Tools for Teaching Security+

Presenter: Mark Ciampa, Western Kentucky University Teaching Security+ requires students to have practical hands-on experience in order to help students understand security concepts and so they will be prepared for the CompTIA performance-based certification exam questions. There are a wide variety of tools that can be used, many of which are free. In this presentation we will explore tools for teaching Security+ as well as learn from each other to teach Security+. In addition we will preview the forthcoming DTI IT_Labworks for Security+ that uses a game-playing simulation for teaching Security+.

1.0x

Tools for Teaching Security+

Created 2 years ago

Duration 0:00:00
lesson view count 606
Presenter: Mark Ciampa, Western Kentucky University Teaching Security+ requires students to have practical hands-on experience in order to help students understand security concepts and so they will be prepared for the CompTIA performance-based certification exam questions. There are a wide variety of tools that can be used, many of which are free. In this presentation we will explore tools for teaching Security+ as well as learn from each other to teach Security+. In addition we will preview the forthcoming DTI IT_Labworks for Security+ that uses a game-playing simulation for teaching Security+.
Select the file type you wish to download
Slide Content
  1. Tools for Teaching Security+

    Slide 1 - Tools for Teaching Security+

    • Mark Ciampa
    • Western Kentucky University
  2. Teaching & Presentation Philosophy

    Slide 2 - Teaching & Presentation Philosophy

    • Broad vs. Deep
    • 2015 Cengage Learning Computing Conference
    • 2
  3. Teaching Security+

    Slide 3 - Teaching Security+

    • CompTIA Security+ is more broad than deep
    • No single domain or topic is significantly in depth
    • When teaching Security+ very important to keep moving
    • Going too deep in a topic means you won’t be able to cover the material
    • 2015 Cengage Learning Computing Conference
    • 3
  4. Presentation Security+ Tools

    Slide 4 - Presentation Security+ Tools

    • This presentation of Tools for Teaching Security+ is more broad than deep
    • Will not go into deep dive on any single tool
    • Going too deep in a tool means we won’t be able to cover the material
    • Some tools will be demonstrated while others will be introduced
    • None of these in Security+ Guide to Network Security Fundamentals 5e Hands-On Projects
    • Presented where fall in current chapter
    • 2015 Cengage Learning Computing Conference
    • 4
  5. Chapter 1Introduction to Security

    Slide 5 - Chapter 1Introduction to Security

    • Tools for Teaching Security+
    • 2015 Cengage Learning Computing Conference
    • 5
  6. Chapter 1 Projects Security+ Guide 5e

    Slide 6 - Chapter 1 Projects Security+ Guide 5e

    • Project 1-1: Examine Data Breaches (The Privacy Rights Clearinghouse)
    • Project 1-2: Scan for Malware Using the Microsoft Safety Scanner
    • Project 1-3: Create a Virtual Machine of Windows 8.1 for Security Testing—Part 1
    • Project 1-4: Create a Virtual Machine of Windows 8.1 for Security Testing—Part 2 (VirtualBox)
    • 2015 Cengage Learning Computing Conference
    • 6
  7. Your Privacy

    Slide 7 - Your Privacy

    • Google Location History
    • Immersion
    • 2015 Cengage Learning Computing Conference
    • 7
  8. Real Time Attack Trackers

    Slide 8 - Real Time Attack Trackers

    • FireEye Cyber Threat Map
    • Norse IPViking
    • Arbor Networks Digital Attack Map
    • Kaspersky Cyberthreat Real-time Map
    • Anubis Network Cyberfeed
    • F-Secure World Map
    • Trend Micro Global Botnet Threat Activity Map
    • Team Cymru Graphs
    • OpenDNS Global Network
    • Madiant IPew Attack
    • Alien Vault Global Dashboard
  9. Create & Run VM from USB Flash Drive

