The Pluralsight Learning Path for CompTIA A+... Meanwhile, in the Real World…customer technician We’re being audited!. Proprietary, closed-source- Vendor owns the code Vendor defines
Trang 1Addressing Prohibited Content and Activity
Tim Warner
@TechTrainerTim timothy-warner@pluralsight.com
Trang 2The Pluralsight Learning Path for CompTIA A+
Trang 3Operational Procedures for CompTIA A+ (220-902)
Trang 5Meanwhile, in the Real World…
customer technician
We’re being audited! How can I isolate
PII?
Trang 6CompTIA A+ 220-902
Summarize the process of addressing prohibited content/activity, and explain privacy, licensing, and policy concepts
5.3
Trang 7Incident Response
Trang 8Intentional or unintentional
attack
Inappropriate
resource use
Data theftSecurity breach
What is an 'Incident'?
Trang 9 Identify the problem
- Network monitoring (consent to
Trang 10Fully document security policyMake documentation availableTrack changes (wikis are good)Maintaining Documentation
Trang 11MediaWiki
Trang 13Licensing/DRM/EULA
Trang 14 Proprietary, closed-source
- Vendor owns the code
Vendor defines license terms
Generally a profit motive
Activation/DRM are big issues for vendor
Generally altruistic motive
Weakness: support
Open Source
Open Source vs Commercial Licenses
Trang 15 Individual, end-user license
You don't purchase the
software, you purchase the
right to install and use it
License may not be
Trang 16 End-user license agreement
Also called "software license
agreement"; used in
proprietary software
Software normally won't install
unless the user agrees to the
EULA
EULA
Trang 18Demo 1: Investigating DRM
AD RMS
Standards, Practices, & Theory
for CompTIA Network+
Trang 19PII and End-User Policies
Trang 21 End-user policies
- AUP
Security best practicesPolicies and Best Practices
Trang 22Demo 2: Identifying PII
Use PowerShell
Standards, Practices, & Theory
for CompTIA Network+
Trang 23Meanwhile, in the Real World…
customer technician
We’re being audited! How can I isolate
PII?
Trang 24Back in the Real World
customer technician
Use regular expressions and administrative scripting
Trang 25 Download the trial version of a PDF DRM engine
Research available exploits to
give you experience “on both
sides of the fence”
Homework
Trang 26 Pluralsight: Network Security for CompTIA Network+ ( Tim Warner )
- See the module "Summarizing Basic Forensic Concepts"
Pluralsight: Ethical Hacking - Understanding Ethical Hacking ( Dale Meredith )
- See the module "Information Security Controls"
For Further Learning
Trang 27Licensing is a big deal both for ISVs and enterprise businesses (audit!)
You need AUP documentation to protect your company legally
professionalism
Summary