Home » Group 1

Category Archives: Group 1

Free Wireless and Web Awareness of Users – Keiron Shaw

Free Wireless – Wireless can be a difficult type of trick to detect, it will use a similar/same name as a regular network you may use or it can request you to join the network. This way once you have accessed the network it can view all of your information and then send you malicious data and software to attack your system. To detect this you will have to check the SSID to see if it has a different SSID because every network is assigned a network

Web Awareness – Web awareness is being able to detect pop-ups and phishing websites. It is the general knowledge that will allow you to browse the web safely and securely.

0
0

Owen Thomas Training and Awareness of users

Tampering

Tampering can sometimes be quite easy to notice, but sometimes it can be very hard to notice. Tampering can come in many different states, from switching machine accessories, to modiffying software. You can easily change someones keyboard for a fake replica that sends out information about what they are typing.

Phishing Emails

Phishing emails can be used to replicate business emails/account reset options. You could recieve and email one day saying it is your bank and you need to sign in to their site, follow this link > blagheadbank.com then when you click this link it will send you to a site similar to the oringinal bank website. They can then track what infromation you insert.

1
0

Assignment 2 – Training and awareness of users

Task 1

Fake help desks – Users need to be aware of fake help desks as they can be used to gain access to a computers hard drive. The bogus help desk can be created using a virtual private network (VPN) in order to mask their location and real network which will assist in getting access to the computer. The usage of a fake help desk will ‘trick’ unsuspecting users and cause them to leak their private information without meaning to.

Free wireless – Users need to be aware when connecting to an unknown free WiFi. When a user connects the the WiFi, private information can be accessed through the connection of the device and can cause issues if used to gain access to certain information. As the WiFi is free, users will often connect regardless of the risks. Companies like Mcdonalds, busses etc often have free WiFi, however these are trusted connection, whereas other free WiFi’s can be used to gain access to sensitive information and the users who connect to the network.

Task 2

folder-properties

Read permission – The read permissions allow the user to simply view and access the files and subfolders that are located within the folder. This does not allow the modification of anything inside the folder.

Write permissions – The write permissions allow the user to add files and subfolders into the folder. However, this would not allow the user to open and read any of the other files within that folder.

Read and execute – Read and execute allows the user to see the listing of files and subfolders, as well as the ability to execute these files and subfolders, only if these are located within the folder.

Modify – This allows the user to read and write other files and subfolders, and also grants the users the ability to delete the folder(s) with this permission on.

Full control – This permission allows the user to do anything they want with the folder; this gives them full control over it. The user can read, write, change and delete files and subfolders within the folder.

 

9
0

Protected: Training and Awareness of users

This content is password protected. To view it please enter your password below:

0
0

Protected: Awareness of Threats

This content is password protected. To view it please enter your password below:

0
0

Protected: Training and Awareness of users

This content is password protected. To view it please enter your password below:

0
0

Protected: Tom Botsford – Training and Awareness of Users

This content is password protected. To view it please enter your password below:

666
777

ass 2 task 1

Phishing – these emails usually impersonate the company that they want your password for to log into your account most of the time is used for banks in which they will use social engineering to convince you that you have had something such as a security breach and send you to a mirror site that mimics your bank for instant and if you inputted your username and password they would gain access to your account, employees will need to be trained in how to avoid these phishing attempts some clear signs that can warn you is such things as if the url they are trying to get you to log into is not secure or is spelt differently from the proper website it would be best to check the original website and compare

Fake help desks – this is usually a cold call from a call center that will impersonate companies such as microsoft and attempt to infect your computer with more malicious malware and gain information about the user through social engineering and trying to make the user trust them as a legitimate call center, one way to protect from this would be to teach people the certified numbers that is related to microsoft so that when they get called by a number that is not trusted they will not follow along with it

tampering – train employees to notice the difference in their hardware to detect tampering before it become a security threat

free wireless – Dont connect to free wireless unless it is from trusted sources such as O2 WiFi so that malware cannot be infected through untrusted connections

web awareness – dont view websites that are untrusted and be able to recognise all of the signs that would indicate malware/adware and never download what a website promts you to

0
0

Auditing assignment 2

Auditing is the monitoring of computer processes and everything involved in it. Auditing programs will track information with what will happen with this information you can track what security issues you could be running into, if you configure your audit correctly you can configure it to scan for very exact things that can harm your computer such as things like rootkits and searching for suspicious file directories, you can get audits to track network security the audit will track what security issues are present on the network such as vulnerabilities and exploits in the server

You can also set up audits to scan your ports and the traffic using it and will allow you to track what is happening to certain ports which will allow you to track a breach in your system to its source and allow you to shut it off completely

Moreover Audits can be used for malicious use too:

You can get audits such as Jack the Ripper and ICRACK which can be on a system that you place it on which will track passwords and even start a brute force attack on the users password to try and gain access.