    Slide 9 - Create & Run VM from USB Flash Drive

    • Fork of VirtualBox called Portable VirtualBox
    • Run VM from USB flash drive as application running under Windows (like a virtualized version Windows 8 Enterprise Windows to Go option)
    • Caveats
    • Requires administrator privileges to run
    • Consumes hard drive space, RAM (can adjust), processing power
    • Need licensed copy of OS
    • Format USB drive as an NTFS file system (FAT32 on some USB drives have file size limit to 4GB)
    • 2015 Cengage Learning Computing Conference
    • 9
  10. Create & Run VM from USB Flash Drive

    Slide 10 - Create & Run VM from USB Flash Drive

    • Download Portable VirtualBox (http://www.vbox.me/)
    • Extract and launch Portable-VirtualBox.exe
    • Click Download installation files of VirtualBox
    • Click Extract files box for 32-bit or 64-bit operating systems
    • Check Start Portable-VirtualBox after the extract and/or compress
    • IMPORTANT: Click OK button in bottom left corner (NOT Exit button)
    • 2015 Cengage Learning Computing Conference
    • 10
  11. Create & Run VM from USB Flash Drive

    Slide 11 - Create & Run VM from USB Flash Drive

    • Launch Portable-VirtualBox.exe to enter VirtualBox
    • Network and USB support are disabled by default
    • Can create VM of Windows, Linux Mint (http://www.linuxmint.com/), Android (https://code.google.com/p/android-x86/downloads/list)
    • Can also be used in Chapter 10 Mobile Device Security
    • 2015 Cengage Learning Computing Conference
    • 11
  12. Chapter 2Malware & Social Engineering Attacks

    Slide 12 - Chapter 2Malware & Social Engineering Attacks

    • Tools for Teaching Security+
    • 2015 Cengage Learning Computing Conference
    • 12
  13. Chapter 2 Projects Security+ Guide 5e

    Slide 13 - Chapter 2 Projects Security+ Guide 5e

    • Project 2-1: Write-Protecting and Disabling a USB Flash Drive (Thumbscrew)
    • Project 2-2: Scan for Rootkits Using a Basic Tool (TDSSKiller)
    • Project 2-3: Scan for Rootkits Using an Advanced Tool (GMER)
    • Project 2-4: Use a Software Keylogger (Spyrix)
    • 2015 Cengage Learning Computing Conference
    • 13
  14. Slide 14

    • 2015 Cengage Learning Computing Conference
    • 14
  15. RawDisk

    Slide 15 - RawDisk

    • “RawDisk library offers software developers direct access to files, disks and partitions of the disks (hard drives, flash disks etc.) for user-mode applications, bypassing security limitations of Windows operating systems”
    • Direct access to disks and protected files from user-mode applications in Windows 8/7/Vista/XP
    • Can read/write disks sector by sector without operating-system-imposed restrictions
    • “Comes in handy for development of data recovery, undelete and forensic applications”
    • https://www.eldos.com/rawdisk/
    • 2015 Cengage Learning Computing Conference
    • 15
  16. Microsoft Attack Surface Analyzer

    Slide 16 - Microsoft Attack Surface Analyzer

    • “Understand how the attack surface of Windows systems change as a result of installing software”
    • Can take snap shot of multiple security related information elements on a system, then after the system changes can take another snap shot;
    • Compares the before and after snap shots and show what changed in an HTML report   
    • http://www.microsoft.com/en-us/download/details.aspx?id=24487
    • 2015 Cengage Learning Computing Conference
    • 16
  17. 2015 Cengage Learning Computing Conference

    Slide 17 - 2015 Cengage Learning Computing Conference

    • 17
  18. DVWA

    Slide 18 - DVWA

    • DVWA is PHP/MySQL vulnerable web application
    • Install Apache Webserver
    • Install Mysql Server
    • Install PHP
    • Install and configure DVWA
    • Can perform XSS, SQL injection attacks
    • http://www.dvwa.co.uk/
    • 2015 Cengage Learning Computing Conference
    • 18
  19. WebGoat

