CISSP | Information Security Training | CISSP Certification | CISSP Training - Shon Harris

Bestselling security author and expert urges the technology community to “pay it forward” to help fellow veterans and service members

SAN ANTONIO, May 4, 2011 — Shon Harris, security expert and author of the bestselling CISSP All-in-One Exam Guide, is offering her training courses and study materials free of charge to military members who are deployed in war zones and cannot afford the cost of classes offered by her company, Logical Security. The broad roster of classes includes her premiere CISSP certification training, along with a variety of other IT certifications. Harris hopes that others in the technology community will join her to create a “pay it forward” movement to thank U.S. servicemen and women for their service.

Harris, who served in the U.S. Air Force and comes from a military family, understands the sacrifice servicemen and women make for our country. Harris’ father retired from the Army after several tours to Vietnam, her husband recently retired from the Air Force after serving 23 years and serving a tour in Iraq, and her grandfather served the U.S. as part of the Air Corps in World War II.

“It does not matter if I believe in our current wars or not; I DO believe in the people who are doing this work and fighting in these wars. My frustration and concern is that these wars and the soldiers fighting them have been pushed out of our country’s consciousness by the current state of our country’s economy and other unrest in various parts of the Middle East. What many people don’t realize is that military people are ALWAYS going through difficult economic times. No one gets rich serving our country,” Harris says.

Harris has published a number of information security books, including the bestselling CISSP All-in-One Guide, which is now in its fifth edition. She is also the president of Logical Security, a training and consultancy firm, which is known for its premiere CISSP training. “I have worked hard in my life but have been very fortunate, and I am finally in a position to give back. I want to ‘pay it forward’ to the men and women who make our way of life possible,” says Harris.

Harris is offering free seats in her open classes and study materials to anyone who is serving in Iraq or Afghanistan and cannot afford the training they need. Harris encourages these servicemen and women to contact her directly at info@logicalsecurity.com.

Harris’ course offerings include a five-day Logical Security CISSPÒ course, which is praised by industry professionals for its quality and robustness. The course goes beyond preparing students for the exam, by arming students with the knowledge to practice the security concepts, principles and methodologies expected of a security professional.

Harris invites other technology companies to follow suit and “pay it forward” in their own way. “Servicemen and women take their responsibility of protecting our country seriously and we should take our responsibility to them seriously,” says Harris. “If you are in a position to help, do it without hesitation. No matter who we are, someone has helped us get where we are today and we should hold ourselves responsible to do the same for others. Let’s “pay it forward” for our troops and show them that we care.”

Related Links

Complete Logical Security Course Listing

http://www.logicalsecurity.com/education/education_overview.html

Schedule of Logical Security’s open classes

http://www.logicalsecurity.com/education/education_courses_cissp.html

Download complete chapters from Harris’ books

http://www.logicalsecurity.com/resources/resources_bookchapters.html

About Shon Harris and Logical Security

Shon Harris, CISSP, is a former Air Force Information Warfare unit member. She is a consultant and has written or contributed to over ten information security books. Harris founded Logical Security in 2003 and as president has guided the company to become a leader in certification education and security consulting. Logical Security’s training programs include on-site and online classes, self-study and computer-based materials for students and companies preparing for certification exams, performing security audits on IT infrastructure and complying with security regulations. The company’s areas of expertise are broad, with specialties in CISSP certification, Microsoft exams, .NET development, career refreshers for security pros and other IT certifications. Logical Security is headquartered in San Antonio, Texas.

Zeus, or Zbot, is a software toolkit that enables malware coders to build hard-to-detect Trojan horses, ones typically employed against the bank accounts of unsuspecting owners. (A Trojan horse is malicious software, secretly embedded in a system or application, that is “turned on” at a time of the attacker’s choosing.) Launched from behind command and control servers, Zeus is known by various names— Zeus, Zbot, Wsnpoem, PRG, Kneber, and Gorhax.

Since 2007, illicit organizations have employed Zeus to launch damaging, highly publicized attacks targeting the login credentials and other personal data associated with millions of computers, thousands of organizations, and uncounted numbers of users and their accounts. Relatively small groups of sophisticated criminal bands based in various nations–particularly in Eastern European countries such as Russia and Ukraine–have stolen tens of millions of dollars. Computers in 196 countries have been subject to attack. The countries most affected include the U.S., U.K., Saudi Arabia, Egypt, and Turkey.

