DOCSLIB.ORG

Introduction to Cybersecurity 4

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

First Edition: MAJ THOMAS A. OWENS, CAP 2019 Revision: MAJ DEREK RUSTVOLD, CAP DIRECTOR OF CYBER PROGRAMS, MID-ATLANTIC REGION Editing: SUSAN MALLETT, CAP NHQ DR. JEFF MONTGOMERY, CAP NHQ Published by NATIONAL HEADQUARTERS CIVIL AIR PATROL AEROSPACE EDUCATION DIRECTORATE MAXWELL AFB, ALABAMA 36112 REVISED SEPTEMBER 2019 Contents AN INTRODUCTION TO CYBERSECURITY 4 CAP Cybersecurity Module 4 Summary of Recent Attacks and Motivation for Action 5 Activity Group One: Codes, Ciphers and Encryption Awareness 8 Unit Profile: Room 40 and Bletchley Park 15 Biography: Alan Turing 15 CONCEPTS IN INFORMATION ASSURANCE AND CYBER WARFARE 16 Activity Group Two: Vulnerabilities and Basic Defense Skills 19 Patriot Bio: Maj. Gen. Robert J. Skinner 25 CONCEPTS OF OPERATING SYSTEMS AND NETWORKING 26 Activity Group Three: Basic Probing Skills 27 th Unit Profile: 24 Air Force 38 th Unit Profile: 67 Network Warfare Wing 38 Patriot Bio: Brig. Gen. Kevin B. Wooton 38 EXPLORING CAREERS IN CYBERSECURITY 39 Unit Profile: USCYBERCOM 43 Patriot Bio: General Keith B. Alexander 43 Bonus Graphic: USCYBERCOM 44 CONCLUSION AND NEXT STEPS 45 APPENDICES 51 A: Motivational Chronology of Cyber Warfare 51 B: Glossary of Terms, Threats, and Countermeasures 55 C: Toolbox of Promotional Resources 68 D: Toolbox of Technical Resources 72 E. Solutions to Module Activities 74 3 An Introduction to Cybersecurity Our Nation's Cyber Dependency At all its various levels, the United States has become a “cybernation.” Aviators will be amused to discover the prefix “cyber-” is derived from the word cybernetic, which comes from a Greek word κυβερνητικός (kybernētēs) which means pilot, rudder, steersman, or governor. Some early cybernetic applications will be reviewed in the Chronology Appendix. Every aspect of American culture, commerce, public safety, and national defense is now inextricably dependent upon systems of networked computers. These systems make our nation competitive and safe. However, our dependency on computers and networks is not without risk. Our economy and national defense would be seriously disrupted if the networked computer systems on which we depend became unreliable or unavailable. Anyone driving on the Eisenhower Interstate System eventually sees the signs and recognizes transportation to be a vital to national security and our economy. Should key data access be denied or corrupted, problems with signal lights at busy interchanges or intersections or with Air Traffic Control flight plans could grind our nation to a halt. Cyber Attackers Some individuals (“hackers”) electronically break into networked computer systems just to prove they can. In other cases, well organized groups break into systems to conduct illicit financial transactions including stealing people’s credit card numbers. Better funded groups have recently penetrated US systems to corrupt data, sabotage operations and conduct espionage to include capturing aircraft performance and avionics data. Cybersecurity Cybersecurity is the professional practice of identifying vulnerabilities and countering threats of exploitation or disruption to computers, smart phones and network systems. For most of us, it involves doing very simple things such as setting strong passwords, using encryption for our wireless networks, ignoring suspicious links or attachments and not responding to “phishing” emails. At management levels, we do not transmit DOD contractor design data across unsecured channels. At technical levels, we work to employ good configuration control with correct firewall and port settings, and router configurations. In all cases, we as patriots do the necessary things to ensure that the cybernetic systems on which we depend are trustworthy, confidential, accessible, and secure. CAP Cybersecurity Module The purpose of this module is to introduce all of our readers to current threats in Cyberspace and to provide some immediate activities for improving our collective awareness and defense. A summary of careers in computer and network security is provided. This module also serves as a primer for those seeking to compete in the CyberPatriot Program sponsored by the Air Force Association. The battlefield is vast and so we provide checklists, a chronology and a very practical glossary of common terms in the appendices. You can use the chronology to motivate participants. You can use the glossary to look up concepts and commands and rapidly build your understanding. NOTE: This module is fully intended by Civil Air Patrol to be used as an education product to help our members understand the implications of cyber threats and the need for cyber security. 