Addressing Prohibited Content and Activity
Tim Warner
@TechTrainerTim
The Pluralsight Learning Path for CompTIA A+
(220-902)
Introduction
Windows OS
Other Operating Systems
Security
Software Troubleshooting
Operational Procedures
Operational Procedures for CompTIA A+ (220-902)
Table of Contents
Using Appropriate Safety Procedures
Applying Appropriate Environmental Controls
Addressing Prohibited Content and Activity
Demonstrating Professionalism
Explaining Troubleshooting Theory
Overview
Incident response
Licensing/DRM/EULA
PII and end-user policies
Meanwhile, in the Real World…
We’re being
audited! How
can I isolate
PII?
customer
technician
CompTIA A+ 220-902
Summarize the process of addressing
5.3 prohibited content/activity, and explain
privacy, licensing, and policy concepts
Incident Response
What is an 'Incident'?
Security breach
Data theft
Inappropriate
resource use
Intentional or
unintentional
attack
First Response
Identify the problem
-
-
Data/device preservation
-
Network monitoring (consent to
monitoring)
Examining logs
Interviews
eDiscovery
Report through proper
channels
Maintaining Documentation
Fully document security policy
Make documentation available
Track changes (wikis are good)
MediaWiki
Evidence tracking
Chain of
Custody
No tampering (file hashes)
Who sees the evidence?
Documentation process
Bagging and tagging evidence
Licensing/DRM/EULA
Open Source vs. Commercial Licenses
Open Source
Also called FOSS
-
Linux, MySQL, VirtualBox VM
GPL
-
Community-owned code
Anybody can modify
Generally altruistic motive
Weakness: support
Commercial
Proprietary, closed-source
- Vendor owns the code
Vendor defines license terms
Generally a profit motive
Activation/DRM are big issues
for vendor
Personal vs. Enterprise Licenses
Personal
Individual, end-user license
You don't purchase the
software, you purchase the
right to install and use it
License may not be
transferable
Technician license
Enterprise
Server license
Client-access license
Volume license agreement
Software assurance
EULA
End-user license agreement
Also called "software license
agreement"; used in
proprietary software
Software normally won't install
unless the user agrees to the
EULA
DRM
• business
documents
• e-mail messages
• instant messages
• creative media
(music, movies,
eBooks)
• software
•
•
•
•
Stakeholders:
Vendor/business
Customer
DRM breakers
/>
Demo 1: Investigating DRM
AD RMS
Standards, Practices, & Theory
for CompTIA Network+
PII and End-User Policies
PII
Personally identifiable
information
A breach means a loss of
privacy
-
Financial theft
Identity theft
Encryption
-
At rest and in transit
Policies and Best Practices
End-user policies
-
AUP
Security best practices
Demo 2: Identifying PII
Use PowerShell
Standards, Practices, & Theory
for CompTIA Network+
Meanwhile, in the Real World…
We’re being
audited! How
can I isolate
PII?
customer
technician
Back in the Real World
Use regular
expressions and
administrative
scripting
customer
technician
Homework
Download the trial version of a
PDF DRM engine
Research available exploits to
give you experience “on both
sides of the fence”