Category: Uncategorized

Uncategorized

Definition of Cyber Threat Intelligence

info savvy

According to Oxford dictionary, a threat is defined as the possibility of a malicious attempt to damage or disrupt a computer network or system.” Threat is a potential occurrence of an undesired event t hat can eventually damage and interrupt the operational and functional activities of an organization. A threat can affect t he integrity and availability factors of an organization. The impact of threats is very high, and it can affect t he existence of the physical IT assets in an organization. The existence of threats may be accidental, intentional, or due to the impact of some other action.

T he threat intelligence, usually known as CTI, is defined as t he collection and analysis of information about threats and adversaries and drawing patterns t hat provide an ability to make knowledgeable decisions for the preparedness, prevent ion, and response actions against various cyber attacks. It is t he process of recognizing or discovering any “unknown threats” t hat an organization can face so t hat necessary defense mechanisms can be applied to avoid such occurrences. It involves collecting, researching, and analyzing trends and technical developments in t he field of cyber threats (i.e., cybercrime, hacktivism, espionage, etc.). Any knowledge about threats t hat result in the planning and decision- ma king in an organization to handle it is a threat Intelligence. T he main aim of t he CTI is to make the organization aware of t he existing or emerging threats and prepare them to develop a proactive cyber security posture in advance before these threats could exploit them. This process, where the unknown threats are converted into the possibly known ones, helps anticipating the attack before it could happen and ultimately results in better and secured system in the organization. Thus, threat Intelligence is useful in achieving secured data sharing and transactions among organizations globally.

Threat intelligence process can be used to identify t he risk factors t hat are responsible for malware attacks, SQL injections, we b application attacks, data leaks, phishing, denial-of-service attack, etc. Such risks, after being filtered out, can be put on a checklist and handled appropriately. Threat intelligence is beneficial for an organization 17to handle cyber threats with effective planning and execution along with thorough analysis of t he threat; it also strengthens the organization’s defense system, creates awareness about the impending risks, and aids in responding against such risks.

In cyber threat intelligence, analysis often hinges on the triad of actors, intent, and capability, with consideration given to their tactics, techniques, and procedures (TTPs), motivations, and access to the intended targets. By studying this triad it is often possible to make informed, forward-leaning strategic, operational, and tactical assessments.

Strategic intelligence assesses disparate bits of information to form integrated views. It informs decision and policy makers on broad or long-term issues and/or provides a timely warning of threats. Strategic cyber threat intelligence forms an overall picture of the intent and capabilities of malicious cyber threats, including the actors, tools, and TTPs, through the identification of trends, patterns, and emerging threats and risks, in order to inform decision and policy makers or to provide timely warnings.

Operational intelligence assesses specific, potential incidents related to events, investigations, and/or activities, and provides insights that can guide and support response operations. Operational or technical cyber threat intelligence provides highly specialized, technically-focused, intelligence to guide and support the response to specific incidents; such intelligence is often related to campaigns, malware, and/or tools, and may come in the form of forensic reports.

Tactical intelligence assesses real-time events, investigations, and/or activities, and provides day-to-day operational support. Tactical cyber threat intelligence provides support for day-to-day operations and events, such as the development of signatures and indicators of compromise (IOC). It often involves limited application of traditional intelligence analysis techniques.

Cyber threat intelligence has proved beneficial to every level of state, local, tribal, and territorial (SLTT) government entities from senior executives, such as Chief Information Security Officers (CISOs), police chiefs, and policy makers, to those in the field, such as information technology specialists and law enforcement officers. In addition, it provides value for other experts as well, such as security officers, accountants, and terrorism and criminal analysts. Properly applied cyber threat intelligence can provide greater insight into cyber threats, allowing for a faster, more targeted response as well as resource development and allocation. For instance, it can assist decision makers in determining acceptable business risks, developing controls and budgets, in making equipment and staffing decisions (strategic intelligence), provide insights that guide and support incident response and post-incident activities (operational/technical intelligence), and advance the use of indicators by validating, prioritizing, specifying the length of time an indicator is valid (tactical intelligence). Over the next several years the inclusion of cyber threat intelligence into SLTT government operations will become increasingly important, as all levels and employees are forced to respond to the cyber threat.

