Idigital Classroom

Information is the lifeline of an organization. Think about what blood does to a human being. That is actually how the data and information that flow through our network is importance for our organization. Data and information are essential in our private lives as we monitor our homes using remote cameras. We want to know where our kids are, what they are doing, or where they are hanging out. We want to know where our vehicles are parked and the things happening around them. So, the...

As you can see in today's world, so many devices are now classified as a computer. In the past, people think that the computer is the big bulky device you see on tables in many offices and organizations. You are right. Those devices are still considered computers. However, many other devices are now behaving and acting the same way those computers act. There are several devices that make up the Information Technology infrastructure for a business or an organization, even for individuals. In...

It is essential to understand what could go wrong in a system and to use mitigation action to protect the system from potential threats. In recent weeks you may have heard of an incident that explained why there is a need to take a defensive approach to protect your digital assets and infrastructures. The incident is that of Kaseya. Wired.com reported that the Kaseya was warned by the Dutch Institute for Vulnerability Disclosure that there was a potential vulnerability in its system. In this...

Kaspersky Lab conducted a study to determine what role employees play in a business's fight against cybercrime. The study used over 5,000 businesses around the globe and found out that (52%) of the businesses surveyed believed they are at risk from within and that their employees either intentionally put the businesses at risk or are put the businesses at risk through carelessness or lack of knowledge. The question that comes to mind after reading that report is why employees are...

Ransomware is a type of malware that creeps into a network, scans the network to identify targets, and then uses encryption to seize all or some parts of the network. Thus, the victim's information is held at a ransom. After encrypting the files, the attacker becomes the only one with the decrypting key. In a network that experienced a ransomware attack, the system owner will not be able to have access to the files, databases, or applications. The attacker then resumes operation by demanding...

Network configuration refers to the process of setting a network's controls, flow, and operation to support the network infrastructure of an organization or for an individual owner. Components of a computing network include Internet/network protocols, software or application, firewall, routers, and others that perform related tasks. Most network configurations are designed to meet communication objectives. For example, the router is configured with the correct IP addresses and route...

Web application frameworks provide a structure for building and developing applications through the provision of predefined classes, modules, and functions. The predefined classes and modules help to manage system hardware, software and to manage the streamlining of the application development process. The framework in this discussion includes application frameworks such as Angular.js or Django and content management system frameworks such as WordPress. Most web application frameworks use...

The head section of web pages contains troves of information that can be used to ensure that the site is efficiently crawled or positioned for search engine optimization. There is information about the name of the author, the description of the page, and the language used on the web page. Some sites have information about the Twitter account, the URL address where the images are hosted, about other relevant URL addresses that are connected to the website. I have viewed some source files...

In the head section of web documents, there is meta-information used to describe the page, including helping search engines categorize the page. The meta-information that is of utmost importance to the discussion is the meta information for robots that refers to the robots.txt file. The roborts.txt is a file that website owners use to inform web crawlers about their website, including information on what page to crawl and what page to ignore. According to Google, a good objective for a...

Using a search engine discovery is another great option for gathering intelligence about a penetration testing target. A search engine query can be direct or indirect. The direct method is where the search engine can be sued to dig into the indexes and contents from caches. The indirect method is where sensitive information such as the design and configuration of the website could be assessed by searching about the target in forums or social media sites. To proceed with trying to understand...

One of the available options is to gather information about the server is to understand the server configuration. This is referred to as web server fingerprinting. With the web server fingerprinting, the pentester tries to identify the type and version of the web server that a target application or website is using. The information gathered from this type of test can be used to determine the type of potential vulnerability available in the target. Servers that are running outdated software...

The need to discuss testing is borne out of the desire to ensure the safe and secure use of the software. Almost everyone that has access to the internet uses some software or the other. The pandemic era has even made the use of computer software more prevalent than any other time since the origin of the internet. Some people might say that they are not security professionals and may not be showing interest in software security discussions. My response to such thoughts is that they need to...

There are several types of tools for penetration testing. The number of available tools is so many that it will be practically impossible to learn all of them. Using the wrong set of tools can be a problem because the pen tester would have wasted so much time trying to gather the wrong information. As a beginner, it may take some guidance to be able to select the right tool. A poorly planned and executed penetration tool is as bad as not acting to protect your systems. There is no room for...

The decision to conduct penetration testing is an indication of the importance of risk management in any organization. It is a good professional practice to document security policies that outlines how penetration testing should be conducted and how it relates to different types of systems, such as servers, wen applications, laptops, desktops, tablets, smartphones, and numerous others. Penetration testing is also referred to as ethical hacking. Though both refer to the same concept, there...

Many organizations spend their IT budgets on the wrong technology infrastructure. Would you consider knowing where to spend your IT budget? Even when an organization makes the right expenditure on the right IT infrastructure, would it not be competitive to protect those infrastructures? What would your customers do if they have the slightest reason to believe that their personal information is not secure with your enterprise systems? I do not know of any organization that looks good...

As eLearning is emerging as a good alternative for learning in situations where learners and instructors cannot meet in a physical location, the need to ensure confidentiality, integrity, and availability of eLearning systems are growing just as the demand for eLearning is growing. Elearning depends on the internet and its availability and suffers the same potential threat as other online activities. However, the impact of a breach can differ from the use and the type of system. A breach in...

Social engineering has been described from many perspectives, but it is not a new concept. Social engineering refers to a deceptive activity that is used to trick a victim or a person into taking certain actions that may be beneficial to the attacker and detrimental to the victim. Social engineering has been used all the ages in human history. All throughout history, there have been cases of human hacking where a person has been deceived into taking an action that is for another person’s...

Using the Internet can be very interesting, exciting, especially for new users. There are many exciting things to do online. The excitement of using the Internet can be marred by malicious hackers and other groups that want to collect personal information about online users. Though some organizations use some of the information they collect about on web users for personalization and recommendation of services, some others collect your information to sell it on the dark web. They collect...

Competency with the use of technology is essential, but it is also essential to understand how to behave in a digital society. The explosive use of the internet and social media has created enormous opportunities for users to express themselves in unprecedented ways. Though all the innovative ideas of sharing content are exciting, there are associated risks in terms of Privacy and abuse...More --- Support this podcast: https://podcasters.spotify.com/pod/show/digitalclassroom/support

The COVID-19 pandemic has created an unprecedented challenge that forced learners and several other institutions to move to the virtual world. Many learners woke up one day and realized that the physical classroom has suddenly moved online due to Covd19. Challenges of sudden migration to remote work and remote learning are not only felt by the learners and employees. Some organizations complain about how to coordinate users in an online community setting and some others complained about how...