linux essentials

λ ls -al /
  ./        # root directory
  bin/      # essential user command binaries
  boot/     # static files of the boot loader
  dev/      # device files
  etc/      # system configuration
  home/     # user home directory
  lib/      # essential shared libraries and kernel modules.
  media/    # mount point for removable media
  mnt/      # mount point for temporarily mounted filesystems
  opt/      # add-on application software packages.
  sbin/     # system binaries
  tmp/      # temporary files
  usr/      # applications for regular users
  var/      # variable files

Important files:

Permissions:

| Permission | Binary | Decimal |
=============================
| R | W | X | - | - | - | - |
| - | - | - | 0 | 0 | 0 | 0 |
| - | - | X | 0 | 0 | 1 | 1 |
| - | W | - | 0 | 1 | 0 | 2 |
| - | W | X | 0 | 1 | 1 | 3 |
| R | - | - | 1 | 0 | 0 | 4 |
| R | - | X | 1 | 0 | 1 | 5 |
| R | W | - | 1 | 1 | 0 | 6 |
| R | W | X | 1 | 1 | 1 | 7 |
=============================

Basic Commands:

network essentials

A computer network is two or more computers that are connected together in some manner so they can exchagne information. A subnet is a section or partition of a computer network.

TCP/IP: has 4 layers.

  1. application layer (bgp, dns, ftp, http, imap, ldap, ntp, pop, rip, rpc, sip, smtp, snmp, ssh, telnet, tls/ssl)
  2. transort layer (tcp, udp)
  3. internet layer (ip, icmp, arp, rarp, ipsec)
  4. network access layer. (ethernet, ppp, adsl, isdn, fddi)

TCP Features:

Three way handshake:

  1. Computer A Sends SYN to Computer B.
  2. Computer B Sends SYN, ACK to Computer A.
  3. Computer A Send ACK to Computer B.

UDP (User Datagram Protocol)

IP Address

Basic Commands

security essentials

InfoSec: Protecting physical and intellectual assets. CIA: Confidentiality, Integrity, Availability.

IT System: System whose purpose involves information. OT System: System that detects or cause a change through the direct monitoring and/or control of physical devices, processes and events

Top Threats:

Social Engineering

security tools and processes

Firewall: controls the incoming and outgoing network traffic by analyzing the data packets.

NextGen Firewall

Goes beyon tradition firewall functions by adding security capabilities threat mitigation technologies such as anit-malware and intrustion prevention systems.

IDS/IPS

IPS: in-line, active. IDS: out of band, passive. False positive: identifies something as an attack, but it’s normal traffic. False negative: it fails to interpret something as an attack when it should have.

Anomoly based IDS: determines normal network activity and alert the admin when traffic is detected which is abnormal. Signature based IDS: monitors packets in the network and compares with preconfigured signatures.

Vulnerability Management System

Anti-Malware * used to prevent, detect and remove malware from the computer. * installed on individual hosts, on key systems such as e-mail servers and web gateways. * signature based and reactive.

Next gen of threat protection. * dynamic defense to stop targeted, zero-day attacks. * realtime protection to block data exfiltration attempts. * global intelligence on advanced threats to protect the local network.

SIEM (security information and event management)

mapping with nmap

NMAP: network exploration tool and security / port scanner.

States recognized by NMAP

Port scanning: * -sS: TCP SYN. Stealth scan, full tcp connection is established. * -sT: TCP Full: Full connect. Most detectable. * -sU: UDP: UDP scanning. * -sP: Ping: perform ping sweep. * -P0: don’t ping. perform scan even if target not responding to ping. * -p0-65535: TCP scan. call all ports.

Enumeration

This phase usually reveals program names, version numbers other detailed information that will be used to determine the vulns on the system.

Risk Management

Risk: A combination of the liklihood that a threat will exploit a vulnerability on an asset, and the resulting impact that the successful exploit will cause to the organization.

