Friday, 23 September 2016

Affected by the Yahoo hack? Here’s what you need to do:

If you have a Yahoo account, you should act fast. Just yesterday it was confirmed that hackers stole the personal data of half a billion Yahoo accounts in the most recent cyber-catastrophe. 

Details, including names, email addresses, phone numbers and security questions were stolen from the company’s network in late 2014. It's also now been revealed that passwords were also taken, but in a “hashed” form, with the company reporting they believe the financial information held with it remains safe, unless the hashed passwords are decrypted.

Yahoo believe this was a state-sponsored act – an increasingly common scapegoat following cyber hacks today. Although Yahoo are currently notifying those potentially affected by the hack, as a precaution you can take steps now to protect your data.

Below, we will identify these steps in order to secure your information now and in the future.

This is what you need to do:

Take back your account: If your Yahoo account has been compromised, the first thing you need to do is take it back. Hackers, may have also gone after your linked accounts so check them also. Below are a series of links to the most common social and mail platforms where you can take back your account.
·         Yahoo
·         Apple
·         Facebook
·         Google
·         Microsoft
·         Twitter

Report it to the police: If you believe you have been hacked and are now the victim of identity theft or fraud, file a report with Action Fraud

Change your passwords and security questions: Even if you haven't been hacked, change your password and security questions immediately. This is especially important if your email is connected in any way to your bank or a PayPal account. 

Additionally, you should look to change the passwords in any other account that uses the same or similar security information. This ensures hackers cannot access other accounts through your Yahoo information. It is also sensible to check your password recovery settings and ensure they have not been changed to a third party. 

Tell everyone you know: In this situation it is a common tactic for hackers to target friends and family of compromised accounts to extract financial gains. So spread the news to your friends and family. Not only will this help them inform you if they see unusual activity, but it may also spare them falling victim to a similar hack.

Be wary of emails from Yahoo: Now is the perfect time for cyber criminals to strike through a phishing attack. Avoid downloading or clicking links in any emails coming from Yahoo. Almost all malware is installed unknowingly by the victims themselves. 

Update your security settings and run a security scan: Make sure you run a virus scan and have the most recent security updates on your operating system. If you don't have an anti-virus application, invest in a high quality one like McAfee or Norton Antivirus. This is something you should be doing as best practice regardless of the issue.

Continue to review your activity: Just because you’ve gotten your account back, doesn’t mean you’re safe. Hackers often leave ‘backdoors’ so they or other hackers can regain access at a later date. Make sure you continually review any activity to make sure no emails are being forwarded or security questions have been changed.

De-authorise applications: Although it may be frustrating, de-authorising accounts that are in any way linked to your Yahoo account will be essential. Although many may deem this unnecessary, it certainly is a better idea than leaving an unknown individual in your system – even if it is just precautionary.   

How serious is this? And what does it mean for Yahoo?

The most serious concern for you as a Yahoo users is if the cryptographically hashed passwords were deciphered and used maliciously. Although the hashing scheme used to encrypt the passwords is known to be relatively tough, Yahoo have yet to release any details on it.

For Yahoo, this breach comes at the worst possible time. Earlier this summer, Yahoo had announced it was investigating a breach reported to involve 200m customers. The sudden increase to 500m means “Yahoo may be facing an existential crisis” with their “already besieged business execution issues and an enduring fire sale to Verizon, this may be the straw that breaks the camel’s back” according to Corey Williams from identity management software company Centrify.

Security researcher Kurt Baumgartner from Kaspersky Labs believes that Yahoo’s failings hardly come as a surprise: “It’s unfortunate that when we are talking about this organisation, a massive breach doesn’t come as a big surprise”. Baumgartner has also criticised Yahoo’s delayed response, citing it as characteristic if we look at their “delay in encrypting IM communications, implementing https for its web properties and more”.

Wednesday, 14 September 2016

Defend your network with the new Certified Network Defender certification

Today, EC-Council launches their highly anticipated Certified Network Defender qualification. This exciting new certification focusses on developing the critical skills needed to protect, detect and respond to attacks on your network. A much needed skillset in a world plagued by cyber attacks.  
In this post we'll take a closer look at the certification and why it's so crucial for the industry.

Businesses have woken up to the ever present threat of cyber attack 

In today’s growing technological world, organisations are painfully aware threat of cyber breaches and the inadequacies of their preventative measures. In fact, a Government study has found that 51% of UK businesses experienced a security breach in the past 12 months. UK Digital Economy Minister Ed Vaizey emphasised just how “crucial” security is, with “too many firms losing money, data and consumer confidence” as a result of the vast number of cyber attacks.  