    Slide 19 - WebGoat

    • WebGoat - Deliberately insecure web application designed to teach web application security lessons
    • Install and practice with WebGoat in either J2EE or WebGoat for .Net in ASP.NET.
    • Users demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat applications
    • Example: User must use SQL injection to steal fake credit card numbers
    • https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
    • 2015 Cengage Learning Computing Conference
    • 19
  20. Chapter 3Application & Network-Based Attacks

    Slide 20 - Chapter 3Application & Network-Based Attacks

    • Tools for Teaching Security+
    • 2015 Cengage Learning Computing Conference
    • 20
  21. Chapter 3 Projects Security+ Guide 5e

    Slide 21 - Chapter 3 Projects Security+ Guide 5e

    • Project 3-1: Scan Web Browser Plug-ins (Qualys Browser Check)
    • Project 3-2: Configure Microsoft Windows Data Execution Prevention (DEP)
    • Project 3-3: Set Web Browser Security
    • Project 3-4: Hosts File Attack
    • Project 3-5: ARP Poisoning
    • Project 3-6: Create an HTTP Header
    • Project 3-7: Manage Flash Cookies
    • 2015 Cengage Learning Computing Conference
    • 21
  22. Enhanced Mitigation Experience Toolkit (EMET)

    Slide 22 - Enhanced Mitigation Experience Toolkit (EMET)

    • Strengthens the security of non-Microsoft applications by using defenses built within Windows
    • Includes “Attack Surface Reduction” can block some of an application’s modules or plugins that might be abused
    • EMET tell Internet Explorer to halt an SSL connection if an untrusted certificate is detected without sending session data
    • http://www.microsoft.com/en-us/download/details.aspx?id=43714
    • 2015 Cengage Learning Computing Conference
    • 22
  23. Chapter 4Host, Application, and Data Security

    Slide 23 - Chapter 4Host, Application, and Data Security

    • Tools for Teaching Security+
    • 2015 Cengage Learning Computing Conference
    • 23
  24. Chapter 4 Projects Security+ Guide 5e

    Slide 24 - Chapter 4 Projects Security+ Guide 5e

    • Project 4-1: Test Antivirus Software
    • Project 4-2: Setting Windows Local Security Policy
    • Project 4-3: Viewing Windows Firewall Settings
    • Project 4-4: Analyze Files and URLs for Viruses Using VirusTotal
    • 2015 Cengage Learning Computing Conference
    • 24
  25. pfSense

    Slide 25 - pfSense

    • Free network firewall distribution
    • Based on the FreeBSD with custom kernel and including third party software packages
    • Web interface for the configuration of all included components; no command line needed
    • 10-20 Mbps - Less than 4 year old CPU at least 500MHz
    • 21-100 Mbps - 1.0 GHz CPU
    • 101-500 Mbps – Server-class hardware with PCI-e network adapters and CPU 2.0 GHz.
    • 501+ Mbps - Server class hardware with PCI-e network adapters and multiple cores at > 2.0GHz
    • https://www.pfsense.org/
    • 2015 Cengage Learning Computing Conference
    • 25
  26. Chapter 5Basic Cryptography

    Slide 26 - Chapter 5Basic Cryptography

    • Tools for Teaching Security+
    • 2015 Cengage Learning Computing Conference
    • 26
  27. Chapter 5 Projects Security+ Guide 5e

    Slide 27 - Chapter 5 Projects Security+ Guide 5e

    • Project 5-1: Using OpenPuff Steganography
    • Project 5-2: Running an RSA Cipher Demonstration
    • Project 5-3: Installing Command-Line Hash Generators and Comparing Hashes
    • Project 5-4: Installing GUI Hash Generators and Comparing Digests
    • Project 5-5: Using Microsoft’s Encrypting File System (EFS)
    • Project 5-6: Using TrueCrypt
    • 2015 Cengage Learning Computing Conference
    • 27
  28. Febooti Hash & CRC

