Beginner’s guide: OSSIM Part 2

-
Image
Hope all of you are keeping well. Thank you all for the overwhelming support you people are giving me. So today we’ll deal with everything from basic OSSIM configuration to integrating different types of assets. Before we jump in to all of that I hope all of you are ready with installation. If not please visit my previous post, which is actually the first part. Beginner’s guide: OSSIM (Open Source Security Information Management) part 1 Make sure you have an active internet connection for your OSSIM. As you all know the Alienvault platform has five modules in it, which are the Asset discovery, vulnerability assessment, threat detection, behavioural monitoring and security intelligence. In simple words we add assets first, and then we’ll configure all those assets under each and every module of Alienvault respectively. If you're ready with everything mentioned in part 1, we can now move forward with the configurations. Here we’re just considering only OSSIM not USM.
11 comments

Basic info-sec Terminology

-

Info-sec Terminologies.

 For being a good pentester, you must know what exactly a word means, whenever you cross it.
So I'm adding few words and its description below. I've only added a few to start with, we'll learn more on the way.

  1. Hack Value.

    As the name says, it defines the value of the system of network in an enterprise.For an example, a database of username and password has much more value than a firewall 

  2. Adware 

    A program that simply injects advertisements in to your program.It tracks your browser activity and with respect to that it injects targeted advertisements in to your program

  3. Target of Evaluation 

    An IT system, network or identified components which requires a security evaluation.
    Which may an assessment test or a configuration review etc.

  4. Backdoor

    A backdoor or trap door is an hidden entry to a computer and network system, bypassing all its security measures. ex. creating a hidden user account in operating system with administrator privileges, with out the knowledge of the system admin 

  5. Exploit

    An exploit may a piece of software, method or path which defined in a way to breach a computer system / network 

  6. Malware

    A software designed to hijack, steal information from your system to its maker. It may include credit card information, IP address, saved passwords etc.

  7. Zero-day attack

    An exploit that attack a computer's vulnerability before the patch is being released. Once the patch has been released it falls no more under 0-day, but in exploit

  8. Payload

    Payload describes a set of action or triggers that must be done after a successful exploitation. It include destroying the entire system to sending back a remote shell

  9. Vulnerability

    Existence of a weakness in design or an implementation  error that can  lead to system compromise partially or completely

  10. Spyware

    A program that resides in your PC or Server and sends sensitive information to its original server (The  spyware creator), which can later be used for malicious purpose

Comments

Post a Comment

Popular posts from this blog

Beginner’s guide: OSSIM (Open Source Security Information Management) part 1

-
Image
As we always do, we’ll start from the scratch, the very basics. OSSIM is most widely used open source SIM tool. The appliance is developed by the Alienvault. Other than OSSIM there are lots of open source SIM like LOGalyze, Kustodian, Prelude etc. But out of these SIM tools, OSSIM is my favorite. It is much user friendly and very stable with respect to performance and resilience. They also have a very good documentation center which gives step-by-step instructions and very good community forum to get help Before we start, if you haven’t seen my blog post on SOC please go through it first. http://pentesterblogs.blogspot.in/2017/05/beginners-guide-how-to-setup-soc.html
Read more

Beginner’s guide: OSSIM Part 2

-
Image
Hope all of you are keeping well. Thank you all for the overwhelming support you people are giving me. So today we’ll deal with everything from basic OSSIM configuration to integrating different types of assets. Before we jump in to all of that I hope all of you are ready with installation. If not please visit my previous post, which is actually the first part. Beginner’s guide: OSSIM (Open Source Security Information Management) part 1 Make sure you have an active internet connection for your OSSIM. As you all know the Alienvault platform has five modules in it, which are the Asset discovery, vulnerability assessment, threat detection, behavioural monitoring and security intelligence. In simple words we add assets first, and then we’ll configure all those assets under each and every module of Alienvault respectively. If you're ready with everything mentioned in part 1, we can now move forward with the configurations. Here we’re just considering only OSSIM not USM.
Read more

Beginner’s guide: How to setup a SOC (Security Operations Center)

-
Image
Lot of people asks me to put something about setting up a SOC. So from today onwards, I’ll be posting articles about, how to set up a SOC. Unlike my other tutorials, SOC is not a specific tool/device, which you can simply ‘fit and forget’. So you need lots of patience and hard work to build one. As usual I’ll posting set-by-step instructions from planning to setting up the SOC.   But before that we need to learn some basics. We need all of you networking, system administration and security skills for this. As a minimum requirement to start, you need to have the following skills Networking basics (Preferred CCNA) Basic system administration (Linux and windows) Security administration (Firewall / UTM management) In other words if know how to configure networking devices, knows how to install package in windows and Linux, and knows at least how to open close ports in firewall, then we’re good to go. I’ve tried my best to write the article from the very basics stuff.
Read more