nist.gov.

On a related note, NIST will be holding a three day workshop starting on September 20th. I imagine they will be bringing up much of the public feedback they receive there. For more information on NICE, visit their official website.

via InfosecIsland.com

The National Institute of Standards and Technology (NIST) issued for public comment a draft strategic plan for the National Initiative for Cybersecurity Education (NICE) program.

The plan, “Building a Digital Nation,” outlines NICE’s mission, vision, goals and objectives. NIST and its interagency NICE partners seek comments from all interested citizens and organizations concerned with cybersecurity awareness, training and education.

NIST coordinates the interagency NICE program, which is a national campaign focused on enhancing cybersecurity in the United States by accelerating the availability of educational and training resources designed to improve the cyber behavior, skills and knowledge of every segment of the population.

Continued here.

GovInfoSecurity.com also had a nice article on NICE along with an earlier recorded podcast with its lead, Ernest McDuffie. I heard he’s very “nice” to work for.

What beats a week of security training with your peers? Not much. That’s why SANSFIRE 2009 is an event that you should add to your calendar right now, before you get distracted by any other pesky summer plans.

Taking place in Baltimore this year, SANSFIRE will be held between June 13th and 22nd at the Hilton Baltimore. There are special rates available before slots fill up, so register now if you haven’t already.

And speaking of special rates… if you register by the end of today, May 6th, you get $350 off the regular price of the event. If you can’t quite swing registering today, the good news is that you’re also eligible to receive a $250 discount if you register before May 20th.

According to the SANSFIRE website, “[a]t SANSFIRE 2009 you will be provided with new information about new threats, and you can acquire the solid foundation in InfoSec that you need to stay on top of them.” There will be over 30 courses to choose from this year, with new courses alongside tried-and-true classics. You can check out the list below to get an idea of what’s being offered.

• Security 401: SANS Security Essentials Bootcamp Style
• Security 504: Hacker Techniques, Exploits & Incident Handling
• Security 560: Network Penetration Testing and Ethical Hacking
• Management 414: SANS® +S™ Training Program for the CISSP® Certification Exam
• Security 503: Intrusion Detection In-Depth
• Security 508: Computer Forensics, Investigation, and Response
• Security 610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
• Security 301: Intro to Information Security
• Audit 507: Auditing Networks, Perimeters & Systems
• Management 512: SANS Security Leadership Essentials for Managers with Knowledge Compression™
• Security 501: Advanced Security Essentials – Enterprise Defender – NEW

The courses also come with distinguished faculty, including: Stephen Northcutt, Johannes Ullrich, Dr. Eric Cole, Rob Lee, Lenny Zeltzer, Joshua Wright, John Strand, Chris Brenton, Kevin Johnson, Scott Moulton, Frank Kim, Jason Fossen, Eric Conrad, David Hoelzer, Stephen Sims, Michael Murr, Jonathan Ham, Bryce Galbraith, Fred Kerby, Mike Poor, and Jeff Frisk.

SANSFIRE even has options for those of us who learn better at night, with evening events focusing on the SANS web application honeynet. According to the SANS website, “[e]vening talks at SANSFIRE 2009 will provide extraordinary insights into actual attacks that have taken place over the past year. […] You’ll learn about current threats and how the SANS Internet Storm Center can help you in your fight against these threats.” Free to registered attendees, volunteer incident handlers will be present at these evening events.

• Who: SANS
• What: SANSFIRE 2009
• When: 06-13 -06-22-09
• Where: Hilton Baltimore (401 West Pratt Street, Baltimore, MD 21201)

For more information on SANSFIRE 2009, see its description in our Infosec Conferences section. View our Calendar for a list of similar infosec events in and around the NoVA area. Register for SANSFIRE here.

###

In addition to registering for SANS events through NovaInfosecPortal, you can also help keep the site going by becoming a subscriber.

Have you registered for the SANS AppSec event yet?

If not, there’s still time left to purchase your registration. While the event starts tomorrow, April 29th, registration is still open. You can purchase your registration through our SANS section (just click on the SANS image to be taken to the official website), which won’t cost you anything extra, but will help us keep this site running strong.

Entitled “Application Security Workshop — What Works? What Products, Services and Configurations Work Best to Protect Applications From Common Atttacks?” this SANS training workshop gives attendees real information from real professionals in the field. The primary speakers for this event are Jeremiah Grossman of WhiteHat and Konrad Vessey of NSA, meaning that they’ll have information that you won’t be able to get anywhere else.

So if you’d like to learn about solutions that are more than just nice sounding theories, this is definitely a workshop you should attend.

• Who: SANS, with Jeremiah Grossman of WhiteHat and Konrad Vessey of NSA
• What: ”Application Security Workshop — What Works? What Products, Services and Configurations Work Best to Protect Applications From Common Atttacks?”
  • According to the SANS website, workshop attendees will “hear from actual users of multiple products – senior people from the federal government and from major financial organizations. They will tell you which products and services they implemented, what worked, what didn’t and the lessons they learned along the way. It is real-world, from-the-trenches information that you really cannot get any other way.”  
• When: 04-29, 8:30 AM - 6:30 PM EST
• Where: The Marriott Wardman Park (2660 Woodley Rd. NW Washington, D.C. 20008)

For more information on SANS, see its description in our Conferences section. View our Calendar for a complete list of infosec events in and around the NoVA area. To purchase registration for an upcoming SANS event, click here.

