Browsed by
Author: Amal Mammadov

Access Control Models

Access Control Models

Access control includes control over access to the network resources, information system resources, and information. It is crucial for an organization to implement the proper access controls to protect the organization’s resources and information. A security analyst should understand the different basic models for implementing access controls in order to better understand how attackers can break the access controls. Mandatory Access Control Secures information by assigning sensitivity (security level) labels on information and comparing it to the level of sensitivity…

Read More Read More

Describing Security Event Analysis: Cyber Kill Chain

Describing Security Event Analysis: Cyber Kill Chain

The cyber kill chain is a model that describes the structure of an attack. One of an analyst’s key jobs is to understand exactly what the attackers did. The steps of the kill chain enhance visibility into an attack and enrich an analyst’s understanding of an adversary’s tactics, techniques, and procedures.   The following lists the seven stages of the cyber kill chain: Reconnaissance: Research, identification and selection of targets, often represented as crawling Internet websites such as conference proceedings and…

Read More Read More

IPS Evasion Techniques

IPS Evasion Techniques

Traffic Fragmentation One of the early network IPS evasion techniques used fragmentation of traffic to attempt to bypass the network IPS sensor. Fragmentation-based evasion refers to any evasion attempts where the attacker fragments the malicious traffic, hoping to avoid detection or filtering in the following ways: Bypassing the network IPS sensor if the IPS sensor does not perform any fragment reassembly Reordering the fragments, hoping the network IPS sensor does not correctly reorder the fragments Classic examples of fragmentation-based evasion…

Read More Read More

Describing Information Security Concepts: Risk

Describing Information Security Concepts: Risk

Risk is a function of the likelihood of a given threat source’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization. Managing risk is a complex, multifaceted activity that requires the involvement of the entire organization. The NIST Special Publication 800-39: Risk Management Guide for Information Technology Systems defines some common risk terminology that is appropriate for security analysts, as follows: Risk= Threats x Vulnerabilities x Impact A threat source is an intent…

Read More Read More

Dynamic ARP Inspection (DAI)

Dynamic ARP Inspection (DAI)

Dynamic ARP Inspection (DAI) has following characteristics – Enable DHCP shooping first – Create ARP ACL for static IPs – By default all ports are untrusted when feature is enabled – 15 PPS rate-limit for untrusted ports by default ip arp inspection vlan 13 interface GigabitEthernet1/0/33 ip arp inspection trust interface GigabitEthernet1/0/34 ip arp inspection limit 10 arp access-list TEST-ARP-ACL permit ip host 10.10.10.10 mac AAAA.BBBB.CCCC 0.0.0 ip arp inspection filter TEST-ARP-ACL vlan 13 errdisable recovery cause arp-inspection errdisable recovery…

Read More Read More

Configuring SMNPv3 in Cisco devices

Configuring SMNPv3 in Cisco devices

Cisco Router access-list 10 permit 172.16.20.12 access-list 10 permit 172.16.20.10 snmp-server engineID local 1234567890 snmp-server group Snmp3ReadGroup v3 priv access 10 snmp-server user Snmp3User Snmp3ReadGroup v3 auth sha Snmp3UserHash priv aes 128 Snmp3UserEnc Cisco ASA snmp-server group Snmp3ReadGroup v3 priv snmp-server user Snmp3User Snmp3ReadGroup v3 encrypted auth sha Snmp3UserHash priv aes 128 Snmp3UserEnc snmp-server host-group outside SNMP-SERVERS poll version 3 Snmp3User

Security Operations Center Data Analytics

Security Operations Center Data Analytics

Log mining is a type of log analysis that takes several forms, including the following: Sequencing: Reconstructing or following the network traffic flow. Path analysis: An interpretation of a chain of consecutive events that occur during a set period of time. Path analysis is a way to understand an attacker’s behavior in order to gain actionable insights into log data. Log clustering: Used to mine through large amounts of log data to build profiles and to identify anomalous behavior.  Raw…

Read More Read More

Source Guard

Source Guard

Cisco Switch IP Source Guard has following features – Allows DCHP traffic by default – Enable DHCP shooping first – Create ip source binding table for static IPs – No ARP Police on trusted port interface GigabitEthernet1/0/33 ip verify source port-security ip source binding AAAA.BBBB.CCCC vlan 13 10.10.10.10 interface GigabitEthernet1/0/33 show ip verify source show ip source binding

VLAN Acess-List (VACL) in Cisco Switch

VLAN Acess-List (VACL) in Cisco Switch

To create VLAN Access-Lists following steps are required a. create mac/ip ACLs based on requirements b. combine created ACLs under vlan access-map and indicate actions(drop/forward) c. do not forget to allow all other traffic by permit all ACL d. apply access-map to vlan by vlan filter command mac access-list extended TEST-MAC-VACL permit host 0000.1234.5678 any ip access-list extended PERMIT-VACL permit ip any any ip access-list extended TEST-VACL permit tcp host 10.0.0.1 any eq 345 permit udp host 10.0.0.1 any eq…

Read More Read More