Tuesday, January 31, 2012

Database Security & Management Competition

For the first time an Database Security & Management (DSM) assignment has taken the form of an exciting mini-tournament!

A class is split into groups of 4 to 5 students, and each team was given an unprotected database/web server image which they have to beef it up by hardening the operating system and database configurations.

After the initial setup teams will then commence on attacking on others' live server through exploitation methods and techniques such as Structured Query Language Injection. Points are awarded based on how much data a team manages to read or write into other databases, and additional bonus is awarded to anyone who can gain full control of another's server.

In the end there will also be a presentation session for participating teams to share with each other their attempts, approaches, achievements, learnings and reflections during the competition.

Competition begins!

A-ha! I have got our defense strategy sorted out.

We are SO gonna win this!

Girls in action! Show them your magic.

A little collaboration between teams? Or is it social engineering?

Classmates ... why you hack me?!

Saturday, January 28, 2012

EC-Council Certified Security Analyst (ECSA) Examination

27 Jan 2012. This moring, 2 DISM students took the EC-Council Certified Security Analyst (ECSA) professional certification examination and passed. Congratulations to the following students:


About ECSA
EC-Council Certified Security Analyst (ECSA) complements the Certified Ethical Hacker (CEH) certification by exploring the analytical phase of ethical hacking. While CEH exposes the learner to hacking tools and technologies, ECSA takes it a step further by exploring how to analyze the outcome from these tools and technologies. Through the different penetration testing methods and techniques, students perform the intensive assessments required to effectively identify and mitigate risks to the security of the infrastructure.

Thursday, January 26, 2012

Mozilla Capture The Flag Challenge 2012

In the recently concluded 2012 Mozilla Capture The Flag (CTF) international open challenge (http://mozillactf.org), our very own team "Narwhals" managed to clinch 34th position out of 200 plus registered teams.

Why is there a Mozilla CTF?

Our aims are currently twofold: First, we want to show less experienced people that CTFs are fun and security is not a secret conspiracy thing you will never understand. Second, we would like to engage experienced security folks into Mozilla and raise awareness for our bug bounty program. [MozillaWiki]

Our team was also the first one to solve challenge number 9 "Spark - Hail Atlantean!" earning 250 basic points. It is reflected in the scoreboard below with golden color text as well as 3 additional reward points.

The final scoreboard at the end of the competition

The DISM teams "Narwhals" comprises of Barnabus Tan, Chi Kok Pin (DIT), Jeremy Heng, Ku Wee Kiat and Suhaimi Rosli.

Well done boys! Keep it up!

Tuesday, January 24, 2012

Channel NewsAsia's Talking Point Video

For those who want to watch the Channel NewsAsia's Talking Point: Is Your Money Safe?

Click this URL to watch the video.

Wednesday, January 18, 2012

18 Jan 2012. Our DISM lecturer, Samson Yeow, appeared in the Channel NewsAsia's Talking Point last night. It was a LIVE show in which he shared his expertise and views on the security and technology issues arising from the recent ATM fraud.

Catch the repeat of "IS YOUR MONEY SAFE?" at these times:
Wed – 1pm (SIN/HKG), Thu – 6pm, Sat – 7am.


Security, ownership key factors in offering Wi-Fi

Wi-Fi services relatively cheap and easy to deploy, but security, legal implications and network that cater to needs more important to retailers when deciding to provide service, insiders say.

Samson Yeow, a lecturer at Singapore Polytechnic's (SP) School of Digital Media & Infocomm Technology, agreed, saying that it is reasonably easy to set up a Wi-Fi network within one's premises and the costs are "negligible". Instead, coverage, performance, and ownership are considerations shop owners would have to contend with, he noted.

For the full article, please click this URL link.

Thursday, January 12, 2012

Best IT SECURITY diploma course.

At SP, we provide you with the best IT SECURITY diploma course. See the reasons below:

1) State-of-the-art learning spaces (Cymecwatch Competency Centre).
2) Experienced, skilled and caring lecturers.
3) Current and relevant curriculum with holistic education.
4) Unleashed your potentials through wargaming.
5) Ready for work, life and world.
6) Improve your employability and market value.
7) Two qualifications await you: both academic and professional certifications.
8) Yes, DISM (54) is the right choice for you. The fast track to IT security career/education.

Most importantly, we have high cohort success rate for students who choose to proceed to study with local/overseas universities. If you need more information, come to SP Convention Centre and speak to our DISM course counsellers.

Hurry, tomorrow (13 Jan), Friday, is the last day of the Joint Academic Exercise (JAE).

See you then!

Wednesday, January 11, 2012

What so special about DISM

Frequuently, we are being asked this question, "What is so special about DISM"? Below are some answers to the question:

1) First to sign Memorandum-of-Understanding (MOU) with security vendor, e-Cop
-  to establish a Cyberwatch Competency Centre which leverages e-Cop solutions built on Microsoft platforms - the first of its kind in this region.

2) First to sign Memorandum-of-Cooperation (MOC) with EC-Council under Academia Programme
- one and only polytechnic to offer the Certified Ethical Hacker (CEH) course.
- one and only polytechnic to offer the Computer Hacking Forensic Investigor (CHFI) course.
- one and only polytechnic to offer the EC-Council Certified Security Analyst (ECSA) course.

3) First to sign Memorandum-of-Cooperation (MOC) with ThinkSECURE
- one and only polytechnic to offer the Organizational Systems Security Analyst (OSSA) course.
- one and only polytechnic to offer the Organizational Systems Wireless Auditor (OSWA) course.

