Using Students to Pen Test Your Network (For Credit) Robert Maxwell Michael Hicks
|
|
- Chad Sullivan
- 8 years ago
- Views:
Transcription
1 Using Students to Pen Test Your Network (For Credit) Robert Maxwell Michael Hicks
2 No, seriously. This presentation leaves copyright of the content to the presenter. Unless otherwise noted in the materials, uploaded content carries the Creative Commons Attribution-NonCommercial- ShareAlikelicense, which grants usage to the general public with the stipulated criteria.
3 Mike Hicks Director of the Maryland Cybersecurity Center Associate Professor of CS at UMCP Lots more:
4 Rob Maxwell Manager, Security Operations, UMCP Faculty of MC^2.
5 How did the IT guys get involved in teaching? Long term cooperation with some researchers for access to data (my boss gets most of the credit here, but he d like us to forget about that) This leads to our involvement with the Maryland Cybersecurity Center (MC^2) then one day...
6 Seriously, how did this happen? University signs a contract with a job site where students will post resumes, obliges departments to use it. CS professors are made aware of serious security holes in the site. To make it much worse, vendor is very unresponsive to their concerns. by an applicant for the directorship of the center
7 The Brainstorm Let s have a class of students pen test the campus network to make it more secure.
8 Secure Maryland Undergraduate Penetration Testing class Students do work on our live network Really.
9 What could go wrong? Lots
10 A Digression The contemporaneous state of pen testing on campus: nil At this point, we were not providing this service on a regular basis. We have since improved our capabilities in this area.
11 Convincing Lawyers They eventually approved our plan: We argued that students wouldn t be doing anything that anyone couldn t do from Starbuck s They deferred to our judgement They suggested we forego any sort of NDA Given the state of our network defenses, this was largely true, at the time.
12 Goals of the class Teach qualified undergraduates the art of penetration testing. Teach the foundations of ethical hacking. Improve the security posture of the university.
13 Teaching Undergrads Art Penetration testing training, methodologies Using real world systems guarantees real world results Requires creativity and ingenuity - no assured right answers
14 Ethical Considerations Ethical implications of this work covered thoroughly Business contracts involved in this work discussed Engagement rules and scoping covered Honor Code invoked
15 Improving Our Security Large decentralized network (50,000+ nodes), 2x /16 networks and then some Students are finding problems and notifying the responsible parties to help them remedy vulnerabilities Things can get forgotten or abandoned on a network this big.
16 Students could damage systems or down services Students could access or exfiltrate sensitive information or intelligence about our networks
17 Mitigation Students performed these tests from standard network access (no special connections - the Starbuck s argument) Network traffic was recorded for later examination Tried having dedicated network access points. Students didn t want to use them in a lab setting. Dedicated VPN access for testing is an option that continues to be evaluated. Also, traffic recorded as insurance.
18 Scope of Work Students were warned away from specific sensitive systems Engagement level is gradually increased through semester Finally, actual exploitation of systems must be approved by the instructor
19 Course Design Initial instruction in techniques and tools, ethics, and business processes As techniques are taught, students begin to use them to explore the network. As vulnerabilities are found, students notify system admins (and SOC) to remedy and must follow up to assist and report
20
21 Cooperative Course Wiki used to share course information Targeting information, interesting results Useful tools and techniques shared via wiki and in class Students provided information from security office to facilitate contacts Tried using some scan-sharing software, but it broke under load Students
22 Final Project - Departmental Engagement Final third of semester, student teams are put in touch with departments to create a professional pen testing engagement. Full documentation of every step from laying out scope of work right through final recommendations. All techniques were on the table for negotiation Techniques including social engineering and physical testing (taser rule)
23 Technology BackTrack/Kali linux distro Google, Shodan Nmap, Nessus/OpenVAS, Metasploit Additional tools encouraged Started w/ backtrack, some have moved on to Kali tried using centrally-hosted VMs, had poor luck with them. Dirbuster, ZAP,
24 Student Work Product Notifications to admins (which become SOC tickets at the end of the class) Paper describing in detail their work on the greater network The report resulting from the departmental engagement
25 Class paper Descriptions of activities, evolution of strategy, successes and failures Lessons learned Appendix containing all retained information (screen captures, pcaps, output files, etc.)
