Cyber Security





The cyber security specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. cyber security focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against the harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

Share tech news, updates, or what's on your mind.

Sign up to Post

I'd like to obtain the ISO 27001 certification.  From my understanding this is an intermediate level security/audit certification.  Where exactly does one start?  For example training resources; who offers or sponsors this certification; it's costs, etc.  Any input towards this is greatly appreciated.  Thank you!
Rowby Goren Makes an Impact on Screen and Online
LVL 19
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

Dear all,

My laptop (Microsoft Windows 10,  Enterprise 2016 LTSB, Build 14393). It's a Dell Latitude and a bit old but was working OK. Lately, it has been slow and displays erratic behaviors (strange processes, pop ups, power Shell down based on Event viewer, will come back to this in a second). Besides the Falcon Sensor Free trial and a paid version of Symantec End point protection, I've run different scans such as ESET  Online Scan, Restoro, I have done that for days with no luck so I think it could be a bad Windows 10 version.

Today when I checked the USERS folder in C, there was a new user! and there were traces of strange events on the event  viewer including the log on of this user (DAU1-2106).

On the other hand, I was installing Visual studio yesterday when the "log on" happened, can Visual Studio create a new user during installation?

I also tried identifying the username of the SID by using the wmic command in cmd and it was not found to be in the domain.

Please let me know if it's safe to attach the files on here as they can contain sensitive information of my network and user names, etc.

Thank you very much and I will check back in a few minutes.

Kind Regards,
Our Enterprise Risk Mgmt wants to establish Cyber security KRI (Key Risk Indicators):
I think this is something that must be manageable (ie can be remediated) & measurable
so I suggested :
a) # of virus/malware outbreaks
b) Sev 1 & Sev 2 incidents for the month
c) patching metrics (how many servers & PCs & other devices : % patched)
d) any other ?

What about phishing?  I think this is something we can't control as the spammers
or phishers' activities can fluctuate wildly.   It's left to the email security tools &
user awareness.  Besides, I felt that each time a phishing test is conducted, the
results tend to vary widely.   In fact in 2017,  local monetary association organized
a sector-wide phishing test for 11 banks: you'll find the click rate can be from
3 to 27% :  so I beg to differ with the industry click-rate that Proofpoint provided
(I'll extract that article later)  which shows Transport sector's click-rate as 3-4%
lower than Defense/Government.  The figures can't represent anything as it
depends on how good is the phishing campaign.  Anyone care to comment?
Hi All,

In Mcafee EPO how can we identify the hash value of files and how to search and verify the malicious files with their hash values ?

Please advise

Best Regards,
Is blocking of Date of Birth, person's home addr & mobile telephone numbers a practice out there?
I think it's not feasible for Date of Birth  &  home address as they can come in countless formats:
1. dd/mm/yyyy
2. dd MMM YYYY
3. mm/dd/yyyy  : US format
4. yyyy-mm-dd
5. dd-MMM-YYYY

For mobile telephone numbers reckon, it's not something sensitive or is it??

Does O365 DLP function has capability to block Date of Birth??

Currently we use O365 to block NRIC  (sort of unique identification #) but
passport#  is something that varies for different countries & changes each
time the passport is renewed
We get an audit finding from one of the Big Four audit firms as follows:
"A study should be conducted to determine the granularity of the segmentation of end-users. Minimally,
  IT administrators should be in a separate network segment from the rest of the end-users."
"Inadequate network segmentation increases the ease and risk of lateral movement by cyber-
  attacks, if a server or device in the segment is compromised."

As sysadmins have "privileged" access to servers & compromise of their PCs will risk compromising
the servers in a 'privileged' way, we'll adopt the recommendation.

