What is a secure communication network?

“It is a fine thing to be honest, but it is also very important to be right.” Winston Churchill
(Guruge, 2003)

secure

Secure communication network (Pixabay, 2016)

When wanting to provide security to a certain working environment, the first thing to be done is to evaluate what are the threats to such environment. Same applies to computer network security as well. Finding out which are the threats of your computer network and assessing its levels, increases the chances of choosing the best security solution which in turn facilitates its implementation. In order to deal with some thing appropriately, then it’s recommended to have adequate knowledge and experience of it. In this case, dealing with computer network security, one should have the knowledge of what is the computer network security and experience of implementing computer network security? According to the Webster dictionary, “security is defined as the condition or quality of being free from apprehension, anxiety, or care.” With this said, a “secure communication network can be defined as a network whose users do not feel any apprehension or anxiety while using the network” (Chandra, 2005, p. 1).

In real life, we notice different security technologies used and solutions implemented with a purpose to secure computer networks. But is the threat coming always from outside, or is more than that? Besides threats coming from outside of the perimeter network in organized way, “nearly half the security breaches comes from sources internal to an organization, and, in particular, employees” (Harrington, 2005, p. 3). Often we hear how a user mistakenly compromised the security of its corporate network, or a situation when the unknown flaws in certain application software caused to bring down several services inside of a perimeter network, or even shutting down the entire network. This means that humans and systems responsible for providing security to computer networks should always keep an eye open and be in a standby mode to secure a network against both external and internal intrusion attempts.

References:

  1. Chandra, P. (2005).  Bulletproof Wireless Security GSM, UMTS, 802.11, and Ad Hoc Security.  Oxford, UK:  Elsevier, Inc.
  2. Guruge, A.  (2003).  Corporate Portals Empowered with XML and Web Services.  New York, NY:  Elsevier Science.
  3. Harrington, J. L.  (2005).  Network Security: A Practical Aproach.  San Francisco, CA: Elsevier, Inc.

Hope you’ll find this post informative.

peace and blessings,

Bekim

Bekim Dauti’s Blog | Bekim Dauti’s Vlog | e-Books @Amazon Kindle Store

Advertisements

Blog of the Week: IT Security Certifications – Which Ones Matter?

by Ed Tittel, on October 14th, 2016

In a fascinating story for NetworkWorld, Senior Principal Analyst for the Enterprise Strategy Group Jon Oltsik distills the results of a recent annual research report titled The State of Cyber Security Professional Careers.

Oltsik is also credited as the author of that report, and works for one of its two sponsors. The other sponsor is the ISSA (aka the Information Systems Security Association, a professional association for cybersecurity professionals to which I myself belong).

The two groups surveyed 437 ISSA member information security professionals in mid-2016. The data gathered led Olstik and other to draw some interesting conclusions about that population that can be projected onto the wider body of cybersecurity professionals worldwide.

I’ll summarize some high points here, but the report is worth grabbing and reading from stem to stern, especially if you work (or are thinking about working) in the infosec region within the wider IT realm.

The bar chart seen below indicates the leading responses to the question: “Which cybersecurity certifications do you hold?” The responses indicate that, at least among ISSA membership (11,000 strong or thereabouts, according to Leslie Kesselring, the ISSA’s PR representative), there is only a very small number of credentials that really register on their overall radar.

Four certs to be precise, ranked as follows by the percentage of survey respondents who hold them: CISSP (56 percent), Security+ (19 percent), CISM (17 percent), and CISA (16 percent).

it-certifications

Source: The Truth About Cybersecurity Certifications, NetworkWorld, Jon Oltsik, Oct. 12, 2016.

As somebody who’s tracked the infosec certification landscape closely for more than a decade (with a set of certification surveys for SearchSecurity.com dating back to 2003 to prove it), I was surprised to see such a small number. I was also surprised to see that the SANS GIAC (Global Information Assurance Certification) program failed to register with this audience at a level comparable to the other items already mentioned.

