Beginner’s guide: OSSIM Part 2

-
Image
Hope all of you are keeping well. Thank you all for the overwhelming support you people are giving me. So today we’ll deal with everything from basic OSSIM configuration to integrating different types of assets. Before we jump in to all of that I hope all of you are ready with installation. If not please visit my previous post, which is actually the first part. Beginner’s guide: OSSIM (Open Source Security Information Management) part 1 Make sure you have an active internet connection for your OSSIM. As you all know the Alienvault platform has five modules in it, which are the Asset discovery, vulnerability assessment, threat detection, behavioural monitoring and security intelligence. In simple words we add assets first, and then we’ll configure all those assets under each and every module of Alienvault respectively. If you're ready with everything mentioned in part 1, we can now move forward with the configurations. Here we’re just considering only OSSIM not USM.
11 comments

Penetration testing

-

Penetration testing is just like hacking in an ethical way. We follow the same procedures, tools and tricks to mock a hacker’s attempt to take over an enterprise networks/systems. The one who execute penetration testing is known as a Pen-tester”. The pentester first do a vulnerability assessment, in which he list out known vulnerabilities in existing in network. With respect to vulnerabilities received he tries to exploit them, which is known as "Pentesting". He records the maximum level/depth he could reach. The pen tester then creates a detailed report about vulnerabilities and their impact on the network. These reports will have recommendation to fix these vulnerabilities or to mitigate them.


Classification of hacking




Hacking mainly classified in to two types. first one ethical and other unethical. Ethical hacking, or in other words pentesting, is done with proper concern from the client. The unethical hacking, which has only one sub category, generally known as  black hat hacking is completely illegal and those who practice these are declared as cyber criminal. If one or more people engage in illegal hacking, then they are called as cyber terrorist, and if they are doing it for a cause, then they are  called as hacktivist. 
On the other hand we have ethical hacking, which as name says is completely legal. They are mainly three categories first one is again black hat hacking second one grey hat hacking and last one white hat hacking. 

The Black hat hacking or Black box pentesting is a method of pentesting in which the pentester has zero knowledge about the client IT infrastructure and security posture, only top management people knows about it. The main idea is to find out how does the IT team respond to a particular cyber incident. 

The next category is Grey box or Grey hat testing, in which other than management people top level IT staff will also know about it. In this type of testing a limited information such as IP address, subnets etc. will be given. The idea is to demonstrate how do the IT staff perform in case of an insider attack with inside information. 

The White box or White hat testing,The third category is generally preferred by most of the companies. A pentester executing white box pentesting will have entire information about the IT assets like critical subnets, ip address etc. He can have detailed testing on all assets. He can cross check the information he got from pentesting with IT people, providing more accurate results and hence removing possible false positives, when compared to other testing methods white box testing has literally zero false positives This in turn gives detailed pentetration testing report.

Comments

Post a Comment

Popular posts from this blog

Beginner’s guide: OSSIM (Open Source Security Information Management) part 1

-
Image
As we always do, we’ll start from the scratch, the very basics. OSSIM is most widely used open source SIM tool. The appliance is developed by the Alienvault. Other than OSSIM there are lots of open source SIM like LOGalyze, Kustodian, Prelude etc. But out of these SIM tools, OSSIM is my favorite. It is much user friendly and very stable with respect to performance and resilience. They also have a very good documentation center which gives step-by-step instructions and very good community forum to get help Before we start, if you haven’t seen my blog post on SOC please go through it first. http://pentesterblogs.blogspot.in/2017/05/beginners-guide-how-to-setup-soc.html
Read more

Beginner’s guide: OSSIM Part 2

-
Image
Hope all of you are keeping well. Thank you all for the overwhelming support you people are giving me. So today we’ll deal with everything from basic OSSIM configuration to integrating different types of assets. Before we jump in to all of that I hope all of you are ready with installation. If not please visit my previous post, which is actually the first part. Beginner’s guide: OSSIM (Open Source Security Information Management) part 1 Make sure you have an active internet connection for your OSSIM. As you all know the Alienvault platform has five modules in it, which are the Asset discovery, vulnerability assessment, threat detection, behavioural monitoring and security intelligence. In simple words we add assets first, and then we’ll configure all those assets under each and every module of Alienvault respectively. If you're ready with everything mentioned in part 1, we can now move forward with the configurations. Here we’re just considering only OSSIM not USM.
Read more

Beginner’s guide: How to setup a SOC (Security Operations Center)

-
Image
Lot of people asks me to put something about setting up a SOC. So from today onwards, I’ll be posting articles about, how to set up a SOC. Unlike my other tutorials, SOC is not a specific tool/device, which you can simply ‘fit and forget’. So you need lots of patience and hard work to build one. As usual I’ll posting set-by-step instructions from planning to setting up the SOC.   But before that we need to learn some basics. We need all of you networking, system administration and security skills for this. As a minimum requirement to start, you need to have the following skills Networking basics (Preferred CCNA) Basic system administration (Linux and windows) Security administration (Firewall / UTM management) In other words if know how to configure networking devices, knows how to install package in windows and Linux, and knows at least how to open close ports in firewall, then we’re good to go. I’ve tried my best to write the article from the very basics stuff.
Read more