DoD-IAnewsletter-Vol-7-No-4.pdf
《DoD-IAnewsletter-Vol-7-No-4.pdf》由会员分享,可在线阅读,更多相关《DoD-IAnewsletter-Vol-7-No-4.pdf(24页珍藏版)》请在三一文库上搜索。
1、Volume 7 Number 4 Spring 2005 The Newsletter for Information Assurance Technology Professionals also inside Social Engineering IATAC Spotlight on Research Commodity Absence and Data Security IATAC Spotlight on Subject Matter Expert (SME) An Overview and Example of the Buffer-Overflow Exploit About I
2、ATAC distribution is unlimited. contents feature 4 Total Electronic Migration System (TEMS)Providing Real-time Access to Scientific and Technical Information (STI) by John Francis The recently launched Total Electronic Migration System (TEMS) represents a long- term approach to providing access to e
3、lectronic documents. The implementation of TEMS allows DTICs eleven IACs to store, search, retrieve, and use Scientific and Technical Information (STI) to carry out their missions. IA initiatives 6 Social EngineeringThe Mother of All Trojan Horses by Jack Wiles Over the past 15 years, I learned just
4、 how easy it was to be an effective social engineer as I led several inside penetration teams into the buildings of clients who had hired us to test their vulnerabilities. 8 IATAC Spotlight on ResearchNaval Postgraduate School (NPS) by Ronald Ritchey This article is the first in a new series that sp
5、otlights important activities in Information Assurance (IA) education and research. The National Centers of Academic Excellence in Information Assurance Education (CAEIAE) are ideal institutions in which to seek high-quality IA academic programs. CAEIAE is sponsored by the National Security Agency (
6、NSA) and the U.S. Department of Homeland Security (DHS). 10 Commodity Absence and Data Security by Tyson Macaulay, CISSP, CISA You have a security problem of variable magnitudes because of “commodity absence.” An accurate reflection of the security situation evolving around the use of wireless data
7、networks, specifically the Wireless Fidelity (WiFi) networks of the Institute of Electrical and Electronics Engineers (IEEE) 802.11b/g. 13 IATAC Spotlight on Subject Matter Expert (SME) Dr. J. Bret Michael by Ronald Ritchey This issue of IAnewsletter introduces a new featurea profile of a member of
8、the Information Assurance Technology Analysis Center (IATAC) SME program. 16 An Overview and Example of the Buffer-Overflow Exploit by Isaac Gerg Each week, security vulnerabilities are discovered in widely deployed software. Many of these security threats stem from buffer-overflow exploitation by w
9、hich a malicious user attempts to gain control of a computer system by overwhelming it with skillfully crafted input data. in every issue 3 IATAC Chat 9 Letters to the Director 23 Product Order Form 24 Calendar of Events IATAC Chat 3 IAnewsletter Volume 7 Number 4 Spring 2005 http:/iac.dtic.mil/iata
10、c Gene Tyler, IATAC Director I n the previous issue, I introduced our intent to high- light an IA Center of Academic Excellence (or similar institution) and Subject Matter Expert (SME) from our SME Program. Considering IATACs mission to “provide the (Department of Defense) DoD a cen- tral point of a
11、ccess for information on Information Assurance emerging technologies in system vulnerabili- ties, research and development, models, and analysis to support the development and implementation of effec- tive defense against Information Warfare attacks,” we should be focusing more time on two critical
12、compo- nents of the IA profession“greybeards” and institutions of higher learning. These two elements are central to accomplishing our DoD-directed mission and in maintain- ing a repository of IA Scientific and Technical Information (STI). Academic institutions and the experts they produce are vital
13、 to achieving professional situational awareness. IATAC is governed by and receives oversight from a number of sources, one of which is the IATAC Steering Committee. This is a group of 23 senior Government IA professionals and leaders. Most Steering Committee members are from DoD, but some are from
14、other Federal departments, such as the Department of Homeland Security. Within DoD we have participation from the research and development, science and technology, and academic communities. There is also representation from DoD Agencies, the Joint Staff, and the Office of the Secretary of Defense (O
15、SD). The experience level is varied in this group of seniors who know the IA world. Recently, the Steering Committee challenged the IATAC Program Office to establish a better link to the “IA technology com- munity, particularly the IA research community.” The challenge from the Steering Committee co
16、uld not have been more timely, since these communities are closely associated with the Centers of Excellence and SME Programs. In the early summer of 2004, we conducted a search for a candidate to do just what the Committee is asking of us. Mr. Matthew Warnock joined our staff imme- diately after gr
17、aduating from Penn State with a technical degree. One of his first actions was to reach out and estab- lish a dialog with each of the 59 IA Academic Centers of Excellence. At about the same time, Ms. Tara Shea, another recent member of the IATAC team, began revamping the IATAC SME Program. I believe
18、 our actions were in line with the Committees guidance. As I mentioned previously, we will use this venue to highlight institutions and selected SMEs. In this issue, we highlight the Naval Postgraduate School (NPS). We also recognize Dr. J. Bret Michael of NPS as our featured SME. Although Dr. Micha
19、el is not directly involved in NPSs IA Center of Excellence Program, he is a well-known IA pro- fessional and a member of the IATAC Steering Committee. We value his contributions and the experience he brings to IATAC. We will leverage his knowledge as we strengthen our ties to the research and devel
20、opment communities, seek guidance on academic and professional events in which we should participate, and broaden our ties to other academic institutions. Highlighting the Centers of Academic Excellence and SMEs will satisfy two long-term goals. First, we want to establish and strengthen the relatio
21、nships identified by our Steering Committee. Dialogue with universities and professional experts will help foster these relationships, will serve as a catalyst for more focused development of our products, and will help to ensure that our identified SMEs are truly “graybeards.” Our SME database cont
22、ains members of academia, government, and industry, but have we reached out to the right individuals? And to what degree are they willing and able to serve if asked? This is a worthwhile question, and one that may trigger changes in the SME databases. It may lead to establishing different SME levels
23、 for different purposes. Our second goal is to collect and analyze STI that the IA technology and IA research communities may have to offer IATAC. IATAC is the DoD repository for IA STI, and, even though IATAC is a relatively new Information Analysis Center (IAC), we have made much progress col- lec
24、ting STI. However, there are always opportunities for growth and movement in positive directions. The academ- ic and IA professional communities are fertile ground for expansion and growth. Identifying what the important components are of a strong and vibrant Information Assurance (IA) professional
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- DoD IAnewsletter Vol No
链接地址:https://www.31doc.com/p-3753335.html