@jon-whitehurst
Active 3 years, 2 months ago-
Jon Whitehurst wrote a new post on the site MIS 5212-Advanced Penetration Testing 7 years, 8 months ago
5212 – Assignment1 – Executive summary
5212 – Assignment 1 – slide deck
-
Jon Whitehurst posted a new activity comment 7 years, 11 months ago
D14.1: Discussion Topic 1:
Being PHI aware and how to handle has to be the DNA of culture for a hospital and its administration. Email internally is not really the concern it’s when its shared outside the hospital control. Hospitals that I am I know of when an email is being sent out to an external email address there is a application/system…[Read more] -
Jon Whitehurst posted a new activity comment 7 years, 11 months ago
It all depends on what you want to do. In today’s standards Routers have basic features of a firewall and firewalls have basic router features. Firewalls are becoming more and more application aware instead of port based in the last number of years. Routers are meant to route traffic and firewalls are meant to inspect and allow or deny. D…[Read more]
-
Jon Whitehurst posted a new activity comment 7 years, 11 months ago
We learn in this unit that TCP has a lot of features that allow reliable communication on unreliable networks (like the Internet). However, UDP does not have these features… why so you suppose we need a protocol like UDP, and what are some uses for UDP where reliability may not be as important? What do we gain when we sacrifice TCP’s rel…[Read more]
-
Jon Whitehurst posted a new activity comment 7 years, 11 months ago
BAD IDEA. If tools were banned from IT or anyone using in the company I would be searching for a new company to work for. Saying that, I encourage any ethical IT or non-IT professional learn any new tool that was being used to help figure out problems or make their lives easier and more efficient. The ramification of not being able to use a…[Read more]
-
Jon Whitehurst posted a new activity comment 7 years, 11 months ago
From my perspective, the debate I had with BYOD devices is not the way they are used, it’s how its accessing the applications that has PHI information. I have been ok with using any device as long as the application is accessible using a applet that was provided by IT support for the application on the device. The only application i can see…[Read more]
-
Jon Whitehurst posted a new activity comment 8 years ago
There are many threats to organizations, and we can’t worry about all of them. As an IT security professional, would you be concerned with the threat from a pandemic? What threats do you feel are worth considering and being prepared? Conversely, what kinds of threats should we be less concerned with? Does anyone recall hiding under their d…[Read more]
-
Jon Whitehurst posted a new activity comment 8 years, 1 month ago
Research Kerckhoffs’ Principal, and read the segment in the text titled “Never Trust Proprietary Algorithms”. I think we can all agree that having open protocols is considered critical in cryptography.
But what about other areas of IT?
There are some areas of IT that are at the mercy of the vendor for areas such as manufacturing or in resea…[Read more] -
Jon Whitehurst commented on the post, Is port scanning illegal?, on the site 8 years, 1 month ago
Port scanning may vary country to country. In the US I don’t think its illegal, nor do I think it should be. Universities get scanned constantly by IP addresses in other countries. In those cases since we can’t go the ISP in that country to tell them to stop we simply place them on the blacklist. If you are a hospital,or a company that has…[Read more]
-
Jon Whitehurst wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
Paying the Ransomware
I learned today where one bitcoin equals 600 US dollars as of 21-Sep-16. When a ransomware Incident occurs, one of the first few question does come up what will it take to get back into […]
-
Jon Whitehurst commented on the post, Weekly Question #7: Complete by March 27, 2017, on the site 8 years, 2 months ago
This to me almost sounds like a bad policy that was put in place and was interpreted in a way that people found a way to make money for themselves in the way of bonuses. What the article did not mention was how much money they made by moving the money vs fees for insufficient funds and overdraft fees. 200M in fines vs ?. Some businesses are…[Read more]
-
Jon Whitehurst commented on the post, Finally an indicator that you’re on an unsecure site, on the site 8 years, 2 months ago
I would agree that there is no guarantee however some encryption is better than no encryption. I am not sure what Google’s level of being secure will be with this new “feature”. Its an attempt to make sites more secure and raising everyone’s awareness.
-
Jon Whitehurst wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 2 months ago
Finally an indicator that you’re on an unsecure site.
I was looking for an article that would provide me the most secure browser in today’s market. In my research, I came across this article about warning use […]
-
Interesting article. Google is staying ahead of the game. This is a great idea and I am pretty sure all the other web browsers will be following google’s lead in the future.
-
We’ll cover more on tis later, but port 443 and an SSL cert is no guarantee of security. The devil is in the detail configuration.