4 Summary of Recent Attacks and Motivation for Action In August of 2003, CSX passenger and freight trains in the Washington D.C. area were stopped after the company's telecommunications network was overtaken by the Sobig.F worm. The Sobig.F worm self-deactivated on September 10, 2003. Microsoft announced that they would pay $250,000 for information leading to the arrest of the creator of the Sobig worm. To date, the perpetrator has not been caught. In 2007, McAfee, Inc. alleged that the People's Republic of China was actively involved in "cyberwar,” and had initiated cyber-attacks on the nations of India, Germany, and the United States. Two years later, McAfee releases a 37-page report observing that “The line between cyber crime and cyber war is blurred in large part because nation-states have already demonstrated that they are willing to tolerate, encourage or even direct criminal organizations and private citizens to attack enemy targets.” In June of 2007, the Pentagon forced 1500 computers off line as a result of cyber attacks. "The nature of the threat is large and diverse, [..]" said US Navy Lt Cmdr Chit Peppler, a Pentagon spokesman. In 2008, the Pentagon reported a total of 360 million attempts to break into its networks, up from just 6 million in 2006. This included a report in the Wall Street Journal about a successful cyberespionage attempt to hack into the $300 billion Joint Strike Fighter project and copy data about the aircraft's design and electronics systems. In April 2009, reports surfaced that China and Russia had infiltrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system. The intruders seek to navigate and map the infrastructure. Many of the intrusions were detected, not by the companies in charge of the infrastructure, but rather by U.S. intelligence agencies. Intelligence officials maintain concerns that cyber-attackers could take control of electrical facilities, nuclear power plants or financial networks during a time of conflict. In December 2009 through January 2010, a cyber-attack dubbed Operation Aurora was launched from China against Google and over 20 other companies. Google determined the attacks originated from China and is currently set to "review the feasibility" of its business operations in China. In June of 2011, spear-phishing attacks on White House staffer Gmail accounts are traced to Jian, PRC. The People's Republic of China denied any involvement. 5 Sony PlayStation Network Hacked In April of 2011, Sony's PlayStation network was hacked and user account information to include names, passwords and credit card data was compromised. Crackers later broke into Sony Pictures' website and compromised the accounts of over 1 million users. The gaming company Sega was also violated with nearly 1.3 million users' details compromised. Sega makes games for PlayStation and other gaming systems. In June, an 18-year old was arrested in London under suspicion of “hacking into systems and mounting denial of service attacks against a number of international businesses and intelligence agencies," police said. The thought was that this suspect was the leader of Lulz Security, or LulzSec, a band of hackers who appear to be responsible for a string of high-profile and sometimes embarrassing Internet attacks. Their most notable strike was a distributed denial-of-service attack on 15 June 2011 that actually shut down the Central Intelligence Agency's website for several hours. On 17 June, the group posted an irreverent denial that it was their leader who had been arrested. "The main anti-LulzSec argument suggests that we're going to bring down more Internet laws by continuing our public shenanigans, and that our actions are causing clowns with pens to write new rules for you," the group wrote. "But what if we just hadn't released anything? What if we were silent? That would mean we would be secretly inside FBI affiliates right now, inside PBS, inside Sony... watching... abusing .................................................................. " On 1 August 2011, the arrested teenager was released on bail and soon after... Anonymous hackers penetrated FBI contractor ManTech International. Documents belonging to NATO, the U.S. Army, the U.S Department of Homeland Security and the U.S. State Department were said to have been compromised. The message from some youthful leaders of various hacker organizations is that trusted agencies and employers need to do a much better job of ensuring our national and economic security. This seems to be supported by a recent audit by the Department of Justice, which found the FBI unprepared. The year of 2014 included a series of high impact data breaches including Sony Pictures, Apple iCloud, Heartbleed vulnerability and Cryptolocker ransomware. The Sony Pictures breach was potentially attributed to North Korea for political retaliation. The same year
Recommended publications
  • Bottleneck Discovery and Overlay Management in Network Coded Peer-To-Peer Systems

