The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Archive for August, 2008

TSOM 4.1.1 Available

Posted by Xavier Ashe on August 27, 2008

Tivoli Security Operations Manager V4.1.1 is now available. To download this updated release support entitled customers should access the Passport Advantage Customer download site.

Tivoli Security Operations Manager V4.1.1 has been updated to include the following:

Additional Platform Support

* Added Windows 2003 SP2 64
* Added Red Hat Linux 5.x

Integration

* Tivoli Change and Configuration Management Database integration via Tivoli Application Dependency Database Manager
* IBM Tivoli License Manager Support
* IBM Support Assistant Support

New Capabilities / Enhancements

* IPv6 Tolerance
* LDAP Authentication
* Compliance Reports for PCI

Advertisements

Posted in Uncategorized | Leave a Comment »

Bill Cosby likes my first Computer

Posted by Xavier Ashe on August 21, 2008

My dad got one of these for Father’s Day when I was 6.  It was the TI-99-4a. I still have it and it still works.

Posted in For Fun, Personal Note | Leave a Comment »

Free Incident Management Courses

Posted by Xavier Ashe on August 21, 2008

EMI replaced its Incident Command System (ICS) curricula with courses that meet the requirements specified in the National Incident Management System (NIMS). EMI developed the new courses collaboratively with the National Wildfire Coordinating Group (NWCG), the United States Fire Administration and the United States Department of Agriculture.

The goods can be found on FEMA’s website (Yes, that FEMA).  Over on Securosis.com, Rich thinks it’s pretty good:

Although I haven’t written much about it on the blog (just the occasional post), one area I talk a lot about is incident response and disaster management. Translating my experiences as a 9-1-1 and disaster responder into useful business principles. I’m frequently asked where people can get management level training on incident management. While SANS and others have some technology-oriented incident response courses, the best management level training out there is from FEMA.

Yes, that FEMA.

For no cost you can take some of their Incident Command Systems (ICS) courses online. I highly recommend ICS 100 and ICS 200 for anyone interested in the topic. No, not all of it will apply, but the fundamental principles are designed for ANY kind of incident of ANY scale. If nothing else, it will get you thinking.

Posted in Security | Leave a Comment »

DEFCON 16: List of tools and stuff released

Posted by Xavier Ashe on August 20, 2008

DEFCON, the 9000+ attendee hacker conference in Vegas has become a sort of hydra conference. It has become more like a global fair than what most people think of conferences; even the badge is highly unique.

I say this because there are so many things to do at DEFCON, other than going to talks, that you could spend your whole weekend looking at the “World’s Largest Boar!”, so to speak. One of the CTF (Capture the Flag) contest winners this year actually exclaimed that he only made it to 2 talks in 12 years! I am also one of those individuals who barely get a chance to go to talks and now that the speaker pool is so diverse, it’s hard to find all of the “stuff” they release.

Before anyone has a chance to post “it’s all on the DEFCON CD dummy,” I want to challenge them to try. After a weekend of googling (which came back with few results) and making contact with some of the speakers, I provide you with a mostly accurate list of “stuff” that was released at DEFCON this year. If any of the information is inaccurate, or a tool is missing, please contact me and I will update this post.

Posted by Ryan Naraine at ZDnet.

Posted in Security, Tools | Leave a Comment »

Banned DefCon preso anyone?

Posted by Xavier Ashe on August 18, 2008

http://cryptome.org/mbta-v-zack/Defcon_Presentation.zip

Posted in Security | Leave a Comment »

Comment on the Yellow Book (no, not the yellow pages)

Posted by Xavier Ashe on August 18, 2008

TO AUDIT OFFICIALS, AGENCY CIOS, AND OTHERS INTERESTED IN FEDERAL INFORMATION SYSTEM CONTROLS AUDITING AND REPORTING

This letter transmits the exposure draft of the Government Accountability Office (GAO) Federal Information System Controls Audit Manual (FISCAM) for your review and comment. The FISCAM presents a methodology for performing information system (IS) control  audits of federal and other governmental entities in accordance with professional standards, and was originally issued in January 1999. We have updated the FISCAM for significant changes affecting IS audits.

