Non IT folks? Aim low. That is not a shot at the audience, just that they may not get the significance of everything you show, and they may not understand the ease or difficulty of the attacks. Simplify the message, and repeat it.
Ask what the one thing is you want them to take away, and a couple of points you would consider bonuses- and focus on those. If you can get the demo to work, great- but the demo gods are vengeful, have a backup plan and don't fumble around if it is clear the demo is going to fail- move on. Good luck, and good for stepping up to do the education, we all need to do more of it. Jack On Wed, Sep 8, 2010 at 4:59 PM, Craig Freyman <[email protected]>wrote: > I'm giving a security presentation to a room full of non IT folks in a few > weeks. The point I want to drive home is that simply having AV and a > Firewall doesn't make you bulletproof. There is a big gap between what the > bad guys can do and what modern security apps can stop or catch. I think one > way to help bridge this gap would be to raise user awareness and to get > users thinking about security issues. I believe most users think that with > AV/Firewall and not clicking on links, they're safe. > > I was planning on doing a live demo (crossing fingers) to make this point. > I will set up a rogue AP ("FreeWIFI Connect to ME!"), connect a client > machine and then demonstrate some MITM attacks. I'll also throw in some SET > to have some meterpreter fun. Password stealing, key logging, sound > recording etc... I know I cant get too technical and if I do, I'll loose the > group. I think this demo would get their attention but was wondering if > anyone has done this before and if so, what did you do? > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- ______________________________________ Jack Daniel, Reluctant CISSP http://twitter.com/jack_daniel http://www.linkedin.com/in/jackadaniel http://blog.uncommonsensesecurity.com
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
