tag:blogger.com,1999:blog-51072952103219705592024-03-05T03:27:31.651-08:00GREP-BLOGGovernance, Risk, Economics and Philosophy. A blog dedicated to exploring the subjects of organisation and IT governance, risks and controls, economics and philosophy.Anonymoushttp://www.blogger.com/profile/04187070224885327258noreply@blogger.comBlogger18125tag:blogger.com,1999:blog-5107295210321970559.post-1547681467280630152018-07-18T16:11:00.000-07:002018-07-20T10:47:57.575-07:00A beginner's primer on effective risk management - the short versionAn organisation exists to support the interests of its stakeholders. For example a commercial company exists to apply its owner's capital in such a way that maximises the return on that capital to the owners; or a community organisation may exist to provide community amenities. There are different stakeholders an organisation must support the interests of in order to survive. These include customers who provide their custom to organisations, regulators who provide licenses to operate in a regulated area and employees who provide labour to convert capital into something saleable.<br />
<br />
An organisation cannot exist in a sustainable way unless it strikes the right balance between these competing stakeholder interests. This balance is struck through risk versus reward based decision making such as "we will apply 90% of our resources to support the customer value delivery chain processes that will ultimately drive profit and owner return on equity, and 10% in order to maintain sufficient control processes in order to give confidence to our stakeholders such as regulators that we are doing the right thing by our customers, employees and owners and thus keep our moral and legal operating license". A company's failure to support its customer's interests results in lower custom, reduced market share and ultimately lower profits and hence lower return on capital invested by owners ultimately not meeting the owners' interests. Likewise a company's failure to support the interests of its regulators will result in financial sanction or withdrawal of operating licenses, both of which hit the bottom line.<br />
<br />
This risk / reward decision making is achieved through the principles and practices of risk management (whether it be market risk management, credit risk management, operational risk management or reputation risk management). Risk management principles include risk appetite, understanding risks (through risk assessments for example) and responding to risks (e.g. controlling risks, accepting risks or insuring against the consequences of risks materialising). Failure to understand and apply these principles almost invariably leads to adverse outcomes for organisations that result in those organisations not being able to support the interests of their respective stakeholders any longer (some notable examples are Enron, Barings Bank and Lehman Brothers to name a few).<br />
<br />
So having established that effective risk management is important to the very survival of an organisation, one of the key questions that arises is how do you implement effective risk management in an organisation?<br />
<br />
A multitude of regulations, standards, courses, textbooks, guidelines, frameworks, processes and tools exist that seek to answer this question but it boils down to a few key actions:<br />
<br />
<ol>
<li>Adequately defining and effectively communicating the risk management objectives, principles and practices the organisation is to use in order to understand and manage its risks.</li>
<li>Putting in place sufficient risk management professionals and systems to assist the organisation in applying these defined and communicated objectives, principles and practices.</li>
<li>Monitoring how well the defined and communicated risk management objectives, principles and practices are applied in the organisation and course correcting if the risk management objectives are not being met</li>
</ol>
<br />
There are of course finer points, specialisms and subtleties but in the end, effective risk management revolves around these key actions. This is the short version.<br />
<br />
<br />
<i>PS: This is also published in the <a href="https://img1.wsimg.com/blobby/go/b5e0f550-d96f-488a-8487-42a23cd6ad50/downloads/1ciscplsc_816876.pdf">IT Risk Practitioner</a></i><br />
<br />Anonymoushttp://www.blogger.com/profile/04187070224885327258noreply@blogger.com0tag:blogger.com,1999:blog-5107295210321970559.post-74504693683614429792018-07-16T01:40:00.000-07:002018-07-16T01:40:15.589-07:00Using Technology for Good: Social Support Platform<div data-originalcomputedfontsize="16" data-removefontsize="true" dir="auto" style="-webkit-text-size-adjust: auto; caret-color: rgb(49, 49, 49); color: #313131; font-family: -apple-system, HelveticaNeue; font-size: 1rem; word-spacing: 1px;">
Here’s an idea for a Social Support Platform. What if technology was harnessed to create a universal, easy, intuitive, responsive way to get support from and provide support to society at large. This creation we might call the Social Support Plarform and would be a single entry point worldwide to intuitively discover and access free social support in relation to advice, advocacy, education, online marketplaces and stores for commercial goods and services and commercial and charitable fundraising and financing among any number of socially beneficial services. The idea would be that if you need help and someone is willing to help, let’s get you and them connected. The platform would not be only information based but also provide infrastructure and logic that supports people in setting up and running their own businesses for free all the way to being able to setup and operate an online store within minutes. The platform would also support those who support the platform by rewarding socially valuable contributions, as determined by users, with social credits in the form of exchangeable crypto currency whose value in exchange for goods and services available on the platform markets must be assured. This could look like a discretionary donation for advice type approach where users can donate as much as they are able after receiving support to show appreciation. This platform would need to be governed to stop abuses and so a direct democracy approach tempered by constitutional principles could be employed to set rules and regulations around acceptable activity on the platform. The idea would be to set the principles very carefully and sufficiently broadly first and make the platform as extensible as possible within the principle framework. Another key feature would be security and privacy. The platform would need to be protected by abuses from various risks including those posed by state actors and would need to be truly globally accessible and privacy assured such as through anti-censorship, anonymisation and privacy protection technologies. These sort of platforms or precursors or components of such platforms may exist so maybe one or many of these could serve as a starting point but the technology is definitely there, all that’s needed is the people to support it.</div>
<div dir="auto" style="-webkit-text-size-adjust: auto; caret-color: rgb(49, 49, 49); color: #313131; font-family: -apple-system, HelveticaNeue; font-size: 16px; word-spacing: 1px;">
<br /></div>
<div data-originalcomputedfontsize="16" data-removefontsize="true" dir="auto" style="-webkit-text-size-adjust: auto; caret-color: rgb(49, 49, 49); color: #313131; font-family: -apple-system, HelveticaNeue; font-size: 1rem; word-spacing: 1px;">
This is just a rough idea but worth thinking about further. More to come as thoughts progress... </div>
<div data-originalcomputedfontsize="16" data-removefontsize="true" dir="auto" style="-webkit-text-size-adjust: auto; caret-color: rgb(49, 49, 49); color: #313131; font-family: -apple-system, HelveticaNeue; font-size: 1rem; word-spacing: 1px;">
<br /></div>
<div data-originalcomputedfontsize="16" data-removefontsize="true" dir="auto" style="-webkit-text-size-adjust: auto; caret-color: rgb(49, 49, 49); color: #313131; font-family: -apple-system, HelveticaNeue; font-size: 1rem; word-spacing: 1px;">
Let me know any thoughts or if you are aware of similar projects out there.</div>
<br class="Apple-interchange-newline" style="-webkit-text-size-adjust: auto;" />Anonymoushttp://www.blogger.com/profile/04187070224885327258noreply@blogger.com0tag:blogger.com,1999:blog-5107295210321970559.post-18703581821329615732016-06-06T16:43:00.005-07:002016-07-16T00:46:30.608-07:00Your first penetration test and vulnerability exploit<b><i>Preface</i></b><br />
<b><i><br /></i></b>
<i>As part of an Information and Technology Risk Practitioner's role, a basic grasp of penetration testing and vulnerability exploits is invaluable in order to really understand risks and associated controls particularly when it comes to the importance of vulnerability testing and countermeasures. This is the first of a series of penetration test and vulnerability exploit articles I'm planning to share that will help add some useful practical insight to the Information and Technology Risk Practitioner's toolbox.</i><br />
<br />
<br />
<b>Vulnerability</b><br />
<br />
rlogin service running and misconfigured to trust all hosts and users (could have probably stopped at rlogin service is running full stop)<br />
<br />
<b><br /></b>
<b>Background</b><br />
<br />
The rlogin misconfiguration exploit is probably one of the easiest exploits available on Metasplotiable 2 Linux and as such is the first exploit we'll learn about. It is also one of the oldest and well known and is rarely seen in the wild today (but use of rlogin in untrusted environment contexts is not unheard of in recent history – rlogin was at the root of the Cisco Prime LAN Management Solution Command Execution Vulnerability in 2012 (CVE-2012-6392) - though not strictly related to this vulnerable configuration that we'll be exploring here, the CVE-2012-6392 example shows that some of these old exploits do resurface many years later).<br />
<br />
So what is rlogin? The rlogin (remote Login) protocol definition in RFC 1282 (at <a href="https://www.ietf.org/rfc/rfc1282.txt">https://www.ietf.org/rfc/rfc1282.txt</a>) tells us that:<br />
<br />
<blockquote class="tr_bq">
<i>“The rlogin facility provides a remote-echoed, locally flow-controlled virtual terminal with proper flushing of output [1]. It is widely used between Unix hosts because it provides transport of more of the Unix terminal environment semantics than does the Telnet protocol, and because on many Unix hosts it can be configured not to require user entry of passwords when connections originate from trusted hosts. </i></blockquote>
<blockquote class="tr_bq">
<i>The rlogin protocol requires the use of the TCP. The contact port is 513. An eight-bit transparent stream is assumed.”</i></blockquote>
<br />
The rlogin protocol is includes a number of programs two being the rlogin client “rlogin” and the rlogin server “rlogind”.<br />
<br />
Reading through the rlogin man pages we learn that when the rlogin client sends a service request to the rlogind server, the rlogind server uses two key pieces of authentication information:<br />
1. Whether the client's source is within the port range 512-1023; and<br />
2. Whether the server hosts $HOME/.rhosts file allows connections from the named client and named users on that client (in the case of root access service requests that we're interested in)<br />
<br />
If the client source port is within the range 512-1023 then we're halfway there. The $HOME/.rhosts file consists of a set of trusted network space delimited host/username value pairs that need to be set in order to allow access via rlogin. This configuration file can be set to “+ +” allowing all hosts and all users to connect to the server. In the Metasploitable 2 configuration this has deliberately been set to trust all hosts and all users,<br />
<br />
I'm assuming you have setup a pen test environment with a Metasploitable 2 Linux target. If not please see my earlier post at http://grep-blog.blogspot.co.uk/2016/06/setting-up-basic-pen-testing.html. Start your Target (Metasploitable 2 Linux) and Attacker (Kali Linux) hosts now.<br />
<br />
<br />
<b>How to find and exploit the vulnerability</b><br />
<br />
<i>Finding the Vulnerability</i><br />
<br />
On the Attacker host open the Terminal run the following command:<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">ifconfig</span><br />
<br />
Check to see what your internal network IP address is configured on<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">root@kali:~# ifconfig</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"> inet 192.168.0.23 netmask 255.255.255.0 broadcast 192.168.0.255</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"> inet6 fe80::a00:27ff:fe8f:4e85 prefixlen 64 scopeid 0x20<link></span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"> ether 08:00:27:8f:4e:85 txqueuelen 1000 (Ethernet)</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"> RX packets 246 bytes 55503 (54.2 KiB)</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"> RX errors 0 dropped 0 overruns 0 frame 0</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"> TX packets 74 bytes 5694 (5.5 KiB)</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"> inet <span style="background-color: yellow;">192.168.56.151</span> netmask 255.255.255.0 broadcast 192.168.56.255</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"> inet6 fe80::a00:27ff:fe52:90bc prefixlen 64 scopeid 0x20<link></span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"> ether 08:00:27:52:90:bc txqueuelen 1000 (Ethernet)</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"> RX packets 2064 bytes 131413 (128.3 KiB)</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"> RX errors 0 dropped 0 overruns 0 frame 0</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"> TX packets 4766 bytes 287328 (280.5 KiB)</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"> inet 127.0.0.1 netmask 255.0.0.0</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"> inet6 ::1 prefixlen 128 scopeid 0x10<host></span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"> loop txqueuelen 1 (Local Loopback)</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"> RX packets 2023 bytes 85347 (83.3 KiB)</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"> RX errors 0 dropped 0 overruns 0 frame 0</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"> TX packets 2023 bytes 85347 (83.3 KiB)</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0</span><br />
<br />
<br />
then run a TCP SYN scan using nmap to list open ports on hosts within the 192.168.56.0/24 subnet:<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">nmap -sS 192.168.56.0/24</span><br />
<br />
This will come back with a list of open ports on hosts within your subnet<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">root@kali:~# nmap -sS 192.168.56.0/24</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">Starting Nmap 7.12 ( https://nmap.org ) at 2016-06-06 23:50 BST</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">Nmap scan report for 192.168.56.1</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">Host is up (0.00040s latency).</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">Not shown: 994 closed ports</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">PORT STATE SERVICE</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">80/tcp open http</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">88/tcp open kerberos-sec</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">445/tcp open microsoft-ds</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">548/tcp open afp</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">3689/tcp open rendezvous</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">5900/tcp open vnc</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">MAC Address: 0A:00:27:00:00:00 (Unknown)</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">Nmap scan report for 192.168.56.2</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">Host is up (0.00013s latency).</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">All 1000 scanned ports on 192.168.56.2 are filtered</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">MAC Address: 08:00:27:1F:8B:E4 (Oracle VirtualBox virtual NIC)</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">Nmap scan report for 192.168.56.150</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">Host is up (0.00020s latency).</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">Not shown: 977 closed ports</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">PORT STATE SERVICE</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">21/tcp open ftp</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">22/tcp open ssh</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">23/tcp open telnet</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">25/tcp open smtp</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">53/tcp open domain</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">80/tcp open http</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">111/tcp open rpcbind</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">139/tcp open netbios-ssn</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">445/tcp open microsoft-ds</span><br />
<span style="background-color: yellow; font-family: "courier new" , "courier" , monospace; font-size: small;">512/tcp open exec</span><br />
<span style="background-color: yellow; font-family: "courier new" , "courier" , monospace; font-size: small;">513/tcp open login</span><br />
<span style="background-color: yellow; font-family: "courier new" , "courier" , monospace; font-size: small;">514/tcp open shell</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">1099/tcp open rmiregistry</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">1524/tcp open ingreslock</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">2049/tcp open nfs</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">2121/tcp open ccproxy-ftp</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">3306/tcp open mysql</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">5432/tcp open postgresql</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">5900/tcp open vnc</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">6000/tcp open X11</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">6667/tcp open irc</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">8009/tcp open ajp13</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">8180/tcp open unknown</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">MAC Address: 08:00:27:54:EB:B8 (Oracle VirtualBox virtual NIC)</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">Nmap scan report for 192.168.56.151</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">Host is up (0.0000040s latency).</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">All 1000 scanned ports on 192.168.56.151 are closed</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">Nmap done: 256 IP addresses (4 hosts up) scanned in 17.03 seconds</span><br />
<br />
You'll see the rlogin services running on ports 512, 513 and 514 of host 192.168.56.150 (the Metasploitable 2 Linux host).<br />
<br />
<br />
<i>Exploiting the vulnerability</i><br />
<br />
You'll need the rsh-client first - get this by running the following command:<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">apt-get install rsh-client</span><br />
<br />
Then simply run the following rlogin command:<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">rlogin -l root 192.168.56.150</span><br />
<br />
You'll be presented with remote access to the target host's root account:<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">root@kali:~# rlogin -l root 192.168.56.150</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">Last login: Mon Jun 6 18:44:41 EDT 2016 from :0.0 on pts/0</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">The programs included with the Ubuntu system are free software;</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">the exact distribution terms for each program are described in the</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">individual files in /usr/share/doc/*/copyright.</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">applicable law.</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">To access official Ubuntu documentation, please visit:</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">http://help.ubuntu.com/</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">You have mail.</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">root@metasploitable:~# </span><br />
<br />
To test your access, shutdown the Target host with <span style="font-family: "courier new" , "courier" , monospace;">shutdown now</span>:<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">root@metasploitable:~# shutdown now</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">Broadcast message from root@metasploitable</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"><span class="Apple-tab-span" style="white-space: pre;"> </span>(/dev/pts/1) at 19:02 ...</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;"><br /></span>
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">The system is going down for maintenance NOW!</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">root@metasploitable:~# rlogin: connection closed.</span><br />
<span style="font-family: "courier new" , "courier" , monospace; font-size: small;">root@kali:~# </span><br />
<div>
<br /></div>
<div>
And there you have it! You've successfully completed your first pen test and exploit.</div>
<div>
<br /></div>
<div>
<b><br /></b></div>
<div>
<i><b>Note</b>: This is for education purposes only and such activity must only be performed in your own isolated pen test environment. Never employ any of these techniques against hosts outside of your own isolated pen test environment.</i></div>
Anonymoushttp://www.blogger.com/profile/04187070224885327258noreply@blogger.com0tag:blogger.com,1999:blog-5107295210321970559.post-18972427022769686022016-06-03T18:01:00.003-07:002016-06-03T18:23:59.559-07:00Setting Up a Basic Pen Testing Environment Guide<div style="margin-bottom: 0cm;">
<b><span style="font-family: "times new roman" , serif;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: normal;">1.
Introduction</span></span></b></div>
<div style="font-weight: normal; margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="font-weight: normal; margin-bottom: 0cm;">
<span style="font-family: "times new roman" , serif;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: normal;">This
guide will take you through the procedure you will need to follow in
order to set up a basic Penetration (“Pen”) Testing Environment
using commonly used tools and platforms.</span></span></div>
<div style="font-weight: normal; margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<b><span style="font-family: "times new roman" , serif;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: normal;">2.
Download the required installation files</span></span></b></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-weight: normal;">Download
the “</span></span></span><strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-weight: normal;">VirtualBox
5.0.20” installation disk image file for your platform from
<a href="https://www.virtualbox.org/wiki/Downloads">https://www.virtualbox.org/wiki/Downloads</a>
(note that this will already include the latest VirtualBox Guest
Additions installer image)</span></span></span></span></span></strong></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Download
the “VirtualBox 5.0.20 Oracle VM VirtualBox Extension Pack”
installation file from <a href="https://www.virtualbox.org/wiki/Downloads">https://www.virtualbox.org/wiki/Downloads</a></span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
1</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: "arial" , "helvetica" , sans-serif; margin-left: 1em; margin-right: 1em;"><img border="0" height="347" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQTGB38cUvgtISJWkvbM5MMudz3f9llu7irF5VmeRDaUeedBXkHcJ-6Wdr7JhDVsugKKRapaPZGI7kp_8KMF1SDUNrP18Wpzs14D-VUDpzKCtjc5bGSPfMao05sw7Z7mNbLGxkFB3jhyphenhyphen3A/s640/Screen+Shot+2016-06-02+at+22.22.28.png" width="640" /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;"><br /></span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Download
the “Kali Linux 64 bit” installation ISO file from
<a href="https://www.kali.org/downloads/">https://www.kali.org/downloads/</a></span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
2</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3winOgfGkSf_lbm3yUxAKyvOcunnlBSOWu_733rUMuBKzGE-jKAoYS2ywo0aKU-2rY2ne9vQjOhIj_qq38PU9aGxfivmcIyvTu3ARD9e2nwhSiWpZca_HNIoPpXFAblGxVtcMgNixEbha/s1600/Screen+Shot+2016-06-02+at+22.23.54.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="348" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3winOgfGkSf_lbm3yUxAKyvOcunnlBSOWu_733rUMuBKzGE-jKAoYS2ywo0aKU-2rY2ne9vQjOhIj_qq38PU9aGxfivmcIyvTu3ARD9e2nwhSiWpZca_HNIoPpXFAblGxVtcMgNixEbha/s640/Screen+Shot+2016-06-02+at+22.23.54.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;"><br /></span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Download
and extract the “Metasploitable 2 Linux” virtual machine
installation zip file from
<a href="https://sourceforge.net/projects/metasploitable/files/Metasploitable2/">https://sourceforge.net/projects/metasploitable/files/Metasploitable2/</a></span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
3</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQ_Bzv14FypNsoN4x7k7yUq8d4UPbOUNVSSEiPV2ddxOKbt6pTjY_fYTdkAB3nKcXi8L4EsLIsHUyVsl197ZDYJS4V6w9IEVbqP0fOx0cqe3ObaQ7BGyWIwLaDkwfGOELXTaiURapfSz9-/s1600/Screen+Shot+2016-06-02+at+22.24.13.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="348" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQ_Bzv14FypNsoN4x7k7yUq8d4UPbOUNVSSEiPV2ddxOKbt6pTjY_fYTdkAB3nKcXi8L4EsLIsHUyVsl197ZDYJS4V6w9IEVbqP0fOx0cqe3ObaQ7BGyWIwLaDkwfGOELXTaiURapfSz9-/s640/Screen+Shot+2016-06-02+at+22.24.13.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-style: normal;"><b>3.
Install VirtualBox and the Extension Pack</b></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Browse
to where you downloaded the “VirtualBox 5.0.20” installation disk
image file and run it. You should see a screen similar to the one
below. Just click “Continue”.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
4</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhArpk4w_nJ9na6Mwj_ULz9gzrA08tGfzbiFDqd5xO5L4ztJCYHQ-50BadsM8ONKRNjdRh1jSFkzAlMVDKcLrtLVe0uN6knpqXOJSi7tSYzGH0QictzVXm10oWSA_UzhY6Y9AWa33VbOKgT/s1600/Screen+Shot+2016-06-02+at+22.31.11.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhArpk4w_nJ9na6Mwj_ULz9gzrA08tGfzbiFDqd5xO5L4ztJCYHQ-50BadsM8ONKRNjdRh1jSFkzAlMVDKcLrtLVe0uN6knpqXOJSi7tSYzGH0QictzVXm10oWSA_UzhY6Y9AWa33VbOKgT/s640/Screen+Shot+2016-06-02+at+22.31.11.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">You'll
be presented with a screen similar to the one below. Just click
“Install”.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
5</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwBYHCeaOdqh9ffX8NVlRY8tmNvlIl_8AgKELDSRrJYXgivwRD5IPUH5HkUwnG7UQVkmw1rvJ5xuuUWeNh8m6me0RmRbU6LOIZo2un153X_nQ1NfDnK1kKtAYvihtVLmsNJ6siNBWMtuDx/s1600/Screen+Shot+2016-06-02+at+22.32.32.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwBYHCeaOdqh9ffX8NVlRY8tmNvlIl_8AgKELDSRrJYXgivwRD5IPUH5HkUwnG7UQVkmw1rvJ5xuuUWeNh8m6me0RmRbU6LOIZo2un153X_nQ1NfDnK1kKtAYvihtVLmsNJ6siNBWMtuDx/s640/Screen+Shot+2016-06-02+at+22.32.32.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Once
the installation completes your screen should like similar to the one
below. Just click “Close”.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
6</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgI08ODmKvrKvRMNX10Doec2ZaWRka-Xx66I114x3tTkELhMbSlwyfGYsbnZwJkP5Gmlpt4XDwnoGp9W0VyUjW7wkXHzq1aM2HA0wqxvOvWk-oUJsw-jZ1tLcsA2-J7tTJgykm-PgONQas3/s1600/Screen+Shot+2016-06-02+at+22.38.23.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="480" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgI08ODmKvrKvRMNX10Doec2ZaWRka-Xx66I114x3tTkELhMbSlwyfGYsbnZwJkP5Gmlpt4XDwnoGp9W0VyUjW7wkXHzq1aM2HA0wqxvOvWk-oUJsw-jZ1tLcsA2-J7tTJgykm-PgONQas3/s640/Screen+Shot+2016-06-02+at+22.38.23.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Browse
to where you downloaded the “VirtualBox 5.0.20 Oracle VM VirtualBox
Extension Pack” installation file and run it. VirtualBox will open
and you should see a screen similar to the one below. Just click
“Install”.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
7</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzhi7WgvmsttVPNgMVU6UxfUEsJOEgQw3oBe3KIiamPri8RfdKEv1UIHbUcdoNclQH0mbFa9z6UERviqDtFVHmgsC-Djkc3ahaWmgUK2P7mP9ABRcav5yy59NXB03nZxyKjy5eHcAZg9X3/s1600/Screen+Shot+2016-06-02+at+22.51.32.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="546" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzhi7WgvmsttVPNgMVU6UxfUEsJOEgQw3oBe3KIiamPri8RfdKEv1UIHbUcdoNclQH0mbFa9z6UERviqDtFVHmgsC-Djkc3ahaWmgUK2P7mP9ABRcav5yy59NXB03nZxyKjy5eHcAZg9X3/s640/Screen+Shot+2016-06-02+at+22.51.32.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">The
installer will require you to scroll through the “VirtualBox
Personal Use and Evaluation License (PUEL)” and click “I Agree”
similar to the screenshot below. Click “I Agree”.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
8</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhv-URt3OB932ylgHyPHM9gdADfQCEomASAuWyys9K6FKXaMsC3q7n-LZeyQzSD_gRA0jPpSUwG3iVu_4hBx2L_BtM24LaTen2KDZIdfE9kLggCN2v_GFSe6kRJGy1lH5ExxjtCJIHMvdj_/s1600/Screen+Shot+2016-06-02+at+22.51.54.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="524" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhv-URt3OB932ylgHyPHM9gdADfQCEomASAuWyys9K6FKXaMsC3q7n-LZeyQzSD_gRA0jPpSUwG3iVu_4hBx2L_BtM24LaTen2KDZIdfE9kLggCN2v_GFSe6kRJGy1lH5ExxjtCJIHMvdj_/s640/Screen+Shot+2016-06-02+at+22.51.54.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">The
installer will provide the following notification when installation
is complete. Click “OK”.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
9</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjR8f2s7PN5g2Q-Ad8VOD6MGL6fwznZOvqyDPCAM46lD4mVYhrcVjZ6w5AUMffFJY44suyV-0ySsBSN-FIgF5YNZhGEiHcMy-rzodZ2NtsHH0U3ODuA17i2uESCNdX12nWiRlkZhdXAPmd_/s1600/Screen+Shot+2016-06-02+at+22.52.12.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="546" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjR8f2s7PN5g2Q-Ad8VOD6MGL6fwznZOvqyDPCAM46lD4mVYhrcVjZ6w5AUMffFJY44suyV-0ySsBSN-FIgF5YNZhGEiHcMy-rzodZ2NtsHH0U3ODuA17i2uESCNdX12nWiRlkZhdXAPmd_/s640/Screen+Shot+2016-06-02+at+22.52.12.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">You
will be presented with the VirtualBox Welcome screen. Congratulations
you have completed the base installation of VirtualBox. There is more
configuration to come.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
10</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaN8oU9VhycdEvhSD9jVg-1FpAirnXrG_tYw449h860aCwI8EUjgeNP4S82eQi63FZVxTZ8OD1vraqGICj1eFLrPZ9Gmu4I_WJSlpY5FA5hkjHqEzqmTYlxInQ5iBfcHmXDZaDkFfmr8aK/s1600/Screen+Shot+2016-06-02+at+22.52.25.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="546" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaN8oU9VhycdEvhSD9jVg-1FpAirnXrG_tYw449h860aCwI8EUjgeNP4S82eQi63FZVxTZ8OD1vraqGICj1eFLrPZ9Gmu4I_WJSlpY5FA5hkjHqEzqmTYlxInQ5iBfcHmXDZaDkFfmr8aK/s640/Screen+Shot+2016-06-02+at+22.52.25.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-style: normal;"><b>4.
