Enterprise Mac Security

Size: px
Start display at page:

Download "Enterprise Mac Security"

Transcription

1 Enterprise Mac Security Mac OS X Snow Leopard William Barker Beau Hunter Gene Sullivan Apress* TIB/UB Hannover

2 Contents Contents at a Glance... iv Contents - v About the Authors xv About the Technical Reviewer xvi Acknowledgments xvii Introduction xviii Part I: The Big Picture 1 Chapter 1: Security Quick-Start.- 3 Securing the Mac OS X Defaults 3 Customizing System Preferences 4 Accounts 4 Login Options Passwords 7 Administrators 8 Security Preferences 9 General 9 FileVault 11 Firewall 13 Software Update 14 Bluetooth Security 16 Printer Security 18 Sharing Services 20 Securely Erasing Disks 21 Using Secure Empty Trash 23 Using Encrypted Disk Images 24 Securing Your Keychains 25 Best Practices 27 Chapter 2: Services, Daemons, and Processes 29 Introduction to Services, Daemons, and Processes 29 6 V

3 mcontents Viewing What's Currently Running 31 The Activity Monitor 31 The ps Command 35 The top Output 36 Viewing Which Daemons Are Running 38 Viewing Which Services Are Available 39 Stopping Services, Daemons, and Processes 40 Stopping Processes 41 Stopping Daemons 43 Types of launchd Services 44 GUI Tools for Managing launchd 44 Changing What Runs At Login 45 Validating the Authenticity of Applications and Services 46 Summary 47 V Chapter 3: Securing User Accounts 49 Introducing Identification, Authentication, and Authorization 49 Managing User Accounts 50 Introducing the Account Types 51 Adding Users to Groups 53 Enabling the Superuser Account 54 Setting Up Parental Controls 56 Managing the Rules Put in Place 62 Advanced Settings in System Preferences 64 Working with Local Directory Services 65 Creating a Second Local Directory Node 68 External Accounts 68 Restricting Access with the Command Line: sudoers 69 Securing Mount Points 74 SUID Applications: Getting into the Nitty-Gritty 75 Creating Files with Permissions 77 Summary 78 Chapter 4: File System Permissions 79 Mac OS File Permissions: A Brief History of Time 80 POSIX Permissions 81 Modes in Detail 82 Inheritance 84 The Sticky Bit 87 The suid/sguid Bits 87 POSIX in Practice 88 Access Control Lists 91 Access Control Entries 91 Effective Permissions 94 ACLs in Practice 95 Administering Permissions 97 Using the Finder to Manage Permissions 103 Using chown and chmod to Manage Permissions 104 The Hard Link Dilemma 107 vi

4 ft CONTENTS Using mtree to Audit File system Permissions 109 Summary 111 Chapter 5: Reviewing Logs and Monitoring 113 What Exactly Gets Logged? 113 Using Console 115 Viewing Logs 115 Marking Logs 116 Searching Logs 117 Finding Logs 118 Secure.log: Security Information appfirewall.log 120 Reviewing User-Specific Logs 121 Reviewing Command-Line Logs 123 Reviewing Library Logs 124 Breaking Down Maintenance Logs 124 daily.out 126 Yasu 127 Weekly.out 128 Monthly.out 129 What to Worry About 129 Virtual Machine and Bootcamp Logs 130 Event Viewer 130 Task Manager 131 Performance Alerts 132 Review Regularly, Review Often 133 Accountability Incident Response 134 Summary 135 Part II: Securing the Ecosystem 137 Chapter 6: Application Signing and Sandbox 139 Application Signing 139 Application Authentication 141 Application Integrity Signature Enforcement in OS X 144 Signing and Verifying Applications 153 Sandbox 156 Sandbox Profiles 158 The Anatomy of a Profile 161 Sandbox Profiles in Action 166 The Seatbelt Framework 178 Summary 180 Chapter 7: Securing Web Browsers and 183 A Quick Note About Passwords 184 Securing YourWeb Browser 185 Securing Safari 185 Securing Firefox 189 Securely Configuring Mail Vll

5 * CONTENTS Using SSL 196 Securing Entourage 199 Fighting Spam 202 Anatomy of Spam 202 Desktop Solutions for Securing 207 Using PGP to Encrypt Mail Messages -207 GPG Tools 207 Using Mail Server-Based Solutions for Spam and Viruses 207 Kerio 208 Mac OS X Server's Antispam Tools 210 CommuniGate Pro 211 Outsourcing Your Spam and Virus Filtering 212 Summary 213 Chapter 8: Malware Security: Combating Viruses, Worms, and Root Kits 213 Classifying Threats 213 The Real Threat of Malware on the Mac 216 Script Malware Attacks 217 Socially Engineered Malware 218 Using Antivirus Software 218 Built Into Mac OSX 219 Antivirus Software Woes 220 McAfee VirusScan 220 Norton Antivirus 220 ClamXav 221 Sophos Anti-Virus 226 Best Practices for Combating Malware 227 Other Forms of Malware 228 Adware 228 Spyware 228 Root Kits 230 Summary 232 Chapter 9: Encrypting Files and Volumes 233 Using the Keychain to Secure Sensitive Data 234 The Login Keychain 234 Creating Secure Notes and Passwords 237 Managing Multiple Keychains 240 Using Disk Images as Encrypted Data Stores 243 Creating Encrypted Disk Images 245 Interfacing with Disk Images from the Command Line 251 Encrypting User Data Using FileVault 257 Enabling FileVault for a User 260 The FileVault Master Password 263 Limitations of Sparse Images and Reclaiming Space 264 Full Disk Encryption 266 Check Point 267 PGP Encryption 269 uiii

