News & Tools
- The Final Exam will be on Thursday: December 20, 2018, at 8PM
- Cybrary – Free IT & Security Training
- The Privacy Paradox Challenge: A week of challenges with thousands of other “Note to Self” podcast listeners Feb 6-10.
- Government Secrets Worth Leaking… or Keeping? Note to Self (Vault-7 & Stingray)
- Surveillance Self-Defense is Electronic Frontier Foundation (EFF)’s guide to defending yourself and your friends from surveillance by using secure technology and developing careful practices.
- security.txt: “When security risks in web services are discovered by independent security researchers who understand the severity of the risk, they often lack the channels to properly disclose them. As a result, security issues may be left unreported. Security.txt defines a standard to help organizations define the process for security researchers to securely disclose security vulnerabilities.”
- Microsoft Windows and Office ISO Download Tool: This tool allows an easy way to download genuine Windows 7, and Windows 10 disk images (ISO) directly from Microsoft’s servers, as well as Microsoft Office for Windows and Mac.
- InSpectre: Easily examine and understand any Windows system’s hardware and software capability to prevent Meltdown and Spectre attacks.
- The Class Web page is located at ConsciousVibes.com (No www. prefix!)
- All assignments, reading and written, will be posted only on the class Web page
- Assignments will not be posted on Blackboard.
- Make sure that you can log into Blackboard and access our class section as soon as possible.
- Exams and quizzes will be administered via Blackboard
- Free ESL, GED, Job prep classes are available from the Office of Adult & Continuing Education
- Why You Should Not Run as an Administrator or Root User
- How to Change Your Admin Account to a Standard User
- Create a new local account that’s an administrator, with a strong password.Log in under the new local administrator account to verify that it’s working properlyChange the account type of your original account to a Standard userLog in under your original account, that is now a Standad user.
- The times that you need elevated rights, UAC will prompt you for your administrator account.
- How and Why AutoPlay / AutoRun in Windows Should be Disababled
- 94% of Critical Microsoft Vulnerabilities can be easily Mitigated (Computerworld | Feb 25, 2017)
- Avecto Microsoft Vulnerabilities Report
- The report makes the compelling case for least privilege, finding that of the 235 Critical vulnerabilities reported in 2017, 80% would be mitigated by removing local admin rights from users.
- Avecto Microsoft Vulnerabilities Report
Malware (short for malicious software. e.g. Virus, Trojan Horse, Worm, Adware, etc.)
- The key to solving the malware problem is avoidance, not detection and removal.
- Rootkit : You can never be sure you’ve removed all traces of a rootkit. The only way to be certain that your system is clean of malware is to:
- Backup only your data. (Do not backup any .exe’s, .com’s as they may have been compromised.)
- Erase/format the hard drive
- Do a clean install of the operating system from known safe media. (Do not use the recovery partition, as it may have been compromised too.)
- Live AntiVirus and Recovery Discs
- KNOPPIX Live Disc
- Download via the “Get Knoppix” menu
- This thumbdrive hacks computers. “BadUSB” exploit makes devices turn “evil”
- BadUSB Exposure
- USB Rubber Ducky is a keystroke injection tool disguised as a generic flash drive. Computers recognize it as a regular keyboard and accept pre-programmed keystroke payloads at over 1000 words per minute.
- USBGuard software framework helps to protect your computer against rogue USB devices (a.k.a. BadUSB) by implementing basic whitelisting and blacklisting capabilities based on device attributes.
- Blocks data transfer – your device will not go into ‘data transfer’ mode if connected to a computer, so you can use a computer just like a mains charger. This also prevents data hacking and any risk of viruses being loaded onto your device when charging from an unknown/public USB socket.
- Puts your device into fast charge mode – allows you to charge at high speed (up to 2.4A) from a computer USB socket or other USB charger even if it was not originally designed for your device. Most Android and Apple products will charge at double the speed of normal computer USB charging.
- Available from Amazon.com
Memorize these Bit Patterns of Often Used Subnet Mask Values
- LastPass is a password manager. It helps you be more secure by making it easy to use a different password for every Web site.