I’m reaching out to Mr. Oltsik of the ESG to see if he can open up his data for me to peer into a bit more closely — I’d like to see what else showed up in the replies of survey respondents. If I learn anything interesting, I’ll follow up on it here.

At this point, I only know that none of the hundreds of other infosec certs available in the marketplace registered close to the 16 percent cited for the ISACA’s Certified Information Systems Auditor (CISA) credential.

Other high points worth noting from the report include the following:

● Cybersecurity professionals perceive a “moral imperative” in their job roles, and take pride in using technical skills and knowledge to protect IT and business assets (27 percent of respondents), or see morality in working in infosec (22 percent).

● Most cybersecurity professionals started out in IT: 78 percent reported starting their careers under the IT umbrella, and then evolving into a focus on cybersecurity.

● Most cybersecurity professionals struggle to define a career path for themselves: 65 percent reported having no clear career path, nor formal plans to move their careers to the next level. The report attributes this chaotic situation to wide diversity in “cybersecurity focus areas, the lack of a well-defined professional career development standard and map, and the rapid changes in the cyber security field itself.”

It goes on to voice a call for action to businesses, IT in general, cybersecurity managers, academics and public policy leaders to try to impose some order on this chaos and to create “formal cybersecurity guidelines and frameworks” to better guide cybersecurity professionals in career planning and development efforts. For what it’s worth, I concur wholeheartedly.

● The survey found that cybersecurity certifications “are a mixed bag.” Outside the CISSP, the report cites only a lukewarm response to other security credentials, and goes on to say that “security certifications should be encouraged for specific roles and responsibilities, but downplayed as part of a cybersecurity professional’s overall career and skills development.”

Elsewhere in the report the authors argue that the combination of hands-on work experience and mentoring from more seasoned cybersecurity professionals trumps certifications both roundly and soundly.

This is just the tip of the iceberg as far as information and insight found in the report is concerned. Please grab yourself a copy and give it a read. Lots of good stuff here!

Note:

The article was originally written by Ed Tittel and published by GoCertify on October 14th, 2016. It is reproduced on this blog with an author’s permission.

Hope you’ll find this post informative.

peace and blessings,

Bekim

Bekim Dauti’s Blog | Bekim Dauti’s Vlog | e-Books @Amazon Kindle Store

 

Blog of the Week: Effective cybersecurity requires participation from all

by Erdal Ozkaya, on Septermber 13th, 2016

cyber-security

Ask a random person on the street what cybersecurity means to him or her, and you might get a response that refers to the most recent big data breach. It’s hard to ignore being constantly told by major news outlets that the “private” in “private information” is a bad joke, and that not a single person who has ever entered so much as their favorite color into an online form is safe from black market traders, unscrupulous governments, internet hacktivists, and whatever other threats you can possibly imagine. Push the question a little further, and your random person on the street might tell you all the things they do to stay safe online — and all the things they don’t do. At the very least, you would probably conclude that awareness of cybersecurity issues has dramatically increased in the public sphere. Awareness is, to be sure, a crucial step in bolstering security, whether in a corporate context or a more personal one. But awareness is not enough.

As members of a digital, networked society, we shouldn’t simply be aware of our problems. Rather, we should be fixing them. We often fail to do that, though, choosing instead to just accept bad outcomes rather than address their root causes.

This is completely understandable when you think about the fact that security problems often seem insurmountable. What can we as individuals do, even if it’s just to protect our own personal information? There are too many points of failure, too many factors that are out of one person’s hands.

So rather than struggle independently with rudimentary tools and limited help from others, the most logical choice is to shift our focus and embrace a new standard: a culture of cybersecurity. To put it another way, we need a collective effort to share valuable security knowledge, strategies, best practices, and more with our fellow digital citizens. If we want effective cybersecurity, then all of us have to play a part.

What’s In It for Me?