    Slide 28 - Febooti Hash & CRC

    • GUI-based file hash and CRC generator
    • http://www.febooti.com/products/filetweak/members/hash-and-crc/
    • 2015 Cengage Learning Computing Conference
    • 28
  29. TrueCrypt Alternatives

    Slide 29 - TrueCrypt Alternatives

    • TrueCrypt suddenly ceased operations 2014
    • TrueCrypt v7.1a still available (https://www.grc.com/misc/truecrypt/truecrypt.htm)
    • VeraCrypt (https://veracrypt.codeplex.com/)
    • DiskCryptor (https://diskcryptor.net/wiki/Main_Page)
    • CipherShed (https://ciphershed.org/)
    • BestCrypt (http://www.jetico.com/)
    • 2015 Cengage Learning Computing Conference
    • 29
  30. Chapter 6Advanced Cryptography

    Slide 30 - Chapter 6Advanced Cryptography

    • Tools for Teaching Security+
    • 2015 Cengage Learning Computing Conference
    • 30
  31. Chapter 6 Projects Security+ Guide 5e

    Slide 31 - Chapter 6 Projects Security+ Guide 5e

    • Project 6-1: SSL Server and Client Tests
    • Project 6-2: Viewing Digital Certificates
    • Project 6-3: Viewing Digital Certificate Revocation Lists (CRL) and Untrusted Certificates
    • Project 6-4: Downloading and Installing a Digital Certificate
    • Project 6-5: Using a Digital Certificate for Signing Documents
    • 2015 Cengage Learning Computing Conference
    • 31
  32. Virtru

    Slide 32 - Virtru

    • End-to-end email and attachment encryption using existing email (Chrome, Firefox, Outlook, Mac Mail, iOS and Android)
    • Install Virtru in browser, mobile device, or email application using Trusted Data Format (TDF)
    • When composing “flip the Virtru switch” to encrypt message and attachments
    • Recipients can read your message without installing software after verify identity
    • Sender can revoke messages at any time, see and control forwarding, set expiration dates
    • https://www.virtru.com/get-secure-email
    • 2015 Cengage Learning Computing Conference
    • 32
  33. End-To-End

    Slide 33 - End-To-End

    • End-To-End is Chrome extension to encrypt, decrypt, digital sign, and verify signed messages within the browser using OpenPGP
    • Built on JavaScript-based crypto library
    • Enables key generation, encryption, decryption, digital signature, and signature verification
    • https://github.com/google/end-to-end
    • 2015 Cengage Learning Computing Conference
    • 33
  34. Fiddler

    Slide 34 - Fiddler

    • Web Debugging - Debug traffic to ensure the proper cookies, headers and cache directives are transferred between the client and server (supports .NET, Java, Ruby, etc. framework)
    • Performance Testing – View HTTP caching and compression
    • HTTP/HTTPS Traffic Recording - Web debugging proxy that logs all HTTP(s) traffic between computer and Internet
    • Web Session Manipulation - Edit web sessions by setting breakpoint to pause the processing of the session and permit alteration of the request/response; can also compose own HTTP requests to run through Fiddler
    • http://www.telerik.com/fiddler
    • 2015 Cengage Learning Computing Conference
    • 34
  35. Chapter 7Network Security Fundamentals

    Slide 35 - Chapter 7Network Security Fundamentals

    • Tools for Teaching Security+
    • 2015 Cengage Learning Computing Conference
    • 35
  36. Chapter 7 Projects Security+ Guide 5e

    Slide 36 - Chapter 7 Projects Security+ Guide 5e

    • Project 7-1: Configuring the Windows Firewall
    • Project 7-2: Using Behavior-Based Monitoring Tools
    • Project 7-3: Using an Internet Content Filter
    • Project 7-4: Configure a Windows Client for Network Access Protection
    • 2015 Cengage Learning Computing Conference
    • 36
  37. GlassWire