While the number of cyber attacks spawn rapidly like infectious bacteria, the demand for individuals certified in cyber security has far out paced supply. Findings suggest that 7 of the 10 cyber breaches on UK companies could have been prevented, pointing at a lack of industry knowledge. Furthermore, 28% of organisations experienced a shortage of network security specialists and by 2019 its expected that the demand for cyber security skills will triple the supply of personnel available.  

What can the CND do?  

Why is it that some businesses lock their doors and put on an alarm, yet they leave their most valuable data completely unprotected? A businesses network is a businesses first line of defence against cyber attacks. Unfortunately, set up incorrectly, it can be an open to door to cyber criminals. Once they're in they can infect your database, install ransomware and compromise your applications.  

The CND, built from a common body of knowledge, focusses on defence.  It is made up of 14 of the most current network security domains, aimed at upskilling network administrators with the knowledge and skills to protect, detect and respond to network security threats. 
As network administrators are familiar with network components, traffic, performance and utilisation, network topology, location of each system and the security policies, they can play an increasingly significant role in becoming the first line of defence for any organisation.   
The course outline was devised by a series of surveys and industry related interviews with lead security managers to address the shortcomings within their existing workforce and organisation. The result is the following 14 modules: 
  1. Computer network and defence fundamentals 
  2. Network security threats, vulnerabilities and attacks 
  3. Network security controls, protocols and devices 
  4. Network security policy design and implementation  
  5. Physical security  
  6.  Host security  
  7. Secure firewall configuration and management 
  8. Secure IDS configuration and management 
  9. Secure VPN configuration and management  
  10. Wireless network defence 
  11. Network traffic monitoring and analysis  
  12. Network risk and vulnerability management 
  13. Data recovery and back-up
  14. Network incident response and management  

So what makes the CND so special? 

More than just a certification catered to the current needs of the market, the CND course boasts other impressive features: 
The course is made up of 50% hands-on labs and practical work. The benefit of this skills-based, lab intensive program is that you gain invaluable real-world experience in the event of a real breach.  

Unlike many other certifications, the CND course has shifted its focus from the technology used in security, to the operations and processes involved in securing a network. EC-Council liken this focus on operations over the transitory technology to learning mathematics without a calculator. Rather than mindlessly using technology, you’ll learn the why and the how. The benefit of this is that you’ll develop a more holistic, in-depth understanding of security that can help you better protect your organisation.  

Additionally, the CND being a vendor-neutral certification speaks again to the wide audience this certification will benefit as it means the skills can be taken away and transferred to the various technologies organisations use.  

Certification and Training Details 

Available now, Firebrand is delighted to launch the accelerated CND certification course alongside EC-Council.  

The course will be 4 days in duration including the exam, 20% faster than traditional training. As an official provider of EC-Council certifications, you will benefit from certified instructors, and official material giving you the best chance to pass.  

Having just been awarded EC-Council Accredited Training Centre of the Year for the eighth successive year, you know you're in safe hands. 

The Certified Network Defender credential has replaced EC-Council’s ENSA v4.0, which is set to be retired on March 13th 2017.  

Thursday, 8 September 2016

Discover the big name finalists named for EC-Council Foundation's InfoSecTech & Exec Awards 2016

Earlier this week EC-Council Foundation announced the finalists for their upcoming InfoSec Tech & Exec Awards Gala running at Hacker Halted on September 14th in Atlanta, GA

On 6th September, EC-Council Foundation announced the finalists for the prestigious upcoming InfoSec Tech & Exec awards. The event honours cyber security professionals, recognising those who represent the very best in their field. 

There are seven award categories across which the nominations are spread. These include Certified CISO (CCISO) of the Year, CISO of the Year, Innovative Security Project of the Year, Most Improved Security Program of the Year, Ethical Hacker of the Year, Penetration Tester of the Year, and Forensics Analyst of the year. Let’s take a closer look at the categories and the big names announced:

Certified CISO (CCISO) of the Year

This award recognises high level professionals, all of which carry the EC-Council Certified CISO credential. They were selected for their contributions to the CCISO community, as well as to the information security industry as a whole. Finalists include:

Richard Ryan II Hernandez, Information Security Officer at LafargeHolcim; Paul Horn, CISO at HD Vest Financial Services; Hung-Pin Hsieh, Senior Manager at Acer Inc.; Luis O. Noguerol, President & CEO at Advanced Division of Informatics & Technology, Inc.; and Niran Seriki, Senior Cyber Security Consultant for EU Institutions.

