Temple University

Week 13 Summary and Articles

The reading discussed techniques that penetration testers can use to evade IPS. Examples are fragmenting packets, obfuscation, using decoy trees, using open ports .etc. The main lesson is that an IPS and other systems by themselves won’t protect your client. You have to make sure unwanted services are turned off, activities are logged & monitored in combination with other measures. There is no panacea for vulnerabilities because there is always a way into an enterprise. Security professionals should make the best use of available resources to make it as difficult as possible to breach the enterprise.

Articles I found interesting for discussion are:

https://threatpost.com/one-badbarcode-spoils-whole-bunch/115362/

https://answers.microsoft.com/en-us/windows/forum/windows_10-security/windows-10-and-hipaa-compliance/037e3f2e-8262-42eb-8909-05832e856645?auth=1

https://www.linkedin.com/pulse/does-windows-10-violate-hipaa-steve-hoffenberg

Leave a Reply

Your email address will not be published. Required fields are marked *