    Slide 37 - GlassWire

    • Network monitor - Visualizes current and past network activity by traffic type, application, geographic location; can go back in time up to 30 days
    • Threat monitoring - Reveals hosts that are known threats, unexpected network system file changes, unusual application changes, ARP spoofing, DNS changes; can remotely monitor servers or other computers and block activity
    • Firewall – Shows new application or service accessing the Internet for the first time
    • Detailed log - Shows current and past servers communicating with
    • Remote server monitoring - Monitor all server network activity
    • Internet/Bandwidth usage monitoring - Can see amount bandwidth using; can block bandwidth hogging apps or privacy violators
    • Incognito mode – Prevents network activity from being logged
    • https://www.glasswire.com/
    • 2015 Cengage Learning Computing Conference
    • 37
  38. Chapter 8Administering a Secure Network

    Slide 38 - Chapter 8Administering a Secure Network

    • Tools for Teaching Security+
    • 2015 Cengage Learning Computing Conference
    • 38
  39. Chapter 8 Projects Security+ Guide 5e

    Slide 39 - Chapter 8 Projects Security+ Guide 5e

    • Project 8-1: Using an Application Sandbox
    • Project 8-2: Create a Virtual Machine from a Physical Computer
    • Project 8-3: Load the Virtual Machine
    • Project 8-4: View SNMP Management Information Base (MIB) Elements
    • Project 8-5: Viewing Logs Using the Microsoft Windows Event Viewer
    • Project 8-6: Creating a Custom View in Microsoft Windows Event Viewer
    • Project 8-7: Creating a Subscription in Microsoft Windows Event Viewer
    • 2015 Cengage Learning Computing Conference
    • 39
  40. DNS Services

    Slide 40 - DNS Services

    • Recursive (not authoritative) DNS services are “middlemen” between browser and website content with offer additional functionality for both users and network administrators
    • Content filtering - Block adult sites and other unwanted content, while requiring no software on the computers and devices
    • Malware and phishing blocking - Block sites containing malware, scams and other dangerous content
    • Protection against botnets - Blocks communication with known botnet servers
    • Advertisement blocking - Another type of content filtering
    • URL typo correction – Change gogle.com correct to google.com
    • 2015 Cengage Learning Computing Conference
    • 40
  41. DNS Services

    Slide 41 - DNS Services

    • Commodo Secure DNS (https://www.comodo.com/secure-dns/)
    • Dyn Internet Guide (http://dyn.com/labs/dyn-internet-guide/)
    • FoolDNS (http://www.fooldns.com/fooldns-community/english-version/)
    • Green Team DNS (http://members.greentm.co.uk/)
    • Norton ConnectSafe (https://dns.norton.com/)
    • OpenDNS (https://www.opendns.com/)
    • 2015 Cengage Learning Computing Conference
    • 41
  42. Chapter 9Wireless Network Security

    Slide 42 - Chapter 9Wireless Network Security

    • Tools for Teaching Security+
    • 2015 Cengage Learning Computing Conference
    • 42
  43. Chapter 9 Projects Security+ Guide 5e

    Slide 43 - Chapter 9 Projects Security+ Guide 5e

    • Project 9-1: Viewing WLAN Security Information with Vistumbler
    • Project 9-2: Substitute a MAC Address Using SMAC
    • Project 9-3: Use Microsoft Windows 7 Netsh Commands
    • Project 9-4: Configuring Access Points—WPA2 and WPS
    • 2015 Cengage Learning Computing Conference
    • 43
  44. Kali Linux

    Slide 44 - Kali Linux

    • www.kali.com
    • Formerly “Backtrack”
    • Open source Debian Linux distribution
    • Designed for penetration testing: has 300 built-in pen testing tools
    • Regularly updated and customizable
    • Different options
    • Bootable ISO (Live Distro)
    • Virtual machine
    • Natively installed
    • ARM devices (Raspberry Pi)
  45. Kali Linux Wireless Tools

