Main goal of penetration testing is to report identified vulnerabilities and to determine how severe the vulnerabilities are.
The five steps of penetration testing:
1. Discovery - Gather info about the system you are going to attempt to gain unauthorized access to.
2. Enumeration - Perform scans to find out ways you might be able to accomplish your penetration goals.
3. Vulnerability Mapping - Actually identify your found vulnerabilities and document them
4. Exploitation - Attempt to break into the system.
5. Report to Management - Show them what you found, if you gained unauthorized access, how sever it is, and what can be done to protect against all of these new found vulnerabilities.
Monday, December 1, 2014
Chapter 11: Security Operations - Email Security
I found a great article that describes how email works in pretty simple terms:
http://www.howtogeek.com/56002/htg-exp
Here are a few of the email attack methods hackers can use to obtain information:
Browsing- When an attacker is looking for important data but does not know what format it is in.
Sniffing - Also known as a network analyzer. When used in the wrong way, they can capture user names and passwords, but the good guy usually uses them to diagnose network problems.
Session Hijacking - Using a different IP address from their own in order to take over a session between two computers. They then spy on the connection to see if it is worthwhile to place themselves in the middle of communication between the two machines.
Loki- Utilizes ICMP to enable an attacker to to covertly communicate with another system.
Password Cracking - Using software to guess static passwords, and gain access to confidential information.
Backdoor- program that allows attackers to login, and then come back at a later date without having to supply the appropriate credentials to gain access again.
http://www.howtogeek.com/56002/htg-exp
Here are a few of the email attack methods hackers can use to obtain information:
Browsing- When an attacker is looking for important data but does not know what format it is in.
Sniffing - Also known as a network analyzer. When used in the wrong way, they can capture user names and passwords, but the good guy usually uses them to diagnose network problems.
Session Hijacking - Using a different IP address from their own in order to take over a session between two computers. They then spy on the connection to see if it is worthwhile to place themselves in the middle of communication between the two machines.
Loki- Utilizes ICMP to enable an attacker to to covertly communicate with another system.
Password Cracking - Using software to guess static passwords, and gain access to confidential information.
Backdoor- program that allows attackers to login, and then come back at a later date without having to supply the appropriate credentials to gain access again.
Chapter 11: Security Operations - Network and Resource Availability
Backup Technologies:
Disk Shadowing - Technology designed by Microsoft. A snapshot is taken of a disk image that can then return a drive to its previous state if need be.
Redundant Servers - Servers that possess the capability of taking over immediately if a primary server fails.
RAID - Redundant array of independent disks. The key here is redundancy. Data is stored across multiple drives but is only seen as one disk. The technique used here is known as striping.
MAID - Massive array of inactive disks. Saves on energy consumption. Drives that do not need to be in use remain powered down until they are called upon.
RAIT - Redundant array of independent tapes. Almost the same as RAID, bust uses tape drives instead of disks. An advantage of this is that it is lower cost.
Clustering - The grouping of servers that might be in a completely different places, but all of these servers can be managed as a single system.
Backups - Having a way to restore data when something bad happens. Examples include software corruption, hard drive failure, and natural disaster.
Disk Shadowing - Technology designed by Microsoft. A snapshot is taken of a disk image that can then return a drive to its previous state if need be.
Redundant Servers - Servers that possess the capability of taking over immediately if a primary server fails.
RAID - Redundant array of independent disks. The key here is redundancy. Data is stored across multiple drives but is only seen as one disk. The technique used here is known as striping.
MAID - Massive array of inactive disks. Saves on energy consumption. Drives that do not need to be in use remain powered down until they are called upon.
RAIT - Redundant array of independent tapes. Almost the same as RAID, bust uses tape drives instead of disks. An advantage of this is that it is lower cost.
Clustering - The grouping of servers that might be in a completely different places, but all of these servers can be managed as a single system.
Backups - Having a way to restore data when something bad happens. Examples include software corruption, hard drive failure, and natural disaster.
Thursday, November 27, 2014
Chapter 11: Security Operations - Media Controls
Media is defined as anything that contains company data. This could be electronic (disks, CDs, DVDs, thumb drives) or it could be information that is in traditional paper form. These items should be stored in a "library" and only authorized personnel should have access to them. The media should also be protected from environmental threats, such as fire or humidity. Data from these media devices should be erased properly, and unwanted devices should be disposed of in a protected manner to ensure that unauthorized people do not obtain them. When media is erased from a device, the device is said to be sanitized. The zeroization method of sanitation is when data is overwritten with new data, and there is no possible way that the old data can be recovered. Degauassing is another method of sanitization, in which the data is scrambled so that is cannot be read. There are 7 area that a media librarian is responsible for. Media should be marked. Media should be properly logged. The integrity of the media on a device should be verified. Librarians should control physical access to the media. Librarians should ensure environmental protection of the media. They should make sure that media data is transmitted securely and to the appropriate parties. Lastly, librarians should make sure that media is disposed of properly.
