Infographics are a great way to provide your audience with information in a visual form. I feel that in this technological age readers are becoming more visual learners, and providing information through images can be the best way to deliver a message to your audience.
To further illustrate my point, I have included the following infographic on College Enrollment based on Race and Gender. The data provided relates to students ages 18-24 and the time frame runs from 2000-2017. This Infographic provides readers with a visual representation of bar graphs, images, and correlating textual information, about the trend in college enrollment among races and genders for a period of 17 years. It gives us an outlook as a society of the progress of higher education among race and gender.
*SOURCE: U.S. Department of Commerce, Census Bureau, Current Population Survey (CPS), October Supplement, 2000 and 2017. See Digest of Education Statistics 2018, table table 302.60.
~ Sean Dingle
Firewalls are an under-utilized line of defense. A presentation I watched from a member of the Microsoft team said that many people, and companies, either leave default host firewall rules or disable them altogether. The default firewall rules are block inbound except for established connections and allow outbound unless it matches an explicit block rule. By itself, this is a useful concept, but the inbound rules allow more than necessary for most people. They are designed to just work in most environments as soon as the computer is connected.
A better move is for people installing computers to spend some time focusing on what traffic should actually occur in their networks. If nobody needs SSH in, then disable it. I found that I could disable many inbound rules, I had no use for them. On a server, I also try to block outbound connections when possible. In competition environments, I set inbound and outbound to deny and then pull a list of allow rules from GitHub. These rules are configured down to the program or service. Firewall rules in Windows are such an important factor in stopping communication, data exfiltration, network exploration, and virus distribution. Building these rules also gives a much better understanding of the kinds of communication that is happening on a network. I am surprised that more people don’t utilize these rules.
I am a Computing Security student, so my future career should be in security. I’ve been in two security competitions so far, with a third coming up, and in all of them I have secured Windows. Within the first 5 minutes of having access to my server, I like to change passwords, disable extraneous accounts, and set up firewalls. The first two are easy, but setting up firewalls is a pain.
Windows firewalls are complex. This is a benefit, I can allow only specific applications to communicate, but it is also a bad thing because there is no quick way to set up these firewalls. Windows had a Security Compliance Manager, which I believe could make firewalls easier to implement, but they have retired it in June of 2017. It was also a massive program that I did not have time to use in the first 5 minutes of a competition.
What I need is a simple way to configure firewalls on a server that can be pulled from the cloud and run in a competition environment. This probably exists as a tool, but I have not (and will not) look for one until after trying to make one myself.
The way this process can be improved is if firewalls were configured based upon services installed and their required ports/protocols as services were installed. A tool that can do this would make the first part of competitions on a Windows device easier
~ Connor Shade