I'll need some good points/arguments to support our stand of not further segmenting each
departments from each other:

a) the main exposures are from "Internet surfing" & emails access (lots of malicious attachments,
    phishing, spam emails seen in email gateways) besides USB ports

b) all other users belong to same trust domain as they read emails & surf internet (yes, the
     sysadmins are encouraged to surf internet on PCs not used to surf Net & read emails)

c) for workstations used for Industrial Control Systems/Operations Tech, they don't have email
    access & Internet surfing &  have been rightfully segregated as per existing set-up

d) To prevent lateral attacks, EDR, AV & email security (forwarding of malicious emails to
     other colleagues) are in place with SIEM for detecting such events in the pipeline

e) if we were to segregate every departments (eg:…
How can I lower the Java Security Rules for internal networks only?

Currently our users are needing to manually enter an internal web address in their Java Exception list.  I have been charged with trying to make the process more automatic for our users.  Specifically to allow all URL's for internal web addresses to allow the Java Applet.

I did find a way to create an Exception list for the computer:

but, this option takes away the user's ability to have their own list or to add the web sites that they want and the list will be managed by the local administrator.  Equally important, if I used the above mentioned web page documentation then it will overwrite any Java exception list that the user already created.  We do not want to go that route.

Is there a way to allow internal web addresses to have a lower Java Security level then external web addresses?  TO actually allow Java to be run on those internal web url's.
Is there a technology related with Cybersecurity called Lawful Interception Solutions . If yes, what does this do ? Is it cloud based or on-prem. ? Which vendors has it etc .

Looking for basics to understand the concept and any links for me to move further .

Dear Ladies and Gentlemen

we need to find whether D-Link DWM-222 Dongles have any security vulnerability (with latest firmware update).
Do you know any? If not where should I start?

I'm trying to configure a rule in Cisco CES cloud platform the stops people masquerading as the CEO
for attempted Phishing. So on our previous FW we had if the mail has the sender as 'our ceo' but does not come from
our Domain, then drop. I can see where to configure this in the CES.
PMI ACP® Project Management
LVL 19
PMI ACP® Project Management

Prepare for the PMI Agile Certified Practitioner (PMI-ACP)® exam, which formally recognizes your knowledge of agile principles and your skill with agile techniques.

I have a question about ransomware.  If my computers C drive is already encrypted, is it still possible for ransomware to hold my computer hostage by encrypting files?  if we have office 365 and all the files are also backed up to the cloud through OneDrive, doesn’t that also create a level of protection?

My site has not stopped planting for a while.
I was advised to check my logs and I see that there is this IP 150.918 times in my logs from 00:00:07am to 12:36:01am

what do you advise me to do?

I added this Deny from to my .htaccess but ip continues to show...

Thank you for your advice,
We are looking for a way to make documents (preferably PDF files) self-destruct after a set period of time.  We strongly prefer a strictly client-side solution with no central management server.  Is there an easy solution?
I can't get my forwarders to send data to my indexers for some reason! I've checked my inputs.conf on both universal forwarders and then ran a "list forward-server on each" and they both are reporting back the following:

Active forwards:  None
Configured but inactive forwards:  None

I've triple checked my monitor stanzas and they are good to go.  Permissions on the inputs.conf are wide-open on both UF's and the Search Head (which I am currently using as my deployment server).  Any help would be greatly appreciated!
Does FedRamp actually offer a Certification/Accreditation for their training course?   Is there an actual exam that you have to take at the end?
please guide me what are the things i should consider for a sandboxing solution. can sandboxes be integrated with any email/ web gateway solution ?
I want to ensure the integrity of the value that is set in a session will remain valid throughout the user's interaction with the site.

Can a session value be changed from the client-side?
I want to create a lab environment for testing threat traffic logs so that we can identify threat patterns and anomalies within those logs.  Once we have identified "a threat" or signature of one, we can then use that information to write up a case scenario.  What would be the best way to set this up?  This test environment would need to virtualized and segmented.  What would be the best way to receive these traffic logs? From the outside while keeping them maintained in a controlled environment?
Is there a way to emulate threat traffic in a controlled environment?  We would then use this information for common use cases.  I was thinking anything along the lines that could include log files that could give an indication of different attack signatures.  This method is obviously safer than injecting a virus on a test box and then introducing it to a customers network.  Any suggestions are GREATLY APPRECIATED!
Become a Microsoft Certified Solutions Expert
LVL 19
Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Is it risky to use a 3rd-party VPN service such as NordVPN for a business?  The goal is to make it harder for attackers to break in to the office through the Internet.  The goal is not to allow people to connect to the office remotely.  The line of thought is that forcing all office Internet traffic through a VPN would make it harder for an attacker to target the office because the VPN would make the office Internet connection anonymous.