Create the Virtual Host Virtual Machines and Configure Virtual Host
Networking</b></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><i><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">4.1.
Create Kali Linux Host Virtual Machine and Basically Configure</span></i></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Open
VirtualBox and Click on the “New” icon at the top left of the
VirtualBox user interface</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Screenshot 11</span></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBdZ13V-m4k9SLwjdtvUC3ruCm_okR2iKLCy61qtffeRBZ4S4Z5izH5CMLAbFncVdAniYLDjbTUHKo3nWxUT9rnsfc__v6GsiQ-0xC6U6wrYu0KL7KLYn29MkNsBzPduJj4wqLkgrM7Q9v/s1600/Screen+Shot+2016-06-02+at+23.01.26.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="546" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBdZ13V-m4k9SLwjdtvUC3ruCm_okR2iKLCy61qtffeRBZ4S4Z5izH5CMLAbFncVdAniYLDjbTUHKo3nWxUT9rnsfc__v6GsiQ-0xC6U6wrYu0KL7KLYn29MkNsBzPduJj4wqLkgrM7Q9v/s640/Screen+Shot+2016-06-02+at+23.01.26.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Once you have clicked t<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-weight: normal;">he
“New” icon at the top left of the VirtualBox user interface, you
should be presented with a screen similar to the following. In this
screen enter “Kali Linux” in the “Name” field, “Linux” in
the “Type” field and “Debian (64-bit)” in the “Version”
field. Once done, click “Continue”.</span></span></span></span></span></strong></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
12</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIE9pG-PK1NKmj18jZs6u-QB8gc8jMeqswJTYXDlcMY0qGVo9-ofXfHYw8A9a18jTWNak7Jrb3vbpW3BDiRn3bE5cTk-fqOyUEWgJar7ImnHmEOdB6dPUsgCKn2IBwYB5gwlMjYJOJpbZK/s1600/Screen+Shot+2016-06-02+at+23.05.31.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="546" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIE9pG-PK1NKmj18jZs6u-QB8gc8jMeqswJTYXDlcMY0qGVo9-ofXfHYw8A9a18jTWNak7Jrb3vbpW3BDiRn3bE5cTk-fqOyUEWgJar7ImnHmEOdB6dPUsgCKn2IBwYB5gwlMjYJOJpbZK/s640/Screen+Shot+2016-06-02+at+23.05.31.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">You
should now be presented with the following screen. Enter “1024”
for the memory size, then click “Continue”.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
13</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoLaCOWByMLXS5FbXtbGZXvdL9APCLcSWCI1BmMNZ1i1eEvFaWc8NTuW6MwUF5zIMK6WsDQxm_qzo35iXTBpaWTYgNLaKkEo7IVYyBRNCdvSLiI_bArynG5HdRKGs_5JldBXhbfD_AmlPS/s1600/Screen+Shot+2016-06-02+at+23.10.01.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="546" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjoLaCOWByMLXS5FbXtbGZXvdL9APCLcSWCI1BmMNZ1i1eEvFaWc8NTuW6MwUF5zIMK6WsDQxm_qzo35iXTBpaWTYgNLaKkEo7IVYyBRNCdvSLiI_bArynG5HdRKGs_5JldBXhbfD_AmlPS/s640/Screen+Shot+2016-06-02+at+23.10.01.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">You'll
now be asked to create a virtual hard disk via a number of options.
Select the “Create a virtual hard disk now” option then click the
“Create” button.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
14</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhu05M5NZcM1SdUdLsPNV9hY2xj3edupQ6KE8qhtfS1rbn_bbJaIhBq29K9r0QCL8kMJiQr_hvIr62Jn0BztC63yJRnEK5WFk2nMMkO3bS1aNrslT_xpnfVvx_rzD26tfPAFbBKkTmUNBnU/s1600/Screen+Shot+2016-06-02+at+23.18.39.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="546" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhu05M5NZcM1SdUdLsPNV9hY2xj3edupQ6KE8qhtfS1rbn_bbJaIhBq29K9r0QCL8kMJiQr_hvIr62Jn0BztC63yJRnEK5WFk2nMMkO3bS1aNrslT_xpnfVvx_rzD26tfPAFbBKkTmUNBnU/s640/Screen+Shot+2016-06-02+at+23.18.39.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">You'll
then be asked to choose the type of file that you would like to use
for the new virtual hard disk. Select “VDI (VirtualBox Disk Image)”
then click “Continue”.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
15</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEDN28olKGUFB9L6HiJZ_1eqrNkMmJGZDQD2f7IPv1G07bMSca-VAViX_g6o7FjA5ADm_hCBSxtXVrX6cexGBsLQ2zxvzNcdV3eH8ImCIK6HMG9XMHI5Zf9OCzRaXLDPlChoD0L73E-zw5/s1600/Screen+Shot+2016-06-02+at+23.23.59.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="546" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEDN28olKGUFB9L6HiJZ_1eqrNkMmJGZDQD2f7IPv1G07bMSca-VAViX_g6o7FjA5ADm_hCBSxtXVrX6cexGBsLQ2zxvzNcdV3eH8ImCIK6HMG9XMHI5Zf9OCzRaXLDPlChoD0L73E-zw5/s640/Screen+Shot+2016-06-02+at+23.23.59.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;"><br /></span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;"><br /></span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">The
next screen requests whether you want a dynamically allocated size or
a fixed size per below. Select the “Dynamically allocated” option
then click “Continue”.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
16</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjN0azT7C2Ynwqf2pCJxXCZOjP3MJbjGnCrdolbKgOT9WIFjUOIuf9N8_loYjspj9R4oY2RdC58n3-WD723sSNFXmdOQqW3MgKVksS0MSUb5VYGXlGom_TIvtfRe96ASxMQfUIngtxoBMHX/s1600/Screen+Shot+2016-06-02+at+23.28.33.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="546" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjN0azT7C2Ynwqf2pCJxXCZOjP3MJbjGnCrdolbKgOT9WIFjUOIuf9N8_loYjspj9R4oY2RdC58n3-WD723sSNFXmdOQqW3MgKVksS0MSUb5VYGXlGom_TIvtfRe96ASxMQfUIngtxoBMHX/s640/Screen+Shot+2016-06-02+at+23.28.33.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">The
next screen asks where you'd like to store the virtual hard disk and
also its maximum size. The name field should read “Kali Linux”
and the size field should ideally be “20” Gbs. Once done, click
“Create”.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
17</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGvPshAyt9AGYVn3pcJTV8hmtQoN1f5gYjJGOxFxuFCdeqATauST2BMwXGQ4y1ALiNiekov_GzbgicBuzaBBaMkF6lQ76uatuo1xOJS4EsMro9mVtXe9LBGw4Kzs6dVX1DXCdknWtIHSx4/s1600/Screen+Shot+2016-06-02+at+23.29.50.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="546" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGvPshAyt9AGYVn3pcJTV8hmtQoN1f5gYjJGOxFxuFCdeqATauST2BMwXGQ4y1ALiNiekov_GzbgicBuzaBBaMkF6lQ76uatuo1xOJS4EsMro9mVtXe9LBGw4Kzs6dVX1DXCdknWtIHSx4/s640/Screen+Shot+2016-06-02+at+23.29.50.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">You
should now see the following screen detailing the key configuration
information for this virtual machine. Click the “Settings” icon
at the top left of the screen.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
18</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJc8q6gcqbUxZaNXiKL-QUobbAbkcNsiWyWUGWf1pNgblsbdBuT_EkHqlNebAfzldfgyQue4rxUEd7CJBvVaT7YJ0XcMOVP81F09OQllANwo_lPBvJcYXGshDQzPhxPb1zd0IV39gbfGkA/s1600/Screen+Shot+2016-06-02+at+23.37.20.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="514" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJc8q6gcqbUxZaNXiKL-QUobbAbkcNsiWyWUGWf1pNgblsbdBuT_EkHqlNebAfzldfgyQue4rxUEd7CJBvVaT7YJ0XcMOVP81F09OQllANwo_lPBvJcYXGshDQzPhxPb1zd0IV39gbfGkA/s640/Screen+Shot+2016-06-02+at+23.37.20.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">You
should now see the following settings interface. Click on the
“System” icon appearing at the top menu.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
19</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAH42VvEqFlbvx2Hyyhgeq_xAVuHOUoLuL1O7GeM6T3TgzX-jrD2RX34lWwUoD8HKitXl8UNma-xmonu2jEryYYxZhyphenhyphenLfEw4AkQjo5I-bN0Pubw9Dd-kvMmY4h0tzRwKXF_CV5tPbAOZyM/s1600/Screen+Shot+2016-06-02+at+23.40.17.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="432" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAH42VvEqFlbvx2Hyyhgeq_xAVuHOUoLuL1O7GeM6T3TgzX-jrD2RX34lWwUoD8HKitXl8UNma-xmonu2jEryYYxZhyphenhyphenLfEw4AkQjo5I-bN0Pubw9Dd-kvMmY4h0tzRwKXF_CV5tPbAOZyM/s640/Screen+Shot+2016-06-02+at+23.40.17.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Once
you've clicked on the “System” icon, click on the “Processor”
tab, select the “Enable PAE/NX” extended features option.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
20</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXTxJYzRITwxN8NgYIa_Nw1nZH8Wkhynt_ou4IZxRNAVBj4EQXJHggDxf5oddUBFUQHoVKlxgDq9tViop_Y_GvpzP8tX8oZzLEUvGfOO-UiHfXrgW9DNth5GgVzJk46Db9oqSl7ymbFlpX/s1600/Screen+Shot+2016-06-02+at+23.46.20.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="508" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXTxJYzRITwxN8NgYIa_Nw1nZH8Wkhynt_ou4IZxRNAVBj4EQXJHggDxf5oddUBFUQHoVKlxgDq9tViop_Y_GvpzP8tX8oZzLEUvGfOO-UiHfXrgW9DNth5GgVzJk46Db9oqSl7ymbFlpX/s640/Screen+Shot+2016-06-02+at+23.46.20.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Next
click on the “Display” icon appearing at the top menu, then under
the “Acceleration” options, select “Enable 3D Acceleration”
then click “OK” to save these basic configuration settings (we'll
be doing some final network configuration later).</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
21</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKwrGzGEDvlbZxr26QiM3XgRnUgfmqIDcojxbZ4kLnYhHJsSJfjrp8NhqC0ffk5_Fal8ovdEzQipHmmr17HFhnsuW7yJGdTBYZbOOwSZxCCHVwp1p8Ymm2dbgGre7K9ZlJGxiBZOB5PmLj/s1600/Screen+Shot+2016-06-02+at+23.55.51.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="524" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKwrGzGEDvlbZxr26QiM3XgRnUgfmqIDcojxbZ4kLnYhHJsSJfjrp8NhqC0ffk5_Fal8ovdEzQipHmmr17HFhnsuW7yJGdTBYZbOOwSZxCCHVwp1p8Ymm2dbgGre7K9ZlJGxiBZOB5PmLj/s640/Screen+Shot+2016-06-02+at+23.55.51.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><i><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">4.2.
Create Metasploitable 2 Linux Host Virtual Machine and Basically
Configure</span></i></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-weight: normal;">Open
VirtualBox and Click on the “New” icon at the top left of the
VirtualBox user interface. </span></span></span></span></span></strong>Once
you have clicked t<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-weight: normal;">he
“New” icon at the top left of the VirtualBox user interface, you
should be presented with a screen similar to the following. In this
screen enter “Metasploitable 2 Linux” in the “Name” field,
“Linux” in the “Type” field and “Ubuntu (32-bit)” in the
“Version” field. Once done, click “Continue”.</span></span></span></span></span></strong></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
22</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBOayFXDtLped67jdrB2PWTLv3rvzWw39rwhkejMqKNcnT_Qx4mhraNjirS0cCcoKH0e0UYbopIdg98dP2O1sfENhdCQiCbYLnzlKW4mcJY_SqLrQ_rQ1VX9e7pKa8XKDfEfzpQe0BKRnN/s1600/Screen+Shot+2016-06-03+at+00.02.22.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="514" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBOayFXDtLped67jdrB2PWTLv3rvzWw39rwhkejMqKNcnT_Qx4mhraNjirS0cCcoKH0e0UYbopIdg98dP2O1sfENhdCQiCbYLnzlKW4mcJY_SqLrQ_rQ1VX9e7pKa8XKDfEfzpQe0BKRnN/s640/Screen+Shot+2016-06-03+at+00.02.22.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">You
should now be presented with the following screen. Enter “512”
for the memory size, then click “Continue”.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
23</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifflXfJZWtX5tSjUGQhGc83JhREntUC8zmKulq5SWd7GMq9mJ9jmMKK3i-qV3Hth9v13C3t7EcfLSaRIR2_LJ19h4SVtSc_CQZzilPhlwP5ZXh4IAkmzsbDOQqKpNdencUU3vMoqvRfBHS/s1600/Screen+Shot+2016-06-03+at+00.04.44.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="514" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifflXfJZWtX5tSjUGQhGc83JhREntUC8zmKulq5SWd7GMq9mJ9jmMKK3i-qV3Hth9v13C3t7EcfLSaRIR2_LJ19h4SVtSc_CQZzilPhlwP5ZXh4IAkmzsbDOQqKpNdencUU3vMoqvRfBHS/s640/Screen+Shot+2016-06-03+at+00.04.44.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">You'll
now be asked to create a virtual hard disk via a number of options.
Select the “Use an existing virtual hard disk file” option and
navigate to where you extracted the “Metasploitable 2 Linux”
virtual machine installation zip file, and locate and select the
“Metasploitable.vmdk” file. Once done, click the “Create”
button.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
24</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHuQ5xnIm5ehd41p9onIiNV_nv4gtXeQYeabIUmPROBlGRCHV15W-QrS4B_2KWOABSKS921EPtz2KUergECypRQJ4cWNvubXRvY5hTFJFKw9_V4VHm0Iz0_iCu6IctfKrVqD3Z7gfC8VBz/s1600/Screen+Shot+2016-06-03+at+00.07.34.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="514" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHuQ5xnIm5ehd41p9onIiNV_nv4gtXeQYeabIUmPROBlGRCHV15W-QrS4B_2KWOABSKS921EPtz2KUergECypRQJ4cWNvubXRvY5hTFJFKw9_V4VHm0Iz0_iCu6IctfKrVqD3Z7gfC8VBz/s640/Screen+Shot+2016-06-03+at+00.07.34.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Once
you click “Create” you should now be taken back to the main
screen and see both your virtual machines setup and ready to host the
Kali Linux and Metasploitable 2 Linux Operating Systems that we'll
install soon. First of all we need to complete some basic networking
configuration.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><i><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">4.3.
Basic Networking Configuration</span></i></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Open
the “VirtualBox” menu and click on “Preferences”.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
25</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivNz_1cAxHD-RLVh5uE5yYMvJrDP-DOWMnvonhXn9BWFPcsc5KA4K3GbVGlWhGnSrlJ4oFWiWycisy5A4y8hjGp_mOCSxvtHuBIwdmkdbmtik3RfRZ5rNGGgbcT0HhR3r4mQQu3GKKBLlh/s1600/Screen+Shot+2016-06-03+at+00.21.16.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="514" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivNz_1cAxHD-RLVh5uE5yYMvJrDP-DOWMnvonhXn9BWFPcsc5KA4K3GbVGlWhGnSrlJ4oFWiWycisy5A4y8hjGp_mOCSxvtHuBIwdmkdbmtik3RfRZ5rNGGgbcT0HhR3r4mQQu3GKKBLlh/s640/Screen+Shot+2016-06-03+at+00.21.16.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Within
the “Preferences” interface select the “Network” top level
menu item, click on host only networks, then click on the “Add new
host only network” icon to the right.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
26</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBr314ys-buZL3V2nCkQUcfvBJhXEATJYQBnHS9NPV3G847HOyX07ChsaSbr0hh2zYr9UnG0lCsF6Qt4nQ9sqssv0iK3-DFeIQ8Z89ZiDdS35hvMpGwZ-fphUoDOT8330aoMwJMu7HLmwq/s1600/Screen+Shot+2016-06-03+at+00.22.55.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="474" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBr314ys-buZL3V2nCkQUcfvBJhXEATJYQBnHS9NPV3G847HOyX07ChsaSbr0hh2zYr9UnG0lCsF6Qt4nQ9sqssv0iK3-DFeIQ8Z89ZiDdS35hvMpGwZ-fphUoDOT8330aoMwJMu7HLmwq/s640/Screen+Shot+2016-06-03+at+00.22.55.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Once
you add the new host only network, a new “vboxnet0” network is
created that requires some further configuration.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
27</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRAh3i7QG7DRYkW7GbKJ8N8rtcQElhx8PEuC1u-QjdvjHN9Z2ygrTQU-cG0kLyu-p5iLQ2StyfCUNJj1kEGraqrfONTce6wYReIs95vJ_Seph5-DWAJNuFHZ6cUDABlcWCNwhRirGQ_Tvu/s1600/Screen+Shot+2016-06-03+at+00.23.14.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="474" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRAh3i7QG7DRYkW7GbKJ8N8rtcQElhx8PEuC1u-QjdvjHN9Z2ygrTQU-cG0kLyu-p5iLQ2StyfCUNJj1kEGraqrfONTce6wYReIs95vJ_Seph5-DWAJNuFHZ6cUDABlcWCNwhRirGQ_Tvu/s640/Screen+Shot+2016-06-03+at+00.23.14.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Select
the vboxnet0 network then click on the “Edit selected host only
network” icon to the right to display the following dialog.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
28</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDXkaoFrs9YHHA_l05ZX3Kw2i15xBUX3xwYhnhXDLaolOEqi0D0Ki6MbiIDriycV7eIisuphjUP59ZkNpLm06ObG6gfjOHaABGVaQ2KKD6r85SJbFcuJsakbB4z-lHYOBmE3U3lxaQZiux/s1600/Screen+Shot+2016-06-03+at+00.23.34.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="474" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDXkaoFrs9YHHA_l05ZX3Kw2i15xBUX3xwYhnhXDLaolOEqi0D0Ki6MbiIDriycV7eIisuphjUP59ZkNpLm06ObG6gfjOHaABGVaQ2KKD6r85SJbFcuJsakbB4z-lHYOBmE3U3lxaQZiux/s640/Screen+Shot+2016-06-03+at+00.23.34.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Click
on the “DHCP Server” tab and fill in the details as shown in the
screenshot below. Once done, click “OK”.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
29</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLlAN5V8dPPLFPyvjxHEggWM63ZRbHZPRIlIt_Ys5SXD-EouTvtJnvXJrFwCHSUEpVjlaKBYgxftK87NSSirn96rqJ6Exsknga_sJa59tghRlF1zRzzXtRM9kElqcjxRQlGWtpu7LTKJS4/s1600/Screen+Shot+2016-06-03+at+00.26.20.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="474" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLlAN5V8dPPLFPyvjxHEggWM63ZRbHZPRIlIt_Ys5SXD-EouTvtJnvXJrFwCHSUEpVjlaKBYgxftK87NSSirn96rqJ6Exsknga_sJa59tghRlF1zRzzXtRM9kElqcjxRQlGWtpu7LTKJS4/s640/Screen+Shot+2016-06-03+at+00.26.20.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Click
“OK” again to go back to the main screen.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
30</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizyJfBjywl9tG8cqe44am30JiVutiUuNPMLHQrvifWJDb7ateCTycfxfhbfmtTj1XU8RY5fNOk7NIJJdCnDcBVTd8IzRieQ8FoFAg7XzZSMTTQbmRpEnKwaegvrnVUWYvVCJtX21SLC8wm/s1600/Screen+Shot+2016-06-03+at+00.26.58.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="474" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizyJfBjywl9tG8cqe44am30JiVutiUuNPMLHQrvifWJDb7ateCTycfxfhbfmtTj1XU8RY5fNOk7NIJJdCnDcBVTd8IzRieQ8FoFAg7XzZSMTTQbmRpEnKwaegvrnVUWYvVCJtX21SLC8wm/s640/Screen+Shot+2016-06-03+at+00.26.58.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;"><br /></span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;"><br /></span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-weight: normal;">Now
we need to configure the Virtual machines. We'll configure the Kali
Linux “Attacker” machine with two network adapters (one for acces
to the internet, the other for access to the “Target”
network/machine). </span></span></span></span></span></strong>
</span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">We'll
start with the Kali Linux virtual machine. Select the Kali Linux
machine in the main window and click the “Settings” icon.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
31</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9rGV57L1OU8o7SRd-p6Tasx0MnP-BCeP-6Xhin61r4bw1w8IcOjOWWkj4pGY9c3CKrDlevc5yJzyf-M4fJ85TmLyeLOeVM-rmW8Pgz-3aBT0qtWX4wsGZn0HKac5j10GE5uZuBqhAGDMs/s1600/Screen+Shot+2016-06-03+at+06.50.25.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="514" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9rGV57L1OU8o7SRd-p6Tasx0MnP-BCeP-6Xhin61r4bw1w8IcOjOWWkj4pGY9c3CKrDlevc5yJzyf-M4fJ85TmLyeLOeVM-rmW8Pgz-3aBT0qtWX4wsGZn0HKac5j10GE5uZuBqhAGDMs/s640/Screen+Shot+2016-06-03+at+06.50.25.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Once
you've clicked the “Settings”, click on the “Network” menu
item across the top, then click on the “Adapter 1” tab. In this
tab select the “Enable Network Adapter” option and in the
“Attached to:” select “Bridged Adapter”. Also select “Name:”
as your host machine's network adapter. Finally, click on the
“Advanced” roll-up and ensure that “Cable Connected” is
checked.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
32</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgn0RU2Ej2_w8sn-ewWDpMSyvREiib54QEoIwNe03X5Y7s9JhplevYTe6jyJsmRZTfxl_k20qS84ld0pe1U_LyrvtVuc_tAOwBwYcjsx1HP_f_RV23qc4wgsmk5oGzTl_SvsNJwNBLbX6uZ/s1600/Screen+Shot+2016-06-03+at+07.15.47.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="498" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgn0RU2Ej2_w8sn-ewWDpMSyvREiib54QEoIwNe03X5Y7s9JhplevYTe6jyJsmRZTfxl_k20qS84ld0pe1U_LyrvtVuc_tAOwBwYcjsx1HP_f_RV23qc4wgsmk5oGzTl_SvsNJwNBLbX6uZ/s640/Screen+Shot+2016-06-03+at+07.15.47.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Click
on the “Adapter 2” tab and select the “Enable Network Adapter”
option and in the “Attached to:” select “Host-only Adapter”.
