Office 365 Anti-Spam and Anti-Malware Protection

Office 365 Anti-Spam and Anti-Malware Protection

 

Learning Python Week 6

The second half of this course includes some important content for improving your Python programming. In particular, Class6 on Functions and Namespaces, Class8 on Modules, and Class9 on Classes and Objects.

In this email of Learning Python we are going to cover the following:

I. Introduction Week6
video http://youtu.be/sjYBE6EWwuc
Length is 3 minutes

II. Functions, Part1
video http://youtu.be/i1MzASLYOZY
Length is 12 minutes

III. Namespaces
video http://youtu.be/r8U3_KkvKtw
Length is 10 minutes

IV. Functions, Part2
video http://youtu.be/pRaVagkh9l8
Length is 12 minutes

Additional content that you may be interested in

There is a good chapter on functions in “Learn Python the Hard Way” (I would stop after you finish, “What You Should See”).
http://learnpythonthehardway.org/book/ex18.html

Darren O’Connor has a blog on “Defined Functions – Python”.
http://mellowd.co.uk/ccie/?p=5118

 

Exercises

Reference code for these exercises is posted on GitHub at:
https://github.com/ktbyers/pynet/tree/master/learnpy_ecourse/class6

1. Create a function that returns the multiplication product of three parameters–x, y, and z. z should have a default value of 1.
a. Call the function with all positional arguments.
b. Call the function with all named arguments.
c. Call the function with a mix of positional and named arguments.
d. Call the function with only two arguments and use the default value for z.
2. Write a function that converts a list to a dictionary where the index of the list is used as the key to the new dictionary (the function should return the new dictionary).

3a.Convert the IP address validation code (Class4, exercise1) into a function, take one variable ‘ip_address’ and return either True or False (depending on whether ‘ip_address’ is a valid IP). Only include IP address checking in the function–no prompting for input, no printing to standard output.

3b. Import this IP address validation function into the Python interpreter shell and test it (use both ‘import x’ and ‘from x import y’).

4. Create a function using your dotted decimal to binary conversion code from Class3, exercise1. In the function–do not prompt for input and do not print to standard output. The function should take one variable ‘ip_address’ and should return the IP address in dotted binary format always padded to eight binary digits (for example 00001010.01011000.00010001.00010111). You might want to create other functions as well (for example, the zero-padding to eight binary digits).

5. Write a program that prompts a user for an IP address, then checks if the IP address is valid, and then converts the IP address to binary (dotted decimal format). Re-use the functions created in exercises 3 and 4 (‘import’ the functions into your new program).

 

 

Class Outline

I. Introduction
A. Why write functions?

II. Functions Part1
A. Function with no parameters
1. Syntax and structure
2. Calling the function
3. Return value
4. Using the return value
5. Docstrings

B. Function with parameters
1. Syntax
2. Default values

C. Various ways of passing arguments to functions
1. Positional arguments
2. Named arguments
3. Mixing positional and named arguments

III. Python Namespaces
A. Functions create their own namespace
B. Name resolution order

IV. Functions Part2
A. Using lists and dicts as function arguments
B. Importing a function

 

 

Video Archive

Week1
Introduction and Some Questions
What is the Nature of Python
Interpreter Shell, Variables, and Assignment
Strings

Week2
Introduction
Print and raw_input
Numbers
Lists and Tuples
Booleans

Week3
Introduction
If Conditionals
For Loops
Passing Arguments into a Script

Week4
Introduction
While Loops
Dictionaries
Exceptions

Week5
Class Review (weeks 1 – 4)

Security operations and analytics platform architecture (SOAPA)

Security operations and analytics platform architecture (SOAPA)

Security information and event management (SIEM) systems have been around for a dozen years or so. During that timeframe, SIEMs evolved from perimeter security event correlation tools, to GRC platforms, to security analytics systems. Early vendors like eSecurity, GuardedNet, Intellitactics, and NetForensics, are distant memories; today’s SIEM market is now dominated by a few leaders: LogRhythm, McAfee (aka: Nitro Security), HP (aka: ArcSight), IBM (aka: QRadar), and Splunk.

Of course, there is a community of innovative upstarts that believe that SIEM is a legacy technology. They proclaim that log management and event correlation can’t keep up with the pace of cybersecurity today, thus you need new technologies like artificial intelligence, machine learning algorithms, and neural networks to consume, process, and analyze security data in real-time.

 

As an industry analyst, I should be waving my arms around madly, proclaiming that “SIEM is dead,” since that’s what those in my profession tend to do. Sorry, but I don’t think SIEM is dead at all. Instead, enterprise security operations and analytics requirements are forcing rapid consolidation into something new that ESG calls a security operations and analytics platform architecture (SOAPA).