    Slide 45 - Kali Linux Wireless Tools

    • Kismet – Display wireless networks
    • Airmon-ng – Capture wireless packets, inject packets into wireless network
    • Ifconfig/iwconfig – Part of Linux for configuration of wireless interfaces
    • Wireshark – Protocol analyzer
    • Nmap – Network scanner (ZenMap GUI)
    • Kali Linux menu
  46. Wireless Attacks & Tools

    Slide 46 - Wireless Attacks & Tools

    • 46
  47. Wireless Adapters for Kali Linux

    Slide 47 - Wireless Adapters for Kali Linux

    • Wireless USB adapter
    • Hawking HD45U 3x3x3 USB 3.0
    • Uses Ralink chipset
    • $40
    • 802.11n only
    • Edimax AC-1200
    • Edimax EW-7822UAC
  48. Organizational Systems Wireless Auditor (OSWA-Assistant)

    Slide 48 - Organizational Systems Wireless Auditor (OSWA-Assistant)

    • Associated certifications
    • Wi-Fi, Bluetooth, and RFID penetration testing tools
    • Supports web interface
    • http://securitystartshere.org/page-training-oswa-assistant.htm
  49. OSWA-Assistant: Wi-Fi

    Slide 49 - OSWA-Assistant: Wi-Fi

    • Afrag; Aircrack-ng; Airfart; Airpwn; Airsnort; Airsnarf; Airtraf; AP-Hopper; AP-Radar; AP-Utils; Asleap; ChopChop; CoWPAtty; EapMD5pass; FakeAP; Freeradius Pwnage Edition; HostAPD; Hotspotter; Karma; Kismet; Leapcracker; MDK3; MoocherHunter; Probemapper; Pyrawcovert; Rcovert; Ska; SSIDsniff; SSLstrip; Wardrive; Wavemon; WEPlab; WEP0ff; Wi-Find; Wi-Spy Tools; WifiTap; WifiZoo; WPA-attack; WPA Buddy; WPA Supplicant; Wireless Extensions & Wireless Tools package (iwconfig/iwpriv, etc); Zulu
  50. OSWA-Assistant: Bluetooth

    Slide 50 - OSWA-Assistant: Bluetooth

    • Bluebugger; Bluediving Suite; Bluemaho Suite (lite); Blueper; Blueprint; Bluescanner; Bluesmash; Bluesnarfer; Bluesquirrel Suite; BT-Audit; Btfs; Btscanner; Carwhisperer; Ghettotooth; Obexpush-dos; HIDattack; Redfang; Spooftooph; T-Bear; Ussp-push; Vcardblaster; Bluez Bluetooth package with hcitool/hciconfig
  51. OSWA-Assistant: RFID & Other

    Slide 51 - OSWA-Assistant: RFID & Other

    • RFID Tools: Rfdump; RFIDiot; Rfidtool
    • Miscellaneous: Macchanger; Metasploit Framework; SET; Wireshar
  52. Reaver

    Slide 52 - Reaver

    • Reaver implements a brute force attack against Wi-Fi Protected Setup (WPS) registrar PINs in order to recover WPA/WPA2 passphrases
    • On average Reaver can recover the target AP's plain text WPA/WPA2 passphrase in 4-10 hours
    • May only take half this time to guess the correct WPS pin and recover the passphrase
    • https://code.google.com/p/reaver-wps/
    • 2015 Cengage Learning Computing Conference
    • 52
  53. Wifiphisher

