David B. Pickens

MCSA w/Security, MCITP, Security+, Server+, CCNA, Network+, A+
Home
Resume
About
Blog
Contact
My Sabbatical Blog
March 13

Midwest CCDC - March 12-14

Today marks the start of the Midwest Collegiate Cyber Defense Competition here at Inver Hills CC.  It is with much anticipation as the advisors await the arrival of the results.  Unfortunately, we are locked out of the competition rooms waiting as expectant parents for the arrival of an anticipated child for two days.  I shall be pacing the halls, drink too much caffeine, and nervously chat with the other expectant advisors.

Quote

Midwest CCDC
The Midwest Regional CCDC is a two day event and the first competition that specifically focuses on the operational aspect of managing and protecting an existing “commercial” network infrastructure. Not only do students get a chance to test their knowledge in an operational environment, they will also get a chance to network with industry professionals who are always on the look out for up and coming engineers. CCDC provides a unique opportunity for students and industry professionals to interact and discuss many of the security and operational challenges the students will soon face as they enter the job market.


8:17 AM GMT  |  Read comments(0)

March 02

Open Source Security Information Managment
OSSIM stands for Open Source Security Information Management. Its goal is to provide a comprehensive compilation of tools which, when working together, grant network/security administrators with a detailed view over each and every aspect of his or her networks, hosts, physical access devices, server, etc.

Besides getting the most out of well known open source tools, some of which are briefly described below, OSSIM provides a strong correlation engine, detailed low, medium and high level visualization interfaces, and reporting and incident management tools, based on a set of defined assets such as hosts, networks, groups and services.

All of this information can be restricted by network or sensor in order to provide only the required information to specific users; allowing for a fine grained multi–user security environment. Finally, the ability to perform as an IPS (Intrusion Prevention System), using correlated information from virtually any source, will be a useful addition to any security professional’s arsenal.

Components

OSSIM features the following software components:
  • Arpwatch – used for MAC anomaly detection.
  • P0f – used for passive OS detection and OS change analysis.
  • Pads – used for service anomaly detection.
  • Nessus – used for vulnerability assessment and for cross correlation (IDS vs Security Scanner).
  • Snort – the IDS, also used for cross correlation with nessus.
  • Spade – the statistical packet anomaly detection engine. Used to gain knowledge about attacks without signatures.
  • Tcptrack – used for session data information which can prove useful for attack correlation.
  • Ntop – which builds an impressive network information database from which we can identify aberrant behavior/anomaly detection.
  • Nagios – fed from the host asset database, it monitors host and service availability information.
  • Osiris – a great HIDS.
  • OCS-NG – cross-platform inventory solution.
  • OSSEC – integrity, rootkit, registry detection, and more.


7:07 AM GMT  |  Read comments(0)

February 27

RSP/ITeach Conference 2/26
I spent the day hanging out with my fellow faculty colleagues from MNSCU on Friday 2/26.  I look forward to these events as a way to reconnect with old friends and make new ones.  I keep finding MNSCU faculty who are passionate about their disciplines and students.  I really enjoyed a session put on by Thomas Gustafson from Lake Superior College.  His presentation on virtualization technology and its use in the classroom provided great insite into the issues and requirements of the technology.  I had the opportunity to facilitate a discipline workshop on Information Technology as well.  The discussion quickly turned toward the new credential requirements for computer faculty.  These proposed criteria have generated a lot of opposing points.  Here is a list of some of the thoughts brought up in the session.
The criteria states faculty must have a Bachelors in CS, CIS or MIS to teach any computer discipline.  
The comments were:
- CS is a theoretical degree not practical
- Industry certifications should be valued.
- Mathematics degrees should be valued.
- Technical programs should not require CS degrees
- Bachelors degree with experience in field and/or industry certification
- What about AAS degree with industry experience and certification
- AAS - only require AAS..Bachelors require a bachelors.
In this session, we also heard from Joanne Simsner.  Joanne discussed the creation of a state assessment for students graduating from computer networking programs.  This assessment will serve the purpose of documenting successful use of Perkins funds.  We also recieved an invitation to attend a CTL IT Workshop on 4/8 & 4/9 at Hennepin Technical College.  www.advanceitmn.org/itworkshop


9:14 PM GMT  |  Read comments(0)

MN/WI State Champions - CCDC

Today the three time state champion Inver Hills Community College's Collegiate Cyberdefense Competition team successfully defended their state championship title at the MN/WI state Collegiate Cyberdefense Competition held at Minneapolis Community and Technical College.  The competitors represented teams from Minnesota State University - Mankato, St. Cloud State University, Alexandria Technical College, Minnesota State Community Technical College - Detroit Lakes, Milwaukee Area Community College,  and Minneapolis Community and Technical College.   MSCTC - Detroit Lakes took second place and Minnesota State University - Mankato placed third.  The top two schools from this event will go on to compete at the Midwest Regional CCDC competition, March 12-14, 2010 at Inver Hills Community College. 

Quote

Midwest CCDC
The Midwest Regional CCDC is a two day event and the first competition that specifically focuses on the operational aspect of managing and protecting an existing “commercial” network infrastructure. Not only do students get a chance to test their knowledge in an operational environment, they will also get a chance to network with industry professionals who are always on the look out for up and coming engineers. CCDC provides a unique opportunity for students and industry professionals to interact and discuss many of the security and operational challenges the students will soon face as they enter the job market.


8:50 PM GMT  |  Read comments(0)

Basic Analysis and Security Engine (BASE)

 Wondering How to query and analyze Snort... Here is a web based frontend.

