Public Key Infrastructure (PKI) Explanation

Public Key Infrastructure (PKI) Explanation

Recently one of my colleagues asked me to about a good explanation of PKI. So i decided to collect him some materials from Cisco. I think following explanation of PKI is brilliant. Thanks to Cisco. PKI OVERVIEW A substantial challenge with both asymmetric encryption and digital certificates is the secure distribution of public keys. How do you know that you have the real public key of the other system and not the public key of an attacker who is trying…

Read More Read More

Qualys Vulnerability Scanner Mind Maps

Qualys Vulnerability Scanner Mind Maps

I fairly recently decided to create mind maps and to be honest I like them very much. Last year while preparing to Qualys Certification I created two of them and come across them today. For convenience I put them in PDF and in Mind Map format Mind map for Vulnerability Management Module: QualysVM_MindMap.pdf QualysVM_MindMap.mm Mind map for Web Application Scanner Module: QualysWAS_MindMap.pdf QualysWAS_MindMap.mm

Local Admin Password Solution (LAPS) STEP-BY-STEP

Local Admin Password Solution (LAPS) STEP-BY-STEP

Today we will deploy Microsoft LAPS solution to manage local administrator passwords in computers. Its an excellent tool that takes the burden of rotation of local administrator account password or to avoid cases when all workstation have the same password for local administrator account. First we need to download LAPS from the MS download center and install it on Management Computer (Domain Controller). LAPS is installed to “%ProgramFiles%\LAPS”. https://www.microsoft.com/en-us/download/details.aspx?id=46899 For “Managed computers” we can run the installer to install same…

Read More Read More

Active Directory Group Nesting

Active Directory Group Nesting

Group Scope There are four group scopes: Local Global Domain Local Universal The characteristics that define each scope fall into these categories: Replication. Where is the group defined, and to what systems is the group replicated? Membership. What types of security principals can the group contain as members? Can the group include security principals from trusted domains? Availability. Where can the group be used? Is the group available to add to another group? Is the group available to add to…

Read More Read More

SOC METRICS

SOC METRICS

Some typical SOC metrics to demonstrate the SOC value to the business decision makers may include: The mean TTD of the incident after its occurrence The mean time to contain the incident after its detection The mean time to mitigate the incident after its containment The number of incidents being detected, contained, and mitigated The percentage of the discovered incidents found using the plays in the SOC playbook The number of new plays added to the SOC playbook The number…

Read More Read More

Security Operations Center (SOC) ROLES

Security Operations Center (SOC) ROLES

The SOC manager should develop a workflow model and implement SOPs for incident-handling that guide the analysts through the triage and response procedures. Security analyst tiered responsibilities may include: Tier 1 Continuously monitors the alert queue Triages security alerts Monitors the health of the security sensors and endpoints Collects data and context necessary to initiate Tier 2 work Tier 2 Performs deep-dive incident analysis by correlating data from various sources Determines if a critical system or data set has been…

Read More Read More

Linux Process Creation

Linux Process Creation

New processes are created in Linux with a fork-and-exec mechanism. When a process makes a fork call, a new process with a new PID is created. The process that made the fork call is the parent process and the new process is the child process. The child process starts as a duplicate of the parent process, with some significant status changes. Both processes receive a value from the fork call. The parent process receives the PID of the child process…

Read More Read More

OpenSSL Generating Private and Public Key Pair

OpenSSL Generating Private and Public Key Pair

In this post I will create asymmetric encryption key pair and then demonstrate the encryption and decryption of sample test.txt file with Private and Public keys using OpenSSL in Linux 1. Generate 4096-bit RSA Private key and protect it with “secops1” pass phrase using 128-bit AES encryption and store it as private.pem file openssl genrsa -aes128 -passout pass:secops1 -out private.pem 4096 Encryption of private key with AES and a pass phrase provides an extra layer of protection for the key….

Read More Read More

Describing Security Event Analysis: Diamond Model for Intrusion Analysis

Describing Security Event Analysis: Diamond Model for Intrusion Analysis

Critical thinking skills are a core requirement for a security analyst. The security analyst must be able to link together logs, events, and other meta-data by identifying patterns across a massive amount of gathered data. The diamond model, developed by Caltagirone, Pendergast, and Betz is a method for helping the security analysts derive order from the chaos. The basic intent of the diamond model is to create a systematic way to analyze events in a repeatable way so that the…

Read More Read More