###

Speaking of SANS, Do you have your pass to SANSFIRE yet? If not, why not purchase it through NovaInfosecPortal? It doesn’t cost you anything extra, and it helps us keep the site going.

If you haven’t heard about Conficker worm, tell us where you’ve been hiding: We want to go there too.

In all seriousness however, the Conficker worm is a serious issue that has made a name for itself not only in the security world, but is (slowly) being recognized by the general public. While it might be easy to make a joke about that (we’ll refrain) the truth is that anytime the general public pays attention to a worm, you know that worm is having a far reach and is probably infecting more computers than the estimates on record.

While we could go into how the Conficker worm works (USB flash drives as a means for propagation for one), we feel that it’s more important to look at why Conficker works. In our world of gizmos and highly technical solutions, how is a relatively simple worm like Conficker getting through?

To answer that, we need to go back to the basics of security.

Currently, there are a lot of complex technical solutions used to ‘solve’ security problems. The only problem with using technical solutions to solve security problems is that you are only creating 50 percent of the solution. The other 50 percent of the solution has to do with the people using the so-called technical solutions, and that’s the vulnerability Conficker is counting on. 

The reason Conficker has been so successful is because it takes advantage of human dependence on technical solutions. It’s getting around technical controls by tricking people that aren’t properly trained or who are trained only to use technical solutions to solve security problems.

Because let’s face it: Technical processes with no support behind them can only take you so far. It’s like sending someone to Spain with a Spanish/English dictionary but nothing else. While that person might be able to frantically look up what someone’s saying because they have the proper ‘tool’ (in this case, the dictionary), how far are they really going to get by relying on that dictionary the whole time?

That dictionary isn’t going to have every phrase defined, and it won’t have the explanations of Spanish culture (for example, taking a siesta) so the person in Spain with nothing but a Spanish/English dictionary is going to feel pretty lost pretty quickly. Sending someone into a security problem with nothing but ‘technical solutions’ is very similar: Those technical solutions can only get you so far, and anytime something comes up that doesn’t fit within those technical solutions (or the ‘dictionary’) the person relying solely on those technical solutions will feel pretty lost.

Because in the end, basics aren’t necessary firewalls, but getting back to security awareness in the form of proper training. As humans we want to believe that answers are complicated when really, doing the basics—and doing them well—can prevent so many problems.

But, that’s just us: Why do you feel that the Conficker worm has been so successful, and do you feel that it deserves the media attention it’s getting? If you’re interested in reading some of that media, please click here.  

###

While we won’t teach you how to create your own Conficker worm, we will help you meet local security professionals through creating a strong community on this site. To contribute toward that goal, consider becoming a subscriber of NovaInfosecPortal today.

I came across the “Hack” part of the “Hack-or-Halo” challenge for this year’s ShmooCon on White Wolf Security’s web site. The contest page contains clue and answer sheets as well as the main VM used in the game. See our ShmooCon 2008 Infosec Conference Event – Friday post for this contest’s original description.

Learn Security Online has released an infosec hacking challenge event titled “CrackMe 0×03.” In this contest there are no specific questions to answer. All that is required is you detail how you solved the challenge. For more information on Learn Security Online, see its description in our Training resource section. Here is a link to their original post about this hacking challenge.

I was finally able to make it to the Arlington 2600 group infosec meetup event last evening. There was a good turnout with about 10 people showing up. Most of the people that attended were fairly new so nobody really had a good idea of what we were suppose to do.

We had several interesting discussions covering a range of security concepts. One topic we kept on coming back to was if we should use handles or not. In the end most people just used their first names. Some other interesting discussions we had included the transition from old fashion phone-phreaking to attacking VoIP, the backwards way many agencies and corporations implement security, the problems with how large organizations deal with compliance (i.e., checking the boxes off versus really securing the system), and how a large part of security comes down to properly training people. One interesting fact that we learned was that the Secret Service raided this Arlington 2600 group back in the early 90s.

Overall, it was a great to talk with some others in the security field. The only gripe I had was the location. The meetup took place in the Pentagon City Mall food court so it was quite noisy. Instead of having a large group conversation, we ended up having lots of little discussions between two or three people. The other suggestion that I have to to meet somewhere that offers power and free wifi so that the attendees can take part in the 2600 IRC channel. This really broadens the discussions since all 2600 groups meet around the same time on the first Friday of every month. Oh … and Au Bon Pain has closed and has been replaced with a Panda Express.

See our original post for more information.

Ed Skoudis’s Monthly Challenges has released an infosec hacking challenge event titled “It Happened One Friday.”In this contest you are given a series of UNIX-style commands and asked what happened and why. For more information on Ed Skoudis’s Monthly Challenges, see its description in our Training resource section. Here is a link to Ed Skoudis’s Monthly Challenges original post about this hacking challenge.

We’ve added a new training resource section that will provide an in-depth look into hacking challenges, courses, conferences, and formal university education options for infosec professionals based in or around the Northern Virginia (NoVA) area.