Sec+ preparation #5
Jonas Satkauskas
Intro
Let’s jump into next day of preparing for SEC+.
Before beginning I just want to give credit to Master OTW at Hackers-Arise. I really enjoy how he describes data of various topics. Real professional.
You can purchase Security+ SY0-701 boot camp here
Intro
- It is important to not wait too long after preparation.
Security Content Automation Protocol (SCAP)
We need to master these acronyms
Common Configuration Enumeration (CCE)
- Discussing system configuration issues
Common Platform Enumeration (CPE)
- Product names, versions
Common Vulnerabilities and Exposures (CVE)
This one is important
When we talk about vulnerabilities, this will go into place
Not everyone is patching the software
If vulnerability is exposed, does not mean everybody patches it
Common Vulnerability Scoring System (CVSS)
Approach for measuring.
Severity
Extensible Configuration Checklist Description Format (XCCDF)
- Language for reporting checklist results
Open Vulnerability and Assessment Language (OVAL)
- Low level testing procedures
Many of these things comes from NIST.
NIST is a place where it is good to search for new information. They have lots of info.
Lots of companies use NIST guidelines to secure systems.
False Positives
There are lots of false positives in vulnerability scanners and IDSes.
As a penetration tester we have to check which false positives are real. So we’re kind of practical analyst of vulnerability scanners results.
Reconciling Scan Results with Other Data Sources
Logs
Security information and event management (SIEM) systems.
Main tool is SPLUNK.
It gathers lots of logs and puts it in one database. Then you can search it.
CISCO purchased it.
Hotfixes (will be in exam)
Term used to say - a patch
Update that usually fixes a single issue
Basically it is a patch for a single issue - that is a hotfix.
A collection of Hotfixes is called Service Pack.
Service Packs (SP)
A collection of updates, fixes.
Delivered as a single installable package.
Contains a collection of patches.
Patches
Quick and Dirty piece of code to fix an issue.
Immediate solution that is provided to users.
All patches should be tester in the lab first.
Ensure you have a back out plan before applying. Patches usually break other stuff.
If you know when was the last time the system was rebooted, then you know when was the last time the system was patched. Patches requires system reboot. Useful info for hackers.
Patch Management
Process of using a patching strategy and plan.
You must validate that all systems are patched.
It is a time consuming process
- Large companies have dedicated team for this.
Weak Configurations
These are configurations that are often times leading to vulnerable systems.
Default settings
People install systems and leave default settings. For example passwords like admin and stuff like that.
This case is popular in IoT world.
Open service ports that are not necessary.
Open permissions that allow users access.
Insecure Protocols
Many of the older protocols used on networks are not secure. They are still used these days.
For example http and https.
Weak encryption
It is a crucial part to protect secure data.
When implementing encryption you have two important choices:
You have to choose algorithm
There are many algorithm.
Most secure is AES (Advanced Encryption Standard).
You have to choose encryption key
One of the places which provides encryption is VeraCrypt. You can find documentation on how this process happens.
To understand more about encryption it is smart to dive into Cryptography. Hackers-Arise has course about Cryptography.
Penetration testing
Testing methodology where professional simulate real-world attacks on an organization’s IT systems. Good guys that break inside the system. Then they report info to fix broken stuff.
It’s a synonym for term - Ethical Hacking
Will add more
.
.
.
.
Subscribe to my newsletter
Read articles from Jonas Satkauskas directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by