Security Trap: Many New Security “Training” Courses are covering Outdated Material

Instructor

Over the last week or so I have been reading through a lot of security “training” material that either has been recently published or was being submitted for publishing. The problem is, a lot of the material was very old and not necessarily even relevant anymore.

Most Anti-Virus programs catch new threats by installing an updated virus signature so it can recognize the new threat. They “learn” to detect the newer threats. Granted many “new viruses” are just re-hashed code that has been modified so it’s signature changes. But there are completely new creatures out there that haven’t been seen before.

If the anti-virus engine didn’t evolve, it would never be able to stop (or detect) the never threats.

I find it concerning that of all the “new” security articles and training material that I have read in the last two weeks, one of the most advanced techniques I read about was from a security book written in 2004!

The example talked about a new attack that the author detected hitting Air Force systems. The attack was actually pretty impressive, the attacker used several machines and each machine was programmed to attack a certain system but intermittently and only for a brief amount of time.

The individual attacker systems would only run one small attack per day and then it wouldn’t attack the system again for a week or so. The next attacker system would do the same thing. It would attack a different part of the target system. Then like the first, it wouldn’t attack again for a long time. These systems attacked one after the other, a sort of distributed botnet of attacking systems each hitting only once for a brief amount of time.

It was very difficult for the system analysts to detect this attack. They had to focus on the attacked system, not the attackers, to find a pattern. Because they had full data capture of all their network traffic, they were able to find and track the attacks against the target network. But the pattern only showed up over weeks and months of network security monitoring – analyzing captured packets for patterns.

Pretty advanced stuff!

The problem is that this attack was recorded as happening in 1999

Hacker groups are very good at sharing attack techniques with others in their groups. They share training and tools fairly rapidly on hidden websites and secure forums. Granted security groups that are meeting once a month are doing a good job at getting security techniques disseminated, but there is still a long way to go to get the good guys up to speed and on the same page.

Also be aware when looking into purchasing security training material. Check into the company and the instructors. You may be getting recycled material that may no longer be relevant.

~ by D. Dieterle on February 12, 2013.

4 Responses to “Security Trap: Many New Security “Training” Courses are covering Outdated Material”

  1. Reblogged this on lava kafle kathmandu nepal.

  2. Concerning what you said, how can someone that is new to the area, identify which materials to use?

    • I would recommend getting involved with local security groups, OWASP is very good and ISSA. Don’t forget about security conferences like Blackhat, Defcon, Bsides. I think SANS training is top notch, though very expensive. Also check out SecurityTube.net, Vivek offers a lot of free, top notch training series.

      I hope this helps!

      Dan

      • I will check these links, thanks for the tips!!
        Conferences for me, are a little bit out of way, I live in Brazil.
        I saw the courses in SANS, indeed expensive!!!

        I’ve got some materials for Certfied Ethical Hacker v7, I read some of it and it seems to be a good material.

        Also, I found out this channel on youtube:

        It covers from the basic of assembly until, 117 videos later, exploits!!
        But, as I am trying to learn everything, I don’t know if the material is good or new!!!

        Thanks for the reply and congratulations for the blog!!

        Guilherme

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: