Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Thinking about Cyber Security Awareness Month in October SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Thinking about Cyber Security Awareness Month in October
Some social security awareness and also a way security teams from around the world can get in touch, I work as part of a small security team (to small to join something like FIRST) and would be great to speak to others in the same industry and see what they are doing.
Raymond

14 Posts
I have a few suggestions:

Update previous CyberSecurity Month information to reflect the current changes/trends

Open minded security risk assesement comparing Windows XP SP3, Windows Vista, Windows 7, OSX and popular Linux flavors.

Anything on security in the cloud.

Security in virtual environments.

Tools comparison, regardless of what the security tool(s) focus on.
Peter

2 Posts
Hello,

I think that the best bet would be a mix of the three following topics: 1) Key services that should or should not be running, and how to secure those services that are necessary. 2) How to use security tools like Nessus or Wireshark and 3) Security horror stories.

We could do the following: Start a week with a Security Horror Story. From that story we could extract a couple of security tools that could be used to prevent such horror attack and explain how to use them, how to deploy them. Them, we could explain those services that were used as attack vectors or that were vulnerable, and explain to secure them and listing what policies others use that are related to that service.

Week "n"
Day 1 Security Horror Story. Services identified and a list of tools used to secure the environment and services.
Day 2, 3 and 4 an explanation of how to use those tools of day one. One tool per day.
Day 5 and 6. How to secure thoses services involved. One per day!!
Day 7. Lessons Learned, procedures and policies that could apply.

My two niquel cents!!
MGuirao

13 Posts
Hello,

I vote (late) in:
- pentest or
- security tools (like nessus, metasploit, nmap).
MGuirao
1 Posts

Sign Up for Free or Log In to start participating in the conversation!