Security Ripcord

Cutaway Influences Security Managers AROUND THE WORLD!!

February 21st, 2008 cutaway Posted in Email, SANS, Security 1 Comment »

As I mentioned in the SMTP Server Security post, “I have just finished writing a paper for a SANS‘ initiative that Stephen Northcutt is working on.” I have recently learned that this paper has been accepted for the SANS MGT512 Courseware Update and, in whole or part, will be influencing Security Managers from around the world when it is introduced into the SANS course rotation. For those of you who are not familiar with the SANS Security Leadership Essentials For Managers with Knowledge Compression here is an excerpt from the course description.

This completely updated course is designed to empower advancing managers who want to get up to speed fast on information security issues and terminology.You don’t just learn about security, you learn how to manage security. Lecture sections are intense; the most common student comment is that it’s like drinking from a fire hose. The diligent manager will learn vital, up-to-date knowledge and skills required to supervise the security component of any information technology project. Additionally, the course has been engineered to incorporate the NIST Special Papers 800 guidance so that it can be particularly useful to US Government managers and supporting contractors.

Attending this course will help Security Managers achieve the GIAC Security Leadership Certification (GSLC) which is required for those who are responsible for being in compliance with DoD 8570 IAM Level 1, 2, or 3.

I worked hard on this small little piece of the puzzle and I am very happy that it was included. I would like to give you a little taste of the write up here but I am afraid that you are just going to have to register and complete the course. I can tell you, however, that I did manage to work in a quote about data loss prevention by my friend Rich Mogull (get well quick, Rich) over at Securosis and the Network Security Podcast which he wrote for Network World back in February of 2008.

Although an important topic, DLP is an evaluation of “an overview of major gateways, data repositories, and endpoint management infrastructure” which should be performed as its own initiative.

So I did spread the love, at least a little.

As to “Influencing Security Managers AROUND THE WORLD!!!?” Well, it is a big job, but somebody had to do it. Actually, I am glad I could contribute even if it was just a little bit.

Go forth and do good things,

Don C. Weber

P.S. Remember, I am a SANS Affiliate. If you are going to be attending any SANS classes start by clicking on a link from this site. SANS will kick me a few bucks that will help contribute to my training and conference appearances. My, and Security Managers AROUND THE WORLD!!!, thanks in advance.

Technorati Tags , , , , ,

SMTP Server Security

February 16th, 2008 cutaway Posted in Email, SANS, Security 1 Comment »

I have just finished writing a paper for a SANS‘ initiative that Stephen Northcutt is working on. Although I do not have permission to provide it here (yet) I thought you all might be interested in some of the resources I have tracked down relating to this subject. There is no particular order and some of the information may be redundant, but here you go.


General guidance SANS Top 20: http://www.sans.org/top20/

Open relay source: http://www.spamhelp.org/shopenrelay/

Mail relay and spoof source: http://www.defendingthenet.com/Newsletters/HackingSMTPGatewaysCommandReference.htm

Open relay mitigation source: http://www.mail-abuse.com/an_sec3rdparty.html

Mail relay testing source: http://www.abuse.net/relay.html

DoD bans webmail source: http://www.sans.org/newsletters/newsbites/newsbites.php?vol=8&issue=102

Microsoft 2007 Security Guide: http://technet.microsoft.com/en-us/library/bb691338.aspx#BestPractices

Email spoofing source: http://www.windowsecurity.com/articles/Email-Spoofing.html

How email works source plus securing your server: http://www.ftc.gov/bcp/conline/pubs/buspubs/secureyourserver.shtm

Server security source: http://spamlinks.net/prevent-secure.htm

Spoofed email source: http://www.cert.org/tech_tips/email_spoofing.html

spoof detection source: http://www.fraudguides.com/internet_detect_spoofed_email.asp

Linux Journal article: http://www.linuxjournal.com/article/5753

7 reasons why HTML e-mail is EVIL!!!: http://www.georgedillon.com/web/html_email_is_evil.shtml

Expert warns of security dangers from webmail: http://www.itwire.com/content/view/2373/53/

Internal/External email server: http://en.wikipedia.org/wiki/Demilitarized_zone_(computing)

SMTP Security: http://technet2.microsoft.com/windowsserver/en/library/ded0ca67-f81c-49ad-91d4-cb21bc91dd0b1033.mspx

Data loss prevention: http://www.networkworld.com/columnists/2008/020408insider.html?fsrc=rss-security

Go forth and do good things,

Don C. Weber

Technorati Tags , , , , , ,

Fake Cop Captured Via Email

December 14th, 2007 cutaway Posted in Email, Security, police 1 Comment »

Most of you might not know that there was a fake police officer pulling people over and getting free meals in the area s surround League City, Texas which is just southeast of Houston, Texas. In fact the news did not pick up the story until December 12th, 2007 when my wife’s oldest friend was pulled over and questioned by the imposter.

The cool thing about this story is that the news coverage did not help capture this person. In fact, it was an email from my wife’s friend to several of her friends in League City. Then the viral marketing began. Apparently, this email spread through League City like wild fire and a strong wind. Eventually it got back around to a woman who thought the description of the individual, his clothes, and his vehicle sounded very similar to her husband. After that it was game over. The police had the man in custody that evening and now the world is safer, all because of one email.

The concept of phony police officers is not new. I’m sure that posing as a person in a position of authority goes back to the advent of civilization. But how can law abiding citizens protect themselves from falling victim to these types of persons? After all, it is the natural instinct of most law abiding citizens to not question authority as was the case with my wife’s friend. However, people should act on their suspicious if they feel uncomfortable about a situation. I have a few recommendations for people who find themselves on a lonely street, in the middle of nowhere, and feel uncomfortable about letting a stranger approach their vehicle and, verbally or physically, remove them from the vehicle.

Disclaimer: All situations are different. Use your own judgment as to how to protect yourself. These are merely suggestions to get you thinking down the right path. YOU are responsible for your personal security.

  • Cell phones are your friends. Dial 911 and start talking with the person on the other end. Police departments usually know the exact location of all their officers. 911 operators are most likely trained to handle this situation. (No, I have not had time to call and verify). The 911 operator will be able to tell you if a person is a police officer or even dispatch a police office in a clearly marked vehicle and uniform.
  • Always keep your doors locked when you are driving. It is much harder to car jack somebody when the doors will not open.
  • Remain calm and think. Panic breeds rash decisions like speeding off and possibly crashing during a high speed pursuit.
  • Do not speed off unless you believe it is absolutely necessary to save your life. It is very hard for a person to chase down even a slow moving car. If you drive off do so slowly and remain at or below the speed limit until you come to a safe place that you can stop. If you are obeying traffic laws most police officers are not going to forcibly stop you until they have backup, which is what you want.
  • If you do drive off start thinking about a safe place to stop. Think of a place with lots of people or where multiple people will notice your arrival. Open gas stations are good because they are surrounded by open glass and the attendants will usually notice a vehicle approaching. Drug stores, although usually open, are not so good because the attendants don’t know anybody is around until the front door opens.
  • Police do not need to touch you do give you a ticket. Do not roll your window all the way down. You can give them all of the information they want through a small crack in the window. If they ask you to roll down your window, politely refuse. If they keep insisting explain that you would like to wait until another police officer, in a separate vehicle is present. This way you cannot be grabbed or assaulted with most weapons.

If you have more recommendations, please leave a comment, especially if you are a police officer. People need to know the best way to handle this situation while protecting themselves from the Taser of a frustrated police officer.

Go forth and do good things,

Don C. Weber

Technorati Tags , , , ,