There’s some truth in saying that laziness is a key element of human nature, but that excuse is too simplistic and too dismissive. It’s not that we can’t be bothered to exercise due diligence, it’s that we haven’t been properly motivated. “What’s in it for me?” is a fundamental unspoken question of cybersecurity — one that demands our attention.

When we cast blame on average users for failing to regularly change their many passwords across many different sites and systems, we seem averse to understanding why they’ve failed to do so. Only when it is too late, when users’ own identities are stolen, do they acknowledge the importance of such a security practice.

What impetus did they have to incorporate this practice sooner, though? Too often, they’ve simply been told what to do without truly understanding why they need to do it. Maybe they read a brief “Top 10 User Security Guidelines” article on the web, or maybe a colleague hurriedly mentioned a few personal security tips on a lunch break. Maybe their employer sent out a security-minded email that the user didn’t really take seriously. While these actions provide a decent start, they aren’t sufficient. Superficial commentary alone won’t foster an adequate or comprehensive cybersecurity culture.

The key to fostering this culture, then, is substance. One of the most substantive ways to inspire others to be proactive is to get them to relate to the situation. People often fall into the trap of thinking about their computer use too abstractly, as if what they do online is far removed from actual real-world consequences. To get them to understand the gravity of their digital actions, we need to get them to shed this outdated mode of thinking.

When the average computer user leaves his house to go to work, he locks the front door. What about when he leaves his desk to go to lunch? Does he leave his workstation unlocked for any passerby to use? Just like physical doors, we open cyber doors all the time — and when such doors open to something personal or sensitive in nature, we must lock them behind us to keep that information secure.

Not everything in the cyber world has an analogue in the real world, and that can present a unique challenge in fostering a security-conscious climate. To go back to the passwords example, the average homeowner probably doesn’t visit a locksmith every month to have the key to her front door changed.

If you can communicate to users, however, that time is a critical component of any hacker’s attempt at brute force password cracking, then the importance of regularly changing passwords becomes more obvious. In this case, the answer to “What’s in it for me?” is easy: You stay one step ahead of attackers who are always refining their methods, and your critical information stays safe.

A Culture of Continuous Monitoring

An effective cybersecurity culture has many dimensions, but one of the most important is continuous monitoring. For all of us as users, being able to monitor our online presence for misuse is crucial. Unfortunately, it’s easy to feel that one’s online presence is stretched thin, and that much of it is beyond one’s control. That’s why it’s helpful to keep an inventory of your website accounts, passwords, and e-mail addresses.

Password managers like KeePass and LastPass make this much easier, while also using encryption to keep the inventory confidential. You can also use e-mail as a hub for all of your other account activity. Many websites and services have options to send e-mail alerts when key account configurations change. The quicker you’re informed about these changes, the quicker you can confirm — or deny — their validity and take appropriate action.

This can mean the difference between finding out immediately that a hacker has changed your online bank account password, and finding out when you next sign in — after a massive withdrawal has been finalized.

It’s not just end users who need to contribute to a strong cybersecurity culture — businesses have a lot of catching up to do as well. Just like with users, continuous monitoring is essential. Minding your data, whether in transit or at rest, is a proactive approach to security that is often sorely lacking in the enterprise world.

Many of the breaches that we’ve all heard about weren’t noticed until months, or even years, after the breach actually happened. Attackers exfiltrated data off servers so long ago that it’s hard to know exactly what was stolen. This is the last position you want your business to be in, and it’s vital to have solutions like Security Information and Event Management (SIEM) always keeping your cybersecurity personnel up-to-date on any suspicious activity right when it happens. After all, it’s the people in your organization who spread and maintain your culture, not the automated machines and software. There’s no better way of assuring the growth and development of a strong culture of security than through training and certification. Taking a master class and earning a certification, such as the CyberSec First Responder: Threat Detection and Response credential offered by Logical Operations, will prepare your team to face any threat.

