CompTIA Certification Retirement Announcement!

The CompTIA Mobile App Security+ ADR & iOS (ADR-001 & iOS-001) certification exams will be retiring on June 26, 2015. CompTIA will not replace these exams. Therefore, anyone studying for these exams is encouraged to complete their studies and seek certification prior to the retirement date. Exam vouchers already purchased for these exams will be valid through June 26, 2015. Exam vouchers not used by the retirement date will expire and become void. Anyone who has received the certification will remain CompTIA Mobile App Security+ ADR & iOS certified, as the exam is retiring but the certification will stay valid.

EC-Council Releases Much Anticipated CEH v7

Revolutionary Product

EC-Council releases the most advanced ethical hacking program in the world. This much anticipated version was designed by hackers and security researchers. CEH v7 is a revolutionary training program that combines class metrics, advance lab environment, cutting edge hacking techniques and excellent presentation materials. EC-Council has spent several years in developing this version.

The Certified Ethical Hacker courseware has undergone tremendous improvement from its predecessor. We have invested 4 times the regular investment in the research and development since the last release, and have given CEHv7 a complete makeover.
The new version is a breakaway from earlier releases with more emphasis on techniques and methodologies, which attackers may use to carry out possible attacks against system/networks.

Picture speaks thousand words and we at EC-Council have enforced the saying by practicing it. The instructor slides and student manuals in CEHv7 has it all. The new version empowers the instructor with flawless flow and outstanding diagrammatic representation of the hacking techniques, which makes it easier to teach and enables students to understand the concepts better.

CEHv7 provides a comprehensive ethical hacking and network security-training program to meet the standards of highly skilled security professionals. Hundreds of SMEs and authors have contributed towards the content presented in the CEHv7 courseware. Latest tools and exploits uncovered from the underground community are featured in the new package. Our researchers have invested thousands of man hours researching the latest trends and uncovering the covert techniques used by the underground community.

In addition to the makeover, CEHv7 includes two additional bundles; a Monster Hacking Tool Repository, Codenamed Frankenstein and a subscription based Virtual Lab Environment codenamed iLabs.

Frankenstein

Frankenstein provides user with an ease for searching, downloading and installing the latest hacking and penetration testing tools. By using Frankenstein Version 1.0, users can check the release date of the tool, category under which it is published, probable size of the tool, name of the publisher/author, the website details and technical requirements for the tool to run. This will help all the Certified Members to keep themselves updated of tools released in the wild.

Key benefits:

• Repository of categorized latest tools
• User can download the tool in less time with comparison to manual search
• Helps the user to synchronize & manage the tools from the server
• Search specific tools from the available list of tools

• The system provides a means to generate a HTML report of all the tools downloaded by the user

iLabs

The iLabs is a subscription based service that allows students to logon to a virtualized remote machine running Windows 2003 Server to perform various exercises featured in the CEHv7Lab Guide. All you need is a web browser to connect and start experimenting. The virtual machine setup reduces the time and effort spent by instructors and partners prior to the classroom engagement. It is a hassle free service available 24×7 x number of days subscribed.

Benefits

• Enables students to practice various hacking techniques in a real time and simulated environment

• The course tools and programs are preloaded on the iLabs machine thereby saving productive time and effort

Key Features of CEH v7
• Well organized DVD-ROM content; a repository of approximately 20GB of latest hacking and security tools and more than 1000 minutes of videos demonstrating hacking techniques.
• Well organized content for a better understanding and learning experience
• Concepts are well-illustrated to create self-explanatory slides.
• Diagrammatic representation of concepts and attacks
• Industry standard key tools are featured in detail and other tools are presented as a list for students to try
• Exclusive section for countermeasures against different attacks with detailed explanation of how to implement these countermeasures in real time environment
• The new version has complete section dedicated for penetration testing. It illustrates how to implement learned concepts to test network system security

• A result oriented, descriptive and analytical lab manual; the labs showcased in the courseware are tested against latest Operating Systems with all the patches and hot fixes applied

We will be sponsoring a limited number of key information security professionals globally to attend the launch class of CEH v7, which would be held simultaneously at different locations around the globe. Watch out for more news on the CEH v7 launch by subscribing to our twitter account http://twitter.com/eccouncil .

