background preloader

Fundamentals of Information Security

Facebook Twitter

CTS-1120

Assignments

NETLAB Professional Edition - Login. Syllabus. Publications and Blogs. Security & Analysis Tools. Encryption. Passwords.

Steganography. Malware. Tor. Tracking Apps. NSA Center for Academic Excellence in IA - FSCJ. Professor of Computer Engineering Technology Lead, National Security Agency Center for Academic Excellence in IA Forensics/network security consultant and SME (Subject Matter Expert) for Mulholland Forensics LLC, FD3 Technology Inc., and WJXT Channel 4 News (904) 598-5657 Dr.

NSA Center for Academic Excellence in IA - FSCJ

Wally Eaton In February 2005, Dr. Eaton retired from his position as chief security officer (CSO) for the City of Jacksonville and accepted a full professorship at FSCJ's Advanced Technology Center. In addition to CSO, Dr. Education Ph.D. in Computer and Information Security Business Administration Base - North Central University (Arizona) Alpha Phi Sigma, National Criminal Justice Honor Society Delta Mu Delta, International Honor Society in Business M.S. in Network Security Capitol College of Maryland – Honors B.S. in Computer Science Grantham University, Summa Cum Laude Delta Epsilon Tau Honor Society A.S. in Electronics Engineering Technology Grantham College of Engineering.

Web Intrusion Deception System. Home of the pfSense Project - Open Source Firewall and Router Software Distribution. TCPDUMP/LIBPCAP public repository. MS-DOS help and commands. Short for Microsoft Disk operating system, MS-DOS is a non-graphical command line operating system created for IBM compatible computers that was first introduced by Microsoft in August 1981 and was last updated in 1994 when MS-DOS 6.22 was released.

MS-DOS help and commands

Although the MS-DOS operating system is not often used today, the command shell commonly known as the Windows command line is still used and recommended. Continue reading >> Why You Should Start Using a VPN (and How to Choose the Best One for Your Needs) Microsoft Support. Wi-Fi Alliance. IEEE - The world's largest professional association for the advancement of technology. DojoSec Monthly Briefings - February 2009 - Jesse Varsalone. Home : The Official Microsoft IIS Site. How to search like a spy: Google's secret hacks revealed.

The National Security Agency just declassified a hefty 643-page research manual called Untangling the Web: A Guide to Internet Research (PDF) that, at least at first, doesn't appear all that interesting.

How to search like a spy: Google's secret hacks revealed

That is, except for one section on page 73: "Google Hacking. " "Say you're a cyberspy for the NSA and you want sensitive inside information on companies in South Africa," explains Kim Zetter at Wired. "What do you do? " Well, you could type the following advanced search into Google — "filetype:xls site:za confidential" — to uncover a trove of seemingly private spreadsheets. Chris Domas: The 1s and 0s behind cyber warfare. Welcome to The Apache Software Foundation! In Unix, how do I use SCP to securely transfer files between two computers? In Unix, you can use SCP (the scp command) to securely copy files and directories between remote hosts without starting an FTP session or logging into the remote systems explicitly.

In Unix, how do I use SCP to securely transfer files between two computers?

The scp command uses SSH to transfer data, so it requires a password or passphrase for authentication. Unlike rcp or FTP, scp encrypts both the file and any passwords exchanged so that anyone snooping on the network cannot view them. Syntax The syntax for the scp command is: Ftp () NOTE: click here if you get an empty page.

ftp ()

An A-Z Index of the Bash command line for Linux. Commands marked • are bash built-ins Many commands particularly the Core Utils are also available under alternate shells (C shell, Korn shell etc).

An A-Z Index of the Bash command line for Linux

More bash commands: Linux Command Directory from O'Reilly, GNU CoreUtils.SS64 bash discussion forumLinks to other Sites, books etc. Microsoft Best Practices for Mitigating RPC and DCOM Vulnerabilities. This white paper is being made available to assist system administrators and technical personnel in preventing damage caused by an exploit for vulnerabilities in the RPC and DCOM sub-systems in Microsoft’s operating systems.

Microsoft Best Practices for Mitigating RPC and DCOM Vulnerabilities

Several such vulnerabilities have been announced in Microsoft security bulletins MS03-026 and MS03-039. The vulnerabilities affect most currently supported Microsoft operating systems. However, this paper is primarily geared to technical personnel supporting organizational networks. Consumers are encouraged to go to www.microsoft.com/protect to get information on the three steps they can follow to help protect themselves from this and other threats. CA-2003-16. Original release date: July 17, 2003 Last revised: Fri Aug 8 13:11 EDT 2003 Source: CERT/CC A complete revision history is at the end of this file.

