What are you doing to protect yourself?
Below you’ll find some recommended practices and habits for practicing better cyber security. Also there is a checklist to help make sure that your home and business networks are protected.
Below you’ll find some recommended practices and habits for practicing better cyber security. Also there is a checklist to help make sure that your home and business networks are protected.
The goal of the 440 project The goal of the 440 project is to inspire the next generation cyber security experts, IT professionals and web designers. The project is geared towards entry level individuals as to not intimidate individuals from learning a new skill.
What is project 440?
The 440 project is another example of life cycled equipment being repurposed to create a cost-effective entry-level Linux learning environment for individuals interested in learning about Cyber Security, computer hardware or just learning how to better protect yourself from cyber criminals. The 440 is an HP Z440 desktop pc repurposed as a self-contained range. It is a multipurpose unit designed to allow an individual to choose the type of project they would like to pursue. I chose Linux Mint for the base operating system for the purpose of an easy format to introduce Linux to individuals who have never had an opportunity to work with Linux. What makes this project special is VirtualBox, a hypervisor which makes it possible to load and use multiple pc’s without having to spend an outrageous amount of money and space to have a physical version of each pc. At the time of composing this article the 440 machine has Twelve VMs loaded.
See attached document for more information
Tools of Kali Linux Do you want to learn more about cybersecurity tools? Have you ever opened Kali Linux and not know where to begin? Here we have created a small list of tools that are part Kali Linux. Some of our career field experts have given us their short list of tools that they would recommend for individual interested in learning more about cybersecurity. Looking at the menus in Kali Linux can be overwhelming. Hopefully this short list can help you navigate the introduction to Kali Linux Operating System (OS). You don’t need to have Kali Linux to try any of these tools, but it does make it much easier. John the Ripper John the Ripper is the name of the password cracker tool that is developed by Openwall. As the name, it is used to crack password hashes by using its most popular inbuilt program, rules and codes that are also an individual password cracker itself in a single package. It automatically detects types of password hashes; you can also customize this tool according to your wish. It can be used to crack password-protected compressed files like Zip, Rar, Doc, pdf etc. Nmap Nmap is short for Network Mapper. It is an open-source Linux command-line tool that is used to scan IP addresses and ports in a network and to detect installed applications. Nmap allows network admins to find which devices are running on their network, discover open ports and services, and detect vulnerabilities. Gordon Lyon (pseudonym Fyodor) wrote Nmap as a tool to help map an entire network easily and to find its open ports and services. Nmap Scripting Engine (NSE) The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and flexible features. It allows users to write (and share) simple scripts (using the Lua programming language) to automate a wide variety of networking tasks. Those scripts are executed in parallel with the speed and efficiency you expect from Nmap. Users can rely on the growing and diverse set of scripts distributed with Nmap, or write their own to meet custom needs. Wireshark Wireshark is the world’s foremost and widely-used network protocol analyzer. It lets you see what’s happening on your network at a microscopic level and is the de facto (and often de jure) standard across many commercial and non-profit enterprises, government agencies, and educational institutions. Wireshark development thrives thanks to the volunteer contributions of networking experts around the globe and is the continuation of a project started by Gerald Combs in 1998. Metasploit Metasploit is one of the best penetration testing frameworks that help a business find out and shore up vulnerabilities in their systems before exploitation by hackers. To put it simply, Metasploit allows hacking with permission. Metasploit was conceived and developed by H D Moore in October 2003 as a Perl-based portable network tool for the creation and development of exploits. By 2007, the framework was entirely rewritten in Ruby. In 2009, Rapid7 acquired the Metasploit project, and the framework gained popularity as an emerging information security tool to test the vulnerability of computer systems. Metasploit 4.0 was released in August 2011 and includes tools that discover software vulnerabilities besides exploits for known bugs. Armitage Armitage is a fantastic Java-based GUI front-end for the Metasploit Framework developed by Raphael Mudge. Its goal is to help security professionals better understand hacking and help them realize