IGtv Chat (11/30/2010)
Tuesday January 25, 2011
8:36 jconcannon: Good Morning and welcome to IGtv! We’re looking forward to today’s production and you can follow along if you pull down the agenda from our home page at www.nym-infragard.us/cms see the weekly updates for today’s date.
We’re getting ready and will have a couple of video clips and other things to keep everyone on top of there game today. The majority of today’s show will be recorded and put up on our web site today and tomorrow, as time allows.
Tuesday January 25, 2011 8:36 jconcannon
9:12 jconcannon: Ask about our Summer Research Position at UAB…
Tuesday January 25, 2011 9:12 jconcannon
9:13 jconcannon: http://www.cis.uab.edu/uabccrimereu is the web site for more details.
Tuesday January 25, 2011 9:13 jconcannon
9:21 jconcannon: Next up will be Mark Cappers discussing the NSA’s 60 minute Network Security Guide
Tuesday January 25, 2011 9:21 jconcannon
9:31 jconcannon: Mark Cappers now on….60 minute guide.
Tuesday January 25, 2011 9:31 jconcannon
9:33 jconcannon: http://www.nsa.gov/ia/_files/support/I33-011R-2006.pdf link for the 60 minute security guide
Tuesday January 25, 2011 9:33 jconcannon
9:43 [Comment From GuestGuest: ]
Joe Power just blippped just rebooted sorry I can go on
Tuesday January 25, 2011 9:43 Guest
9:43 jconcannon: Mark if you can provide the links here please do…
Tuesday January 25, 2011 9:43 jconcannon
9:44 [Comment From Mark CappersMark Cappers: ]
nute Network Security Guide (First Steps Towards a Secure Network Environment) – authored by the NSA’s Systems and Network Attack Center (SNAC) It can be downloaded from here:
Tuesday January 25, 2011 9:44 Mark Cappers
9:46 [Comment From Mark CappersMark Cappers: ]
NSA’s IA/SNAC Security Configuration Guidelines:
Tuesday January 25, 2011 9:46 Mark Cappers
9:46 [Comment From NetDrNetDr: ]
The 60 Minute Network Security Guide is exremely dated. It discusses configuration of Windows 2000. Win 2k was obsolete 6 years ago!
Tuesday January 25, 2011 9:46 NetDr
9:46 [Comment From Mark CappersMark Cappers: ]
The NSA 60 Minute Network Security Guide here: http://www.nsa.gov/ia/_files/support/I33-011R-2006.pdf
Tuesday January 25, 2011 9:46 Mark Cappers
9:55 [Comment From Mark CappersMark Cappers: ]
While the WIndows OS discussed in that document are old/obsolete, the concepts discussed still are relevant, and sadly most of the specifics still apply in more current MS-OS’s.
Tuesday January 25, 2011 9:55 Mark Cappers
9:55 [Comment From NetDrNetDr: ]
Will you be discussing how the Internet Kill Swich would be the largest, most damaging attack on the USA in all history? How: giving the Goverment the capability to stop all citizen speech via the internet would set the USA back to the 1700s.
Tuesday January 25, 2011 9:55 NetDr
9:55 [Comment From Mark CappersMark Cappers: ]
NSA’s IA/SNAC Security Configuration Guidelines: http://www.nsa.gov/ia/guidance/security_configuration_guides/index.shtml
Tuesday January 25, 2011 9:55 Mark Cappers
9:59 Phil F. (IGtv]: The Guidelines Mark mentioned (NSA Configuration Guidelines) are much more current than the 60 Minute Guide. A combination of the two would be quite useful.
Tuesday January 25, 2011 9:59 Phil F. (IGtv]
10:03 jconcannon: Now playing….Andrew Tallmer interview. Case in California. Andrew straightens it out. Let’s listen in.
Tuesday January 25, 2011 10:03 jconcannon
10:04 [Comment From Mark CappersMark Cappers: ]
Thanks for that clarification Phil, that’s precisely it – use the 60 Minute Guide to provide non-security IT and other people a common reference and concepts around security. If you are involved in hardening actual technology, use the specific NSA IA/SNAC Guides as well as looking at things like SANS or CERT for references to best practices.