Wade
-
I would agree that there is no guarantee however some encryption is better than no encryption. I am not sure what Google’s level of being secure will be with this new “feature”. Its an attempt to make sites more secure and raising everyone’s awareness.
-
-
I thought this in an interesting article. Although they are not guaranteeing that these sites will be free of malware, they want to let users know that there is an added layer of security when going to an HTTPS site, as opposed to an HTTP.
-
I have seen sites that are not secured by HTTPS, to have the HTTPS red and cross out in the URL. I have also received prompts upon entering the site that it is an unsecured connection and will need to go through a couple hoops in order to bypass it. Not sure if it a Chrome thing by default or a plugin.
-
-
Jon Whitehurst commented on the post, Article: “Car hacking is the future – and sooner or later you'll be hit”, on the site 8 years, 2 months ago
Maybe I have been watching too many crime shows. I guess the question comes down to freedom or convenience? I personally would not want the service either. I would agree on the surface its convenient when you are in trouble situation. While the system is on the amount of information that the system is using and tracking on your whereabouts can…[Read more]
-
Jon Whitehurst commented on the post, To Antivirus or not to Antivirus, on the site 8 years, 2 months ago
Thank you for the clarification. I think its a great idea for a home workstation to be configured in a way where anyone at home can have their own virtual workstation. When the classes are over I may want virtualize my workstation and have a baseline OS to just access the VM.
-
Jon Whitehurst wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 2 months ago
During the week 1 lecture Professor Mackey made the comment that and I am hoping I am quoting correct, “I do not run antivirus on any of my computers at home”. I am not a fan of antivirus or encryption software […]
-
Thanks for sharing Jon. Nice articles. I thought the most interesting part of the Krebs article was when he highlighted “The most important layer in that security defense? You!” When I think back to all the times that I had issues troubleshooting viruses (with anti-virus software), it was usually because of the user’s behavior. Peer-to-peer software such as torrents, phishing, and pirated software were some of the more common attack vectors for malware.
In our corporate environment, I’ve found the most reliable malware defense uses behavioral analysis to detect abnormal activity on the host (e.g. via agents) or on the network. Simply using signature based malware defenses is insufficient because of the crypting and zero-day threats. Does anybody any behavioral based software for personal use?
-
I’ll clarify. I do not run AV on the virtual machines I use. I do have AV on the base machine that runs Workstation, but that is mostly because it was free (comes with being a Comcast customer). My professional experience is that it is not that effective, and gets in the way of doing security research. AV will flag many of the tools we will use in class. The AV makers do not differentiate between hacking tolls and Malware.
-
Thank you for the clarification. I think its a great idea for a home workstation to be configured in a way where anyone at home can have their own virtual workstation. When the classes are over I may want virtualize my workstation and have a baseline OS to just access the VM.
-
-
Jon,
Great article. It is true that many antiviruses are ineffective in detecting online threats such as malicious websites. I personally use on my home PC Symantec Endpoint Protection which is provided by Temple University, however it is not a antivirus per se. It detects if any unwanted threats are on your PC so it works like a firewall and antivirus. This I believe is a more thorough way to protect a PC instead of just a standalone antivirus which would only detect something if you download a malicious file.
-
I made a habit of installing Avast anytime I do a fresh install of Windows or build a new computer. I can’t remember the last time I actually ran a scan using it though. Most of the time, when ever there is a malicious file trying to be downloaded or trying to access a high threat site, Chrome is doing the blocking for me. I think for now, I will continue to run Avast, as it gives me some sort of peace of mind. Maybe in the future, I will think of trying without it.
-
Antivirus is definitely needed on your computer it will catch most viruses and it needs to be updated frequently. In my experience at the end of the day it will always come down to the users and what websites they go to and what they download and/or open (email from a user they don’t know)
-
Antivirus technology has come a long way over the years, gone are the days of buying multiple products to cover various threats. Here at Temple we use Symantec Endpoint protection. Symantec bundles antivirus, malware, and spyware protection along with Network and zero-day protection in one product. This allows the consumer to have a little piece of mind, no product is 100% perfect but Symantec End Point protection is doing as the name suggest protecting the End Point. Another great advantage of this product is that it’s an enterprise solution, so every system on our network running Symantec is centrally managed allowing us to always make sure that pc’s have the latest virus definitions.
-
-
Jon Whitehurst posted a new activity comment 8 years, 6 months ago
Hello Everyone,
My name is Jon Whitehurst and I am a Network Security Engineer here at Temple University. My career turned to security when I given to the opportunity to work on security projects such has firewall evaluations, workstation Anti Virus and writing policies and procedures for Fox Chase Cancer Center and I have been hooked ever…[Read more]