In a typical scenario, malicious developers generate malware. The malicious code can be purchased on the cyber underground. Black-hat hackers who are part of criminal organizations break into and compromise computers. On the machines, they insert a Trojan which, when activated, pilfers the credentials of targeted persons, and penetrates the targets’ bank accounts. Meantime the thieves’ command and control server collects this sensitive data. The targets can be banks, ATM machines, credit card companies, social networking sites, telecommunication and other firms, and private individuals.

The hackers then transfer funds from these accounts to “mules.” Networks of mules consist of developers, non-technical individuals, and other illicit organizations. Often, they are foreigners who acquire fake passports and other identification in order to enter the country whose individuals and corporations are the targets of the attack. After opening bank accounts, they “launder” the funds in the accounts to prevent tracking of the stolen funds. In addition, they transfer the funds to the organizers of the illicit scheme, in return for a percentage of the moneys procured.

For full article visit Logical Security Resources

Other Information:

Certified Information Systems Security Professional (CISSP)

Free CEH online course

Many times hackers are just scanning systems looking for a vulnerable running service or sending out malicious links in emails to unsuspecting victims. They are just looking for any way to get into any network. This would be the shotgun approach to network attacks. Another, more dangerous attacker has you in his crosshairs and he is determined to identify your weakest point and do with you what he will.

As an analogy, the thief that goes around rattling door knobs to find one that is not locked is not half as dangerous as the one who will watch you day in and day out to learn your activity patterns, where you work, what type of car you drive, find out who your family is, and patiently wait for your most vulnerable moment to ensure a successful and devastating attack.

In the computing world, we call this second type of attacker an advanced persistent threat (APT). This is a military term that has been around for ages, but since the digital world is becoming more of a battleground – this term is more relevant each and every day.

How APTs differ from the regular old vanilla attacker is that it is commonly a group of attackers, not just one hacker, who combines its knowledge and abilities to carry out whatever exploit that will get them into the environment they are seeking. The APT is very focused and motivated to aggressively and successfully penetrate a network with variously different attack methods and then clandestinely hide its presence while achieving a well-developed, multi-level foothold in the environment. The ‘advanced’ aspect of this term pertains to the expansive knowledge, capabilities, and skill base of the APT. The persistent component has to do with the fact that the attacker is not in a hurry to launch and attack quickly, but will wait for the most beneficial moment and attack vector to ensure that its activities go unnoticed. This is what we refer to as a “low-and-slow” attack. This type of attack is coordinated by human involvement, rather than just a virus type of threat that goes through automated steps to inject its payload. The APT has specific objectives and goals and is commonly highly organized and well-funded – which makes it the biggest threat of all.

A virus is not an APT, a worm is not an APT, a bot is not an APT. An APT is commonly custom developed malicious code that is built specifically for its target, has multiple ways of hiding itself once it infiltrates the environment, may be able to polymorph itself in replication capabilities, and has several different ‘anchors’ so eradicating it is difficult if it is discovered. Once the code is installed, it commonly sets up a covert back channel (as regular bots do) so that it can be remotely controlled by the attacker himself. The remote control functionality allows the attacker to transverse the network with the goal of gaining continuous access to critical assets.

APT infiltrations are usually very hard to detect with host-based solutions because the attacker puts the code through a barrage of tests against the most up-to-date detection applications on the market. A common way to detect these types of threats is through network traffic changes. When there is a new

IRC connection from a host that is a good indication that the system has a bot communicating to its command center. Since there are several technologies that are used in environments today to detect just type of traffic, the APT may have multiple control centers to communicate with so that if one connection get detected and removed – it still has an active channel to use. The APT may implement some type of VPN connection so that its data that is in transmission cannot be inspected.

The ways of getting into a network are basically endless (exploit a web service, email links and attachments to users, gain access through remote maintenance accounts, exploiting os and application vulnerabilities, compromise connections from home users, etc.) Each of these vulnerabilities has their own fixes (patches, proper configuration, awareness, proper credential practices, encryption, etc.). It is not only these fixes that need to be put in place, we need to move to a more effective situational awareness model. We need to have better capabilities of what is happening throughout our network in near to real time so that our defenses can react quickly and precisely.

Our battlefield landscape is changing from ‘smash-and-grab’ attacks to ‘slow-and-determined’ attacks. Just like military offensive practices evolve and morph as the target does the same, so must we as an indusIs There Really Someone Out to Get You? – by Shon Harristry.