This course brings real world security awareness to you, the Sysadmin, on what to look for if your network is under attack or has been hacked. It helps explain how the bad guys get in and how to block them. This isn’t a course telling you to do all the basic stuff – patching, installing anti-virus software, running hardening guides and so on – you’ve being doing as part of your job for years and it’s nothing new.

Hacker Guard: Security Baseline Training for IT Administrators and Operations with Continuing Education may sound like a mouthful, but it’s practical, sensible topics and can be used in your job. This is all common sense material that the various OS vendor training courses never tells you about that actually make it easier for you to make your network more secure. Now you’ll be able to hold a solid conversation with the security team and understand what their after and how you can help provide it without making your life a misery.

Why SANS Mentor Training?

This is why I think the SANS Mentor classes are a terrific training option. If you live in the Sydney area and are interested in attending SANS classes, please do contact me to get more details!

Pace:

The material is covered over a four week period which provides lots of time for you to read on your own time and come back to the mentor meetings with questions and get answers. This helps to digest the massive amount of material in smaller, manageable doses. We study 2 or 3 modules each week and that material can be applied immediately on the job.

Cost:

The cost is significantly reduced. the cost is lower than any other form of SANS training making it very accessible to those who are budget constrained – which these days is many of us. There is an automatic 25% price reduction from the cost of courses delivered at the conferences. There is no travel or accommodations, so that massive saving in costs. And finally, I can generally offer an additional discount if you contact me prior to registration.

Networking:

Don’t overlook this one. When you are in the two-day conference courses, you definitely get a change to meet others, talk about your experiences and issues in the field, and maybe even keep in touch via email. But when meeting for 10 weekly classes with your peers in the same community, that networking experience is enhanced significantly. You have the chance to really get to know the others in the class by the shared experiences, work through the material and bounce ideas of each other; that’s a great benefit to being part of a local Mentor class.

Size:

Class sizes are typically small – much smaller than what you would find at a SANS conference, which means we can focus more closely on those areas which are difficult for the group

Material:

You get all the same material as you would from the conference course, including the same books, CDs, and even audio files of the full 2-day course lectures.

Feel free to e-mail me with any questions, or visit the course website here:
https://www.sans.org/mentor/class/sec464-sydney-aug-2012-mohan

A great guy and friend Wouter, managed to get a room in Sydney’s CBD to hold the training. It’s easy to get to and has parking nearby.

Mentor training location details

Dates: Tuesday, August 7, 2012 – Tuesday, August 28, 2012
Meeting Time: 6:00 PM – 8:00 PM
Where:

Level 33
Ernst & Young Centre
680 George Street
Sydney, Australia 2000

I love this course and it helped me reach a deeper understanding on a number of aspects of my role as the IT security person charged with incident response. It provided that real world, hands-on practical skills you need to do this job.

Why SANS Mentor Training?

This is why I think the SANS Mentor classes are a terrific training option. If you live in the Sydney area and are interested in attending SANS classes, please do contact me to get more details!

Pace:

The material is covered over a 10 week period which provides lots of time for you to read on your own time and come back to the mentor meetings with questions and get answers. This helps to digest the massive amount of material in smaller, manageable doses. We study 2 or 3 modules each week and that material can be applied immediately on the job.

Cost:

The cost is significantly reduced. the cost is lower than any other form of SANS training making it very accessible to those who are budget constrained – which these days is many of us. There is an automatic 25% price reduction from the cost of courses delivered at the conferences. There is no travel or accommodations, so that massive saving in costs. And finally, I can generally offer an additional discount if you contact me prior to registration.

Networking:

Don’t overlook this one. When you are in the 6-day conference courses, you definitely get a change to meet others, talk about your experiences and issues in the field, and maybe even keep in touch via email. But when meeting for 10 weekly classes with your peers in the same community, that networking experience is enhanced significantly. You have the chance to really get to know the others in the class by the shared experiences, work through the material and bounce ideas of each other; that’s a great benefit to being part of a local Mentor class.

Size:

Class sizes are typically small – much smaller than what you would find at a SANS conference, which means we can focus more closely on those areas which are difficult for the group

Material:

You get all the same material as you would from the conference course, including the same books, CDs, and even audio files of the full 6-day course lectures.

Feel free to e-mail me with any questions, or visit the course website here:
https://www.sans.org/mentor/class/sec504-sydney-jul-2012-mohan

A great guy and friend Wouter, managed to get a room in Sydney’s CBD to hold the training. It’s easy to get to and has parking nearby.

Mentor training location details

Dates: Thursday, July 12, 2012 – Thursday, September 13, 2012
Meeting Time: 6:00 PM – 8:00 PM
Where:

Level 33
Ernst & Young Centre
680 George Street
Sydney, Australia 2000

Taken from http://support.microsoft.com/kb/831607

To turn on the Read all standard mail in plain text option in Outlook 2003, follow these steps:

1. Start Outlook 2003.
2. On the Tools menu, click Options.
3. On the Preferences tab, in the E-mail area, click E-mail Options.
4. In the Message handling area, click to select the Read all standard mail in plain text check box.
   Note By default, the Read all standard mail in plain text option is turned off.