    Slide 53 - Wifiphisher

    • Social engineering attack that as easy way for obtaining credentials from captive portals and third party login pages or WPA/WPA2 secret passphrases.
    • Attack in three phases:
    • Victim deauthenticated from AP: Wifiphisher continuously jams all target AP devices by sending deauth packets to the client from the AP, to AP from client, and to broadcast address
    • Victim joins a rogue access point: Wifiphisher copies target AP settings to creates rogue AP; sets up a NAT/DHCP server and forwards the right ports so clients start connecting to the rogue AP
    • Victim served a realistic router configuration page: Wifiphisher sets up web server that responds to HTTP & HTTPS requests; when victim requests Internet page Wifiphisher responds with a realistic fake page that asks for credentials due to router firmware upgrade
    • https://github.com/sophron/wifiphisher
    • 2015 Cengage Learning Computing Conference
    • 53
  54. Chapter 10Mobile Device Security

    Slide 54 - Chapter 10Mobile Device Security

    • Tools for Teaching Security+
    • 2015 Cengage Learning Computing Conference
    • 54
  55. Chapter 10 Projects Security+ Guide 5e

    Slide 55 - Chapter 10 Projects Security+ Guide 5e

    • Project 10-1: Creating and Using QR Codes
    • Project 10-2: Software to Locate a Missing Laptop
    • Project 10-3: Installing Bluestacks Android Emulator
    • Project 10-4: Installing Security Apps Using Bluestacks Android Emulator
    • 2015 Cengage Learning Computing Conference
    • 55
  56. Mobile Tracking Software

    Slide 56 - Mobile Tracking Software

    • Monitoring Software
    • mSpy (www.mspy.com)
    • MobileSpy (http://www.mobile-spy.com/)
    • Mobistealth (http://www.mobistealth.com/)
    • MBL Stealth (http://www.mblstealth.com/main/)
    • 2015 Cengage Learning Computing Conference
    • 56
  57. Prey

    Slide 57 - Prey

    • Lock down devices
    • Delete stored passwords
    • https://preyproject.com/
    • 2015 Cengage Learning Computing Conference
    • 57
  58. Confide

    Slide 58 - Confide

    • Free iOS & Android app
    • Can send email along with an attached document/photo (Word, Excel, PowerPoint and PDF files stored on Dropbox, Box, Google Drive, OneDrive and other document-storage services) that gets encrypted
    • When the recipient opens it the content is blurry and unreadable
    • Can only be read by touching the screen, and only the line under the finger is readable
    • If someone snaps a picture of the screen only the one exposed line is captured (cannot see whole message at once)
    • When recipient finished and taps "close" message is deleted irretrievably
    • 2015 Cengage Learning Computing Conference
    • 58
  59. Confide

    Slide 59 - Confide

    • If recipient not have Confide app installed a button on the message opens the Apple App Store or Google Play Store on the Confide page so can download
    • Both the recipient and the sender have the ability to delete a message
    • Sender can change the amount of time a message will last before it self-destructs (set message to be viewable for week but change mind after sending it you can adjust life span remotely or instantly delete it
    • Confide for Business will have address book integration, distribution lists and other features and desktop version coming
    • https://getconfide.com/
    • 2015 Cengage Learning Computing Conference
    • 59
  60. Dstrux

    Slide 60 - Dstrux

    • Dstrux similar to Confide to send messages & documents encrypted and self-destructing
    • It enables sharing over Facebook or Twitter, but only a link to the secure content in the cloud is shared
    • Can apply controls to a message before you send it (how long before it self-destructs, whether it's blurry upon opening, if recipient can forward)
    • Message can be viewed, but not printed, copied, saved or captured with a screen capture
    • 2015 Cengage Learning Computing Conference
    • 60
  61. Dstrux

    Slide 61 - Dstrux

    • Before sending decide how long the message will last before it self-destructs (days, hours or minutes), to blur content, allow/disallow forwarding
    • To see a full image have to rapidly swipe all over the screen, then look fast before it vanishes
    • Confide more polished, Dstrux more options
    • https://dstrux.com/
    • 2015 Cengage Learning Computing Conference
    • 61
  62. Disconnect

