Slides from a workshop titled Data Privacy for Activists on January 29th, 2017 for the Data Privacy PDX Meetup group.
Workshop included presentation and live demos of:
- leaked credentials
- metadata fingerprinting
- VPN use
- Encrypted Email
Presentation made by Dr Tabrez Ahmad in Biju Pattanaik State Police Academy Bhubaneswar. To train DSP,s on Cyber Crime Investigation and Cyber Forensics.
Companies are generally very good at protecting themselves against external attacks, but only rarely do they guard themselves against internal attacks. By using what’s known as ‘Social Engineering’, hackers exploit unsuspecting people who in good faith open up their doors to unwanted strangers.
Social engineering, or SE, is the art of manipulating people into performing actions or so they give up confidential information. Social Engineering can mean different things to different people.
Slides from a workshop titled Data Privacy for Activists on January 29th, 2017 for the Data Privacy PDX Meetup group.
Workshop included presentation and live demos of:
- leaked credentials
- metadata fingerprinting
- VPN use
- Encrypted Email
Presentation made by Dr Tabrez Ahmad in Biju Pattanaik State Police Academy Bhubaneswar. To train DSP,s on Cyber Crime Investigation and Cyber Forensics.
Companies are generally very good at protecting themselves against external attacks, but only rarely do they guard themselves against internal attacks. By using what’s known as ‘Social Engineering’, hackers exploit unsuspecting people who in good faith open up their doors to unwanted strangers.
Social engineering, or SE, is the art of manipulating people into performing actions or so they give up confidential information. Social Engineering can mean different things to different people.
LandscapingA local landscaping company that provides lawn-mowing.docxsmile790243
Landscaping
A local landscaping company that provides lawn-mowing, trimming and general landscape duties wants to get a jump on its competition by determining which houses in a section of town would best respond to marketing materials. A measure of which homeowners to approach would include their income, size of their yard and compare that against historical data on which homes have had landscaping services.
You were able to dig up a random sample of 30 households, given in the file Landscaping.xls. Using Excel, create a scatter plot of Lot Size vs. Income, color coded by the outcome variable Yes/No. Make sure to obtain a well-formatted plot (remove excessive background and gridlines; create legible labels and a legend, etc.). Hint: First sort the data by the outcome variable, and then plot the data for each category as separate series. Create the same plot, this time using Tableau. Compare the two processes of generating the plot in terms of effort as well as the quality of the resulting plots. What are the advantages of each? Explain.
Management Information Systems for The Information Age
Haag, S., & Cummings, M. (2013). Management information systems for the information age .
New York: McGraw-Hill.
MANAGEMENT INFORMATION I
svsTEMs r FOR THE 1N~ORMAT10N AGE
> > Ninth Edition Stephen HAAG I Maeve CUMMINGS
L_ - - -- ____,
-·
EXTENDED LEARNING MODULE H
Define computer crime and list three types of computer crime that can be
perpetrated from inside and three from outside the organization.
Identify the seven types of hackers and explain what motivates each group.
Define digital forensics and describe the two phases of a forensic investigation.
Describe what is meant by anti-forensics and give an example of each
of the three types.
Describe two ways in which businesses use digital forensics .
...
-f 1ntroductio~
Computers play a big part in crime. They're used to commit crime, unfortunately. But
they are also used to solve crimes. This should come as no surprise since computers
are by now such an integral player in every part of our lives. Computers are involved in
two ways in the commission of crime: as targets and as weapons or tools. A computer
or network is a target when someone wants to bring it down or make it malfunction, as
in a denial-of-service attack or a computer virus infection. Crimes that use a computer
as a weapon or tool would include acts such as changing computer records to com-
mit embezzlement, breaking into a computer system to damage information, and steal-
ing information like customer lists. See Figure H.l for examples of computer-related
offenses in which computers are used as weapons/tools and targets of crime.
Some crimes are clearly what we call computer crimes, like Web defacing, denial-of-
service attacks, e-mail scams, and so on. But as is the case in so many parts of our modern
lives, computers are also so integrated into crime that it's hard to separate them ou ...