the power and potential of Metasploit. OpenVAS – Open Vulnerability Assessment Scanner OpenVAS is a full-featured vulnerability scanner. Its capabilities include unauthenticated and authenticated testing, various high-level and low-level internet and industrial protocols, performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test. The scanner obtains the tests for detecting vulnerabilities from a feed that has a long history and daily updates. OpenVAS has been developed and driven forward by the company Greenbone Networks since 2006. As part of the commercial vulnerability management product family Greenbone Enterprise Appliance, the scanner forms the Greenbone Vulnerability Management together with other Open-Source modules. MASSCAN MASSCAN is aTCP port scanner which transmits SYN packets asynchronously and produces results similar to nmap, the most famous port scanner. Internally, it operates more like scanrand, unicornscan, and ZMap, using asynchronous transmission. It’s a flexible utility that allows arbitrary address and port ranges. Harvester Harvester is a modern Hyperconverged infrastructure (HCI) solution built for bare metal servers using enterprise-grade open-source technologies including Kubernetes, Kubevirt and Longhorn. Designed for users looking for a cloud-native HCI solution, Harvester is a flexible and affordable offering capable of putting VM workloads on the edge, close to your IoT, and integrated into your cloud infrastructure.
Do you work from home? Do you have a small business that relies on using the internet? Do you have employees that work from home?
The subject has come up recently on working from home and using your home network for work purposes.
Some Security experts have asked the question how do we keep employees who work home more secure?
The easiest answer is to educate employees on home security and the importance of maintaining good home security, performing good cyber hygiene. Easier said than done. How do you keep them interested enough to learn and continue to practice good habits? Make it interesting, change it up.
Another tool that can be used to introduce employees to the risk of not maintaining a good security practice is to introduce them to a program called Bwapp. Bwapp is a program designed to educate people on what the cyber criminals can do by teaching them what they actually do. Bwapp doesn’t care what your knowledge level is in cyber security. The program is designed to start at entry level and slowly progresses in difficulty. Bwapp starts at the basics, walking an individual through the program step by step.
WICTRA can help with this. What do we do? We help to provide education on cyber security. We have assembled various sizes of mobile ranges to provide training to groups of 2 people up to potentially 50 people at one given time. Bwapp is just one training aid that we offer. We have over fifty different challenges for people to try in our mobile range setup.
Once again, this only part of the solution. Another element that can be added in assisting people who work from home with their internet security is to provide them with an easy to follow checklist that gets them looking at all of the items within their home that connect to the internet, to see how secure they really are. Keep it simple, this is the easiest way to keep them interested and using it. If they don’t understand the terminology, how can they implement it? Speak with them, not at them.
Keep your employees engaged in what’s really happening in the world. There’s an overwhelming amount of news out there pertaining to cyber security, but which items would be helpful and important to the individual who works from home?
Below is a link to a checklist we’ve created. Feel free to download this and use it to start looking into the level of security within your home. This is a good tool start getting into a routine of monitoring your devices used in your home or small business.
Do you own a single computer or a number computers and home automation devices? There are many levels to Cyber Security, but do you know how your Cyber Security stacks up? There are a number things you can do to protect yourself from Cyber theft and Cyber criminals. The Basics. Make sure that everything that you connect to the internet has been updated. From your Desktop / Laptop to your phone just about every device has an operating system that requires some form of updating. If you don’t update these, you’re basically inviting the criminal into your house.
The Basics. Make sure that everything that you connect to the internet has been updated. From your Desktop / Laptop to your phone just about every device has an operating system that requires some form of updating. If you don’t update these, you’re basically inviting the criminal into your house.
During the next couple of weeks, we’ll cover topics related to you and your level of Cyber Security.
If you have questions or a topic that you would like addressed feel free to send us an email and we’ll try to answer your question. If we can’t, we’ll try and direct you to a source that can better answer your question.