Solved

All about it

Posted on 2006-10-22
7
188 Views
Last Modified: 2010-04-11

Dear experts,

I'm entering soon into a master of computer security. But I'd like to train myself for a while. So, I'd would like you fellows to help me in giving me websites or tips about computer security and tips also. For instance, I'm in a library and there are some thigns I find interesting: no right click is allowed, when you type something in Google search bar and then you go and type the same thing, you have to type it again, it ius not stored in the search bar, you can't create new windows from the File menu. So I'd like to know how these things are done and how it works. Please help.

Peace,

Freebuddy.
0
Comment
Question by:freebuddy
7 Comments
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 50 total points
ID: 17786101
The samples you have provide deal with HTML control statments and browser configuration, which is a very small part of computer secuity.

Computer security is a very, very big and broad area.   Are you only interested in HTML and browser?


--> when you type something in Google search bar and then you go and type the same thing

Which browser are you using?  This is controled by the browser settings that deal with remembering (or not) data entered into forms.

--> no right click is allowed

Deals with HTML code that disables right click.

0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 175 total points
ID: 17786165
There are plenty of "tricks" that can be used like this, and its not really security, it's obscurity. Please see this recent post: http://www.experts-exchange.com/Security/Q_22031526.html#17782612
The other settings, such as remembering form data, or search data is set in the browser, but there are "no cache" html tags, however they are deprecated.
http://www.i18nguy.com/markup/metatags.html
Computer Security runs the whole gamut, physical access, exploits, flaws, patches, detection, recovery, policies, prevention, coordinating, and planning. I'm sure I missed something. Security is a Process, not a Program or even a set of programs.

Here is my suggested reading: (in order of importance)
Anything by Bruce Schneier: http://schneier.com/books.html as well as his blog http://schneier.com/blog/
Hacking Exposed (hacking exposed win2k, 2003, linux etc), the entire series is great: http://www.winhackingexposed.com/products.html
These and more are suggested reading form ISC2 (ics squared) https://www.isc2.org/cgi-bin/content.cgi?category=698 the CISSP folks.

-rich
0
 
LVL 8

Expert Comment

by:mugman21
ID: 17787479
Simple, learn to program. C and assembler are what you need to study along with TCP/IP. Once you master those, then get back on the security band wagon.

Your examples can all be  defeated easily.

You also need to learn there is no such thing as a secure computer or network. Some just take more time than others to get into...

m.

0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 175 total points
ID: 17787946
Security involves trade offs and compromises. http://www.schneier.com/essay-062.html
 http://www.schneier.com/crypto-gram-0608.html#7
Security is a broad term, as is computer security, and the field of computer security or being a security consultant. I've not had to look at much source code in my few years of being a security consultant, I've not really compiled much C code or other. I've reviewed plenty of Html/php/perl code for security improvements. I've not been asked to review C code, and actually I'd have no idea what I be looking for. My consulting, and I can't speak for others, but my experience has been in securing environments and networks. There is one fundamental that seems to escape just about all business and network/IT administrators, the principal of least privilege, namely not running as an administrator for day-to-day tasks. http://richrumble.blogspot.com/2006/08/anti-admin-vs-anti-virus.html
-rich
0
 
LVL 8

Assisted Solution

by:jako
jako earned 25 total points
ID: 17789272
now this question is a true ramble puller but I try to resist it :)
instead, I give you a link: http://www.amazon.com/s/ref=nb_ss_b/104-1457775-8530366?url=search-alias%3Dstripbooks&field-keywords=computer+security -- let's see.. uhm.. 11084 results. yes, that should almost cover it ;}
0
 
LVL 24

Expert Comment

by:SunBow
ID: 17789315
> interesting: no right click is allowed

IMO that is a stretch, where it is one thing to implement security in HW, and in OS SW, and quite another thing to run interference upon users just because you can. That tends to be counterproductive in any environment.

Policy should begin with maintaining a system with upgrades that is selective to operate only what is permitted. Thus one begins with routers and firewalls, moves on to proxies and DMZs.

Run a google on those terms and you should be well occupied for a time at any terminal, especially one in a library.

Do not disable google or browsing (except from servers). Ensure there are backup admins, and that backups are run that actually permit restores.

Develop and test the Disaster Plan, contingencies for outages.
0
 
LVL 24

Expert Comment

by:SunBow
ID: 17789339
Although once your system is down, it is even more secure.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now