Computer Forensics-An Introduction of New Face to the Digital Worldrahulmonikasharma
Computer forensic is the current emerging and the future of the digital world. Computer forensics is the upcoming technology for the crime scene investigation and for the data assessment data discovery and data maintained and data recovery process. Computer forensics can also be used in the retaining the computer technology without major effect to the physical parts of the computer. As the use of technology is increasing day by day and the use of computers to reduce the human efforts and to maximize the efficiency and outcome and also to increase the accessibility of the resources has led others to the misuse of technology. As the technology is increasing the threat to the cyber security and data is also increasing. To reduce the threat for cyber security and to increase the reliability on data and information throughout the network, computer forensics is used as a tool and method to analyse and to reduce the cyber threat to the data and affiliated system on network.
Computer Forensics
Discussion 1
"Forensics Certifications" Please respond to the following:
· Determine whether or not you believe certifications in systems forensics are necessary and explain why you believe this to be the case. Compare and contrast certifications and on-the-job training and identify which you believe is more useful for a system forensics professional. Provide a rationale with your response.
· Suppose you are the hiring manager looking to hire a new system forensics specialist. Specify at least five (5) credentials you would expect an ample candidate to possess. Determine which of these credentials you believe to be the most important and provide a reason for your decision.
Discussion 2
"System Forensics Organizations" Please respond to the following:
· Use the Internet or the Library to research and select one (1) reputable system forensics organization. Provide a brief overview of the organization you chose, including what it provides for its members, and how one can join the organization. Indicate why, in your opinion, this particular organization would be the best choice for a system forensics professional to join and why you believe this way.
· Examine what you believe to be the most important reason for a systems forensic professional to be a member of a forensics organization and how this could further one’s career in the industry.
Cyber Security
Discussion 1
"Leading Through Effective Strategic Management" Please respond to the following:
· Propose three ways to ensure that cooperation occurs across security functions when developing a strategic plan. Select what you believe is the most effective way to promote collaboration and explain why.
· Explain what may happen if working cultures are overlooked when developing a strategy. Recommend one way to prevent working cultures from being overlooked.
Discussion 2
"Installing Security with System and Application Development" Please respond to the following:
· Provide three examples that demonstrate how security can be instilled within the Systems Development Life Cycle (SDLC). Provide two examples on what users may experience with software products if they are released with minimal security planning.
· Suggest three ways that application security can be monitored and evaluated for effectiveness. Choose what you believe to be the most effective way and discuss why.
Computer Security
Discussion 1
"Current Events and Future Trends" Please respond to the following:
· How can we create a national security culture where all are more cognizant of security threats and involved to help prevent potential incidents? How do we balance the need for this security culture with the rights guaranteed to us by our Bill of Rights?
Research Topics (Choose 1 Topic)
Terrorism
· Terrorism remains one of the major concerns in the wake of the 9-11 events. Research into terrorism as it pertains to homeland security is conducted by corporations like the RAND Corporation, which is.
Team research paper and project on network vulnerabilities with multiple attacks and defesnses:
Cybersecurity
-For this project, our class was paired with teams to attempt to find vulnerabilities in other teams networks and to successfully beach their network.
-My role in this group was to help breach other team vulnerabilities through different attacks like responder attacks, honeypots, etc.
-The main challenges of this project were trying to find the vulnerabilities successfully, as the whole team had troubles with each of our different attacks and defenses.
-We learned how to use cybersecurity tools to help find vulnerabilities in networks and how to protect against them better. For example, in the honeypot we used we deployed it to port 80, when the attacker tried to access our fake server we were notified. We also deployed palto alto firewall to create our private and secure network. For an attack, we also used password crackers like john the ripper. This project taught us how to breach networks as a team.
As technology transforms the legal practice, electronically stored information (ESI) has replaced the paper evidence as the lawyer’s primary stock in trade. This is the future of the legal profession. Far more information is retained by a computer than most people realize. Without the right tools and techniques to preserve, examine and extract data, legal officers run the risk of losing something important, rendering what you find inadmissible, or even causing spoliation of evidence.
In this presentation to the Uganda Law Society Uganda members, Mustapha B Mugisa (www.mustaphamugisa.com) explores the skills prosecutors and investigators must master in order to perform their jobs effectively. You will learn a lot by reading this presentation to the end, than most people know about forensics and the new developments.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
3. “Tell me; where is cyberspace? Point out to me exactly where it is. Show me the
billion of airwaves coursing through our bodies and surroundings non-stop 24/7.
