The Importance of Backups

This month’s issue of OUCH! from SANS focuses on backups. Specifically, what backups are, how they work and how to create the best backup strategy.

Unfortunately, too many people fail to realize how important backups can be. Backups provide peace of mind as well as business continuity. Think about how you would feel if a hard drive crashed and you lost thousands of your family’s photos, or all of your work files.

With a backup, either by using local storage media such as an external hard drive, or by using a cloud-based service, you can rest assured that everything can be recovered.

Read (and download) the issue here (PDF).

Learn more about backup options at MIT, including CrashPlan.

The Cyber Generation Gap

The May issue of OUCH!, led by Guest Editor Brian Honan, is focussed on securing the cyber generation gap. Many of us have family members that may not be technically savvy and are intimidated by security.  This newsletter explains how you can help those family members and any children that may be visiting them.

Feel free to share OUCH! with anyone you want, including family, friends or as part of your security awareness program.

Download the issue here (.pdf)

Tip of the Week: Passphrases

The April issue of OUCH! is led by guest editor Guy Bruneau, and covers passphrases.  Specifically, what passphrases are, why they are better than passwords and how to use them securely.  As always, you are encouraged to download and share OUCH! with others.

Download the issue here (.pdf)

For managing all your passwords, use a password vault, like LastPass. Here are some best practices for using LastPass at MIT.

Security Training By SANS

SANS (sans.org) offers all kinds of training for professionals who are involved in cybersecurity. There are various ways to access their quality training material: by attending a live conference, accessing your training on demand (online) or hosting a training session in your community.

Courses include a range of topics including: hacker tools and techniques, forensic analysis, intrusion detection, network penetration testing, incident response and many more.

Find a training by course, location or date: http://www.sans.org/find-training/

Find or host a training in your community: http://www.sans.org/community/

On demand training: http://www.sans.org/ondemand/

Security Using Mobile Apps

Many of you may have received a new mobile device for the holidays.

This month’s issue of OUCH! (.pdf) covers how to securely use mobile apps. Being one of the primary technologies we use in our professional and personal lives, mobile devices are used to be more productive, communicate, and share information with others or just have fun. However, using the apps on mobile devices can be risky. This issue describes some steps you can take to securely use and maintain your mobile apps.

If you have any questions or concerns about using and setting up your mobile device, you can also go to the Mobile Device Support page in the Knowledge Base.

SANS Holiday Hack Challenge

Help save old Ebenezer Scrooge from certain doom! This year’s Holiday Hack Challenge from SANS is designed to help build your information security skills and have some holiday fun in the process. This year, match wits with an Artificially Intelligent agent, exploit a target machine, and do some detailed packet capture and file analysis, all with the goal of unraveling the mysteries of the Ghosts of Hacking Past, Present and Future.

Everyone is invited to participate. Compete for some really cool prizes:

http://pen-testing.sans.org/holiday-challenge/2014

For Your Calendar: Free Webcasts from SANS

Do you have about an hour of free time and want to learn something new from experts in the security field? You can find free webcasts hosted by SANS.org through their upcoming webcasts page. Recent webcasts are archived. These are some of the topics, among others:

  • What’s in your software? Reduce risk from third-party and open source components (sponsor: Veracode)
  • Watering hole attacks: Detect end-user compromise before the damage is done (sponsor: AlienVault)
  • Zen and the art of network segmentation (sponsor: Tufin Technologies)
  • Ramping up your phishing program (special from SANS)
  • Be ready for a breach with intelligent response (sponsor: McAfee/Intel Security)

You have to log in to SANS.org to access the material. MIT is a member of SANS, so there is no cost. Much of the information in the Security FYI newsletter comes from SANS sources.