    Bottleneck Discovery and Overlay Management in Network Coded Peer-To-Peer Systems

    Bottleneck Discovery and Overlay Management in Network Coded Peer-to-Peer Systems ∗ Mahdi Jafarisiavoshani Christina Fragouli EPFL EPFL Switzerland Switzerland mahdi.jafari@epfl.ch christina.fragouli@epfl.ch Suhas Diggavi Christos Gkantsidis EPFL Microsoft Research Switzerland United Kingdom suhas.diggavi@epfl.ch [email protected] ABSTRACT 1. INTRODUCTION The performance of peer-to-peer (P2P) networks depends critically Peer-to-peer (P2P) networks have proved a very successful dis- on the good connectivity of the overlay topology. In this paper we tributed architecture for content distribution. The design philoso- study P2P networks for content distribution (such as Avalanche) phy of such systems is to delegate the distribution task to the par- that use randomized network coding techniques. The basic idea of ticipating nodes (peers) themselves, rather than concentrating it to such systems is that peers randomly combine and exchange linear a low number of servers with limited resources. Therefore, such a combinations of the source packets. A header appended to each P2P non-hierarchical approach is inherently scalable, since it ex- packet specifies the linear combination that the packet carries. In ploits the computing power and bandwidth of all the participants. this paper we show that the linear combinations a node receives Having addressed the problem of ensuring sufficient network re- from its neighbors reveal structural information about the network. sources, P2P systems still face the challenge of how to efficiently We propose algorithms to utilize this observation for topology man- utilize these resources while maintaining a decentralized operation. agement to avoid bottlenecks and clustering in network-coded P2P Central to this is the challenging management problem of connect- systems.
  • Operating Systems and Virtualisation Security Knowledge Area (Draft for Comment)

    Operating Systems and Virtualisation Security Knowledge Area (Draft for Comment)

    OPERATING SYSTEMS AND VIRTUALISATION SECURITY KNOWLEDGE AREA (DRAFT FOR COMMENT) AUTHOR: Herbert Bos – Vrije Universiteit Amsterdam EDITOR: Andrew Martin – Oxford University REVIEWERS: Chris Dalton – Hewlett Packard David Lie – University of Toronto Gernot Heiser – University of New South Wales Mathias Payer – École Polytechnique Fédérale de Lausanne © Crown Copyright, The National Cyber Security Centre 2019. Following wide community consultation with both academia and industry, 19 Knowledge Areas (KAs) have been identified to form the scope of the CyBOK (see diagram below). The Scope document provides an overview of these top-level KAs and the sub-topics that should be covered under each and can be found on the project website: https://www.cybok.org/. We are seeking comments within the scope of the individual KA; readers should note that important related subjects such as risk or human factors have their own knowledge areas. It should be noted that a fully-collated CyBOK document which includes issue 1.0 of all 19 Knowledge Areas is anticipated to be released by the end of July 2019. This will likely include updated page layout and formatting of the individual Knowledge Areas. Operating Systems and Virtualisation Security Herbert Bos Vrije Universiteit Amsterdam April 2019 INTRODUCTION In this knowledge area, we introduce the principles, primitives and practices for ensuring security at the operating system and hypervisor levels. We shall see that the challenges related to operating system security have evolved over the past few decades, even if the principles have stayed mostly the same. For instance, when few people had their own computers and most computing was done on multiuser (often mainframe-based) computer systems with limited connectivity, security was mostly focused on isolating users or classes of users from each other1.
  • A Solution to Php Code Injection Attacks and Web