Don’t wait another week, or month, to start changing the culture around you. Take action today, whether it’s pursuing a cert, upgrading security software and tools, or even just changing those long-dormant passwords. The more effort that each of us puts into creating a culture of cybersecurity, the brighter our shared digital future will be

Originally published in CERTMAG.com

http://certmag.com/group-effort-effective-cybersecurity-requires-participation/

Note:

The article was originally written by Erdal Ozkaya and published by LinkedIn on September 13th, 2016. It is reproduced on this blog with an author’s permission.

Dear readers, hope you’ll find this post informative.

peace and blessings,

Bekim

Bekim Dauti’s Blog | Bekim Dauti’s Vlog | e-Books @Amazon Kindle Store

Security Training for Free by Erdal Ozkaya

Security for free

This blog post is like an all-star security heaven.

It will help you to learn from the best in the in industry. It has all what you need to understand on what is going on today in the security industry. It will help you gain Security certifications again for FREE.

Certifications like EC Council Hacking Countermeasures or ISC’s CISSP, sessions from Mark Russinovich to Hasain Alshakarti, Marcus Murray to Paula, Andy, Raymond and of course my self.

Of course I could not fit all the legends in but, this is a good way to kick start your career or start protect your IT environment.

Enjoy

Courses from Charles Sturt University

Hacking Countermeasures http://www.itmasters.edu.au/free-short-course-hacking-countermeasures/
Information Security Incident Handling http://www.itmasters.edu.au/free-short-course-information-security-incident-handling/
Network Security Administrator Certification http://www.itmasters.edu.au/free-short-course-network-security-administrator-certification/
CISSP Security Certification http://www.itmasters.edu.au/free-short-course-cissp-security/
Cisco CCNA Security http://www.itmasters.edu.au/free-short-course-cisco-ccna-security/
Cloud Models, Architecture, and Risk Management http://www.itmasters.edu.au/free-short-course-cloud-models-architecture-and-risk-management-submission-confirmation/

Courses From Microsoft

Defense in Depth http://www.microsoftvirtualacademy.com/training-courses/defense-in-depth-windows-8-1-security
Security Fundamentals http://www.microsoftvirtualacademy.com/training-courses/security-fundamentals
What’s New in Windows 8.1 Security http://www.microsoftvirtualacademy.com/training-courses/what-s-new-in-windows-8-1-security
Securing Your DM Infrastructure with Role-Based Admin http://www.microsoftvirtualacademy.com/training-courses/securing-your-dm-infrastructure-with-role-based-admin

Recorded Conference sessions (Microsoft Tech Ed Sessions)

