Mediaboss Marketing

FORT MEADE, Md. The National Security Agency (NSA) and partner cybersecurity authorities released a Cybersecurity Information Sheet today recommending that Microsoft Windows operators and administrators properly configure and monitor PowerShell to prevent and detect abuse by malicious actors.NSA, the Cybersecurity and Infrastructure Security Agency (CISA), and the New Zealand and UK National Cybersecurity Centres developed Keeping PowerShell: Security Measures to Use and Embrace to help Windows operators and administrators understand how PowerShell supports system maintenance, forensics, automation, and security.PowerShell is a scripting language and command line tool included with Microsoft Windows that provides many features, including the ability to automate tasks, improve incident response and enable forensics efforts. However, the same extensibility, ease of use, and availability that aids net defenders also provides an opportunity for malicious cyber actors, who have often abused PowerShell after gaining access to victim networks.This has prompted some net defenders to disable or remove the Windows tool. NSA and its partners advise against doing so, and instead recommend following the guidance in this advisory to properly configure and monitor the tool. Recent versions of PowerShell include improved defensive capabilities, including ways to counter PowerShell abuse. The report outlines security features in PowerShell that help with protecting credentials, remote management configurations, anti-virus scanning and logging.Read the full report here. Visit our full library for more cybersecurity information and technical guidance.

Excerpt from:
Partners Recommend Properly Configuring, Monitoring PowerShell in New Report - National Security Agency

There will be no roll back of the Agnipath scheme as it is for the good of the armed forces and even the youth who get trained through it, National Security Advisor (NSA) Ajit Doval said on Tuesday. He also said there would be ample employment opportunities for Agniveers as by the time they retire from the forces, India will have a $5 trillion economy and industries will be vying to employ disciplined, trainable youth.

There is no question of any rollback. This is not a knee jerk reaction. This has been discussed for decades. In 1970s, we had General Krishna Rao Committee of which General Chhibber and General Sundar were members. They talked about reforming the Army, including the manpower policy. Then there was the Arun Singh report in 1989 and then there was a Group of Ministers report there was Subramaniam Committee report, the Kargil Committee report All had this consistent refrain that go for a younger Army. But there was a problem. While everybody realized it was necessary, no one had the ability and the will to take the risk, Doval said in an interview to ANI.

The statement comes amid continuing violent protests across the country over the governments new scheme for recruitment in the armed forces where youngsters will be recruited only for a period of four years at the jawan level instead of the earlier 15 years.

In an attempt to allay fears of unemployment after four years in the Army, Doval said there was a misunderstanding that had been created.

We are talking about a young man who is 22 or 23 years old, has done four years of service and now is in the market. This man has become disciplined, has got the capability to work in a team, has learnt skills, developed confidence, is trainable and has got all-India perspective. He is much more equipped to face the society. On top of it, he has been given a qualification equivalent to plus two. Then he will have Rs 11 lakh with him which he can use to study further, Doval said.

By the time Agniveer retires, India will be a $5 trillion economy. There will be a lot of opportunities in the private sector. Industries will want to hire people who are disciplined and trainable. Their biggest asset will be their young age. Their future is totally secure, he added.

On the need for such a scheme, Doval said, Security is a very dynamic concept. The whole world is going through great change. Increasingly we are going towards contactless war We must have a young, fit, agile and well-trained Army. It is a contradiction that a country that has the youngest population, has the oldest Army.

On the fears of the scheme making the Army weak, Doval said, Agniveer will never constitute the whole Army. They are there for only four years. Rest of the Army will be made up of experienced people. Those Agniveers who become regulars eventually, will go through more intensive training. So Indian Army will always have people who, though recruited as Agniveers, have been selected for their suitability, agility, motivation and aptitude. Selection is one part, but when you observe people over a long period of time, you realise who is an ideal soldier. So, after four years, the people who will join the Army will be crme de la crme.

Doval also said that the concept of regiments is not being tinkered with and regiments such as artillery and armoured corps, among others, will remain. Calling caste-based regiments a colonial legacy, Doval said there were very few left in the Army.

Doval also brushed aside fears of Agniveers becoming mercenaries for hire after retirement.

This fear is totally invalid? I have been in the business of security for the last 55 years. I can tell you, if there is any guarantee in the society to keep peace, stability and rule of law, it will be the civilian population of the country who have to become law abiding. And you will find the best of the law-abiding citizens in these youth who will have nationalist sentiments and protect the national interest and create that environment. In those four years in the forces, only their bodies will not be trained, but even their minds will be transformed. They will become an asset for our internal security when they go into the society, Doval said.

