Paul V. Ihlenfeld
MIS-5211 Week 5 Reading Summary, Question, and recent Cyber Security News…
MIS-5211 Week 5 Readings, Question, and recent Cyber Security News…
- Summarize one key point from each assigned reading…
1A. “System enumeration” (footprinting) – is the process by hackers and/or security administrators of gathering cyber info (profile of computer systems, users, network, etc.) for vulnerability access. The best defense for online businesses is an evolving holistic approach (integrated & layered security protection setup [policy, procedures, awareness, technology, etc.] that changes over time.)
1B. “User enumeration” – regarding enumeration of networked servers (identify user accounts & net resources [shared directories]), one must use different/similar internal & external command utilities & installed apps on Windows & UNIX servers when gathering this information.
Windows system examples: “net user” internal command utility (enumerate users)
UNIX system examples: “finger” internal command utility (enumerate users & hosts)
- Question to classmates (facilitates discussion) from assigned reading…
Regarding online systems enumeration (identify user accounts & net resources [shared directories]) on networked Windows servers, what is the one way to hide shared networked directories?
*Answer is the following: use the “ $ ” keyboard character at end of shared net directory name (example… ftp$ )
- Identify, read, and post to our blog a current event article regarding ethical hacking & penetration testing (follow theme topic of the week, or other interesting related article)…
In the Cyber Security News lately…
Security Bug allows Hackers to take Control of Curiosity Rover’s OS…
http://www.ehackingnews.com/2015/09/security-bug-allows-hackers-to-take.html
… “Serious security flaws has been discovered in VxWorks, a real-time operating system made by Wind River of Alameda, California, US, in 1987. The OS is used from network routers to critical instruments like NASA’s Curiosity Rover on Mars and Boeing 787 Dreamliners.”
MIS-5211 Week 4 Reading Summary & Cyber Security News…
Review my following MIS-5211_Wk4 class preparation information findings:
Week 4 Readings, Question, and In the Cyber Security News…
- Summarize one key point from each assigned reading…
In order to proactively check + protect one’s own business computer network from on-going vulnerabilities (IN & OUT), one can periodically deploy the robust & low-cost NESSUS computer network vulnerability scanner (identify issues & provide fix-it information.) Additionally for matter of convenience, use a UNIX-based portable laptop computer with the NESSUS Server & Client already installed (check for network vulnerabilities at many different places on one’s business networks.)
- Question to classmates (facilitates discussion) from assigned reading…
Since the NESSUS network vulnerability system is dependent on special current known “plug-ins” (similar to anti-virus software definitions), how then to detect & provide fix-it information for the unknown, new network vulnerabilities?
*NOTE: Review the latest NESSUS plug-ins from the Tenable Network Security organization…
www.tenable.com/plugins/index.php?view=newest
- Identify, read, and post to our blog a current event article regarding ethical hacking & penetration testing (follow theme topic of the week, or other interesting related article)…
In the Cyber Security News lately…
CAPTCHA-bypassing malware found in Google Play…
www.ehackingnews.com/2015/09/captcha-bypassing-malware-found-in.html
“Bitdefender Security Researcher, Liviu Arsene has recently revealed that a malware, identified as Android.Trojan.MKero.A has found its way into the highly legitimate apps in Android powered Google Play Store by successfully evading the Google Bouncer’s vetting algorithms. This can cause a lot of trouble for the vendors who provide paid premium services of their products as the malware can now make the services available for free.”