Security Awareness Training

• Use different media and formats
  • Class
  • Web
  • Documentation
  • Video
  • Hands-on
• Part of new employee orientation
• Mock incidents (e.g. mail attachment)
• Circulate advisories and alerts
• Review procedures and content

Example of a CERT Advisory

Subject: CERT Summary CS-2002-02
Date: Tue, 28 May 2002 14:50:15 -0400 (EDT)
From: CERT Advisory <cert-advisory@cert.org>
Organization: CERT(R) Coordination Center - +1 412-268-7090
To: cert-advisory@cert.org

CERT Summary CS-2002-02

   May 28, 2002

   Each  quarter, the CERT Coordination Center (CERT/CC) issues the CERT
   summary  to  draw  attention  to  the types of attacks reported to our
   incident  response  team,  as  well  as  other noteworthy incident and
   vulnerability information. The summary includes pointers to sources of
   information for dealing with the problems.

   Past CERT summaries are available at http://www.cert.org/summaries/.
   ______________________________________________________________________

Recent Activity

   Since  the  last  regularly scheduled CERT summary, issued in February
   2002  (CS-2002-01),  we  have  released  several advisories addressing
   vulnerabilties   in   Microsoft's  IIS  server,  Oracle  Database  and
   Application  Servers, Sun Solaris cachefsd, and MSN Instant Messenger.
   In  addition,  we  have  published statistics for the first quarter of
   2002,  numerous  white  papers,  and  a collection of frequently asked
   questions about the OCTAVE Method.

   For  more  current  information  on  activity  being  reported  to the
   CERT/CC,  please  visit the CERT/CC Current Activity page. The Current
   Activity  page  is  a  regularly updated summary of the most frequent,
   high-impact  types  of  security  incidents  and vulnerabilities being
   reported  to the CERT/CC. The information on the Current Activity page
   is reviewed and updated as reporting trends change.

    1. Exploitation of Vulnerabilities in Microsoft SQL Server

       The  CERT/CC  has  received  reports  of systems being compromised
       through  the  automated  exploitation  of  null or weak default sa
       passwords  in Microsoft SQL Server and Microsoft Data Engine. This
       activity  is  accompanied by high volumes of scanning, and appears
       to  be  related  to recently discovered self-propagating malicious
       code,  referred  to  by  various  sources  as Spida, SQLsnake, and
       Digispid.

       CERT Incident Note IN-2002-04:
       Exploitation of Vulnerabilities in Microsoft SQL Server
       http://www.cert.org/incident_notes/IN-2002-04.html

[...]

• PreviousSecurity Mission Statement
• Contents
• NextSecurity Support Personnel Duties

 Last change: Sunday, June 16, 2002 9:58 pm
 Unless otherwise expressly stated, all original material on this page created by Diomidis Spinellis is licensed under a Creative Commons Attribution-Share Alike 3.0 Greece License.