CISO of the Year

This award highlights professionals who have been nominated for their leadership and innovation in working to secure their organisation. This is achieved amongst a constantly changing landscape of threats. Finalists include:

Syed Azher, CISO at Impact Group; Medha Bhalodkar, CISO at Columbia University; Pavankumar Bolisetty, Global Head - Information Security at Wave Crest Holdings Ltd.; Jared Carstensen, Chief Information Security Officer at CRH plc.; Kok Kee Chaiw, Vice President, IT Security & Assurance IT Security & Assurance at MEASAT Broadcast Network Systems Sdn Bhd (ASTRO TV Malaysia); Bobby Dominguez, Chief Strategy & Security Officer at Lynx Technology Partners, Inc.; Youssef Elmalty, Head of Cyber Security at IBM; Aizuddin Mohd Ghazali, Group IT, Head, Risk & Security Management at Sime Darby Holdings Bhd; Amit Ghodekar, Vice President, CISO at Motilal Oswal Financial Services Ltd; Marvin Marin, Cyber Security Program Manager & Technical Advisor at NetCentrics; Michael Molinaro, CISO & VP at BioReference Laboratories, Inc., JR Reagon, former Global CISO at Deloitte; and Eric Svetcov, AVP, Information Security & CSO at MedeAnalytics.

Innovative Security Project of the Year

This award will recognises a cyber security project that showed an advanced difficulty level while innovating with methods or solutions to support the business goals of its organisation. The finalists include:

Chen Heffer, Cyber Security Officer and his team at the Douglas County Government; Dan Nagle, Senior Software Engineer at Harman Professional Solutions; and Niran Seriki, Senior Cyber Security Consultant at EU Institutions.

Most Improved Security Program of the Year

This exciting award recognises the impact strong leadership can create in securing an organisation when the correct frameworks, policies, and governance are put in place. The finalists for this award include:

Chad Cottle, Chief Information Security Officer and his team at City of Lexington, KY; Juan Gomez-Sanchez, Chief Security Officer at Lennar Corporation; Brenda McAnderson, Chief System Sustainment at System Sustainment, National Cybersecurity Protection System (NCPS), Network Security Deployment (NSD), Office of Cybersecurity and Communications (CS&C), U.S. Department of Homeland Security (DHS); Paul Medici, Director at Fidelity; and Preston Werntz, Chief, Technology Services Division at U.S. Department of Homeland Security, Office of Cybersecurity and Communications.

Technical awards

The following awards focus on the technical expertise of cyber security professionals. This is the first time EC-Council Foundation is awarding these categories.

Ethical Hacker of the Year

This award resonates strongly with EC-Council Foundation’s mission of global cyber security, r
einforced by the Certified Ethical Hacker certification. The award highlights the critical role that ethical hackers play in identifying, reporting and patching weaknesses in the world’s cyber infrastructure. The finalists include: 

Marc Rogers Information Security & IT Expert at CloudFlare, Ankur Chandrakant, Cyber Security & Forensics Expert at Cyber Radix Academy for Future Technology; Zechariah Akinpelu, Team Lead, Application and Database Security Control at Fidelity Bank PLC; Christopher Chavez, Cyber Security Consultant at Avyara Information Systems; and Ali Tabish, Sr. Information Security Analyst at Moon International Pak Pvt Ltd.

Penetration Tester of the Year

This award recognises the professional pen tester who embodies the very best principles of penetration testing. They do this by contributing to the industry and the positive view of information security professionals. The finalists are:

Bassem Helmy, Senior Security Consultant at Deloitte Middle East; Bastien Treptel, Director at Ctrl IT Pty Ltd; Srinivasan Subramaniam Muthukondapuram of Consulting Private Limited, Jonathan Paz Gamer & Black Box Pen Tester at RootByte; and Shitesh Sachan, Sr. Lead Application Security at hCentive.

Forensics Analyst of the Year

This award recognises the professional showing exemplary work in forensics analysis through innovation and meticulous performance of duties. The finalists include:

Andrew Case, Director of Research at Volexity; Ahmed Fawzy, Information Security Manager at Raya Contact Center; Muhammad Nuh Al-Azhar, Superintendent Police - Chief of Computer Forensic Lab. at Indonesian Police Forensic Laboratory Centre; Manish Aggarwal, Netowrk Security Analyst at Total IT Solutions Education Organization; and Yamikani Gogo Wilfred Hauya, Systems Support Officer at Malawi Revenue Authority.

The InfoSec Tech & Exec Gala will precede Hacker Halted, EC-Council Foundation’s largest annual cybersecurity conference, as well as the Global CISO Forum, the Foundation’s premier executive-level event. Tickets are still available for both events.

Thursday, 1 September 2016

Cisco updated their CCNA Routing & Switching Certification - Here’s everything you need to know:

On the 17th of May Cisco announced some major changes to their flagship CCNA Routing & Switching certification moving from version 2 to 3 – here’s a breakdown of everything you need to know about the new and improved version 3.

What is the CCNA Routing & Switching?

The Routing & Switching certification aims to teach you the knowledge and skills needed to install, operate and troubleshoot a small-to-medium enterprise branch network as well as the basic network security and complex connections. The course is made up of ICND1 (CCENT) and ICND2 (CCNA), which collectively equate to the CCNA.   

