08/11/2017
CG-CVC 17-04 and the TPO Guidebook (August 2017) are designed to outline the roles and responsibilities of the TPO.
Click here to download the CG-CVC Policy Letter 17-04 and the TPO Guidebook.
We have a few spots left in the upcoming Annual Surveyor of Towing Vessels Course in Houston, Texas scheduled for August 22nd through the 25th.
Our four day Annual Survey of Towing Vessels course provides surveyors with the knowledge and skills required to perform Subchapter M annual surveys of towing vessels. Students who successfully complete this course will have an in-depth understanding of both internal survey programs and external annual survey programs, the reporting requirements of each.
This course is for those seeking to perform annual internal surveys on behalf of their company or as a third-party contractor performing annual internal or external surveys and for those that will manage these programs. Please see the link below for more information.
08/10/2017 – excerpt from August 9th post titled “Protecting Network Infrastructure”
The advancing capabilities of organized hacker groups and cyber adversaries create an increasing global threat to information systems. The rising threat levels place more demands on security personnel and network administrators to protect information systems. Protecting the network infrastructure is critical to preserve the confidentiality, integrity, and availability of communication and services across an enterprise.
Network infrastructure consists of interconnected devices designed to transport communications needed for data, applications, services, and multi-media. Routers and firewalls are the focus of this alert; however, many other devices exist in the network, such as switches, load-balancers, intrusion detection systems, etc. Perimeter devices, such as firewalls and intrusion detection systems, have been the traditional technologies used to secure the network, but as threats change, so must security strategies. Organizations can no longer rely on perimeter devices to protect the network from cyber intrusions; organizations must also be able to contain the impact/losses within the internal network and infrastructure.
For several years now, vulnerable network devices have been the attack-vector of choice and one of the most effective techniques for sophisticated hackers and advanced threat actors. In this environment, there has never been a greater need to improve network infrastructure security. Unlike hosts that receive significant administrative security attention and for which security tools such as anti-malware exist, network devices are often working in the background with little oversight—until network connectivity is broken or diminished.
If the network infrastructure is compromised, malicious hackers or adversaries can gain full control of the network infrastructure enabling further compromise of other types of devices and data and allowing traffic to be redirected, changed, or denied. Possibilities of manipulation include denial-of-service, data theft, or unauthorized changes to the data.
Intruders with infrastructure privilege and access can impede productivity and severely hinder re-establishing network connectivity. Even if other compromised devices are detected, tracking back to a compromised infrastructure device is often difficult.
Malicious actors with persistent access to network devices can re-attack and move laterally after they have been ejected from previously exploited hosts.
The link below contains the full text of the post and addressees their summary of six prevention measures to help system users and administrators provide a more secure and efficient network infrastructure.
Click here to read the original post by DHS in full.