26 Results? Printers Webcams Web vulnerabilities Printers (hundreds) Abandoned stuff Printers - doc servers, no password, telnet/web interface configurable webcams
27 SCADA HVAC control systems Lighting control systems Serial interfaces for card readers
28 Byrd Stadium Scoreboard
29 Chapel Carillon System
30 Results Still completing final tally for this semester. Quick count has us down from over 300 to just over 100 vulnerable printers. Bulk of what was found in the second iteration is new We can prioritize the repeat offenders
31 Robert Maxwell
Virtual Learning Tools in Cyber Security Education
Virtual Learning Tools in Cyber Security Education Dr. Sherly Abraham Faculty Program Director IT and Cybersecurity Dr. Lifang Shih Associate Dean School of Business & Technology, Excelsior College Overview
More information1 Scope of Assessment
CIT 380 Project Network Security Assessment Due: April 30, 2014 This project is a security assessment of a small group of systems. In this assessment, students will apply security tools and resources learned
More informationSecurity-as-a-Service (Sec-aaS) Framework. Service Introduction
Security-as-a-Service (Sec-aaS) Framework Service Introduction Need of Information Security Program In current high-tech environment, we are getting more dependent on information systems. This dependency
More informationSETTING UP AND USING A CYBER SECURITY LAB FOR EDUCATION PURPOSES *
SETTING UP AND USING A CYBER SECURITY LAB FOR EDUCATION PURPOSES * Alexandru G. Bardas and Xinming Ou Computing and Information Sciences Kansas State University Manhattan, KS 66506 bardasag@ksu.edu, xou@ksu.edu
More informationTable of Contents General Policy for service provided by the CLAS Linux Support team... 2
Table of Contents General Policy for service provided by the CLAS Linux Support team... 2 Overview... 2 Defined Support... 2 Support... 2 Operating Systems... 2 Support Restrictions... 3 Software Support...
More informationHow We're Getting Creamed
ed Attacks How We're Getting Creamed By Ed Skoudis June 9, 2011 ed Attacks - 2011 Ed Skoudis 1 $ cut -f5 -d: /etc/passwd grep -i skoudis Ed Skoudis Started infosec career at Bellcore in 1996 working for
More informationWHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION
WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION Table of Contents Executive Summary...3 Vulnerability Scanners Alone Are Not Enough...3 Real-Time Change Configuration Notification is the
More informationCourse Descriptions November 2014
Master of Science In Information Security Management Course Descriptions November 2014 Master of Science in Information Security Management The Master of Science in Information Security Management (MSISM)
More informationNETWORK PENETRATION TESTS FOR EHR MANAGEMENT SOLUTIONS PROVIDER
A C a s e s t u d y o n h o w Z e n Q h a s h e l p e d a L e a d i n g K - 1 2 E d u c a t i o n & L e a r n i n g S o l u t i o n s P r o v i d e r i n U S g a u g e c a p a c i t y o f t h e i r f l
More informationCyber Security for SCADA/ICS Networks
Cyber Security for SCADA/ICS Networks GANESH NARAYANAN HEAD-CONSULTING CYBER SECURITY SERVICES www.thalesgroup.com Increasing Cyber Attacks on SCADA / ICS Systems 2 What is SCADA Supervisory Control And
More informationVulnerability analysis
Vulnerability analysis License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. Contents License Contents
More informationMake a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.
CMSC 355 Lab 3 : Penetration Testing Tools Due: September 31, 2010 In the previous lab, we used some basic system administration tools to figure out which programs where running on a system and which files
More informationInformation Security Organizations trends are becoming increasingly reliant upon information technology in
DATASHEET PENETRATION TESTING SERVICE Sales Inquiries: sales@spentera.com Visit us: http://www.spentera.com Protect Your Business. Get Your Service Quotations Today! Copyright 2011. PT. Spentera. All Rights
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or
More informationLifecycle Vulnerability Management and Continuous Monitoring with Rapid7 Nexpose
Lifecycle Vulnerability Management and Continuous Monitoring with Rapid7 Nexpose SPONSORED BY WhatWorks is a user-to-user program in which security managers who have implemented effective Internet security
More informationIntelligence Gathering. n00bpentesting.com
Intelligence Gathering Prerequisites Hardware Software Topics Covered A Note Before You Begin Lab 0ne Target Selection and OSINT Scenario Lab Tw0 - Footprinting What s Next? 3 3 3 4 4 4 5 5 13 17 2 Prerequisites
More informationPenetration Testing Walkthrough
Penetration Testing Walkthrough Table of Contents Penetration Testing Walkthrough... 3 Practical Walkthrough of Phases 2-5... 4 Chose Tool BackTrack (Armitage)... 5 Choose Target... 6 Phase 2 - Basic Scan...