Chapter 11: Security Operations - Configuration Management
There are 6 steps to the change control process as stated in the study guide.
1. Request for a change to take place - Person requesting the change should construct the change idea and present it to the party responsible for approving and implementing changes.
2. Approval of the change - Benefits of the change should be presented to the approving party and also show the potential problems that the change could cause. The approving party might make the requestor go back and do more research or development of the change be approval takes place.
3. Documentation of the change - If a change gets approved, all the appropriate information about the change should be entered into a change log. As the change develops, updates should be made to the individual record in the change log.
4. Tested and presented - Testing is necessary to uncover any unforeseen negative affects of the change. In the step, if it is a big change, a change control committee might be brought in to weigh the positives and negatives of the change and get another opinion on the change before company wide implementation occurs.
5. Implementation - Once all of the previous steps have been satisfied, it is time to put the change into action. An implementation schedule and milestones should be set up in order to keep the implementation organized.
6. Report change to management - A final report should be submitted to management that gives a summary of the implementation and the status of the change that is now in production.
1. Request for a change to take place - Person requesting the change should construct the change idea and present it to the party responsible for approving and implementing changes.
2. Approval of the change - Benefits of the change should be presented to the approving party and also show the potential problems that the change could cause. The approving party might make the requestor go back and do more research or development of the change be approval takes place.
3. Documentation of the change - If a change gets approved, all the appropriate information about the change should be entered into a change log. As the change develops, updates should be made to the individual record in the change log.
4. Tested and presented - Testing is necessary to uncover any unforeseen negative affects of the change. In the step, if it is a big change, a change control committee might be brought in to weigh the positives and negatives of the change and get another opinion on the change before company wide implementation occurs.
5. Implementation - Once all of the previous steps have been satisfied, it is time to put the change into action. An implementation schedule and milestones should be set up in order to keep the implementation organized.
6. Report change to management - A final report should be submitted to management that gives a summary of the implementation and the status of the change that is now in production.
Chapter 11: Security Operations - Operational Responsibilites
Operations personnel within an organization are an extremely important asset to have. They are largely responsible for ensuring that a company's systems run as they are supposed to and that these systems are protected. In the event that a system crashes, there are three steps that the department should take in order to troubleshoot and resolve the issue as quickly as possible.
1. Safe mode - Also known as 'single-user mode', logging in this way prevents the system from running services for other users on that network. Also, when in this mode, only the local console is able to be gotten to. This makes troubleshooting more effective.
2. Resolve issue and get back lost files - After logged onto the system in safe mode, the administrator can go in and attempt to correct any damage that has been done. Afterwards, it is important to try and figure out why the system shut down improperly to begin with so that it does not happen again. Changes might have to be made to applications and databases as a result of the system crash.
3. Operation and file validation - If the investigation shows that corruption to files and operations had occurred, the administrator must make sure that they validate file contents to ensure that the system configuration is in its expected state.
1. Safe mode - Also known as 'single-user mode', logging in this way prevents the system from running services for other users on that network. Also, when in this mode, only the local console is able to be gotten to. This makes troubleshooting more effective.
2. Resolve issue and get back lost files - After logged onto the system in safe mode, the administrator can go in and attempt to correct any damage that has been done. Afterwards, it is important to try and figure out why the system shut down improperly to begin with so that it does not happen again. Changes might have to be made to applications and databases as a result of the system crash.
3. Operation and file validation - If the investigation shows that corruption to files and operations had occurred, the administrator must make sure that they validate file contents to ensure that the system configuration is in its expected state.
Tuesday, November 18, 2014
Chapter 11: Security Operations - Administrative Management Continued
Along with the separation of duties, there are a few other important administrative controls that are a good idea to implement within a company. The concept of job rotation refers to not only having one person that knows how to perform certain duties of a particular role. If you only have one person that has the knowledge of how to perform a key duty in your organization, and that person decides to leave the company or is unable to work, the company could be in a world of hurt. It also makes it easier to spot activities that are either criminal or go against company policy. A second important administrative control is what is known as least privilege. This means that an employee should only have access to resources they need to do their job and nothing more. For example, it wouldn't make sense to have an analyst with the ability to go into the database and alter data or tables. That is the sole responsibility of your database administrators. A third important administrative control is mandatory vacations, meaning that the employee is required to take vacation time after working continuously for a certain period of time. This is another key way in order to spot fraudulent activities and is also a great way to deploy job rotation. While the employee is on vacation, another employee will be brought in to fulfill the vacationing employee's duties. If an employee does not want to take vacation (who doesn't want to take vacation time, right?) it is usually a red flag that they are doing something that they know they are not supposed to.
Subscribe to:
Comments (Atom)