Be smart with passwords

Ideally, you want to use long, strong and unique password for each of your on-line account. The issue is how to remember them all. For that, you can use a password manager that will remember all your credentials in one place. Such a piece of software should also encrypt your database (password repository) and should beable to generate long random passwords.

You can then afford to only remember one password. Make it long and complicated, and above all, don’t forget it.

Example of password repository are Keypass and Lastpass. 

If you are using any other, let us know which one and why you chose it.




Cisco courses at MIT (Auckland)

CCNA, CCNA security, CCNP, A+

Come and prepare your Cisco certification with the experts! Evening classes available for some courses, or if enough people request it.

Prepare for CCNA, CCNA Security, and CCNP at the Manukau Institute of Technology

prepare for CCNA, CCNA Security, CCNP and A+ at the Manukau Institute of Technology

More on this page.

Contact us for more details

Find Yourself In The Future of Cloud Computing

Find Yourself In The Future of Cloud Computing

 REGISTER NOW for the Find Yourself In the Future Cisco TV Series on Thursday, 18 June 2015 from 12 noon until 1 pm (UTC+8) with Evelyn de Souza, cloud compliance and data privacy leader at Cisco.

Cloud computing promises new career opportunities for IT professionals. In many cases, existing core skillsets transfer directly to cloud technologies. In other instances, IT pros need to develop new skill sets that meet the demand of emerging cloud job roles.

Evelyn de Souza’s greatest challenge professionally has been stepping into a technology career path without a technology background.   She started her career as a music teacher and made the extreme career transition into the information security technology industry. Today, she holds a dual role as Cloud compliance and Data Privacy Leader at Cisco and Chair of the Data Governance Work-group for the Cloud Security Alliance. She was named to CloudNOW’s Top Ten Women in Cloud Computing and Silicon Valley’s Business Journal 2015 Women of Influence.

Tune in to hear first-hand Evelyn’s exciting career journey and have the unique opportunity to ask Evelyn questions and seek her personal advice.

Hurry, places are limited.

Evelyn de Souza
Cisco’s Cloud Compliance and Data Privacy Leader

Preparation to the ICND2 certification exam

Preparation to ICND2 (evening classes)

Two courses preparing you towards the  200-101 ICND2 certification exam, resulting in the CCNA certification when combined to the ICND1 exam will run from July 2015. Alternatively, if you are a certified CCENT, this is the logical follow up  to prepare the 200-120 CCNA (composite exam)

These courses will be taught in the School of Engineering, home of the Cisco Networking academy  at the Manukau Institute of Technology.

The duration of each course is 8 weeks, and they will run in the evening.

Cisco Certification

Details out of one of our seven racks available to students to prepare Cisco certifications

 

CCNA Security

Blended and Distance CCNA Security Course

A preparation course to the CCNA Security  certification (640-554 IINS) will start in Auckland in  July 2015. This course can be made available in blended and/or distance format, depending on the numbers and geographical location of potential interested students.

The content of the course is described in a previous post

Blended? Distance?

Blended and distance allow you to complete the course out of normal business hours (evening/week-end)

How to register your interest

To register your interest or obtain further details, you need to get in touch via the contact page. We are looking forward hearing from you.

 

Career : Train Your Hands and Brain

Aim for a rewarding career

Over 2 million ICT jobs will be available around the world by 2015.

Are your hands and brain prepared to fill them?

Build your ICT skills through Cisco Networking Academy .

You can prepare your IT certifications in Auckland at the School of Engineering at the Manukau Institute of technology. Learn more at  http://www.technologysecurity.org/cisco-networking-auckland/

The Ongoing War Against Cybercrime

The ongoing war against cybercrime

Nicholas Gilmour, Massey University and Andrew Colarik, Massey University

Cybercrime is estimated to cost the global economy upwards of US$400 billion a year, and these costs are expected to continue to rise.

At greatest risk is the financial industry as its assets are the easiest to monetise. These globally connected financial institutions have committed huge resources to hardening their information infrastructures that includes personnel, security services and mechanisms, and physical controls.