6 mcontents TrueCrypt 270 WinMagic SecureDoc 271 Summary 272 Part Hi: Network Traffic 275 SChapter 10: Securing Network Traffic 277 Understanding TCP/IP 277 Types of Networks 280 Peer-to-Peer 280 Considerations when Configuring Peer-to-Peer Networks 281 Client-Server Networks 282 Understanding Routing 283 Packets 283 Port Management 285 DMZ and Subnets 286 Spoofing 287 Stateful Packet Inspection 287 Data Packet Encryption 288 Understanding Switches and Hubs 288 Managed Switches 289 Restricting Network Services 291 Security Through 802.1x 292 Proxy Servers 293 Squid 295 Summary 297 Chapter 11: Setting Up the Mac OS X Firewall 299 Introducing Network Services 300 Controlling Services 301 Configuring the Firewall 304 Working with the Firewall in Leopard and Snow Leopard 304 Setting Advanced Features 307 Blocking Incoming Connections 307 Allowing Signed Software to Receive Incoming Connections 308 Going Stealthy 309 Testing the Firewall 310 Configuring the Application Layer Firewall from the Command Line 312 Using Mac OS X to Protect Other Computers 313 Enabling Internet Sharing 313 Working from the Command Line 315 Getting More Granular Firewall Control 315 Using ipfw 317 Using Dummynet 321 Summary 324 Chapter 12: Securing a Wireless Network 325 Wireless Network Essentials 325 Introducing the Apple AirPort 327 Configuring Older AirPorts 328 AirPort Utility 330 IX

7 CONTENTS Configuring the Current AirPorts 330 Limiting the DHCP Scope 333 Hardware Filtering 334 AirPort Logging 336 Hiding a Wireless Network 337 Base Station Features in the AirPort Utility 338 The AirPort Express 339 Wireless Security on Client Computers 339 Securing Computer-to-Computer Networks 340 Wireless Topologies 341 Wireless Hacking Tools 342 KisMAC 342 Detecting Rogue Access Points 343 istumbler and Mac Stumbler 344 MacStumbler 346 Ettercap 347 EtherPeek 347 Cracking WEP Keys 347 Cracking WPA-PSK 348 General Safeguards Against Cracking Wireless Networks 349 Summary 350 Part IV: Sharing 351 Chapter 13: File Services 353 The Risks in File Sharing 353 Peer-to-Peer vs. Client-Server Environments 354 File Security Fundamentals 354 LKDC 355 Using POSIX Permissions 355 Getting More out of Permissions with Access Control Lists 356 Sharing Protocols: Which One Is for You? 357 Apple Filing Protocol 357 Setting Sharing Options Samba 359 Using Apple AirPort to Share Files 362 Third-Party Problem Solver: DAVE 366 FTP 372 Permission Models 374 Summary 375 Chapter 14: Web Site Security 377 Securing Your Web Server 377 Introducing the httpd Daemon 378 Removing the Default Files 379 Changing the Location of Logs 379 Restricting Apache Access 380 Run on a Nonstandard Port 380 Use a Proxy Server 381 Disable CGI 381 X

8 CONTENTS Disable Unnecessary Services in Apache 382 PHP and Security 382 Securing PHP 383 Tightening PHP with Input Validation 383 Taming Scripts 384 Securing Your Perl Scripts 384 Securing robots.txt 386 Blocking Hosts Based on robots.txt 387 Protecting Directories 388 Customizing Error Codes 389 Using.htaccess to Control Access to a Directory 389 Tightening Security with TLS 391 Implementing Digital Certificates 392 Protecting the Privacy of Your Information 392 Protecting from Google? 394 Enumerating a Web Server 395 Securing Files on Your Web Server 396 Disabling Directory Listings 396 Uploading Files Securely 397 Code Injection Attacks 398 SQL Injection 398 Cross Site Scripting 398 Protecting from Code Injection Attacks 399 Summary 399 Chapter 15: Remote Connectivity 401 Remote Management Applications 402 Apple Remote Desktop 402 Screen Sharing 402 Implementing Back to My Mac 404 Configuring Remote Management 405 Using Timbuktu Pro 408 Installing Timbuktu Pro 408 Adding New Users 409 Testing the New Account 410 Using Secure Shell 412 Enabling SSH 412 Further Securing SSH 413 Using a VPN 414 Connecting to Your Office VPN 414 Setting UpL2TP 415 Setting Up PPTP 416 Connecting to a Cisco VPN 417 PPP + SSH = VPN 419 Summary Chapter 16: Server Security 423 Limiting Access to Services 423 The Root User 425 Xi 422

