Upcoming Cyber Technical Advisory Group workshops
If you have any questions please let josh.wood@nlawarp.net know.
1. Email security workshops
Mail Transfer Agent Strict Transport Security (MTA-STS)
Now considered by NCSC/Mail Check to be part of what is needed for better email security. And build upon the progress made with DMARC)
10:00 to 11:00 on Friday 29 April
10:00 to 11:00 on Thursday 9 June
This presentation has a heritage, in so much as it predates the active interesting MTA-STS by NCSC and Mail Check by over a year. It covers, in a “cookbook” format, how to set up MTA-STS and what can go wrong.
MTA-STS is a standard already in use by many major email systems; including the NCSC, as well about a dozen or so councils up and down the country.
From the NCSC: read more about using Mail Transfer Agent Strict Transport Security (MTA-STS) to protect email privacy.
Improving your email security
10:00 to 11:30 on Friday 6 May
10:00 to 11:30 on Wednesday 1 June
These sessions are limited to a maximum of 6 domain names or organisations. However more than 1 person from each organisation can attend.
The purpose of each workshop is to drill down on each domain name, understanding where are on the email security journey that organisation is and help to identify what the next best steps would be. To do this successfully, it is important that the attendee understands the above and is comfortable communicating this on the call to peers.
To assist with the session, Bruce will leverage the zED scanner to produce a RAG rating for each workshop attendee domain, which will contain the TLS, SPF and DMARC detail (as well as MTA-STS).
zED: baselining your peers and suppliers email
10:00 to 11:30 on Thursday 26 May
zED, a point product/tool, directly addresses a question that came from the WARPs about how public sector organisations can assess the risks (email hygiene) of their peers and suppliers, amongst new summer 2021 features is the checking if a domain meets the NHS DBC1596 secure email standard, as well as proven reporting on SPF, DMARC and the MTA-STS standards.
zED checks TLS and DNS records you wish to have checked, to ascertain your exposure to risk via email from your peers and suppliers, this is a weekly scan based upon the domains you want to check and is complementary to NCSC’s Mail Check tool.
2. Security vendors of concern (SVoC)
10:00 to 11:00 on Wednesday 4 May
Mark Brett will be joined by a government security advisor will present on his recent paper for C-TAG detailing SVoC. SVoC are those products or services that may be under the control or influence of hostile states or organised criminals. When undertaking a risk assessment, these are generally grouped under supply chain concerns.
*** Strictly public sector only ***
3. Dark web
10:00 to 11:30 on Wednesday 11 May
10:00 to 11:30 on Wednesday 22 June
This workshop is based on the premise you want to know more about the dark web, or that you may have a need to have a look at what is there – perhaps to check if you can find any stolen data belonging to your organisation (post ransomware attack).
It deals with some of the many myths that surround the dark web, explores the differences between deep and dark webs, as well as what scanners and command-line options are available for searching for data…
It features:
- a live demo around how to get to the dark web
- safety precautions to take prior to going online to the dark web as well while you are there
- looking at some dark web sites
- doing some searches.