    A Solution to Php Code Injection Attacks and Web

    INTERNATIONAL JOURNAL OF RESEARCH IN COMPUTER APPLICATIONS AND ROBOTICS Vol.2 Issue.9, Pg.: 24-31 September 2014 www.ijrcar.com INTERNATIONAL JOURNAL OF RESEARCH IN COMPUTER APPLICATIONS AND ROBOTICS ISSN 2320-7345 A SOLUTION TO PHP CODE INJECTION ATTACKS AND WEB VULNERABILITIES Venkatesh Yerram1, Dr G.Venkat Rami Reddy2 ¹Computer Networks and Information Security, [email protected] ²Computer Science Engineering, 2nd [email protected] JNTU Hyderabad, India Abstract Over the decade web applications are grown rapidly. This leads to cyber crimes. Attacker injects various scripts to malfunction the web application. Attacker injects these scripts to text box of vulnerable web application from various compounds such as search bar, feedback form, login form etc and later which is executed by the server. Sometimes attacker modifies the URL to execute a successful attack. This execution of system calls and API on web server by attacker can damage the file system and or leaks information of web server. PHP is a server side scripting language, dynamic features and functionalities are controlled through the PHP language. Hence, the use of PHP language results in high possibility of successful execution of code injection attacks. The aim of this paper is first to understand the code web application vulnerability related to PHP code injection attack, the scenario has been developed. Secondly defeat the attack and fast incident determination from the developed domain dictionary. This proposed system is helpful for cyber forensics expert to gather and analyze the evidence effectively Keywords: Code Injection, vulnerabilities, Attack, cyber forensics 1. INTRODUCTION The web environment is growing rapidly day by day, the cyber crimes also increasing rapidly.
  • A Study of Android Application Security

    A Study of Android Application Security

    A Study of Android Application Security William Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri Systems and Internet Infrastructure Security Laboratory Department of Computer Science and Engineering The Pennsylvania State University enck, octeau, mcdaniel, swarat @cse.psu.edu { } Abstract ingly desire it, markets are not in a position to provide security in more than a superficial way [30]. The lack of The fluidity of application markets complicate smart- a common definition for security and the volume of ap- phone security. Although recent efforts have shed light plications ensures that some malicious, questionable, and on particular security issues, there remains little insight vulnerable applications will find their way to market. into broader security characteristics of smartphone ap- In this paper, we broadly characterize the security of plications. This paper seeks to better understand smart- applications in the Android Market. In contrast to past phone application security by studying 1,100 popular studies with narrower foci, e.g., [14, 12], we consider a free Android applications. We introduce the ded decom- breadth of concerns including both dangerous functional- piler, which recovers Android application source code ity and vulnerabilities, and apply a wide range of analysis directly from its installation image. We design and exe- techniques. In this, we make two primary contributions: cute a horizontal study of smartphone applications based on static analysis of 21 million lines of recovered code. We design and implement a Dalvik decompilier, • Our analysis uncovered pervasive use/misuse of person- ded. ded recovers an application’s Java source al/phone identifiers, and deep penetration of advertising solely from its installation image by inferring lost and analytics networks.
  • Powershell Scripting Language Course Proposal for Tallinn University of Technology

    Powershell Scripting Language Course Proposal for Tallinn University of Technology