In cyber threat intelligence, analysis often hinges on the triad of actors, intent, and capability, considerately given to their ways, techniques, and procedures (TTPs), motivations, and access to the supposed targets. By finding out this triad it’s usually possible to create informed, forward-leaning strategic, operational, and plan of action assessments.

• Strategic intelligence assesses disparate bits of data to make integrated views. It informs decision and policy manufacturers on broad or long-run problems and/or provides a timely warning of threats. Strategic cyber threat intelligence forms an overall image of the intent and capabilities of malicious cyber threats, as well as the actors, tools, and TTPs, through the identification of trends, patterns, and rising threats and risks, in order to inform decision and policy manufacturers or to produce timely warnings.

• Operational intelligence assesses specific, potential incidents related to events, investigations, and/or activities, and provides insights which will guide and support response operations. Operational or technical cyber threat intelligence provides extremely specialised, technically-focused, intelligence to guide and support the response to specific incidents; such intelligence is usually related to campaigns, malware, and/or tools, and will come in the form of forensic reports.

• Tactical intelligence assesses real-time events, investigations, and/or activities, and provides day-to-day operational support. tactical cyber threat intelligence provides support for daily operations and events, like the development of signatures and indicators of compromise (IOC). It usually involves limited application of ancient intelligence analysis techniques.

Cyber threat intelligence has established beneficial to each level of state, local, tribal, and territorial (SLTT) government entities from senior executives, like Chief data Security Officers (CISOs), police chiefs, and policy manufacturers, to those within the field, like data technology specialists and law enforcement officers. additionally, it provides price for alternative consultants yet, like security officers, accountants, and terrorist act and criminal analysts. Properly applied cyber threat intelligence will offer larger insight into cyber threats, granting a quicker, additional targeted response yet as resource development and allocation. as an example, it will assist decision manufacturers in determining acceptable business risks, developing controls and budgets, in creating equipment and staffing choices (strategic intelligence), offer insights that guide and support incident response and post-incident activities (operational/technical intelligence), and advance the use of indicators by verifying, prioritizing, specifying the length of your time an indicator is valid (tactical intelligence). Over future many years the inclusion of cyber threat intelligence into SLTT government operations can become increasingly important, as all levels and employees are forced to respond to the cyber threat

Uncategorized

Types of Vulnerability Assessment

info savvy

Given below are the different types of vulnerability assessments:

Active Assessment:-
Active assessments are a type of vulnerability assessment that uses network scanners to scan the network to identify the hosts, services, and vulnerabilities present in that network. Active network scanners have the capability to reduce the intrusiveness of the checks they perform.

Passive Assessment:-
Passive assessments sniff the traffic present on the network to identify the active systems, network services, applications, and vulnerabilities. Passive assessments also provide a list of the users who are a recently using the network.

External Assessment:-
External assessment assesses the network from a hacker’s point of view to find out what exploits and vulnerabilities are accessible to the outside world. These types of assessments use external devices such as firewalls, routers, and servers. An external assessment estimates the threat of network security attacks external to the organization. it determines how secure the external network and firewall are.

The following are some of the possible steps in performing an external assessment:

  • Determine the set of rules for firewall and router configurations for the external network
  • Check whether external server devices and network devices are mapped identify open ports and related services on the external network
  • Examine patch levels on the server and external network devices Review detection systems such as IDS, firewalls, and application-layer protection systems
  • Get information on DNS zones
  • Scan the external network through a variety of proprietary tools available or the Internet
  • Examine web applications si.ch as e-commerce arc shopping cart software for vulnerability  

Internal Assessment:-

An internal assessment involves scrutinizing the internal network to find exploits and vulnerabilities.
The following are some of the possible steps in performing an internal assessment:

  • Specify the open ports aria related services on network devices, servers, and systems 
  •   Check for router configurations and tire wall rule sets 
  • List the internal vulnerabilities of the operating system and server   
  • Scan for Trojans that may be present in the internal environment 
  • Check the patch levels on the organization’s internal network devices, servers, and systems   
  • Check for the existence of malware, spyware, and virus activity and document them 
  • Evaluate the physical security 
  • Identify and review the remote management process and events 
  • Assess the file-sharing mechanisms if or example, NFS and SMB/CIFS shares) 0 Examine the antivirus implementation and events.