More informationIDS and Penetration Testing Lab ISA 674
IDS and Penetration Testing Lab ISA 674 Ethics Statement Network Security Student Certification and Agreement I,, hereby certify that I read the following: University Policy Number 1301: Responsible Use
More informationExecutive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:
Executive Summary Texas state law requires that each state agency, including Institutions of Higher Education, have in place an Program (ISP) that is approved by the head of the institution. 1 Governance
More informationPROJECT BOEING SGS. Interim Technology Performance Report 3. Company Name: The Boeing Company. Contract ID: DE-OE0000191
Interim Techlogy Performance Report 3 PROJECT BOEING SGS Contract ID: DE-OE0000191 Project Type: Revision: V1 Company Name: The Boeing Company November 19, 2013 1 Interim Techlogy Performance Report 3
More informationNSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense
NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense Cyber Investigations Data Management Systems Security Data Security Analysis Digital Forensics Health Care Security Industrial
More informationWhite Hats and Ethical Hacking: What You ve Been Doing Wrong. FocusOn CyberSecurity 30 March 2016
White Hats and Ethical Hacking: What You ve Been Doing Wrong FocusOn CyberSecurity 30 March 2016 Overview Vulnerability assessments and penetration testing What goes wrong The future of penetration testing
More informationJune 2014 WMLUG Meeting Kali Linux
June 2014 WMLUG Meeting Kali Linux "the quieter you become, the more you are able to hear" Patrick TenHoopen Kali Linux Kali Linux is a free and open source penetration testing Linux distribution designed
More informationCyber Exercises, Small and Large
First International Conference on Cyber Crisis Cooperation: Cyber Exercises 27 June 2012 Cyber Exercises, Small and Large Commander Mike Bilzor Computer Science Department U.S. Naval Academy Annpolis,
More informationUniversity System of Maryland University of Maryland, College Park Division of Information Technology
Audit Report University System of Maryland University of Maryland, College Park Division of Information Technology December 2014 OFFICE OF LEGISLATIVE AUDITS DEPARTMENT OF LEGISLATIVE SERVICES MARYLAND
More informationINTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:
PENETRATION TESTING A SYSTEMATIC APPROACH INTRODUCTION: The basic idea behind writing this article was to put forward a systematic approach that needs to be followed to perform a successful penetration
More informationData Centric Security: The Village Idiot lives in the Castle
Data Centric Security: The Village Idiot lives in the Castle Michael A. Davis Chief Executive Officer Savid Technologies, Inc. http://www.savidtech.com Copyright 2011Savid Technologies, Inc. All Rights
More informationThe Value of Automated Penetration Testing White Paper
The Value of Automated Penetration Testing White Paper Overview As an information security and the security manager of the company, I am well aware of the difficulties of enterprises and organizations
More informationHardware and Asset Management Program
Hardware and Asset Management Program Program Overview & Acceptable Use Policy An Asset Management Tool (AMT) is a tool for managing user computers such as desktops and laptops. Its main use is for installing
More informationAC 2012-4887: WORK-IN-PROGRESS: CREATING AN INTRUSION DE- TECTION EXPERIMENTAL ENVIRONMENT USING CLOUD-BASED VIR- TUALIZATION TECHNOLOGY
AC 2012-4887: WORK-IN-PROGRESS: CREATING AN INTRUSION DE- TECTION EXPERIMENTAL ENVIRONMENT USING CLOUD-BASED VIR- TUALIZATION TECHNOLOGY Mr. John M. Jones, East Carolina University John Jones is currently
More informationCarl H. Lindner College of Business
Carl H. Lindner College of Business Information Technology Overview Autumn 2013 Shannon Funk Director of Information Technology Shannon.Funk@uc.edu LCB IT Team Shannon Funk Director of Information Technology
More informationSymantec Cyber Readiness Challenge Player s Manual
Symantec Cyber Readiness Challenge Player s Manual Version 1.6 January 20, 2014 Table of Contents Introduction... 3 1 The Cyber Readiness Challenge... 4 1.1 Your Credentials... 4 1.2 Accessing the Competition...