9 CONTENTS Foundations of a Directory Service 425 Defining LDAP 425 Kerberos 426 Configuring and Managing Open Directory 428 Securing LDAP: Enabling SSL 431 Securing Open Directory Accounts by Enabling Password Policies 432 Securing Open Directory Using Binding Policies 435 Securing Authentication with PasswordServer 437 Securing LDAP by Preventing Anonymous Binding 439 Securely Binding Clients to Open Directory 441 Further Securing LDAP: Implementing Custom LDAP ACLs 444 Creating Open Directory Users and Groups 444 Securing Kerberos from the Command Line 448 Managed Preferences 449 Securing Managed Preferences 451 Providing Directory Services for Windows Clients 453 Active Directory Integration 454 Web Server Security in Mac OS X Server 459 Using Realms 459 SSL Certs on Web Servers 461 File Sharing Security in OS X Server 463 A Word About File Size 465 Securing NFS 465 AFP 466 SMB 470 FTP 471 Wireless Security on OS X Server Using RADIUS 471 DNS Best Practices 473 SSL 474 Reimporting Certificates 475 SSH 475 Server Admin from the Command Line 477 ichat Server 477 Securing the Mail Server 478 Limiting the Protocols on Your Server 479 Proxying Services 480 Summary 481 Part V: Securing the Workplace 483 Chapter 17: Network Scanning, Intrusion Detection, and Intrusion Prevention Tools 485 Scanning Techniques 485 Fingerprinting 486 Enumeration 488 Vulnerability and Port Scanning 489 Intrusion Detection and Prevention 492 Host Intrusion Detection System 493 Network Intrusion Detection 494 xii

10 CONTENTS Security Auditing on the Mac 497 Nessus 497 Metasploit 501 SAINT 503 Summary 504 3Chapter 18: Backup and Fault Tolerance 505 Time Machine 506 Restoring Files from Time Machine 510 Using a Network Volume for Time Machine 511 SuperDuper 512 Backing Up to MobileMe 513 Retrospect 517 Checking Your Retrospect Backups 528 Using Tape Libraries 530 Backup vs. Fault Tolerance 531 Fault-Tolerant Scenarios 531 Round-Robin DNS 532 Load-Balancing Devices 533 Cold Sites 533 Hot Sites 534 Backing up Services 534 Summary 535 Chapter 19: Forensics 537 Incident Response 538 MacForensicsLab 539 Installing MacForensicsLab 539 Using MacForensicsLab 544 Image Acquisition 546 Analysis 548 Salvage 551 Performing an Audit 554 Reviewing the Case 554 Reporting 555 Other GUI Tools for Forensic Analysis 556 Forensically Acquiring Disk Images 557 Tools for Safari 557 Command-Line Tools for Forensic Analysis 558 Summary 558 Appendix A: Xsan Security 559 Metadata 560 Fibre Channel 561 Affinities 561 Permissions 561 Quotas 562 Other SAN Solutions 562 Appendix B: InfoSec Acceptable Use Policy Overview 563 Xlii

11 CONTENTS 2.0 Purpose Scope Policy General Use and Ownership Security and Proprietary Information Unacceptable Use Blogging Enforcement Definitions 569 Term Definition Revision History 569 I Appendix C: CDSA 571 lappendix D: Introduction to Cryptography 573!Index 577 xiv

Mac" Security Bible. Joe Kissell. Wiley Publishing, Inc. WILEY

Mac Security Bible. Joe Kissell. Wiley Publishing, Inc. WILEY Mac" Security Bible Joe Kissell WILEY Wiley Publishing, Inc. чсчйш& аш!а Part I: Mac Security Basics 1 Chapter 1: Mac Security Overview 3 Mac Security: Myth versus Fact 3 Is it true that Macs don't get

More information

Cisco ASA. Administrators

Cisco ASA. Administrators Cisco ASA for Accidental Administrators Version 1.1 Corrected Table of Contents i Contents PRELUDE CHAPTER 1: Understanding Firewall Fundamentals What Do Firewalls Do? 5 Types of Firewalls 6 Classification

More information

Setup and Configuration Setup Assistant Migration Assistant System Preferences Configuration Profiles System Information

Setup and Configuration Setup Assistant Migration Assistant System Preferences Configuration Profiles System Information Yosemite 101+201: Apple Certified Technical Coordinator v10.10 Bootcamp (5 Days) Install OS X Yosemite About OS X Yosemite Installation Choices Before Upgrading a Previous System Preparing the System Disk

More information

NETWORK SECURITY HACKS

NETWORK SECURITY HACKS SECOND EDITION NETWORK SECURITY HACKS 2008 AGI-Information Management Consultants May be used for personal purporses only or by libraries associated to dandelon.com network. Andrew Lockhart O'REILLY Beijing

More information

Apple Pro Training Series. OS X Server. Essentials. Arek Dreyer. and Ben Greisler

Apple Pro Training Series. OS X Server. Essentials. Arek Dreyer. and Ben Greisler Apple Pro Training Series OS X Server Essentials Arek Dreyer and Ben Greisler Table of Contents Configuring and Monitoring OS X Server Lesson 1 About This Guide 3 Learning Methodology 4 Lesson Structure