To turn on the Read all standard mail in plain   textoption in Outlook 2007, follow these steps:

1. Start Outlook 2007.
2. On the Tools menu, click Trust Center, and then click E-mail Security.
3. Under Read as Plain Text, click to select  the Read all standard mail in plain text check box.
4. To include messages that are signed with a digital signature, click to select the Read all digitally signed mail in plain text check box.

When the Read all standard mail in plain text  option is turned on, you receive the following notification on the InfoBar at   the top of the e-mail message:

Note If you decide to view the plain text message in its original format, click the InfoBar, and then select Display as HTML or Display as Rich Text.
To turn on the Read all standard mail in plain textoption in Outlook 2010, follow these steps:

1. Start Outlook 2010.
2.   Click the File tab in the Ribbon, and then click Options on the menu.
3. Click Trust Center on the Options menu.
4. Click the Trust Center Settings tab.
5. Click E-mail Security.
6. Under Read as Plain Text, click to select  the Read all standard mail in plain text check box.
7. To include messages that are signed with a digital signature, click to select the Read all digitally signed mail in plain text check box.

When the Read all standard mail in plain text  option is turned on, you receive the following notification on the InfoBar at   the top of the e-mail message:

Spending a bit of quality time working through the malware process will be interesting to see how my current processes stack up against the SANS format created by Lenny Zelster

SANS Canberra 2012 kicks off on the 2nd of July

Hal’s a Unix guru, so I’ll make sure I bring a fake beard, white socks and sandals to avoid him noticing the “I heart Windows” tattoo across my forehead.

Note to self – when looking for humour image on the inter-tubes you should know better.

Now this is a tattoo

Source : http://news.bmezine.com/2007/07/26/best-windows-tattoo-ever/

Hmmm.

Thank you 2011!

2011 has been amazingly generous.

Hello World

Thought I’d give taking ISACA’s Certified Information Security Manager (CISM) certification a go given the large amount of non-IT literate business people I’ve been dealing with needing careful hand holding when it comes to providing security to their operations. These people know their business opertations inside and out until it’s connected to a computer and then it suddenly a black box of mystery.

As part of service to the business we (IT security folk) learn their language, terms and requirements but some business owners seem disinterested in even attempting the understanding the fundamentals of something that’s now critical to their business survival. Is it a simple fear of the unknown or the fear of being mocked for asking someone to explain something they have no understanding of ? Business-crippling IT stories are now filtering into the popular mainstream media, as a few examples:  administrators going mad and faceless people attacking companies from the far side of the world, deleting their web sites and even the very IT security aware companies losing their critical data.

If it makes the business folk feel as if I’m approachable without me having an MBA, seems an easy step to take to help breach that gap.

I’m booked in for the 10 December 2011 exam in Sydney, so better get on with some study.

As an example of the missing images, if I attempted to view one of the failed images say, http ://someweb_site/Style%20Library/Images/btn_home.gif, it would display :

 (the white square and red cross is intentional, please don’t adjust your screens)

rather than  

In case you haven’t memorised the HTTP codes Wikipedia offers this refresher:

 304 Not Modified

Indicates the resource has not been modified since last requested. Typically, the HTTP client provides a header like the If-Modified-Since header to provide a time against which to compare. Using this saves bandwidth and reprocessing on both the server and client, as only the header data must be sent and received in comparison to the entirety of the page being re-processed by the server, then sent again using more bandwidth of the server and client.

Even though fiddler does a cracking job of recording what happening, I can never resist firing up Wireshark to confirm the same information. Below shows the server returning the 304 Not Modified response.

So the file was being requested from the server and the server was telling the client it hadn’t changed since last visit. But I hadn’t visited the site before. I flushed the client’s web browser cache just to be sure and still got the same error. To me that confirmed the error was at the server end.

SharePoint has its own caches to speed up page and content delivery.  The one I was interested in is the binary large objects (BLOB) cache and initial thought was to flush this cache and fix the problem, MS have a nice simple powershell script to do this http://technet.microsoft.com/en-us/library/gg277249.aspx

Flushed BLOB cach for the site, but still no dice. Then took a bit of a step back and looked at how SP used blog caches. Tobias Zimmergren’s blob piece was very help in understand where to look for the BLOB setting in the web.config file. A few simple checks showed that this site wasn’t using BLOB caching. Somehow SharePoint must have got confused in to thinking it did have a BLOB cache and was trying to return the images and JavaScript from the non-existent cache.

The fix was easy; we created a BLOB cache and everything worked beautifully, then we disable the BLOB cache and everything still worked. Despite the web page displaying the content correctly, I confirmed under the hood with fiddler and as you can see a much happier result.