Within SOAPA, SIEM -like functionality still plays a starring role, often aggregating analytics data into a common repository. But unlike the past, SIEM is one of several security tools within SOAPA, and these technologies must be designed for asynchronous cooperation so security analysts can quickly pivot across tools to find data and take action as they need to in real-time.

SOAPA is a dynamic architecture, meaning that new data sources and control planes will be added incrementally overtime. I do believe, however, that today’s SOAPA is built with SIEMs (or similar log management and search products/services) and:

  • Endpoint detection/response tools (EDR). Security analysts often want to dig deep into security alerts by monitoring and investigating host behavior so EDR (i.e. CarbonBlack, Countertack, CrowdStrike, Guidance Software, etc.) is an essential component of SOAPA.
  • Incident response platforms (IRPs). Aside from collecting, processing, and analyzing security data, cybersecurity professionals want to prioritize alerts and remediate problems as soon as possible. These requirements are giving rise to the rise of IRPs like Hexadite, Phantom, Resilient Systems (IBM), ServiceNow, and Swimlane.
  • Network security analytics. SIEM’s log analysis and EDR host behavior monitoring are complemented by flow and packet analysis in SOAPA, provided by vendors like Arbor Networks, Blue Coat/Symantec, Cisco (Lancope), RSA, etc.
  • UBA/machine learning algorithms. While these tools have received an inordinate degree of industry hype, there’s little doubt that machine learning will be baked into security analytics henceforth, thus vendors like Bay Dynamics, Caspeda (Splunk), Exabeam, Niara, Sqrrl, and Varonis should be included in SOAPA.
  • Vulnerability scanners and security asset managers. Part of security operations is knowing which alerts should be prioritized. These decisions must be driven by solid data from vulnerability management systems (i.e., Qualys, Rapid7, Tanium), and other tools that monitor the state of systems and network configurations (i.e., RedSeal, Skybox, Verodin, etc.).
  • Anti-malware sandboxes. This technology represents another key pivot point for understanding targeted attacks that may use zero-day malware. Sandboxes from FireEye, Fidelis, and Trend Micro are definitely part of SOAPA.
  • Threat intelligence. Enterprise organizations want to compare internal network anomalies with malicious “in-the-wild” activities so SOAPA extends to threat intelligence sources and platforms (i.e., BrightPoint [ServiceNow], FireEye/iSight Partners, RecordedFuture, ThreatConnect, ThreatQuotient, etc.).

Aside from the technologies themselves, here are a few other thoughts on SOAPA:

  1. Beyond data exchange between security tools, the next big innovation will be central SOAPA command-and-control for analytics and management (i.e., configuration management, policy management, etc.) of the security infrastructure.
  2. The market is already moving in SOAPA’s direction. Witness IBM’s acquisition of Resilient Systems for IRP, Splunk’s purchase of Caspida for UBA, and Elastic Search’s acquisition of Prelert.
  3. Now that McAfee is independent of Intel, look for it to invest in its enterprise security manager (i.e., Nitro). McAfee will also accelerate SOAPA technology integration with its own tools and ecosystem partners, and acquisitions aimed at filling architectural gaps.
  4. Given the central role that SIEM still plays in SOAPA, someone (CA? Palo Alto? Symantec? Trend Micro?) will buy LogRhythm.
  5. Each of the technology elements described above could be delivered on-premises or via SaaS options. SOAPA must be flexible to accommodate these options.
  6. SOAPA must be built for immense scale – especially as organizations increase their use of cloud computing and IoT. It’s likely cloud analytics or storage will become part of the architecture.
  7. A few vendors may be able to deliver their own proprietary SOAPA solutions but enterprise customers will likely eschew single vendor solutions while anchoring their SOAPAs with lead vendors and ecosystem partners. Small enterprises and SMBs could buy from a single product or SaaS vendor however.

Cyber Security Frameworks

 

Cyber Security Frameworks

 

 

Cyber Threats

Cyber Threats

List of Cyber Threats

  • Malicious software
  • Unauthrized access
  • Denial of Service
  • Data Leak
  • Unauthrozed use of services
  • Government and competitor cyber espionage
    • 3rd Party attack
  • https://www.cpni.gov.uk/advice/cyber/Cyber-Attack-Types/
  • https://www.getcybersafe.gc.ca/cnt/rsks/index-en.aspx
  • Physical Security
    • Theft
  • Human Error
      • misdelivery of sensitive information to the wrong person by email or fax;
      • mistakenly making information publicly available on a web server or website;
      • losing or inadequately disposing of data, including paper records;
      • losing an unencrypted laptop, cellphone or storage device such as a USB key.
  • Insider Threat
    • Misuse of privileges by rogue employee or other insiders,
    • Payment card skimmers, a skimming device is implanted in a device that reads magnetic stripe data from a payment card. Examples include ATMs, gas pumps, and POS (Point of Sale) terminals.
  • Cyber Risk and Business Impact Analysis

