SSH or Plaintext Protocol

SSH or Secure Shell was designed as a replacement for insecure protocols such as Telnet, FTP, and the r-commands. SSH provides secure network terminal access and file transfer, which means when someone “SSH’es to a box”, she connects to a system securely.

In addition to session encryption ( which provides confidentiality and integrity), SSH may also leverage certificate-based authentication. This way, you can authenticate with a password, a certificate, or both. Symmetric session keys used to establish confidentiality and integrity are unique for each session.

SSH may also be used as a VPN to tunnel other protocols such as http. SSH operates on TCP port 22. The most popular version of SSH is OpenSSH. SSHv1 is vulnerable to a man-in-the-middle attack, therefore SSHv2 is recommended.

Password Cracking

unsplash-image-3wPJxh-piRw.jpg

There are a few known methods for password cracking which seem to be so simple but yet so effective.

1. Dictionary attack.

This is the easiest attack that can be performed. You might think who in their right mind would use a simple word as a password. But believe it or not, there are so many passwords that are and can be cracked this way.

Dictionaries are used in a cracking program to determine passwords. What a short dictionary attack does is trying hundeds or thousands of words that are frequently chosen as passwords against several systems.

2. Hybrid attack.

Hybrid attack starts with a dictionary attack and performs a brute force attack of 2-3 characters at the end. For each of the words in the dictionary, there are about 125 variants that will be attempted. So, adding special characters to the end of the password does not guarantee it won’t be cracked.

3. Brute force attack.

All passwords are crackable, it is just a matter of time. A brute force attack will try every possible combination of letters and characters that can form a password. Such a process can be very long and it might take days or weeks before you get positive results.

4. Rainbow tables.

Computers use one-way hashing algorithms to encrypt passwords for storage. A one-way hash is mathematically easy to compute in one direction (for encryption), but nearly impossible to compute the other way. This is important because someone who recovers a password file can’t use the hashed values to reverse the one-way encryption function and recover the original passwords.

Rainbow table acts as a datatbase that contains the pre-computed hashed output for most possible passwords. If you  wish to crack a password, it is simply a matter of querying the database. This usually takes seconds versus hours or days with some of the other tools.

Encapsulation

Computers must be able to communicate with each other over the network. For that, we need a wide range of protocols for hardware, software, and communications media. To stay organized and efficient, these protocols are organized in the protocol stack. The stack is comprised of layers on top of each other.

Osi-model.png

Each layer works directly with the layer above and below it; and each layer works on the packet in different ways. As packets are passed from one layer to the next, each layer examines or modifies the packet in some way. The use of protocol stacks in network communications makes the task of implementing protocols much easier.

So, encapsulation occurs when the packet works its way down the protocol stack. Each layer encapsulates (adds) information around the packet it received from the layer immediately above it and sent to the layer below.

,

What Are Vulnerabilities?

,

Being part of an information security field means that you always have to be aware of known and newly discovered vulnerabilities, especially if they pertain to the technologies you work with. Vulnerabilities are weaknesses or bugs which become security problems of any application or operating system that can be used to the advantage of a hacker.

Once vulnerability is discovered, bad guys will try to exploit it and infect your system. The time between the exploit is in the wild and availability of a patch (an update for the system) is known as Zero Day vulnerability. The name says it all; it is a vulnerability that doesn’t have a fix yet.

To discover existing vulnerabilities on your system, you can run a vulnerability scan (external or authenticated). There are many different software available, both proprietary and freeware. Some well known tools are Qualys, Nessus, Metasploit. If you are hosted in public cloud (GCP, Azure, AWS), you can use cloud native services.

Common Vulnerabilities and Exposures (CVE) are:

  • Backdoors

  • Denial-of-service attack

  • Buffer overflow

  • Direct-access attacks

  • Eavesdropping

  • Spoofing

  • Tampering

  • Privilege escalation

  • Phishing

  • Clickjacking = UI redress attack

  • Social engineering and Trojans

There are more vulnerability types out there and hackers become more and more creative. It is paramount to the security posture of your organization to stay current and apply security patches as soon as they become available.

,

Cyber Security Posture Defined

,
unsplash-image-kh9XApwKtm0.jpg

Like in any industry, cyber security and cybercrime is constantly evolving. So, to stay up-to-date, you’ll need to take the time and effort to remain familiar with upcoming trends and lingo.

One such term to the cyber-lexicon is the concept of “cyber security posture.”

What is Cyber Security posture?

Cyber security posture, or security posture, refers to the overall strength of an organization’s policies, safeguards, and effectiveness towards mitigating cyber-attacks. This “posture” focuses on the relative security of an organization’s IT assets, particularly in reference to the Internet and any weaknesses to outside threats.

For organizations that rely on the internet for their business, cybersecurity posture is especially important.

Let’s take a closer look.

Organizations that use hardware, software, digital technologies (e.g. cloud computing and other online services) are vulnerable to current and emerging risks and threats. The policies, procedures, and safeguards to prevent these risks are referred to as cyber security, however, it’s the holistic approach developed to mitigate the likelihood of cyber-related incidents that establishes a cyber security posture. This includes not only the state of an organization’s IT infrastructure, but also any practices, processes, and human behaviours.