Risk = Likelihood x Severity (impact)

Threat and Risk Assessment (TRA)

  1. initiation
  2. asset valuation
  3. threat assessment
  4. risk assessment
  5. reporting

Initiation: TRA process must be supported by PMO (Project Management Office) and fully integrated into the project management charter.

Asset Valuation: Determine what we are building, what the value will be and what we need to protect. CIA triad.

Threat Assessment Determine what the realistic threats to a system may be and what their business impact would be if they were to come to realization.

Risk Rating = Likelihood vs Severity

============================================
| catastrophic (5) | 5 | 10 | 15 | 20 | 25 |
| significant (4)  | 4 | 8  | 12 | 16 | 20 |
| moderate (3)     | 3 | 6  | 9  | 12 | 15 |
| low (2)          | 2 | 4  | 6  | 8  | 10 |
| negligible (1)   | 1 | 2  | 3  | 4  | 5  |
============================================
1: improbable
2: remote
3: occasional
4: probable
5: frequent

Risk Assessment

How do we eliminate the risks?

we don’t. develop controls, mitigations, or workarounds to set risk to an acceptable level.

Factor Analysis of Information Risk (FAIR)

Kinds of losses:

  1. productivity
  2. response
  3. replacement
  4. fines and judgments
  5. competitive advantage
  6. reputation

value/liability

  1. criticality
  2. cost
  3. sensitivity

Annualized Loss Expectancy

ARO: Annual Rate of Occurrence SLE: Single Loss Expectancy ALE: Annual Loss Expectancy

ALE = ARO x SLE

Quantitative vs Qualitative Risk

Quantitative Risk: When a specific number can be attributed to risk. Qualitative Risk: When risk is referenced by a generalized category (low, medium, high).

Reporting

The last step of a risk assessment is to report on what was found, what was mitigated, and present residual risk to a person at an appropriate level of authority.

This person is not the project manager, it is likely not your boss, and it is likely not a developer. It is a person that has the signing authority and poer to correct or accept issues that they consider too high risk for the organization.

Vulnerability Management

Process Vulnerabilities

Vulns can exist in both processes and technology. Process vulns exist within official or unofficial procedures, or by a lack of procedures, within an organization.

Technology Vulnerabilities

Vulns that exist within technology itself. These vulns may exist within third party applications, operating systems or custom built applications.

Some of the most proliferate and dangerous vulns are in third party software.

Vulnerability Management Life Cycle

  1. Discover
  2. Prioritize Assets
  3. Assess
  4. Report
  5. Remediate
  6. Verify
  7. goto 1

Discovery

Used to enumerate what the system consists. This step may consist of a review of design documents or it may consist of a cursory scan of the environment.

Prioritize Assets

Determine what exactly it is that we would like to scan. What do we see as high risk to systems and how can we test how those risks manifest.

Assess

Test for vulnerabilities.

Report

Results of the assessment phase are typically extremely verbose. Nessus and other scanning tools can provide large reports.

Remediate

Identified risks must be remediated or addressed. Remediation efforts include:

Verify

Following remediation, mitigated risks and their vulns should be tested for effectiveness through a verification stage.

Vulnerability Management Systems

Penetration testing linux.

Exploitation

The process of gaining control over a system.

PenTesting

Symantec report:

Top 10 vulns found unpatched on scanned web servers.

  1. SSL/TLS Poodle Vulnerability
  2. Cross Site Scripting
  3. SSL v2 support detected
  4. SSL Weak Cypher Suites supported.
  5. Invalid SSL certificate chain.
  6. Missing secure attribute in an SSL cookie.
  7. SSL and TLS protocol renogotiation vulnerability
  8. PHP (strrchr()’ function information disclosure vulnerability.
  9. http TRACE XSS attack
  10. OpenSSL ‘bn_weexpend()’ Error Handling Unspecified Vulnerability

SOX: Sarbanes oxley

CSOX: Canadian SOX

PIPA: Alberta Privacy Legislation

PIPEDA: Federal privacy legislation.

PCI: Payment Card Industry

comments powered by Disqus