Learn about the basics of PowerShell. This cross-platform command-line shell and scripting language is built for task automation and configuration management. You’ll learn basics like what PowerShell is, what it’s used for, and how to use it.
Learning objectives
After completing this module, you’ll be able to:
Understand what PowerShell is and what you can use it for.
ChannelPro is now partnering with MSP-Ignite to bring peer-to-peer sessions to ChannelPro SMB Forums. Join us for an afternoon of interactive discussions on MRR profitability, owner-led sales challenges, hiring and staff retention suggestions, the importance of a positive culture, cybersecurity profiles, and more. Industry veteran Steve Alexander brings 10 years of facilitation experience and 37 in the industry to you for this no cost peer-to-peer interactive discussion. Share your successes and challenges for the benefit of everyone in the room. Steve will be joined by sales pro Ashley Lalumiere to guide you through the common sales challenges with a roadmap to successful owner-led sales. Peer session will be on Nov. 2nd from 2 to 4:30pm.
ChannelPro and Dell Expert Network have partnered to offer a sales and marketing workshop, which also includes a Dell Solutions showcase of their latest technology! This workshop will run the day before the ChannelPro SMB Forum on Nov. 2nd at the hotel from 5 – 7pm. There will be a $1,000 cash giveaway at the event!
Cocktail Reception
Welcome Cocktail Reception from 7-9pm PT at the hotel. This is a great time to unwind and meet folks prior to the main day event.
November 3rd
Breakfast, Registration, and Networking Time
Doors open at 7:30am PT with a nice breakfast. Sessions begin at 8:00am PT.
The Security Slam
This is no poetry competition, channel pros. Listen to three cybersecurity service providers tell true-life stories of incredible hacks, unforgiveable customer errors, and high-stakes incident responses, and then learn how to apply their experiences to protecting your clients more effectively.
There’s big money to be made in Microsoft’s public cloud platform—if you know what to offer and where to begin. See how channel pros like you are profiting from Azure-based solutions today.
Visit the sponsors in their booths to learn more about their products and solutions!
The Employee Recruitment Dating Game
In the current hiring climate, finding the love of your IT life is tougher than ever. Do you have what it takes to find, woo, and win the best tech talent out there? See how three of your peers handle real-world employee interview challenges in this Sixties-style game show.
Social media platforms can be powerful lead-generation tools. In this hands-on workshop, led by experts from channel legend Janet Schijns’ JS Group, you’ll learn proven, practical techniques used by social selling masters, and get free access to an extensive series of online follow-up lessons.
Who gets voted off the island? It’s up to you! Hear three of the industry’s top managed services consultants field tough questions about the M&A strategy, product strategy, and growth strategy today’s MSPs need to survive in a changing market. Then pick the sole survivor!
The NCCoE Buzz: Mobile Security Edition is a recurring email on
timely topics in mobile device cybersecurity and privacy from the National
Cybersecurity Center of Excellence’s (NCCoE’s) Mobile Device Security project
team.
With Halloween around the corner, the National Cybersecurity
Center of Excellence (NCCoE) wants to share a few “tricks” and tips for mobile
passwords that result in the “treat” of protecting your mobile device from
compromise.
Potential Threats
Below is a list of several potential mobile password threats that
can impact you or your organization:
Lost/Stolen
Phone – If an unauthorized user
obtains a lost or stolen mobile phone that has no password, they may have
easy access to sensitive information on the device (e.g., messages,
photos, or email)
Brute-Force
Attack – If a mobile phone has a weak
password, a malicious attacker may be able to easily obtain the password
and gain access to information on the mobile phone
Phishing – If a password is captured by texting or emailing to
convince a user or subscriber into thinking the attacker is a verifier or
reliable party, the attacker can gain access to a user’s account(s) and
access sensitive information
Password Protections
To protect against mobile password threats, here are a few tips:
1. Apply multi-factor authentication.
If a password is compromised, requiring a second factor for
authentication can help protect against threats such as phishing attacks.
Multi-factor authentication can be any combination of the
following:
Something you know – Password, pin, etc.
Something you have – Authenticator app, hardware token, etc.
Something you are – Biometrics (e.g., fingerprint or face recognition)
For example, if an attacker has acquired your password (something
you know) through a phishing attack, but your account requires a password +
your fingerprint (something you are) to grant access, then the attacker will
not be able to access your account because they do not have access to the
second factor.
2. Choose a password with a minimum length of 8 characters.
A common misconception is that complexity is the key to having a
strong password. NIST SP 800-63B highlights that complexity can actually make
it difficult for the user to remember their password and can deter them from
developing a strong memorable password.
Instead, 800-63B recommends creating a memorable password that is
at least 8 characters in length to help prevent against brute-force attacks,
while also ensuring the user can remember their password/pin/passphrase.
We hope these mobile password tricks and treats were helpful.
