Network Penetration Methods Empoloyed

involved the handling of the risk analysis of the CRM infrastructure for the site. Complex issues were raised for the handling of IMAP between the email store at the data centre and the application hosted at the data centre. A good knowledge of application and platform vulnerabilities was applied here within the design team, which became distributed across many parts of the company.

NT Buffer Overflow Attacks and Countermeasures

In January 2001 I was mandated to research into these and liase with the various company security authorities. This included central company Group Security. Included in the consideration of this matter was the use of the Securewave SecureStack product seen at the Infosec 2001 exhibition. It became clear from public announcements that nasty things were happening in the criminal underworld where several organized hacker groups from Eastern Europe, specifically Russia and the Ukraine, that had penetrated U.S. e-commerce computer systems by exploiting vulnerabilities the unpatched Microsoft Windows NT operating systems. (See http://www.sans.org/newlook/alerts/NTE-bank.htm ) However it was decided to take an "industry standard" approach and leave the solution of this problem to patching with Microsoft approved code rather than opt, effectively, for a non Microsoft tcpip stack. Also this product offered to high a performance load in Windows 200 to be viable. And then the "Code Red" worm started its way around the world in July 2001 exploiting this vulnerability in conjunction with the indexing service.

Citrix Metaframe Training

This included The following aspects :-

Installing Citrix MetaFrame and Citrix ICA Clients in a variety of network environments

Configuring seamless desktop integration for ICA Clients

Implementing advanced ICA Client features such as Citrix ReadyConnect, Automatic Client Update, TAPI Emulation and SecureICA

Using the Citrix Program Neighborhood Client to connect to applications on local