More information

NETWORK SECURITY HACKS *

NETWORK SECURITY HACKS * NETWORK SECURITY HACKS * Andrew %pckhart Ji O'REILLY* Beijing Cambridge Farnham Koln Paris Sebastopol Taipei Tokyo Contents Credits Preface ix xi Chapter 1. Unix Host Security 1 1. Secure Mount Points

More information

Networking. Sixth Edition. A Beginner's Guide BRUCE HALLBERG

Networking. Sixth Edition. A Beginner's Guide BRUCE HALLBERG Networking A Beginner's Guide Sixth Edition BRUCE HALLBERG Mc Graw Hill Education New York Chicago San Francisco Athens London Madrid Mexico City Milan New Delhi Singapore Sydney Toronto Contents Acknowledgments

More information

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0 EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single

More information

"Charting the Course... ... to Your Success!" MOC 50331 D Windows 7 Enterprise Desktop Support Technician Course Summary

Charting the Course... ... to Your Success! MOC 50331 D Windows 7 Enterprise Desktop Support Technician Course Summary Description Course Summary This course provides students with the knowledge and skills needed to isolate, document and resolve problems on a Windows 7 desktop or laptop computer. It will also help test

More information

Network Access Security. Lesson 10

Network Access Security. Lesson 10 Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.

More information

Mac OS X Lion Server

Mac OS X Lion Server ng Mac OS X Lion Server Charles Edge, Jr. O'REILLY Beijing Cambridge Farnham Kbln Sebastopol Tokyo Table of Contents Preface ix 1. Planning 1 The Minimum 1 Server Allocation 2 Service Allocation 2 Choosing

More information

ICANWK602A Plan, configure and test advanced server based security

ICANWK602A Plan, configure and test advanced server based security ICANWK602A Plan, configure and test advanced server based security Release: 1 ICANWK602A Plan, configure and test advanced server based security Modification History Release Release 1 Comments This Unit

More information

Network Security: A Practical Approach. Jan L. Harrington

Network Security: A Practical Approach. Jan L. Harrington Network Security: A Practical Approach Jan L. Harrington ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann is an imprint of

More information

CSSIA CompTIA Security+ Domain. Network Security. Network Security. Network Security. Network Security. Network Security

CSSIA CompTIA Security+ Domain. Network Security. Network Security. Network Security. Network Security. Network Security Security+ Supported Labs - V1 Lab 1 Network Devices and Technologies - Capturing Network Using tcpdump to Capture Network with Wireshark with Network Miner 2 Secure Network Administration Principles -

More information

Understanding the Pros and Cons of Combination Networks 7. Acknowledgments Introduction. Establishing the Numbers of Clients and Servers 4

Understanding the Pros and Cons of Combination Networks 7. Acknowledgments Introduction. Establishing the Numbers of Clients and Servers 4 Mac OS X System Administration GUY HART-DAVIS Mc Graw Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Acknowledgments Introduction,

More information

Review Quiz 1. What is the stateful firewall that is built into Mac OS X and Mac OS X Server?

Review Quiz 1. What is the stateful firewall that is built into Mac OS X and Mac OS X Server? ----------------------------- Chapter 1 PLANNING SYSTEM 1. What is the formal definition of utilization? 2. Name the common units in which heat load is measured. 3. What is the easiest way to determine

More information

Joseph Migga Kizza. A Guide to Computer Network Security. 4) Springer

Joseph Migga Kizza. A Guide to Computer Network Security. 4) Springer Joseph Migga Kizza A Guide to Computer Network Security 4) Springer Contents Part I Understanding Computer Network Security 1 Computer Network Fundamentals 1.1 Introduction 1.2 Computer Network Models

More information

File Services. File Services at a Glance

File Services. File Services at a Glance File Services High-performance workgroup and Internet file sharing for Mac, Windows, and Linux clients. Features Native file services for Mac, Windows, and Linux clients Comprehensive file services using

More information

OVERVIEW OF TYPICAL WINDOWS SERVER ROLES

OVERVIEW OF TYPICAL WINDOWS SERVER ROLES OVERVIEW OF TYPICAL WINDOWS SERVER ROLES Before you start Objectives: learn about common server roles which can be used in Windows environment. Prerequisites: no prerequisites. Key terms: network, server,

More information

10605164 Medical Networks and Operating Systems

10605164 Medical Networks and Operating Systems Western Technical College 10605164 Medical Networks and Operating Systems Course Outcome Summary Course Information Description Instructional Level Total Credits 4.00 Total Hours 108.00 A course studying

More information

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000 Network Security Protective and Dependable With the growth of the Internet threats, network security becomes the fundamental concerns of family network and enterprise network. To enhance your business

More information

Introduction. Assessment Test

Introduction. Assessment Test 61699ftoc.fm Page ix Friday, May 9, 2008 11:26 AM Introduction Assessment Test xvii xxviii Chapter 1 Understanding Windows Server 2008 Networking 1 Understanding the OSI Model 2 Protocol Stacks 4 Communication

More information

On-Site Computer Solutions values these technologies as part of an overall security plan:

On-Site Computer Solutions values these technologies as part of an overall security plan: Network Security Best Practices On-Site Computer Solutions Brian McMurtry Version 1.2 Revised June 23, 2008 In a business world where data privacy, integrity, and security are paramount, the small and

More information

SonicWALL PCI 1.1 Implementation Guide

SonicWALL PCI 1.1 Implementation Guide Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

FBLA Cyber Security aligned with Common Core 6.14. FBLA: Cyber Security RST.9-10.4 RST.11-12.4 RST.9-10.4 RST.11-12.4 WHST.9-10.4 WHST.11-12.