CA-2003-16

Systems Affected Microsoft Windows NT 4.0Microsoft Windows NT 4.0 Terminal Services EditionMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003 Overview A buffer overflow vulnerability exists in Microsoft's Remote Procedure Call (RPC) implementation. I. Avi Rubin: All your devices can be hacked. Security Advisories and Bulletins. Security TechCenter United States (English) Sign in.

Security Advisories and Bulletins

Cyber Security and Information Systems Information Analysis Center. An Illustrated Guide to IPsec. IPsec is a suite of protocols for securing network connections, but the details and many variations quickly become overwhelming.

An Illustrated Guide to IPsec

Transport Layer Security protocol. Updated: June 12, 2014 This topic for the IT professional describes how the Transport Layer Security (TLS) protocol works and provides links to the IETF RFCs for TLS 1.0, TLS 1.1, and TLS 1.2. The TLS (and SSL) protocols are located between the application protocol layer and the TCP/IP layer, where they can secure and send application data to the transport layer. Because the protocols work between the application layer and the transport layer, TLS and SSL can support multiple application layer protocols. TLS and SSL assume that a connection-oriented transport, typically TCP, is in use.

The protocol allows client and server applications to detect the following security risks: Message tampering Message interception Message forgery. Hack any paid WiFi hotspot in about 30 seconds. Cisco 2015 Annual Security Report Overview. Cybersecurity Course Overview.  Log Files and Linux. Log Files and Linux. by Isaac Ok. Adrian asked me to write up a quick synopsis of the "lecture" I gave at the first meeting. This is pretty basic stuff. So if you already know how Linux log files work, don't expect to learn anything new or enlightening here. Most versions of Linux, as far as I'm aware, use syslogd as their logging utility. syslogd is a fairly easy tool to learn and use. . *.info;mail.none;news.none;authpriv.none;cron.none /var/log/messages. The GNU Awk User’s Guide. This file documents awk, a program that you can use to select particular records in a file and perform operations upon them.

Copyright © 1989, 1991, 1992, 1993, 1996–2005, 2007, 2009–2014 Free Software Foundation, Inc. This is Edition 4.1 of GAWK: Effective AWK Programming: A User’s Guide for GNU Awk, for the 4.1.1 (or later) version of the GNU implementation of AWK. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with the Invariant Sections being “GNU General Public License”, the Front-Cover texts being (a) (see below), and with the Back-Cover Texts being (b) (see below).

A copy of the license is included in the section entitled “GNU Free Documentation License”. “A GNU Manual” “You have the freedom to copy and modify this GNU manual. Short Table of Contents. Grep () NOTE: click here if you get an empty page. grep, egrep, fgrep - print lines matching a pattern. Aircrack-ng. CyberCIEGE Educational Video Game. An innovative video game and tool to teach computer and network security concepts CyberCIEGE enhances information assurance and cyber security education and training through the use of computer gaming techniques such as those employed in SimCity™.

In the CyberCIEGE virtual world, users spend virtual money to operate and defend their networks, and can watch the consequences of their choices, while under attack. Cyber Security Simulation In its interactive environment, CyberCIEGE covers significant aspects of computer and network security and defense. Players of this video game purchase and configure workstations, servers, operating systems, applications, and network devices. They make trade offs as they struggle to maintain a balance between budget, productivity, and security. CyberCIEGE includes configurable firewalls, VPNs, link encryptors and access control mechanisms. CyberCIEGE is available at no cost to agencies of the US Government by contacting cyberciege@nps.edu. Questions? OVAL - Open Vulnerability and Assessment Language.

Understanding /etc/shadow file. ByVivek GiteonFebruary 23, 2006 last updated November 20, 2015 inBASH Shell, CentOS, Debian / Ubuntu, FreeBSD, HP-UX Unix, Linux, RedHat and Friends, Solaris-Unix, Suse, Ubuntu Linux, UNIX, User Management. Passwd () Windows XP - Net use. Windows XP - Ntbackup. Business_Continuity_Managment_Toolkit.pdf. Network Vulnerability Assessment Basics. How to Create an Effective Business Continuity Plan. We rarely get a head's up that a disaster is ready to strike. Even with some lead time, though, multiple things can go wrong; every incident is unique and unfolds in unexpected ways. This is where a business continuity plan comes into play. To give your organization the best shot at success during a disaster, you need to put a current, tested plan in the hands of all personnel responsible for carrying out any part of that plan.

Host Vulnerability Assessment with Nessus, NeXpose and Metasploitable 2. Sandboxie - Sandbox software for application isolation and secure Web browsing.