- User data is encrypted and decrypted locally at the device level.
- Data stored in the vault is kept secret, even from LastPass.
- The user’s master password, and the keys used to locally encrypt and decrypt user data, are never sent to LastPass’ servers, and are never accessible by LastPass.
- Video: Why use LastPass?
- LastPass Configuration
- On the Login screen: Uncheck “Remember Email“
- On the Login screen: Uncheck “Show My LastPass Vault After Login“
- Under: Preferences > General: enable “Automatically Logoff when all browsers are closed for (mins)” and set the value to 1 min
- Make sure to:
- Export your encrypted data: Tools > Export To > LastPass Encrypted File
- Download and keep a copy of the LastPass executable. This will allow you access your exported data, if LastPass.com is not available or you don’t have Internet access.
- SecurityNow! Episode #256: In-depth review and evaluation of LastPass (00:52:28 – 01:53:00). [Show Notes]
- Review: LastPass password manager (thetechherald.com)
- LastPass Review & Rating (PCMag.com)
- Wikipedia Article on LastPass
- Password Haystacks by Steve Gibson
- Am I An Idiot for Still Using a Password Manager?
- Five Best Password Managers
- Busting Password Myths, Paul Ducklin and Chester Wisniewski take a look at the thorny issue of password rules and regulations.
- How to choose a strong password – simple tips for better security
- Random Word Generator
- Using passphrases of 3 or more random words have proven to be more secure than random characters, as long as they’re long enough.
Backing Up: 3-2-1 Rule
- 3: Have three copies of your files. The original, plus 2 copies
- 2: On different storage mediums. e.g. separate hard drives, optical (CD/DVD), tape
- 1: Have a current backup that is offsite and/or a secure online service:
Optical Media for Long Term Archives
- Regular writable optical media, CDs & DVDs, etc., are not reliable for long term storage. The die used with optical media degrade with exposure to light, temperature extremes, etc. Because of this, the data on the media will start to degrade within 1 to 5 years.
- M-DISC (Millennial Disc) is a write once optical disc technology available in DVD and Blu-ray forms.
- Millenniata claims that properly stored M-DISC DVD recordings will last 1,000 years, and are readable in conventional optical drives.
- Drives with M-DISC support and M-DISC Media
Live AntiVirus and Recovery Discs
- Troubleshoot/Test hardware or recover data
- Ubuntu, KNOPPIX, Kali Linux, Lubuntu (for older, slower, or low resource PC’s)
Troubleshooting Client Network Connectivity
- Reasons why a client workstation did not get an IP address from the DHCP server within the correct IP address scope of your network, while other client workstations do.
Read / Watch
CST3607 Class Outline / Syllabus
- Chapter 1: Internetworking
OSI Reference Model
- Study the: OSI Model Quick Reference (pdf)
- TCP/IP and the OSI Model Explained by Blanchae
- The OSI Model Demystified by Eli the Computer Guy
- Understanding the OSI Reference Model: Cisco Router Training 101 by SoundTraining.net
CCNA Routing and Switching Study Guide 2nd Edition
- Take the “Assessment Test” on p. lvii
About the Review Questions
- Do not submit your answers to the Review Questions.
- The answers for the Review Questions are in Appendix B of the textbook.
- It is your responsibility to continually evaluate your knowledge and understanding of each chapter by completing the written labs, review questions, and hands-on labs, and then going back to study those areas you’re not confident with.
- We will go over some the Review Question during the next class.
- Make sure you ask questions about the areas you’re having difficulty with during class.
Read / Do
- Take the “Assessment Test” on p. lvii
- Read Chapter 1:Internetworking
- Do the Written Labs
- Answer the Review Questions
Send an e-mail to me
- Send me an e-mail, from the e-mail address you check regularly, that I will use to communicate with you for the rest of this semester.
- E-mail Subject: CST3607 Contact Info
- In the Body of the e-mail: Include your first and last names and your mobile phone number.
- Note: I will not share your phone number or e-mail address with anyone.