Also select “Name:” as the “vboxnet0” adapter you setup
earlier. Finally, click on the “Advanced” roll-up and ensure that
“Cable Connected” is checked.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
33</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoOei0XoX4Dk0EtnNr3fMLld8wBpu8KMgwX_nalAEXnRYVjlKJ9Q_XO6Rq7g2pSncON6cFEsXUekvbEG6JCmk3Ypp4V6ELQLcF0PIqKe4fEcr2pFIa6Sj5qHb-Nj36ZOW7zoRAJN4_P3UL/s1600/Screen+Shot+2016-06-03+at+07.21.05.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="498" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoOei0XoX4Dk0EtnNr3fMLld8wBpu8KMgwX_nalAEXnRYVjlKJ9Q_XO6Rq7g2pSncON6cFEsXUekvbEG6JCmk3Ypp4V6ELQLcF0PIqKe4fEcr2pFIa6Sj5qHb-Nj36ZOW7zoRAJN4_P3UL/s640/Screen+Shot+2016-06-03+at+07.21.05.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">We'll
finish with the Metasploitable 2 Linux virtual machine. Select the
Metasploitable 2 Linux machine in the main window and click the
“Settings” icon. Once you've clicked the “Settings”, click on
the “Network” menu item across the top, then click on the
“Adapter 1” tab. In this tab select the “Enable Network
Adapter” option and in the “Attached to:” select “Host-only
Adapter”. Also select “Name:” as the “vboxnet0” adapter you
setup earlier. Finally, click on the “Advanced” roll-up and
ensure that “Cable Connected” is checked.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
34</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifn27I4peFok_4cxARUIj2meaYpMlGqClUfRPpgMANP8xiuXC20zM6LjSW2cUsLoWLCJcexpxxkJsltj8wU1fNDXr_ZjfsM01tlB12War6vyjj3ZYH4WiraC-065cJ52H2GZYaDu3AVAqB/s1600/Screen+Shot+2016-06-03+at+07.28.14.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="498" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifn27I4peFok_4cxARUIj2meaYpMlGqClUfRPpgMANP8xiuXC20zM6LjSW2cUsLoWLCJcexpxxkJsltj8wU1fNDXr_ZjfsM01tlB12War6vyjj3ZYH4WiraC-065cJ52H2GZYaDu3AVAqB/s640/Screen+Shot+2016-06-03+at+07.28.14.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Congratulations,
you have successfully completed the VirtualBox setup. Now on to
installing the Linux operating systems on the virtual machines.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-style: normal;"><b>5.
Install Kali Linux and Complete Network Configuration</b></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Click
on the Kali Linux virtual machine and then click on the “[Optical
Drive]” link under “Storage” at the “IDE Secondary Master:”
and when the menu appears select the “Choose disk image ...”
option and when the file chooser appears open the “Kali Linux 64
bit” installation ISO file you downloaded earlier. Once done, click
on the “Start” icon at the top of the screen to start the Kali
Linux virtual machine with the loaded “Kali Linux 64 bit”
installation disk image.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
35 & 36</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfnz692DfUdxvJL9mC8WKtegBLi8rOexPjYZynI8VbFtre3ZMKYYnyGfXD3tWwjI9duFUDbD2nK425KBOL3LZhRQkeI-UEnfTRWnEUCsJXyL6GAro18bRliSS6GglTlu2GX44fJ_njB76K/s1600/Screen+Shot+2016-06-03+at+22.49.59.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="502" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfnz692DfUdxvJL9mC8WKtegBLi8rOexPjYZynI8VbFtre3ZMKYYnyGfXD3tWwjI9duFUDbD2nK425KBOL3LZhRQkeI-UEnfTRWnEUCsJXyL6GAro18bRliSS6GglTlu2GX44fJ_njB76K/s640/Screen+Shot+2016-06-03+at+22.49.59.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJM_z3WELhGrAM9jozIdI4RCcNuJSZNJjSib046w1EUL1ifp8lymtfB7hykVprDYta4CBaHeQyZSJow2RWmOa9Hi3RyE4BNX2aHdUtvrheLbhJOVxp0trjdqxZyKgvv0WZ_VEnv83U4tDY/s1600/Screen+Shot+2016-06-03+at+22.50.28.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="514" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJM_z3WELhGrAM9jozIdI4RCcNuJSZNJjSib046w1EUL1ifp8lymtfB7hykVprDYta4CBaHeQyZSJow2RWmOa9Hi3RyE4BNX2aHdUtvrheLbhJOVxp0trjdqxZyKgvv0WZ_VEnv83U4tDY/s640/Screen+Shot+2016-06-03+at+22.50.28.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">The
following screen will load within the Kali Linux virtual machine.
When the “Boot menu” appears select the “Graphical install”
option using the cursor keys and hitting Enter.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;"><br /></span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
37</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3V9MKoqzBZkgBc4GYZsoRCeFmRf1JL3UQfMhbjQe_P5sp5k96E05GQ4oLReFRqV4OF_dMJK3abz1SNlRNzFbgdZNTQedeGiG_tKjbR3CJS6zhxAxxpzgxMX2Ye8blES9pWQq9UVNmSNdB/s1600/Screen+Shot+2016-06-03+at+22.56.33.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="540" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3V9MKoqzBZkgBc4GYZsoRCeFmRf1JL3UQfMhbjQe_P5sp5k96E05GQ4oLReFRqV4OF_dMJK3abz1SNlRNzFbgdZNTQedeGiG_tKjbR3CJS6zhxAxxpzgxMX2Ye8blES9pWQq9UVNmSNdB/s640/Screen+Shot+2016-06-03+at+22.56.33.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;"><br /></span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">In
the following screen, select your language (I've used English) then
click Continue.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
38</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIp8sl06OQCwW-hgQS0I0S4XLTXTTC-Jyq6tinIqBb9NZq6hx2GFgTxc9AfF63xNO_LXdKI5isxTKjYrUrCoRAEKIjZ-SvSoiodh-qVKz4eFIprJxgvwGXcjo2JzNxRWDKg7FSFEAp2LlX/s1600/Screen+Shot+2016-06-03+at+22.58.55.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIp8sl06OQCwW-hgQS0I0S4XLTXTTC-Jyq6tinIqBb9NZq6hx2GFgTxc9AfF63xNO_LXdKI5isxTKjYrUrCoRAEKIjZ-SvSoiodh-qVKz4eFIprJxgvwGXcjo2JzNxRWDKg7FSFEAp2LlX/s640/Screen+Shot+2016-06-03+at+22.58.55.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">In
the following screen, select your location (I've used United Kingdom)
then click Continue.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
39</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSRqOUn1FZ37oirxInMQwphDBbXJcPJUxcCV5OcY4TTij5aBPntpGXstOEssiydsxlC9gaPB-ICU78H0UJ0GGE8EH_gKwvk3I7cfPjxhOeqXICoq3TahvArMixJcXhIodWSBiRzry9ILQV/s1600/Screen+Shot+2016-06-03+at+22.59.18.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSRqOUn1FZ37oirxInMQwphDBbXJcPJUxcCV5OcY4TTij5aBPntpGXstOEssiydsxlC9gaPB-ICU78H0UJ0GGE8EH_gKwvk3I7cfPjxhOeqXICoq3TahvArMixJcXhIodWSBiRzry9ILQV/s640/Screen+Shot+2016-06-03+at+22.59.18.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">In
the following screen, select your keyboard language (I've used
British English) then click Continue.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
40</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivfZwBVip6COKekThKmJNKpilD6tIasYeKIqrgdTIZPiNOYpaPPM0nOpRlLy2BJjwY0Ozefm1ZTkcOpOTFi03zc6eiR7Jfgx3AGGN8g10Ytv49X2oUk4AZDXgw26MsTkdQY-o2WB2CS3v6/s1600/Screen+Shot+2016-06-03+at+22.59.31.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivfZwBVip6COKekThKmJNKpilD6tIasYeKIqrgdTIZPiNOYpaPPM0nOpRlLy2BJjwY0Ozefm1ZTkcOpOTFi03zc6eiR7Jfgx3AGGN8g10Ytv49X2oUk4AZDXgw26MsTkdQY-o2WB2CS3v6/s640/Screen+Shot+2016-06-03+at+22.59.31.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">The
installer will now load.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
41</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6_OPSUBGC2XLCV_L4N0QbRrES64yF9csqSIzjB9Dw4-Az9esyb4HEQAmtpTtfEl7QtK-M3ieOPjN3BPxiCe0ABPijwOlJoqlFW-L2uwcXwMDdplkEQX7Rkf6Z5i6O3lkMPLcgpCJiTp5-/s1600/Screen+Shot+2016-06-03+at+22.59.41.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6_OPSUBGC2XLCV_L4N0QbRrES64yF9csqSIzjB9Dw4-Az9esyb4HEQAmtpTtfEl7QtK-M3ieOPjN3BPxiCe0ABPijwOlJoqlFW-L2uwcXwMDdplkEQX7Rkf6Z5i6O3lkMPLcgpCJiTp5-/s640/Screen+Shot+2016-06-03+at+22.59.41.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">In
the following screen, select your network interface then click
Continue.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
42</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSJRAhZzhYtZAX6Edg-jpBT4SV43xVweik5nV6h-yhI_7Mmb_xXEaPZFdh9JUKXuw0ViTe81IGcQH8fbxrRZkRBD5Z2AbrEGzUBEbBscuyhvCO2OCiyT7-BD2G4gLypuCFngnsLcTtcq42/s1600/Screen+Shot+2016-06-03+at+23.00.02.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSJRAhZzhYtZAX6Edg-jpBT4SV43xVweik5nV6h-yhI_7Mmb_xXEaPZFdh9JUKXuw0ViTe81IGcQH8fbxrRZkRBD5Z2AbrEGzUBEbBscuyhvCO2OCiyT7-BD2G4gLypuCFngnsLcTtcq42/s640/Screen+Shot+2016-06-03+at+23.00.02.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">In
the following screen, enter the host name as “kali” then click
Continue.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
43</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRzOhXzcXO7k5ofdCNwGA9Ouz2z9PNkmrE2NbO003-5U5QCPsca0uXw5J6K0qyFK-snYWF3KhvFyD6lF0W2OILb0cOt86wYnbSToiQfogTFsz16oAzNz2vDu9t4PmGKDUaUl49ADB6iVzz/s1600/Screen+Shot+2016-06-03+at+23.00.26.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRzOhXzcXO7k5ofdCNwGA9Ouz2z9PNkmrE2NbO003-5U5QCPsca0uXw5J6K0qyFK-snYWF3KhvFyD6lF0W2OILb0cOt86wYnbSToiQfogTFsz16oAzNz2vDu9t4PmGKDUaUl49ADB6iVzz/s640/Screen+Shot+2016-06-03+at+23.00.26.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">In
the following screen, enter the domain name as “vbnet” then click
Continue.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
44</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTDFnsBkWEApmsyf-ezunPjIDDXkwXRasDgYYyDsdabtVbnnLanxWxHBIGKzBMoT8CgLLY44rScYxMfeCqPJTy6agWfHqT_KK7hjlLuIxtxJaRm4ciza3xFYcyVxhgAw9L8dz3BSFskkxN/s1600/Screen+Shot+2016-06-03+at+23.00.47.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTDFnsBkWEApmsyf-ezunPjIDDXkwXRasDgYYyDsdabtVbnnLanxWxHBIGKzBMoT8CgLLY44rScYxMfeCqPJTy6agWfHqT_KK7hjlLuIxtxJaRm4ciza3xFYcyVxhgAw9L8dz3BSFskkxN/s640/Screen+Shot+2016-06-03+at+23.00.47.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">In
the following screen, create the root password then click Continue.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
45</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeQLgX55qRBnR2ynGYA_SBpegfWev2M5fxX5IsI1QBMTHSBpQ9t2SnBRFOL2l0dEohHRIG5l_8w2rQsMqiQXAk-80NLDC-vUJntwY65hcxyRZUkkO0zqZ5LZyEyxXE5BvXAh9Y0xvjJBCN/s1600/Screen+Shot+2016-06-03+at+23.01.11.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeQLgX55qRBnR2ynGYA_SBpegfWev2M5fxX5IsI1QBMTHSBpQ9t2SnBRFOL2l0dEohHRIG5l_8w2rQsMqiQXAk-80NLDC-vUJntwY65hcxyRZUkkO0zqZ5LZyEyxXE5BvXAh9Y0xvjJBCN/s640/Screen+Shot+2016-06-03+at+23.01.11.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">In
the following screen, select the “Guided – use entire disk”
partitioning option then click Continue.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
46</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2NYNWBUW5kb47VlDZZZQc-HZX1m0c_BM9cj9zsU9BWWeyruxCnKQIJLJ1slkLxT8dgCnjrTIksseB7y7GRvX0NiURsvHS-lAUVe0FTjpIpGNnP3mhLfJmfhL1gyncTGNVYgy8ZXv9C_V7/s1600/Screen+Shot+2016-06-03+at+23.01.35.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2NYNWBUW5kb47VlDZZZQc-HZX1m0c_BM9cj9zsU9BWWeyruxCnKQIJLJ1slkLxT8dgCnjrTIksseB7y7GRvX0NiURsvHS-lAUVe0FTjpIpGNnP3mhLfJmfhL1gyncTGNVYgy8ZXv9C_V7/s640/Screen+Shot+2016-06-03+at+23.01.35.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">In
the following screen, select the vbox hard disk then click Continue.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
47</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEief3_wiSotgjhV-NVqQeEojyt0e0C-VCN_7RR7OApasRiYIHXJiiV-7j0A-RK_mn65kITR6bDiTwJZMJseRCr4wDmCP9wP1kOIg6VUKq3szMU5aOzz2g0D28oDV7vv0op57jguq8J5PwOq/s1600/Screen+Shot+2016-06-03+at+23.01.41.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEief3_wiSotgjhV-NVqQeEojyt0e0C-VCN_7RR7OApasRiYIHXJiiV-7j0A-RK_mn65kITR6bDiTwJZMJseRCr4wDmCP9wP1kOIg6VUKq3szMU5aOzz2g0D28oDV7vv0op57jguq8J5PwOq/s640/Screen+Shot+2016-06-03+at+23.01.41.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">In
the following screen, select the “All files in one partition” for
the partitioning scheme then click Continue.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
48</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-Obc4C2LVumBKBYIFO-EAQYFCxQ-R0MnnjPgij2DjpW_kwHRwm-xvT4B_05qKMwA5RIJZf6IM_DeW-dm0TLYtnBIjaPey9Cqgbmg3LbCL9GjjuK00rHG2HDm4tNFaPj78YXKhIvtR3H2A/s1600/Screen+Shot+2016-06-03+at+23.01.52.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-Obc4C2LVumBKBYIFO-EAQYFCxQ-R0MnnjPgij2DjpW_kwHRwm-xvT4B_05qKMwA5RIJZf6IM_DeW-dm0TLYtnBIjaPey9Cqgbmg3LbCL9GjjuK00rHG2HDm4tNFaPj78YXKhIvtR3H2A/s640/Screen+Shot+2016-06-03+at+23.01.52.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">In
the following screen, select “Finish partitioning and write changes
to disk” then click Continue.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
49</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUIYLj_oU-KhJFA3ki9TYuK8QRlZ83GQpHBpGK2ttmXc-hI4pd2kAfliuMkYGdAmXmkTCTSlqjajB2qy1BaZ4ptOHBhyOcPSTAogpY1vi6r0KA99IHevvbCZR7OIQabFvbD5S3DuEQC3Tk/s1600/Screen+Shot+2016-06-03+at+23.01.59.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUIYLj_oU-KhJFA3ki9TYuK8QRlZ83GQpHBpGK2ttmXc-hI4pd2kAfliuMkYGdAmXmkTCTSlqjajB2qy1BaZ4ptOHBhyOcPSTAogpY1vi6r0KA99IHevvbCZR7OIQabFvbD5S3DuEQC3Tk/s640/Screen+Shot+2016-06-03+at+23.01.59.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">A
confirmation defaulting to “No” will display as follows that
you'll need to change to “Yes” in order to progress with the
install. Then click “Continue”.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
50</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6txWCDta2JegrHfnhMs8pL1JndJWMLNJ8Nc6m-NTWLlloKd_8jzPsWIwmWj3Ureo9vMxmCVOz7HVXtaqxk9xREv87ljHvst1my6Fz1XKi74RHfiycsUxZI1-eB3YuZaFGSFL8Jw1T3VHe/s1600/Screen+Shot+2016-06-03+at+23.02.10.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6txWCDta2JegrHfnhMs8pL1JndJWMLNJ8Nc6m-NTWLlloKd_8jzPsWIwmWj3Ureo9vMxmCVOz7HVXtaqxk9xREv87ljHvst1my6Fz1XKi74RHfiycsUxZI1-eB3YuZaFGSFL8Jw1T3VHe/s640/Screen+Shot+2016-06-03+at+23.02.10.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">The
installation will start as follows.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
51</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgClKVdUhtI7OcKtt8hH8KWUCnuJIU3XCBHr8kM52jbasWq2LeP6vFeVaV7XXfRcoyQTZDhRuoUmUuVqK1kdyAmh8ytGUjDZcABhj-2O2hGxCG_MtqFQFW6uCMnlNsBj-mF2PXmTB3cKPlf/s1600/Screen+Shot+2016-06-03+at+23.02.18.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgClKVdUhtI7OcKtt8hH8KWUCnuJIU3XCBHr8kM52jbasWq2LeP6vFeVaV7XXfRcoyQTZDhRuoUmUuVqK1kdyAmh8ytGUjDZcABhj-2O2hGxCG_MtqFQFW6uCMnlNsBj-mF2PXmTB3cKPlf/s640/Screen+Shot+2016-06-03+at+23.02.18.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Once
the installer has finished copying the files to the virtual hard
disk, the “Configure the package manger” screen will display.
Select “Yes” in response to “use a network mirror?” then
click Continue.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
52</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsyyw09ZH_Zo-1SXy86OPjcgeiPd999s8PVSpriV5nl85Qxew3xCSklHLUNW203HhVWUtXxbEjj-PJqSUVRtfqMpYChsgWmbuL9HOIdr9XyDt06ncjJ8hgEQgYw1hVeYbfIZcIRYBct7kg/s1600/Screen+Shot+2016-06-03+at+23.24.01.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsyyw09ZH_Zo-1SXy86OPjcgeiPd999s8PVSpriV5nl85Qxew3xCSklHLUNW203HhVWUtXxbEjj-PJqSUVRtfqMpYChsgWmbuL9HOIdr9XyDt06ncjJ8hgEQgYw1hVeYbfIZcIRYBct7kg/s640/Screen+Shot+2016-06-03+at+23.24.01.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">In
this next screen, leave the proxy information blank and click
Continue.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
53</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMpOcMPvNJHvRDOJh2tP4UvwZw6Y1DdS6vm61yF8TILs-xS3Nc_XYt8rRMG4tyhu-N_Ude8DF7AgXUom8wgZc5xwzd3afSh9GplJi9wIuKXfa6CQaKiAfdP8swA35wv-u9SsWqCgQoMyBr/s1600/Screen+Shot+2016-06-03+at+23.24.19.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMpOcMPvNJHvRDOJh2tP4UvwZw6Y1DdS6vm61yF8TILs-xS3Nc_XYt8rRMG4tyhu-N_Ude8DF7AgXUom8wgZc5xwzd3afSh9GplJi9wIuKXfa6CQaKiAfdP8swA35wv-u9SsWqCgQoMyBr/s640/Screen+Shot+2016-06-03+at+23.24.19.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">The
package manager will now be setup.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
54</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAYNCnWt5sbsXJxrCQ6IZLChwSl37dhY7Issuh8EiB1iaEmlZzVXCtrmxSxbaoXIBMXcH1TsThQjXQ_jK6GfDAIEStGuSo6Wjz_lhTopcHlq6WnonY4xCVH-P5IuYB9aQcRWZvsMn3vSPu/s1600/Screen+Shot+2016-06-03+at+23.24.29.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAYNCnWt5sbsXJxrCQ6IZLChwSl37dhY7Issuh8EiB1iaEmlZzVXCtrmxSxbaoXIBMXcH1TsThQjXQ_jK6GfDAIEStGuSo6Wjz_lhTopcHlq6WnonY4xCVH-P5IuYB9aQcRWZvsMn3vSPu/s640/Screen+Shot+2016-06-03+at+23.24.29.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Once
this is done, the GRUB boot loader installation options will appear.