You have a website? Reach out and touch it for me. Reach out and pluck a fax
from the air. Or reach out and pluck the photo of your kid that you just sent
grandma out of the air and show it to me.
Where is the Internet? And where are the billions of bits of information sent at
seemingly light speed around the world. Show them to me.
The text message you sent…where did it go and how did it get there? Show me
the software you just downloaded and installed on your computer. Not the
interface that pops up on your computer screen but show me the bits and bytes
that make it work.
It is all AIR!!! It is nothing more than air. Every day we all buy, send and use air
and every day we all do not realize that our lives are changing as new technology
is released and as becomes a major part of our lives.”
And sometimes the air is polluted!
4. Computer vs. Internet Forensics
The widespread use of computer forensics resulted from the convergence of two
factors: the increasing dependence of law enforcement on computing (as in the
area of fingerprints) and the ubiquity of computers that followed from the
microcomputer revolution. As computer forensics evolved, it was modeled after the
basic investigative methodologies of law enforcement and the security industry that
championed its use. Not surprisingly, computer forensics is about the
"preservation, identification, extraction, documentation and interpretation of
computer data.” In order to accomplish these goals, there are well-defined
procedures, also derived from law enforcement, for acquiring and analyzing the
evidence without damaging it and authenticating the evidence and providing a
chain-of-custody that will hold up in court. The tools for the "search-and-seizure"
side of computer forensics are a potpourri of sophisticated tools that are primarily
focused on the physical side of computing: i.e., tracing and locating computer
hardware, recovering hidden data from storage media, identifying and recovering
hidden data, decrypting files, decompressing data, cracking passwords,
"crowbarring" an operating system (bypassing normal security controls and
permissions), and so forth. For those who are old enough to remember the original
Norton Utilities for DOS think of these modern tools as the original Norton Disk
Editor for DOS on steroids.
5. Listed below are some common categories and a few examples of computer
forensics toolkits:
File Viewers: Quick View Plus (http://www.jasc.com)
Image Viewers: ThumbsPlus http://www.cerious.com)
Password Crackers: l0phtcrack or LC4 (http://www.atstake.com)
Format-independent Text Search: dtsearch (http://www.dtsearch.com)
Drive Imaging: Norton Utilities' Ghost (http://www.symantec.com)
Complete Computer Forensics Toolkits:
Forensics Toolkit (http://www.foundstone.com);
ForensiX (http://www.all.net);
EnCase Forensic (http://www.encase.com)
Forensic Computer Systems: Forensic-Computers (http://www.forensic-
computers.com)
One of the more full-featured network tools, NetScanTools Pro
(http://www.netscantools.com). Note the abundance of features built into one
product!
6. Internet Forensics specialist uses many of the same tools and engages in the
same set of practices as the person he/she is investigating. Let me illustrate with
a few examples.
Suppose that you've received some suspicious email, and want to verify the
authenticity of a URL included within. A number of options are available. One
might use a browser to access information from the American Registry for Internet
Numbers (http://www.arin.net). Or one might use any number of OS utilities. But
we'll save ourselves some time and worry, and use a general network appliance,
NetScanTools Pro. We identified the registration, domain name servers, currency
information, etc. for netscantools.com.
Now let's change the scenario slightly. Suppose that we had some hostile intent,
and wanted to ferret out information about some company's network
infrastructure. What tool might we use? You guessed it, NetScanTools Pro. The
point is that the self-same tool is equally useful to the hacker conducting basic
network reconnaissance and the legitimate Internet security specialist who's
trying to determine whether a URL links to a legitimate company or a packet
"booby trap." The point is that, both uses require essentially the same skill sets.
7. In Internet Forensics it is customarily the case that the forensic specialist
undergoes the same level of education and training as the hacker he or she
seeks to thwart. The difference is one of ethics, not skill. We observed that this
was not true of the perpetrator and investigator in computer forensics.
To drive home the point, look at the other options that NetScanTools Pro provides.