Host-based Assessment:-
Host-based assessments are a type of security check that involves carrying out a configuration-level check through the command line. These assessments check the security of a particular network or server. Host-based scanners assess systems to identify vulnerabilities such as incorrect registry and file permissions, as well as software configuration errors. Host-based assessment can use many commercial and open-source scanning tools.

Network Assessments:-
vulnerabilities such as missing patches, unnecessary services, weak authentication, and weak encryption. Network assessment professionals use firewall and network scanners such as Nessus. These scanners find open ports, recognize the services running on those parts, and find vulnerabilities associated with these services. These assessments help organizations determine how vulnerable systems are to Internet and Intranet attacks. and how an attacker can gain access to important information. 

A typical network assessment conducts the following tests on a network:

  • Checks the network topologies for inappropriate firewall configuration 
  • Examines the router filtering rules   
  • Identities inappropriately configured database servers 
  • Tests individual services and protocols such as HTTP, SNMP, and FTP 
  • Reviews HTML source code for unnecessary information 
  • Performs bounds checking on variables

Application Assessments:-
An application assessment focuses on transactional web applications, traditional client-server applications, and hybrid systems. It analyzes all elements of an application infrastructure, including deployment and communication within the client and server. This type of assessment tests the web server infrastructure for any misconfiguration, outdated content, and known vulnerabilities. Security professionals use both commercial and open-source tools to perform such, assessments.

Wireless Network Assessments:-
Wireless network assessment determines the vulnerabilities in an organization’s wireless networks. In the past, wireless networks used weak and defective data encryption mechanisms. Now, wireless network standards have evolved, but many networks still use the weak and outdated security mechanisms and are open for attack. Wireless network assessments try to attack wireless authentication mechanisms and get unauthorized access.
 This type of assessment tests wireless networks and identifies rogue wireless networks that may exist within an organization’s perimeter. These assessments audit client-specified sites with a wireless network. They sniff wireless network traffic and try to crack encryption keys. Auditors test other network access once they get access to the wireless network.

  • identify open ports and related services on the external network   
  • Examine patch levels on the server and external network devices   
  • Review detection systems such as IDS, firewalls, and application-layer protection systems   
  • Get information on DNS zones 
  • Scan the external network through a variety of proprietary tools available or the Internet 
  • Examine web applications si.ch as e-commerce arc shopping cart software for vulnerability 
Uncategorized

What is Penetration testing ?

info savvy

Penetration testing is a method of evaluating the security of an information system or network by simulating an attack to find out vulnerabilities that an attacker could exploit. Penetration test (or “pen-testing”) exposes the gaps in the security model of an organization and helps organizations reach a balance between technical prowess and business functionality from the perspective of potential security breaches. This can help in disaster recovery and business continuity planning. It simulates methods used by intruders to gain unauthorized access to an organization’s networked systems and then compromise them and involves using proprietary and open-source tools to conduct the test. Apart from automated techniques, penetration testing involves manual techniques for conducting targeted testing on specific systems to ensure that there are no security flaws that previously might have gone undetected. In the context of penetration testing, the tester is limited by resources; namely, time, skilled resources, and access to equipment as outlined in the penetration testing agreement.

Penetration testing involves an active analysis of system configurations, design weaknesses, network architecture, technical flaws, and vulnerabilities. A penetration test will not only point out vulnerabilities, but will also document how the weaknesses can be exploited. On completion of the penetration testing process, pen-testers deliver a comprehensive report with details of vulnerabilities discovered and suite of recommended countermeasures to the executive, management, and technical audiences.

A penetration tester is different from an attacker only by intent, lack of malice, and authorization. Incomplete and unprofessional penetration testing can result in a loss of services and disruption of business continuity. Therefore, employees or external experts must not conduct pen-tests without proper authorization.