On the ongoing protests, Doval said there was opposition from two sets of people, which included Army veterans, who he said were opposing for lack of full information, and those with vested interests.

These are those who have no concern with the security of the nation nor are they dedicated to the nation. They are conflict entrepreneurs. These are people who will go for stone throwing, demonstrations and burning trains. An Agniveer will never be misled into this. I dont think any of these people (those protesting) are interested in joining the forces, he said.

Doval said there was some anticipation of the protests within the government. We thought these people who have got some vested interest some people are making money through coaching centres some want to discredit the government some want the youth to go against the government But we are a democracy. But once they transgress those red lines where the limits of their freedom start undermining the countrys security and its law and order, certainly the action has to be taken and has been taken, Doval said.

On whether the Agnipath scheme and other issues of internal security could have been preceded by more consultation, Doval said, Management of security is a very layered phenomenon. In some situations, there has to be complete insulation. People should know on the basis of need to know. If there are people who have nothing to contribute and are not accountable and you take them into confidence, probably, once it becomes public, our adversaries will take advantage of that. As far as consultation is concerned, India is a democracy you find if there are 100 issues, there are 101 opinions. And they are freely expressed from the street to the press.

Doval asserted that the Agnipath scheme was part of the governments consistent effort to transform the Army and make it ready for the future. He insisted that it was owing to the strong political will of the prime minister that this was possible.

In 2006, Ministry of Defence wrote a letter to the Ministry of Home Affairs that we are thinking of implementing this thing and will the CPMFs be able to take some people MHA gave a reply that we are forming a committee under the DG BSF to examine the matter. That committee report was never seen by anyone. It was about political will. It can only happen under a PM like Modi, who will say that if this is in the national interest, if this will make India stronger and secure, then no risk is big enough. Even if there is a political cost, I will pay (he will say), he said.

Read the original:
No rollback of Agnipath; good for Army, youth: NSA Ajit Doval - The Indian Express

Credit: K. Dill/NIST

Quantum networks, an emerging research frontier, will one day offer the ability to distribute and share quantum information securely among quantum computers, clusters of quantum sensors and related devices at regional and national distances. They can also be used to distribute ultraprecise time signals, as well as other applications yet to be invented or fully explored. Quantum networks will be essential to modern secure communications and to computing enhancements in the 21st century.

To advance quantum network capabilities and leadership, six U.S. government agencies with world-class research capabilities announce the establishment of the Washington Metropolitan Quantum Network Research Consortium, or DC-QNet, to create, demonstrate and operate a quantum network as a regional test bed. The six agencies are the U.S. Army Combat Capabilities Development Command Army Research Laboratory (DEVCOM ARL), the U.S. Naval Research Laboratory (NRL), the U.S. Naval Observatory (USNO), the National Institute of Standards and Technology (NIST), the National Security Agency/Central Security Service Directorate of Research (NSA/CSS-RES), and the National Aeronautics and Space Administration (NASA). There are currently two out-of-region affiliates to this consortium as well: the U.S. Naval Information Warfare Center Pacific and the U.S. Air Force Research Laboratory.

To read the full release, visit the Naval Research Laboratory website.

Read more from the original source:
DC-Area U.S. Government Agencies Announce the Washington Metropolitan Quantum Network Research Consortium, or DC-QNet - NIST

News

Government cybersecurity organizations on Tuesday announced guidelines for using Microsoft's built-in PowerShell scripting language with Windows, without having it also be leveraged by attackers.

The newly released joint "Cybersecurity Information Sheet" on PowerShell (PDF) was put together by "cybersecurity authorities from the United States, New Zealand and the United Kingdom." Participants on the U.S. side included the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA).

The agencies noted that "malicious actors" use PowerShell for their attacks after first gaining network access. However, the authors stopped short of suggesting that organizations remove it. PowerShell has "defensive capabilities," too, they noted. Also, blocking PowerShell "prevents components of the Windows operating system from running properly."

Organizations, though, should uninstall PowerShell version 2 because it has security holes. More recent PowerShell versions, beginning with PowerShell version 5, have "prevention, detection and authentication capabilities" that are useful for defenders.

The security "hardening" technologies to use in conjunction with PowerShell include:

The authors concluded that "PowerShell is essential" to secure the Windows operating systems, and is OK to use after the problems in version 2 were addressed. PowerShell shouldn't be removed, but organizations should harden it, where possible.

