Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mobile Device Management
- The Modern Federal Threat Landscape
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- Satellite Communications: Acquiring SATCOM in Tight Times
- Transformative Technology: Desktop Virtualization in Government
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
Search Tags: cyber security
What is DHS's role in cyber security. DHS uses intrusion detection tools to monitor .gov network traffic for malicious activity and uses this resulting data to address cyber vulnerabilities. In addition, DHS issues bulletins and alerts that provide information on potential cyber threats. Last year, DHS issued more the 5,000 alerts and advisories, which it shared with various government, private sector, and critical infrastructure stakeholders; as well as the public.
Cyber criminals --what's their M.O.? USCERT says Attackers focus on exploiting client-side systems (your computer) through various vulnerabilities. They use these vulnerabilities to take control of your computer, steal your information, destroy your files, and use your computer to attack other computers. A low-cost way attackers do this is by exploiting vulnerabilities in web browsers. An attacker can create a malicious web page that will install Trojan software or spyware that will steal your information.
To promote cyber security practices and develop these core capabilities, DHS says it is working with critical infrastructure owners and operators to create a Cyber security Framework - a set of core practices to develop capabilities to manage cyber security risk. These are the known practices that many firms already do, in part or across the enterprise and across a wide range of sectors. The draft Framework will be complete in October.
How strong is your password? Cyber criminals are running a wide-ranging password-guessing attack against some of the most popular blogging and content management systems on the net. The Fort Disco cracking campaign began in late May this year and is still going on. The UK based Register reports Four strains of Windows malware are associated with the campaign, each of which caused infected machines to phone home to a hard-coded command and control domain
Techweek has been reporting that two large botnets have targeted various content management systems, including WordPress and Joomla. The most recent attacks were labeled as Fort Disco, which began in late May 2013, according to Arbor Networks. Arbor has found six command and control servers, running over 25,000 infected Windows machines that were used to attack CMS systems using brute force or basically running through large lists of possible passwords.
Web page addresses can be disguised or take you to an unexpected site. Many web browsers are configured to provide increased functionality at the cost of decreased security. New security vulnerabilities may have been discovered since the software was configured and packaged by the manufacturer. Computer systems and software packages may be bundled with additional software, which increases the number of vulnerabilities that may be attacked.
The U.S. government says there is an increasing threat from software attacks that take advantage of vulnerable web browsers. USCERT says we have observed a trend whereby new software vulnerabilities are exploited and directed at web browsers through use of compromised or malicious websites. This problem is made worse by a number of factors, including the fact that many users have a tendency to click on links without considering the risks of their actions.
The U.S. government's efforts to recruit talented hackers could suffer from the recent revelations about its vast domestic surveillance programs, as many private researchers express disillusionment with the National Security Agency. Experts say much of the goodwill that existed has been erased after the NSA's classified programs to monitor phone records and Internet activity were exposed by former NSA contractor Edward Snowden.
Your web browser. No matter which one you use, it's vulnerable. The U.S. Computer Emergency Readiness Team (USCERT) says it is vital to configure them securely. USCERT says often the operating system is not set up in a secure default configuration. Not securing your web browser can lead quickly to a variety of computer problems caused by anything from spyware being installed without your knowledge to intruders taking control of your computer.
Not only are Americans suspicious of NSA, but according to bizjournal.com Washington bureau, Foreign competitors are looking to aggressively grow their market share in cloud computing because of concerns raised by the National Security Agency's PRISM program. Bizjournals.com reports U.S. cloud computing companies could lose $22 billion to $35 billion in revenue over the next three years because of foreign customers' concerns about the privacy of their data.