Quote

Basic Analysis and Security Engine (BASE) -- Homepage
BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system. BASE is a web interface to perform analysis of intrusions that snort has detected on your network. It uses a user authentication and role-base system, so that you as the security admin can decide what and how much information each user can see. It also has a simple to use, web-based setup program for people not comfortable with editing files directly. BASE is supported by a group of volunteers. They are available to answer any questions you may have or help you out in setting up your system. They are also skilled in intrusion detection systems and make use of that knowledge in the development of BASE.


3:22 PM GMT  |  Read comments(0)

Network Security Toolkit (NST v2.11.0)

 Nice Free resource with alot of great tools. Their website has great documentation as well.

Quote

Network Security Toolkit (NST v2.11.0)
Network Security Toolkit (NST v2.11.0) Welcome to the Network Security Toolkit (NST). This bootable ISO live CD/DVD (NST Live) is based on Fedora. The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86/x86_64 platforms.The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of Open Source Network Security Tools. The majority of tools published in the article: Top 100 Security Tools by INSECURE.ORG are available in the toolkit. An advanced Web User Interface (WUI) is provided for system administration, navigation, automation and configuration of many network and security applications found within the NST distribution. In the virtual world, NST can be used as a network security analysis, validation and monitoring tool on enterprise virtual servers hosting virtual machines.What we find rather fascinating with NST is that we can transform most x86/x86_64 systems into a system designed for network traffic analysis, intrusion detection, network packet generation, wireless network monitoring, virtual session serving, or a sophisticated network/host scanner. This can all be done without disturbing or modifying any underlying system storage. NST can be up and running on a typical x86/x86_64 notebook in less than a minute by just rebooting NST Live. The notebook's hard disk will not be altered in any way.NST also makes an excellent tool to help one with crash recovery troubleshooting scenarios and diagnostics.


3:14 PM GMT  |  Read comments(0)

February 20

Security trends for 2010

CISOs take measured steps to reduce social media risks

 

The increasing use of social media in the enterprise puts CISOs on guard. In this article, review a recent report from Forrester Research that indicates that the adoption of social media in the enterprise has doubled, from 11% in 2008 to 22% in 2009. Forrester urges security pros to take measured steps to reduce social media risks, rather than completely banning it, as many companies have found great success targeting specific audiences via social networking.

http://go.techtarget.com/r/10917457/9545757

 

Preparing for future security threats, evolving malware

 

Most security attacks get more dangerous over time, and the same can be said for malware. Malware is set to make major advancements in 2010, as criminals find new ways to monetize malicious activity.

Access this article to learn how your enterprise can most effectively combat malware through a combination of best practices and the use of emerging technologies.

http://go.techtarget.com/r/10917458/9545757

 

Cloud computing in 2010: Be ready for risk management challenges

 

Cloud computing will most likely have a place in your 2010 security strategy. Whether you've implemented the technology and are struggling with fall-out issues or are weighing the pros and cons, access this article for concrete tips on dealing with its challenges and risks.

http://go.techtarget.com/r/10917459/9545757

 

Knowledge-based authentication treads lightly on privacy issues

 

Knowledge-based authentication (KBA) systems must maintain a delicate balance between reducing fraud and making users feel uneasy. KBA questions have been used primarily by financial firms to verify customers in high-value transactions for nearly a decade, but today use has expanded. Access this article to learn more about KBA and how vendors are acquiring the private information they need to execute on this authentication method.

http://go.techtarget.com/r/10917460/9545757 



9:22 AM GMT  |  Read comments(0)

February 18

CCDC team success
 The IHCC CCDC (collegiate Cyberdefense Competition) team had the opportunity to test their defensive skills against a local company yesterday and found success.
The team has been awarded $375 in Best Buy gift certificates.


7:59 AM GMT  |  Read comments(0)

February 09

BotHunter
BotHunter is a new network defensive system designed to help everyone from network administra-tors to individual Internet-connected PC users detect whether their systems are running coordina-tion-centric malware (such as botnets, spambots, spyware, Trojan exfiltrators, worms, adware). It is based on an algorithm called network dialog correlation, developed under the Cyber-TA research program, in the Computer Science Laboratory at SRI International. BotHunter is NOT an intrusion detection system, firewall, spam blocker, or antivirus tool. These tools generally don't work in help-ing you rid your network of malware infections. BotHunter takes a different approach.

BotHunter monitors the two-way communication flows between hosts within your internal network and the Internet. It aggressively classifies data exchanges that cross your network boundary as po-tential dialog steps in the life cycle of an ongoing malware infection. BotHunter employs Snort as a dialog event generator, and Snort is heavily modified and customized to conduct this dialog classifi-cation process. Dialog events are then fed directly into a separate dialog correlation engine, where BotHunter maps each host's dialog production patterns against an abstract malware infection life cycle model. When enough evidence is acquired to declare a host infected, BotHunter produces an infection profile to summarize all evidence it has gathered regarding the infection.
 
You can register to receive this software free.  It runs on Windows, Linux, and MacOS.  They also have a live ISO CD.


6:58 AM GMT  |  Read comments(0)

January 28

Network Security Model compared to OSI

Network Security Model - The definition of a Network Security model By Josh Backfield

The Open Systems Interconnection model (OSI), developed in 1983 by the International Organization for Standardization (ISO), has been used as a framework to teach networking basics and troubleshoot networking issues for the last 25 years. It has been so influential in network development and architecture that even most of the network communication protocols in use today have a structure that is based on it. But just as the OSI model never fails us, we find that we are lacking a standard that all network security professionals can adhere to, a Network Security Model (NSM). Today's sophisticated and complex networks provide the fundamental need for the NSM.

Read this White Paper

An excellent resource for teaching Network Security concepts. 



9:19 AM GMT  |  Read comments(2)