    TALLINN UNIVERSITY OF TECHNOLOGY School of Information Technologies Riivo Kiljak 178071IABM POWERSHELL SCRIPTING LANGUAGE COURSE PROPOSAL FOR TALLINN UNIVERSITY OF TECHNOLOGY Master’s thesis Supervisor: Siim Vene MSc Tallinn 2019 TALLINNA TEHNIKAULIKOOL¨ Infotehnoloogia teaduskond Riivo Kiljak 178071IABM POWERSHELLI SKRIPTIMISKEELE KURSUSE ETTEPANEK TALLINNA TEHNIKAULIKOOLILE¨ Magistrito¨o¨ Juhendaja: Siim Vene MSc Tallinn 2019 Author’s Declaration of Originality I hereby certify that I am the sole author of this thesis. All the used materials, references to the literature and the work of others have been referred to. This thesis has not been presented for examination anywhere else. Author: Riivo Kiljak 07.05.2019 3 Abstract In the thesis, a recommendation is made to establish a new course at TalTech. The course is intended to teach the PowerShell scripting language to students, most importantly in the IT Systems Administration programme. Course material is proposed in the form of lecture slides, home assignments and knowledge tests. All three of which are available in the appendices of the paper. Design science is used to pass iterations of improving the content prior the the paper publishing. Academic literature is analysed to determine the included and excluded topics and the teaching methodology. More- over, input is acquired from scrutinising public information on Microsoft’s official PowerShell courses and interviewing subject matter experts who use PowerShell at local companies. The course material is provided written in LATEX which means that it can be conveniently modified, version controlled and distributed in the PDF format. Although the proposed course is seen as an online course hosted on Moodle, argumentation is made suggesting a combination with classroom seminars is likely to result in better learning outcomes at the cost of scalability.
  • Developer Condemns City's Attitude Aican Appeal on Hold Avalanche

    Developer Condemns City's Attitude Aican Appeal on Hold Avalanche

    Developer condemns city's attitude TERRACE -- Although city under way this spring, law when owners of lots adja- ment." said. council says it favours develop- The problem, he explained, cent to the sewer line and road However, alderman Danny ment, it's not willing to put its was sanitary sewer lines within developed their properties. Sheridan maintained, that is not Pointing out the development money where its mouth is, says the sub-division had to be hook- Council, however, refused the case. could still proceed if Shapitka a local developer. ed up to an existing city lines. both requests. The issue, he said, was paid the road and sewer connec- And that, adds Stan The nearest was :at Mountain • "It just seems the city isn't whether the city had subsidized tion costs, Sheridan said other Shapitka, has prompted him to Vista Drive, approximately too interested in lending any developers in the past -- "I'm developers had done so in the drop plans for what would have 850ft. fr0m-the:sou[hwest cur: type of assistance whatsoever," pretty sure it hasn't" -- and past. That included the city been the city's largest residential her of the development proper- Shapitka said, adding council whether it was going to do so in itself when it had developed sub-division project in many ty. appeared to want the estimated this case. "Council didn't seem properties it owned on the Birch years. Shapitka said he asked the ci- $500,000 increased tax base the willing to do that." Ave. bench and deJong Cres- In August of last year ty to build that line and to pave sub-division :would bring but While conceding Shapitka cent.
  • Opentext Product Security Assurance Program

    Opentext Product Security Assurance Program

    The Information Company ™ Product Security Assurance Program Contents Objective 03 Scope 03 Sources 03 Introduction 03 Concept and design 04 Development 05 Testing and quality assurance 07 Maintain and support 09 Partnership and responsibility 10 Privavy and Security Policy 11 Product Security Assurance Program 2/11 Objective The goals of the OpenText Product Security Assurance Program (PSAP) are to help ensure that all products, solutions, and services are designed, developed, and maintained with security in mind, and to provide OpenText customers with the assurance that their important assets and information are protected at all times. This document provides a general, public overview of the key aspects and components of the PSAP program. Scope The scope of the PSAP includes all software solutions designed and developed by OpenText and its subsidiaries. All OpenText employees are responsible to uphold and participate in this program. Sources The source of this overview document is the PSAP Standard Operating Procedure (SOP). This SOP is highly confidential in nature, for internal OpenText consumption only. This overview document represents the aspects that are able to be shared with OpenText customers and partners. Introduction OpenText is committed to the confidentiality, integrity, and availability of its customer information. OpenText believes that the foundation of a highly secure system is that the security is built in to the software from the initial stages of its concept, design, development, deployment, and beyond. In this respect,
  • CONESTOGA CABINET ASSEMBLY INFORMATION What Is Included with Your Cabinets: What Is Not Included with Your Cabinets