The management of the client organization should provide clear written permission to perform penetration testing. This approval should include a clear scope, a description of what to test,and when the testing will take place. Because of the nature of pen-testing, a failure to contain this approval might result in committing a computer crime, despite one’s best intentions.
What Makes a Good Penetration Test?

The following activities will ensure a good penetration test:

  • Establishing the parameters for the penetration test, such as objectives, limitations, and justifications of the procedures
  • Hiring highly skilled and experienced professionals to perform the pen-test
  • Appointing a legal penetration tester, who follows the rules in the nondisclosure agreement
  • Choosing a suitable set of tests that balance costs and benefits
  • Following a methodology with proper planning and documentation
  • Documenting the results carefully and making them comprehensible to the client. The penetration tester must be available to answer any queries whenever there is a need.
  • Clearly stating findings and recommendations in the final report

Why Penetration Testing

Penetration testing is important to the organizations for the following reasons:

Identifying the threats facing an organization’s information assets

• Reducing an organization’s expenditure on IT security and enhancing Return on Security Investment (R051) by identifying and re mediating vulnerabilities or weaknesses

• Providing assurance with comprehensive assessment of organization’s security including policy, procedure, design, and implementation

• Gaining and maintaining certification to an industry regulation (B57799, HIPAA etc.)

• Adopting best practices in compliance to legal and industry regulations

• Testing and validating the efficacy of security protections and controls

• Changing or upgrading existing infrastructure of software, hardware, or network design

• Focusing on high-severity vulnerabilities and emphasize application-level security issues to development teams and management

• Providing a comprehensive approach of preparation steps that can be taken to prevent upcoming exploitation

• Evaluating the efficacy of network security devices such as firewalls, routers,. and web servers

Comparing Security Audit, Vulnerability Assessment, and Penetration Testing

Although many people use the term security audit, vulnerability assessment, and penetration testing interchangeably to mean security assessment, there are considerable differences, as discussed below.

Security Audit

A security audit just checks whether the organization is following a set of standard security policies and procedures. It is systematic method of technical assessment of an organization’s system that includes conducting manual interviews with staff, performing security scans, reviewing security of various access controls, and analyzing physical access to the organizational resources.

Vulnerability Assessment

A vulnerability assessment focuses on discovering the vulnerabilities in the information system but provides no indication if the vulnerabilities can be exploited or of the amount of damage that may result from the successful exploitation of the vulnerability.

Penetration Testing

Penetration testing is a methodological approach to security assessment that encompasses the security audit and vulnerability assessment and demonstrates if the vulnerabilities in system can be successfully exploited by attackers.

Uncategorized

What is Information Warfare?& there categories

info savvy

The term information warfare or InfoWae refers to the use of information and communication technologies (ICT) for competitive advantages over an opponent. Examples of information warfare weapons include viruses, worms, Trojan horses, logic bombs, trap doors, nano machines and microbes, electronic jamming, and penetration exploits and tools.
The use of data in warfare to realize operational objectives has forever been associate integral.

Arm of military warfare, be it within the kinds of covert intelligence or open domestic info. However, with the rise in speed and reach of data,any interesting conflict are instantly thrust into the consciousness of the international community, and subjected to scrutiny, debates, and opinions which is able to form the portrayal of the parties concerned within the conflict. Moreover, historically weaker adversaries will leverage on low-cost and without delay out there info technology like social media platforms and video hosting websites, to wield disproportionate influence over domestic and international lots to consistently undermine the legitimacy and morality of the military and additionally mobilize native populations to get up against the offensive military. Hence, fastidiously crafted multifarious info operations, as a vital part of associate degree overall military strategy, can become associate more and more important operational and strategic imperative for winning the battle of perceptions, securing operational battle-space, and achieving strategic finish in current conflicts.
Abstract
What makes warfare within the modern era a departure from the past is that info as warfare has become as necessary as information in warfare. data is not any longer simply a method to spice up the effectiveness of deadly technologies, however exposes the chance of non-lethal attacks which will incapacitate, defeat, deter or hale associate resister. the data age has conjointly expanded the domains of warfare – on the field, within the marketplace, and against the infrastructure of recent society – and its purveyors –individuals and personal teams additionally to national militarizes. however despite these variations, the logic of warfare remains identical – sequencing and coordination attacks to realize lower order technical or ‘cyber’ goals, that are a part of a broader campaign to realize higher order political, material and/or symbolic goals. Moreover, despite the leveling have an effect on of data technology, states and state-sponsored teams can retain sure benefits in waging warfare as a result of a capability for sustained attack still needs A level of organization, intelligence concerning the target, and property unlikely to be possessed by the lone individual.

