This document defines the general security requirements for the protection of the integrity, confidentiality and availability of the IT Professional Security’s (ITPROSEC) networks, computer systems and information. This document is one in a series that defines security requirements that are applicable to people, processes and technology at the ITPROSEC. This documented is aligned with four […]
ITPROSEC General Security Requirements Read More »
The objective of the ITPROSEC Data Classification and Control Process is to protect the information assets of the ITPROSEC by ensuring the confidentiality, integrity and availability of the assets. Information has many forms including conversations, speeches, printed documents, handwritten notes, information stored on computer systems in electronic form, video and audio tapes, etc. Information assets
ITProSec Data Classification and Control Process Read More »
Overview: This document offers a recommended, cyclic approach to managing both cybersecurity and information security related events in a systematic manner. The phased incident response approach outlined in this document aligns with the approach recommended by the US National Institute of Standards and Technology (NIST).
Information Security Incident Response Policy and Procedures Read More »
Overview : The purpose of this document is to outline a proposed approach to deploying the security awareness and training program at the ITPROSEC. This document will outline the proposed approach, timing and materials the ITPROSEC’s Information Security team would like to deploy over the course of the upcoming fiscal year (FY2017/2018). The intended audience
Security Awareness Deployment Plan Read More »
Navicat connects to the MySQL database through ssh, without opening the database port (3306 by default), and without creating another user that allows external network connections, which can greatly improve security. Of course, if your server is enabled with ssh service. The following uses Mac version of Navicat as an example to teach you how to
Securely Remote Connect to MySQL with Navicat SSH Read More »
Mimikatz is an artifact that can obtain memory from the Windows Authentication (LSASS) process, and obtain plaintext passwords and NTLM hashes. Mimikatz is commonly used in intranet penetration to obtain plaintext passwords or hash values to roam the intranet. However, in actual application, we often encounter the interception of killing soft, so here I refer to the information on
Several Methods to Run Mimikatz Read More »
1. Brian Krebs 2. Wombat Security 3. Errata Security 4. Kaspersky Labs 5. Security Bloggers Network 6. Sophos 7. Paul’s Security Weekly 8. Akamai 9. The Security Ledger 10. Graham Cluley 11. Akamai 12. McAfee AntiVirus securing tomorrow 13. Naked Security 14. Shodan 15. NoMoreRansom 16. National Cyber Security Centre 17. Reddit: r/infosec r/sysadmin r/crypto r/cybersecurity r/opsec r/privacy r/intelligence r/asknetsec 18. Google’s Digital Attack Map 19. OSINT
Some Useful Information Security Websites/Blogs to Visit Read More »
Foreword: Apache’s mod_expries module automatically generates Express tags and Cache-Control tags in the header information of the page. The client browser determines according to the tag that the next visit is to fetch the page in the cache of the local machine, and does not need to make a request to the server again, thereby
Apache webpage and security optimization-webpage caching (connotation experiment) Read More »