RTLO (right to left override) technique for file extension spoofing u202E

RTLO (right to left override) technique for file extension spoofing

Software

Essentially, the file’s actual name can be something like “Awesome Song uploaded by [U+202e]3pm.SCR”. The special character forces Windows to display the end of the file’s name in reverse, so the file’s name will appear as “Awesome Song uploaded by RCS.mp3”. However, it’s not an MP3 file – it’s an SCR file and it will be executed if you double-click it. (See below for more types of dangerous file extensions.)

Method 1: Universal

This method works regardless of any of your language settings, but is the most cumbersome to type.

  1. Press and hold down the Alt key.
  2. Press the + (plus) key on the numeric keypad.
  3. Type the hexidecimal unicode value.
  4. Release the Alt key.

Alas, this appears to require a registry setting. It was already set on my computer, but some readers report that this method didn’t work for them, and this is probably why. If you don’t know what the registry is, please don’t try this. Under HKEY_Current_User/Control Panel/Input Method, set EnableHexNumpad to “1”. If you have to add it, set the type to be REG_SZ.

Method 2: Input-language Specific

This method depends on the specific input language you are using.

  1. Press and hold down the Alt key.
  2. Type 0 (zero) and the decimal unicode value on the numeric keypad.
  3. Release the Alt key.

You can see which input language you are using (and which are installed) by:

  1. Start Menu
  2. Settings
  3. Control Panel
  4. Regional and Language Options
  5. Languages tab
  6. Detail button

The entries in the Unicode character information section are using the Windows Latin 1 input language.

Method 3: Code-page Specific

This method depends on the specific code page you have installed.

  1. Press and hold down the Alt key.
  2. Type the decimal codepage value on the numeric keypad. Do not type any leading zeros.
  3. Release the Alt key.

You can see which code page you have by typing chcp at a command prompt. Check the grid for your code page from the list of known code pages to see what characters you can enter this way.

The entries in the Unicode character information section are using code page 437.

Method 4: Application-specific

Applications can support their own methods. These are not standardized.

Several Microsoft applications, including WordPad and Microsoft Word:
press Alt-X after typing some hex digits. You see the digits as you type them, and they’re replaced by the Unicode equivalent. Pressing Alt-X again converts it back to numbers.

Method 5: Unicode IME

Microsoft has a Unicode Input Method ?Editor? that works the same way my UnicodeInput pop-up does, but with LeftAlt Shift as the trigger key.

Michael Kaplan, a Microsoft i18n guru, has the details on how the Unicode IME works. Some notes to fill in some details that he assumes:

  • Go into Control Panel -> Regional Settings, on the languages tab, enable support for East Asian languages. This takes 230 MB of disk space and a restart.
  • Go back into Control Panel -> Regional Settings, on the languages tab, press the Details button.
  • Add Chinese (Taiwan) (Others would probably work too) and choose Chinese (Traditional) - Unicode.
  • You will now have an extra do-hickey in the taskbar showing which language you’re in.
  • Press LeftAlt Shift to switch into the IME (taskbar shows CH).
  • Type the hex digits of the Unicode character. As soon as you type the last one, it is sent to the application.
  • Press LeftAlt Shift to switch out of the IME (taskbar shows your original language code).

Tips

  • Fonts – you must have a font that contains the character. It seems obvious, but Windows can’t display characters it doesn’t know about. Often, you will need to select the font yourself, since only a few applications are smart enough to switch fonts automatically.
  • WordPad – works, but you have to have it set to a font that contains the character. Method 4 ([hex][AltX]) seems to switch to an appropriate font automatically.
  • Notepad – generally doesn’t work since its font doesn’t support many characters.
  • Internet Explorer – in the URL bar, the universal method doesn’t work if it has A-F, since it opens the menu (i.e. Alt-F opens the File menu).
  • Mozilla Firebird – works correctly (if you have a font that supports it). Note that if you type it on a page that is is using a charset that doesn’t support it, it will not be transmitted to the website correctly.

References

  • The Alt+NumPad entry in Microsoft’s Global Windows Glossary
  • Windows XP docs that inexcusably don’t mention the universal variation.
  • Discussion on GeorgeHernandez.com (search for “2005-04-24”) – discussion of the various problems with someone who did some real work to figure out what works and doesn’t. He also has a Unicode shortcuts page that summarizes his findings (quite similar to this page, but with more detail).
  • Wikipedia article Unicode_input with some Mac and Linux tips.