BH Consulting Security Watch Newsletter

Helping you Piece IT Together

Issue November 2006

In this month's issue of our Security Watch Newsletter we update you on some of the latest happenings at BH Consulting, highlight the release of the latest SANS Top 20 list, present two interesting videos developed by the Dutch CERT team, discuss how to develop your own portable security kit, discuss virtualisation technology, highlight how Microsoft and Cisco team up on Network Access Control and how to Radically Simplify IT.

About BH Consulting
BH Consulting was founded in answer to demands for an independent consulting firm to assist clients gain a competitive edge by achieving IT Operational excellence in deploying, managing and securing their IT infrastructure. With over 20 year’s experience, we provide you with access to in-depth expertise, experience and technical know-how. Backed with our quality processes and commitment to deliver, BH Consulting provides clients with quality solutions at cost effective rates.

Support Focus Ireland
If you have found any items in our Security Watch Newsletter to be of use to you we ask that you make a donation to Focus Ireland who work tirelessly supporting the homeless throughout Ireland. Focus Ireland aims to advance the right of people-out-of-home to live in a place they call home through quality services, research, and advocacy. The objectives of Focus Ireland are to respond to the needs of people out-of-home and those at risk of becoming homeless, through a range of appropriate high quality services, to provide emergency transitional and long-term accommodation for people out-of-home, to campaign and lobby for the rights of people out-of-home and the prevention of homelessness. No sum is too small and all is put to excellent use.

BH CONSULTING NEWS
BH Consulting Addressed NITEs Seminar
Earlier this month Brian Honan addressed the 5th annual National IT & eSecurity Summit on the topic of "Improving Security - Incident Response". The presentation was well received by those attending and a copy of the presentation is available here.

BH Consulting Spoke at SANS Amsterdam
Over 250 people from around the world attended the SANS Amsterdam training event in November. Brian Honan was Master of Ceremonies for the Community Night event and also presented to the attendees on the value of the community in tackling cyber crime.

BH Consulting Participates in ENISA Workshop on Information Security Certification
ENISA (the European Network and Information Security Agency) hosted a workshop in Athens on the topic of "Information Security Certification". The purpose of the workshop is to start the process of identifying the key certification schemes pertinent to information security in the areas of People, Process and Technology within the European Union. Our Senior Consultant Brian Honan represented BH Consulting at this workshop and gave a presentation on the "Value of Certifications" and also produced a position paper on the subject.

The SANS Top 20 Internet Security Attacks
As part of his role as European Editor for the SANS Institutes NewsBites newsletter, Brian Honan was invited to attend the latest release of the new SANS Top 20 Internet Security Attacks. This list if available for free to anyone concerned about information security at The SANS Institute's website. We recommend everyone reviews this list to ensure they can best prepare their network and system defences against the most common threats facing organisations today. Brian provides more details on the list through our recently launched Security Watch Blog.

Security Watch Blog Launched in November.
As mentioned in our October Security Watch newsletter we have launched our Security Watch Blog. We intend to make this Blog a valuable and informative resource for those concerned with information security. We hope to update the Blog regularly with interesting stories concerning information security, updates on BH Consulting's engagements and activities and where appropriate provide our insight and opinions on various items. Please visit our Security Watch Blog and let us have your feedback.

The US Cyber Consequences Unit Cyber-Security Checklist Released.
The U.S. Cyber Consequences Unit is an independent research group that supplies the U.S. Department of Homeland Security with information on the consequences of cyber-attacks and evaluate the cost-effectiveness of countermeasures in place to prevent such attacks. As part of this research, the U.S. Cyber Consequences Unit recently published its "Cyber-Security Check List". This list is a comprehensive guide to help those responsible for managing the security of their information and is broken down into the following categories, hardware, software, networks, automation, humans and suppliers. Brian Honan reviewed earlier drafts of this document and provided valuable feedback and insight which has been incorporated into the final version. The US Cyber Consequences Unit have made the list available for posting on our website and is available for download here.

Brian Honan Discusses the Setting Up of a CERT in Ireland
Brian Honan was recently interviewed by the SiliconRepublic.Com, Irelands Technology News Service, on the research Brian is doing on whether or not their is a need for a Computer Emergency Response Team in Ireland. The article is available online at SiliconRepublic.Com's website.

BH CONSULTING WEBSITE UPDATE
We strive at BH Consulting to provide information that is relevant and useful in securing and running your business. To this end we provide a range of whitepapers available for download free from our white papers page.

The latest addition to our whitepapers is are;

Brian Honan's Presentation on Incident Response at the NITeS 2006 Seminar. (773 KB)
The U.S. Cyber Consequences Unit recently published its "Cyber-Security Check List". (265 KB)
GOVCERT.NL's "Digital Threats at Home" Security Awareness Video (Windows Media Format 28 MB)
GOVCERT.NL's "Botnet Movie" Security Awareness Video (Windows Media Format 18 MB)

LATEST THREAT LEVELS
Get more information on the latest updates on current threats at our online resources page;

FEATURES

GOVCERT.NL Release Security Awareness Videos
GOVCERT.NL, the Computer Emergency Response Team for the Dutch Government, released two very good and informative videos aimed at raising security awareness amongst computer users. The first video "Digital Threats at Home" demonstrates how end users can be fooled into putting their computers and ultimately their personal data at risk. The second movie "Botnet" shows the dangers of viruses, worms and botnets. Both videos are very good and can be used for your own use for educational purposes provided they are not altered in any way and that the work is attributed to GOVCERT.NL.

Developing Your Own Portable Security Toolkit
Finding the right utility or tool can shave a significant amount of time and effort from a given task or even let you complete tasks that would otherwise be impossible. Many of us have discovered our favourite tools by word of mouth or while looking for the solution to a particular problem. But as you know, finding a great tool is only half the battle: You must then download and install it, learn to use it in your environment, and figure out how... Click Here for more.

Cisco and Microsoft Team Up On Network Access Control
Cisco and Microsoft announced that their respective technologies, Cisco Network Admission Control (NAC) and Microsoft Network Access Protection (NAP), will be interoperable. Both technologies are designed to prevent computers from accessing a network unless they meet specific "health" checks. Both companies demonstrated the new interoperability at The Security Standard conference in Boston during the first week of September... Click Here for more.

Virtualisation Technologies
Virtualisation is one of the hottest technologies in IT today, and the excitement is fuelled in part by free server virtualisation products from Microsoft and VMware. Virtualisation started as software that let you run different operating systems on the same computer simultaneously. Today's technologies extend virtualisation to the application level and even to the hardware level, and mature products are available in each category. Even if you're not using... Click Here for more

FREE SECURITY SCAN
In partnership with Qualys, BH Consulting are offering a for a free Network Security Scan so you can check how healthy your network is. To find out more about what this service can do for you, visit our free Network Security Scan.

Alternatively contact us or visit our website to get more details on our risk assessment service.

This issue of Security Watch is being brought to you by BH Consulting. If you have found this issue to be of use please support our drive to raise funds for Focus Ireland.

Each Security Watch eNewsletter, and the special Security Alert issues, are produced independently by the Windows IT Pro Custom Media Group and is distributed by various Microsoft security partners. Each eNewsletter contains up-to-date information about security strategies, technologies, and alerts. Each Security Alert contains the latest information about security threats.

Additional news courtesy of Silicon Republic, Cnet, Silicon and Zdnet

To update your subscription to our newsletter click here. To unsubscribe click here