One can use an ICMP "ping" to identify whether a particular network host is online
just as easily as one can use it to identify activity periods in network
reconnaissance or a network topology. One can use a Traceroute to determine
network bottlenecks, or to identify intervening routers and gateways for possible
man-in-the-middle attacks. One can use Port Probe to verify that a firewall is
appropriately configured, or to make a list of vulnerable services on a host that
may be exploited.
Where computer forensics deals with physical things, Internet forensics deals with
the ephemeral. The computer forensics specialist at least has something to seize
and investigate. The Internet forensics specialist only has something to
investigate if the packet filters, firewalls and intrusion detection systems were set
up to anticipate the breach of security. But, if one could always anticipate the
breach, one could always block it. Therein lies the art, and the mystery.
8. If I've been successful, I've got you thinking about the
fundamental differences between computer forensics
and internet forensics. I think that on careful analysis,
one has to conclude (a) that these are fundamentally
different skills, (b) that in the case of Internet
forensics, the skill sets of the successful perpetrator
and successful investigator are pretty much the same,
and (c) Internet forensics is as much a discipline as its
search-and-seizure counterpart. This validity of these
conclusions may be confirmed in any number of ways.
For the most part the tools-of-the-trade for both hacker
and Internet forensics specialist are the same, though
the occasional extreme case like Dug Song's Dsniff
http://monkey.org/~dugsong/dsniff challenges this
generalization. It's hard for me to imagine a legitimate,
lawful use of Dsniff's "macof" utility that enables the
users to flood switch state tables! But in the main, the
hacker and the Internet Forensics specialist could co-
exist with the same tools and equipment.
9. Statistics on Internet Fraud
The Internet Crime Complaint Center (IC3), a joint venture of the FBI and the
National White Collar Crime Center found:
Online auction fraud was the most reported type of fraud and accounted for 44.9%
of consumers’ complaints
Non-delivered merchandise and/or payment made up 19.0% of complaints
Check fraud represented 4.9% of complaints
About 70% of the fraud victims were scammed through www (e.g. online auctions)
About 30% of the victims were scammed by emails
Payment Methods
Top methods of payment used by victims of Internet fraud include:
Wire
Credit Card
Bank Debit
Money Order
Check
10. The average loss for all Internet frauds was $1,500. More than half of these
losses occurred through auctions. So protect yourself from becoming the next
victim of an auction fraud. Read the tips on how to prevent auction frauds from
happening to you.
Tips on How to Prevent Auction Frauds
Learn as much as you can from the seller
Read and examine the feedback on the seller
Check the location of the seller. If the seller is abroad and a problem arises it will
be harder to solve.
Ask if shipping and delivery are included in the price so you receive no
unexpected or additional costs.
Refuse to give the seller your social security number or driver’s license number to
prevent identity theft. In fact get used to saying “no” to information requests on
the Internet.
11. The Problem
Corporate Espionage is the most cyber-criminal activity
and at the same time, the least protected area of
vulnerability. And it is not being conducted just by
nation-states against USA businesses wither. The Gang
of 10 hacking organizations cost American businesses
an estimated $2-billion every year.
This workshop is designed to identify the main and
common areas of vulnerability and upon completion of
this workshop, a ForensicsNation security consultant will
visit each participating business to do an in depth
analysis of specific vulnerabilities.
We will cover specific areas of intrusion using historical
data and modes of penetration gleamed from
ForensicsNation files. We will take each item defined
below one at a time.