4) First to partner with ThinkSECURE to organize a wireless hacking tourament in Singapore
- one and only polytechnic to work with ThinkSECURE to co-organize an event at the regional level which attracted many teams from the neighbouring countries.

5) First to have security diploma students to be accepted into the NUS Prep Programme
- In year 2011, we have 2 DISM students accepted to the programme.
- In year 2010, we have 3 DISM students accepted to the programme.
- In year 2009, we have 2 DISM students accepted to the programme.

6) First to setup VMWare Infrastructure in the DMIT Infocomm Security Lab
- we are the first educational institution in Singapore to implement VMware Lab Manager into our IT Security Labs to provide greater automation and control.

7) First to sign Memorandum-of-Cooperation (MOC) with D-Link International
- we are the first educational institution to work with D-Link to jointly set up a laboratory which will be used for research and development in the enterprise network security space.

8) First polytechnic to setup the honeeebox sensor (http://www.honeynet.org/)
- we are the first polytechnic to setup the honeebox sensor under the Singapore Honeynet Chapter.

9) First to sign Memorandum-of-Cooperation (MOC) with Symantec
- we are the first educational institution to work with Symantec to setup SP-Symantec Infocomm Security Lab in Nov 2007.

10) High number of Integrated Infocomm Scholars - IIS
- 2011/2012 batch, we have 8 IIS scholars.
- 2010/2011 batch, we have 6 IIS scholars.
- 2009/2010 batch, we have 3 IIS scholars.
- 2008/2009 batch, we have 2 IIS scholars.

11) High number of National Infocomm Scholars - NIS
- 2011/2012 batch, we have 2 NIS scholars.
- 2010/2011 batch, we have 1 NIS scholar.
- 2009/2010 batch, we have 2 NIS scholars.

...... and many more.......

Monday, January 9, 2012

Why Choose DISM (S54) course?

Being a Diploma in Infocomm Security Management (DISM) student gives you the competitive edge for a boost in both your future studies and career. We give you :
  • Learning Throught Wargaming
  • Head start in NUS even before you graduate
  • Get yourself recognised by the industry (Professional Security Certifications)
  • Comprehensive training in Infocomm security management
  • Exciting range of activities beyond the curriculum
  • Industry and Security Experience for Final Year Projects and Internship
  • Good Career Prospects
Learning Throught Wargaming
Test your skills against your peers in our newly designed Cyber Wargame Centre. Build up your defences, launch offensive attacks on your targets, and delve into the intriguing world of forensics investigation, all in the format of cyber wargame scenarios.

Head start in NUS even before you graduate
Students who meet NUS’ programme criteria can choose join the NUS-Poly Preparatory Programme. This programme gives you the special opportunity to take one NUS module each in your second and third year of study here in SP. Imagine the chance to be immersed in University classes and interact with undergraduates well before your peers! Upon successfully completion of the programme, you will be eligible to enroll into NUS’ Bachelor of Computing degree programme through special admission!!

Get yourself recognised by the industry (Professional Security Certifications)
You will have opportunities to embark on external industry recognised IT Security certification programmes like:
  • CompTIA Security+
  • EC Council Certified Ethical Hacking
  • EC Council Certified Hacking Forensics Investigation
  • EC Council Certified Security Analyst
  • ThinkSECURE Organizational Systems Security Analyst
  • ThinkSECURE Organizational Systems Wireless Auditor
  • Oracle Certified Professional, Java Programmer
  • Red Hat Certified Engineer
  • And more...
Additionally, DISM students who have performed exceptionally well in their first year of study are offered the opportunity to embark on the Diploma-Plus Programme to pursue additional certifications in the subsequent years.

Comprehensive training in Infocomm security management
The DISM curriculum offers a comprehensive coverage of Infocomm security management. You will acquire skills and knowledge to manage security threats with modules such as Network Security, Ethical Hacking, Applied Cryptography, Computer Forensics and Computer Law & Investigation. You will also learn the techniques used by hackers to penetrate computer systems and also those used by security professionals to defend against such attacks.

Exciting range of activities beyond the curriculum
We will give you a unique and rewarding DISM course experience by providing numerous opportunities for you to be exposed to real-world situations through experiential learning, such as the planning and organising of IT Security Awareness Day and School Cybersafety talks to promote greater awareness of IT security among the community, embarking on field trips to relevant organisations as well as overseas trips and security competitions to gain a first-hand experience and learning through the exchange of ideas and knowledge.

Industry and Security Experience for Final Year Projects and Internship
In your final year, you have the opportunity to consolidate the knowledge and polish the skills you acquired in DISM by working on your Final-Year Project (FYP) and undergoing a 12-week Internship Programme for reputable organizations.

Good Career Prospects
You can look forward to respectable and exciting careers such as IT Security Consultants, Forensics Investigators/Specialists, Security or System Administrators and IT Auditors. You will be in demand in various industries like IT security solution providers, auditing and consultancy firms, and also any organisation that requires IT security services.

Further Education
You will have ample opportunities to further your studies both locally and overseas with generous advanced standings. Besides the local universities, you can also embark on various undergraduate courses in Infocomm Security, Digital Systems Security, Computer Forensics and Security Management with reputable foreign universities in Australia, UK and the United States.

Monday, January 2, 2012

Bring a Friend to Hilltop

5th -7th January 2012

It's easy!
Just bring a secondary school friend ( O'level student ) to T19, Level 2 during those dates and walk away with 2GB BRACELET THUMBDRIVE!

What are you waiting for? Spread the word!

Photography: Nurzaki Kamsani
Music by: Mohamad Auzaie