Computer Security Series - Part 2 - Basic Terminology

By Raaz -

                                    Security Series

Part 2

Part-1

Weakness: A Quality or feature that prevents something from being secure. A weakness encourages Attackers to use the specific app which has weakness as Attack surface.

Vulnerability: A weakness in a system, application or network that is subject to exploitation or misuse.

Exploit: A program that allows attackers to automatically break into a system.

Attack: An attempt to gain unauthorized access.

Mitigation: Steps taken to eliminate or diminish a threat or risk.

Exposure: A period of time during which a vulnerability can possibly be exploited.

Security Framework
    - Identify: Identify the risks or gaps in your environment and the people, process and tools you need.

    - Protect: protect your environment. You need to tune and see areas to protect continuously,

    - Detection: Detection is vital, check for alarms and alerts, the quicker you detect a potential exploit or a potential bad actor entering your network, the faster your response time is.

- Response: Response is critical, once you get an alarm, you need to respond to that immediately.

- Recover: Get your systems back online, review the lessons learned.

This is full life cycle Identify -> Protect -> Detection -> Response -> Recovery
                           
                        Security Teams
Red Team: Technical and penetration testers. actively trying to attack the network in an ethical way to see if they can find any vulnerabilities or weakness.

Blue Team: protecting environment daily like SOC ( security operations center). These analysts are reading alarms and triaging. Always looks for false positives. They are trying to see what is a real attack and whats not.

Purple Team: When read and blue team come together and simulate an attack and work together to improve the entire security posture.

Zero Day Exploit: A repeatable implementation of an attack unknown to the community or O-Day exploit. Nobody ever heard of it before, so don't know how to defend against it. Attackers can use ZDE to gain access to the system as nobody ever heard of it or know how to defend it.

Back Door: A Means of accessing your computer that bypasses computer security mechanism. Often developers will put backdoor into apps or products as a troubleshooting mechanism. They think no one will ever know its there. But attackers will hunt and search for them. They find where the backdoor is and publicize it across internet. Never build backdoor to your product.

Access control: A means of restricting access to files, referenced functions, URLs and data based on the identity of users and or groups to which they belong.

Authentication: The verification of the claimed identity of an application user. Its starts in HR process where we verify identity through background checks.

*In Order to recognize and mitigate an attack, you must understand the methods of attack*

Part-1

Comments

Post a Comment

Popular posts from this blog

grep: unknown device method

By Raaz -
Today while using grep command via rundeck I was through grep: unknown device method  error. And the reason is due to I am having ' - ' in my search pattern I was through this error. I mean search includes grep "-search.this" /path/to/file Then you may get error with grep. So remove ' - ' in pattern and repeat your search. grep "search.this" /path/to/file Hope that helps.
Read more

Uploading files to FTP/SFTP using CURL

By Raaz -
Hello, Today I am writing below article which can help you to upload files to SFTP/FTP by using CURL. Ok why we need that ? Let me tell explain!! How we login into SFTP/FTP ? [root@virt03 test]# sftp 192.168.56.110 Connecting to 192.168.56.110... root@192.168.56.110's password: sftp> ls anaconda-ks.cfg       nodes                 post-install          post-install.log sftp> exit and uploading files with put command. Its a lengthy way. So recently I have gone through few articles and with some R&D I have modified it as script and command-line argument support.So you can call the script with filename as argument.  So Lets do this!!! Command 1 : This is for uploading a single to SFTP/FTP by using CURL.  SFTP curl -k  -u virt03:virt03 -T file4  sftp://192.168.56.110/home/virt03/ Syntax :  curl -k  -u username:password -T filename sftp://IP_Addreess OR Hostname:/path/to/upload  FTP curl -k  -u virt03:virt03 -T f
Read more

How to find outgoing IP in Linux ?

By -
Here is a small snippet to find outgoing IP of your Linux box. 1. To find the outgoing internal IP only         # ip route get 8.8.8.8 | head -1 | gawk '{ print $7 }' 2. To find the outgoing internal IP along with interface.   # ip route get 8.8.8.8 | head -1 | gawk '{ print $5,$7 }' 3. In-case if your system is connected to Internet, to find the outgoing external IP   # curl ifconfig.me Note:   In case if your system having public IP assigned then there is no difference between outgoing internal IP and external IP (both are same).
Read more