Professional blog

SANS Reading Room Objectives: Because of the complexity of information security, it is important for IT security workers to be skilled at researching a variety of topics, from specific threats and vulnerabilities to industry regulations and policies. In this lab, you become familiar with a reputable source for security information and investigate a type of attack called social engineering. After completing this lab, you will be able to:
A)-  Discuss the breadth of resources available in the SANS Reading Room
B)- Define social engineering
C)- Discuss the tactics and countermeasures associated with a survey-based social engineering attack
In this lab, you search the Internet for information related to organizational security.

Open your web browser and go to www.sans.org/rr/.
In the search text field type Disney princess and then click the Which Disney© Princess are YOU? link.
After reading the article, prepare an outline for a one-hour talk explaining social engineering in general and the specific types of attack discussed in the article.

 
Project 2) Which Is the “Safest” Operating System?
Objectives: Who makes the safest operating system? Perhaps it would be better to ask who makes the least-unsecure operating system. Security analysts and attackers are constantly exploring operating systems and the software that runs on them, looking for vulnerabilities to patch or exploit, respectively. It is a 24/7 job. There are many claims about which systems are most secure. Some of these claims are based on research, and some are based on word-of-mouth. In this lab, you explore some of the information available on operating system vulnerabilities. After completing this lab, you will be able to:

Research software vulnerabilities
Analyze vulnerability differences among operating systems
Assess web resources critically

In this lab, you search the Internet for information on the degree of security of several oper- ating systems.

Open your web browser and go to http://secunia.com/company/2011-yearly-report/ to open the Secunia Yearly Report for 2011.
Fill in the information (Name, Number of employees, Corporate email, Company, Phone, and Country).
Click to uncheck Yes, I would like to receive latest news on product updates and announcements.
Click the Download FREE report button.
Click the blue text Secunia yearly report 2011 here
Navigate to the Dissecting the archetypal software industry heading on page 9. Note the Top 20 vendors who represented 63% of the vulnerabilities in 2011. All of the most popular operating systems are present: Microsoft (Windows), Apple (Mac), Kernel.org, and Novell (Linux). Also note that the most popular web server, Apache Software Foundation, is on the list.
Go to Figure 10 on page 20 and note twice as many third-party software as Microsoft programs are left unpatched.
Go to Figure 11 on page 22, which shows the percentage of products with vulnera- bilities and the percentage of products with exploits. Note that 80% of the products with the market share between 90 and 100% had exploits, which made the software vulnerable.
Go to http://news.softpedia.com/news/Microsoft-Does-It-Again-Vista-Is-Safest-Linux- and-Mac-OS-X-Bite-the-Dust-63069.shtml.
Read this article and assess its credibility.
Go to http://lastwatchdog.com/windows-vs-linux-security-strengths-weaknesses/.
Read this article and assess its credibility.
Go to http://news.cnet.com/8301-27080_3-10444561-245.html.
Read this article and assess its credibility.
Go to http://www.securityfocus.com/archive/1.
How many links to vulnerability reports are on. Bugtraq’s first page? Examine the dates of the links. On average, how many vulnerability reports are posted per day on Bugtraq?
Browse through the pages until you find an operating system vulnerability report. This will give you an idea of the number of application vulnerabilities compared to the number of operating system vulnerabilities.