Select “Yes” to installing the GRUB boot loader to the master
boot record then click Continue.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
55</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyF2xkwAYFuBmpzJy4tW6VJpXrpE3a2Zts-b3XxCKAXOPLr9RTqJPwa87gnvbGNG4UX5NJjceFZnXVEDYch0cGQyDgOS6Pr8DIev5f1q6XGScd51aVdEeUiWo4zF1l6MKRN69ZJPxXjijy/s1600/Screen+Shot+2016-06-03+at+23.25.49.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyF2xkwAYFuBmpzJy4tW6VJpXrpE3a2Zts-b3XxCKAXOPLr9RTqJPwa87gnvbGNG4UX5NJjceFZnXVEDYch0cGQyDgOS6Pr8DIev5f1q6XGScd51aVdEeUiWo4zF1l6MKRN69ZJPxXjijy/s640/Screen+Shot+2016-06-03+at+23.25.49.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">The
GRUB bootloader installation will then ask what disk to install GRUB
to. Selct the disk containing the text “VBOX_HARDDISK” then click
continue.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
56</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRDA2eqGR3eFa0wMd4U6oRW8qc3VLpY_81RJ3WpEN7CHLgaByWFXsZn2QEr7kijaPHoqS9Vgcdwy3Gh5SCb6423q3UViTmKPpVjZI26dy79wbAFk2M5Fi6zedTziB26bD4Ou32gN3UK4Bh/s1600/Screen+Shot+2016-06-03+at+23.26.00.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRDA2eqGR3eFa0wMd4U6oRW8qc3VLpY_81RJ3WpEN7CHLgaByWFXsZn2QEr7kijaPHoqS9Vgcdwy3Gh5SCb6423q3UViTmKPpVjZI26dy79wbAFk2M5Fi6zedTziB26bD4Ou32gN3UK4Bh/s640/Screen+Shot+2016-06-03+at+23.26.00.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">The
installation will then finish as follows.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
57</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZJFZKh2eETq5FH_6JWUDhPaNoFtTfEOBq0o9xKbMsJLJyeliGxIfYWYp7deDjzcp3i4TNawVowERscn4W8W4yKC3sSIj2vK1zoS_33h1x-d1ljS16tAgLO7rr1ZXxgv0P23xnXyWFHtKd/s1600/Screen+Shot+2016-06-03+at+23.26.17.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZJFZKh2eETq5FH_6JWUDhPaNoFtTfEOBq0o9xKbMsJLJyeliGxIfYWYp7deDjzcp3i4TNawVowERscn4W8W4yKC3sSIj2vK1zoS_33h1x-d1ljS16tAgLO7rr1ZXxgv0P23xnXyWFHtKd/s640/Screen+Shot+2016-06-03+at+23.26.17.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-size: normal;">Once
the installation is complete the system will show the following
screen. Click Continue to finish the remaining install and restart.</span></span></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
58</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4vIpe-m68cnuJFP7xuMEBNDsDB0S37kgs15uen2MiRubVeyZ4pf0yn5q8FWeE_u9yErPZTJk5n4EMbjtQ4nZyDWAmZW7_gCi1SsAoW6qYSH9Af2XU2I412t6qHPHmiUUyxf0g7IWncDy0/s1600/Screen+Shot+2016-06-03+at+23.26.49.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="528" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4vIpe-m68cnuJFP7xuMEBNDsDB0S37kgs15uen2MiRubVeyZ4pf0yn5q8FWeE_u9yErPZTJk5n4EMbjtQ4nZyDWAmZW7_gCi1SsAoW6qYSH9Af2XU2I412t6qHPHmiUUyxf0g7IWncDy0/s640/Screen+Shot+2016-06-03+at+23.26.49.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Once
the restart is complete you should see the login screen. Enter “root”
in the Username field and hit Enter.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
59</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9xi5xl6QOTZJJnU7q99UbuZb-nat48r6TJCq8_gU3PpTlLM5OOWav86RvROAx6jbeJZ_Je4FoYG0EoqiENVP1Xq1yo4bPbUcu-jmLEsZdNYxrAfvg3IeDQH4kDd40-DScqNnhXHOsgx0Y/s1600/Screen+Shot+2016-06-03+at+23.29.06.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="450" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9xi5xl6QOTZJJnU7q99UbuZb-nat48r6TJCq8_gU3PpTlLM5OOWav86RvROAx6jbeJZ_Je4FoYG0EoqiENVP1Xq1yo4bPbUcu-jmLEsZdNYxrAfvg3IeDQH4kDd40-DScqNnhXHOsgx0Y/s640/Screen+Shot+2016-06-03+at+23.29.06.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Enter
the root password you set earlier into the Password field and hit
Enter (or click “Sign In”).</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Screenshot
60</span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheH-9dRnf7cm488ZEa5rdnkCyFg6AEjKj0bkvKbQxH_-BsdSMQTtin8FA8RxApzRZM5GaLKnsX1SR2Nh79dl40P1VqUWPD_VffDbcKbWkJLyk0ml_Yv5UZEI4VRGdZliuRxHCELMep_83V/s1600/Screen+Shot+2016-06-03+at+23.29.27.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="450" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheH-9dRnf7cm488ZEa5rdnkCyFg6AEjKj0bkvKbQxH_-BsdSMQTtin8FA8RxApzRZM5GaLKnsX1SR2Nh79dl40P1VqUWPD_VffDbcKbWkJLyk0ml_Yv5UZEI4VRGdZliuRxHCELMep_83V/s640/Screen+Shot+2016-06-03+at+23.29.27.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">You
should now be logged in and able to se your Kali Linux desktop. There
is some more configuration to go yet.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;"><br /></span></span></span></span></span></strong></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg31x9C8BL7YGQOdMM3vt4kZF7HWW-IJAHpk6yjEYNEMXN-Iun_sxh10zm_atCH0leoMKrZ4fOncdSKeJHI1OxbjPxiiT1H3MFHau5G3GKCAO5Yw4NMEPpFyo0Ph8CN0p56Kan3GCYat7g2/s1600/Screen+Shot+2016-06-03+at+23.29.49.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="450" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg31x9C8BL7YGQOdMM3vt4kZF7HWW-IJAHpk6yjEYNEMXN-Iun_sxh10zm_atCH0leoMKrZ4fOncdSKeJHI1OxbjPxiiT1H3MFHau5G3GKCAO5Yw4NMEPpFyo0Ph8CN0p56Kan3GCYat7g2/s640/Screen+Shot+2016-06-03+at+23.29.49.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;"><br /></span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">For
the next part of the setup we're going to use the Terminal. Open the
Kali Linux Terminal and run the following commands:</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<ul>
<li><div style="margin-bottom: 0cm;">
<span style="font-family: "courier new" , "courier" , monospace;">apt-get
update</span></div>
</li>
<li><div style="margin-bottom: 0cm;">
<span style="font-family: "courier new" , "courier" , monospace;">apt-get
dist-upgrade -y</span></div>
</li>
<li><div style="margin-bottom: 0cm;">
<span style="font-family: "courier new" , "courier" , monospace;">apt-get
install dkms linux-source linux-headers-$(uname -r)</span></div>
</li>
</ul>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Restart
the virtual machine and login. Once at the desktop select the
VirtualBox “Devices” menu and then the “Insert Guest Additions
CD Image...” item.</span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Screenshot
61</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgED1DtVaqFYMTMXYfVk2hQY1aBCSGtw6qb3icl-DTj7BPJ1e20IHgj0I0xCQpkA3u9nxUtUe_9cyRgPUxfMqf7albF51whMCNZ6PUuiafFUX8vka2LoLKwRmu7VBNl42Gc76foEj1bnlue/s1600/Screen+Shot+2016-06-03+at+23.30.11.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="442" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgED1DtVaqFYMTMXYfVk2hQY1aBCSGtw6qb3icl-DTj7BPJ1e20IHgj0I0xCQpkA3u9nxUtUe_9cyRgPUxfMqf7albF51whMCNZ6PUuiafFUX8vka2LoLKwRmu7VBNl42Gc76foEj1bnlue/s640/Screen+Shot+2016-06-03+at+23.30.11.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">The
CD will autoload and if so, then Cancel the autoloader.</span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Screenshot
62</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_M5BWAqBw55G5LCAIgt31oC0kiQRiRa2N33Tn2efRpnDzC5aC6NbQsjM1-XQ8Xl9r4jw6GjwD1EuKeePzrT-HJ292Sf_TthDTclZ0OBGGIIGjUwasnnsbDSdpQtSadzbyQ25bAL1AwNDZ/s1600/Screen+Shot+2016-06-03+at+23.30.44.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "arial" , "helvetica" , sans-serif;"><img border="0" height="450" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_M5BWAqBw55G5LCAIgt31oC0kiQRiRa2N33Tn2efRpnDzC5aC6NbQsjM1-XQ8Xl9r4jw6GjwD1EuKeePzrT-HJ292Sf_TthDTclZ0OBGGIIGjUwasnnsbDSdpQtSadzbyQ25bAL1AwNDZ/s640/Screen+Shot+2016-06-03+at+23.30.44.png" width="640" /></span></a></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;">Return
to the Kali Linux terminal to run the following commands (as root):</span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<ul>
<li><div style="margin-bottom: 0cm;">
<span style="font-family: "courier new" , "courier" , monospace;">cd
/media/cdrom</span></div>
</li>
<li><div style="margin-bottom: 0cm;">
<span style="font-family: "courier new" , "courier" , monospace;">cp
VBoxLinuxAdditions.run /root/</span></div>
</li>
<li><div style="margin-bottom: 0cm;">
<span style="font-family: "courier new" , "courier" , monospace;">chmod
775 /root/VBoxLinuxAdditions.run /root/</span></div>
</li>
<li><div style="margin-bottom: 0cm;">
<span style="font-family: "courier new" , "courier" , monospace;">cd
~</span></div>
</li>
<li><div style="margin-bottom: 0cm;">
<span style="font-family: "courier" , monospace;"><strong><span style="color: black;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "courier new" , "courier" , monospace; font-weight: normal;">./VboxLinuxAdditions.run</span></span></span></span></strong></span></div>
</li>
</ul>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Once
the VboxLinuxAddtiona.run file has completed its execution, restart
the virtual machine. We'll now complete the Kali Linux setup by
assigning the DHCP server to the vboxnet0 facing Kali Linux host
interface. Run the following command in the Terminal to open the
network interface configuration file:</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<ul>
<li><div style="margin-bottom: 0cm;">
<span style="font-family: "courier" , monospace;"><strong><span style="color: black;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "courier new" , "courier" , monospace; font-weight: normal;">#vi
/etc/network/interfaces</span></span></span></span></strong></span></div>
</li>
</ul>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Then
insert the following lines and write and quit (“i” to insert; esc
then :wq to write changes to disk and quit vi):</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "courier" , monospace;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "courier new" , "courier" , monospace; font-weight: normal;">#
The host-only network interface</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "courier" , monospace;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "courier new" , "courier" , monospace; font-weight: normal;">auto
eth1</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "courier" , monospace;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "courier new" , "courier" , monospace; font-weight: normal;">iface
eth1 inet dhcp</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Restart
networking by running he following command:</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<ul>
<li><div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "courier" , monospace;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "courier new" , "courier" , monospace; font-weight: normal;">service
networking restart</span></span></span></span></span></strong></div>
</li>
</ul>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Restart
the virtual machine. You have now successfully and fully installed
your Kali Linux host. Now to see if we can connect the Kali host to
the Metasploitable 2 Linux Host (prebuilt through use of the
previously downloaded VMDK image file).</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-style: normal;"><b>6.
Checking Connectivity between the two Virtual Hosts</b></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Open
the Terminal on the Metasploitable Linux host (by the way the
username is msfadmin and the password is msfadmin) and type:</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<ul>
<li><div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "courier" , monospace;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "courier new" , "courier" , monospace; font-weight: normal;">ifconfig
-a</span></span></span></span></span></strong></div>
</li>
</ul>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">You
should be able to see a 192.168.56.XXX address (mine is
192.168.56.150). This is the address we are going to ping from the
Kali Linux host.</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">Open
the Terminal on the Kali Linux host and ping the Metasploitable 2
Linux host IP address using:</span></span></span></span></span></strong></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<ul>
<li><div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "courier" , monospace;"><span style="font-size: normal;"><span style="font-style: normal;"><span style="font-family: "courier new" , "courier" , monospace; font-weight: normal;">ping
192.168.56.150 -c 10</span></span></span></span></span></strong></div>
</li>
</ul>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span></div>
<span style="font-family: "arial" , "helvetica" , sans-serif;"><br /></span>
<br />
<div style="margin-bottom: 0cm;">
<strong><span style="color: black;"><span style="font-family: "times new roman" , serif;"><span style="font-size: normal;"><span style="font-family: "arial" , "helvetica" , sans-serif; font-weight: normal;">If
the ping command pings and comes back with 10 packets received then
we're in business. Congratulations you have now completed the Setting
Up a Basic Pen Testing Environment Guide. You will now be able to use
this as an initial testing ground to practice and try out your
penetration testing skills.</span></span></span></span></strong></div>
Anonymoushttp://www.blogger.com/profile/04187070224885327258noreply@blogger.com0tag:blogger.com,1999:blog-5107295210321970559.post-65929541418109579132014-06-14T11:38:00.000-07:002014-06-14T11:38:07.664-07:00Key Selected Financial Services IT Regulatory RequirementsBelow is an incomplete list of key selected financial services IT regulatory requirements that should be considered when developing an IT risk and controls or assessing IT risks and controls. This list is by no means complete and I am working on a more comprehensive list and associated mappings that I will share in due course. I thought I'd share as I developed the list and I hope this is found to be useful. If anyone has any feedback or additional regulatory requirements they'd like to see in this list please let me know. This may be used as guidance but you should do your due diligence to ensure that you've looked at all the relevant regulations for your particular organisation.<br />
<br />
<div class="western" style="margin-bottom: 0cm;">
<b>Key IT risk and
control regulations and associated guidance as at June 2014</b></div>
<div class="western" style="margin-bottom: 0cm;">
<br />
</div>
<div class="western" style="margin-bottom: 0cm;">
<b>US</b></div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
<u>Sarbanes Oxley Act
2002 Section 404</u> (SOX 404)</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
States management
responsibility for establishing and maintaing “adequate” and
“effective” internal controls and this being independently
attested to annually. The controls in scope were historically
derived from the guidance from PCAOB AS2 which has now been
superseded by AS5 (see PCAOB in this article)</div>
</li>
</ul>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>Gramm-Leach-Bliley
Act of 1999</u> (GLBA)</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
Section 6801 and
section 6805 in Title 15 of the US Code applies the
Gramm-Leach-Bliley Act of 1999 (GLBA) to financial institutions
including Bank holding companies.
</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Section 501(a) of
the GLBA sets out the “Privacy obligation policy” which
requires that financial institutions have an obligation to respect
the privacy of its customers and to protect the security and
confidentiality of those customers’ nonpublic personal
information.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Section 501(b) of
the GLBA introduced the “Financial Institutions Safeguards”
requirement that requires financial institutions implement
administrative, technical, and physical safeguards to ensure the
confidentially, security and integrity of customer information</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Further guidance
as to how to establish these safeguards is provided by CFR
Regulation Y - Appendix F to Part 225 - Interagency Guidelines
Establishing Information Security Standards. These guidelines were
developed by the Member agencies of the Federal Financial
Institutions Examination Council (FFIEC). The FFIEC published
examination handbooks that apply to the examination of a financial
institution's operations and all related data, and serves as a
supplement to the agencies' GLBA 501 expectations</div>
</li>
</ul>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>FFIEC IT
Examination Handbooks</u></div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
The FFIEC IT
Examination Handbooks cover examinations of IT controls pertaining
to Audit, Business Continuity Planning, Development and
Acquisition, E-Banking, Information Security, Management,
Operations, Outsourcing Technology Services, Retail Payment
Systems, Supervision of Technology Service Providers (TSP) and
Wholesale Payment Systems.
</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
These handbooks
define a number of IT controls along with supplementary guidance
such as referencing Cobit and ISO 27002 as external guidance in the
IT Handbook for Information Security.</div>
</li>
</ul>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>FINRA Rule
1230(b)(6)</u> stipulates that senior management or their designated
persons are responsible for covered operations which includes:</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
At Rule
1230(b)(6)(xiii) definition and approval of sales and trading
systems and other systems related to FINRA covered functions and
validation that these systems meet the defined and approved
business requirements.
</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
At Rule
1230(b)(6)(xiv) definition and approval of business security
requirements and policies for information technology, including,
but not limited to, systems and data, related to covered functions;
and
</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
At Rule
1230(b)(6)(xv) definition and approval of information entitlement
policies relating to covered functions;
</div>
</li>
</ul>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>PCAOB Auditing
Standard 5</u> “An Audit of Internal Control Over Financial Reporting
That Is Integrated with An Audit of Financial Statements”
</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
Provides guidance
to auditors in attesting to a companies internal controls including
IT specifically recommending the auditor should understand how IT
affects the company's flow of transactions and apply paragraph 29
and Appendix B of Auditing Standard No. 12, Identifying and
Assessing Risks of Material Misstatement. These standards are
primary standards used in undertaking assessments of internal
controls in the US.</div>
</li>
</ul>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>Office of the
Comptroller for the Currency Bulletins</u> (OCC)</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
OCC Bulletin
2013-29 (October 2013) provides risks management guidance with
respect to third party relationships including coverage of the
topics of information security, management of information systems
and reslience. The OCC “expects” that banks monitor third
parties as an ongoing process and that this should include
“information technology used for the management of information
systems” and “the ability to respond to and recover from
service disruptions or degradations and meet business resilience
expectations”</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
OCC Bulletin
2006-39 requires that information security and data protection be
maintained for Automated Clearing Houses (ACHs)</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
OCC Bulletin
2008-16 (May 2008) “expands” on the FFIEC Handbook on
Information Security and Development and Acquisition by “reminding”
banks and their technology service providers that all applications
whether internally developed, vendor acquired or contracted for,
should be subject to appropriate security assessment and mitigation
processes. The key factors this issuance outlines that should be
considered are:</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
Accessibility of
the application via the internet</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Whether the
application processes or provides access to sensitive data</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
How the
application is developed (in-house, vendor acquired or contracted
for)</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Extent that
security practices are used in the application's development
process</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Existence of an
effective on-going vulnerability management process</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Existence of
periodic independent application security assurance</div>
</li>
</ul>
</li>
</ul>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>Federal Reserve
Guidance on Managing Outsourcing Risk</u> (December 2013)</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>Health Insurance
Portability and Accountability Act 1996 </u>(HIPAA) requires that a
person who maintains or transmits health information is required to
maintain reasonable and appropriate administrative, technical and
physical safeguards to ensure the integrity and confidentiality of
that information.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>Dodd-Frank Wall
Street Reform and Consumer Protection Act </u>(Dodd-Frank Act) Stress
Tests (DFASTs) and the Federal Reserve's Comprehensive Capital
Analysis and Review (CCAR) stress tests. The Dodd-Frank Act and
Federal Reserve Board requires that effective systems and controls
are maintained to provide accurate and reliable reporting required
for these annual stress tests returns.</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
Section 165(i)(2)
of the Dodd-Frank Act requires national banks and federal savings
associations with total consolidated assets of over $10b to conduct
an annual stress test. The stress test rule 12 CFR 46
</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
The FRB also
requires annual CCAR Stress Tests</div>
</li>
</ul>
</li>
</ul>
<div class="western" style="margin-bottom: 0cm;">
<br />
</div>
<div class="western" style="margin-bottom: 0cm;">
<b>UK</b></div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
<u>Combined FCA and
PRA Prudential Handbook</u></div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
PRIN 2.1
Principle 2 - Skill, care and diligence: A firm must conduct its
business with due skill, care and diligence.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
PRIN 2.1
Principle 3 - Management and control: A firm must take reasonable
care to organise and control its affairs responsibly and
effectively, with adequate risk management systems.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Rule SYSC 3.1.1 R
requires that a firm must take reasonable care to establish and
maintain such systems and controls as are appropriate to its
business and that per guidance 3.1.2 G (2) the firm should
regularly review these systems and controls.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Rule SYSC 3.1.6 R
requires a firm take reasonable care to establish and maintain
effective systems and controls for compliance with applicable
requirements and standards under the regulatory system and for
countering the risk that the firm might be used to further
financial crime. Furthermore rule 3.2.6C R requires these systems
and controls are regularly reviewed.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
SYSC 3.2.5 G
states that where it is made possible and appropriate by the
nature, scale and complexity of its business, a firm should
segregate the duties of individuals and departments in such a way
as to reduce opportunities for financial crime or contravention of
requirements and standards under the regulatory system. For
example, the duties of front-office and back-office staff should be
segregated so as to prevent a single individual initiating,
processing and controlling transactions.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
SYSC 3.2.7 G (1)
states that depending on the nature, scale and complexity of its
business, it may be appropriate for a firm to have a separate
compliance function. The organisation and responsibilities of a
compliance function should be documented. A compliance function
should be staffed by an appropriate number of competent staff who
are sufficiently independent to perform their duties objectively.
It should be adequately resourced and should have unrestricted
access to the firm's relevant records as well as ultimate recourse
to its governing body.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
SYSC 3.2.11A G
(2) outlines risks of regulatory concern being those that relate to
the fair treatment of the firm's customers, to the protection of
consumers, to effective competition and to the integrity of the UK
financial system. Risks which are relevant to the integrity of the
UK financial system include risks which relate to its soundness,
stability and resilience and to the use of the system in connection
with financial crime.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
SYSC 3.2.15 G
sates that a firm should have an audit committee</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
SYSC 3.2.19 G
sates that a firm should have appropriate business continuity
arrangements in place</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Rule SYSC 3.2.20
R (1) requires that a firm take reasonable care to make and retain
adequate records of matters and dealings (including accounting
records) which are the subject of requirements and standards under
the regulatory system. Guidance at 3.2.21 G states A firm should
have appropriate systems and controls in place to fulfil the firm's
regulatory and statutory obligations with respect to adequacy,
access, periods of retention and security of records. The general
principle is that records should be retained for as long as is
relevant for the purposes for which they are made.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Rule SYSC 4.1.1 R
(1) requires that a (1) A firm must have robust governance
arrangements, which include a clear organisational structure with
well defined, transparent and consistent lines of responsibility,
effective processes to identify, manage, monitor and report the
risks it is or might be exposed to, and internal control
mechanisms, including sound administrative and accounting
procedures and effective control and safeguard arrangements for
information processing systems.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
SYSC 4.1.4 R
requires that a firm must, taking into account the nature, scale
and complexity of the business of the firm, and the nature and
range of the financial services and activities undertaken in the
course of that business. The rule goes on to include governance and
management reporting and internal controls for all areas of the
firm (that includes IT).</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
SYSC 4.1.5 R
requires that a MiFID investment firm and a management company must
establish, implement and maintain systems and procedures that are
adequate to safeguard the security, integrity and confidentiality
of information, taking into account the nature of the information
in question.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
SYSC 4.1.6 R
requires that a common platform firm must take reasonable steps to
ensure continuity and regularity in the performance of its
regulated activities. To this end the common platform firm must
employ appropriate and proportionate systems, resources and
procedures.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
SYSC 4.1.7 R
requires that a common platform firm and a management company must
establish, implement and maintain an adequate business continuity
policy aimed at ensuring, in the case of an interruption to its
systems and procedures, that any losses are limited, the
preservation of essential data and functions, and the maintenance
of its regulated activities, or, in the case of a management
company, its collective portfolio management activities, or, where
that is not possible, the timely recovery of such data and
functions and the timely resumption of those activities.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
SYSC 4.1.7A G
guidance states that other firms should take account of the
business continuity rules (SYSC 4.1.6 R and 4.1.7 R) as if they
were guidance (and as if "should" appeared in those rules
instead of "must") as explained in SYSC 1 Annex 1.3.3 G.
Guidance at SYSC 4.1.8 G highlights that systems and IT process
would be included in the requirements of SYSC 4.1.7 R.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
SYSC 4.1.9 R
requires the timely delivery of accounting reports including
financial statements compliant with accounting standards. This
necessarily requires availability of accounting information
systems.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
SYSC 4.1.10 R
requires that A common platform firm and a management company7 must
monitor and, on a regular basis, evaluate the adequacy and
effectiveness of its systems, internal control mechanisms and
arrangements established in accordance with SYSC 4.1.4 R to SYSC
4.1.9 R and take appropriate measures to address any deficiencies.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
SYSC 4.1.13 G
states that firms should also consider the additional guidance on
risk-centric governance arrangements for effective risk management
contained in SYSC 21 G SYSC 21.1 provides guidance on risk
governance and control arrangements.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
SYSC 13 provides
rules and guidance for insurers on operational risk systems and
controls. Specifically, SYSC 13.7.6 G states that a firm should
establish and maintain appropriate systems and controls for the
management of its IT system risks.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
SYSC 14 provides
further guidance for insurers with respect to he establishment and
maintenance of systems and controls for the management of a firm's
prudential risks</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
SYSC 6.1.1 R and
SYSC 6.1.2 R require that a firm must establish, implement and
maintain adequate policies and procedures sufficient to ensure
compliance of the firm including its managers, employees and
appointed representatives (or where applicable, tied agents) with
its obligations under the regulatory system and for countering the
risk that the firm might be used to further financial crime.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
6.2.1 R requires
firms to setup an independent internal audit function responsible
for evaluating the adequacy and effectiveness of internal controls</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
SYSC 7.1.2 R
requires that common platform firms implement risk management
policies and procedures including effective risk assessment
procedures to identify risks relating to activities, processes and
systems. SYSC 7.2.3 G advises that other firms should also apply
SYSC 7.1.2 R.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
SYSC 7.1.5 R,
SYSC 7.1.6 R and SYSC 7.1.7 R require a common platform firm to
monitor the adequacy, effectiveness and compliance level for its
internal controls along with any remediation to achieve adequacy,
effectiveness and compliance.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
SYSC 7.1.7A G
advises that the SYSC 7.1.5 R, SYSC 7.1.6 R and SYSC 7.1.7 R should
apply to all firms.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
7.1.16 R requires
that a BIPRU firm must implement policies and processes to evaluate
and manage the exposure to operational risk, including to
low-frequency high severity events. Without prejudice to the
definition of operational risk, BIPRU firms must articulate what
constitutes operational risk for the purposes of those policies and
procedures.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
7.1.17 R, 7.1.18
R and 7.1.21 R require that a CRR firm establish a risk management
function, framework and committee.
</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
SYSC 8.1
stipulates requirements and guidance for managing risks associated
with outsourcing. This section also makes it clear that the firm
remains fully responsible for discharging all of its obligations
under the regulatory system.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
9.1.1 R A firm
must arrange for orderly records to be kept of its business and
internal organisation, including all services and transactions
undertaken by it, which must be sufficient to enable the
appropriate regulator or any other relevant competent authority
under MiFID or the UCITS Directive3 to monitor the firm's
compliance with the requirements under the regulatory system, and
in particular to ascertain that the firm has complied with all
obligations with respect to clients.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
9.1.2 R A common
platform firm 4must retain all records kept by it under this
chapter in relation to its MiFID business for a period of at least
five years.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
9.1.3 R In
relation to its MiFID business, a common platform firm must retain
records in a medium that allows the storage of information in a way
accessible for future reference by the appropriate regulator or any
other relevant competent authority under MiFID, and so that the
following conditions are met:</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
(1) the
appropriate regulator or any other relevant competent authority
under MiFID must be able to access them readily and to
reconstitute each key stage of the processing of each transaction;</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
(2) it must be
possible for any corrections or other amendments, and the contents
of the records prior to such corrections and amendments, to be
easily ascertained;</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
(3) it must not
be possible for the records otherwise to be manipulated or
altered.</div>
</li>
</ul>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
SYSC 9.1.5 G In
relation to the retention of records for non-MiFID business, a firm
should have appropriate systems and controls in place with respect
to the adequacy of, access to, and the security of its records so
that the firm may fulfil its regulatory and statutory obligations.
