Meeting Notes from August 18, 2012 at ITT Tech

Jered Kuhfahl started the meeting by discussing TMG - Threat management Gateway and then talked about DPM - Data Protection Manager. Both are very interesting and useful programs for businesses.

Server 2012 is about to be - or has already been - deployed to the public. Not sure of the date of release. One item not included in this new server is DCPromo. Many people have used this nice little tool for AD. Powershell is making a comeback in Server 2012. Several web sites are renewing their training for this. Check it out!

Another topic was B-Z = Blackhole to ZeroAccess. A PowerPoint presentation by Richard Wang was shown. He is from Sophos Labs U.S. Blackhole Exploit Kit and ZeroAccess Root Kit are both attacks to networks.

Blackhole is a tool to gain access to a PC so it can install their software. It exploits security holes in other software. Blackhole sells their software to hackers so they can access a computer.

ZeroAccess adds layers of compression and encryption to hide their true purpose. This is a polymorphic packer which rolls several types of malware into a single package, such as an email.

For both of these, updates to antivirus programs and anti-malware programs is essential. Frequent scans by these programs is also necessary. It is wise to use nstat in a command prompt to see what ports are open that do not need to be open.

One our local members mentioned that a web site, www.hackernews.com, keeps their site updated to inform Network Administrators of the current trends. Check it out!

The next AITP @ ITT will be held on September 22, 2012. The meeting will start promptly at 1pm. Please try to be there by 12:30pm. And email should be sent out prior to the meeting. If you do not get an email, contact me with your information and I can forward it to Jered.