Security Awareness Training for SysAdmins

[jpommerening at SYMBION.COM (Pommerening, Jeremy)]

Very cool.  Any chance you could share how you accomplished that?  I think that would definitely garner some attention 
at my organization and maybe help to make a point in my department.

Jeremy Pommerening
MGR, Information Security
Symbion, Inc.
615-234-8912 Direct
615-429-6883 BB

GIAC - GCFA,GPEN, GAWN & GCFW,
GIAC Advisory Board Member
MCSE Win2K, MCSE NT4,
CompTia SERVER+, HP APS


From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Craig 
Freyman
Sent: Thursday, April 22, 2010 9:41 AM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] Security Awareness Training for SysAdmins

I recently gave a demo to some of our managers and tech support guys using SET that blew them away. I followed it up 
with some of the flashy metasploit stuff like the soundrecorder script and the vnc payload. Then, I had Metasploit 
order me a pizza. The demo had a major impact on them and they're all of a sudden very open to security awareness 
training and not bitching about having admin rights.
On Wed, Apr 21, 2010 at 11:51 PM, Ng Choon Kiat <choonkiat83 at gmail.com<mailto:choonkiat83 at gmail.com>> wrote:
Hi,

I had a simple report on weak password and recommendation. Hope it is helpful for you

This is quite silly, it was shared and posted not long ago here.
http://twitter.com/cs420

Regards,
Grey
On Thu, Apr 22, 2010 at 10:27 AM, Jorge A. Orchilles <jorgeao at gmail.com<mailto:jorgeao at gmail.com>> wrote:
Hello all,

I was asked to put together an outline for a security awareness training/talk/presentation aimed at system and network 
admins. I would like to show examples and make it fun. Here are my thoughts so far but would like to see if any of you 
have done this, have resources to point me to, and/or feedback on what I have so far:

  *   Password construction/management

     *   Show online password lists for default passwords
     *   Examples of bruteforcing and cracking
     *   Emphasis on having strong and different passwords for each system
     *   Policy

  *   Online postings related to work

     *   Social networks
     *   Mailing lists
     *   Vendor sites/forums

  *   Following best practices

     *   SANS SCORE
     *   Vendor recommendations
     *   Think of the data
Thanks in advance,
Jorge Orchilles

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com<mailto:Pauldotcom at mail.pauldotcom.com>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com<http://pauldotcom.com/>


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com<mailto:Pauldotcom at mail.pauldotcom.com>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



Disclaimer: The email and files transmitted with it are confidential and are intended solely for the use of the 
individual or entity to whom they are addressed.  If you are not the original recipient or the person responsible for 
the delivering the email to the intended recipient, be advised that you have received this email in error, and that any 
use, dissemination, forwarding, printing or copying of this email is strictly prohibited.  If you received this email 
in error, please delete it from your system without copying it, and notify the sender by reply email so that our 
address record can be corrected.  Thank you. Symbion, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100422/f62a0e35/attachment.htm