With respect to retention periods, the general principle is that
records should be retained for as long as is relevant for the
purposes for which they are made.</div>
</li>
</ul>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>Data Protection
Act 1998</u> requires that organisations keep personal information
confidential and apply the 8 data protection principles.
Particularly principle 7 requires that appropriate technical and
organisational measures shall be taken against unauthorised or
unlawful processing of personal data and against accidental loss or
destruction of, or damage to, personal data.</div>
</li>
</ul>
<div class="western" style="margin-bottom: 0cm;">
<br />
</div>
<div class="western" style="margin-bottom: 0cm;">
<b>European Union</b></div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
<u>EU Data Protection
Directive 95/46/EC </u>(proposed to be superseded in 2014 by the General
Data Protection Regulation)</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>Directive
2002/95/EC</u> (issued 2003) on the Restriction of the use of certain
Hazardous Substances in electrical and electronic equipment (RoHs).
This rlates to the use and disposal of certain IT infrastructure
that contains hazardous substances.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>MiFID (Directive
2004/39/EC)</u> Article 13 Operational Requirements require that an
investments firm establish and maintain an effective governance and
controls relating to its operations including information processing
and ensure effective controls and safeguard arrangements for
information processing systems.
</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>Directive
2006/73/EC</u> implements the 2004 MiFID directive and with Article 5 –
General Organisational Requirements (1)(c) stating that “Member
States shall require investment firms to comply with the following
requirements: to establish, implement and maintain adequate
internal control mechanisms designed to secure compliance with
decisions and procedures at all levels of the investment
firm”.
Additionally (5) states “Member States shall require investment
firms to monitor and, on a regular basis, to evaluate the adequacy
and effectiveness of their systems, internal control mechanisms and
arrangements established in accordance with paragraphs 1 to 4, and
to take appropriate measures to address any deficiencies.”</div>
</li>
</ul>
<div class="western" style="margin-bottom: 0cm;">
<br />
</div>
<div class="western" style="margin-bottom: 0cm;">
<b>Japan</b></div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
<u>Financial
Instruments and Exchange Act 2006 (J-SOX)</u></div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
Article 24-4-4(1)
Requires an internal control report to be provided</div>
</li>
</ul>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>Part 5 of the
Japan FSA “Inspection Manual for Financial Instruments Business
Operators” </u>deals specifically with a company's IT Risk Management
System. The scope of this guidance is IT risk management policy
development specifically mentioning information security policy and
IT outsourcing policy development. IT also pertains to IT operations
and systems development or acquisition.</div>
</li>
</ul>
<div class="western" style="margin-bottom: 0cm;">
<br />
</div>
<div class="western" style="margin-bottom: 0cm;">
<b>Canada</b></div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
<u>Bill 198
2002 (C-SOX) </u>enforced by the Canadian Securities Administrators (CSA) and
Multilateral Instrument MI 52-109. MI 52-109 requires the CEO and
CFO personally certify that they have designed, or supervised the
design of, internal controls and that those controls provide
reasonable assurance that the financial statements are fairly
presented and comply with generally accepted accounting principles
(GAAP) and that these were operating effectively over the relevant
reporting period.</div>
</li>
</ul>
<div class="western" style="margin-bottom: 0cm;">
<br />
</div>
<div class="western" style="margin-bottom: 0cm;">
<b>Australia</b></div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
<u>CLERP9 2004</u></div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>Privacy Act
</u> requires that personally identifying information be kept
confidential by organisations processing such information.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Office of the
Australian Information Commissioner defines a set of <u>Australian
Privacy Principles </u>(APPs) that should be complied with</div>
</li>
</ul>
<div class="western" style="margin-bottom: 0cm;">
<br />
</div>
<div class="western" style="margin-bottom: 0cm;">
<b>Singapore</b></div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
<u>Monetary Authority of Singapore (MAS) “Technology
Risk Management Notices” </u>outlined in the MAS TRM Notices FAQ A1</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
MAS Technology
Risk Management guidelines 21 June 2013 and associated checklist</div>
</li>
</ul>
</li>
</ul>
<div class="western" style="margin-bottom: 0cm;">
<br />
</div>
<div class="western" style="margin-bottom: 0cm;">
<b>Hong Kong</b></div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
<u>HKMA Supervisory
Policy Manual</u> module “General Principles for Technology Risk
Management”</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
HKMA Supervisory
Policy Manual module “Supervision of E-Banking”</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
HKMA Supervisory
Policy Manual module “Business Continuity Planning”</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>SFC (16 March 2010
Circular)</u></div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>Personal Data
(Privacy) Ordinance</u></div>
</li>
</ul>
<div class="western" style="margin-bottom: 0cm;">
<br />
</div>
<div class="western" style="margin-bottom: 0cm;">
<b>International
Guidance</b></div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
<u>COSO Internal
Control - Integrated Framework May 2013</u> defines Internal control as
consisting of five integrated components that apply to the
“operations, reporting and compliance” objectives for the four
levels within the organisation “Entity level, Division, Operating
Unit and Function”. These are:</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
Control
Environment – covers setting up control structures,
responsibilities and accountabilities</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Risk Assessment –
covers ensuring the is an adequate and effective risk management
system</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Control
Activities – has a specific objective 11 that states: “The
organization selects and develops general control activities over
technology to support the achievement of objectives.” and at
objective 12 “The organization deploys control activities through
policies that establish what is expected and procedures that put
policies into action.”</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Information and
Communication – relates to ensuring that there is information
captured to report on the adequacy and effectiveness of internal
control and that this is communicated to appropriate management</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Monitoring
Activities – provides guidance that organisations will monitor
their internal controls to ensure they are “present and
functioning” and that deficiencies are remediated appropriately</div>
</li>
</ul>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>COSO Enterprise
Risk Management (ERM) 2014</u></div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>Cobit 5</u> is an
umbrella IT Risk and Control Framework that encompasses almost all
the regulatory requirements and better practices relating to IT.
Cobit 5 consists of 1,111 control activities that map to 210 control
practices that map to 37 control processes split under 5 control
domains. The five domains are:</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
EDM – Evaluate,
Direct and Monitor – This comprises the governance activities</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
APO – Align,
Plan and Organise – This comprises higher level IT management
activities</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
BAI – Build,
Acquire and Implement – This comprises systems acquisition and
development activities</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
DSS – Deliver,
Service and Support – This comprises it service management
activities</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
MEA – Monitor,
Evaluate and Assess – This comprises risk and control activities</div>
</li>
</ul>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>ITIL v3</u> published
in 2011 consists of 5 core areas:</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
Service Strategy</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
IT service
management</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Service
portfolio management</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Financial
management for IT services</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Demand
management</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Business
relationship management</div>
</li>
</ul>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Service Design</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
Design
coordination</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Service
Catalogue management</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Service level
management</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Availability
management</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Capacity
Management</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
IT service
continuity management</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Information
security management system</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Supplier
management</div>
</li>
</ul>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Service
Transition</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
Transition
planning and support</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Change
management</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Service asset
and configuration management</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Release and
deployment management</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Service
validation and testing</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Change
evaluation</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Knowledge
management</div>
</li>
</ul>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Service Operation</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
Event management</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Incident
management</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Request
fulfilment</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Problem
management</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Identity
management</div>
</li>
</ul>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Continual Service
Improvement</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
Identify the
strategy for improvement</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Define what you
will measure</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Gather the data</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Process the data</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Analyse the
information and data</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Present and use
the information</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Implement
improvement</div>
</li>
</ul>
</li>
</ul>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>ISO 27002:2005</u> –
Code of Practice for Information Security Management</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
Contains 39
control objectives and further guidance for the following security
domains:</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
(a) security
policy</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
(b) organisation
of information security</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
(c) asset
management</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
(d) human
resources security</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
(e) physical and
environmental security</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
(f)
communications and operations management</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
(g) access
control</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
(h) information
systems acquisition, development and maintenance</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
(i) information
security incident management</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
(j) business
continuity management; and</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
(k) compliance</div>
</li>
</ul>
</li>
</ul>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>ISO 27001:2005</u> –
Information Security Management System Requirements</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
Established the
“Plan-Do-Act-Check” model to establish, maintain, montior and
improve the Information Security Management System (ISMS)</div>
</li>
</ul>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>ISO 15408</u> –
Evaluation Criteria for Information Technology Security</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
Sets out the
“Common Criteria” for providing security assurance. Assurance
criteria are categorised into the following classes:</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
ACM –
Configuration management</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
ADO – Delivery
and operation</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
ADV –
Development</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
AGD – Guidance
documents</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
ALC – Life
cycle support</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
ATE – Tests</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
AVA –
Vulnerability assessment</div>
</li>
</ul>
</li>
</ul>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>ISO 38500</u> –
Corporate Governance of IT is based on 6 principles that each have
an “Evaluate”, “Direct” and “Monitor” dimension as with
the Cobit 5 EDM processes:</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
Responsibility</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Strategy</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Acquisition</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Performance</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Conformance</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
Human behaviour</div>
</li>
</ul>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>ISO 90003:2004</u> –
Software Engineering – Guidelines for the application of ISO
9001:2000 to computer software sets the standard for maintaining a
software development quality management systems to ensure that
software is developed to required quality standards.</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>Payment Card
Industry Data Security Standard (PCI DSS)</u> developed by the Payment
Cards Industry Standards Council (including American Express, Visa,
Mastercard, Discover and JCB). The “PCI DSS Requirements and
Security Assessment Procedures” published November 2013 contains
the requirements and associated test procedures and guidance.
</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
The standard
consists of 12 requirements categorised under the following 6
areas:</div>
<ul>
<li><div class="western" style="margin-bottom: 0cm;">
(1) Build and
maintain a secure network</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
(2) Protect
cardholder data</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
(3) Maintain a
vulnerability management program</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
(4) Implement
strong access control measures</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
(5) Regularly
monitor and test networks</div>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
(6) Maintain and
information security policy</div>
</li>
</ul>
</li>
</ul>
</li>
<li><div class="western" style="margin-bottom: 0cm;">
<u>International
Standard on Auditing 315 (ISA 315)</u> - Identifying and assessing the
risks of material misstatement through understanding the entity and
its environment requires an auditor in signing off the financial
statements requires that the auditor identify and assess the risks
of material misstatement, whether due to fraud or error, at the
financial statement and assertion levels, through understanding the
entity and its environment, including the entity’s internal
control. This assessment is to include the information systems and
technology involved in producing the financial reporting and
associated balances.</div>
</li>
</ul>
<div class="western" style="margin-bottom: 0cm;">
<br />
</div>
<div class="western" style="margin-bottom: 0cm;">
I am currently working
on a mapping document (which includes further expansion of these
jurisdictions and adding some others) that would provide the baseline
controls required to meet these regulatory obligations and then also
identify the further industry practice controls that would be
considered better practice. Please let me know if you know of further
regulations to add to this list and I will research these and add
them where appropriate. Watch this space...</div>
<div class="western" style="margin-bottom: 0cm;">
<br />
</div>
<br />
<div class="western" style="margin-bottom: 0cm;">
<br />
</div>
Anonymoushttp://www.blogger.com/profile/04187070224885327258noreply@blogger.com0tag:blogger.com,1999:blog-5107295210321970559.post-9717956951637063672014-06-08T05:29:00.002-07:002014-06-08T05:29:12.677-07:00Book Review: The Meaning of Things - A. C. Grayling<b>Title</b>: The Meaning of Things: Applying Philosophy to Life<br />
<b>Author</b>: A. C. Grayling<br />
<b>Publisher</b>: Phoenix 2002<br />
<b>ISBN</b>: 0-75381-359-9<br />
<br />
I've recently finished reading this book and thought I'd give a brief review to let others know about such an interesting read:<br />
<br />
Grayling has presented an eclectic yet related set of important topics in an easy to read and reference form. He ranges from "Virtues and Attributes", "Foes and Fallacies" and "Amenities and Goods". Grayling covers topics under "Virtues and Attributes" such as moralising, tolerance, civility, love and happiness. Under "Foes and Fallacies he covers such topical subjects as nationalism, racism, hate, revenge, faith, poverty and capitalism. Grayling finally ends the book by discussing points on reason, education, ambition, health, reading, memory, history and family under the heading of "Amenities and Goods".<br />
<br />
Grayling has approached the subject drawing from and citing many sources while still providing his own take on these matters. Grayling is opinionated (in a positive sense) and writes with a liveliness and wit that makes what he's saying spring from the page. Well worth the read if only to get you thinking on the subjects he's presented.Anonymoushttp://www.blogger.com/profile/04187070224885327258noreply@blogger.com0tag:blogger.com,1999:blog-5107295210321970559.post-73590264623828110802014-05-28T01:35:00.003-07:002014-05-28T01:35:10.448-07:00The importance of COSO and COBIT and some thoughts on implementationThe US Securities and Exchange Commission in its final rule relating to "Management's Report on Internal Control Over Financial Reporting and Certification of Disclosure in Exchange Act Periodic Reports" available at: <a href="http://www.sec.gov/rules/final/33-8238.htm#iib3a">http://www.sec.gov/rules/final/33-8238.htm#iib3a</a> states:<br />
<br />
<blockquote class="tr_bq">
"The COSO Framework satisfies our criteria and may be used as an evaluation framework for purposes of management's annual internal control evaluation and disclosure requirements. However, the final rules do not mandate use of a particular framework, such as the COSO Framework, in recognition of the fact that other evaluation standards exist outside of the United States,67 and that frameworks other than COSO may be developed within the United States in the future, that satisfy the intent of the statute without diminishing the benefits to investors"</blockquote>
<br />
In May 2013 COSO updated the COSO Framework with the SEC recognising this and subsequently advising at <a href="http://www.thecaq.org/docs/reports-and-publications/2013septembe25jointmeetinghls.pdf?sfvrsn=0">http://www.thecaq.org/docs/reports-and-publications/2013septembe25jointmeetinghls.pdf?sfvrsn=0</a>:<br />
<br />
<blockquote class="tr_bq">
"The staff indicated that the longer issuers continue to use the 1992 framework, the more likely they are to receive questions from the staff about whether the issuer’s use of the 1992 framework satisfies the SEC's requirement to use a suitable, recognised framework"</blockquote>
<br />
This guidance essentially states that users of the 1992 version of the framework will have to justify why they are using this instead of the 2013 Framework. This guidance also establishes COSO as the most recognised framework for internal control hence the reason why this framework has been adopted by most SEC filers.<br />
<br />
The 2013 COSO Framework was developed in combination with ISACA as a member of the COSO Advisory Council. ISACA maintain and publish the COBIT Framework (Control Objectives for IT) and have also published guidance that links the new May 2013 COSO Framework covering enterprise control to the new COBIT5 Framework covering IT control.<br />
<br />
<b>So what does this mean?</b> It means that for SEC filers internal and external auditors will likely use COSO and COBIT guidance to assess the adequacy of the filer's control environment and effectiveness of its controls. In my experience and the experience of a number of audit, risk and regulatory compliance professionals I have found this to be the case in practice.<br />
<br />
In practice I have not seen an organisation try and adopt the whole COSO or COBIT framework as it is, but rather I have seen that organisations have used these frameworks to undertake gap analyses of their respective current control environments and looked to COSO and COBIT for guidance as to how to fill these gaps.<br />
<br />
I have seen internal and external assurance professionals use COSO and COBIT as the basis for their assessments of the adequacy and effectiveness of organsisations' internal controls.<br />
<br />
Any control implementation or assurance activity based on these frameworks needs to be mindful that these frameworks are guidance and are purposely built to be generic. The key is understanding your organisation's value chain to your customer, regulatory environment and the risks to delivering this value or not complying with regulations and cultural norms and mores, then implementing a control framework that responds to these risks.Anonymoushttp://www.blogger.com/profile/04187070224885327258noreply@blogger.com0tag:blogger.com,1999:blog-5107295210321970559.post-36749135980123206012014-05-23T01:03:00.001-07:002014-05-23T01:03:38.734-07:00ICO Report: Protecting personal data in online services<span style="background-color: white; color: #333333; font-family: Arial, sans-serif; font-size: 13px; line-height: 17px;">A useful report from the ICO on data breaches drawn from their experience:</span><br />
<span style="color: #333333; font-family: Verdana, Arial, sans-serif; font-size: 12px; line-height: 17.24799919128418px;"><br /></span>
<span style="color: #333333; font-family: Verdana, Arial, sans-serif; font-size: 12px; line-height: 17.24799919128418px;">"The Information Commissioner’s Office (ICO) has published </span><a href="http://ico.org.uk/news/latest_news/2014/~/media/documents/library/Data_Protection/Research_and_reports/protecting-personal-data-in-online-services-learning-from-the-mistakes-of-others.pdf" style="color: #003768; font-family: Verdana, Arial, sans-serif; font-size: 12px; line-height: 17.24799919128418px;" target="_blank" title="Opens in new window">a new security report</a><span style="color: #333333; font-family: Verdana, Arial, sans-serif; font-size: 12px; line-height: 17.24799919128418px;"> highlighting eight of the most common IT security vulnerabilities that have resulted in organisations failing to keep people’s information secure."</span><br />
<span style="color: #333333; font-family: Verdana, Arial, sans-serif; font-size: 12px; line-height: 17.24799919128418px;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://ico.org.uk/news/latest_news/2014/~/media/documents/library/Data_Protection/Research_and_reports/protecting-personal-data-in-online-services-learning-from-the-mistakes-of-others.pdf"><img alt=" ICO Report" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjefjlknW1jDMg8XvRD0TuUuIavf3eNB1cX38EJ84-ms5AScypGA_gQ45gvbKd3of4k2hIU9DKa7l27AdTpiLblnKJSrxB85z3i2xK71VBO9qhTKZZy6qHJYB-pCoAM0akQ3ge8sIYhU9O_/s1600/Title.png" height="222" width="320" /></a></div>
<span style="color: #333333; font-family: Verdana, Arial, sans-serif; font-size: 12px; line-height: 17.24799919128418px;"><br /></span>
<span style="color: #333333; font-family: Verdana, Arial, sans-serif; font-size: 12px; line-height: 17.24799919128418px;">The ICO have highlighted the key eight areas that they have found result in data leakage:</span><br />
<br />
<ul>
<li><span style="color: #333333; font-family: Verdana, Arial, sans-serif; font-size: 12px; line-height: 17.24799919128418px;">Software updates </span></li>
<li><span style="color: #333333; font-family: Verdana, Arial, sans-serif; font-size: 12px; line-height: 17.24799919128418px;">SQL injection </span></li>
<li><span style="color: #333333; font-family: Verdana, Arial, sans-serif; font-size: 12px; line-height: 17.24799919128418px;">Unnecessary services </span></li>
<li><span style="color: #333333; font-family: Verdana, Arial, sans-serif; font-size: 12px; line-height: 17.24799919128418px;">Decommissioning of software or services </span></li>
<li><span style="color: #333333; font-family: Verdana, Arial, sans-serif; font-size: 12px; line-height: 17.24799919128418px;">Password storage </span></li>
<li><span style="color: #333333; font-family: Verdana, Arial, sans-serif; font-size: 12px; line-height: 17.24799919128418px;">Configuration of SSL and TLS </span></li>
<li><span style="color: #333333; font-family: Verdana, Arial, sans-serif; font-size: 12px; line-height: 17.24799919128418px;">Inappropriate locations for processing data </span></li>
<li><span style="color: #333333; font-family: Verdana, Arial, sans-serif; font-size: 12px; line-height: 17.24799919128418px;">Default credentials</span></li>
</ul>
<div>
<span style="color: #333333; font-family: Verdana, Arial, sans-serif;"><span style="font-size: 12px; line-height: 17.24799919128418px;">Appendix B also contains some interesting information on how long it takes to crack varying length and complexity passwords.</span></span></div>
<div>
<span style="color: #333333; font-family: Verdana, Arial, sans-serif;"><span style="font-size: 12px; line-height: 17.24799919128418px;"><br /></span></span></div>
<div>
<span style="color: #333333; font-family: Verdana, Arial, sans-serif;"><span style="font-size: 12px; line-height: 17.24799919128418px;">An extract is:</span></span></div>
<div>
<span style="color: #333333; font-family: Verdana, Arial, sans-serif;"><span style="font-size: 12px; line-height: 17.24799919128418px;"><br /></span></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8fibTVJ5yMfRCq0TtNQV9wgd7hcY_gw-IALfAaOSraNWhCbCzwSe74C7cx8M7Z7GoM-4udYyC3mnrplCtVz0UQvIt7hTjJasz2aw-BO9QyeqJmXl3He7JAVJyc8PzO7F_WY1K8NyXB-Vp/s1600/Cracking.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8fibTVJ5yMfRCq0TtNQV9wgd7hcY_gw-IALfAaOSraNWhCbCzwSe74C7cx8M7Z7GoM-4udYyC3mnrplCtVz0UQvIt7hTjJasz2aw-BO9QyeqJmXl3He7JAVJyc8PzO7F_WY1K8NyXB-Vp/s1600/Cracking.png" height="184" width="320" /></a></div>
<div>
<span style="color: #333333; font-family: Verdana, Arial, sans-serif;"><span style="font-size: 12px; line-height: 17.24799919128418px;"><br /></span></span></div>
<br />
Anonymoushttp://www.blogger.com/profile/04187070224885327258noreply@blogger.com0tag:blogger.com,1999:blog-5107295210321970559.post-24766804676556200822014-04-23T09:53:00.001-07:002014-04-24T02:11:38.594-07:00Risk Management: Finding agreement on risk and controls<p>One of the primary activities of a risk management professional is to have conversations with organisation stakeholders to understand risks and what needs to be done to manage these risks.</p>
<p>These conversations can involve trying to reach agreement on the existence of risks and then subsequent risk management activity required. Recognising a risk and working out what to do about it requires, at times, considerable effort that could otherwise go into delivery of mission critical projects and business as usual activity that stakeholders' performance is measured against. Why would a stakeholder spend time on activities they are not measured against?</p>
<p>As a risk management professional, you need to answer this "Why?" question in a compelling way. To answer this question you need to understand the organisation's objectives. You then need to couch your risk analysis and articulation of the risk and impact in terms of how these will impact the organisation's objectives. When I talk about organisation objectives, these may be top level or lower level objectives from the top level organisation or a single department within the organisation. Selection of the appropriate objectives depends on your stakeholder. You need to identify an objective as close as possible to your stakeholder. This is easier if you have a mandatory policy framework that has been approved at the highest levels and that all staff must comply with, but becomes challenging where this doesn't exist or is evolving. If you have a mandatory policy it will generally have an objective that everyone must support. If this doesn't exist or is evolving you need to outline what the objective is and link it to the stakeholder's objective in a clear, compelling and self evident way. This is where good risk articulation is important and understanding that risk is the effect of uncertainty on objectives, comes into play.</p>
<p>Understanding this, the conversation needs be be preceded with youself understanding the relevant objectives, articulating a baseline risk that makes it very clear what the effect on the objectives might be; and as much as possible quantify this with relevant facts such as estimated loss or frequency of similar risks materialising in the organisation or industry. This helps to paint the picture for the stakeholder.</p>
<p>One thing you need to remember is not to ne wedded to your initial risk articulation. Your conversations with stakeholders will provide you with valuable insights that need to be incorporated into your risk analysis and associated risk articulation. Your stakeholders will also likely have pragmatic and valuable suggestions for controlling the risks they deal with day to day. You need to seriously consider this. One of the biggest causes of disagreement I have seen in my experience is risk professionals swooping in with theoretical notions of risk and controls without considering what happens on the ground already to address risks or suggesting best practice controls while not considering pragmatism and sizing.</p>
<p>You need to work side by side with your stakeholders to understand their objectives and how these tie into the objective of the organisation to manage risks. You need to understand their business and how they may already be managing their risks and try to leverage this where feasible. And finally, keep the conversations going to identify any gaps as they arise and opportunities to make risk management more efficient and effective, alongside your stakeholders.</p>
<p>Failing all of the above, if you find yourself dealing with an intransigent stakeholder, sometimes the best way to advance is to escalate your case and follow the same approach with the next level up. If you have the support of a broader risk management function then use this also as good working relationships may already exist at your management's level.</p>
Anonymoushttp://www.blogger.com/profile/04187070224885327258noreply@blogger.com0tag:blogger.com,1999:blog-5107295210321970559.post-52555438420173414092014-04-18T13:48:00.002-07:002014-04-22T13:55:50.725-07:00Review of Wealth of Nations - Part 1<div style="color: #333333; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; line-height: 20.790000915527344px; margin-bottom: 0cm;">
<div style="background-color: white; font-size: 15px; margin-bottom: 0cm;">
<span style="font-size: small;"><b>Title</b></span><span style="font-size: small;">: Wealth of Nations
(Wordsworth Classics of World Literature)</span></div>
<div style="background-color: white; font-size: 15px; margin-bottom: 0cm;">
<span style="font-size: x-small;"><b>Author</b>: Adam Smith</span></div>
<div style="background-color: white; font-size: 15px; margin-bottom: 0cm;">
<span style="font-size: x-small;"><b>Pages</b>: 1008 pages</span></div>
<div style="background-color: white; font-size: 15px; margin-bottom: 0cm;">
<span style="font-size: x-small;"><b>Publisher</b>: Wordsworth Editions Ltd.; Classic
World Literature edition (5 July 2012)</span></div>
<div style="background-color: white; font-size: 15px; margin-bottom: 0cm;">
<span style="font-size: x-small;"><b>Language</b>: English</span></div>
<div style="background-color: white; font-size: 15px; margin-bottom: 0cm;">
<span style="font-size: x-small;"><b>ISBN-10</b>: <a href="tel:1840226889" x-apple-data-detectors="true" x-apple-data-detectors-type="telephone" x-apple-data-detectors-result="0">1840226889</a></span></div>
<div style="background-color: white; font-size: 15px; margin-bottom: 0cm;">
<span style="font-size: x-small;"><b>ISBN-13</b>: <a href="tel:978-1840226881" x-apple-data-detectors="true" x-apple-data-detectors-type="telephone" x-apple-data-detectors-result="1">978-1840226881</a></span></div>
<div style="background-color: white; font-size: 15px; margin-bottom: 0cm;">
<br></div>
<div style="margin-bottom: 0cm;">
<span style="background-color: white;">The Wealth of Nations is composed of five books each
with a number of chapters. I figured I'd share what I've </span><span style="background-color: white;">learned</span><span style="background-color: white;"> from
my reading of the book as I go. So here it is for the first 7
chapters which set the scene before some of the more detailed text.</span></div>
<div style="background-color: white; margin-bottom: 0cm;">
<br></div>
<div style="background-color: white; margin-bottom: 0cm;">
<br></div>
<div style="background-color: white; margin-bottom: 0cm;">
Overall, Smith has a fairly easy turn of phrase and the
language used in the book is not archaic even though it was published
in the 1700s. It is easy enough to follow and dwells on the
fundamentals to ensure that the reader has fully grasped these prior
to moving on in the book. I thought I'd try to summarise what each
chapter is trying to say in this review to give an idea of how Smith
has developed this work.</div>
<div style="background-color: white; margin-bottom: 0cm;">
<br></div>
<div style="background-color: white; margin-bottom: 0cm;">
<b>Book
1 - Introduction and Chapter 1:</b></div>
<div style="background-color: white; margin-bottom: 0cm;">
<br></div>
<div style="background-color: white; margin-bottom: 0cm;">
Smith establishes labour as the fundamental basis of
national economic output (commodities). Smith advises that the
national economic output will be regulated by a) the way in labour is
applied, and b) the level of employment. Smith highlights how
specialisation and the division of labour has enabled the production
of many of the commodities of life (such as glazed windows) which
would not have been possible for any one person to produce for
themselves within their lifetime to the same standard.</div>
<div style="background-color: white; margin-bottom: 0cm;">
<br></div>
<div style="background-color: white; margin-bottom: 0cm;">
<b>Book
1 - Chapter 2:</b></div>
<div style="background-color: white; margin-bottom: 0cm;">
<br></div>
<div style="margin-bottom: 0cm;">
<span style="background-color: white;">Smith recognises people's "almost constant occasion
for the help of his </span><span style="background-color: white;">bretheren</span><span style="background-color: white;">".