Would using a VPN in this way negate the protections provided by a NAT router?  What about if the router itself is configured to make the VPN connection for the whole office instead of having each individual client computer connect?  Which is the best way to do it?
Hi Experts,

This is only my second post, and I have a curly question.

Regarding my website's security:
The website/portal is created using PHP 7.2.x with MySQL 5.x database
While I have allowed only authorised users to access a portal to upload images (to a specific directory), how do I stop user/s from uploading to directories outside the specified directory?

My site is currently under review by a cybersecurity team for vulnerabilities, and I've noticed they have uploaded an image file to my server root folder, and then also uploaded the same image and changed the extension to .php... *gasp*!!  

So, before they provide me with the full list of vulnerabilities, I'd like to get a head start on this particular security issue (as it's clearly a major issue).

The site is hosted with a professional web hosting company, so I seriously would "assume" (though that is dangerous in these times with so many cybercriminals about) there is sufficient server controls in place to stop unauthorised access (other than with FTP) to directories.

Hopefully I can learn more on this asap to mitigate any issues that have potential to cause me unnecessary late night.

MB :)
I'm making comparison for IPS brands that give the most virtual patches
for various CVEs for MS (Windows, Outlook, .Net,  MS SQL, IIS & MSOffice) ,
Oracle (Weblogic, Database, Java, Solaris), Linux (various Linux esp RHEL,
Ubuntu, Debian, CentOS used in microservices) & a couple Opensource
softwares (eg: PHP, Apache, Struts, Wordpress).

Reason is it's difficult to get downtime & lead time to patch can often
stretch to almost a year.   Currently, Trendmicro claims its Deep Security
is endorsed by MS as giving the most virtual patches for MS products.

What about TippingPoint NIDS (acquired by Trendmicro) in terms of
its number of virtual patches for various products above?

What about other products (esp coverage for Oracle & Linux-related ones)?
McAfee, Checkpoint, Sophos, ... ?

Also, continued availability of obsolete versions of softwares are crucial
for us as we have a long lead time to tech refresh obsolete (ie principals/
developers don't release patches for it anymore) softwares.

There's an argument that ultimately product patch still need to be applied?
What could be the possible reasons for these?   Heard that for NIDS, if
PCs got infected/compromised, the attacker could bypass NIDS & WAF to
attack the unpatched endpoint servers.  Guess an IPS with agent inside
the endpoint will mitigate, right?
We have 40 computers that are Win 7.  The end-of-life is in January 2020.  All security updates will stop.   How critical of a concern is this for our companies security?

We are non-profit so this will be a huge expense if I have to replace them.
just had two sites fail pci compliance tests with certificate errors on sonicwall tz180.  trustwave does the scans and this is what they said: The server should be configured to disable the use of the deprecated SSLv2, SSLv3, and TLSv1.0 protocols. The server should instead use stronger protocols such as TLSv1.1 and/or TLSv1.2. For services that already support TLSv1.1 or TLSv1.2, simply disabling the use of the SSLv2, SSLv3, and TLSv1.0 protocols on this service is sufficient.
i have no idea how to do what they said.  any help is really appreciated.  thanks
hi guys

I'm thinking of ways in which we could educate our staff when it comes to the actual threats of security through emails like phishing.

However, if I wanted to send out reminders frequently like every fortnight, then I'm wondering what sort of content could be covered in order to not become monotonous?

Have you seen this done at firms you've worked at? If so, are there any tips?

Thanks for helping

Cyber Security





The cyber security specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. cyber security focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against the harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.