Source: https://eccouncil.org/cehv7.aspx

CompTIA Security+ certification addresses operational risk

The latest version of CompTIA Security+ covers the skill sets needed to proactively address security risk control and mitigation. As part of the ISO/ANSI accreditation for CompTIA Security+, CompTIA updates the exam every three years.

Government: Cybersecurity IT Skills Scarce — Cybersecurity — InformationWeek

There is a big demand for cybersecurity skills in the government sector
Government IT leaders aiming to shore up cybersecurity troops are having a hard time finding qualified tech professionals, according to a survey. That’s not good news given nearly 60% polled aim to hire new full-time and contractors this year. Government: Cybersecurity IT Skills Scarce — Cybersecurity — InformationWeek.

Forefront TMG 2010 Administrator’s Companion Sample Chapters

As announced this week Forefront TMG 2010 book went to the printer and it will be available for you next month. We are really excited with this great milestone and to celebrate that with you we are making available two chapters (5 and 33) for you. Chapter 5 covers some important points on the pre-deployment phase while Chapter 33 dives into some TMG 2010 troubleshooting techniques using Network Monitor 3.

Have a taste of what it will be in this book by downloading these chapters from http://mstmgbook.org/Chapters/SampleChapters.pdf and if you did not pre-order yet, make sure to reserve yours at Amazon.com.

Source: MS Press

Security Best Practices for C++

This topic contains information about recommended security tools and practices. Using these resources and tools does not make applications immune from attack, but it makes successful attacks less likely.

Read full content: http://msdn.microsoft.com/en-us/library/k3a3hzw7.aspx

Securing ADO.NET Applications

Writing a secure ADO.NET application involves more than avoiding common coding pitfalls such as not validating user input. An application that accesses data has many potential points of failure that an attacker can exploit to retrieve, manipulate, or destroy sensitive data. It is therefore important to understand all aspects of security, from the process of threat modeling during the design phase of your application, to its eventual deployment and ongoing maintenance.

The .NET Framework provides many useful classes, services, and tools for securing and administering database applications. The common language runtime (CLR) provides a type-safe environment for code to run in, with code access security (CAS) to restrict further the permissions of managed code. Following secure data access coding practices limits the damage that can be inflicted by a potential attacker.

Writing secure code does not guard against self-inflicted security holes when working with unmanaged resources such as databases. Most server databases, such as SQL Server, have their own security systems, which enhance security when implemented correctly. However, even a data source with a robust security system can be victimized in an attack if it is not configured appropriately.

Read full content: http://msdn.microsoft.com/en-us/library/ecb3hak0.aspx

RTM’d today: Microsoft Forefront Threat Management Gateway (TMG) Administrator’s Companion

Greetings! We’re pleased to announce that Microsoft Forefront Threat Management Gateway (TMG) Administrator’s Companion was released to the printer today. The authors are Yuri Diogenes, Jim Harrison, Mohit Saxena from the Microsoft TMG Server Team, with Dr. Tom Shinder, and the book’s ISBN is 9780735626386.

The book will be available the second week of February, and we’ll post more book excerpts then. In the meantime, here is the book’s Foreword, by David B. Cross:

Foreword
As the Product Unit Manager for the Forefront Threat Management Gateway
(TMG) 2010 release, I was able to take advantage of a unique opportunity to
change the industry regarding how we protect small business users and enterprise
customers when connecting to the Internet in a world of ever-evolving threats,
malicious software, and dynamic criminal activities. It was a challenge I could not
pass up and I jumped at the opportunity to see how we could simplify the secure
Web gateway (SWG) experience for customers and still provide the flexibility and
security that hardcore security professionals have grown to love with the existing
Internet Security and Acceleration (ISA) Server platform.

TMG has introduced a new era not only for Microsoft but also for the industry
in how we create a comprehensive network protection solution for both small and
large enterprise customers. Customers have told us that they love the Microsoft
infrastructure integrated firewall and proxy that allows configuration and
management using the tools and management infrastructure they are familiar
with, such as Active Directory. But as we saw the threats and the workforce evolve,
we realized that our customers needed something more to protect their users
when accessing the Internet.

