-
Ahmed A. Alkaysi commented on the post, Discussion Week 14, on the site 6 years, 10 months ago
It can be wording that gets the message across but wouldn’t sound extremely harsh, maybe either a substitution of words or added context around the intended message.
For example, if during an Audit it is found that users have access to an Application they do not need, instead of just saying that “Users were found with unneeded access” more…[Read more]
-
Ahmed A. Alkaysi commented on the post, Discussion Week 14, on the site 6 years, 10 months ago
Apologize for the typos, meant – “without perverting the facts, maybe the wording can be modified to soften the blow.”
-
Ahmed A. Alkaysi commented on the post, Discussion Week 14, on the site 6 years, 11 months ago
Good points on Topic 2 Jason. The spirit of this document is still relevant. However, since this document is from 1989, so much has changed that extends beyond the scope of what was intended back then. This document can be improved by adding the different aspects of the internet, and what the responsibilities of the users would be. Also, the…[Read more]
-
Ahmed A. Alkaysi commented on the post, Discussion Week 14, on the site 6 years, 11 months ago
D14.3: Discussion Topic 3:
I would also report the findings as everyone else has stated. It would be against the law for me to corrupt the findings. However, having said this, without perfecting the facts, maybe maybe the wording can be modified to not soften the blow. During audits, when we discover a finding, we discuss it with the clients…[Read more]
-
Ahmed A. Alkaysi commented on the post, Discussion Week 14, on the site 6 years, 11 months ago
D14.1: Discussion Topic 1:
It really depends on the circumstances that might result in a non-compliance. If it is a life-or-death situation, I believe that non-compliance would be justified. This would be similar to a Good Samaritan law. A possible way to mitigate these types of issues is by:
-Setting up rules and regulations on when this…[Read more]
-
Ahmed A. Alkaysi commented on the post, Discussion Week 13, on the site 6 years, 11 months ago
In this unit, we looked at the categories of network security software and devices. However, in the market, many of these have converged… the line between a firewall and a router is much less defined, especially in low to mid-range devices. Is this a good thing or a bad thing? What are the consequences of this convergence?
I think it is u…[Read more]
-
Ahmed A. Alkaysi commented on the post, Discussion Week 12, on the site 6 years, 11 months ago
2. We learn in this unit that TCP has a lot of features that allow reliable communication on unreliable networks (like the Internet). However, UDP does not have these features… why so you suppose we need a protocol like UDP, and what are some uses for UDP where reliability may not be as important? What do we gain when we sacrifice TCP’s rel…[Read more]
-
Ahmed A. Alkaysi commented on the post, Discussion Week 11, on the site 6 years, 11 months ago
It really depends on the job of the individual. I don’t see why an Application Developer or a Database Administrator will require access to these tools. So it should be banned to them. However, if you are part of the pen testing or cyber security team, you would most likely need access to one of these tools to do your job. In general, these tools…[Read more]
-
Ahmed A. Alkaysi commented on the post, Discussion Week 5, on the site 7 years ago
As you stated Younes, it goes both ways. If you open up protocols, this gives developers the opportunity to increase security, but by opening it up, you are also inviting more attackers. However, if a company is diligent and tighten things down when developing the propriety protocol, they will be able to restrict many attacks. Personally, I…[Read more]
-
Ahmed A. Alkaysi commented on the post, Discussion Week 8, on the site 7 years ago
Well put Jason. It really depends on the organization and where the risks are. If you have an organization that has many different sites throughout the globe, maybe departments will create a contingency plan at a local level for disease in the geographic areas. If for example, the company only has 1 or 2 sites that are located in a high-risk…[Read more]
-
Ahmed A. Alkaysi commented on the post, Discussion Week 4, on the site 7 years, 1 month ago
Good point Fraser. Blacklisting vs Whitelisting is dependent on the type of department and the applications that they use. I think that the departments utilizing the Core Business functional applications can get a way with Whitelisting. Generally, the core applications would only be a few, so it would be easier to Whitelist.
Now, as you have…[Read more]
-
Ahmed A. Alkaysi posted a new activity comment 7 years, 1 month ago
Personally, for my day to day use, I prefer Windows due to the types of applications I use (Microsoft Suite, Games, etc..) and the GUI. One of the great benefits of Linux is the powerful Terminal, something I do not need to use on a daily basis. Linux is more powerful than Windows from a penetration stand point. In my pentesting classes, using…[Read more]
-
Ahmed A. Alkaysi posted a new activity comment 7 years, 1 month ago
There are indeed security concerns with having authorization done outside of company boundaries. First of all, when doing authorization outside of company’s boundary, there is reliance on a third party. If that organization’s service is down for any reason, users will not be able to access their accounts if they try logging in. This can be…[Read more]
-
Ahmed A. Alkaysi wrote a new post on the site MIS 5212-Advanced Penetration Testing 7 years, 6 months ago
Hi, below is the ppt and executive summary for the OS analysis assignment.
PPT OS Analysis – Alkaysi
OS Analysis Executive Summary – Alkaysi
-
Ahmed A. Alkaysi wrote a new post on the site MIS 5212-Advanced Penetration Testing 7 years, 6 months ago
The company, WordFence, reported that tens of thousands of routers, associated with the state-owned telecom company Telecom Algeria, have been hacked and used to launch attacks on wordpress sites. The researchers […]
-
Ahmed A. Alkaysi wrote a new post on the site MIS 5212-Advanced Penetration Testing 7 years, 7 months ago
A cyber group has been targeting Middle Eastern organization using Windows and Android malware. The group, discovered by Chinese security firm and researchers from Palo Alto Networks, have been targeting […]
-
Ahmed A. Alkaysi wrote a new post on the site MIS 5212-Advanced Penetration Testing 7 years, 7 months ago
The Security and Privacy of Your Car (SPY Car) bill has been reintroduced by Senators from Massachusetts and Connecticut. This bill introduces a number of security measures that would beef up the cybersecurity of […]
-
Ahmed A. Alkaysi wrote a new post on the site MIS 5212-Advanced Penetration Testing 7 years, 8 months ago
81% of healthcare companies are looking to increase their investing in cyber security, an increase from 60% last year. As most of us have probably heard, there has been a wave of recent ransomware and cyber […]
-
Ahmed A. Alkaysi wrote a new post on the site MIS 5212-Advanced Penetration Testing 7 years, 8 months ago
Hi, below is my Powerpoint and Executive summary for the Metasploit assignment.
PowerPoint – PPT Metasploit – Alkaysi
Executive Summary – Metasploit Executive Summary – Alkaysi
-
Ahmed A. Alkaysi wrote a new post on the site MIS 5212-Advanced Penetration Testing 7 years, 8 months ago
In this article, it is discussed how many of the Android apps that are used to locate and unlock their vehicles are missing many security features. Some of these features include: obfuscation, which is used to […]
-
I’m not sure if this is either more of a Google’s Android issue or a developer one. Regardless what is, all parties involved should play their part to resolve this issue. Like I always say, the key here will be to work together. Together is stronger, and in turn stronger is better against hacking. The Android team will need to reinforce the process of approving Apps. Force developers to follow proper security procedures to protect users. Developers can play their part by not only following strong security protocols, but also focus on adopting a security mindset when coding. Users can contribute to this by disciplined themselves to report anything suspicious.
-
- Load More