Addressing Prohibited Content and Activity Tim Warner @TechTrainerTim timothy-warner@pluralsight.com The Pluralsight Learning Path for CompTIA A+ (220-902) Introduction Windows OS Other Operating Systems Security Software Troubleshooting Operational Procedures Operational Procedures for CompTIA A+ (220-902) Table of Contents Using Appropriate Safety Procedures Applying Appropriate Environmental Controls Addressing Prohibited Content and Activity Demonstrating Professionalism Explaining Troubleshooting Theory Overview Incident response Licensing/DRM/EULA PII and end-user policies Meanwhile, in the Real World… We’re being audited! How can I isolate PII? customer technician CompTIA A+ 220-902 Summarize the process of addressing 5.3 prohibited content/activity, and explain privacy, licensing, and policy concepts Incident Response What is an 'Incident'? Security breach Data theft Inappropriate resource use Intentional or unintentional attack First Response  Identify the problem - -  Data/device preservation -  Network monitoring (consent to monitoring) Examining logs Interviews eDiscovery Report through proper channels Maintaining Documentation Fully document security policy Make documentation available Track changes (wikis are good) Licensing/DRM/EULA Open Source vs Commercial Licenses Open Source  Also called FOSS -   Linux, MySQL, VirtualBox VM GPL -   Community-owned code Anybody can modify Generally altruistic motive Weakness: support Commercial  Proprietary, closed-source - Vendor owns the code  Vendor defines license terms  Generally a profit motive  Activation/DRM are big issues for vendor Personal vs Enterprise Licenses Personal     Individual, end-user license You don't purchase the software, you purchase the right to install and use it License may not be transferable Technician license Enterprise  Server license  Client-access license  Volume license agreement  Software assurance EULA  End-user license agreement  Also called "software license agreement"; used in proprietary software  Software normally won't install unless the user agrees to the EULA DRM • business documents • e-mail messages • instant messages • creative media (music, movies, eBooks) • software • • • • Stakeholders: Vendor/business Customer DRM breakers http://bit.ly/1QuVZQ1 Demo 1: Investigating DRM AD RMS Standards, Practices, & Theory for CompTIA Network+ PII and End-User Policies PII   Personally identifiable information A breach means a loss of privacy -  Financial theft Identity theft Encryption - At rest and in transit Policies and Best Practices  End-user policies -  AUP Security best practices Demo 2: Identifying PII Use PowerShell Standards, Practices, & Theory for CompTIA Network+ Meanwhile, in the Real World… We’re being audited! How can I isolate PII? customer technician Back in the Real World Use regular expressions and administrative scripting customer technician Homework   Download the trial version of a PDF DRM engine Research available exploits to give you experience “on both sides of the fence” For Further Learning  Pluralsight: Network Security for CompTIA Network+ (Tim Warner) -  See the module "Summarizing Basic Forensic Concepts" Pluralsight: Ethical Hacking - Understanding Ethical Hacking (Dale Meredith) - See the module "Information Security Controls" Summary Licensing is a big deal both for ISVs and enterprise businesses (audit!) You need AUP documentation to protect your company legally Next module: Demonstrating professionalism ... Pluralsight Learning Path for CompTIA A+ (220- 902) Introduction Windows OS Other Operating Systems Security Software Troubleshooting Operational Procedures Operational Procedures for CompTIA A+ ... A+ (220- 902) Table of Contents Using Appropriate Safety Procedures Applying Appropriate Environmental Controls Addressing Prohibited Content and Activity Demonstrating Professionalism Explaining... Licensing/DRM/EULA PII and end-user policies Meanwhile, in the Real World… We’re being audited! How can I isolate PII? customer technician CompTIA A+ 220- 902 Summarize the process of addressing 5 .3 prohibited