The exposure draft revisions reflect changes in (1) technology used by government entities, (2) audit guidance and control criteria issued by the National Institute of Standards and Technology (NIST), and (3) generally accepted government  auditing standards (GAGAS), as presented in Government Auditing Standards (also known as the “Yellow Book”).  The Federal Information System Controls Audit Manual (FISCAM) provides a methodology for performing information system (IS) control audits in accordance with GAGAS. However, at the discretion of the auditor, this manual may be applied on other than GAGAS audits. As defined in GAGAS, IS controls consist of those internal controls that are dependent on information systems processing and include general controls and application controls. This manual focuses on evaluating the effectiveness of such general and application controls. This manual is intended for both auditors to assist them in understanding the work done by IS controls specialists, and
IS controls specialists to plan and perform the IS controls audit.

In addition, the FISCAM is consistent with the GAO/PCIE Financial Audit Manual (FAM). Also, the FISCAM control activities are consistent with and have been mapped to the NIST Special Publication 800-53.

Instructions for Commenting on the Exposure Draft

The exposure draft of FISCAM is available only in electronic form at http://www.gao.gov/cgi-bin/getrpt?rptno=GAO-08-1029G on GAO’s Web page. We request comments from federal audit officials, CIOs, financial managers, the public accounting profession, and other interested parties. Please associate your comments with specific references to section, paragraph, and age number. Also, please provide the rationale for your comments and proposed changes, along with suggested revised language. Please send your comments electronically to FISCAM@gao.gov no later than September 5, 2008.

We anticipate that the final version of FISCAM will be issued in the fall of 2008 for use in conducting fiscal year 2009 federal financial statement audits.

Here’s the PDF for your review, and here’s a PowerPoint outlining all the changes.

Posted in Security | Leave a Comment »

Splunk Fail

Posted by Xavier Ashe on August 13, 2008

This is great.  Found on the McGrew Security Blog.

Splunk Fail

Splunk Fail

Posted in For Fun, Security | 3 Comments »

Draft Redbook: Certification Study Guide, TCIM 8.5

Posted by Xavier Ashe on August 12, 2008

This IBM Redbooks publication is a study guide for IBM Tivoli Compliance Insight Manager Version 8.5 and is meant for those who want to achieve IBM Certifications for this specific product.

The IBM Tivoli Compliance Insight Manager Certification, offered through the Professional Certification Program from IBM, is designed to validate the skills required of technical professionals who work in the implementation of the IBM Tivoli Compliance Insight Manager Version 8.5 product.

This book provides a combination of theory and practical experience needed for a general understanding of the subject matter. It also provides sample questions that will help in the evaluation of personal progress and provide familiarity with the types of questions that will be encountered in the exam.

This publication does not replace practical experience, nor is it designed to be a stand-alone guide for any subject. Instead, it is an effective tool which, when combined with education activities and experience, can be a very useful preparation guide for the exam.

Planned Publish Date: 30 September 2008

Download the Redbook here.

Posted in IBM, Security, TCIM | 1 Comment »

Cisco PIX is dead

Posted by Xavier Ashe on August 12, 2008

Well, only mostly dead. Today, July 28th, 2008 is the last day you can purchase a PIX firewall appliance from Cisco, ending one of the longest and most successful lives of a gateway security product ever. The PIX (Private Internet Exchange) was the first Network Address Translation device and later evolved into a statefull firewall. See this introductory piece on the PIX by Johna Till Johnson in the January, 1995 issue of Data Communications Magazine. Cisco acquired the PIX with Network Translations, Inc. along with its inventors, John Mayes, Brantley Coile and Johnson Wu. From there the PIX grew into a multi-billion dollar franchise out selling its nearest competitors, Checkpoint, and Netscreen.

According to Cisco they will continue to sell add-ons to the PIX series until next year and will support the product until 2013, which has got to be one of the most responsible end-of-life programs in the history of networking and security. While the latest version of PIX is compatible with the first version of Cisco’s replacement security appliance, the ASA, from here on they diverge as ASA moves to a Linux based OS.

Read the full article at Stiennon on Security (NetworkWorld).

Posted in Security | Leave a Comment »

 
%d bloggers like this: