Thursday, December 25, 2014

Security Algorithms for CISSP

Symmetric and Asymmetric algorithms to remember for CISSP:

Symmetric:

Data encryption Standard (DES)
Triple DES (3DES)
Blowfish
IDEA
RC4
RC5
RC6
Advanced Encryption Standard (AES)

Asymmetric:

Rivest, Shamir and Adleman (RSA)
Elliptic Curve Cryptosystem (ECC)
Diffie-Hellman
ElGamal
Digital Signature Algorithm (DSA)
Knapsack




Tuesday, December 16, 2014

Security Models CISSP

Points to review for CISSP exam, I took some notes from the Eleventh Hours (Eric Conrad), please read that book, this is just some points to remember, no explanation:

Bell-LaPadula Model


Focus: Maintain confidentiality of objects.

Mean: Not allowing users at a lower security levels to access objects in a different level or superior level.

Facts:

  • Simple Security Property: no read up
  • Security Property: no write down
  • Strong Tranquility Property: security level will not change while the system is operating.
  • Weak Tranquility Property: security labels will not change in a  away that conflicts with define security properties

Lattice-based access controls


For every relationship between subjects and objects they set defined upper and lower access limit inside the system.

This depend of the need of the subjects, the label of the object and the role the subject has been assigned

Biba Model



The militaries focus in confidentiality for that reason Bell-LaPadula works fine, for business integrity is VERY important, Biba address this.

Facts:

  • Simple Integrity Axiom: no read down. This protects integrity by preventing bad information from moving up from lower integrity levels
  • * Integrity Axiom: no write up: This protect integrity by preventing bad information from moving up to higher levels.

 

Clark-Wilson


This is a real world integrity model that protects integrity by requiring subjects to access objects via programs.

Clark-Wilson use two primary concepts:

  1. Well formed transaction
  2. Separation of duties
This model implement Integrity-monitoring rules and integrity-preserving rules.

Also use the Access Tripe rule

Chinese Wall Model (Brewer-Nash)


This is designed to avoid conflicts of interest:

Source: http://www.amazon.com/Eleventh-Hour-CISSP-Study-Guide/dp/1597495662

Do you want to learn more about security and how to test your network security, please go to: http://www.thehost1.com/

Monday, December 15, 2014

Windows updates failing to search updates

You will find very often from many forums to check services, firewall, etc, etc. Normally this always works for me:

From command prompt stop the services (just copy it):

net stop wuauserv
net stop Cryptsvc


Delete the following folders

C:\windows\SoftwareDistribution

C:\Windows\System32\catroot2

Start the services with command prompt:

net start wuauserv
net start Cryptsvc


Restart the machine and then check for updates.

 Do you want to learn more about security and how to test your network security, please go to: http://www.thehost1.com/


Virtual Machine losing connection Hyper-v 2012 with HP servers

Some virtual machines lose connection with the physical network or the virtual switch lose connection with the physical network, after you unplug the cable and plug it backup the virtual machine reconnect o after you reboot the host server

It happen to me with ProLiant DL360 Gen9 and ProLiant DL385p Gen8

After a lot of testing and research the only way at this moment is to run a command in power shell to sidable VMQ:

Get-NetAdapterVmq | Disable-NetAdapterVmq

This problem I got it with and without full updates., also I updated the HP driver for the network interface and still getting the problem

Tuesday, December 9, 2014

Type of Access control (CISSP)

Six access control:

  • Preventive
  • Detective
  • Corrective
  • Recovery
  • Deterrent
  • Compensating
The Access control can fit in the following categories:

  • Administrative
  • Technical
  • Physical

Preventing: The name is saying, prevent to something happen. For example some companies make some background checks, with this they can find out if a person is getting some economics or law problems and avoid hire somebody for a risky position.

For example, if somebody is getting economic problems and it is managing money or secrets, this person could get some money or sell some secrets, the background check will prevent to hire a person for this position.

Detective control: This detect something when is happening or after happen, like the intrusion detection system in a network.

Corrective: Correct some situations, like the antivirus detect a virus and try to clean the file or quarantine it.

Recovery: This control recovery after an incident, for example after a hard drive fail, or user delete some data, or a virus damage data, all this situations require to restore from backups, install OS, reconfigure, etc, etc to restore the functionality of the system or availability of the data.

Deterrent: This deter a user to do something, for example when you see signs like "Smile you are on camera" or "beware of dog" or "security on duty" etc. The user/attacker/person avoid to do something because he/she doesn't want to be catch or get problem in that situation.

Compensating: This compensate or complement the weakness in one area to full fill the missing part or make it stronger.

Saturday, December 6, 2014

Introduction to Ethical Hacking

When the engineers begin to create networks, protocols, computers, etc, etc, they never thought that they need to set any kind of security to protect the network or computer itself.

Now this is  becoming the norm. we need to protect our network or better say we need to protect the  human life and the information, specially the private information, something that only belong to one person or group.

Now lets go to the meat:

What is an ethical hacker?
Ethical hacker is a professional with different IT skills and background with security in mind who is very knowledge with hacking tools and techniques, in other words WHAT YOU ARE TRYING TO BECOME.

What is the objective of the Ethical Hacker?
The main goal is using the same tools and techniques that other hackers use to attack a network or an application or a system to find the weakness in those computer systems and give recommendation how to protect it.

Also the ethical hacker try to:
  • See the system in the same way of what any attacker see it.
  • Also see if the attacker can get any benefit of the information that try to access.
  • Also he try to understand what the organization try to protect.
  • What kind of attacker can try to attack that network like competition, disgruntled employee, etc.
  • What resources the company is willing to expend to protect the information or computer system.

Types of Hackers:
  • White Hats: This are the ethical ones who make sure the information is protected
  • Black Hats: This are the unethical, the bad guys who try to brake a computer system and get any benefit of it.
  • Cyber Terrorist: This hackers has different motivations like political and others, try to create chaos and terror.
  • Spy hackers: This could be any hacker who try to brake and company or big corporation and try to steal trade secret, market and information that the competition can use to gain profit or take advantage of the other companies or market.
  • State Sponsored Hackers: This are governments with militaries objectives that try to infiltrate other countries to get knowledge of their military, tactics and capacity
  • Hacktivists: Some hackers activist are motivated by religion, politics or other means to expose something that they considered wrong.
 Do you want to learn more about security and how to test your network security, please go to: http://www.thehost1.com/

Friday, December 5, 2014

NMAP switch to avoid IPS or IDS detection

I was running a scan to a server behind a Watchguard firewall and then I got banned, the firewall blacklisted my public IP address, this killed me because I manage the firewall and when I begin to troubleshooting what happened I was not able to reach the firewall itself or VPN is.

Now if you do:

C:\Users\Raul>nmap -T2 192.168.1.20

Starting Nmap 6.40 ( http://nmap.org ) at 2014-12-05 17:22 Central Standard Time

Nmap scan report for 192.168.1.20

Host is up (0.086s latency).

Not shown: 996 filtered ports
PORT     STATE SERVICE
80/tcp   open  http
443/tcp  open  https
993/tcp  open  imaps
3389/tcp open  ms-wbt-server

Nmap done: 1 IP address (1 host up) scanned in 927.56 seconds

C:\Users\Raul>

Did you notice the time, it took 927 seconds, mean 15 minutes, Yes, to avoid the to be detected you need to move slowly and slowly, one packet at the time so the IPS will time out and ignore the packet.

You could run nmap  192.168.1.20 without the T2 switch and would be faster if there is NOT any IPS/IDS, if there is one you lost the connection and you would need to wait until the IPS remove your IP address from the black listed list.

So to make sure you do not lose time and get good result in your pentest scope, you need to be snick, LOL

Takes time to sharp your skill, just keep practicing and you will get it.

Do you want to learn more about security and how to test your network security, please go to: http://www.thehost1.com/