create database mydatabase;
create user mydbuser@'localhost' identified by 'mypassword';
grant all privileges on mydatabase.* to mydbuser@'localhost';
flush privileges;
show databases;
Day 2: Small Business Online Shop - Home Operation
Environment
One Workstation - Window PC - Home Computer
Wordpress Site Hosted on Godaddy
Sell handmade blankets
What security measures need to be in place?
What security practices need to be taught?
How could you as a Cybersecurity Professional be of most help?
Sophos Central Review
Endpoint Protection
Threat Protection
Peripheral Control
Application Control
Data Loss Prevention
Web Control
Update Management
Windows Firewall
Server Protection
Threat Protection
Peripheral Control
Application ControlWeb Control
Lockdown
Data Loss Prevention
Update Management
Windows Firewall
File Integrity Monitoring
Linux Runtime Detection
Encryption
Device Encryption
Monitor and Reporting
Let’s see how it all works…
What’s our environment?
Windows Workstation
Deploy Windows Workstation
Install Sophos Client
Web Server - Wordpress
Deploy Debian Server
Install Apache2
Install PHP
Install Mysql
Install Wordpress
Setup DNS and Let’s Surf!
Let’s set up an SSH key from the windows workstation to the Web Server for “Easier” management.
Let’s see what we can find wrong with this setup?
Download Wireshark on the Windows Desktop
Connect and login to Wordpress
Can you see the credentials that you sent in plain text?
How did you find it?
What is a better solution
SSL
Separation of Web and DB Server
Are SSH keys necessary?
What are some possible scenarios that we might encounter - discussion