More informationOut of the Frying Pan and Into the Fire: Protecting the Security of Research Data. Vice Chancellor for IT & CIO July 19, 2011 UNC Chapel Hill
Out of the Frying Pan and Into the Fire: Protecting the Security of Research Data Larry Conrad ISTS Dartmouth College Vice Chancellor for IT & CIO July 19, 2011 UNC Chapel Hill First the Context: Information
More informationOFFICE OF CORPORATE CREDIT UNIONS Risk Reporting for Corporate IT Networks.. Risk Assessment Reporting in Corporate Credit Unions
. Risk Assessment Reporting in Corporate Credit Unions Purpose: To establish minimum reporting standards for corporate IT security reviews. Background: The Office of Corporate Credit Unions (OCCU) issued
More informationEstablishing and Maintaining a Cybersecurity Program: The GWU EMSE Experience
Establishing and Maintaining a Cybersecurity Program: The GWU EMSE Experience Julie J.C.H. Ryan, D.Sc. Assistant Professor Engineering Management and System Engineering School of Engineering and Applied
More informationReal World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services
Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons
More informationNetwork Traffic Analysis
2013 Network Traffic Analysis Gerben Kleijn and Terence Nicholls 6/21/2013 Contents Introduction... 3 Lab 1 - Installing the Operating System (OS)... 3 Lab 2 Working with TCPDump... 4 Lab 3 - Installing
More informationThe Incident Response Playbook for Android and ios
SESSION ID: AIR-W03R The Incident Response Playbook for Android and ios Andrew Hoog CEO and Co-founder NowSecure @ahoog42 @NowSecureMobile Andrew Hoog Author of three books Incident Response for Android
More informationCYBERTRON NETWORK SOLUTIONS
CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified
More informationConducting Web Application Pentests. From Scoping to Report For Education Purposes Only
Conducting Web Application Pentests From Scoping to Report For Education Purposes Only Web App Pen Tests According to OWASP: A Web Application Penetration Test focuses only on evaluating the security of
More informationNETWORK SECURITY. 3 Key Elements
NETWORK SECURITY 3 Key Elements OVERVIEW Network is fast becoming critical and required infrastructure in organizations or even in our live nowadays. Human networking is important in many aspects especially
More informationFear and Loathing in BYOD or "What I Learned Reading the SANS Mobility Survey Results"
Fear and Loathing in BYOD or "What I Learned Reading the SANS Mobility Survey Results" Sponsored by GIAC and Trusted Computing Group 2013 The SANS Institute www.sans.org Today s Speakers Joshua Wright,
More informationStatement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education
Statement of Danny Harris, Ph.D. Chief Information Officer U.S. Department of Education Before the U.S. House Oversight and Government Reform Committee Hearing on Agency Compliance with the Federal Information
More informationThe SCADA That Didn t Cry Wolf: Who s Really Attacking Your SCADA Devices
The SCADA That Didn t Cry Wolf: Who s Really Attacking Your SCADA Devices Kyle Wilhoit Sr. Threat Researcher Trend Micro 1 Glossary HMI: Human Machine Interface IED: Intelligent Electronic Device SCADA:
More informationINDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION
INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer
More informationHealthcare Security Vulnerabilities. Adam Goslin Chief Operations Officer High Bit Security
Healthcare Security Vulnerabilities Adam Goslin Chief Operations Officer High Bit Security Webinar Overview IT Security and Data Loss Breach Sources / Additional Information Recent Medical Breach / Loss
More informationFederal Facilities Council Workshop: Cyber Resilience of Building Control Systems-----Nov 17-19, 2015-----Washington, DC
Day 1, Nov 17, 2015 8:00 a.m. 9:00 a.m. Check in/setup 9:00 a.m. 9:10 a.m. Welcome and Introductions 9:10 a.m. 9:30 a.m. Federal Perspective Keynote Global/National Landscape: Former Congressman Steve
More informationPen Testing Methodology Gueststealer TomCat Zero Day Directory Traversal VASTO
Does vsphere really have some major issues? Recent Cases involving VMware Pen Testing Methodology Gueststealer TomCat Zero Day Directory Traversal VASTO Mitigation Techniques Future Concerns? VMware 80%
More informationFighting Off an Advanced Persistent Threat & Defending Infrastructure and Data. Dave Shackleford February, 2012
Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data Dave Shackleford February, 2012 Agenda Attacks We ve Seen Advanced Threats what s that mean? A Simple Example What can we
More informationJames Stanger, PhD Senior Director, Products - CompTIA 18 November, 2015
Damien Manuel Chief Information Security Officer (CISO), Blue Coat Systems - ANZ James Stanger, PhD Senior Director, Products - CompTIA 18 November, 2015 A Little Housekeeping Contact information will
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationCCA CYBER SECURITY TRACK
CCA CYBER SECURITY TRACK 2013-2014 CCA Advanced Cyber Security Track A detailed description of the advanced cyber security track. Courses to be offered in the CCA Advanced Cyber Security Track 2013-2014
More informationWe ve been hacked! We did it! Rick Grandy Lockheed Martin Hanford Site
We ve been hacked! We did it! Rick Grandy Lockheed Martin Hanford Site April 18, 2012 Outline Motivation What is Pen Testing? Establishing the Program Our Approach Pen Test Results Conclusion DOE Hanford
More information2015 Golf & Learn August 18, 2015
2015 Golf & Learn August 18, 2015 Cyber-Security: Is your satellite network at risk? Moderator: Caleb Henri, Via Satellite Introduction Frank Zinghini, Applied Visions, Inc. AVI: developer of mission-critical
More informationComputer and Network Security Policy
Coffeyville Community College Computer and Network Security Policy Created By: Jeremy Robertson Network Administrator Created on: 6/15/2012 Computer and Network Security Page 1 Introduction: The Coffeyville
More informationPresentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy
Presentation for : The New England Board of Higher Education Hot Topics in IT Security and Data Privacy October 22, 2010 Rocco Grillo, CISSP Managing Director Protiviti Inc. Quote of the Day "It takes
More informationBEFORE THE BREACH: Why Penetration Testing is Critical to Healthcare IT Security
BEFORE THE BREACH: Why Penetration Testing is Critical to Healthcare IT Security August 2014 w w w.r e d s p in.c o m Introduction This paper discusses the relevance and usefulness of security penetration
More informationIf you know the enemy and know yourself, you need not fear the result of a hundred battles.
Rui Pereira,B.Sc.(Hons),CIPS ISP/ITCP,CISSP,CISA,CWNA/CWSP,CPTE/CPTC Principal Consultant, WaveFront Consulting Group ruiper@wavefrontcg.com 1 (604) 961-0701 If you know the enemy and know yourself, you
More informationBust a cap in a web app with OWASP ZAP
The OWASP Foundation http://www.owasp.org Bust a cap in a web app with OWASP ZAP Adrien de Beaupré GSEC, GCIH, GPEN, GWAPT, GCIA, GXPN ZAP Evangelist Intru-Shun.ca Inc. SANS Instructor, Penetration Tester,
More informationUser Guide. CIIT Faculty/Staff Portal. For using. Version 1.0. Prepared by: CIIT Web Team. COMSATS Institute of Information Technology, Islamabad
User Guide For using CIIT Faculty/Staff Portal Version 1.0 Prepared by: CIIT Web Team COMSATS Institute of Information Technology, Islamabad 17 th October, 2012 Page 1 1. Introduction 1.1 Purpose This
More informationInformation Security Engineering
Master of Science In Information Security Engineering Course Descriptions November 2014 Master of Science in Information Security Engineering The program of study for the Master of Science in Information
More informationThe Truth About Enterprise Mobile Security Products
The Truth About Enterprise Mobile Security Products Presented by Jack Madden at TechTarget Information Security Decisions 2013 Welcome to my enterprise mobile security product session! Instead of printing
More informationFour Top Emagined Security Services
Four Top Emagined Security Services. www.emagined.com Emagined Security offers a variety of Security Services designed to support growing security needs. This brochure highlights four key Emagined Security
More informationCIS 213 PENETRATION TESTING 3 cr. (2-2)
JOHN A. LOGAN COLLEGE M. Rogers SP 15 CIS 213 PENETRATION TESTING 3 cr. (2-2) COURSE DESCRIPTION: This course teaches students the underlying principles and many of the techniques associated with the cybersecurity
More informationCourse Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)
Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses
More informationCOURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM
COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.