FBLA Cyber Security aligned with Common Core 6.14. FBLA: Cyber Security RST.9-10.4 RST.11-12.4 RST.9-10.4 RST.11-12.4 WHST.9-10.4 WHST.11-12. Competency: Defend and Attack (virus, spam, spyware, Trojans, hijackers, worms) 1. Identify basic security risks and issues to computer hardware, software, and data. 2. Define the various virus types and

More information

Active Directory - User, group, and computer account management in active directory on a domain controller. - User and group access and permissions.

Active Directory - User, group, and computer account management in active directory on a domain controller. - User and group access and permissions. Vmware ESX 4/5/6 - Provision virtual machines through vsphere, assign available resources and install operating systems. - Configure the various built in alarms for monitoring, configure alarm thresholds

More information

Mac OS X. Playing nice in a heterogeneous world PRESENTED BY:Charles Edge 318.COM

Mac OS X. Playing nice in a heterogeneous world PRESENTED BY:Charles Edge 318.COM Mac OS X Playing nice in a heterogeneous world PRESENTED BY:Charles Edge 318.COM Whoami Charles Edge, MCSE, CCNA, ACSA, Network+ Partner, Three18 - Consulting firm in Santa Monica, California Author, Mac

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

Information Technology Career Cluster Advanced Cybersecurity Course Number: 11.48200

Information Technology Career Cluster Advanced Cybersecurity Course Number: 11.48200 Information Technology Career Cluster Advanced Cybersecurity Course Number: 11.48200 Course Description: Advanced Cybersecurity is designed to provide students the advanced concepts and terminology of

More information

QUICK START GUIDE. Cisco C170 Email Security Appliance

QUICK START GUIDE. Cisco C170 Email Security Appliance 1 0 0 1 QUICK START GUIDE Email Security Appliance Cisco C170 303357 Cisco C170 Email Security Appliance 1 Welcome 2 Before You Begin 3 Document Network Settings 4 Plan the Installation 5 Install the Appliance

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

Achieving PCI-Compliance through Cyberoam

Achieving PCI-Compliance through Cyberoam White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit

More information

Ethical Hacking Course Layout

Ethical Hacking Course Layout Ethical Hacking Course Layout Introduction to Ethical Hacking o What is Information Security? o Problems faced by the Corporate World o Why Corporate needs Information Security? Who is a Hacker? o Type

More information

Certified Secure Computer User

Certified Secure Computer User Certified Secure Computer User Exam Info Exam Name CSCU (112-12) Exam Credit Towards Certification Certified Secure Computer User (CSCU). Students need to pass the online EC-Council exam to receive the

More information

Security for Mac Computers in the Enterprise

Security for Mac Computers in the Enterprise Security for Mac Computers in the Enterprise October, 2012 Mountain Lion 10.8 Contents Introduction 3 Service and App Protection 4 Gatekeeper 4 Digital Signatures and Developer IDs 4 App Sandboxing 5 Mandatory

More information

This chapter describes how to set up and manage VPN service in Mac OS X Server.

This chapter describes how to set up and manage VPN service in Mac OS X Server. 6 Working with VPN Service 6 This chapter describes how to set up and manage VPN service in Mac OS X Server. By configuring a Virtual Private Network (VPN) on your server you can give users a more secure

More information

Security Considerations White Paper for Cisco Smart Storage 1

Security Considerations White Paper for Cisco Smart Storage 1 Security Considerations White Paper for Cisco Smart Storage An open network is like a bank s vault with windows Bill Thomson Network-Attached Storage (NAS) is a relatively simple and inexpensive way to

More information

Sophos for Microsoft SharePoint startup guide

Sophos for Microsoft SharePoint startup guide Sophos for Microsoft SharePoint startup guide Product version: 2.0 Document date: March 2011 Contents 1 About this guide...3 2 About Sophos for Microsoft SharePoint...3 3 System requirements...3 4 Planning

More information

Getting Started in Red Hat Linux An Overview of Red Hat Linux p. 3 Introducing Red Hat Linux p. 4 What Is Linux? p. 5 Linux's Roots in UNIX p.

Getting Started in Red Hat Linux An Overview of Red Hat Linux p. 3 Introducing Red Hat Linux p. 4 What Is Linux? p. 5 Linux's Roots in UNIX p. Preface p. ix Getting Started in Red Hat Linux An Overview of Red Hat Linux p. 3 Introducing Red Hat Linux p. 4 What Is Linux? p. 5 Linux's Roots in UNIX p. 6 Common Linux Features p. 8 Primary Advantages

More information

Build Your Own Security Lab

Build Your Own Security Lab Build Your Own Security Lab A Field Guide for Network Testing Michael Gregg WILEY Wiley Publishing, Inc. Contents Acknowledgments Introduction XXI xxiii Chapter 1 Hardware and Gear Why Build a Lab? Hackers

More information

MOC 6435A Designing a Windows Server 2008 Network Infrastructure

MOC 6435A Designing a Windows Server 2008 Network Infrastructure MOC 6435A Designing a Windows Server 2008 Network Infrastructure Course Number: 6435A Course Length: 5 Days Certification Exam This course will help you prepare for the following Microsoft exam: Exam 70647:

More information

70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network

70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network 70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network Course Number: 70 299 Length: 1 Day(s) Course Overview This course is part of the MCSA training.. Prerequisites

More information

Quick Setup Guide. 2 System requirements and licensing. 2011 Kerio Technologies s.r.o. All rights reserved.

