I wish I could handle MAC, but I’ve been a PC guy since abandoning Unix (not Linux) in 1995. Because MAC OS X is based on Unix, I would like to move my computing platform there some day. That won’t be an easy task, never mind the additional investment on hardware. However, iPhone and iPad have given me exposure to Apple’s IOS now and I wanted to find out how Apple products are being used in the enterprise. The timely MacIT Conference discussed that very subject.
One of the sessions that caught my attention was A Survey of OS X Capable Network Security Software and What They do. The presentation was from the view of MAC OS X users, but the result was very much applicable to other platforms.
This 45-minute session was full of useful information about network security tools and processes. The following is a summary of the talk by Dan O’Donnell (@danothebeach), Information Systems Security Officer, Boeing. He covered many things, mainly in bullet form. I do not know how else to present his talk, but I added some comments and links to make the bullets more useful for my readers.
In any field, if you want to sound like an expert, you should know some jargon. Such jargon as data at rest and data in transit is self-explanatory. (If not, check this link.) His talk was full of jargon and acronyms. I have explained the terms below.
Standards, standard organizations, and certifications
Standards and standard organizations are important considerations for network security.
- International Organization for Standardization (ISO): the international organization for standardization; develops and publishes international standards
- Information Systems Audit and Control (ISACA): independent, nonprofit, global association; engages in the development, adoption, and use of globally accepted, industry-leading knowledge and practices for information systems
- Information Technology Infrastructure Library (ITIL): the most widely accepted approach to IT service management in the world; owned by AXELOS
- ISO 27000, 27001, 27002 — Security specific
- ISO 20000 ———————- IT in general
Certifications useful for security experts are:
- Certified Information Security Manager (CISM): requires individuals to pass a written examination and have at least five years of information security experience with a minimum of three years of information security management work experience in particular fields.
- Certified Information Security Auditor (CISA): certification in the field of audit, control, and security of information systems.
- Certified Information Systems Security Professional (CISSP): independent information security certification governed by the International Information Systems Security Certification Consortium, also known as ISC. Both CISM and CISA are fine, but O’Donnell said this certification makes you stand out in the crowd.
- CompTIA Security+: approved by US Dept. of Defense to meet information assurance (IA) technical and management certification requirements.
InfoSec models: computer network defense, exploitation, and attack
- Computer network defense (CND): includes actions taken via computer networks to protect, monitor, analyze, detect, and respond to network attacks, intrusions, disruptions, or other unauthorized actions that would compromise or cripple defense information systems and networks. Joint Pub 6.0 further outlines computer network defense as an aspect of NetOps.
- Computer network exploitation (CNE): includes enabling actions and intelligence collection via computer networks that exploit data gathered from target or enemy information systems or networks.
- Computer network attack (CNA): includes actions taken via computer networks to disrupt, deny, degrade, or destroy the information within computers and computer networks and/or the computers/networks themselves.
- Discovery by scanning: Vulnerability can be found by scanning; this is a good article on this subject.
- Undiscovered (0day or zero day): A zero day vulnerability refers to a hole in software that is unknown to the vendor.
- Passwords, ports, and protocols: O’Donnell said that the rainbow table has a table to describe hashed passwords and corresponding original passwords for passwords up to 14 or 15 characters. So passwords at least 16 characters long are safer. A relevant article is here.
NVD is the US government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP).
OSVDB’s goal is to provide accurate, detailed, current, and unbiased technical security information
Continued to Part 2