He recognises that people's ability to "truck, barter and
exchange" goods and services to satisfy their needs and wants,
enables the division of labour described in the first chapter to be
useful to those specialising in the production of one sort of good or
service.</span></div>
<div style="background-color: white; margin-bottom: 0cm;">
<br></div>
<div style="background-color: white; margin-bottom: 0cm;">
<b>Book
1 - Chapter 3:</b></div>
<div style="background-color: white; margin-bottom: 0cm;">
<br></div>
<div style="background-color: white; margin-bottom: 0cm;">
Smith draws the conclusion that the division of labour
is limited by the extent of the market for goods and services. He
highlights that denser population centres will give rise to greater
specialisation and division of labour than less dense centres. For
example, the market for nails for building work in a dense population
centre is greater in that centre and would give rise to specialised
nail-makers mass producing nails. In a remote rural region with very
low population density and difficulty or prohibitive expense in
importing mass produced nails, making nails may be done by a
blacksmith who also makes all manner of other metal objects (less
specialisation and division of labour).</div>
<div style="background-color: white; margin-bottom: 0cm;">
<br></div>
<div style="background-color: white; margin-bottom: 0cm;">
<b>Book
1 - Chapter 4: </b></div>
<div style="background-color: white; margin-bottom: 0cm;">
<br></div>
<div style="background-color: white; margin-bottom: 0cm;">
This chapter looks at money and how this evolved as a
way to usefully and conveniently facilitate trade. It talks about
trade was initially facilitated through exchange of weights of
precious metals such as gold and silver for goods and services. Smith
goes on to describe how the uniform goodness of precious metals was
attested through stamping a quality mark on it with this giving rise
to coinage. Smith also recognises that coinage was debased at the
expense of national subjects by sovereign states and princes by
gradually reducing the amount of gold and silver in the coin over
time in order to create more money from this skimmed precious metal.
This chapter introduces the concept of "value in exchange"
and outlines how the "real" value of exchanged commodities
is composed. </div>
<div style="background-color: white; margin-bottom: 0cm;">
<br></div>
<div style="background-color: white; margin-bottom: 0cm;">
<b>Book
1 - Chapter 5:</b></div>
<div style="background-color: white; margin-bottom: 0cm;">
<br></div>
<div style="background-color: white; margin-bottom: 0cm;">
Smith expands upon the concept of "real" value
and compares it to "nominal" value. Real value is that
which is given up to produce a commodity and nominal value is the
money price of that commodity. These values are not always that same
with a tendency for a commodity with a nominal value under or over
its real value to move towards the real value. This chapter revisits
the topic of the value of money in terms of the quantity of gold and
silver in coins. Interestingly, he suggests that government
regulation making silver and gold the legal tender except for small
change would stop the "discreditable" conduct of banks in
counting out pennies to depositors calling for their deposits in a
bank run. He adds that this regulation would require banks to hold
more cash in reserve which would be a considerable security to the
banks creditors (including depositors). This suggestion of government
regulation and reserve requirements is a feature of the banking
system today. </div>
<div style="background-color: white; margin-bottom: 0cm;">
<br></div>
<div style="background-color: white; margin-bottom: 0cm;">
<b>Book
1 - Chapter 6:</b></div>
<div style="background-color: white; margin-bottom: 0cm;">
<br></div>
<div style="background-color: white; margin-bottom: 0cm;">
In
this chapter Smith breaks down the price of any good or service into
either one or more of three parts:</div>
<div style="background-color: white; margin-bottom: 0cm;">
-
The wages of labour</div>
<div style="background-color: white; margin-bottom: 0cm;">
-
The profits of stock</div>
<div style="background-color: white; margin-bottom: 0cm;">
-
The rent of land</div>
<div style="background-color: white; margin-bottom: 0cm;">
<br></div>
<div style="background-color: white; line-height: 0.53cm; margin-bottom: 0cm;">
<span style="color: #333333;"><span style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">A
common thread with all of this, as outlined in the introduction to
his book, is that the stock cannot turn a profit and rent cannot be
provided without labour. Another interesting anecdote Smith makes in
this chapter is that of Smith likening the charging of rent by
landlords who annexed the commons as "reaping where they never
sowed".</span></span></div>
<div style="background-color: white; line-height: 0.53cm; margin-bottom: 0cm;">
<br></div>
<div style="background-color: white; line-height: 0.53cm; margin-bottom: 0cm;">
<span style="color: #333333;"><span style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;"><b>Book
1 - Chapter 7:</b></span></span></div>
<div style="background-color: white; line-height: 0.53cm; margin-bottom: 0cm;">
<br></div>
<div style="background-color: white; line-height: 0.53cm; margin-bottom: 0cm;">
<span style="color: #333333;"><span style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">This
chapter essentially introduces the basic economic concepts of demand,
supply and equilibrium price. It also talks on the spectrum of
perfect competition and oligopolies and monopolies and the effect of
this on the price that is charged versus the "natural"
price. An insightful quote from this chapter is:</span></span></div>
<div style="background-color: white; line-height: 0.53cm; margin-bottom: 0cm;">
<br></div>
<div style="background-color: white; line-height: 0.53cm; margin-bottom: 0cm;">
<span style="color: #333333;"><span style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: x-small;"><i>"The
exclusive privileges of corporations, statutes of apprenticeship, and
all those laws which restrain, in particular employments, the
competition to a smaller number than might otherwise go into them,
have the same tendency, though in a less degree. They are a sort of
enlarged monopolies, and may frequently, for ages together, and in
whole classes of employments, keep up the market price of particular
commodities above the natural price, and maintain both the wages of
the labour and the profits of the stock employed about them somewhat
above their natural rate.</i></span></span></div>
<div style="background-color: white; line-height: 0.53cm; margin-bottom: 0cm;">
<span style="font-size: x-small;"><br>
</span></div>
<div style="background-color: white; line-height: 0.53cm; margin-bottom: 0cm;">
<span style="color: #333333;"><span style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: x-small;"><i>Such
enhancements of the market price may last as long as the regulations
of policy which give occasion to them."</i></span></span></div>
<div style="background-color: white; line-height: 0.53cm; margin-bottom: 0cm;">
<br></div>
<div style="background-color: white; line-height: 0.53cm; margin-bottom: 0cm;">
<span style="color: #333333;"><span style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;"><b>My
conclusion ... so far</b></span></span></div>
<div style="background-color: white; line-height: 0.53cm; margin-bottom: 0cm;">
<br></div>
<div style="background-color: white; line-height: 0.53cm; margin-bottom: 0cm;">
<span style="color: #333333;"><span style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">My
main takeaways from this are that Smith has done a good job at
linking economic prosperity to "useful" employment of
labour. He also logically and systematically creates a basis for his
economic principles based on empirical evidence available to him at
the time and from his experiences. He makes it clear that the
economic principles are subject to reality and that they may not
always hold depending on other factors. Importantly Smith recognises
the importance of society and everyone contributing what they are
able to progress it. Through induction and a couple of statements
Smith also recognises the role of regulation in the economy to ensure
it operates in the best interests of society (e.g. reserve
requirements and anti-trust / monopoly regulation). There are two
ways to read an interesting quote Smith made in Chapter 7 as
reproduced above. One is to infer that the exclusive privileges
relates to preferential treatment of certain corporations by
governments and sovereigns such as the East India Compony while the other is more general and relates to the general privileges
enjoyed by corporations, namely, limited liability and a higher
barrier to entry into this structure by those with greater resources
than those without such resources.</span></span></div>
<div style="background-color: white; line-height: 0.53cm; margin-bottom: 0cm;">
<br></div>
<div style="background-color: white; line-height: 0.53cm; margin-bottom: 0cm;">
<span style="color: #333333;"><span style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">Overall,
my own reading of the text has changed the way in which I have
thought of Adam Smith. I see in the words of the author and the ideas
espoused, someone trying to create a model by which to better
understand economics. The economics espoused in this text is that
based on hard work (labour) being the prime mover in economic
performance with the real value of things being that which is given
up by those who perform the labour. He does include stock and land as
secondary elements but these can only be utilised through labour.
Sounds to me so far that true capitalism is based on "useful
labour" rather than playing around with the money supply or
having hoards of unused stock and land.</span></span></div>
<div style="background-color: white; line-height: 0.53cm; margin-bottom: 0cm;">
<br></div>
<div style="background-color: white; line-height: 0.53cm; margin-bottom: 0cm;">
<span style="color: #333333;"><span style="font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif;">More
to come in Part 2 (just need to finish reading more chapters).</span></span></div>
<div style="background-color: white;">
<br></div>
<div style="background-color: white; font-size: 15px; margin-bottom: 0cm;">
<br></div>
</div>
Anonymoushttp://www.blogger.com/profile/04187070224885327258noreply@blogger.com0tag:blogger.com,1999:blog-5107295210321970559.post-48336638722128561882014-04-11T06:29:00.000-07:002014-04-11T06:29:15.308-07:00Money : whence it came, where it went: A review<div style="background-color: white; color: #333333; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15px; line-height: 20.790000915527344px; margin-bottom: 0cm;">
<b>Title</b>: Money : whence it came, where it went</div>
<div style="background-color: white; color: #333333; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15px; line-height: 20.790000915527344px; margin-bottom: 0cm;">
<b>Author</b>: John Kenneth Galbraith</div>
<div style="background-color: white; color: #333333; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15px; line-height: 20.790000915527344px; margin-bottom: 0cm;">
<b>Pages</b>: 335 pages</div>
<div style="background-color: white; color: #333333; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15px; line-height: 20.790000915527344px; margin-bottom: 0cm;">
<b>Publisher</b>: Bantam (1976)</div>
<div style="background-color: white; color: #333333; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15px; line-height: 20.790000915527344px; margin-bottom: 0cm;">
<b>Language</b>: English</div>
<div style="background-color: white; color: #333333; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15px; line-height: 20.790000915527344px; margin-bottom: 0cm;">
<b>ISBN-10</b>: 0553026887</div>
<div style="background-color: white; color: #333333; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15px; line-height: 20.790000915527344px; margin-bottom: 0cm;">
<b>ISBN-13</b>: 978-0553026887</div>
<div style="background-color: white; color: #333333; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15px; line-height: 20.790000915527344px; margin-bottom: 0cm;">
<br /></div>
<div style="background-color: white; color: #333333; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15px; line-height: 20.790000915527344px; margin-bottom: 0cm;">
<b>Review</b></div>
<div style="background-color: white; color: #333333; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15px; line-height: 20.790000915527344px; margin-bottom: 0cm;">
<b><br /></b></div>
<div style="background-color: white; color: #333333; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15px; line-height: 20.790000915527344px; margin-bottom: 0cm;">
In terms of content, Galbraith has done good job of providing a fairly representative round-up of the early days of money and the various ways in which is was managed or abused, He then continues into a more US focused history of money and looks at the effectiveness of monetary policy in dealing with periods of recession. He provides a very candid account of his and his contemporaries and near contemporaries role in economic policy making. He concludes with six points which essentially point out the failings of monetary policy as a sole lever in the economy and highlights the importance of combining monetary policy with fiscal policy to effect desired outcomes in the economy. Galbraith made the point that monetary policy may make available more money through banks by reducing official interest rates and loosening reserve requirements but fiscal policy was needed to encourage people to actually use this extra money made available.</div>
<div style="background-color: white; color: #333333; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15px; line-height: 20.790000915527344px; margin-bottom: 0cm;">
<br /></div>
<div style="background-color: white; color: #333333; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15px; line-height: 20.790000915527344px; margin-bottom: 0cm;">
In terms of style, Galbraith has used a conversational style with amusing anecdotes and opinions interspersed. sometimes though, you find yourself back tracking to get some of his points due to some of the sidelines and witty quips. Overall not impenetrable.</div>
<div style="background-color: white; color: #333333; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15px; line-height: 20.790000915527344px; margin-bottom: 0cm;">
<br /></div>
<div style="background-color: white; color: #333333; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 15px; line-height: 20.790000915527344px; margin-bottom: 0cm;">
I would recommend reading this book. Textbooks I studied while studying various economics subjects lack the same colour and courage in discussing the subject matter and for the most part take monetary policy as gospel. This book gives a more balanced view.</div>
Anonymoushttp://www.blogger.com/profile/04187070224885327258noreply@blogger.com0tag:blogger.com,1999:blog-5107295210321970559.post-20066971838350641662014-03-26T10:38:00.000-07:002018-07-20T10:48:34.362-07:00What is privileged access? - A definition of privileged access from review of US financial institution regulation and ISO 27002<div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;">Why
is it important to understand what privileged access is? Highlighting
some examples of what can happen when privileged access is not
managed appropriately demonstrates it is something that needs to be
understood:</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<ul>
<li><div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;">March
2002 – It was reported that Roger Duronio brought down 2,000
business critical servers, including trading servers, with a logic
bomb in UBS costing $3.1m in restoration costs and unknown business
loses during the downtime</span><sup><span style="font-family: "calibri" , sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote1sym" name="sdendnote1anc"><sup>i</sup></a></span></sup><span style="font-family: "calibri" , sans-serif;">.</span></div>
</li>
<li><div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;">January
2008 - It was reported that Jérôme Kerviel lost Société Générale
€4.9bn in trades purportedly utilising privileged access
accumulated from his previous and last roles in the bank</span><sup><span style="font-family: "calibri" , sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote2sym" name="sdendnote2anc"><sup>ii</sup></a></span></sup><span style="font-family: "calibri" , sans-serif;">.</span></div>
</li>
<li><div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;">January
2009 - It was reported that </span><span style="font-family: "calibri" , sans-serif;"><span lang="en">Rajendrasinh
B. Makwana almost brought down 4,000 critical servers with a logic
bomb that could have lost Fannie Mae “many millions of dollars”
with his privileged access</span></span><sup><span style="font-family: "calibri" , sans-serif;"><span lang="en"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote3sym" name="sdendnote3anc"><sup>iii</sup></a></span></span></sup><span style="font-family: "calibri" , sans-serif;"><span lang="en">.</span></span></div>
</li>
</ul>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;">From
this, the impacts of not understanding and appropriately controlling
privileged access are significant. The primary challenge with
implementing privileged access policies and controls is a lack of a
clear definition of what privileged access is. </span>
</div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;">Fortunately,
US financial institutions regulation and the International Standards
Organisation provide a starting point. </span>
</div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;"><b>US
Financial Institutions Regulation</b></span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;">The
Board of Governors of the Federal Reserve System (the Board)
implements the Federal Reserve Act and other laws pertaining to
banking and financial activities. The Board implements those laws, in
part, through its regulations A through to YY, which are codified in
Title 12, Chapter II, of the Code of Federal Regulations within the
US Code (USC)</span><sup><span style="font-family: "calibri" , sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote4sym" name="sdendnote4anc"><sup>iv</sup></a></span></sup><span style="font-family: "calibri" , sans-serif;">.
</span>
</div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;">Section
6801 and section 6805 in Title 15 of the USC applies the
Gramm-Leach-Bliley Act of 1999 (GLBA) to financial institutions
including Bank holding companies. Section 501(b) of the GLBA
introduced the “Financial Institutions Safeguards” requirement
that requires financial institutions implement administrative,
technical, and physical safeguards to ensure the confidentially,
security and integrity of customer information</span><sup><span style="font-family: "calibri" , sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote5sym" name="sdendnote5anc"><sup>v</sup></a></span></sup><span style="font-family: "calibri" , sans-serif;">.
</span>
</div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;">Further
guidance as to how to establish these safeguards is provided by CFR
Regulation Y - Appendix F to Part 225 - Interagency Guidelines
Establishing Information Security Standards. These guidelines were
developed by the Member agencies of the Federal Financial
Institutions Examination Council (FFIEC). The FFIEC published
examination handbooks that apply to the examination of a financial
institution's operations and all related data, and serves as a
supplement to the agencies' GLBA 501(b) expectations.</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;">Page
19 of the Federal Financial Institution Examination Council (FFIEC)
Information Security Examination Handbook defines </span><span style="font-family: "calibri" , sans-serif;"><b>privileged
access</b></span><span style="font-family: "calibri" , sans-serif;">
as</span><sup><span style="font-family: "calibri" , sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote6sym" name="sdendnote6anc"><sup>vi</sup></a></span></sup><span style="font-family: "calibri" , sans-serif;">:</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div align="CENTER" style="margin-bottom: 0cm;">
“<span style="font-family: "calibri" , sans-serif;"><b>the
ability to override system or application controls”</b></span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;">A
key point to note in this definition is the distinction between
systems and applications. This distinction means that privileged
access may exist at an application level as well as at the underlying
infrastructure system level.</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;"><b>International
Standards Organisation</b></span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;">The
FFIEC Information Security Examination Handbook definition is aligned
to the international standard ISO 27002 Information technology -
Security techniques - Code of practice for information security
management (ISO 27002).</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;">Specifically,
page 61 of ISO 27002 defines </span><span style="font-family: "calibri" , sans-serif;"><b>privileged
access rights</b></span><span style="font-family: "calibri" , sans-serif;">,
as those</span><sup><span style="font-family: "calibri" , sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote7sym" name="sdendnote7anc"><sup>vii</sup></a></span></sup><span style="font-family: "calibri" , sans-serif;">:</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div align="CENTER" style="margin-bottom: 0cm;">
“<span style="font-family: "calibri" , sans-serif;"><b>access
rights which allow users to override system controls”</b></span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;">How
this definition differs from the FFIEC definition is that is refers
to access rights and these applying only to system controls rather
than both system and application controls. This ISO guidance suggests
that the FFIEC definition’s “ability” is that ability conferred
to a “user” by virtue of their “access rights”.</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;">Additionally
page 62 of ISO 27002 defines </span><span style="font-family: "calibri" , sans-serif;"><b>system
administration privileges</b></span><span style="font-family: "calibri" , sans-serif;">
as</span><sup><span style="font-family: "calibri" , sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote8sym" name="sdendnote8anc"><sup>viii</sup></a></span></sup><span style="font-family: "calibri" , sans-serif;">:</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div align="CENTER" style="margin-bottom: 0cm;">
“<span style="font-family: "calibri" , sans-serif;"><b>any
feature or facility of an information system that enables the user to
override system or application controls”</b></span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;">The
last part of this definition is identical to the FFIEC wording
“override system or application controls”. This additional ISO
guidance suggests that the FFIEC definition’s “ability” is that
ability conferred to a “user” by virtue of “any feature or
facility of an information system”. As per the FFIEC definition, a
key point to note in this definition is the distinction between
systems and applications. As with the FFIEC definition, this
distinction means that privileged access may exist at an application
level as well as at the underlying infrastructure system level.</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;">Finally,
further guidance is available at page 56 of ISO 27002 which defines
</span><span style="font-family: "calibri" , sans-serif;"><b>privileged
operations</b></span><span style="font-family: "calibri" , sans-serif;">
as</span><sup><span style="font-family: "calibri" , sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote9sym" name="sdendnote9anc"><sup>ix</sup></a></span></sup><span style="font-family: "calibri" , sans-serif;">:</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div align="CENTER" style="margin-bottom: 0cm;">
“<span style="font-family: "calibri" , sans-serif;"><b>use
of privileged accounts, e.g. supervisor, root, administrator; system
start-up and stop; [and] I/O device attachment/detachment”</b></span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;">While
not a definition of privileged access it does provide useful
interpretation guidance in what is commonly considered to be the
operations of those with privileged access, and from this, what
constitutes privileged access. In this case, operating system or
database system administrator accounts such as “root”,
“administrator” and “supervisor”. By extension, similar
access to the access level of these accounts would be considered
privileged access. This definition also describes the ability to
execute system start-up; and stop and I/O device
attachment/detachment, system level services generally accessible via
service or system accounts.</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;"><b>Conclusion
- A Working Definition of Privileged Access</b></span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;">From
these sources we can develop a working definition of privileged
access that is aligned to US regulatory requirements and
international standards. </span>
</div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;">From
the FFIEC definition, the working definition needs to cover both
applications and systems. Expanding the FFIEC definition’s use of
the term “ability” using ISO guidance, would result in the
following definition:</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div align="CENTER" style="margin-bottom: 0cm;">
“<span style="font-family: "calibri" , sans-serif;"><b>Privileged
access is the ability to override system or application controls,
conferred to a user by virtue of their access rights or any feature
or facility of an information system. This includes the ability to
use system administration and service accounts.”</b></span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;">From
this working definition, we can better understand what ability is
considered privileged and that a user with this access would be
considered to have privileged access. Policy making and controls
based on this definition will ensure alignment with the US regulators
and international standards hopefully resulting in better risk and
control assessments to implement the necessary administrative,
technical, and physical safeguards to ensure the confidentially,
security and integrity of customer information.</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "calibri" , sans-serif;"><span style="font-size: medium;"><b>Endnotes</b></span></span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div id="sdendnote1">
<div class="sdendnote">
<a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote1anc" name="sdendnote1sym">i</a>
Gaudin, S., <i>Ex-UBS Systems Admin Sentenced To 97 Months In Jail</i>,
United States of America, 2006. Available at:
<span style="color: blue;"><u><a href="http://www.informationweek.com/ex-ubs-systems-admin-sentenced-to-97-months-in-jail/d/d-id/1049873"><span lang="en">http://www.informationweek.com/ex-ubs-systems-admin-sentenced-to-97-months-in-jail/d/d-id/1049873</span></a></u></span><span lang="en">?