A recent survey of IT professionals working in the financial sector found that “only 16% felt very prepared to fend off intrusions aimed at financial accounts”.

Despite their best efforts, banking operations around the world have recently been breached by a single organised cybercrime operation for a reported US$1 billion.

So despite vast resources committed to preventing breaches, why do they continue to occur?

The weakest link: people

In today’s highly integrated, digitally dependent enterprise, a single digital path into an organisation willingly opened creates an opportunity for anyone who is both aggressive and entrepreneurial enough to commit cybercrime.

It does not matter how secure an organisation thinks its systems are against cyber attacks, all it needs is the action of a single staff member – either accidentally or intentionally – to breach that security.

Access by staff to email, the web and teleworking systems open the door to malicious code that then provides outsiders with internal access.

Even something as simple as a memory stick or thumb drive found in the parking lot can be the carrier of sophisticated root kits and remote administration tools (RAT) that can be used to gain remote access and hide malicious code.

This lets the attacker own the system that can be used to gain access. From there it’s a simple task to monitor internal activities using insiders’ credentials until enough process knowledge is gained.

Cyber criminals can then begin transferring key records, whole databases, and even transfers of account balances. This is simplified even further when key employees are assigned the access and a usage right to carry out certain transactions and it is these credentials that have been hijacked.

Cybercrime knows no boundaries and wears no face

The very nature of the internet as a global network allows international communications connecting people and supply chains almost anywhere in the world.

This allows criminals to access company systems from nearly any jurisdiction. Because law enforcement is a sovereign-based endeavour, multijurisdictional investigations require nations to collaborate.

Despite international agreements on cybercrime cooperation such as the Council of Europe’s Convention on Cybercrime the mobile nature of cyber-attacks requires specialised skill sets, fast response times and people resources in order to track and apprehend suspects.

When these resources come together, the anonymity and concealment the internet provides makes it difficult to prove that a given individual indeed used a given system to break the law.

Risk versus rewards with nominal costs

The existence of hacking tools and exploits has been around for decades.
However, the significant financial benefits of cybercrime have spawned a supporting service: malware for hire.

Crime is profitable and for a relatively modest sum, do-it-yourself toolkits and customisation services – available through the internet – can generate significant financial rewards. In other words, these services can create made-to-order malware for whatever purpose required.

The cost-benefit analysis to making money becomes easy when combined with a well-planned delivery approach and financial laundering scheme.

With the advent of digital currencies such as Bitcoin, stolen cash can easily be converted and transferred anywhere in the world.

Organised crime

Cybercrime has become big business. Driven by profit, organised crime has clearly extended its know-how to ensure widespread exploitation of open and hidden networks.

Utilising the skills of others and having an ability to control those master minding cybercrime endeavours, organised crime has confidently enlarged its entrepreneurial behaviour mimicking legitimate business practices to secure financial profit through strategic alignment of resources.

Whereas safe havens, weak states and outdated legislation once provided the necessary sanctuary for cybercrime, today anonymisation and encryption protect such activities.

Features such as these have altered the organisational structure of organised crime. Relationships have moved away from recognisable heirarchial structures to transient and transactional motivated criminal enterprises.

Improved cybercrime opportunities have also facilitated the laundering of illicit funds. As organised crime has become richer and more powerful, the concealed cyber facilitated criminal process has helped cyber criminals launder illicitly derived funds away from the oversight and regulation of the legitimate economy.

Thoughts for the future

Disabling cybercrime is possible, but like so many modern day harms, there is no simple solution. It is apparent that what we are doing to tackle cybercrime is not working.

Hence, future responses must be universal, and while enhanced communication and international commitment exist – it must remain resolute.

The components of cybercrime are diverse, encompassing victims on an international scale.

While practices do exist to counter the many facets of cyber crime, success is slight. Evidence of what works and what doesn’t would certainly support preventative activities.