Essentially, a strong cyber security posture embodies the complex relationship between people, processes and technology that make up the overall structure of an organization.

To better understand the cyber security posture at your organization, consider the following questions:

  1. What are biggest security concerns (i.e. loss of company’s IP) and weaknesses (i.e. password management) of your organization?

  2. What resources, strategies, and/or measures are already established to mitigate security risks (i.e. malware, un-managed admin credentials) and which ones still require implementation?

  3. Are your policies, procedures, and controls/safeguards up-to-date and capable of preventing security incidents against current and emerging threats?

  4. Do you have security tools that can measure, analyze, and monitor your organization’s cyber security level of exposure?

  5. Are your staff, employees, and senior management educated on your organization’s cyber security policies, procedures, and controls/safeguards?

Without a clear understanding of your current posture, potential threats, risks, weaknesses and strengths, the result can be unwanted issues, wasted security expenses, misalignment of security initiatives and company objectives, and a culture that jeopardizes the overall integrity of your organization.

If you’re not sure what your organization’s cyber security posture is, but want to take a proactive stance to develop, harden, or improve it, here’s what you can do:

  1. Evaluate your organization’s current position on cyber security and determine where you need to go, and what you need to do in order to get there.

  2. Understand gaps in your cyber security;

  3. Invest in appropriate and effective measures to protect confidentiality, integrity, and availability of your critical assets;

  4. Establish an action plan which all levels of your organization can follow to strengthen your cyber security defence;

Ultimately, cyber security posture isn’t just a term you should know, but something you should actively do. Establishing a strong cyber security posture should be the top-most important goal at your organization.

Remember, cyber security is everyone’s job. The success of your organization’s security will be dependent on the compliance of policies, procedures, and controls at every level.

First Day in Cyber Security as a Generalist

If it is your first gig in the cyber security field as a generalist, you will most probably focus on a myriad of tasks related to enterprise-wide security. Most companies are under staffed within security departments and have to cover everything from end-point, your regular employee’s computer protection (malware), security awareness to incident response (various attacks) and network security. Normally companies have a 100:10:1 ratio where 100 is a number of developers, 10 - operations staff, and 1 - cyber security. 

It’s quite common for a generalist to be overloaded and lost with tasks especially if you have to respond to SIEM and IDS alerts. This comes down to a lack of proper processes, playbooks, tuning of use cases that generate alerts, business impact analysis for task prioritization, master inventory of assets, and also support and cooperation of other teams in the organization. All of these are common issues security generalists face and at times it would feel as-if constantly going against the current but at the same time, these road blocks present opportunities for learning, streamlining processes and building relationships with cross-functional teams. This is your chance to shine!

I believe effective information security is a combination of having technical expertise and equally important effectively educating others, cooperation of whom you need for a successful program. You as a security generalist is responsible for not only understanding and leveraging security tools but also educating the rest of the company on why security matters and how they can play their part protecting your company, clients and partners’ data.

It is fun to play with security tools such as IDS/IPS (McAfee, Cisco ASA, etc.),  vulnerability scanners (Qualys, nextpose, Nessus, etc), Sysinternal tools (Process Explorer, AutoRuns, PsTools, etc.), SIEM (ArcSight, ELK, Splunk) and other. But it’s incredibly important to the success of your organization’s security posture to have these tools well-configured and automated where possible.

Being a generalist allows you have a solid foundation and grasp of a security posture of your organization. Take in as much as possible, keep learning, share your knowledge with others, educate and show that cyber security can be an enabler rather than limitation to your organization. 

What Are Digital Signatures?

You may come across a requirement to digitally sign an email or a notion of digital signatures. But what does that mean? Does it mean the email is encrypted and only recipient can read it? Not at all.

Digital signatures provide so-called non-repudiation, which is the combination of two goals of a cryptosystem: Authentication and Integrity. This method proves that a document was signed by the owner (Authentication) and the message has not been altered (Integrity). The signature is usually attached to the original document.

Digital signatures use both asymmetric encryption and a hash algorithm (e.g. RSA and SHA-1). Asymmetric encryption means that there are two keys: one is private and the other one is public. The message encrypted with a private key may be decrypted with the public key and the other way around.

CREATE DIGITAL SIGNATURE

  1. Sender generates a message digest by applying hash algorithm to the message. → Text + Hash = Message Digest

  2. Message digest is encrypted with the private key of the signer. This creates a digital signature. → Message Digest + Private Key = Digital Signature

  3. Sender attaches the digital signature to the document.

VERIFY DIGITAL SIGNATURE

  1. Receiver runs a hash algorithm against the text/message (since it is sent in plaintext) to generate the message digest. → Text + Hash = Message Digest

  2. Receiver decrypts the digital signature with the public key to reveal the message digest. → Digital Signature + Public Key = Message Digest

  3. Compare two message digests. If they match, it is non-repudiation. If the message digests do not match, either the sender is bogus or the integrity has been violated or both. → Message Digest = Message Digest

Digital signatures do not provide confidentiality or secrecy because the text is still sent in plaintext. If confidentiality is vital, another form of encryption must be applied to achieve this goal.