    Slide 62 - Disconnect

    • Blocks malicious tracking and malvertising threats disguised as legitimate ads
    • Privacy icons - See how websites collect and use data
    • Disconnect - Visualize & block invisible websites that track
    • https://disconnect.me/disconnect
    • 2015 Cengage Learning Computing Conference
    • 62
  63. Other Android Apps

    Slide 63 - Other Android Apps

    • VT View Source – View HTML, CSS, JavaScript, XML sources of webpages and remotely located files (https://play.google.com/store/apps/details?id=com.tozalakyan.viewsource)
    • kWS Android Web Server - https://play.google.com/store/apps/details?id=org.xeustechnologies.android.kws
    • Hacker’s Keyboard – Full keyboard (https://play.google.com/store/apps/details?id=org.pocketworkstation.pckeyboard&feature=search_result)
    • 2015 Cengage Learning Computing Conference
    • 63
  64. Chapter 11Access Control Fundamentals

    Slide 64 - Chapter 11Access Control Fundamentals

    • Tools for Teaching Security+
    • 2015 Cengage Learning Computing Conference
    • 64
  65. Chapter 11 Projects Security+ Guide 5e

    Slide 65 - Chapter 11 Projects Security+ Guide 5e

    • Project 11-1: Using Windows Local Group Policy Editor
    • Project 11-2: Using Discretionary Access Control to Share Files in Windows
    • Project 11-3: Enabling IEEE 802.1x
    • Project 11-4: Explore User Account Control (UAC)
    • 2015 Cengage Learning Computing Conference
    • 65
  66. Chapter 12Authentication and Account Management

    Slide 66 - Chapter 12Authentication and Account Management

    • Tools for Teaching Security+
    • 2015 Cengage Learning Computing Conference
    • 66
  67. Chapter 12 Projects Security+ Guide 5e

    Slide 67 - Chapter 12 Projects Security+ Guide 5e

    • Project 12-1: Use an Online Rainbow Table Cracker
    • Project 12-2: Keystroke Dynamics
    • Project 12-3: Download and Install a Password Management Program
    • Project 12-4: Use Cognitive Biometrics
    • Project 12-5: Create an OpenID Account
    • Project 12-6: Use an OpenID Account
    • 2015 Cengage Learning Computing Conference
    • 67
  68. Password Management Applications

    Slide 68 - Password Management Applications

    • Dashlane
    • LastPass
    • KeePass
    • 1Password
    • Blur
    • PasswordBox
    • RoboForm
    • StickyPassword
    • 2015 Cengage Learning Computing Conference
    • 68
  69. HashCat

    Slide 69 - HashCat

    • Optimum password cracking program
    • Brute-Force attack, combinator attack, dictionary attack, fingerprint attack, hybrid attack, mask attack, permutation attack, rule-based attack
    • Multi-GPU (up to 128 gpus)
    • Multi-Hash (up to 100 million hashes)
    • Multi-OS (Linux & Windows native binaries)
    • http://hashcat.net/oclhashcat/
    • 2015 Cengage Learning Computing Conference
    • 69
  70. Security+ 5e

    Slide 70 - Security+ 5e

    • Security+ Guide to Network Security Fundaments, 5e from Cengage Learning (9781305093911)
    • Published August, 2014
    • Maps completely to new SY0-401 exam objectives
    • Retains popular format
    • Increased from 14 to 15 chapters (new chapter on Mobile Device Security)
    • Increased chapter length by 2-3 pages
  71. Security+ 5e

    Slide 71 - Security+ 5e

    • Cryptography moved up to Chapters 5-6
    • New “Today’s Attacks & Defenses” openers
    • New sectional units
    • New and updated Review Questions, Hands-On Projects, Case Projects
    • New lecture videos
    • New material on companion web site to be updated regularly
  72. Mark Ciampa

    Slide 72 - Mark Ciampa

    • Western Kentucky University
    • mark.ciampa@wku.edu
    • Tools For Teaching Security+