Et Cetera


Investigating SANS/CWE Top 25 Programming Errors

Contributed by Fred Williams

On January 12, 2009, experts from more than 30 cyber security organizations jointly released a consensus list of the top 25 most dangerous programming errors ( This list attempts to boil down the more than 700 possible causes of software security issues to the ones that are so prevalent and severe that no software should be released to customers without evidence that measures were taken to ensure the software does not contain any of these errors. The Top 25 errors were further broken down into 3 categories: Insecure Interaction between Components that contains 9 errors, Risky Resource Management which contains 9 errors and Porous Defenses has the final 7 errors.

This document is in PDF format. To view it click here.


Computer Forensics For Law Enforcement

Contributed by Hassel Stacy Jr.

The Internet, data systems and growing computer networks provide many opportunities for computer crimes. Computers are increasingly used to commit, enable or support crimes perpetrated against business, people and property. Computers can be used to commit the crime, may contain evidence from a crime and could be targets of crime. Understanding the role and nature of evidence that might be found, how to process a crime scene containing potential forensic evidence, and how an agency might respond to such experiences of the law enforcement community, the public sector, and the private sector in the recognition, collection and preservation of computer forensic evidence in a variety of crime scenes will be defined in the following paragraphs.

This document is in PDF format. To view it click here.


A Comparison of VNC Connection Methods

Contributed by Frank Isaacs

VNC (Virtual Network Computing) is an open-source, cross-platform protocol for viewing GUI desktops on remote machines within a LAN or over a WAN/Internet connection. This paper discusses different methods of deploying VNC with a n emphasis on the security considerations of each method, and the tradeoffs associated with the convenience of each method. The methods discussed include an open connection and a connection tunneled over ssh (Secure SHell). Includes information regarding the platform-independence of VNC and ssh implementations, so that solutions presented can be applied to Windows, Linux, Mac, and even other operating systems – securely and with open-source software.

This document is in PDF format. To view it click here.


Firewall Technologies and Securing a Network Classroom Lab

Contributed by Thomas S. Adeimy

The transition from industry into academia meant not having total access to computer hardware and software resources. I was going to teach computer and networking courses, and could not wait to use my real life industry experiences as learning tools in a classroom/lab setting. It wasn’t long until my newfound enthusiasm began to be tested. I was an instructor, not a member of the campus IT staff. All the campus labs were general purpose computer labs. Computer desktops were “locked down” by group policies, Internet access was restricted by “Cyber Patrol” controls, BIOS settings were password protected. Access to the “Server Room” was protected by a keypad, and of course I was not given the password. These were just some of the things that began to make my life miserable as a computer instructor.


Firewalls for small business

Contributed by James Thomas

A firewall is either hardware, software or a combination of both that is used to prevent, block or should I say try to prevent unwanted information from entering your network. This applies to a home, small business, or a large corporation network. A firewall monitors all of the incoming and outgoing traffic (information) to the local area network. Notice that the firewall is located between your network and the Internet.

This document is in PDF format. To view it click here.


Subscribe to RSS - Et Cetera