Particularly on the logging and detection side, IT pros may need to take some actions to optimally secure PowerShell because they aren't enabled by default.

"Deep Script Block Logging, Module Logging, and Over-the-Shoulder transcription are disabled by default," the guide explained. "The authors recommend enabling the capabilities where feasible."

The agencies recommendations were just intended to apply to organizations running Windows, and not to Linux and macOS environments, according to a footnote in the report.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Read the original post:
CISA, NSA and Other Agencies Recommend Hardening PowerShell - Redmondmag.com

MANILA, Philippines Incoming National Security Adviser Clarita Carlos voiced her disapproval Friday of the practice of red-tagging, or conflating progressive critics and activists as armed insurgents, calling it "unproductive."

This comes after incumbent National Security Adviser Hermogenes Esperon, a retired Philippine Army general, launched an offensive against progressive groups and alternative media outfitswith just two weeks left in his term. Advocates called this an attack on press freedom and civil liberties.

Speaking overThe Mangahas Interviews, Carlos questioned the practice of red-tagging popularized as of late under the Duterte administration's anti-insurgency campaign calling it lazy thinking.

"What I will bring into our national security landscape is really my training as a political scientist...when you run out of arguments, you label.It's not a productive thing and it's antithetical to the presumption of innocence, right? Why are we doing things that are not productive? Let's stop doing that," she said in mixed Filipino and English.

"If you have proof, well then you should file a case in court. Does labeling help you? No, so don't waste your time."

Outgoing Justice Secretary Menardo Guevarra, who has accepted his nomination as the next solicitor general, also said the statement earlier this week. The incoming solicitor general said that "labelling" is dangerous and complaints should be filed instead.

Carlos said that the national government should address the root causes of the communist insurgency by looking at problems on the ground.

"The roots are there...address the lack of justice, the lack of opportunities for our youth," she said in Filipino. "And you're killing their future; they can't aspire to be journalists, scientists, engineers, architects...If you kill them, they'll take up arms."

"So we should give them opportunities to study, to be healthy, health is a security issue, and give them opportunities to flourish as an individual, because they will contribute to building a better Philippines. Not by holding a gun, but by becoming a senator, a plumber, a carpenter. Because that's what this is about."

Categorically asked if there would be changes in the controversial National Task Force to End Local Communist Armed Conflict, Carlos said: "That wasn't included when we were briefed...I'll need to study that first [because] there are so many offices involved...I don't want to comment first because I don't understand it yet."

As the government's security adviser, Carlos will be among those behind thecontroversialAnti-Terrorism Council, feared by many to be abuse its powers to limit dissent and undermine democracy under pretext of countering terrorism.

In President Rodrigo Duterte's Philippines, the communist insurgency is the boogeyman up there with the illegal drug trade as public enemy number one. The president's nightly addresses feature lengthy asides that see the chief executive railing against left-leaning activists and drug suspects alike.

This has culminated in the widespread practice of red-tagging,defined by Philippine jurisprudence as the act of labeling, branding, naming and accusing individuals and/or organizations of being left-leaning, subversives, communists or terrorists (used as) a strategy... by State agents, particularly law enforcement agencies and the military, against those perceived to be threats or enemies of the State.

But the Commission on Human Rights has warned that the practice of red-tagging, which has increased in 2020, "violates the constitutional guarantee of presumption of innocence and may have serious implications on the security and movement of individuals and groups involved."

READ:Militarization in Philippines has 'damaging effects' on civic space, democratic freedoms think tank

Many activists and members of progressive and left-leaning groups have pointed out that many who are red-tagged often end up shot and killed by unknown assailants. Rights groups, including the UN Human Rights Office, have said the dangerous practice has been institutionalized in the country.

The Constitution guarantees the presumption of innocence, while leaning towards the left of the political spectrum or even being a communist is not illegal in the Philippines.

Even the government's own National Security Plan 2017-2022 acknowledges what it calls "the root causes of internal conflicts, namely: poverty and social injustice, widespread economic inequity, poor governance, abuse and control of political power, and marginalization of cultural communities."

"Terrorism is hard to define. I teach that. There are over 100 definitions for it. Even the UN cannot ask for a consensus on its definition. Why? Because terrorism is a political-related term," Carlos said.

"Just use terms under the Penal Code because those are defined in the operational component." Franco Luna

See the original post:
Incoming NSA chief on 'unproductive' practice of red-tagging: Let's stop doing that - Philstar.com