Install and configure network components, both hardware and software-based, to support organizational security. Firewall / UTM NIDS / NIPS VPN Concentrator Firewalls Isolate one network from another A network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules… Continue reading Network Technologies and Tools
Category: Security+
Network Components
Install and configure network components,both hardware and software-based, to support organizational security Router Switch Bridge Proxy Load Balancer Firewall NIDS / NIPS VPN Concentrator Wireless Access Points SIEM DLP NAC SSL / TLS accelerators Mail / Media Gateway Hardware Security Models Router Connects computer networks Operate at Layer 3 (Network Layer) Stores information about network… Continue reading Network Components
What is a Network?
A network is a way to get ”stuff” between 2 or more “things” Goal: Basic understanding of common modern networking technology and terminology Examples: Analog: ’Snail’ Mail, phone system, conversations, railroad system, highways and roads. Digital: Routers & switches, clients & servers Applications: Email/Messaging, Database, Web Protocol Concepts Protocols are sets of rules. What do… Continue reading What is a Network?
Cyber Technologies and Tools
A Cyber Security Professional must posses following skills to master the field. Each skills can be acquired over the time with proper working experience and training. Firm motive, integrity in attitude, trustworthy actions, highly patient and continual learning are stream line the cyber career. Install and configure network components, both hardware and software-based, to support… Continue reading Cyber Technologies and Tools
Vulnerability Scanning Concept
Process Passively test security controls – Does not exploit a vulnerability. Identify vulnerability / System Flaw / Un-patched Code Identify lack of security controls Identify common mis-configurations by reviewing policies, rule set and system settings. Types Intrusive vs. non-intrusive: See passive vs. active reconnaissance Intrusive: Directly engaging on the target system to identify weaknesses that… Continue reading Vulnerability Scanning Concept
Penetration Testing Concepts
Will discuss Penetration Testing vs Vulnerability Scanning vs Risk Assessment Active reconnaissance Passive reconnaissance Pivot Initial exploitation Persistence Escalation of privilege Black box White box Gray box Penetration Testing A penetration test, or a pen test, is an authorized, simulated attack on a computer system, performed to evaluate the security of the system by actively… Continue reading Penetration Testing Concepts
Types of Threat Actors
Explain threat actor type and attributes. Types of actors Script kiddies Hacktivist Organized crime Nation states/APT Insiders Competitors Attributes of actors Internal/external Level of sophistication Resources/funding Intent/motivation And will see hot use Use of Open-Source Intelligence Threat/Threat Actor A potential occurrence that can result in an undesirable outcome. A person or thing likely to cause… Continue reading Types of Threat Actors
Network and Wireless Attacks
Click-jacking: tricking a web user into clicking a spoofed button or graphic. Session hijacking (Cookie hijacking): exploiting a valid computer session, or session key, to gain unauthorized access to information or services. URL hijacking / Typo squatting: the act of registering domains that are similar to those for a known entity but based on a… Continue reading Network and Wireless Attacks
Threats, Attacks and Vulnerabilities
Application Attacks Buffer overflow Injection Cross-site scripting (XSS) Cross-site request forgery (CSRF or XSRF) Privilege escalation Search “OWASP top ten” for risks related to applications. Buffer Overflow Attacks When more data are written to a buffer than it can hold An anomaly where a program, while writing data to a buffer, overruns the buffer’s boundary… Continue reading Threats, Attacks and Vulnerabilities
Social Engineering
Definition: The process by which intruders gain access to facilities, network, systems, data and even employees by exploiting the generally trusting nature of people. The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. Reference: Chris Hadnagy, The Art of Human Hacking (Wiley, 2010) Social… Continue reading Social Engineering