PaulDotCom mailing list archives
Security Awareness Training for SysAdmins
From: jpommerening at SYMBION.COM (Pommerening, Jeremy)
Date: Thu, 22 Apr 2010 16:33:57 +0000
Very cool. Any chance you could share how you accomplished that? I think that would definitely garner some attention at my organization and maybe help to make a point in my department. Jeremy Pommerening MGR, Information Security Symbion, Inc. 615-234-8912 Direct 615-429-6883 BB GIAC - GCFA,GPEN, GAWN & GCFW, GIAC Advisory Board Member MCSE Win2K, MCSE NT4, CompTia SERVER+, HP APS From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Craig Freyman Sent: Thursday, April 22, 2010 9:41 AM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] Security Awareness Training for SysAdmins I recently gave a demo to some of our managers and tech support guys using SET that blew them away. I followed it up with some of the flashy metasploit stuff like the soundrecorder script and the vnc payload. Then, I had Metasploit order me a pizza. The demo had a major impact on them and they're all of a sudden very open to security awareness training and not bitching about having admin rights. On Wed, Apr 21, 2010 at 11:51 PM, Ng Choon Kiat <choonkiat83 at gmail.com<mailto:choonkiat83 at gmail.com>> wrote: Hi, I had a simple report on weak password and recommendation. Hope it is helpful for you This is quite silly, it was shared and posted not long ago here. http://twitter.com/cs420 Regards, Grey On Thu, Apr 22, 2010 at 10:27 AM, Jorge A. Orchilles <jorgeao at gmail.com<mailto:jorgeao at gmail.com>> wrote: Hello all, I was asked to put together an outline for a security awareness training/talk/presentation aimed at system and network admins. I would like to show examples and make it fun. Here are my thoughts so far but would like to see if any of you have done this, have resources to point me to, and/or feedback on what I have so far: * Password construction/management * Show online password lists for default passwords * Examples of bruteforcing and cracking * Emphasis on having strong and different passwords for each system * Policy * Online postings related to work * Social networks * Mailing lists * Vendor sites/forums * Following best practices * SANS SCORE * Vendor recommendations * Think of the data Thanks in advance, Jorge Orchilles _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com<mailto:Pauldotcom at mail.pauldotcom.com> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com<http://pauldotcom.com/> _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com<mailto:Pauldotcom at mail.pauldotcom.com> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com Disclaimer: The email and files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for the delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing or copying of this email is strictly prohibited. If you received this email in error, please delete it from your system without copying it, and notify the sender by reply email so that our address record can be corrected. Thank you. Symbion, Inc. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100422/f62a0e35/attachment.htm
Current thread:
- Security Awareness Training for SysAdmins Jorge A. Orchilles (Apr 21)
- Security Awareness Training for SysAdmins Ng Choon Kiat (Apr 21)
- Security Awareness Training for SysAdmins Craig Freyman (Apr 22)
- Security Awareness Training for SysAdmins Pommerening, Jeremy (Apr 22)
- Security Awareness Training for SysAdmins Craig Freyman (Apr 22)
- Security Awareness Training for SysAdmins Craig Freyman (Apr 22)
- Security Awareness Training for SysAdmins John Strand (Apr 22)
- Security Awareness Training for SysAdmins Ng Choon Kiat (Apr 21)