Security

DoD Foots the Bill for Web-Based Security Training

More Training Choices

A site called Information Assurance Awareness Shorts provides further training of:

Insider Threat: about the insider threat and their devious behaviors.

Telework: introduces the basic concept of working on teles.

Wireless Security: reveals the latest wireless threats from 2004 and shows you how to protect your network using WEP.

Passwords: introduces the concept of passwords and provides you with the six federally approved ones to choose from.

Peer-to-Peer: explains P2P threats within the DoD, but mentions nothing about their palindromic similarities

Social Engineering: explains what social engineering is, and how it differs from software and networking engineering

Information Assurance for Professionals Shorts
This course offers specific information related to the topics listed below.

IA Roles and Responsibilities introduces the Information Assurance hierarchy, including the roles and responsibilities of key leadership positions as well as the responsibilities of all Authorized Users.

Auditing Logs for IA Managers introduces the auditing responsibilities of IA Managers. It describes the audit log and event information displayed by the system's auditing software.

Security Technical Implementation Guides (STIGs) introduces the purpose and uses of STIGs.

SCADA describes how Supervisory Control and Data Acquisition systems function and significant cyber-security issues associated with DoD SCADA systems.

FISMA explains what the FISMA is, why it is important, how it is implemented within the Federal government and the DoD, and identifies where to obtain guidance for FISMA responsibilities.

IA Vulnerability Management describes the vulnerability management process in DoD and the tools that support the process.

The DoD IA Workforce Improvement Plan (WIP) presents an overview of the IA Workforce Improvement Program, defines the DoD IA workforce, and outlines the IA workforce training and certification requirements.

The Zero Day Attack provides an introduction to the steps an IA professional needs to follow if they suspect that their system has been compromised by an attack which otherwise is unknown to the IA technical community (aka Zero Day Attack).

IA Hot Subjects

These review vulnerabilities which have been around for some time, and which are commonly overlooked in the press of new technology and new threats. Each subject briefly covers the nature of the problem and its general resolution

The subjects are:

Distributed Denial of Service (DDoS) attacks on routers,

Spoofing attacks,

TCP reset,

Remote access/remote control,

Physical security review,

Simple Network Management Protocol

Overall, some good information is provided. As an added bonus, completion of each course provides you with a genuine certificate of completion, with the DoD logo, ready for framing and impressing coworkers.

As a follow up to their software training, I had submitted a formal inquiry to the DoD, requesting free public training with some of their hardware. Unfortunately, when asking specifically about the use of an F-22 Raptor, your IP address is logged, you get to have a long talk with your supervisor, and your security clearance is suspended. I'm still waiting for an answer about the AH-64 Apache.

I'll be in the stockade, but can still be reached at: eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%67%72%65%79%68%61%74%40%63%6f%6d%70%75%74%65%72%2e%6f%72%67%22%3e%67%72%65%79%68%61%74%40%63%6f%6d%70%75%74%65%72%2e%6f%72%67%3c%2f%61%3e%27%29%3b'))greyhat@computer.org

Subscribe to the Security Watch Newsletter

Comments