Why has the CCNA Routing & Switching Certification been updated?

Although characteristic of Cisco to update their leading courses every four to five years, Pim Leemans, Cisco instructor, suggests there are additional reasons behind the revamp. “The way we learn has been changing a lot in previous years. Unlike before there will be less theory and more learning by just doing”. Cisco reflect these changes in learning through the introduction of Discovery and Challenge Labs, which teach and test students through practical tasks. Cisco state that the developments of the Routing & Switching certification also aims to meet the advancements in technology and better empower IT professionals with “the understanding of software defined networking (SDN) and the integration of virtualised resources utilised in Enterprise network architectures”.

What do the changes look like?  

Interconnecting Cisco Network Devices Part 1 (ICND1)
100-101 ICND1
Interconnecting Cisco Network Devices Part 1 (ICND1)
100-105 ICND1
Interconnecting Cisco Network Devices Part 2 (ICND2)
200-101 ICND2
Interconnecting Cisco Network Devices Part 2 (ICND2)
200-105 ICND2
Composite CCNA
200-120 CCNA
Composite CCNA
200-125 CCNA

Aside from the changes in the exam numbers, the content of the Routing & Switching certification has changed.

Changes from ICND1 v2.0 to ICND1 v3.0:

Pim Leemans describes the largest changes within ICND1 as the treatment of RIP as the only routing protocol and subjects on device management being moved from ICND2 to ICND1.  

Key topics removed or moved to ICND2:

  • OSPF (single area) and other OSPF topics were moved to ICND2 since RIP is used to introduce CCENT candidates to IP routing protocols.
  • Dual Stack was removed as there are multiple IPv4 and IPv6 transition technologies being used.
  • Cisco Express Forwarding (CEF) has been removed.  

Key topics added:

  • High level knowledge of the impact and interactions of infrastructure components, such as:
    • Firewalls
    • Access Points
    • Wireless Controllers
  • An awareness of the Collapsed Core architecture instead of the traditional three-tier architectures. This effectively joins Distribution and Core into a single tier with Access as a second tier.  
  • Required to configure and verify IPv6 Stateless Address Auto Configuration (SLAAC).
  • Added Anycast to the list of IPv6 addressing types.
  • Required to have knowledge of Link Layer Discovery Protocol (LLDP). An L2 discovery protocol used in addition to Cisco Discovery Protocol.
  • RIPv2 for IPv4 serves as a primary focus for routing protocols.
  • Added requirements to understand DNS and DHCP related connectivity issues.
  • Understanding of Syslog message logging for device monitoring.
  • Skills and knowledge for backing up and restoring device configurations.

Changes from ICND2 v2.0 to ICND2 v3.0

Pim Leemans believes the ICND2 “has changed the most” with the emphasis on outdated technologies such as Frame Relay being replaced by Multi-Link PPP and PPPoE. The more challenging subjects of EBGP, RADIUS and Tacacs+ authentication are now also addressed.

Key topics removed:

  • Frame Relay and Serial WAN technology has been omitted
  • Only HSRP remains from First Hop Redundancy Protocols (VRRP and GLBP removed).

Key topics added:

  • Required to have knowledge of dual-homed vs single-homed Intelligent WAN topology options.
  • Need basic knowledge of external BGP (eBGP) used to connect Enterprise branches.
  • VPN topics now include; DMVPN, Site-to-Site VPN and Client VPN in common Enterprise use.
  • Must have an understanding of how Cloud resources are being used in Enterprise network architectures e.g.
    • How Cloud services will affect traffic paths and flows
    • Common virtualised services and how these coexist with legacy infrastructure
    • Basics of virtual network infrastructure (Network Function Virtualisation)
  • Awareness of Programmable Network (SDN) architectures including:
    • Separation of the control data plane
    • How a controller functions and communicates northbound to network applications and southbound to the R&S infrastructure using API’s.
  • Using Path Trace applications for ACLs, which is an essential new network application enabled by the Application Policy Infrastructure Controller – Enterprise Module (APIC-EM).
    • The tool is designed to automate the troubleshooting and resolution of complex ACL deployments.
  • Understanding QoS concepts related to marking, shaping and policing mechanisms for congestion management.
    • Need an understanding of how QoS is used for prioritising voice, video and data traffic. Plus an understanding of the automation provided by programmable networks to implement business critical QoS policies.  

For even more detail on the curriculum changes:

What does this mean for the old exams?

The exams 100-101 ICND1 and 200-120 CCNA can no longer be taken (August 20th deadline). The ICND2 exam, however, can still be taken until the 24th of September this year.

Can I combined exams?

Yes, if you already have the ICND1 (CCENT) certification v2.0 then you can get the ICND2 (CCNA) certification v3.0 and still end up with your CCNA qualification.