International IT Security and Hacking Conference c0c0n 2014 – CFP

c0c0nCall For Papers and Call For Workshops

August 22-23, 2014 – Cochin, India

Buenos Dias from the God’s Own Country!

We are extremely delighted to announce the Call for Papers and Call for Workshops for c0c0n 2014 c0c0n 2014 , a 3-day Security and Hacking Conference (1 day pre-conference workshop and 2 day conference), full of interesting presentations, talks and of course filled with fun!

The conference topics are divided into four domains as follows:

  • Info Sec – Technical
  • Info Sec – Management
  • Digital Forensics and Investigations
  • Cyber Laws and Governance

We are expecting conference and workshop submissions on the following topics, but are not limited to:

  • Cloud Security
  • Browser Security
  • Honeypots/Honeynets
  • Offensive forensics
  • Software Testing/Fuzzing
  • Network and Router Hacking
  • WLAN and Bluetooth Security
  • Hacking virtualized environment
  • Lockpicking & physical security
  • National Security & Cyber Warfare
  • Open Source Security & Hacking Tools
  • Web Application Security & Hacking
  • Exploiting Layer 8/Social Engineering
  • Malware analysis & Reverse Engineering
  • New Vulnerabilities and Exploits/0-days
  • Advanced Penetration testing techniques
  • Antivirus/Firewall/UTM Evasion Techniques
  • IT Auditing/Risk management and IS Management
  • Cyber Forensics, Cyber Crime & Law Enforcement
  • Mobile Application Security-Threats and Exploits
  • Critical Infrastructure & SCADA networks Security

Presentations/topics that haven’t been presented before will be preferred. We are looking for the hottest presentation topics based on the research and *HOTNESS* of the topic. To follow a fair process of speaker selection, the selection committee is only given the abstract without revealing the identities, ensuring a transparent and fair policy for all submissions.

Source URL:

http://www.is-ra.org/c0c0n/cfp

 Read More >>

Continue Reading

Advertisements

Even you can think on – IT Security Policy Development !!

policyI found many organizations without any IT Security – policy or with policy that none of any use or no one is following it. With the help of some industrial survey, employees not even read the policy book. May be due to lack of time or huge bunch of IT Security policy papers. Sometimes IT security manager not able to sort out right IT security policy papers for right employee. Even they not able to sign them properly. Of-course it depends on company/organization industrial level/band, country and trust. So, here is the question for you – Is your IT security policy guiding your employee to avoid confidential data leakage ?

Recently heard one scenario in IT industrial, One of the company IT administrator performed task which is beyond ability and got appreciation from IT manager personally. (administrator saved tons of company money, with the help of contacts/knowledge and experience in IT). As a result, in a few week administrator got appreciation letter from IT manager. Appreciation letter is nothing but in terms of resigning letter… huh.. Why ??
Administrator did best task for the company, even company CEO appreciate every time to his IT manager for wonderful job. But administrator got resigning letter from his IT manager… Bullshit right !! Where is your company policy ? Where is your task credit points ? Is your company IT policy for just employees or managers or CEO or each person of company ?

Sometimes questions are useful to contemplate on important topic. As i am discussing with the topic as ‘even you can also develop company policy’. Learn from company activity and develop new policy for the company and train others to learn new policies.

Developing all kind of document/policy is sometimes so hectic due to environment, time, task schedule. Even they forgot many things in while developing policy.

Here is the questions to ask your self at the time of developing it:

IT Policy Prominent ?
IT Policy Treatment ?
IT Policy Custodial Practices ? etc.
IT Policy Benefits ?
IT Policy Compliance ?
IT Policy Respect, Confidentiality, Trust ?

Some more questions to create document about policy:
IT Policy introduction with company environment ?
IT Policy Authorities and Compliance ?
IT Policy Applicability ?
IT Policies ? Procedure and Tasks ? Guideline ? Document Control ?

Here is small policy points to share with you from Information Systems Security Policy Handbook
==============================================================================
POL01 Responsibility of the office of information Security
POL02 Responsibility of the information Technology Security Board
POL03 Responsibility of system owner
POL04 Responsibility of information Technology Mangers
POL05 Responsibility of System Administrators
POL06 Responsibility of Data Custodians
POL07 Responsibility of Users
POL08 Monitoring of User Accounts, Files, and Access
POL09 Administrative Access to City Information Systems
POL10 Electronics Data and Records Management
POL11 Electronics Data Breach Disclosure
POL12 Access Controls
POL13 Systems and Network Security
POL14 Physical Security
POL15 Personnel Security Measures
POL16 Policy Enforcement
POL17 Acceptable Use of City Digital Equipment, Internet Access, Electronics Communications and Other Applications
POL18 Rules Specific to Electronics Communication Usage
POL19 Patch Management
POL20 Virus Malware Protection
POL21 Remote and Ad-Hoc Connectivity
POL22 Wireless Access
POL23 Web Application Deployment
POL24 Policy Exceptions
(…Continue in ISSP Handbook)
==============================================================================

Appendix A:
http://en.wikipedia.org/wiki/Security_policy
http://en.wikipedia.org/wiki/Information_security_policy
http://en.wikipedia.org/wiki/Information_Protection_Policy
SANS – Web Application Security Assessment Policy
Appendix B:
Business Justification for Application Security Assessment
Disgruntled Employee – The initial physical state of data leakage

Short-basket note on Information Security !!