More informationLab Objectives & Turn In
Firewall Lab This lab will apply several theories discussed throughout the networking series. The routing, installing/configuring DHCP, and setting up the services is already done. All that is left for
More informationRFP No. 1-15-C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST
RFP No. 1-15-C017 OFFICE OF TECHNOLOGY INFORMATION SYSTEMS AND INFRASTRUCTURE PENETRATION TEST Questions and Answers Notice: Questions may have been edited for clarity and relevance. 1. How many desktops,
More informationNetwork Penetration Testing and Ethical Hacking Scanning/Penetration Testing. SANS Security 560.2. Sans Mentor: Daryl Fallin
Network Penetration Testing and Ethical Hacking Scanning/Penetration Testing SANS Security 560.2 Sans Mentor: Daryl Fallin http://www.sans.org/info/55868 Copyright 2010, All Rights Reserved Version 4Q10
More informationBottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.
Payment Card Industry Security Standards Over the past years, a series of new rules and regulations regarding consumer safety and identify theft have been enacted by both the government and the PCI Security
More informationTHE FIVE NEW PCI COMPLIANCE RULES YOU NEED TO KNOW
THE FIVE NEW PCI COMPLIANCE RULES YOU NEED TO KNOW By Stephen Cobb, ESET senior security researcher. If your business accepts credit or debit cards, then you know that PCI DSS stands for Payment Card Industry
More informationEC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp
EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp ECSA/LPT is a security class like no other! Providing real world hands on experience, it is the only in-depth
More informationCS Matters in Maryland CS Principles Course
CS Matters in Maryland CS Principles Course Curriculum Overview Project Goals Computer Science (CS) Matters in Maryland is an NSF supported effort to increase the availability and quality of high school
More informationObtaining Enterprise Cybersituational
SESSION ID: SPO-R06A Obtaining Enterprise Cybersituational Awareness Eric J. Eifert Sr. Vice President Managed Security Services DarkMatter Agenda My Background Key components of the Cyber Situational
More informationTechnology Fee Proposal
Technology Fee Proposal Title: Virtual Environment for Information Security Education and Exploration Proposer: Joseph N. Wilson, Assistant Professor CISE Department Rm. E301 CSE Bldg. 42 Box 116120 Gainesville,
More informationPenetration Testing LAB Setup Guide
Penetration Testing LAB Setup Guide (Internal Attacker - Beginner version) By: magikh0e - magikh0e@ihtb.org Last Edit: July 07 2012 This guide assumes a few things... 1. You have installed Backtrack before
More informationPenetration Testing: Lessons from the Field
Penetration Testing: Lessons from the Field CORE SECURITY TECHNOLOGIES SCS SERVICES May 2009 1 Agenda: About me: Alberto Soliño Director of Security Consulting Services at Core Security One of first five
More informationBuilding the Next Generation of Computer Security Professionals. Chris Simpson
Building the Next Generation of Computer Security Professionals Chris Simpson Overview Why teach computer security to high school students Deciding what to teach What I taught Community Support Lessons
More informationEverything You Wanted to Know about DISA STIGs but were Afraid to Ask
Everything You Wanted to Know about DISA STIGs but were Afraid to Ask An EiQ Networks White Paper 2015 EiQ Networks, Inc. All Rights Reserved. EiQ, the EiQ logo, the SOCVue logo, SecureVue, ThreatVue,
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationCreation of Pentesting Labs
Creation of Pentesting Labs By Kyle Barta Submitted to The Faculty of the Department of Information Technology In Partial Fulfillment of the Requirements for The Degree of Bachelor of Science In Information
More informationThe Challenges and Potentials of Evaluating Courses Online
The Challenges and Potentials of Evaluating Courses Online Mark Troy Texas A&M University Hossein Hakimzadeh Indiana University February 23, 2009 Trav D. Johnson Brigham Young University Dawn M. Zimmaro
More informationTeam Members: Jared Romano, Rachael Dinger, Chris Jones, Miles Kelly Supervising Professor: Dr. George Collins Industry Advisor: Dr.