    CONESTOGA CABINET ASSEMBLY INFORMATION What Is Included with Your Cabinets: What Is Not Included with Your Cabinets

    CONESTOGA CABINET ASSEMBLY INFORMATION We suggest you view the 4 minute assembly demonstration video on our web site to see how easily our high end custom cabinets are assembled. Before continuing, it is important to realize that Conestoga’s RTA cabinet is targeted at cabinet shops who would rather use this system than build their own custom cabinets from scratch. On one hand, this indicates that it’s a VERY high quality cabinet. On the other hand, it means Conestoga has made some assumptions that its user has certain level of cabinet making skills and knowledge which most homeowners may not possess. As a result, we feel the assembly instructions Conestoga details in their guide are incomplete. Therefore, we have compiled the following assembly information from our years of assembly experience with this product. Remember, as opposed to other Conestoga Re-sellers or sales agents, we actually use the product every day. So, if you have a question that is not answered here, just give us a call and we can talk you through it, send you images from our shop floor, diagrams or even helpful hardware items to assist you. If it gets frustrating, take some time away and give us a call or shoot us an email. Rest assured, we’ll get you through it! What is Included with Your Cabinets: Everything necessary to build the cabinet box. Drawer glides and necessary hardware/screws. Hinges and necessary hardware/screws. Doors, drawer fronts and drawer boxes. What is not included with Your Cabinets: Screws required to mount drawer fronts to the drawer boxes (we use self tapping wood screws 1-1/4” long, available at local home centers or hardware stores.
  • Beyond Compare User Guide

    Beyond Compare User Guide

    Copyright © 2012 Scooter Software, Inc. Beyond Compare Copyright © 2012 Scooter Software, Inc. All rights reserved. No parts of this work may be reproduced in any form or by any means - graphic, electronic, or mechanical, including photocopying, recording, taping, or information storage and retrieval systems - without the written permission of the publisher. Products that are referred to in this document may be either trademarks and/or registered trademarks of the respective owners. The publisher and the author make no claim to these trademarks. While every precaution has been taken in the preparation of this document, the publisher and the author assume no responsibility for errors or omissions, or for damages resulting from the use of information contained in this document or from the use of programs and source code that may accompany it. In no event shall the publisher and the author be liable for any loss of profit or any other commercial damage caused or alleged to have been caused directly or indirectly by this document. Published: July 2012 Contents 3 Table of Contents Part 1 Welcome 7 1 What's. .N..e..w............................................................................................................................. 8 2 Standa..r.d.. .v..s. .P..r..o..................................................................................................................... 9 Part 2 Using Beyond Compare 11 1 Home. .V...i.e..w..........................................................................................................................
  • Hacks, Cracks, and Crime: an Examination of the Subculture and Social Organization of Computer Hackers Thomas Jeffrey Holt University of Missouri-St

    Hacks, Cracks, and Crime: an Examination of the Subculture and Social Organization of Computer Hackers Thomas Jeffrey Holt University of Missouri-St

