Panduan ringkas ini saya sediakan apabila seorang sahabat bertanya tentang kemahiran keselamatan ICT yang beliau boleh pelajari dan kuasai. Dalam bidang keselamatan ICT (Information Security) secara umum terbahagi kepada tiga bahagian.
Moga ia menjadi panduan semua.
Harisfazillah Jamel aka LinuxMalaysia
6 Nov 2012
This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 2.5 Malaysia License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/2.5/my/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.
Call For Speakers Malaysia Open Source Conference 2014 (MOSCMY 2014 - MOSCMY2...Linuxmalaysia Malaysia
Call For Speakers Malaysia Open Source Conference 2014 (MOSCMY 2014 - MOSCMY2014)
http://lanyrd.com/2014/moscmy2014/calls/qxkg/
http://www.mosc.my/call-for-speakers-moscmy-2014
Over the years, Malaysia Open Source Conference or MOSCMY have brought together thousands participants, of CEOs and leaders, vendors, consultants, associations and regulators from around Malaysia and the world to address mutual challenges and share information on Open Source Software.
With "Open Hardware" as the theme for year 2014, we are addressing the main technology focus and trends for most consumers.
MOSCMY 2014 is set to explore the Open Source software and technology at the Enterprise level, and to promote the development of local Open Source solution for Enterprise environment to be use worldwide.
MOSC2013 MOSCMY Brochure Malaysia Open Source Conference 2013. MOSC 2013 brings TWO DAYS of exciting programs covering more than twenty (20) speaking sessions and multiple Birds of a Feather sessions which are streamed to reflect your TRUE IT OPERATIONS @ Strategic, Operational and Devices & Solutions.
"Boosting Mobility" is our theme for MOSC 2013 which reflect our objective to share and explore the avenues on why and how Open Source Software and technology have contributed as the foundation and catalyst for mobility initiatives.
Brochure Malaysia Open Source Conference 2013 MOSCMY 2013 (MOSC2013) brochureLinuxmalaysia Malaysia
Malaysia Open Source Conference 2013 MOSCMY 2013 (MOSC2013) brochure is finally here. Please take this opportunity and interact with more than 25 speakers. It's PSMB claimable (mean its can be free to you paid by your company), covers multiple platforms. It's MOSC2013 http://www.mosc.my/register #mosc2013 #moscmy
Questionnaire For Establishment Of Board of Computing Professionals Malaysia ...Linuxmalaysia Malaysia
Survey on the Proposed Establishment of BCPM
There is currently an initiative to establish a Board of Computing Professionals Malaysia (BCPM), which will function to accredit ICT academic programmes, as well as to promote, facilitate and regulate the profession (very much like the Board of Engineers for engineering, and the Bar Council for the legal profession, etc.). This initiative is under the purview of the Ministry of Science and Innovation (MOSTI) and led by the National ICT Human Resource Task Force under the Ministry of Higher Education (MOHE) and within the ICT Human Capital Development Framework.
We would like to invite all ICT practitioners and those related to the profession to participate in an on-line survey that will be open for responses from Monday 28 June 2012 (00:00) to Monday 11 June 2012 (24:00). The survey aims to solicit feedback from the ICT community to determine the overall suitability and general acceptance to the proposal for the establishment of the BCPM. The survey site is at
http://kict.iium.edu.my/survey/
Sponsorship Prospectus Malaysia Open Source Conference 2012 (MOSC2012)Linuxmalaysia Malaysia
MOSC2012 Sponsor
Partners participate as a key host and support the Malaysia Open Source Conference 2012 (MOSC2012) in the effort surrounding development and delivery of the conference. Further, the partner gains high visibility at the exhibition as well.
http://www.mosc.my/content/sponsorship
Open Source Software Community Forum Regarding Proposed Board of Computing Professional (BCPM) Bill 2011 in the implementation of Open Source Software in Malaysia. SWOT Analysis of Proposed Computing Professionals Bill 2011 slide.
Date: 6 January 2012 (Friday)
Time: 7:00 p.m.
