Aspects of Organizational Security
IT Security;
Physical Security;
Financial Security;
Legal Security;
IT Security
Consists of:
Application
... [Show More] security;
Computing security:
Data security:
Information security;
Network security;
Application Security [IT Security]
Applications should be secured to overcome security weaknesses, vulnerabilities, and threats. Any loopholes in Web-based and other custom applications serve as opportunities for attackers.
Computing Security [IT Security]
Computers should be secured from threats like viruses, Trojans, and intruders. organizations must have an effective security policy which involves security management, systems engineering, protection against insider threats, and general workplace policies, standards, guidelines, and procedures.
Data Security [IT Security]
important information about the organization. It is important to secure data to avoid any manipulation of data, data loss, or threats to data secrecy. Any change in the identity of data or any loss of data causes a huge amount of damage, financial loss, and loss of goodwill for the organization.
Information Security [IT Security]
Securing information protects information and information systems from illegal access, use, modification, or destruction. It ensures confidentiality, integrity, and availability of data.
Network Security [IT Security]
Networks are used to send important and private data from one system to another. Networks should be secured for safe transfer of data. Damage to the network makes the data transfer vulnerable and may crash the system.
Physical Security
Consists of:
Facilities security:
Human security:
Border security;
Biometric security;
Facilities Security [Physical Security]
Facilities and an organization's equipment should be properly and highly secured. Damage to facilities can cause physical harm such as a system crash or power failure.
Human Security [Physical Security]
The employees of an organization should be given security awareness training and be involved in the entire business security process in order to gain their trust and acceptance of the security policy. Ignoring human security concerns can cause employees to leave, leading to loss of business.
Financial Security
Consists of:
Security from frauds;
Phishing attacks;
Botnets;
Threats from cyber criminals;
Credit card fraud;
Security from fraud [Financial Security]
To function properly and negate losses, an organization must be financially secure from both internal and external threats. Security breaches may be caused by data manipulations, system vulnerabilities and threats, or data theft.
Legal Security
Consists of:
National security;
Public security;
Defamation;
Copyright information;
Sexual harassment;
National security [Legal Security]
National security is threatened if there are any governmental problems, improper management, economic slowdown, or other nationwide issues.
Public Security [Legal Security]
Public security is threatened if there are any internal riots, strikes, or clashes among the people of the country.
Forensic Readiness
involves an organization having specific incident response procedures in place, with designated trained personnel assigned to handle any investigation. It enables an organization to collect and preserve digital evidence in a quick and efficient manner with minimal investigation costs
First Responder:
Is responsible for protecting, integrating, and preserving the evidence obtained from the crime scene. The first responder must investigate the crime scene in a lawful matter so that any obtained evidence will be acceptable in a court of law
Computer Forensics or Forensic Computing:
Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law.
Computer Forensics [goals]
The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it
Forensic Investigator:
an Investigator who helps organizations and law enforcement agencies in investigating and prosecuting cyber crimes. He is responsible for the acquisition, identification, preservation, documentation and the creation of an image back-up [bit by bit] of the evidence without affecting or changing same
Forensic Science:
It's the application of physical sciences to law in search for truth in civil, criminal, and social behavioral matters for the purpose of ensuring injustice shall not be done to any member of society
Network Forensics:
Network Forensics is the capturing, recording, and analysis of network events in order to discover the source, path and Intrusion techniques of security attacks
Chain of Custody:
A method for documenting the history and possession of a sample from the time of collection, though analysis and data reporting, to its final disposition
Bit Stream copy:
A bit by bit copy of the original storage medium and or evidence
Ext3:
Ext3 or third extended file system, is a journaled file system that is commonly used by the Linux kernel. It is the default file system for many popular Linux distributions
Logical block addressing [LBA]:
used for specifying the location of blocks of data stored on computer storage devices such as hard disks. LBA is a particularly simple linear addressing scheme, blocks are located by an integer index, with the first block being LBA 0, the second LBA 1, and so on in a sequential matter
Cluster:
Is the smallest logical unit on a hard drive
Lost Cluster:
The operating system assigns a unique number to each cluster and then keeps track of files according to which clusters they use. Occasionally, the operating system marks a cluster as being used even though it is not assigned to any file. This is called a lost cluster
Bad Cluster:
Is a sector on a computer's disk drive or flash memory that is either inacessible or unwriteable due to permanent damage, such as physical damage to the disk surface or failed flash memory transistors
Event Logs:
Windows event log is a record of a computer's alerts and notifications. Microsoft defines an event as "any significant occurrence in the OS or in a program that requires users to be notified or an entry added to a log."
Tracking user logon activity via Audit Event ID's:
512 Start-up
513 Shutdown
528 Logon
531 Disabled Account
538 Logoff
Audit Policy Event ID's:
Event ID 4904: An attempt was made to register a security event source.
Event ID 4902: The Per-user audit policy table was created.
E-mail Protocols
POP3: Port 110;
SMTP: Port 25;
IMAP: Port 143
POP3:
A protocol for receiving e-mail by downloading it to your computer from a mailbox on the server of an Internet service provider
SMTP:
A protocol for sending e-mail messages between servers over the Internet use. The messages can then be retrieved with an e-mail client using either POP3 or IMAP. SMTP is also generally used to send messages from a mail client to a mail server.
Net Commands
Net Config;
Net file;
Net Use;
Net View;
Net Name;
Net start;
Net sessions;
Net Config:
Use the net config command to show information about the configuration of the Server or Workstation service
Net File:
Displays the names of all open shared files on a server and the number of file locks, if any, on each file
Net Use:
The net use command is used to display information about shared resources on the network that you're currently connected to, as well as open sessions on other systems
Net View:
Net view is used to show a list of computers and network devices on the network
Net Name:
Net name is used to add or delete a messaging alias at a computer
Net Start:
The net start command is used to start a network service or list running network services
Net Sessions:
The net session command is used to list or disconnect sessions between the computer and others on the network
Slack Space:
The unused space in a disk cluster. The DOS and Windows file systems use fixed-size clusters. Even if the actual data being stored requires less storage than the cluster size, an entire cluster is reserved for the file. The unused space is called the slack space
Swap Space:
used when the amount of physical memory [RAM] is full. If the system needs more memory resources and the RAM is full, inactive pages in memory are moved to the swap space, called pagefile.sys [Swap file where evidence from RAM can be located] and is located in the root of the C:\.
Buffer Overflow:
is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case of violation of memory safety. Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program operates. This may result in erratic program behavior, including memory access errors, incorrect results, a crash, or a breach of system security.
IP Spoofing:
Is the creation of Internet Protocol packets with a spoofed source IP address, with the purpose of concealing the identity of the sender or impersonating another person or computer system
Session Hijacking:
is the exploitation of a valid computer session, sometimes also called a session key, to gain unauthorized access to information or services in a computer system
Cross-Site Request Forgery [CSRF] Attack:
an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. Through social engineering an attacker may trick the users of a web application into executing actions of the attacker's choosing.
Cross-Site Scripting [XSS] Attack:
a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user
Directory Traversal Attack:
Aims to access restricted files and directories that are stored outside the web root folder. By browsing the application, the attacker looks for absolute links to files stored on the web server. It can be identified by several forward slashes such as ////////////////// [Show Less]