Martin Libicki has divided information, warfare into the following categories;
Command and control warfare (C2 warfare): In the computer security industry, C2 warfare refers to the impact an attacker possesses over a compromised system or network that they control.
Intelligence-based warfare: Intelligence-based warfare is a sensor-based technology that directly corrupts technological systems. According to Libicki, “intelligence-based warfare” is a warfare that consists of the design, protection, and denial of systems that seek sufficient knowledge to dominate the battle space.
Electronic warfare: According to Libicki, electronic warfare uses radio electronic and cryptographic techniques to degrade communication. Radio electronic techniques attack the physical means of sending information, whereas cryptographic techniques use bits and bytes to disrupt the means of sending information.
Psychological warfare: Psychological warfare is the use of various techniques such as propaganda a -id terror to demoralize one’s adversary in an attempt to succeed in the battle.
Hacker warfare: According to Libicki, the purpose of this type of warfare can vary from shutdown of systems, data errors, theft of information, and theft of services, system monitoring, false messaging, and access to data. Hackers generally use viruses, logic bombs, Trojan horses, and sniffers to perform these attacks.
Economic warfare: According to Libicki, economic information warfare can affect the economy of a business or nation by blocking the flow of information. This could be especially devastating to organizations that do a lot of business in the digital world.
Cyber warfare: Libicki defines cyber warfare as the use of information systems against the virtual personas of individuals or groups. Jt is the broadest of all information warfare and includes information terrorism, semantic attacks (similar to Hacker warfare, but instead of harming a system, it takes the system over and the system will be perceived as operating correctly), and simulate-warfare (simulated war, for example, acquiring weapons for mere demonstration rather than actual use).
Each form of the information warfare, mentioned above, consists of both defensive and offensive strategies.
Defensive Information Warfare: Involves all strategies and actions to defend against attacks on ICT assets.
Offensive Information Warfare: Involves attacks against ICT assets of an opponent.