Venue: Training Room OSCC MAMPU Level 2, MAMPU Cyberjaya 5
Call For Speakers Malaysia Open Source Conference 2014 (MOSCMY 2014 - MOSCMY2...Linuxmalaysia Malaysia
Call For Speakers Malaysia Open Source Conference 2014 (MOSCMY 2014 - MOSCMY2014)
http://lanyrd.com/2014/moscmy2014/calls/qxkg/
http://www.mosc.my/call-for-speakers-moscmy-2014
Over the years, Malaysia Open Source Conference or MOSCMY have brought together thousands participants, of CEOs and leaders, vendors, consultants, associations and regulators from around Malaysia and the world to address mutual challenges and share information on Open Source Software.
With "Open Hardware" as the theme for year 2014, we are addressing the main technology focus and trends for most consumers.
MOSCMY 2014 is set to explore the Open Source software and technology at the Enterprise level, and to promote the development of local Open Source solution for Enterprise environment to be use worldwide.
MOSC2013 MOSCMY Brochure Malaysia Open Source Conference 2013. MOSC 2013 brings TWO DAYS of exciting programs covering more than twenty (20) speaking sessions and multiple Birds of a Feather sessions which are streamed to reflect your TRUE IT OPERATIONS @ Strategic, Operational and Devices & Solutions.
"Boosting Mobility" is our theme for MOSC 2013 which reflect our objective to share and explore the avenues on why and how Open Source Software and technology have contributed as the foundation and catalyst for mobility initiatives.
Brochure Malaysia Open Source Conference 2013 MOSCMY 2013 (MOSC2013) brochureLinuxmalaysia Malaysia
Malaysia Open Source Conference 2013 MOSCMY 2013 (MOSC2013) brochure is finally here. Please take this opportunity and interact with more than 25 speakers. It's PSMB claimable (mean its can be free to you paid by your company), covers multiple platforms. It's MOSC2013 http://www.mosc.my/register #mosc2013 #moscmy
Questionnaire For Establishment Of Board of Computing Professionals Malaysia ...Linuxmalaysia Malaysia
Survey on the Proposed Establishment of BCPM
There is currently an initiative to establish a Board of Computing Professionals Malaysia (BCPM), which will function to accredit ICT academic programmes, as well as to promote, facilitate and regulate the profession (very much like the Board of Engineers for engineering, and the Bar Council for the legal profession, etc.). This initiative is under the purview of the Ministry of Science and Innovation (MOSTI) and led by the National ICT Human Resource Task Force under the Ministry of Higher Education (MOHE) and within the ICT Human Capital Development Framework.
We would like to invite all ICT practitioners and those related to the profession to participate in an on-line survey that will be open for responses from Monday 28 June 2012 (00:00) to Monday 11 June 2012 (24:00). The survey aims to solicit feedback from the ICT community to determine the overall suitability and general acceptance to the proposal for the establishment of the BCPM. The survey site is at
http://kict.iium.edu.my/survey/
Sponsorship Prospectus Malaysia Open Source Conference 2012 (MOSC2012)Linuxmalaysia Malaysia
MOSC2012 Sponsor
Partners participate as a key host and support the Malaysia Open Source Conference 2012 (MOSC2012) in the effort surrounding development and delivery of the conference. Further, the partner gains high visibility at the exhibition as well.
http://www.mosc.my/content/sponsorship
Open Source Software Community Forum Regarding Proposed Board of Computing Professional (BCPM) Bill 2011 in the implementation of Open Source Software in Malaysia. SWOT Analysis of Proposed Computing Professionals Bill 2011 slide.
Date: 6 January 2012 (Friday)
Time: 7:00 p.m.
Venue: Training Room OSCC MAMPU Level 2, MAMPU Cyberjaya 5
List of Open Source Communities, Projects and OSS Events In Malaysia. By Harisfazillah Jamel Linuxmalaysia hafnie visit linuxmalaysia.harisfazillah.info
Hala Tuju Kemahiran Keselamatan Komputer Dan Internet (ICT)
1. Hala Tuju Kemahiran Keselamatan Komputer Dan Internet (ICT)
Archive :-
http://cikgucyber.blogspot.com/2012/11/hala-tuju-kemahiran-keselamatan.html
Panduan ringkas ini saya sediakan apabila seorang sahabat bertanya tentang kemahiran
keselamatan ICT yang beliau boleh pelajari dan kuasai. Dalam bidang keselamatan ICT
(Information Security) secara umum terbahagi kepada tiga bahagian.
1. Menjalankan kerja-kerja menguatkan (hardening) pertahanan server dalam sistem
rangkaian (Network).