Quick Setup Guide. 2 System requirements and licensing. 2011 Kerio Technologies s.r.o. All rights reserved. Kerio Control VMware Virtual Appliance Quick Setup Guide 2011 Kerio Technologies s.r.o. All rights reserved. This document provides detailed description on installation and basic configuration of the Kerio

More information

Security. AAA Identity Management. Premdeep Banga, CCIE #21713. Cisco Press. Vivek Santuka, CCIE #17621. Brandon J. Carroll, CCIE #23837

Security. AAA Identity Management. Premdeep Banga, CCIE #21713. Cisco Press. Vivek Santuka, CCIE #17621. Brandon J. Carroll, CCIE #23837 AAA Identity Management Security Vivek Santuka, CCIE #17621 Premdeep Banga, CCIE #21713 Brandon J. Carroll, CCIE #23837 Cisco Press 800 East 96th Street Indianapolis, IN 46240 ix Contents Introduction

More information

owncloud Architecture Overview

owncloud Architecture Overview owncloud Architecture Overview Time to get control back Employees are using cloud-based services to share sensitive company data with vendors, customers, partners and each other. They are syncing data

More information

CYBERTRON NETWORK SOLUTIONS

CYBERTRON NETWORK SOLUTIONS CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified

More information

The Mac OS X Server Essentials v10.5 Exam Skills Assessment Guide

The Mac OS X Server Essentials v10.5 Exam Skills Assessment Guide The Mac OS X Server Essentials v10.5 Exam Skills Assessment Guide To Register This exam is offered at Apple Authorized Training Centers and Prometric Testing Centers worldwide. For information on exam

More information

Introduction to Cyber Security / Information Security

Introduction to Cyber Security / Information Security Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be

More information

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.

More information

CompTIA Security+ (Exam SY0-410)

CompTIA Security+ (Exam SY0-410) CompTIA Security+ (Exam SY0-410) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate

More information

Tim Bovles WILEY. Wiley Publishing, Inc.

Tim Bovles WILEY. Wiley Publishing, Inc. Tim Bovles WILEY Wiley Publishing, Inc. Contents Introduction xvii Assessment Test xxiv Chapter 1 Introduction to Network Security 1 Threats to Network Security 2 External Threats 3 Internal Threats 5

More information

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

Guidelines for Website Security and Security Counter Measures for e-e Governance Project and Security Counter Measures for e-e Governance Project Mr. Lalthlamuana PIO, DoICT Background (1/8) Nature of Cyber Space Proliferation of Information Technology Rapid Growth in Internet Increasing Online

More information

Information Security Measures and Monitoring System at BARC. - R.S.Mundada Computer Division B.A.R.C., Mumbai-85

Information Security Measures and Monitoring System at BARC. - R.S.Mundada Computer Division B.A.R.C., Mumbai-85 Information Security Measures and Monitoring System at BARC - R.S.Mundada Computer Division B.A.R.C., Mumbai-85 Information Security Approach Secure Network Design, Layered approach, with SPF and Application

More information

CRYPTUS DIPLOMA IN IT SECURITY

CRYPTUS DIPLOMA IN IT SECURITY CRYPTUS DIPLOMA IN IT SECURITY 6 MONTHS OF TRAINING ON ETHICAL HACKING & INFORMATION SECURITY COURSE NAME: CRYPTUS 6 MONTHS DIPLOMA IN IT SECURITY Course Description This is the Ethical hacking & Information

More information

Network Security and Firewall 1

Network Security and Firewall 1 Department/program: Networking Course Code: CPT 224 Contact Hours: 96 Subject/Course WEB Access & Network Security: Theoretical: 2 Hours/week Year Two Semester: Two Prerequisite: NET304 Practical: 4 Hours/week

More information

CompTIA Security+ Certification Study Guide. (Exam SYO-301) Glen E. Clarke. Gravu Hill

CompTIA Security+ Certification Study Guide. (Exam SYO-301) Glen E. Clarke. Gravu Hill CompTIA Security+ Certification Study Guide (Exam SYO-301) Glen E. Clarke McGraw-Hill is an independent entity from CompTIA,This publication and CD may be used in assisting students to prepare for the

More information

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours Ethical Hacking and Information Security Duration Detailed Module Foundation of Information Security Lecture with Hands On Session: 90 Hours Elements of Information Security Introduction As technology

More information

Networking. Systems Design and. Development. CRC Press. Taylor & Francis Croup. Boca Raton London New York. CRC Press is an imprint of the

