Ahmed A. Alkaysi

It can be wording that gets the message across but wouldn’t sound extremely harsh, maybe either a substitution of words or added context around the intended message.

For example, if during an Audit it is found that users have access to an Application they do not need, instead of just saying that “Users were found with unneeded access” more…[Read more]

Apologize for the typos, meant – “without perverting the facts, maybe the wording can be modified to soften the blow.”

Good points on Topic 2 Jason. The spirit of this document is still relevant. However, since this document is from 1989, so much has changed that extends beyond the scope of what was intended back then. This document can be improved by adding the different aspects of the internet, and what the responsibilities of the users would be. Also, the…[Read more]

D14.3: Discussion Topic 3:

I would also report the findings as everyone else has stated. It would be against the law for me to corrupt the findings. However, having said this, without perfecting the facts, maybe maybe the wording can be modified to not soften the blow. During audits, when we discover a finding, we discuss it with the clients…[Read more]

D14.1: Discussion Topic 1:

It really depends on the circumstances that might result in a non-compliance. If it is a life-or-death situation, I believe that non-compliance would be justified. This would be similar to a Good Samaritan law. A possible way to mitigate these types of issues is by:

-Setting up rules and regulations on when this…[Read more]

In this unit, we looked at the categories of network security software and devices. However, in the market, many of these have converged… the line between a firewall and a router is much less defined, especially in low to mid-range devices. Is this a good thing or a bad thing? What are the consequences of this convergence?

I think it is u…[Read more]

2. We learn in this unit that TCP has a lot of features that allow reliable communication on unreliable networks (like the Internet). However, UDP does not have these features… why so you suppose we need a protocol like UDP, and what are some uses for UDP where reliability may not be as important? What do we gain when we sacrifice TCP’s rel…[Read more]

It really depends on the job of the individual. I don’t see why an Application Developer or a Database Administrator will require access to these tools. So it should be banned to them. However, if you are part of the pen testing or cyber security team, you would most likely need access to one of these tools to do your job. In general, these tools…[Read more]

As you stated Younes, it goes both ways. If you open up protocols, this gives developers the opportunity to increase security, but by opening it up, you are also inviting more attackers. However, if a company is diligent and tighten things down when developing the propriety protocol, they will be able to restrict many attacks. Personally, I…[Read more]

Well put Jason. It really depends on the organization and where the risks are. If you have an organization that has many different sites throughout the globe, maybe departments will create a contingency plan at a local level for disease in the geographic areas. If for example, the company only has 1 or 2 sites that are located in a high-risk…[Read more]

Good point Fraser. Blacklisting vs Whitelisting is dependent on the type of department and the applications that they use. I think that the departments utilizing the Core Business functional applications can get a way with Whitelisting. Generally, the core applications would only be a few, so it would be easier to Whitelist.

Now, as you have…[Read more]

Personally, for my day to day use, I prefer Windows due to the types of applications I use (Microsoft Suite, Games, etc..) and the GUI. One of the great benefits of Linux is the powerful Terminal, something I do not need to use on a daily basis. Linux is more powerful than Windows from a penetration stand point. In my pentesting classes, using…[Read more]

There are indeed security concerns with having authorization done outside of company boundaries. First of all, when doing authorization outside of company’s boundary, there is reliance on a third party. If that organization’s service is down for any reason, users will not be able to access their accounts if they try logging in. This can be…[Read more]