January 26th, 2004 09:49 PM
I personally like Zone-h.com , They have tons of good papers in there download section on security = )
January 26th, 2004 10:03 PM
That's one of my favorites too; quality to boot.
The whitepapers section is a must read.
January 26th, 2004 10:16 PM
Keep in mind that besides the 'socially inept egotistical losers ' there are also a lot of folks who just want to make sure that people are getting security information from people who know what they are talking about. Security is a 'hot topic'right now and as such there are many people who read Hacking exposed and decide to jump on the bandwagon, which creates more problems in the long run so needless to say people will voice concern whenever someone speaks about wanting to give advice to others.
Ok, now onto the course..
I think making sure you cover security measures that everyone can take. Keeping in mind that your target audience are going to be 99% Windows users you need to cover securing the OS as much as possible, so what can users do without buying XXX firewall etc... Then move onto firewalls, AV etc...
Perhaps begining with coverage of what the threats are as this sets the scene for what you are trying to protect against (although their is no need to go into an indepth discussion of a hack).
Also, could you try to hold back on the scare tactics (not saying you plan on doing this but just a heads up), the world is not about to be destoryed by a virus and hackers are not about to launch Nuclear missiles, so if you could enlighten people to the need for security without scaring the crap out of them that would be good.
Quis custodiet ipsos custodes
January 26th, 2004 10:41 PM
I couldn't agree more, R0n1n. The selling point of the course is going to have to be that a complete noob can indeed secure a system without a mountain of technical knowledge. One drawback though is that I personally like to check the registry to ensure that my changes have taken effect.
In fact, most of the time I make my security changes within the registry and at the command line, (sue me....old-school UNIX admin) rather than rely on the GUI because I know that once I make the change there, the change has indeed been made.
The average user is not going to do this, and 99.999% of the target audience of this course are not going to even know what the registry is, much less how to modify it. (and in fact have no business doing this.)
The fact that some security settings require a registry edit to completely lock down (such as hardening protocol stacks) doesn't help this, so I guess that it would be best to stick to items that can be modidfied through the GUI, such as disabling services, file and directory access settings, and local security policy settings.
There I go ranting again
January 26th, 2004 11:32 PM
A big thanks to everyone who posted helpful information. I will be going through my course outline and comparing it to the topics that have been brought up to make sure that I've got all the bases covered.
February 17th, 2004 02:07 PM
Sorry to bring up an old thread... but its relevant. I still see that packet is suscribed to this thread and I think it'd be useful for his class.
A Home User's Security Checklist for Windows
is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.