By, John Strand, Sr. Instructor at SANS Institute
In incident response there is an odd play of realities.
We know we have been hacked, we may even know where the command and control (C2) server is located. But knowing the actual IP address of the attacker is somewhat of a distant dream of security pros. Sure, we clean up the mess, we possibly work with law enforcement and we know that somehow the attacker may make a mistake that will allow us to have some sort of closure on the event.
We even have tools that somewhat help with the process. Right now firms like Mandiant and CrowdStrike are fingerprinting attackers' tactics and procedures creating detailed lists of different
SANS Director of Emerging Security Trends John Pescatore caught up with Dr. Cole to talk with him about the upcoming SANS SOC Summit in which Dr. Cole is co-chairing.
JOHN — Security Operations Centers have been around for quite a while. Why did SANS decide to host the first SOC summit and what has been the overall response?
ERIC — Organizations are continuously getting broken into with significant amount of damage. Setting up and deploying a SOC is how to better control the overall damage. Monitoring of an organization to identify andtimely respond to attack via a SOC (Security Operations Center) is the way to help resolve this issue. As SOC's
Security is always a balance between functionality and access. The key rule we always follow is to give an entity the least access it needs while still allowing it to perform its job. With network architecture, the key is to provide proper segmentation so that user can access the appropriate data while reducing the risk of potential compromise.
If you look at the requirements for systems that reside on our network, you will probably notice that they can be grouped into several categories, according to the type of information that they contain:
- Public: These resources reside on the Internet and, from the perspective of
Exciting changes for the Securing Windows course (SEC505) with lots of PowerShell labs.
By, Paul A. Henry
MCP+I, MCSE, CCSA, CCSE, CISSP-ISSAP, CISM, CISA, CIFI, CCE, ACE, GCFE, GCFA, GSEC, GICSP, GCED, GPPA, VCP4/5, VCP-DCV (5.5), vExpert
Senior SANS Instructor - email@example.com
March Patch Tuesday brings 5 Critical and 9 important patches — including 2 issues that have been publicly disclosed.
Lets look at the details:
• MS15-018 Is a Cumulative Update for Windows IE that is rated as Critical — It mitigates a single CVE related issue that could provide Remote Code Execution
• MS15-019 Mitigates a Critical VBScripting Engine issue (single CVE related) that could allow Remote Code Execution