Wednesday, January 19, 2022

Wireless Risk Analysis and Security



The Greater Hartford Chapter of ISACA is pleased to present a "Wireless Risk Analysis and Security" webinar on Wednesday, February 9, 2022  

Wireless Risk Analysis and Security is a single-day course that provides a comprehensive view into the methods and mindset used by hackers to compromise wireless networks. Wireless can be complex and effective learning requires mastery of a new set of acronyms and how these technologies fit into the big picture.  

The Security professional will learn the skills and knowledge required to understand how wireless networks operate. This course provides the basis for performing wireless reconnaissance and exploitation using tools found in both Kali Linux and Windows. 

A real-world demo will demonstrate how security weaknesses are identified, compromised, and exploited to extract data in today's wireless networks.  Wireless Analysis & Exploitation (WAX) imparts these skills to the Security professional: - A review of networking fundamentals - A review of important Linux and Windows commands - Instruction on 802.11 Wi-Fi technologies including standards, Wi-Fi- operation, devices, terminology, acronyms, antennas, radio frequency fundamentals, standard Wi-Fi security methods, and troubleshooting. - Execution of reconnaissance activities - Execution of analysis activities - Approaches to "what happens next" once the Security professional has keys to the 802.11 network - A discussion of non-802.11 wireless technologies such as Bluetooth and Mobile Voice and Data Communications (FMC) - How to secure a wireless network . 

This webinar is presented by Jay Ferron

You can register Here



CISA Urges Organizations to Implement Immediate Cybersecurity Measures to Protect Against Potential Threats

 In response to recent malicious cyber incidents in Ukraine—including the defacement of government websites and the presence of potentially destructive malware on Ukrainian systems—CISA has published CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats. The CISA Insights strongly urges leaders and network defenders to be on alert for malicious cyber activity and provides a checklist of concrete actions that every organization—regardless of sector or size—can take immediately to: 

  • Reduce the likelihood of a damaging cyber intrusion, 
  • Detect a potential intrusion, 
  • Ensure the organization is prepared to respond if an intrusion occurs, and 
  • Maximize the organization’s resilience to a destructive cyber incident.

CISA urges senior leaders and network defenders to review the CISA Insights and implement the cybersecurity measures on the checklist.


I will be speaking at this event for resellers and MSP you can register here

Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP

 Zoho has released a security advisory to address an authentication bypass vulnerability (CVE-2021-44757) in ManageEngine Desktop Central and Desktop Central MSP. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the Zoho Vulnerability Notification and the Zoho ManageEngine Desktop Central and ManageEngine Desktop Central MSP security advisories and apply the recommended mitigations immediately.

Wednesday, January 12, 2022

NCCoE Releases Draft Project Description for IPv6 Transition

NCCoE Releases Draft Project Description for IPv6 Transition

The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Secure IPv6-Only Implementation in the Enterprise. Publication of this project description begins a process to further identify project requirements, scope, and hardware and software components for use in a laboratory demonstration environment.

We want your feedback on this draft to help refine the project. The comment period is now open and will close on January 27, 2022.

The project will address operational, security, and privacy issues associated with the evolution to IPv6-only network infrastructures. It will demonstrate tools and methods for securely implementing IPv6, whether as a “greenfield” implementation or as a transition from an IPv4 infrastructure to an IPv6-only network. This project will result in practice guides to encourage the secure transition to IPv6-only enterprise IT environments.

We Want to Hear from You!

Review the project description and submit comments online on or before January 27, 2022. You can also help shape and contribute to this project by joining the NCCoE’s IPv6 Transition Community of Interest. Send an email to detailing your interest.

We value and welcome your input and look forward to your comments.

Blockchain for Access Control Systems: Draft NISTIR 8403 Available for Comment


Blockchain for Access Control Systems: Draft NISTIR 8403 Available for Comment

NIST has released NIST Internal Report (NISTIR) 8403, Blockchain for Access Control Systems, for public comment.

Protecting system resources against unauthorized access is the primary objective of an access control system. As information systems rapidly evolve, the need for advanced access control mechanisms that support decentralization, scalability, and trust – all major challenges for traditional mechanisms – has grown.

Blockchain technology offers high confidence and tamper resistance implemented in a distributed fashion without a central authority, which means that it can be a trustable alternative for enforcing access control policies. This document presents analyses of blockchain access control systems from the perspectives of properties, components, architectures, and model supports, as well as discussions on considerations for implementation.

The public comment period is open through February 7, 2022.  See the publication details for a copy of the draft and instructions for submitting comments.

Comment Period Closing Soon: NIST SP 1800-34, Validating the Integrity of Computing Devices


Public comments will close on January 17 for Volume C of NIST SP 1800-34, Validating the Integrity of Computing Devices 

The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence (NCCoE) has published the preliminary draft Volume C of NIST SP 1800-34, Validating the Integrity of Computing Devices for public comment. This is a reminder that the public comment period will close on January 17, 2022. You can submit comments online or via email to

Volume C includes specific product installation, configuration, and integration instructions for building the example implementation, allowing you to replicate all or parts of this project. Help the NCCoE make this guide better by sharing your thoughts with us. If your organization prototypes this solution, please share your experience with our team. You can also stay up to date on the progress of this project by sending an e-mail to to join our Supply Chain Assurance’s Community of Interest.