https://support.rackspace.com/how-to/windows-server-security-best-practices/
Monthly Archives: June 2016
Desktop Security Best Practices
An excellent desktop security best practices document from CCNY at CUNY: https://www.ccny.cuny.edu/sites/default/files/it/upload/Desktop-Security-Best-Practices.pdf
What are some tips for getting started in InfoSec?
Naturally curious people will have a great time learning about Information Security, as this vast field requires a breadth of knowledge on several subjects in many areas; e.g., physical, software, hardware, network… Self-teaching is extremely important, so get ready to do a lot of research and try things out for yourself. #1 – Universal Security […]
What is Kali Linux?
Kali Linux contains a large amount of penetration testing tools from various different niches of the security and forensics fields. Click here for a listing of Kali Tools.
What is Burp Suite?
Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application’s attack surface, through to finding and exploiting security vulnerabilities. Burp Suite has a large array of features, including but not limited to: […]
What is CSRF or XSRF?
Cross-Site Request Forgery, usually abbreviated CSRF or XSRF, and sometimes pronounced like “sea surf”, is an exploit which takes advantage of the trusted relationship between a user’s browser and a web application. Essentially, given certain conditions, an attacker is able to trick a user into unknowingly performing a sensitive action (such as transferring money from […]
What is PCI?
Compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) helps to alleviate vulnerabilities and protect cardholder data. The PCI DSS applies to all entities that store, process, and/or transmit cardholder data. It covers technical and operational system components included in or connected to cardholder data. If you are a merchant who accepts or […]
A Nessus Example
This is part of a presentation I gave on running NESSUS: In your browser, go to: https://127.0.0.1:8834 Enter the user name and password that you registered with on Tenable. Click log in. You will see the Nessus console page come up. Set up a new Policy for as an example, Windows Vulnerabilities. Click on Policies, […]
Virtual Machines
VirtualBox emulates hard disks in one of three disk image formats: VDI: This format is the native file format for VirtualBox, VirtualBox Disk Image VMDK: This open format is used by VMWare products such as VMWare Workstation and VMWare Player. It stores data in one or more files bearing “.vmdk” filename extensions. A single virtual […]
HTTP Headers
Know your HTTP Headers: HTTP Headers, [pdf] Know your HTTP Methods: HTTP Methods, [pdf]