Tuesday January 25, 2011 10:04 Mark Cappers
10:11 Phil F. (IGtv]: Cell phone? PDA? What’s the difference? Exactly, Joe. And, where will the distinction lie in another year or two? Tablet PCs? The lines of the form factor will blur. How about USB storage devices? (Perhaps not, since there is (today) no concern with volitility of memory. Then again, maybe these will be self-powered in the future…)
Tuesday January 25, 2011 10:11 Phil F. (IGtv]
10:11 jconcannon: Here’s our second segment with Andrew Tallmer….search and seizure
Tuesday January 25, 2011 10:11 jconcannon
10:11 jconcannon: Yes, Phil….these cases Diaz and Murphy are Huge Cases.
Tuesday January 25, 2011 10:11 jconcannon
10:12 Phil F. (IGtv]: There are already folks who have had chips (with information storage) embedded in their bodies. (Ouch! Just thinking about that sounds painful.)
Tuesday January 25, 2011 10:12 Phil F. (IGtv]
10:12 jconcannon: If mutliple Circuits hear similar cases or as Andrew says the Supreme’s weigh in this could really have quite an impact.
Tuesday January 25, 2011 10:12 jconcannon
10:12 [Comment From NetDrNetDr: ]
What coercion is legal to make the arrestee give up the cell phone password?
Tuesday January 25, 2011 10:12 NetDr
10:13 jconcannon: Read the two cases and review the videos with Andrew. This is all established case law.
Tuesday January 25, 2011 10:13 jconcannon
10:14 Phil F. (IGtv]: Expertly conducted cell phone forensics may bypass the need for an access password.
Tuesday January 25, 2011 10:14 Phil F. (IGtv]
10:14 jconcannon: Understanding the legal process is not only important to Law Enforcement, but also to our citizens.
Tuesday January 25, 2011 10:14 jconcannon
10:16 [Comment From NetDrNetDr: ]
Doesn’t sound like the “in plain view” foundation assumption would hold if “Expertly conducted cell phone forensics” are used.
Tuesday January 25, 2011 10:16 NetDr
10:20 jconcannon: if you listen to Andrew talk about Schimmel. Katz, Gant and Belton….you’ll understand how the courts would consider “in plain view”.
Tuesday January 25, 2011 10:20 jconcannon
10:23 jconcannon: Playing the final sesson with Andrew Tallmer on Search and Seizure.
Tuesday January 25, 2011 10:23 jconcannon
10:34 jconcannon: Next up DHS Open source reports…..
Tuesday January 25, 2011 10:34 jconcannon
10:38 jconcannon: January 19,20, 21, and 24th reports…
Tuesday January 25, 2011 10:38 jconcannon
10:56 Phil F. (IGtv]: See more information on NY Metro InfraGard’s Security Awareness Program at https://www.nym-infragard.us/cms/resources/news/1-latest/172-information-security-course
Tuesday January 25, 2011 10:56 Phil F. (IGtv]
10:58 [Comment From Mark CappersMark Cappers: ]
Joe makes a great point here – if you are hit by a exploit or zero day vulnerability you can help yourself a great deal by taking a few minutes and putting together a simple document or presentation or even just an email describing how much man hours would be spent in recovery, and describing the value of the data at risk, if you don’t know the value of the data or system, a quick phone call to the business leaders that use it can be very helpful, and demonstrates proactive involvement.
Tuesday January 25, 2011 10:58 Mark Cappers
11:27 Phil F. (IGtv]: US Secret Service Tips to protect against credit card skimming: http://www.secretservice.gov/Skimming%20Fraud.pdf
Tuesday January 25, 2011 11:27 Phil F. (IGtv]
11:32 jconcannon: Now playing the FBI’s Best in practice CCTV….If you haven’t gotten this DVD or haven’t seen this before contact the FBI or InfraGard and we’ll direct you. Let’s listen in…
Tuesday January 25, 2011 11:32 jconcannon
11:58 jconcannon: That’s our program today. Thank you for joining us and give us some feedback at jconcannon@nym-infragard.us and let us know how we can improve our operations. We look forward to joining you next week on IGtv, a production of NYC Metro InfraGard Members Allance, Inc. Be well….
Tuesday January 25, 2011 11:58 jconcannon
Enjoy
NY InfraGard Team