Uncategorized

What is Hacking? & Types of Hackers

info savvy

Hacking in the field of computer security refers to exploiting system vulnerabilities and compromising security controls to gain unauthorized or inappropriate access to system resources. It involves modifying system or application features to achieve a goal outside its creator’s original purpose. Hacking can be done to steal, pilfer, and redistribute intellectual property, thus leading to business loss.
Hacking on computer networks is generally done by means of scripts or other network programming. Network hacking techniques include creating viruses and worms, performing denial-of-service (DoS) attacks, establishing unauthorized remote access connections to a device using Trojans/backdoor, creating botnets, packet sniffing, phishing, and password cracking. The motive behind hacking could be to steal critical information and/or services, for thrill, intellectual challenge, curiosity, experiment, knowledge, financial gain, prestige, power, peer recognition, vengeance and vindictiveness, and so on.
A hacker is a personal WHO uses pc, networking or different skills to beat a technical downside. The term hacker may visit anyone with technical skills; however it usually refers to someone WHO uses his or her skills to realize unauthorized access to systems or networks so as to commit crimes. A hacker may, for instance, steal data to hurt people via fraud, injury or bring down systems and, often, hold those systems captive to gather ransom.
Types of hackers
To detail on the above-broached objectives of hacking, it’s necessary to understand what kinds of hackers are there within the cyber section therefore on differentiate between the roles and objectives.
The security community has informally used references to hat colour as some way differing kinds of hacker AR identified, sometimes divided into 3 types: white hat, black hat and grey hat.
• White hat hackers, additionally called ethical hackers, try to work within the public’s best interest, instead of to make turmoil. Many white hat hackers work doing penetration testing, hired to try to interrupt into the company’s networks to search out and report on security vulnerabilities. The protection companies then help their customers mitigate security problems before criminal hackers will exploit them.
• Black hat hackers intentionally gain unauthorized access to networks and systems with malicious intent, whether or not to steal information, unfold malware or benefit from ransom ware, vandalise or otherwise injury systems or for the other reason — as well as gaining infamy. Black hat hackers are criminals by definition because they violate laws against accessing systems while not authorization, however they’ll additionally interact in different criminal activity, together with fraud and distributed denial-of-service attacks.
• Gary hat hacker’s fall somewhere between white hat hackers and black hat hackers. Whereas their motives is also almost like those of white hat hackers, grey hats are a lot of possible than white hat hackers to access systems while not authorization; at identical time, they’re a lot of possible than black hat hackers to avoid doing unneeded injury to the systems they hack. Though they are not generally — or solely — actuated by cash, grey hat hackers could provide to fix vulnerabilities they need discovered through their own, unauthorized, activities instead of exploitation their information to use vulnerabilities for illegal profit.
Hackers of all kinds participate in forums to exchange hacking data and trade craft. There is variety of hacker forums wherever white hat hackers will discuss or raise questions about hacking. Different white hat forums provide technical guides with step wise directions on hacking.
Types of hacking
one of the most frequent threats of hacking is those faced by the websites. It’s very common to see a specific web site or on-line account being hacked open intentionally exploitation unauthorized access and its contents being modified or created public. The net sites of political or social organizations are the frequent targets by teams or people opposition them. It’s additionally not uncommon to check governmental or national data web site being hacked. A number of the well-known strategies in web site hacking are:
• Phishing
This implies replicating the initial web site so the unsuspecting user enters the data like account password, MasterCard details, that the hacker seizes and misuses. The banking websites are the frequent target for this.
• Virus
these are discharged by the hacker into the files of the web site once they enter into it. The aim is to corrupt the data or resources on the web site.
• UI redress
in this technique the hacker creates a fake user interface and once the user clicks with the intent of planning to a definite web site, they’re directed to a different website altogether.
• Cookie theft
Hackers accesses the website exploitation malicious codes and steal cookies that contain lead, login passwords etc.
• DNS spoofing
This primarily uses the cache information of a web site or domain that the user might need forgotten regarding. It then directs the info to a different malicious web site

Who is a Hacker? Types of Hackers
A hacker is a person, who breaks into a system or network without any authorization to destroy, steal sensitive data, or performs malicious attacks. Hacker is an intelligent individual with excellent computer skills, along with the ability to create and explore into the computer’s software and hardware. Usually a hacker would be a skilled engineer or programmer with enough knowledge to discover vulnerabilities in a target system. She/he is generally a subject expert and enjoys learning the details of various programming languages and computer systems.
For some hackers, hacking is a hobby to see how many computers or networks they can compromise. Their intention can be either to gain knowledge or to poke around to do illegal things. Some do hacking with malicious intent behind their escapades, like stealing business data, credit card information, social security numbers, email passwords, etc.
A Hacker is a one who finds and exploits the weakness in pc systems and/or networks to realize access. Hackers are sometimes skilled pc programmers with data of pc security.
Hackers are classified in step with the intent of their actions. The subsequent list classifies hackers consistent with their intent.
Ethical Hacker (White hat): A hacker WHO gains access to systems with a read to fix the identified weaknesses. They will additionally perform penetration Testing and vulnerability assessments.
Cracker (Black hat): A hacker who gains unauthorized access to pc systems for private gain. The intent is sometimes to steal company information, violate privacy rights, transfer funds from bank accounts etc.
Grey hat: A hacker who is in between moral and black hat hackers. He/she breaks into pc systems while not authority with a read to spot weaknesses and reveals them to the system owner.
Hacktivist: A hacker who use hacking to send social, religious, and political, etc. messages. This can be sometimes done by hijacking web sites and exploit the message on the hijacked website.
Phreaker: A hacker who identifies and exploits weaknesses in telephones rather than computers.
Script kiddies: A non-skilled one that gains access to pc systems using already created tools.