Using all these audits can allow you to identify certain things such as checking the ports and their traffic if you can see that one of your ports is having traffic that it shouldn’t be having you can track where this traffic is coming from and investigate everything that was sent across that port which can allow you to detect malicious attacks on your computer or network

Audits can also be configured to only be displayed to certain people for instance with the college network you are not allowed to view the system security of the machine you are using, this would be because the admin does not want you to see what they are running to monitor you as it could be taken down or removed from the computer by the user or exploited to benefit the user and disable the admin from using the monitoring software

This could be done because they may monitor individuals that they may believe they have more reason to monitor you for certain things they would want to catch you out on and have denied your access so that you cannot see exactly what they are tracking you on

 

Phishing – these emails usually impersonate the company that they want your password for to log into your account most of the time is used for banks in which they will use social engineering to convince you that you have had something such as a security breach and send you to a mirror site that mimics your bank for instant and if you inputted your username and password they would gain access to your account, employees will need to be trained in how to avoid these phishing attempts some clear signs that can warn you is such things as if the url they are trying to get you to log into is not secure or is spelt differently from the proper website it would be best to check the original website and compare

Fake help desks – this is usually a cold call from a call center that will impersonate companies such as microsoft and attempt to infect your computer with more malicious malware and gain information about the user through social engineering and trying to make the user trust them as a legitimate call center, one way to protect from this would be to teach people the certified numbers that is related to microsoft so that when they get called by a number that is not trusted they will not follow along with it

tampering – train employees to notice the difference in their hardware to detect tampering before it become a security threat

free wireless – Dont connect to free wireless unless it is from trusted sources such as O2 WiFi so that malware cannot be infected through untrusted connections

web awareness – dont view websites that are untrusted and be able to recognise all of the signs that would indicate malware/adware and never download what a website promts you to

Biometrics and wearable ID’s

Biometrics is authenticating yourself on a network using the wearables or physical things to allow access into the facilities you need this comes in many forms such as:

ID Card – this can be scanned using scanners throughout the building that would allow you access to certain areas and or systems this however is prone to loss and or theft which could give authorised access to someone who is unathourised

Face recognition – This can compare a face of an authorised person via a camera and a picture or information stored on the server database which when compared if it is a match it will allow access this is much more secure as it cannot be lost/frauded and gotten past. It is usually used in places that require much higher level of security

finger printing – this is using a persons fingerprints to gain access to a system by comparing the person trying to access the system’s fingerprint to authorised ones within a database

Voice analysis –

Cryptography and hash

the hash is created to convert a set of information so that the hash can hide the information when it is being sent accross across a connection so that no one can interfere or change the data as its going to the server the hash is insanely difficult servers can also have the hash in their database so when the password is entered it will be converted to its hash and the server will compare the two hashes to see if the password is correct. This is to ensure that the physical password is not stored in the server’s database this is good security as if the server was breached and it wasnt in a hash they would get access to thousands of raw passwords.

 

 

1
5

Auditing for Dummies ツ

auditing-for-dummies

Within the context of computer networking, auditing is the process of analysing a network for its usage and security. There are several third-party auditing applications available, but Microsoft Windows comes built in with tools for auditing. Audits can also be done manually without software, but in this blog post I will be looking at the effectivness and use of automated audits.

Auditing tools carry out automated scans (audits) that determine the security and functionality of a network. On top of this, audits also review the performance/optimisation of a network. Once an audit is complete, a report, summarising any findings, is sent to network adminstrators for action to be taken.

While scanning, auditing tools view all network nodes and scan all files and services and look out for possible threats. These can be identified if certain patterns a found, or if unauthorised items or known threats are detected.

Auditing thingy.

The data retrieved from the network by the audit can be used to find out many things:

  • What logins are regularly targeted
  • What is being used/accessed by certain users
  • The time of occurences
  • Possible malicious files
  • Network Intrusion
  • and more…

stock-image-of-hacker

5
1