Networking. Systems Design and. Development. CRC Press. Taylor & Francis Croup. Boca Raton London New York. CRC Press is an imprint of the Networking Systems Design and Development Lee Chao CRC Press Taylor & Francis Croup Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Croup, an Informa business AN AUERBACH BOOK

More information

More Practical Projects

More Practical Projects More Theoretical Projects T1) Privacy-Preserving Data Dissemination Goal: Contribute to design and develoment of a scheme for privacy-preserving data dissemination. (Research papers are available from

More information

MCSA Objectives. Exam 70-236: TS:Exchange Server 2007, Configuring

MCSA Objectives. Exam 70-236: TS:Exchange Server 2007, Configuring MCSA Objectives Exam 70-236: TS:Exchange Server 2007, Configuring Installing and Configuring Microsoft Exchange Servers Prepare the infrastructure for Exchange installation. Prepare the servers for Exchange

More information

SCP - Strategic Infrastructure Security

SCP - Strategic Infrastructure Security SCP - Strategic Infrastructure Security Lesson 1 - Cryptogaphy and Data Security Cryptogaphy and Data Security History of Cryptography The number lock analogy Cryptography Terminology Caesar and Character

More information

Mac OS X Server Getting Started For Version 10.5 Leopard

Mac OS X Server Getting Started For Version 10.5 Leopard Mac OS X Server Getting Started For Version 10.5 Leopard K Apple Inc. 2007 Apple Inc. All rights reserved. The owner or authorized user of a valid copy of Mac OS X Server software may reproduce this publication

More information

Network Security Foundations

Network Security Foundations Network Security Foundations Matthew Strebe O San SrBBC Francisco London Introduction xv Chapter 1 Security Principles 1 Why Computers Aren't Secure 2 The History of Computer Security 4-1945 5 1945-1955

More information

EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led

EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led Certification: ENSA Exam 312-38 Course Description This course looks at the network security in defensive view.

More information

Linux Operating System Security

Linux Operating System Security Linux Operating System Security Kenneth Ingham and Anil Somayaji September 29, 2009 1 Course overview This class is for students who want to learn how to configure systems to be secure, test the security

More information

Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100

Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Course Description: Introduction to Cybersecurity is designed to provide students the basic concepts and terminology

More information

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM Policy Compliancy Checklist September 2014 The server management responsibilities described within are required to be performed per University, Agency or State

More information

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4) Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus February 3, 2015 (Revision 4) Table of Contents Overview... 3 Malware, Botnet Detection, and Anti-Virus Auditing... 3 Malware

More information

Directory and File Transfer Services. Chapter 7

Directory and File Transfer Services. Chapter 7 Directory and File Transfer Services Chapter 7 Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP over traditional authentication systems Identify major

More information

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human

More information

SSL VPN A look at UCD through the tunnel

SSL VPN A look at UCD through the tunnel SSL VPN A look at UCD through the tunnel Background Why? Who is it for? Stakeholders IET Library Schools and Colleges Key Requirements Integrate with existing authentication Flexible security groups within

More information

Security + Certification (ITSY 1076) Syllabus

Security + Certification (ITSY 1076) Syllabus Security + Certification (ITSY 1076) Syllabus Course: ITSY 1076 Security+ 40 hours Course Description: This course is targeted toward an Information Technology (IT) professional who has networking and

More information

Certified Secure Computer User

Certified Secure Computer User Certified Secure Computer User Course Outline Module 01: Foundations of Security Essential Terminologies Computer Security Why Security? Potential Losses Due to Security Attacks Elements of Security The

More information

information security and its Describe what drives the need for information security.

information security and its Describe what drives the need for information security. Computer Information Systems (Forensics Classes) Objectives for Course Challenges CIS 200 Intro to Info Security: Includes managerial and Describe information security and its critical role in business.

More information

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order

More information

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation

More information

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months MODULE: INTRODUCTION TO INFORMATION SECURITY INFORMATION SECURITY ESSENTIAL TERMINOLOGIES SECURITY

More information

INCIDENT RESPONSE CHECKLIST

INCIDENT RESPONSE CHECKLIST INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged

More information

Section 12 MUST BE COMPLETED BY: 4/22

Section 12 MUST BE COMPLETED BY: 4/22 Test Out Online Lesson 12 Schedule Section 12 MUST BE COMPLETED BY: 4/22 Section 12.1: Best Practices This section discusses the following security best practices: Implement the Principle of Least Privilege

More information

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X) WHITE PAPER SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X) INTRODUCTION This document covers the recommended best practices for hardening a Cisco Personal Assistant 1.4(x) server. The term

More information

Networking: EC Council Network Security Administrator NSA

Networking: EC Council Network Security Administrator NSA coursemonster.com/uk Networking: EC Council Network Security Administrator NSA View training dates» Overview The EC-Council's NSA certification looks at network security from a defensive view. The NSA

More information

User's Manual. Intego Remote Management Console User's Manual Page 1

User's Manual. Intego Remote Management Console User's Manual Page 1 User's Manual Intego Remote Management Console User's Manual Page 1 Intego Remote Management Console for Macintosh 2007 Intego, Inc. All Rights Reserved Intego, Inc. www.intego.com This manual was written