    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by University of Missouri, St. Louis University of Missouri, St. Louis IRL @ UMSL Dissertations UMSL Graduate Works 11-22-2005 Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers Thomas Jeffrey Holt University of Missouri-St. Louis, [email protected] Follow this and additional works at: https://irl.umsl.edu/dissertation Part of the Criminology and Criminal Justice Commons Recommended Citation Holt, Thomas Jeffrey, "Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers" (2005). Dissertations. 616. https://irl.umsl.edu/dissertation/616 This Dissertation is brought to you for free and open access by the UMSL Graduate Works at IRL @ UMSL. It has been accepted for inclusion in Dissertations by an authorized administrator of IRL @ UMSL. For more information, please contact [email protected]. Hacks, Cracks, and Crime: An Examination of the Subculture and Social Organization of Computer Hackers by THOMAS J. HOLT M.A., Criminology and Criminal Justice, University of Missouri- St. Louis, 2003 B.A., Criminology and Criminal Justice, University of Missouri- St. Louis, 2000 A DISSERTATION Submitted to the Graduate School of the UNIVERSITY OF MISSOURI- ST. LOUIS In partial Fulfillment of the Requirements for the Degree DOCTOR OF PHILOSOPHY in Criminology and Criminal Justice August, 2005 Advisory Committee Jody Miller, Ph. D. Chairperson Scott H. Decker, Ph. D. G. David Curry, Ph. D. Vicki Sauter, Ph. D. Copyright 2005 by Thomas Jeffrey Holt All Rights Reserved Holt, Thomas, 2005, UMSL, p.
  • Hostscan 4.8.01064 Antimalware and Firewall Support Charts

    Hostscan 4.8.01064 Antimalware and Firewall Support Charts

    HostScan 4.8.01064 Antimalware and Firewall Support Charts 10/1/19 © 2019 Cisco and/or its affiliates. All rights reserved. This document is Cisco public. Page 1 of 76 Contents HostScan Version 4.8.01064 Antimalware and Firewall Support Charts ............................................................................... 3 Antimalware and Firewall Attributes Supported by HostScan .................................................................................................. 3 OPSWAT Version Information ................................................................................................................................................. 5 Cisco AnyConnect HostScan Antimalware Compliance Module v4.3.890.0 for Windows .................................................. 5 Cisco AnyConnect HostScan Firewall Compliance Module v4.3.890.0 for Windows ........................................................ 44 Cisco AnyConnect HostScan Antimalware Compliance Module v4.3.824.0 for macos .................................................... 65 Cisco AnyConnect HostScan Firewall Compliance Module v4.3.824.0 for macOS ........................................................... 71 Cisco AnyConnect HostScan Antimalware Compliance Module v4.3.730.0 for Linux ...................................................... 73 Cisco AnyConnect HostScan Firewall Compliance Module v4.3.730.0 for Linux .............................................................. 76 ©201 9 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
  • How to Use Encryption and Privacy Tools to Evade Corporate Espionage

    How to Use Encryption and Privacy Tools to Evade Corporate Espionage

    How to use Encryption and Privacy Tools to Evade Corporate Espionage An ICIT White Paper Institute for Critical Infrastructure Technology August 2015 NOTICE: The recommendations contained in this white paper are not intended as standards for federal agencies or the legislative community, nor as replacements for enterprise-wide security strategies, frameworks and technologies. This white paper is written primarily for individuals (i.e. lawyers, CEOs, investment bankers, etc.) who are high risk targets of corporate espionage attacks. The information contained within this briefing is to be used for legal purposes only. ICIT does not condone the application of these strategies for illegal activity. Before using any of these strategies the reader is advised to consult an encryption professional. ICIT shall not be liable for the outcomes of any of the applications used by the reader that are mentioned in this brief. This document is for information purposes only. It is imperative that the reader hires skilled professionals for their cybersecurity needs. The Institute is available to provide encryption and privacy training to protect your organization’s sensitive data. To learn more about this offering, contact information can be found on page 41 of this brief. Not long ago it was speculated that the leading world economic and political powers were engaged in a cyber arms race; that the world is witnessing a cyber resource buildup of Cold War proportions. The implied threat in that assessment is close, but it misses the mark by at least half. The threat is much greater than you can imagine. We have passed the escalation phase and have engaged directly into full confrontation in the cyberwar.