</span>(Accessed 6 March 2014).</div>
<div class="sdendnote">
<br /></div>
</div>
<div id="sdendnote2">
<div class="sdendnote">
<a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote2anc" name="sdendnote2sym">ii</a>
Tarzy, B., <i>Revoke legacy privileged accounts – or pay the
consequences</i>, United Kingdom, 2012. Available at:
<span style="color: blue;"><u><a href="http://www.computing.co.uk/ctg/the-big-picture-blog/2157940/revoke-legacy-privileged-accounts-pay-consequences#"><span lang="en">http://www.computing.co.uk/ctg/the-big-picture-blog/2157940/revoke-legacy-privileged-accounts-pay-consequences#</span></a></u></span>
(Accessed 6 March 2014).</div>
<div class="sdendnote">
<br /></div>
</div>
<div id="sdendnote3">
<div class="sdendnote">
<a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote3anc" name="sdendnote3sym">iii</a>
Keizer, G., <i>Ex-Fannie Mae engineer pleads innocent to server bomb
charge</i>, United States of America, 2009. Available at:
<span style="color: blue;"><u><a href="http://www.computerworld.com/s/article/9127157/Ex_Fannie_Mae_engineer_pleads_innocent_to_server_bomb_charge"><span lang="en">http://www.computerworld.com/s/article/9127157/Ex_Fannie_Mae_engineer_pleads_innocent_to_server_bomb_charge</span></a></u></span><span lang="en">
</span>(Accessed 6 March 2014).</div>
<div class="sdendnote">
<br /></div>
</div>
<div id="sdendnote4">
<div class="sdendnote">
<a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote4anc" name="sdendnote4sym">iv</a>
Government Printing Office, <i>Electronic Code of Federal
Regulations</i>, United States of America, 2012. Available at:
<span style="color: blue;"><u><a href="http://www.ecfr.gov/cgi-bin/ECFR?page=browse">http://www.ecfr.gov/cgi-bin/ECFR?page=browse</a></u></span>
(Accessed 6 March 2014).</div>
<div class="sdendnote">
<br /></div>
</div>
<div id="sdendnote5">
<div class="sdendnote">
<a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote5anc" name="sdendnote5sym">v</a>
Government Printing Office, <i>GRAMM–LEACH–BLILEY ACT</i>,
United States of America, 1999. Available at:
<span style="color: blue;"><u><a href="http://www.gpo.gov/fdsys/pkg/PLAW-106publ102/pdf/PLAW-106publ102.pdf">http://www.gpo.gov/fdsys/pkg/PLAW-106publ102/pdf/PLAW-106publ102.pdf</a></u></span>
(Accessed 6 March 2014).</div>
<div class="sdendnote">
<br /></div>
</div>
<div id="sdendnote6">
<div class="sdendnote">
<a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote6anc" name="sdendnote6sym">vi</a>
Federal Financial Institution Examination Council, <i>The FFIEC
Information Security IT Examination Handbook</i>, United States of
America, 2006. Available at:
<span style="color: blue;"><u><a href="http://ithandbook.ffiec.gov/ITBooklets/FFIEC_ITBooklet_InformationSecurity.pdf"><span lang="en">http://ithandbook.ffiec.gov/ITBooklets/FFIEC_ITBooklet_InformationSecurity.pdf</span></a></u></span><span lang="en">
</span>(Accessed 6 March 2014).</div>
<div class="sdendnote">
<br /></div>
</div>
<div id="sdendnote7">
<div class="sdendnote">
<a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote7anc" name="sdendnote7sym">vii</a>
International Organisation for Standardization (ISO), ISO
27002:2005, <i>Information technology - Security techniques - Code
of practice for information security management</i>, Switzerland,
2005</div>
<div class="sdendnote">
<br /></div>
</div>
<div id="sdendnote8">
<div class="sdendnote">
<a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote8anc" name="sdendnote8sym">viii</a>
<i>Ibid</i></div>
<div class="sdendnote">
<br /></div>
</div>
<br />
<div id="sdendnote9">
<div class="sdendnote">
<a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote9anc" name="sdendnote9sym">ix</a>
<i>Ibid</i><br />
<i><br /></i>
<i>PS: This is also published in the <a href="https://img1.wsimg.com/blobby/go/b5e0f550-d96f-488a-8487-42a23cd6ad50/downloads/1ciscplsc_816876.pdf">IT Risk Practitioner</a></i></div>
</div>
Anonymoushttp://www.blogger.com/profile/04187070224885327258noreply@blogger.com0tag:blogger.com,1999:blog-5107295210321970559.post-75467577299887474862014-03-24T14:27:00.002-07:002014-03-24T14:27:36.024-07:00Would Recommend Code::Blocks IDE for C++ DevelopmentI normally use a Linux host for my development work (Eclipse and Netbeans) but have today decided to look at Windows again. I was looking around for a no-nonsense IDE with version control, syntax highlighting, compiling and running of programs in the one intuitive interface. I finally found a good IDE that fits the bill: Code::Blocks (see home page at <a href="http://www.codeblocks.org/">http://www.codeblocks.org</a>). This IDE installs easily and without any issues from a single downloaded binary (albeit 100mb in size. Download the one at: <a href="http://sourceforge.net/projects/codeblocks/files/Binaries/13.12/Windows/codeblocks-13.12mingw-setup-TDM-GCC-481.exe">http://sourceforge.net/projects/codeblocks/files/Binaries/13.12/Windows/codeblocks-13.12mingw-setup-TDM-GCC-481.exe</a>) and can build and run C++ application code straight out of the box. I was very impressed. I didn't have to setup cygwin or MinGW it set this up for me (i.e MinGW was installed alongside the IDE and GCC).<div>
<br /></div>
<div>
It's looking good so far but we'll see how it goes when I start to exercise it a bit more.</div>
Anonymoushttp://www.blogger.com/profile/04187070224885327258noreply@blogger.com0tag:blogger.com,1999:blog-5107295210321970559.post-91779308907184063272014-03-11T11:52:00.001-07:002014-03-11T11:53:48.346-07:00Financial services systems change failures and how to control them<div style="margin-bottom: 0cm; page-break-before: always;">
<span style="font-family: Arial, sans-serif;">When it
comes to systems change there are a number of notable failures in the
financial services industry:</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, sans-serif;"><i>January
2009:</i></span><span style="font-family: Arial, sans-serif;"> - It was reported
that IT systems engineer Rajendrasinh B. Makwana almost brought down
4,000 critical servers with a logic bomb, embedded in developed
scripts, which could have lost Fannie Mae “many millions of
dollars” that was only discovered by chance by another engineer</span><sup><span style="font-family: Arial, sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote1sym" name="sdendnote1anc"><sup>i</sup></a></span></sup><span style="font-family: Arial, sans-serif;">.</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, sans-serif;"><i>January
2010:</i></span><span style="font-family: Arial, sans-serif;"> It was reported that
a HSBC Mainframe upgrade shut down cash machines and online banking
for HSBC customers as part of upgrade to One HSBC platform</span><sup><span style="font-family: Arial, sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote2sym" name="sdendnote2anc"><sup>ii</sup></a></span></sup><span style="font-family: Arial, sans-serif;">.
This was in addition to a similar outage in June 2009 a further
telephone banking outage in February 2008 due to “coding”
changes</span><sup><span style="font-family: Arial, sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote3sym" name="sdendnote3anc"><sup>iii</sup></a></span></sup><span style="font-family: Arial, sans-serif;">.</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, sans-serif;"><i>September
2010:</i></span><span style="font-family: Arial, sans-serif;"> It was reported that
J.P. Morgan’s online banking service was offline for 3 days due to
third party database software “corrupting the login process”
impacting 16 million customers</span><sup><span style="font-family: Arial, sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote4sym" name="sdendnote4anc"><sup>iv</sup></a></span></sup><span style="font-family: Arial, sans-serif;">.
It was reported that J.P. Morgan appeared not to have a roll-back
plan so they could recover while continuing business as normal</span><sup><span style="font-family: Arial, sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote5sym" name="sdendnote5anc"><sup>v</sup></a></span></sup><span style="font-family: Arial, sans-serif;">.</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, sans-serif;"><i>June
2012:</i></span><span style="font-family: Arial, sans-serif;"> It was reported that
the Royal Bank of Scotland to pay £125 million in costs related to a
glitch in the CA7 batch process scheduler as part of systems
maintenance activity that resulted in 12 million customer accounts
being frozen for almost a week</span><sup><span style="font-family: Arial, sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote6sym" name="sdendnote6anc"><sup>vi</sup></a></span></sup><span style="font-family: Arial, sans-serif;">.</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, sans-serif;"><i>August
2012:</i></span><span style="font-family: Arial, sans-serif;"> </span><span style="font-family: Arial, sans-serif;">It was reported that </span><span style="font-family: Arial, sans-serif;">Knight Capital Group
lost $440 million in 30 minutes and wiped 62% of its stock price, due
to a trading software algorithm glitch that generated erratic trades
and that bought high and sold low for nearly 150 stocks</span><sup><span style="font-family: Arial, sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote7sym" name="sdendnote7anc"><sup>vii</sup></a></span></sup><span style="font-family: Arial, sans-serif;">.
The glitch resulted in 4 million additional trades in 550 million
shares that would not have occurred otherwise</span><sup><span style="font-family: Arial, sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote8sym" name="sdendnote8anc"><sup>viii</sup></a></span></sup><span style="font-family: Arial, sans-serif;">.</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, sans-serif;"><i>August
2013:</i></span><span style="font-family: Arial, sans-serif;"> </span><span style="font-family: Arial, sans-serif;">It was reported that </span><span style="font-family: Arial, sans-serif;">Goldman Sachs lost
$100 million due to an automated trading systems glitch that caused a
number of incorrect options trades that disrupted US exchange trading
affecting shares with listing symbols starting with the letter H
through L</span><sup><span style="font-family: Arial, sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote9sym" name="sdendnote9anc"><sup>ix</sup></a></span></sup><span style="font-family: Arial, sans-serif;">.
The glitch caused automated trading systems to accidentally send
indications of interest as real orders to be filled at the US
exchanges. The cause was reported to be due to inadequate software
testing</span><sup><span style="font-family: Arial, sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote10sym" name="sdendnote10anc"><sup>x</sup></a></span></sup><span style="font-family: Arial, sans-serif;">.</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, sans-serif;"><i>September
2013:</i></span><span style="font-family: Arial, sans-serif;"> </span><span style="font-family: Arial, sans-serif;">It was reported that </span><span style="font-family: Arial, sans-serif;">Clydesdale Bank was fined
£8.9 million by the Financial Conduct Authority for failing to
inform customers of their rights after a software glitch caused the
miscalculation of repayments on over 42,500 mortgages</span><sup><span style="font-family: Arial, sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote11sym" name="sdendnote11anc"><sup>xi</sup></a></span></sup><span style="font-family: Arial, sans-serif;">.</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, sans-serif;"><b>Risk
and associated controls</b></span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, sans-serif;">A good,
actionable risk statement that captures these events is:</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
“<span style="font-family: Arial, sans-serif;">Customer
data leakage, corruption or system unavailability caused by defective
or malicious system changes resulting in financial losses of UK £100
million, customer churn of 6.4 percent</span><sup><span style="font-family: Arial, sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote12sym" name="sdendnote12anc"><sup>xii</sup></a></span></sup><span style="font-family: Arial, sans-serif;">
and regulatory sanction by the Financial Conduct Authority and
Information Commissioner’s Office.”</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, sans-serif;">This
risk statement is a lower level risk that contributes to the
organisational level risk of for example:</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
“<span style="font-family: Arial, sans-serif;">Loss
of market share caused by eroded customer confidence in the
organisation’s information security resulting in net revenue
reduction to the order of hundreds of millions and bank share value
reduced from loss of market confidence in operational management.”</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, sans-serif;">From the
lower level risk statement we can then identify the risk causes that
need to be controlled. In this case we need to control defective or
malicious systems changes that might result in customer data leakage,
corruption or systems unavailability.</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, sans-serif;">To take
these in turn, we’d need to implement a change quality testing
process to ensure that system changes are adequately tested which may
include activities such as code quality reviews, unit, functional,
systems, integration and regression testing. An additional step for
business supporting systems would be user acceptance testing by the
business that also includes tests for boundary conditions and invalid
data inputs to the system data input interfaces.</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, sans-serif;">We’d
then need to implement a change control strategy that uses technical
and administrative controls to restrict the ability to make changes
to production or critical systems unless these changes are approved.
The approval should not be a simple tick in the box but should
require appropriately senior stakeholder approval of changes with
high risk changes signed off at senior executive levels within the IT
and business areas. Part of this sign-off should be that they have
assured themselves that the change has been adequately tested and is
fit for purpose.</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, sans-serif;">There is
a further control required to make these two controls work. This
control is to ensure there is a technically enforced separation of
duties so that those making changes cannot implement these changes in
the target environment. </span>
</div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, sans-serif;">In order
to ensure these controls are adequately and effectively implemented
there needs to be clearly articulated and enforceable policies,
standards, procedures and guidelines in place. The policies and
standards need to be clear and unambiguous, have an owner and
describe the enforcement actions that will be taken if the policy or
standard is not complied with. These enforcement actions must then be
applied for all cases of non-compliance. Where a non-compliance is
expected this needs to be pre-approved with the policy owner and
clearly highlighted to the system senior stakeholders and approved at
the appropriate senior executive level within the technology and
business areas involved in the change.</span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, sans-serif;"><br /></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, sans-serif;"><span style="font-size: medium;"><b>Endnotes
</b></span></span>
</div>
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, Helvetica, sans-serif; font-size: medium;"><b><br /></b></span></div>
<div id="sdendnote1">
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote1anc" name="sdendnote1sym">i</a>
<span lang="en">Keizer, G., </span><span lang="en"><i>Ex-Fannie Mae
engineer pleads innocent to server bomb charge</i></span><span lang="en">,
United States of America, January 2009. Available at:
http://www.computerworld.com/s/article/9127157/Ex_Fannie_Mae_engineer_pleads_innocent_to_server_bomb_charge
(Accessed 6 March 2014).</span></span></div>
</div>
<div id="sdendnote2">
<div class="sdendnote">
<span style="font-family: Arial, Helvetica, sans-serif;"><a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote2anc" name="sdendnote2sym">ii</a><span style="font-size: 11pt;">
</span><span style="font-size: 11pt;"><span lang="en">ComputerWeekly.com,
</span></span><span style="font-size: 11pt;"><span lang="en"><i>HSBC
mainframe outage causes major HSBC network crash</i></span></span><span style="font-size: 11pt;"><span lang="en">,
United States, January 2010. Available at:
</span></span><a href="http://www.computerweekly.com/news/1280091797/HSBC-mainframe-outage-causes-major-HSBC-network-crash"><span style="font-size: 11pt;">http://www.computerweekly.com/news/1280091797/HSBC-mainframe-outage-causes-major-HSBC-network-crash</span></a><span style="font-size: 11pt;"><span lang="en">
(Accessed on 11 March 2014).</span></span></span></div>
</div>
<div id="sdendnote3">
<div class="sdendnote">
<span style="font-family: Arial, Helvetica, sans-serif;"><a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote3anc" name="sdendnote3sym">iii</a><span style="font-size: 11pt;">
</span><span style="font-size: 11pt;"><i>Ibid</i></span></span></div>
</div>
<div id="sdendnote4">
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote4anc" name="sdendnote4sym">iv</a>
Fitzpatrick, D., <i>J.P. Morgan Wrestles Web Snarl</i>, United
States, September 2010. Available at:</span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="color: navy;"><span lang="zxx"><u><a href="http://online.wsj.com/news/articles/SB20001424052748703743504575493752756026016?mg=reno64-wsj&url=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB20001424052748703743504575493752756026016.html"><span lang="en">http://online.wsj.com/news/articles/SB20001424052748703743504575493752756026016?mg=reno64-wsj&url=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB20001424052748703743504575493752756026016.html</span></a></u></span></span><span lang="en">
(Accessed 11 March 2014).</span></span></div>
</div>
<div id="sdendnote5">
<div class="sdendnote">
<span style="font-family: Arial, Helvetica, sans-serif;"><a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote5anc" name="sdendnote5sym">v</a><span style="font-size: 11pt;">
</span><span style="font-size: 11pt;"><i>Ibid</i></span></span></div>
</div>
<div id="sdendnote6">
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote6anc" name="sdendnote6sym">vi</a>
<span lang="en">Flinders, K., </span><span lang="en"><i>RBS computer
problem costs £125m</i></span><span lang="en">, United States,
August 2012. Available at:</span></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="color: navy;"><span lang="zxx"><u><a href="http://www.computerweekly.com/news/2240160860/RBS-computer-problem-costs-125m"><span lang="en">http://www.computerweekly.com/news/2240160860/RBS-computer-problem-costs-125m</span></a></u></span></span><span lang="en">
(Accessed 11 March 2014).</span></span></div>
</div>
<div id="sdendnote7">
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote7anc" name="sdendnote7sym">vii</a>
<span lang="en-US">Philips, M., Knight </span><span lang="en-US"><i>Shows
How to Lose $440 Million in 30 Minutes</i></span><span lang="en-US">,
United States, August 2012. Available at:</span></span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="color: navy;"><span lang="zxx"><u><a href="http://www.businessweek.com/articles/2012-08-02/knight-shows-how-to-lose-440-million-in-30-minutes"><span lang="en-US">http://www.businessweek.com/articles/2012-08-02/knight-shows-how-to-lose-440-million-in-30-minutes</span></a></u></span></span><span lang="en-US">
(Accessed 11 March 2014).</span></span></div>
</div>
<div id="sdendnote8">
<div class="sdendnote">
<span style="font-family: Arial, Helvetica, sans-serif;"><a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote8anc" name="sdendnote8sym">viii</a><span style="font-size: 11pt;">
</span><span style="font-size: 11pt;"><i>Ibid</i></span></span></div>
</div>
<div id="sdendnote9">
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote9anc" name="sdendnote9sym">ix</a>
<span lang="en">Holley, E., </span><span lang="en"><i>Goldman Sachs
trading error is “a warning to all”</i></span><span lang="en">,
United States, August 2013. Available at: </span>
</span></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, Helvetica, sans-serif;"><span style="color: navy;"><span lang="zxx"><u><a href="http://www.bankingtech.com/161162/goldman-sachs-trading-error-is-a-warning-to-all/"><span lang="en">http://www.bankingtech.com/161162/goldman-sachs-trading-error-is-a-warning-to-all/</span></a></u></span></span><span lang="en">
(Accessed 11 March 2014).</span></span></div>
</div>
<div id="sdendnote10">
<div class="sdendnote">
<span style="font-family: Arial, Helvetica, sans-serif;"><a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote10anc" name="sdendnote10sym">x</a><span style="font-size: 11pt;">
</span><span style="font-size: 11pt;"><i>Ibid</i></span></span></div>
</div>
<div id="sdendnote11">
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote11anc" name="sdendnote11sym">xi</a>
Nguyen, A., <i>Clydesdale Bank fined £8.9m over mortgage system
problem</i>, United Kingdom, September 2013. Available at:
<span style="color: navy;"><span lang="zxx"><u><a href="http://www.computerworlduk.com/news/it-business/3470789/clydesdale-bank-fined-89m-over-mortgage-system-problem/">http://www.computerworlduk.com/news/it-business/3470789/clydesdale-bank-fined-89m-over-mortgage-system-problem/</a></u></span></span>
(Accessed 11 March 2014).</span></div>
</div>
<div id="sdendnote12">
<div style="margin-bottom: 0cm;">
<span style="font-family: Arial, Helvetica, sans-serif;"><a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote12anc" name="sdendnote12sym">xii</a>
Figure of 6.4% customer churn comes from: Ponemon Institute, <i>2011
Cost of Data Breach Study: United Kingdom</i>, United Kingdom, March
2012.</span></div>
<div class="sdendnote">
<br /></div>
</div>
Anonymoushttp://www.blogger.com/profile/04187070224885327258noreply@blogger.com0tag:blogger.com,1999:blog-5107295210321970559.post-12695266692658301782014-03-08T03:05:00.000-08:002014-03-08T03:07:00.213-08:00Economics Reading List - Part 1<div style="margin-bottom: 0cm;">
Have read these in
the past to varying extents but am reading through again to refresh
my memory. Some very interesting reads.</div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<b>Title</b>: Wealth of Nations
(Wordsworth Classics of World Literature)</div>
<div style="margin-bottom: 0cm;">
<b>Author</b>: Adam Smith</div>
<div style="margin-bottom: 0cm;">
<b>Pages</b>: 1008 pages</div>
<div style="margin-bottom: 0cm;">
<b>Publisher</b>: Wordsworth Editions
Ltd.; Classic World Literature edition (5 July 2012)</div>
<div style="margin-bottom: 0cm;">
<b>Language</b>: English</div>
<div style="margin-bottom: 0cm;">
<b>ISBN-10</b>: 1840226889</div>
<div style="margin-bottom: 0cm;">
<b>ISBN-13</b>: 978-1840226881</div>
<div style="margin-bottom: 0cm;">
<b>Notes</b>: This is the full five
books (most versions of this are either abridged or only contain the
first 3 books)</div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<b>Title</b>: The General Theory of
Employment, Interest and Money by John Maynard Keynes AND Essays In
Persuasion</div>
<div style="margin-bottom: 0cm;">
<b>Author</b>: John Maynard Keynes</div>
<div style="margin-bottom: 0cm;">
<b>Pages</b>: 542 pages</div>
<div style="margin-bottom: 0cm;">
<b>Publisher</b>: CreateSpace
Independent Publishing Platform (11 Aug 2009)</div>
<div style="margin-bottom: 0cm;">
<b>Language</b>: English</div>
<div style="margin-bottom: 0cm;">
<b>ISBN-10</b>: 144867302X</div>
<div style="margin-bottom: 0cm;">
<b>ISBN-13</b>: 978-1448673025</div>
<div style="margin-bottom: 0cm;">
<b>Notes</b>: This has the primary text
and John Maynard Keynes' Essays in Persuasion in the one book</div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<b>Title</b>: The Affluent Society:
Updated with a New Introduction by the Author</div>
<div style="margin-bottom: 0cm;">
<b>Author</b>: John Kenneth Galbraith</div>
<div style="margin-bottom: 0cm;">
<b>Pages</b>: 288 pages</div>
<div style="margin-bottom: 0cm;">
<b>Publisher</b>: Penguin; 5th Revised
edition edition (5 Aug 1999)</div>
<div style="margin-bottom: 0cm;">
<b>Language</b>: English</div>
<div style="margin-bottom: 0cm;">
<b>ISBN-10</b>: 0140285199</div>
<div style="margin-bottom: 0cm;">
<b>ISBN-13</b>: 978-0140285192</div>
<div style="margin-bottom: 0cm;">
<b>Notes</b>: Galbraith has an amusing way of putting things in this book.</div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<b>Title</b>: Money : whence it came,
where it went</div>
<div style="margin-bottom: 0cm;">
<b>Author</b>: John Kenneth Galbraith</div>
<div style="margin-bottom: 0cm;">
<b>Pages</b>:
335 pages</div>
<div style="margin-bottom: 0cm;">
<b>Publisher</b>: Bantam (1976)</div>
<div style="margin-bottom: 0cm;">
<b>Language</b>: English</div>
<div style="margin-bottom: 0cm;">
<b>ISBN-10</b>: 0553026887</div>
<div style="margin-bottom: 0cm;">
<b>ISBN-13</b>: 978-0553026887</div>
<div style="margin-bottom: 0cm;">
<b>Notes</b>: Very interesting to understand the history of money.</div>
Anonymoushttp://www.blogger.com/profile/04187070224885327258noreply@blogger.com0tag:blogger.com,1999:blog-5107295210321970559.post-13910586464624462082014-03-07T23:30:00.001-08:002018-07-20T10:48:59.238-07:00What is IT Resilience?<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;">Specifically,
there are three key pieces of industry guidance that go some way to
assisting the understanding of resilience: Cobit 5, ITIL v3 and the
US FFIEC IT Examination Handbook.</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;"><b>Cobit
5</b></span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;">Cobit 5,
as part of managing critical IT assets (Cobit 5 - BAI09.02) and
maintaining a continuity strategy (Cobit 5 - DSS04.02), states</span><sup><span style="font-family: "arial" , sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote1sym" name="sdendnote1anc"><sup>i</sup></a></span></sup><span style="font-family: "arial" , sans-serif;">:</span></div>
<ul>
<li><div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;">Maintain
the resilience of critical assets by applying regular preventive
maintenance, monitoring performance, and, if required, providing
alternative and/or additional assets to minimise the likelihood of
failure; and</span></div>
</li>
<li><div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;">Assess
the likelihood of threats that could cause loss of business
continuity and identify measures that will reduce the likelihood and
impact through improved prevention and increased resilience.</span></div>
</li>
</ul>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;"><b>ITIL
v3</b></span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;">The IT
Infrastructure Library v3 (ITIL v3) defines resilience as “the
ability of a Configuration Item or IT Service to resist Failure or to
Recover quickly following a Failure. For example an armoured cable
will resist failure when put under stress.”</span><sup><span style="font-family: "arial" , sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote2sym" name="sdendnote2anc"><sup>ii</sup></a></span></sup></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;">ITIL
provides further guidance in Services Operations highlighting that
“resilience is designed and built into the system, for example