P0wn3d! What’s Next? http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/WCA-B220#fbid=
Why a Hacker Can Own Your Web Servers in a Day! http://channel9.msdn.com/Events/TechEd/Europe/2014/DEV-B371
Hacker Tools for Ethical Hackers to Protect Windows Clients http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/WIN-B351#fbid=
Raiders of the Elevated Token: Understanding User Account Control and App Capabilities in Windows http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/WCA-B335#fbid=
Live Demonstration: Hacker Tools You Should Know and Worry about http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/DCIM-B341#fbid=
Learning the Basics of Penetration Testing! http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/SIA304
Case of the Unexplained: Troubleshooting with Mark Russinovich http://channel9.msdn.com/Events/TechEd/Europe/2014/WIN-B410
Malware Hunting with Mark Russinovich and the Sysinternals Tools http://channel9.msdn.com/Events/TechEd/Europe/2014/CDP-B373
Public Cloud Security: Surviving in a Hostile Multi-Tenant Environment http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/DCIM-B306#fbid=
Pass-the-Hash: How Attackers Spread and How to Stop Them http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/DCIM-B359#fbid=
The Ultimate Hardening Guide: What to Do to Make Hackers Pick Someone Else http://channel9.msdn.com/Events/TechEd/Europe/2014/CDP-B37
Hacker’s Perspective on Your Windows Infrastructure: Mandatory Check List http://channel9.msdn.com/Events/TechEd/Europe/2014/CDP-B371
CSI: Windows – Techniques for Finding the Cause of Unexpected System Takeovers http://channel9.msdn.com/Events/TechEd/Europe/2014/CDP-B370
Hackers (Not) Halted http://channel9.msdn.com/Events/TechDays/Techdays-2014-the-Netherlands/Hackers-Not-Halted
The Inside Man: Surviving the Ultimate Cyber Threa http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/ATC-B314#fbid=
The Dark Web Rises: A Journey through the Looking Glass! http://channel9.msdn.com/Events/TechEd/Europe/2014/CDP-B376
A Game of Clouds: Black Belt Security for the Microsoft Cloud http://channel9.msdn.com/Events/TechEd/Europe/2014/CDP-B305am
Cloud Network Automation: DDI/IPAM http://www.microsoftvirtualacademy.com/training-courses/cloud-network-automation-ddi-ipam
Erdal Ozkaya – Microsoft Tech Ed Talks All
http://channel9.msdn.com/Events/Speakers/Erdal-Ozkaya
Bulletproofing Your Network Security http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/WIN-B310#fbid=
Windows 8.1: Black Belt Security http://channel9.msdn.com/Events/TechEd/Europe/2014/WIN-B318
Windows To Go: Deployment, Support for BYOD, and What IT Pros Need to Know http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/WIN-B314#fbid=
Social Engineering: Manipulations, Targeted Attacks, and IT Security http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/PCIT-B319#fbid=
Field Experience: Troubleshooting Long Boot and High Resource Consumptions http://channel9.msdn.com/Events/TechEd/Europe/2013/WCA-B315#fbid=

and much more

Hack yourself First http://www.troyhunt.com/2015/03/yow-conference-talk-hack-yourself-first.html

Note:

The article was originally published by Erdal OzkayaErdal Ozkaya Personal Blog on April 19th, 2015. It is reproduced on this blog with an author’s permission.

Security in the Enterprise Certification by Erdal Ozkaya

MVACert

Do you know how cybercriminals work? Get helpful insight, in this cybersecurity course. As an IT Pro, you know that the computer threat landscape is continually changing and that increasingly sophisticated attacks are targeting your organization’s infrastructure and confidential information. Walk with experts through social media platforms to discover how they really work. Get tips and practical advice on social networking security. Plus, explore methods of developing a secure baseline and how to harden your Windows Enterprise architectures and applications from pass-the-hash and other advanced attacks, and look at system patching. Finally, learn how to help improve your organization’s security with Microsoft operating systems and tools.

1 | Security Landscape of Today and Tomorrow

Learn about how the computer threat landscape is continually changing and how increasingly sophisticated attacks are targeting your organization’s infrastructure and confidential information.

2 | Social Media Security

In this eye-opening journey, venture into the very heart of social media platforms to discover how they really work. Get tips and practical advice on social networking security.

3 | Advanced Windows Defense

Explore methods of developing a secure baseline and how to harden your Windows Enterprise architectures and applications from pass-the-hash and other advanced attacks.

4 | Free Tools to Protect Your Windows Environment

Learn how Windows Clients are ready to mitigate some of these attacks and how you can utilize your security skills.

5 | Vulnerability and Patch Management

Do you patch your systems? How often? Do you know why you should take action against patching your systems? Find out, in this helpful module.

6 | Top Mitigation Methods to Protect Your Enterprise

Learn how to improve IT security with Microsoft operating systems and tools.
Learn
  • Take a look at the security landscape of today and tomorrow.
  • Get tips and practical advice on social media security.
  • Explore advanced Windows defense.
  • Get the details on free tools to protect your Windows environment.
  • Find helpful information on vulnerability and patch management.
  • Learn about top mitigation methods to protect your enterprise.

MVA-2015

Prerequisites: None
Level: 200
MVASecurity

Note:

The article was originally published by Erdal OzkayaErdal Ozkaya Personal Blog on September 27th, 2015. It is reproduced on this blog with an author’s permission.