12. Workshop Contents
Part 1: The hacker subculture and approach
• An overview of the risks and threats
• An insight into the hacker underground
• The anatomy of a hack
Part 2: TCP/IP fundamentals
• TCP/IP and its relevance to hacking
• TCP header, flags and options
• UDP, ICMP and ARP
• Network traffic dump analysis
• Class exercises and lab sessions
Part 3: Reconnaissance techniques
• Selecting a target
• Identifying target hosts and services
• Network mapping techniques
• Fingerprinting and OS determination
• Scanning and stealth techniques
• Class exercises and lab sessions
13. Part 4: Compromising networks
• Vulnerability cross referencing
• Code auditing and insecure code examples
• Exploiting network services
• Sniffers, backdoors and root kits
• Trojans and session hijacking
• Denial of service attacks
• Trust exploitation and spoofing
• Buffer overflow techniques
• Web page graffiti attacks
• War dialers and dial-in hacking
• Manipulating audit trails and security logs
• Class exercises and lab sessions
Part 5: Windows Applied Hacking
• Windows components, Domains and structures
• Remote information gathering
• Scanning and banner checking
• Selecting services to attack
• Enumerating Windows information
• Windows hacking techniques
• Recent Windows vulnerabilities
• Class exercises and lab sessions
14. Part 6: Windows effective countermeasures
• User account policies and group allocations
• File and directory permissions
• File and print shares
• Hardening the registry
• Domains and trust relationships
• Securing network services
• Windows antivirus strategies
• Windows and Internet security
• Windows auditing and security logs
• Windows service packs and hot fixes
• Class exercises and lab sessions
Part 7: Unix applied hacking
• Unix components
• Unix variants
• Remote and local information gathering
• Scanning and fingerprinting
• Selecting services to attack
• Unix hacking techniques
• Recent Unix vulnerabilities
• Class exercises and lab sessions
15. Part 8: Unix effective countermeasures
• Unix password and group files
• User account and password controls
• Controlling command line access
• File and directory permissions
• SUID and SGID controls
• Crontab security
• Network and trust relationships
• Securing network services
• Unix antivirus strategies
• Unix and Internet security
• Unix auditing and security logs
• Unix security patches
• Class exercises and lab sessions
Part 9: Network security strategies
• Risk management and AS/NZS 4360
• Security management and AS/NZS 7799
• Developing a practical security strategy
• Physical security and environmental controls
• Personnel security and awareness training
• Firewall risks and strategies
16. • Intrusion detection system risks and strategies
• An overview of ecommerce security issues
• An overview of wireless security issues
• An overview of PBX security issues
• An overview of intrusion analysis techniques
• An overview of forensics procedures
• An overview of IT contingency planning
• Class exercises and lab sessions
Part 10: Advanced Security Techniques
•Inventory of Authorized and Unauthorized Devices
•Inventory of Authorized and Unauthorized Software
•Secure Configurations for Hardware and Software on Laptops, Workstations,
and Servers
•Continuous Vulnerability Assessment and Remediation
•Malware Defenses
•Application Software Security
•Wireless Device Control
•Data Recovery Capability
17. •Security Skills Assessment and Appropriate Training to Fill Gaps
•Secure Configurations for Network Devices such as Firewalls, Routers, and
Switches
•Limitation and Control of Network Ports, Protocols, and Services
•Controlled Use of Administrative Privileges
•Boundary Defense
•Maintenance, Monitoring, and Analysis of Security Audit Logs
•Controlled Access Based on the Need to Know
•Account Monitoring and Control
•Data Loss Prevention
•Incident Response Capability
•Secure Network Engineering
•Penetration Tests and Red Team Exercises
Bonus: Retina® Network Security Scanner from eEye.com
Recognized as the best scanner on the market in terms of speed, ease of use,
non-intrusiveness and advanced scanning capabilities
18. ForensicsNation Protection Catalog
We have taken the guess work out of
identifying good quality products and the best
prices by publishing our own catalog for your
convenience.
All of the products contained in our catalog
are used by ForensicsNation everyday.
Download your FREE catalog and begin
protecting yourself and your loved ones
Today.
Go here for your FREE download:
http://www.filefactory.com/f/04629606960c
0da3/
19. Our Gift to You…
Never in the course of history has the title of
this book become so real, “You Can Run But
You Cannot Hide!”
With today’s technology, investigators of all
types can now track your whereabouts in a
way that simple astounds you.
Learn all about cyber-forensics and the
resources that we use to conduct all of our
investigations
Go here for your FREE download:
http://www.filefactory.com/f/04629606960c
0da3/
20. Privacy is a right!
Your right to privacy is being eroded daily.
But this particular right can have dire
consequences for those that choose to
ignore it.
Remaining private and staying off the grid
protects you and your loved ones from all
sorts of cyber-crime. And the name of this
game is PROTECTION!
Most of the resources offered in this book are
free so study this information carefully.
Go here for your FREE download:
http://www.filefactory.com/f/04629606960c
0da3/
21. Corporate Mailing Address:
546 South Main Street
Lock Box 304
Cedar City, Utah 84720
435-249-5600
435-867-1988 Fax
support@neternatives.com
http://ForensicsNation.com