When i was reading book on Linux Security: Craig Hunt Linux Library By Ramón J. Hontañón, I got very beautiful terms of Information security.

Security is not product. It is not software, and it is also not simply an excuse for a consulting engagement. It is a discipline that needs to be taken into consideration in any decision that you make as a network and system administrator. Security does not start or stop. You cannot install security, and you can’t even buy security. Security is training, documentation, design decision, and appropriate implementations. And the most important aspect of security is monitoring and honing your security policies as needed.

Well many organization follow the security auditing VAPT task, but they don’t follow the security policies. Even they miss to organize security training for their employees. they create disgruntled employee, may be due to senior authority ego, attitude etc.. and that is the loopholes for that company to data leakage.(See my earlier article)

WH-Type Questions on Vulnerability Assessment and Penetration Testing ! (0)

Many times we forgot to take output from many automated tools or Manual testing, we generally worked on raw data, The data which we have to arrange in way that client can understand risk rating of respective target. It is Tester’s skill to represent highly confidential data in-front of client.

Module O

Wh-type questions on VAPT

?


Before going to VAPT, we must have to know some criteria behind information Security. Every one have different point of view to explore their knowledge on any information Security topic, Here is some summary question that surely by searching answer of those, can create your own documentary !! wow..

General Questions on Information Security:-

What is information/data Security ?
What is Confidentiality ?
What is Integrity ?
What is Availability ?
What is Ethical Hacking ?
What are the classification of hackers ?

Future Questions:-

What is the history of hacking ?
why you want to know history of hacking, then go ahead and discover future of hacking 😉 ?

Motivation behind hacking:-

What is your purpose of hacking ? for money, profit, political view, competitive strategy, attitude,
personal grievance, curiosity, mischief, attract attention, credit ?

Optional Question on hacking:-

what is your point of view about hacking ?

A). Easy B). Hard C). neither easy nor hard D). Depends E). Not Applicable

Actual Terms in Ethical hacking:-

What is Vulnerability ?
What is Threats ?
What is Risk Management ?
What is IT Security Audit ?
What is LAW for ethical hacking in your country/state ?
What are the types of security test ?
What is Vulnerability Assessment ?
What is Penetration Testing ?
what is White Box and Black Box Testing ?
What is “Red Teams” ?

Actual Methodology of Testing:-

What is Testing Methodology ?

To be continued…

This insanity I speak of

            There are various stages occurred in everyone’s life, when the person is at small age. He faces different problems and their solutions depending on his environment. When the person is at bachelor’s life. He learns another world from his colleges and with social environments, and at the stage of earning or becoming the employee, he has to tilt his life from family to the real world. The real world which is completely mix-up of all kinds of people. World is so beautiful, so graceful, but the main thing behind it, is how you are taking the advantage of your world from your ability. What ever you are going to do, is effect on your world only. The world which you are seeing through your eyes, so the perspective of everyone’s looking towards the world is different from you. but if you observer the things behind the perspective that some group of people reached last stage and some people stay behind cause, though the perspective of the group is different from others, still the goal they are acquiring is the same. It becomes group goal. That is why some thoughts we have to bookmark in our mind

“Everyone’s World is different. The perspective of two people looking at the same thing could be different based on their preconceived notions and thoughts.” by Tej Gyan Foundation.

strange right !! but its true, believe it or not !

These are some thoughts eagerly motivate us to spread the knowlerience (knowledge + experience) about the humanity and the source. Well as of now, I discussed the topic which is being on humanity and this platform indicates completely about the information security. sorry gentle man !

I faced so many things that I would like to share with you like when you are reading some books of the hacking/security. At very eager step, you learn techniques(tools) and later after reading full books, you get to know how to use right tool with right time ? why we do ? and what is the process and framework ? yes the same thing that I want to focus your mind on and it is UNDERSTANDING !!

Every ethical hacker needs an understanding for reason that really help to glow his career. May be people will not agree with “understanding” term but it’s according to my point of view (eye). so relax and enjoy.

Now I will explain the meaning of understanding in security field,

When you are securing your information, first you have to understand the configuration of server, client.. etc.
When you are sending your data over the network securely first to understand the encryption..
When you are reading personal data over the network first understand the decryption or malicious packages..
Understand the tool, algorithm, OS, Keys, and blah blah..

In every scenario, what you are doing on internet or network, you have to understand first, we found !

I am Niraj Mohite From Pune, MH, India – searching for the best opportunity in the field of Computer Security Research.

so lets begin with understanding about the information security

(I have never written blog post about my self and documents before. This feels a lot like LiveJournal.)