On Nov. 1, 2022, CISA will upgrade from Traffic Light Protocol (TLP) 1.0 to
TLP 2.0 in accordance with the recommendation by the Forum of Incident Response Security Teams
(FIRST) that organizations move to 2.0 by the end of 2022. TLP Version
2.0 brings the following key updates:
TLP:CLEAR replaces TLP:WHITE for publicly releasable
information.
TLP:AMBER+STRICT supplements TLP:AMBER, clarifying when
information may be shared with the recipient’s organization only.
CISA encourages all network defenders and partners to upgrade to TLP Version
2.0 to facilitate greater information sharing and collaboration. For more
information see:
Back in August, the NCCoE Healthcare team released the final
project description Mitigating
Cybersecurity Risk in Telehealth Smart Home Integration.
This project’s goal is to provide health delivery organizations (HDOs) with
practical solutions for securing an ecosystem that incorporates consumer-owned
smart home devices into an HDO-managed telehealth solution.
Register now to hear an update from the NCCoE Healthcare team on
the following topics:
The Smart Home Integration
Project Description
The Federal Register Notice
(FRN) Status
The NCCoE project approach and
potential collaboration opportunities
Next steps for the NCCoE
Healthcare team
There will be 45 minutes of presentation and 15 minutes of Q&A
at the end of the webinar.
This event takes place at 2 PM today. The
event page includes details on the overview of the call as well as a link to
the registration page. If you have any questions, please email our team at hit_nccoe@nist.gov.
The initial public draft introduced four significant changes to
NIST SP 800-140B:
Defines a more detailed
structure and organization for the Security Policy
Captures Security Policy
requirements that are defined outside of ISO/IEC 19790 and ISO/IEC 24759
Builds the Security Policy
document as a combination of the subsection information
Generates the approved
algorithm table based on lab/vendor selections from the algorithm tests
This second draft addresses the comments made on the initial
draft, including concerns with the structure of the Security Policy and the
process for creating it. Appendix B provides details on these changes.
The NIST SP 800-140x series supports Federal Information
Processing Standards (FIPS) Publication 140-3, Security Requirements for Cryptographic Modules,
and its associated validation testing program, the Cryptographic Module
Validation Program (CMVP). The series specifies modifications to ISO/IEC 19790
Annexes and ISO/IEC 24759 as permitted by the validation authority.
The public comment period is open through December 5, 2022. See
the publication
details for instructions on submitting comments.
The HIPAA Security Rule specifically focuses on protecting the
confidentiality, integrity, and availability of electronic protected health
information (ePHI), as defined by the Security Rule. All HIPAA-regulated
entities must comply with the requirements of the Security Rule.
This draft:
Includes a brief overview of
the HIPAA Security Rule
Provides guidance for regulated
entities on assessing and managing risks to ePHI
Identifies typical activities
that a regulated entity might consider implementing as part of an
information security program
Lists additional resources that
regulated entities may find useful in implementing the Security Rule
Created in 2014, this collaborative event is cooperatively
developed, organized and sponsored by the leading information security industry
organizations and chapters, including NY Metro ISSA. The strength of
organizational membership, the provision of desirable CPE credits and the
concurrence of National Cyber Security Awareness Month, is always well-attended
by members of the information technology, information security, audit,
academic, and business communities.
CISA warns users to remain on alert for malicious cyber activity targeting
potential disaster victims and charitable donors following a hurricane. Fraudulent
emails—often containing malicious links or attachments—are common after major
natural disasters. Exercise caution in handling emails with hurricane-related
subject lines, attachments, or hyperlinks. In addition, be wary of social media
pleas, texts, or door-to-door solicitations relating to severe weather
events.
To avoid becoming victims of malicious activity, users and administrators
should review the following resources and take preventative measures.
If you believe you have been a victim of cybercrime, file a complaint with
Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) at www.ic3.gov.
The NIST SP 800-90 series of documents supports the generation of
high-quality random bits for cryptographic and non-cryptographic use. SP
800-90A specifies several deterministic random bit generator (DRBG) mechanisms
based on cryptographic algorithms. SP 800-90B provides guidance for the
development and validation of entropy sources. SP 800-90C specifies
constructions for the implementation of random bit generators (RBGs) that
include DRBG mechanisms as specified in SP 800-90A and that use entropy sources
as specified in SP 800-90B.
This draft includes constructions for three classes of RBGs:
An RBG1 construction provides
random bits from a device that is initialized from an external RBG.
An RBG2 construction includes
an entropy source that is available on demand.
An RBG3 construction includes
an entropy source that is continuously accessed to provide output with
full entropy.
SP 800-90C includes a note to readers, guidance for accessing and
handling the entropy sources in SP 800-90B, specifications for the
initialization and use of the three RBG constructions that incorporate the
DRBGs from SP 800-90A, and guidance on health testing and implementation
validation using NIST’s Cryptographic Algorithm Validation Program (CAVP) and
the Cryptographic Module Validation Program (CMVP) that is jointly operated by
NIST and the Canadian Centre for Cyber Security (CCCS).
The public comment period for NIST SP 800-90C is open through
December 7, 2022. See the publication
details for a copy of the draft and instructions for submitting
comments.