I wish I could summarize the full set of capabilities and potential in a short
foreword for this book, but it proved to be impossible. The simple answer comes
in the product name itself: Threat Management Gateway. The name deservedly
implies the dynamic and integrated nature of the product and its extensible
capability as it integrates with the Forefront Protection Suite. When you put it all
together, the product really has six unique value propositions that emphasize our
comprehensive approach to network protection:

• Enforce network policy access at the edge (Firewall)
• Protect users from Web browsing threats (Web Client Protection)
• Protect users from e-mail threats (E-mail Protection)
• Protect desktops and servers from intrusion attempts
  (Network Intrusion System)
• Enable users to remotely access corporate resources
  (VPN, Secure Web Publishing)
• Simplify management (Deployment)

In the end, the quality and the value proposition of the product speak for
themselves. Throughout the beta program, we have had more downloads and
production deployments than all the other betas of the ISA platform combined.
The breadth of the new features has driven new customers and new deployments
never possible with the ISA product line. On the firewall side, we have added key
components such as VoIP traversal (SIP), Enhanced NAT, and ISP Link Redundancy.
Combined with our NAP (Network Access Protection) integration with the VPN
functionality, the firewall and remote access capabilities are richer than ever.
On the Web client protection area, we now have integrated URL filtering, HTTP
anti-virus/spyware scanning, and HTTPS forward inspection. The new secure
e-mail relay deployment option enables a hardened edge–based anti-virus
and anti-spam solution not previously available. And last but not least, the fully
integrated and new Forefront Network Inspection System (NIS) has changed
the game of network intrusion prevention and detection. Not only does the NIS
provide the capability for administrators to provide threat management in the
face of zero-day attacks, but it also enables security assessment and responses
when deployed in conjunction with the Forefront Protection Suite.

What’s next for the future of secure Web gateways and the threat landscape?
If I were to be an oracle and predict the future, I would expect first that the trend
of more complex malware and malicious attacks will continue to grow in volume
and in criminal intent. I would also suspect that we will see a demand from the
marketplace for further integration of information protection and control (IPC) with
access and protection. We will see consolidation not only of solutions, but we’ll also
see the management and policy capabilities being integrated and unified across
solution verticals. I believe TMG 2010 will be a product foreshadowing the future
when it comes to network and virtualized datacenter protection.

In summary, this book is a must-have for the Forefront Threat Management
Gateway administrator—it embodies the core of the product team development
knowledge, the best practices from the Microsoft consultants around the world,
and the learning from our customer deployments to date, and it distills this all
into a one-stop resource kit of knowledge. Jim Harrison is known throughout
Microsoft and the broader industry as the foremost ISA—and now TMG—expert.
His in-depth understanding of the product internals combined with real-world
deployment and operational experience provide a perspective unlike any other
expert in the community. Yuri Diogenes and Mohit Saxena have not only been on
the front lines of the top ISA deployments around the world, but have also been
on the forefront (no pun intended) of the TMG beta program. Their firsthand
guidance and best practices will help you ensure a smooth and easy deployment
by avoiding mistakes in advance and suggesting the most secure configuration
from the start. Tom Shinder, a recognized Microsoft security professional and
widely known ISA expert, brings his extended ISA experience to bear as a valued
technical reviewer for this book.

The availability of this book helps to achieve the goal that we set with the
original inception of the TMG project: to enable customers to deploy protection
easily in a cost-effective and manageable way to achieve their security and
application-protection requirements in an ever-changing threat landscape.
I believe we have achieved that goal with our upcoming release and with
security experts such as Jim, Yuri, and Mohit evangelizing the knowledge.

David B. Cross
Product Unit Manager
Microsoft Corporation

MCSA Recertification Meets Growing Requirements for Security Specialization

Stay current with exam 70-699: Windows Server 2003, Microsoft Certified Systems Administrator (MCSA) Security Specialization Skills Update. MCSA Security Specialization plus recertification demonstrates current status on the latest security-related functions and tasks on Windows Server 2003 and Windows Vista or Windows 7. In 2010, the Department of Defense, among other organizations, will require employees to meet credential requirements accredited by the American National Standards Institute (ANSI) or an equivalent authorization body.

New Course 6407B: First Look: Getting Started with Security and Policy Control in Windows Server 2008 Hands on Lab

Course 6407B: First Look: Getting Started with Security and Policy Control in Windows Server 2008 Hands-On Lab

This one and one-half hour lab provides hands-on experience with the following security and policy enforcement functionality in Windows Server 2008: Security Enhancements in Windows Server 2008 and Network Access Protection in Windows Server 2008.