multiple redundant disks or multiple processors. This protects the
system against hardware failure since it is able to continue
operating using the duplicated hardware component.”</span><sup><span style="font-family: "arial" , sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote3sym" name="sdendnote3anc"><sup>iii</sup></a></span></sup></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;">ITIL v3
also provides guidance with respect to software resilience
recommending “software, data and operating system resilience is
also designed into the system, for example mirrored databases (where
a database is duplicated on a backup device) and disk-striping
technology (where individual bits of data are distributed across a
disk array – so that a disk failure results in the loss of only a
part of data, which can be easily recovered using algorithms)…
setting up and using virtualization systems to allow movement of
processing around the infrastructure to give better
performance/resilience in a dynamic fashion.”</span><sup><span style="font-family: "arial" , sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote4sym" name="sdendnote4anc"><sup>iv</sup></a></span></sup></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;">ITIL v3
defines fault tolerance as “the ability of an IT service or other
configuration item to continue to operate correctly after failure of
a component part.”</span><sup><span style="font-family: "arial" , sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote5sym" name="sdendnote5anc"><sup>v</sup></a></span></sup></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;">ITIL v3
defines a countermeasure as referring to “any type of control. The
term is most often used when referring to measures that increase
resilience, fault tolerance or reliability of an IT service.”</span><sup><span style="font-family: "arial" , sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote6sym" name="sdendnote6anc"><sup>vi</sup></a></span></sup></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;">ITIL v3
defines redundancy as “the use of one or more additional
configuration items to provide fault tolerance. The term also has a
generic meaning of obsolescence, or no longer needed.”</span><sup><span style="font-family: "arial" , sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote7sym" name="sdendnote7anc"><sup>vii</sup></a></span></sup></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;">ITIL v3
defines high availability as “an approach or design that minimizes
or hides the effects of configuration item failure from the users of
an IT service. High availability solutions are designed to achieve an
agreed level of availability and make use of techniques such as fault
tolerance, resilience and fast recovery to reduce the number and
impact of incidents.”</span><sup><span style="font-family: "arial" , sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote8sym" name="sdendnote8anc"><sup>viii</sup></a></span></sup></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;"><b>FFIEC</b></span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;">The
FFIEC IT Examination handbook defines resiliency as “the ability of
an organization to recover from a significant disruption and resume
critical operations” and resiliency testing as “testing of an
institution’s business continuity and disaster recovery resumption
plans.”</span><sup><span style="font-family: "arial" , sans-serif;"><a class="sdendnoteanc" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote9sym" name="sdendnote9anc"><sup>ix</sup></a></span></sup></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;"><b>So
what is IT Resilience?</b></span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;">From the
preceding literature review of industry guidance, resilience
comprises the following:</span></div>
<ul>
<li><div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;">Failure
risk assessment and preventative countermeasures</span></div>
</li>
<li><div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;">Rapid
incident detection and response</span></div>
</li>
<li><div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;">Recovery
and countermeasure improvement</span></div>
</li>
</ul>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;">What
this practically would look like would be that IT failure risk
assessments would be performed at an end-to-end service application
and infrastructure level (i.e. a business service is delivered
through applications hosted on infrastructure). These risk
assessments would then be used to design and implement preventative
countermeasures.</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;">Countermeasures
you’d expect to see would be redundancy, clustering, load
balancing, fault tolerance or automatic failover switching features
in the architecture with no single points of failure.</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;">When an
incident occurs that impacts either the assessed risks or the actual
resilience features in the architecture, you’d expect this to be
detected early and to see a well rehearsed, tested and informed
incident management process respond to the incident to ensure
recovery of resilience features.</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;">Finally,
you’d expect to see appropriate recovery options available to be
able to support rapid recovery such as up to date backups, fully
tested disaster recovery sites and associated IT business continuity
plans that have been well tested.</span></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<br /></div>
<div style="margin-bottom: 0cm;">
<span style="font-family: "arial" , sans-serif;"><span style="font-size: medium;"><b>Endnotes
</b></span></span>
</div>
<div class="sdendnote">
<br /></div>
<div id="sdendnote1">
<div class="sdendnote">
<a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote1anc" name="sdendnote1sym">i</a>
<span style="font-family: "arial" , sans-serif;">ISACA, </span><span style="font-family: "arial" , sans-serif;"><i>Cobit
5 - Enabling Processes</i></span><span style="font-family: "arial" , sans-serif;">,
United States, 2012. Available at:
</span><span style="color: blue;"><u><a href="http://www.isaca.org/COBIT/Pages/COBIT-5-Enabling-Processes-product-page.aspx"><span style="font-family: "arial" , sans-serif;">http://www.isaca.org/COBIT/Pages/COBIT-5-Enabling-Processes-product-page.aspx</span></a></u></span><span style="font-family: "arial" , sans-serif;">
(Accessed 6 March 2014).</span></div>
</div>
<div id="sdendnote2">
<div class="sdendnote">
<a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote2anc" name="sdendnote2sym">ii</a>
<span style="font-family: "arial" , sans-serif;">AXELOS Limited, </span><span style="font-family: "arial" , sans-serif;"><i>ITIL
glossary and abbreviations</i></span><span style="font-family: "arial" , sans-serif;">,
United Kingdom, 2011. Available
at: </span><span style="color: blue;"><u><a href="http://www.itil-officialsite.com/InternationalActivities/ITILGlossaries_2.aspx"><span style="font-family: "arial" , sans-serif;"><span lang="en">http://www.itil-officialsite.com/InternationalActivities/ITILGlossaries_2.aspx</span></span></a></u></span><span style="font-family: "arial" , sans-serif;"><span lang="en">
</span></span><span style="font-family: "arial" , sans-serif;">(Accessed 6 March
2014).</span></div>
</div>
<div id="sdendnote3">
<div class="sdendnote">
<a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote3anc" name="sdendnote3sym">iii</a>
<i>Ibid</i></div>
</div>
<div id="sdendnote4">
<div class="sdendnote">
<a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote4anc" name="sdendnote4sym">iv</a>
<i>Ibid</i></div>
</div>
<div id="sdendnote5">
<div class="sdendnote">
<a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote5anc" name="sdendnote5sym">v</a>
<i>Ibid</i></div>
</div>
<div id="sdendnote6">
<div class="sdendnote">
<a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote6anc" name="sdendnote6sym">vi</a>
<i>Ibid</i></div>
</div>
<div id="sdendnote7">
<div class="sdendnote">
<a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote7anc" name="sdendnote7sym">vii</a>
<i>Ibid</i></div>
</div>
<div id="sdendnote8">
<div class="sdendnote">
<a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote8anc" name="sdendnote8sym">viii</a>
<i>Ibid</i></div>
</div>
<br />
<div id="sdendnote9">
<div class="sdendnote">
<a class="sdendnotesym" href="https://www.blogger.com/blogger.g?blogID=5107295210321970559#sdendnote9anc" name="sdendnote9sym">ix</a>
<span style="font-family: "arial" , sans-serif;">Federal Financial Institution
Examination Council, </span><span style="font-family: "arial" , sans-serif;"><i>The
FFIEC IT Examination Handbook - Glossary</i></span><span style="font-family: "arial" , sans-serif;">,
United States of America, 2006. Available at:
</span><span style="color: blue;"><u><a href="http://ithandbook.ffiec.gov/glossary.aspx" target="_blank"><span style="font-family: "arial" , sans-serif;"><span lang="en">http://ithandbook.ffiec.gov/glossary.aspx</span></span></a></u></span><span style="font-family: "arial" , sans-serif;"><span lang="en">
</span></span><span style="font-family: "arial" , sans-serif;">(Accessed 6 March
2014).</span><br />
<span style="font-family: "arial" , sans-serif;"><br /></span>
<span style="font-family: "arial" , sans-serif;"><i style="font-family: Times;">PS: This is also published in the <a href="https://img1.wsimg.com/blobby/go/b5e0f550-d96f-488a-8487-42a23cd6ad50/downloads/1ciscplsc_816876.pdf">IT Risk Practitioner</a></i></span></div>
</div>
Anonymoushttp://www.blogger.com/profile/04187070224885327258noreply@blogger.com0tag:blogger.com,1999:blog-5107295210321970559.post-22785496877383466562014-03-06T10:12:00.002-08:002014-03-07T23:36:20.387-08:00Survival, Family and Society<br />
<div class="s2">
<span style="background-color: rgba(255, 255, 255, 0); font-weight: bold;">Survival</span></div>
<div class="s2">
<br /></div>
<div class="s2">
<span class="s5" style="background-color: rgba(255, 255, 255, 0);">Those biological organisms in existence today are those whose parent/s survived long enough to reproduce. Generally, the mix of physical and mental characteristics that made the parent/s apt to survive will be transferred to the offspring through gene transfer and/or knowledge transfer. This in turn will make the offspring apt for survival and thereby reproduction, and so on.</span></div>
<div class="s2">
<br /></div>
<div class="s2">
<span style="background-color: rgba(255, 255, 255, 0);"><span class="s5">All biological organisms expend energy in living and thus require that energy to be replaced in order to continue to live. Energy is matter and vice versa, the greater the mass of matter the greater the inherent energy. The Sun (a large mass of matter) and the Earth (a small mass of matter) both release energy in many forms including radiation (eg. heat and light) and wrapping up energy in the internal subatomic and atomic attractive bonds </span><span class="s5">of new atoms or molecules </span><span class="s5">(e</span><span class="s5">.</span><span class="s5">g. carbon, a primary element in all living things, created from hydrogen through atomic fusion by stars). Through varied chemical reactions these atoms and molecules form more complex molecules thus resulting in a myriad of different organisms (e.g. plants and animals) and compounds (e.g. sugar, minerals and proteins) from which we derive our energy for life from. Hence we can say that matter is critical to a physical organism's survival and indeed the very existence of the organism itself.</span></span></div>
<div class="s2">
<br /></div>
<div class="s2">
<span class="s5" style="background-color: rgba(255, 255, 255, 0);">In our universe matter exists within space and time. That is matter (a human body or plant) exists if they are at a location, at a point in time. How certain bits of matter are characterised will depend on the frame of reference from which the characterisation is applied. To illustrate a human might say “That cow (a bit of matter) over there (its</span></div>
<div class="s2">
<span class="s5" style="background-color: rgba(255, 255, 255, 0);">location and at the moment), is food (the characterisation)”. The cow might conversely characterise the human as something other than food from its frame of reference. So, matter (e.g. plants, animals, salt, water etc) exists within space (an environment or location) at a particular time (now or in the future). This establishes the importance of things such as food and land upon which to live and/or grow food.</span></div>
<div class="s2">
<br /></div>
<div class="s2">
<span class="s5" style="background-color: rgba(255, 255, 255, 0);">So to relate these principles to the practicalities relevant to us as humans we will consider the human organism, and that matter generally characterised as resources for living (eg. food and land).</span></div>
<div class="s2">
<br /></div>
<div class="s2">
<span style="background-color: rgba(255, 255, 255, 0);"><span class="s5">From this we can say that a human deprived of resources for living will die. By the fact that humans exist today and through other observable behaviours, we can say that humans alive today will generally act in a way that enhances their survival and will generally</span><span class="s5"> </span><span class="s5">act in a way that avoids death; if not through purpose, through</span><span class="s5"> </span><span class="s5">genetically predisposed behaviours.</span><span class="s5"> We can say that the behaviours </span><span class="s5">exhibited by humans today tend to enhance those humans' survival</span><span class="s5"> </span><span class="s5">(otherwise they'd all be dead or </span><span class="s5">dying out</span><span class="s5">).</span></span></div>
<div class="s2">
<br /></div>
<div class="s2">
<span style="background-color: rgba(255, 255, 255, 0);"><span class="s5">A human survived in the immediate term by hunting or gathering food</span><span class="s5"> </span><span class="s5">to eat now or in the near term. Some environments only supported</span><span class="s5"> </span><span class="s5">human life for a certain period of time and at other times did not</span><span class="s5"> </span><span class="s5">produce enough food to support human life. A human survived in such</span><span class="s5"> </span><span class="s5">environments by over-hunting and over-gathering food and storing it</span><span class="s5"> </span><span class="s5">for such periods of infertility.</span></span></div>
<div class="s2">
<br /></div>
<div class="s2">
<span style="background-color: rgba(255, 255, 255, 0);"><span class="s5">Now, while this might work for one human in an environment, this is</span><span class="s5"> </span><span class="s5">complicated by the fact that other humans may exist within that</span><span class="s5"> </span><span class="s5">environment who, will </span><span class="s5">seek to</span><span class="s5">enhance their survival through taking</span><span class="s5"> </span><span class="s5">from other humans. This may take the form of stealing others food or</span><span class="s5"> </span><span class="s5">taking such a quantity of food </span><span class="s5">from</span><span class="s5"> the natural environment that it</span><span class="s5"> </span><span class="s5">leaves no food for other humans in that environment. So those humans</span><span class="s5"> </span><span class="s5">who are, by virtue of their genes, stronger, can simply take food</span><span class="s5"> </span><span class="s5">collected by weaker humans by force. A similar story can be told for</span><span class="s5"> </span><span class="s5">land (upon which food is grown and shelter raised) and objects</span><span class="s5"> </span><span class="s5">obtained or created that enhance survival potential (e.g. axes, water</span><span class="s5"> </span><span class="s5">storage vessels). </span><span class="s5">However, </span><span class="s5">the</span><span class="s5">se</span><span class="s5"> physically strong humans that take what</span><span class="s5"> </span><span class="s5">they want for survival will be looking over their shoulder for either</span><span class="s5"> </span><span class="s5">aggrieved “weaker” humans they stole from</span><span class="s5">,</span><span class="s5"> or even stronger humans that</span><span class="s5"> </span><span class="s5">would seek to enhance their own survival through taking these recently</span><span class="s5"> </span><span class="s5">acquired resources.</span></span></div>
<div class="s2">
<br /></div>
<div class="s2">
<br /></div>
<div class="s2">
<span class="s4" style="background-color: rgba(255, 255, 255, 0); font-weight: bold;">Family and Society</span></div>
<div class="s2">
<br /></div>
<div class="s2">
<span style="background-color: rgba(255, 255, 255, 0);"><span class="s5">This state of nature</span><span class="s5">, that of being completely self-interested,</span><span class="s5"> is not conducive to immediate genetic survival in</span><span class="s5"> </span><span class="s5">that offspring whose food is taken by their mothers of fathers will</span><span class="s5"> </span><span class="s5">die and hence not mature and reproduce. So, over time those humans</span><span class="s5"> </span><span class="s5">that live today have at least developed (or at least their parents</span><span class="s5"> </span><span class="s5">possessed) a base level of a behaviour that was not </span><span class="s5">completely self</span><span class="s5">-interested but rather they tended to exhibit disinterested</span><span class="s5"> </span><span class="s5">behaviour. This disinterest, as opposed to self-interest, allowed</span><span class="s5"> </span><span class="s5">family groups to exist at least until the offspring were mature enough</span><span class="s5"> </span><span class="s5">to survive themselves. Its not that this behaviour evolved but rather</span><span class="s5"> </span><span class="s5">the offspring of those humans that did not exhibit this behaviour died</span><span class="s5"> </span><span class="s5">before being able to reproduce. Therefore what we're left with are</span><span class="s5"> </span><span class="s5">humans who exhibit a degree of disinterest (not in the sense of not</span><span class="s5"> </span><span class="s5">caring but rather in the sense of supporting the interests of others).</span></span></div>
<div class="s2">
<br /></div>
<div class="s2">
<span style="background-color: rgba(255, 255, 255, 0);"><span class="s5">A side effect of </span><span class="s5">this</span><span class="s5"> is that the capacity for humans to care for</span><span class="s5"> </span><span class="s5">others was extend</span><span class="s5">ed</span><span class="s5">not only </span><span class="s5">to</span><span class="s5"> offspring but </span><span class="s5">to</span><span class="s5"> immediate family. This</span><span class="s5"> </span><span class="s5">led to supporting those who fell ill and supporting elderly parents</span><span class="s5"> </span><span class="s5">which had the benefit of greater collective intellect to apply to</span><span class="s5"> </span><span class="s5">problem solving and greater capacity to nurture children to maturity.</span><span class="s5"> </span><span class="s5">In terms of fending off those that would take survival resources from</span><span class="s5"> the</span><span class="s5"> group, the group could leverage its numbers against an individual</span><span class="s5">’</span><span class="s5">s</span><span class="s5"> </span><span class="s5">strength in order to retain their resources and assure their survival.</span><span class="s5"> </span><span class="s5">The family group provided strength, knowledge and care in times of</span><span class="s5"> </span><span class="s5">injury to its members. These benefits logically extended to tribes</span><span class="s5"></span><span class="s5">then more advanced social groupings where you'd be more likely to</span><span class="s5"> </span><span class="s5">survive and thus reproduce in such a society then as a lone ranger</span><span class="s5"> </span><span class="s5">competing for resources with these groupings.</span></span></div>
<div class="s2">
<br /></div>
<div class="s2">
<span style="background-color: rgba(255, 255, 255, 0);"><span class="s5">For a social grouping to exist the members of that social group must</span><span class="s5"> </span><span class="s5">have the capacity to act not from self-interest but through</span><span class="s5"> </span><span class="s5">disinterest (in the interests of others). That is, members of social</span><span class="s5"> </span><span class="s5">groups must consider other's interests in the context of their acts.</span><span class="s5"></span><span class="s5">To not do so could be considered antisocial. This is not a value</span><span class="s5"> </span><span class="s5">judgement but in the most societies this would be considered a</span><span class="s5"> </span><span class="s5">negative feature of an individual, in that, that individual would not</span><span class="s5"> </span><span class="s5">support the society but would take from it (as in the first natural</span><span class="s5"> </span><span class="s5">state of human development).</span></span></div>
<div class="s2">
<br /></div>
<div class="s2">
<span style="background-color: rgba(255, 255, 255, 0);"><span class="s5">The position of social groupings being a natural phenomenon and</span><span class="s5"> </span><span class="s5">disinterest being the reason social groupings exist. Would indicate</span><span class="s5"> </span><span class="s5">that when one acts as a member of a social group they must consider</span><span class="s5"> </span><span class="s5">what effect their actions have upon whichever social groupings they</span><span class="s5"> </span><span class="s5">may be part of. This includes family, friends, community and society.</span></span></div>
<div class="s2">
<span style="background-color: rgba(255, 255, 255, 0);"><span class="s5">For example, while a person is “free” to take heroin to feel good,</span><span class="s5"> </span><span class="s5">that person could also be a father and breadwinner, a cared for</span><span class="s5"> </span><span class="s5">brother, a person who once addicted could commit crimes in order to</span><span class="s5"> </span><span class="s5">maintain their habit and would thus affect other members of society.</span><span class="s5"> </span><span class="s5">The same is equally true for seemingly minor self-interested</span><span class="s5">behaviours </span><span class="s5">such as promiscuous sex </span><span class="s5">where disease may be contracted</span><span class="s5"> </span><span class="s5">resulting in increased energy investments from friends and family and</span><span class="s5"> </span><span class="s5">society (e.g. health institutions) to care for those falling sick</span><span class="s5"> </span><span class="s5">(either directly or indirectly with others copying behaviours and</span><span class="s5"> </span><span class="s5">falling sick). One argument levelled against this is that why should</span><span class="s5"> </span><span class="s5">other social group members care? Why not let the person engaging in</span><span class="s5"> these</span><span class="s5">behaviours</span><span class="s5">,</span><span class="s5"> reap what they sow? A simple counter is that it is</span><span class="s5"> </span><span class="s5">only natural (as detailed above) that other members of a social group</span><span class="s5"> </span><span class="s5">will at the outset discourage risky behaviour and in the case of the</span><span class="s5"> </span><span class="s5">consequences having already been reached, deal with it to support the</span><span class="s5"> </span><span class="s5">other member of the society in need.</span></span></div>
<div class="s2">
<br /></div>
<div class="s2">
<span style="background-color: rgba(255, 255, 255, 0);"><span class="s5">There are different levels of freedom. One level is that one can be</span><span class="s5"> </span><span class="s5">free to club someone on the head to take their food. Another level is</span><span class="s5"> </span><span class="s5">that one can enjoy the freedom from the threat of someone clubbing</span><span class="s5"> </span><span class="s5">them on the head to take their food in the first place. We base our</span><span class="s5"> </span><span class="s5">legal systems on this second level of freedom. Societies find it fit</span><span class="s5"> </span><span class="s5">to make laws against theft thus removing one freedom but in its place</span><span class="s5"></span><span class="s5">providing a greater freedom. So basically, in a social grouping people</span><span class="s5"> </span><span class="s5">will be free to do what they like, when they like and be as carefree</span><span class="s5"> </span><span class="s5">as they may wish insofar as they consider what effect their actions</span><span class="s5"> </span><span class="s5">will have on the social groupings they are a member of.</span><span class="s5"> This can be summarised in a well known statement known</span><span class="s5"> as the categorical</span><span class="s5"></span><span class="s5">i</span><span class="s5">mperative from the p</span><span class="s5">hilosopher Immanuel Kant</span><span class="s5"> that can be used as a good guide for doing the right thing</span><span class="s5">:</span></span></div>
<div class="s2">
<br /></div>
<div class="s2">
<span style="background-color: rgba(255, 255, 255, 0);"><span class="s5">“Act only on that maxim through which you can at the same time will</span><span class="s5"> </span><span class="s5">that it should become a universal law”</span></span></div>
<div class="s2">
<br /></div>
<div class="s2">
<br /></div>
Anonymoushttp://www.blogger.com/profile/04187070224885327258noreply@blogger.com0tag:blogger.com,1999:blog-5107295210321970559.post-41487310090892801912014-03-06T10:07:00.001-08:002014-03-06T10:07:31.609-08:00Hello World!<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span>
<div class="MsoNormal">
<span style="background-color: rgba(255, 255, 255, 0); font-family: Arial, Helvetica, sans-serif;"><b>GREP-BLOG</b></span></div>
<div class="MsoNormal">
<span style="background-color: rgba(255, 255, 255, 0); font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="MsoNormal">
<span style="background-color: rgba(255, 255, 255, 0); font-family: Arial, Helvetica, sans-serif;">Governance, Risk, Economics and Philosophy<u></u><u></u></span></div>
<div class="MsoNormal">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="MsoNormal">
<span style="background-color: rgba(255, 255, 255, 0); font-family: Arial, Helvetica, sans-serif;">A blog dedicated to exploring the subjects of organisation and IT governance, risks and controls, economics and philosophy.<u></u><u></u></span></div>
<div class="MsoNormal">
<span style="font-family: Arial, Helvetica, sans-serif;"><br /></span></div>
<div class="MsoNormal">
<span style="background-color: rgba(255, 255, 255, 0); font-family: Arial, Helvetica, sans-serif;"><b>About the author</b>: Benjamin Power, CISA, CPA has worked in the IS audit, control and security field internationally for more than 10 years in the financial services, energy, retail and service industries and government. Benjamin is an experienced risk and audit professional who has a practical background in IT development and management along with corporate governance and accounting. Benjamin interests also lie in his family and the fields of philosophy and economics.</span></div>
Anonymoushttp://www.blogger.com/profile/04187070224885327258noreply@blogger.com0