2. Menjalankan kerja-kerja audit kepada server dan sistem rangkaian dalam
memastikan sistem pertahanan dalam keadaan baik.
3. Menjalankan ujian serangan anda sendiri bagi menguji pertahanan (Pentest)
Sebagai permulaan, mulakan dengan hardening dan membuat audit server. Laman web
CISecurity menyediakan pelbagai dokumen benchmark yang boleh digunakan sebagai
rujukan dalam usaha hardening server. Sila rujuk laman web ini :-
http://benchmarks.cisecurity.org/en-us/?route=default
Jika anda pengguna Ubuntu Server, sila Download dokumen bertajuk Debian Linux
Benchmark. Baca dan ikut arahan-arahan dan panduan yang diberikan. Ini termasuk
penjelasan mengapa ia perlu dilakukan dalam usaha hadening server.
Untuk hardening pensijilan seperti LPI1 dan LPI2 adalah sijil yang kita perlu ambil
untuk nilaikan diri kita. Lawat Linux Professional Institute (LPI) http://www.lpi.org/
untuk maklumat lanjut persijilan ini. Di Malaysia sila sertai
Facebook LPI Malaysia http://www.facebook.com/LPI.Malaysia
Selepas kita harden server sudah tentu kita hendak menguji kemampuan ia. Kita perlu
jalankan Penetration Test (Ujian penembusan). Dokumen ini agak lama, namun ia
boleh digunakan untuk dapatkan konsep pentest.
http://www.sans.org/reading_room/whitepapers/testing/penetration-101-introduction-
penetration-tester_266
2. Maka saya cadangkan Certified Ethical Hacker (CEH) untuk sijil
http://www.eccouncil.org/courses/certified_ethical_hacker.aspx
dan bapa kepada semua diatas adalah CISSP
https://www.isc2.org/cissp/default.aspx
dan Cybersecurity Malaysia ada sediakan latihan persediaan CISSP ini. Sila rujuk laman
web http://www.cybersecurity.my/
Bagi yang mahu kembangkan lagi kemahiran dalam keselamatan ICT boleh mengambil
pensijilan Red Hat Certified Security Specialist (RHCSS). Ia ada sijil keselamatan ICT
bagi membukti kemahiran dalam penggunaan Red Hat Enterprise Linux dan SELinux.
http://sg.redhat.com/certification/rhcss/?sc_cid=70160000000TmB8AAK
Bagi yang hendak belajar sendiri boleh menggunakan merujuk kepada laman web ini
OWASP Webgoat :-
https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
Belajar dengan ketahui kelemahan server yang disediakan diatas oleh OWASP. Sertai
OWASP Malaysia
https://www.owasp.org/index.php/Malaysia
dan juga disini untuk latihan bagi menguatkan Web Application, "Web Application
Exploits and Defenses"
https://google-gruyere.appspot.com/
Jangan lupa kepada Smart phone security terutamanya telepon bimbit yang dijalankan
oleh Google Android. Boleh gunakan panduan ini sebagai permulaan.
http://benchmarks.cisecurity.org/en-us/?route=downloads.show.single.android.100
3. Laman-laman web yang dicadangkan untuk dilawati untuk berita bugs dan
masalah keselamatan ICT
http://www.linux.com/
http://www.sans.org/
http://www.cybersecurity.my/
Dapatkan notis keselamatan terkini daripada laman-laman web berikut :-
http://www.kb.cert.org/vuls/
http://packetstormsecurity.org/
http://www.mycert.org.my/
http://isc.sans.edu/ (Internet Storm Center)
Gunakan Google untuk mengetahui mana-mana laman web yang mungkin mempunyai
masalah bugs atau exploit.
http://www.exploit-db.com/google-dorks/
Anda boleh daftarkan laman web anda dengan Google Webmaster Tools untuk
mengetahui sebarang perubahan yang berlaku dalam isi kandungan laman web anda.
https://www.google.com/webmasters/tools/
Moga ia menjadi panduan semua.
Harisfazillah Jamel aka LinuxMalaysia
6 Nov 2012
This work is licensed under the Creative Commons Attribution-NonCommercial-
ShareAlike 2.5 Malaysia License. To view a copy of this license, visit
http://creativecommons.org/licenses/by-nc-sa/2.5/my/ or send a letter to Creative
Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.