hi list,
I am setting up an awareness improvement demo for an international
financial institution.
I know the subject is not new, but I would like to do something
up-to-date... :-)
I am planning 3 different demos, for different type of users:
- top management;
- IT staff;
- "average" user.
For each type of audience, I am planning different subjects:
- top management:
- email: nature of an email: clear text, forged emails - virus
- browsing: dangerous mobile codes, privacy (cache, cookies)
- poor password limits
- mobility: laptop, PDA, smartphone
- potentially dangerous technologies: wifi, bluetooth,
"blackberry"
- IT staff:
- web app security (sql injection, cookies manipulation, etc)
- "state of the art" attacks: stealth trojan...
- live hacking of a web server
- wifi detection, and wep cracking
- google hacks
- physical security, hardware keyloggers...
- "average" user:
- email: nature of an email: clear text, forged emails - virus
- browsing: dangerous mobile codes, privacy (cache, cookies)
- poor password limits
- social engineering
I imagine I will set up a couple of laptops, or even a couple of virtual
machines, but I am wondering if the "demo effect" is the same with
virtual
versus real machines ?
I would be pleased to receive comments on anything in my plan,
including:
- the subjects chosen for each type of audience;
- how to implement them easily; concerning the web app security demo, I
have planned at first to use the excellent "Hacme Bank" from Foundstone,
but I
think the licence will prevent me from using it :-( . Any idea of a
similar free tool ?
- link to external resources on the subject.
- similar experience of people from this list ;-)
Thanks,
Koro.