More information

Contents Introduction xxvi Chapter 1: Understanding the Threats: E-mail Viruses, Trojans, Mail Bombers, Worms, and Illicit Servers

Contents Introduction xxvi Chapter 1: Understanding the Threats: E-mail Viruses, Trojans, Mail Bombers, Worms, and Illicit Servers Contents Introduction xxvi Chapter 1: Understanding the Threats: E-mail Viruses, Trojans, Mail Bombers, Worms, and Illicit Servers 1 Introduction 2 Essential Concepts 3 Servers, Services, and Clients 3

More information

MCSE 2003. Core exams (Networking) One Client OS Exam. Core Exams (6 Exams Required)

MCSE 2003. Core exams (Networking) One Client OS Exam. Core Exams (6 Exams Required) MCSE 2003 Microsoft Certified Systems Engineer (MCSE) candidates on the Microsoft Windows Server 2003 track are required to satisfy the following requirements: Core Exams (6 Exams Required) Four networking

More information

Contents. Part 1 SSH Basics 1. Acknowledgments About the Author Introduction

Contents. Part 1 SSH Basics 1. Acknowledgments About the Author Introduction Acknowledgments xv About the Author xvii Introduction xix Part 1 SSH Basics 1 Chapter 1 Overview of SSH 3 Differences between SSH1 and SSH2 4 Various Uses of SSH 5 Security 5 Remote Command Line Execution

More information

Windows 7, Enterprise Desktop Support Technician

Windows 7, Enterprise Desktop Support Technician Course 50331D: Windows 7, Enterprise Desktop Support Technician Page 1 of 11 Windows 7, Enterprise Desktop Support Technician Course 50331D: 4 days; Instructor-Led Introduction This four-day instructor-ledcourse

More information

The. Mac OS X 10.6. Snow Leopard. PocketGuide. JeffCarlson. Ginormous knowledge, pocket skeed. Peachpit Press

The. Mac OS X 10.6. Snow Leopard. PocketGuide. JeffCarlson. Ginormous knowledge, pocket skeed. Peachpit Press The Mac OS X 10.6 Snow Leopard PocketGuide JeffCarlson Ginormous knowledge, pocket skeed. Peachpit Press Intsroducticri How to Get Snow Leopard Will Your Mac Run Snow Leopard? How Big Is Your Pocket? Conventions

More information

Eleventh Hour Security+

Eleventh Hour Security+ Eleventh Hour Security+ Exam SYO-201 Study Guide I do Dubrawsky Technical Editor Michael Cross AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO SYNGRESS.

More information

DeployStudio Server Quick Install

DeployStudio Server Quick Install DeployStudio Server Quick Install v1.7.0 The DeployStudio Team info@deploystudio.com Requirements OS X 10.7.5 to 10.11.1 DeployStudioServer_v1.7.x.pkg and later NetBoot based deployment 100 Mb/s switched

More information

CH ENSA EC-Council Network Security Administrator Detailed Course Outline

CH ENSA EC-Council Network Security Administrator Detailed Course Outline CH ENSA EC-Council Network Security Administrator Detailed Course Outline Summary Duration Vendor Audience 5 Days hands-on training EC-Council Security Professionals Level Technology Category Advance Ethical

More information

Fermilab Central Web Service Site Owner User Manual. DocDB: CS-doc-5372

Fermilab Central Web Service Site Owner User Manual. DocDB: CS-doc-5372 Fermilab Central Web Service Site Owner User Manual DocDB: CS-doc-5372 1 Table of Contents DocDB: CS-doc-5372... 1 1. Role Definitions... 3 2. Site Owner Responsibilities... 3 3. Tier1 websites and Tier2

More information

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led Lincoln Land Community College Capital City Training Center 130 West Mason Springfield, IL 62702 217-782-7436 www.llcc.edu/cctc Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

More information

Description: Objective: Attending students will learn:

Description: Objective: Attending students will learn: Course: Introduction to Cyber Security Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: In 2014 the world has continued to watch as breach after breach results in millions of

More information

GL-550: Red Hat Linux Security Administration. Course Outline. Course Length: 5 days

GL-550: Red Hat Linux Security Administration. Course Outline. Course Length: 5 days GL-550: Red Hat Linux Security Administration Course Length: 5 days Course Description: This highly technical course focuses on properly securing machines running the Linux operating systems. A broad range

More information

ICANWK303A Configure and administer a network operating system

ICANWK303A Configure and administer a network operating system ICANWK303A Configure and administer a network operating system Release: 1 ICANWK303A Configure and administer a network operating system Modification History Release Release 1 Comments This Unit first

More information

Mac OS X Security Checklist:

Mac OS X Security Checklist: Mac OS X Security Checklist: Implementing the Center for Internet Security Benchmark for OS X Recommendations for securing Mac OS X The Center for Internet Security (CIS) benchmark for OS X is widely regarded

More information

74% 96 Action Items. Compliance

74% 96 Action Items. Compliance Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated

More information

ICAWEB423A Ensure dynamic website security

ICAWEB423A Ensure dynamic website security ICAWEB423A Ensure dynamic website security Release: 1 ICAWEB423A Ensure dynamic website security Modification History Release Release 1 Comments This Unit first released with ICA11 Information and Communications

More information

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann

More information