By creating a comprehensive picture of cybercrime, it could then be possible to generate timely and accurate ground level assessments – helping to align transnational debate.

Then, and only then, can we begin to think outside the box, conjuring up new ideas on real world cyber related criminally driven problems to help the development of a new anti-cybercrime campaign.

The Conversation

This article was originally published on The Conversation.
Read the original article.

The ConversationCreative commons logo

Live attack on GitHub

DDoS attack

A massive DDos attack has been taking place on GitHub for the last 4 days.

From the status page the administrators seem to get on top of it, and the page is describing well the sequence of events

More information on the background of the attack is available here.

 

Comments on the Quality of CCNP Course

Moderator’s comments

The Manukau Institute of Technology (Auckland, New Zealand) has received last week the external (industry) moderator’s report for the Advanced Networking Engineering 3 course, preparing students for the Cisco SWITCH certification exam.

Here are some of the comments:

“students are assessed on their in-depth understanding of the topic.”

“Both the coverage and depth of the” (skills) “assessment are of high industry standards.”

“…shows how successful the students have mastered the course. The students’ performance is outstanding”

“The students get the knowledge and skills the network industry needs.”

Not convinced yet? Look at this page

If you need more details, or wish to enrol,  contact us for more details

Would you compromise your computer for one cent an hour?

An excellent article from Andrew Smith, from the OU. 
What do you think? Looking forward to a discussion on the topic

Would you compromise your computer for one cent an hour? This study says you might

Andrew Smith, The Open University

There are many tales in literature over millennia about people selling their soul to a malevolent deity for the right price. But at least it’s usually a good price. Recent research has discovered that we are willing to compromise our computer for no more than one cent in income.

The researchers from the Carnegie Mellon University CyLab who carried out this work, tempted users by into downloading and, in many cases, actually running a Windows application on their computer. After they had agreed to take part, they were told that it was for an academic study but were given very little other information about the application. The application pretended to run a series of computational tasks and paid those who installed it one cent for every hour it was left running.

Even though a participant’s machine would give them a pop up warning when they started the download to tell them that this application wanted higher level access to essential security services, 22% of them went ahead and downloaded. And when participants were offered $1 per hour, that figure rose to 43%.

With more than 1,700 downloads, the application was run about 960 times, meaning that just over half of participants fell for the ruse. Alarm bells should have rung, but they were apparently not heeded.

The fact is, this application could easily have contained malware. Participants knew little about what they were installing other than it would pay them for their processing power but they didn’t seem to mind.

The ethics of this research are certainly potentially dubious. Individuals were lured into downloading this application for a seemingly good cause and we know nothing of their financial circumstances. It’s a scenario that many of us can recognise in one way or another, though. We may not get a financial reward for downloading applications but how often to we click away warnings so we can get an app that offers us some other incentive, such as access to free music or movies?

Crooks will be pleased to learn from this study that it is apparently very easy to trick ordinary computer users into hosting your malware.

It is an old adage, but it is still very important to remember – if it looks too good to be true, it probably is. Do not install any application without checking if the source is reputable. Free is often good, but with free on the internet comes with many risks. This is particularly true for sites offering access to illegal movies or adult content.

Whenever you download an application from any source, trusted or otherwise, you should complete a simple mental checklist.

Did I scan for malware just before I clicked to install the application? Is my operating system warning me about the security risks with this application? Did I scan my system for malware after I installed the application? And finally, do I have up to date anti-malware software?

This all may seem tedious, but it pays to be cautious. Recent incidents have taught us that there are plenty of people out there who will take advantage of anyone who hasn’t protected themselves properly. Whether this research shows that we just can’t be bothered to read the pop up warnings our computers send us when we click and install or whether it shows that we are even more willing to compromise our security in the name of a quick buck, it should make us think twice about how blindly we click. Just as any character in literary history will tell you, selling your soul rarely turns out to be a good deal.

The Conversation

This article was originally published on The Conversation.
Read the original article.

The ConversationCreative commons logo