TrainACE - IT and Cybersecurity Training Blog

Both Silent Circle and Lavabit recently shut down their encrypted email services. Lavabit was the first to take action following word that the United States government wanted data handed over that would violate customers' privacy. Ladar Levison, owner of Lavabit, said he faced the decision of complying with the government and betraying the American people or ending the email service he worked hard to build. He also said that he was legally unable to explain the events leading up to his decision due to recent laws passed by congress blocking his freedom of speech.

Across the country and around the world, cyber attackers continue to discover new and improved ways of wreaking havoc with company's business operations. Their nefarious activities are responsible for billions of dollars' worth of damages in intellectual property theft. While cyber security teams attempt to circumvent these onslaughts, increased technological advancements continue to speed up the time between perceived threat and actual intrusion. How can a business entity keep up?

Social networks are social by design. They mean to foster interaction, to put you in touch in one way or another. Some put you in touch with friends and family. Others put you out there for the whole wide world to see. Some uses are personal. Others are all business. In the end, though, social media platforms are all designed to be easy to access and easy to use. They’re intentionally informal. They’re the last place you’d expect to find classified intelligence or the kind of business secrets that companies diligently guard.

As cyber attacks increase in frequency and scandals involving governments hacking into private computers become more commonplace, it's no wonder that one of the most promising fields in the current IT sector would be cyber security. In fact, recent research has indicated that cyber security has grown by more than one hundred percent in the last year. Clearly, anyone seeking a job in the information technology area would do well to start at the first line of defense against hackers.

Criminals have been breaking into websites and electronic databases for many years. Although this can result in huge monetary losses, it rarely injures anyone or causes physical damage. However, hackers are gaining more destructive power as manufacturers add network interfaces and microprocessors to mechanical devices. This is a security threat that we cannot afford to ignore.

As the recent scandal involving the National Security Agency demonstrates, cyber security is more relevant than ever. While computer companies continue to push the idea of saving and accessing information on the cloud, an important question remains largely unanswered: Just how secure is the cloud?

Most people who are looking in to taking the Certified Ethical Hacker (CEH) certification training with us want to know a few key points. The CEH certification is arguably the leading baseline penetration testing certification on the market. Our CEH training class prepares people for a career in the field by offering more hands-on training than any other competitor’s class out there. The class also has a pass rate on the certification exam OVER 99% (yes that’s correct, in the last year, about 550 people took the CEH with us and only 5 failed the exam).  As you probably know, we offer classroom based training as well as online options, both are extremely effective.

The term "hacker" is often associated with illegal online activity. However, there are hackers who perform 100 percent legal services, which are based on evaluating the information infrastructures of companies. For those who hold the Certified Ethical Hacker certification from the EC-Council, there are several jobs to consider that come with attractive compensation. Some of the most common jobs for hackers holding the CEH certification include computer forensics, incidence response, penetration testing and security analysis. Penetration testing is the most common job for new hackers, but some later advance to become engineers or take on a wider variety of tasks.

A Certified Information System Security Professional (CISSP) is someone with considerable experience in information technology (IT) security fields who has also completed a rigorous exam to verify his or her qualifications. CISSP holders must also meet continuing education requirements to maintain their certification.

The Department of Defense last changed its approach to cyber security, or, in DoD parlance, “Information Assurance,” in 2006, when Defense Information Technology Security Certification and Accreditation (DITSCAP) was replaced by Defense Information Assurance Certification and Accreditation Process (DIACAP). The small change in name, with “Technology Security” replaced by “Assurance,” said little about the reason for the change in system, but one intent of DIACAP was the promotion of consistency and standardization, all in the hope that cross-service reciprocity and cost savings would follow.

Researchers at security company FireEye have revealed an advanced persistent threat targeting the U.S. defense and aerospace industries and likely originating in China. Named Beebus after an early sample, the campaign's attacks come in continuous waves over time against strategically chosen individuals. According to an unnamed inside source, the Beebus campaign began in early 2012 when FireEye noticed suspicious activity on the systems of some its defense and aerospace clients. Of 261 discovered attacks, 123 targeted unmanned aerial vehicle or systems vendors. The most recent exploit used a Deloitte industry analysis report sent in a weaponized email. Researchers believe that the campaign has so far touched 214 servers with 60 unique IP addresses.

On January 27, the Washington Post reported that the Department of Defense plans to expand its “Cyber Command,” a force dedicated to defending U.S. computer systems, by a factor of five, from 900 to 4,900 members. Although a formal announcement had not been made, Pentagon sources indicated that an increase in numbers was not the only change on the agenda. The Cyber Command would also undergo a shift in focus, with the new structure adding acknowledged offensive capabilities to a command that had previously been characterized as exclusively defensive.