Cyber Security 2014 Team Members: Jared Romano, Rachael Dinger, Chris Jones, Miles Kelly Supervising Professor: Dr. George Collins Industry Advisor: Dr. Joel Dubow Hacking Incidents Reported to the Cyber
More informationSeven Strategies to Defend ICSs
INTRODUCTION Cyber intrusions into US Critical Infrastructure systems are happening with increased frequency. For many industrial control systems (ICSs), it s not a matter of if an intrusion will take
More informationRecon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins
Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins During initial stages of penetration testing it is essential to build a strong information foundation before you
More informationPrepare Yourself for the Digital Battlefield. Christopher May. 27 Feb 2014
Prepare Yourself for the Digital Battlefield Christopher May 27 Feb 2014 2014 Carnegie Mellon University Overview Who is this guy? What is the Digital Battlefield? Why do I want to work in Cyber Security?
More informationVULNERABILITY MANAGEMENT
Vulnerability Management (VM) software differ in the richness of reporting, and the capabilities for application and security configuration assessment. Companies must consider how a VM technology will
More informationNERC CIP VERSION 5 COMPLIANCE
BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining
More informationOCCS Procedure. Vulnerability Scanning and Management Procedure Reference Number: 9.4.2 Last updated: September 6, 2011
OCCS Procedure Title: Vulnerability Scanning and Management Procedure Reference Number: 9.4.2 Last updated: September 6, 2011 Purpose The purpose of this procedure is to define the management and controls
More informationCRYPTUS DIPLOMA IN IT SECURITY
CRYPTUS DIPLOMA IN IT SECURITY 6 MONTHS OF TRAINING ON ETHICAL HACKING & INFORMATION SECURITY COURSE NAME: CRYPTUS 6 MONTHS DIPLOMA IN IT SECURITY Course Description This is the Ethical hacking & Information
More informationOffice of Information Technology Service Catalog FY2015
Office of Information Technology Service Catalog FY2015 Office of Information Technology Service Catalog FY2015 Table of Contents Accounts & Passwords... 3 Administrative... 4 Business Tools and Services...
More informationIS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection
IS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection Description Lab flow At the end of this lab, you should be able to Discover how to harness the power and capabilities
More informationPTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access
The Best First for Beginners who want to become Penetration Testers PTSv2 in pills: Self-paced, online, flexible access 900+ interactive slides and 3 hours of video material Interactive and guided learning
More informationPresented By: Bryan Miller CCIE, CISSP
Presented By: Bryan Miller CCIE, CISSP Speaker Introduction Risks Controls Why We Should Pen Test Why We Don t Pen Test Tools & Techniques Low Hanging Fruit Case Studies Copyright 2010 Syrinx Technologies
More informationDigital Pathways. Penetration Testing
Penetration Testing inftouch@digitalpathwyas.co.uk Penetration testing, vulnerability tests, assurance projects, ethical hacking it all means broadly the same thing; testing a corporate network to determine
More informationDOES ONLINE LEARNING HAVE A ROLE IN LIBERAL ARTS COLLEGES? An Interview with Council of Independent Colleges President Richard Ekman
DOES ONLINE LEARNING HAVE A ROLE IN LIBERAL ARTS COLLEGES? An Interview with Council of Independent Colleges President Richard Ekman Rebecca Griffiths December 2014 Ithaka S+R is a strategic consulting
More informationCHIPOLA COLLEGE COURSE SYLLABUS Chipola s website: www.chipola.edu
CHIPOLA COLLEGE COURSE SYLLABUS Chipola s website: www.chipola.edu COURSE TITLE: COURSE NUMBER: Introduction to Server and Network Security CIS 1352 COURSE DESCRIPTION (with prerequisites): This course
More informationCECH Virtual Lab Guide Windows 7/Vista Edition
CECH Virtual Lab Guide Windows 7/Vista Edition Introduction: This guide is a step-by-step walkthrough of installing, configuring, and using the VMware Horizon View Client to access the University of Cincinnati
More informationInfoSec Academy Pen Testing & Hacking Track
Fundamental Courses Foundational Courses InfoSec Academy Specialized Courses Advanced Courses Certification Preparation Courses Certified Information Systems Security Professional (CISSP) Texas Security
More informationSimplifying Security & Compliance Innovating IT Managed Services. Data Security Threat Landscape and IT General Controls
Simplifying Security & Compliance Innovating IT Managed Services Data Security Threat Landscape and IT General Controls Audit Standards and IT General Controls General IT controls discussed in AUC Section
More information