Beginner’s guide: OSSIM Part 2

-
Image
Hope all of you are keeping well. Thank you all for the overwhelming support you people are giving me. So today we’ll deal with everything from basic OSSIM configuration to integrating different types of assets. Before we jump in to all of that I hope all of you are ready with installation. If not please visit my previous post, which is actually the first part. Beginner’s guide: OSSIM (Open Source Security Information Management) part 1 Make sure you have an active internet connection for your OSSIM. As you all know the Alienvault platform has five modules in it, which are the Asset discovery, vulnerability assessment, threat detection, behavioural monitoring and security intelligence. In simple words we add assets first, and then we’ll configure all those assets under each and every module of Alienvault respectively. If you're ready with everything mentioned in part 1, we can now move forward with the configurations. Here we’re just considering only OSSIM not USM.
11 comments

Foot printing and Reconnaissance

-


The very first phase of pentesting is Foot printing and reconnaissance. The idea is to develop a picture of our client before performing a test. Generally speaking foot printing and reconnaissance is only done for black box pentesting. But even if we are performing white or gray box testing, we’ll plot an idea about where to start and how to start the test. Specifically in white box testing, if we need some clarification with a few of the points given by the clients then, definitely we ask for them to clear it for us. In black box testing we identify whether any information is leaked to internet unknowingly by the client. Hence black box testing is the best way for security assessment, since it gives full picture about what information is disclosed. For a malicious hacker any information that is readily available on internet is useful to him. Before we jump into the technical we need to know a few basic terms used in information gathering. These terms helps to understand the concept and structure of foot printing.


Passive information gathering

Open source or passive information gathering is the simplest way to collect information about the target organization. It simply refers to the process of gathering information from the open sources or publicly available sources like newspapers, television, social networking sites, blogs, etc. This never requires no direct contact with the target organization, thus reducing the risk of alerting the target, that they have been watched. Using these, you can gather information such as network boundaries, IP address reachable via the Internet, operating systems, web server software used by the target network, TCP and UDP services in each system, access control mechanisms, system architecture, intrusion detection systems, and so on.

Active information gathering.

In the process of active information gathering, attackers focus will only be on the employees of the target organization. Attackers try to extract information from the employees by conducting social engineering, on-site visits, interviews, questionnaires, dumpster diving or even bribing disgruntled employees etc.

Anonymous foot printing

In simple words, it is the process of gathering information passively or actively without disclosing the identity to anyone.

Pseudonymous foot printing

Pseudonymous foot printing is a process of collecting information from the sources which have been published on the Internet or any other media, but not using the original authors name or directly linking to the author. The information may be published under a different name or the author may have a well-established pen name, or sometimes author may be a corporate or government official and may be prohibited from posting under his original name. Whatever the reason for hiding the author’s name, collecting information from such resources is technically called as pseudonymous foot printing.

Organizational or private foot printing

Private foot printing means collecting information from an organization's privately owned services like, web-based blog, calendar email services etc.

 Internet Foot printing

Internet foot printing is the process, of collecting information of the target's connections to the Internet.

New here ?, not a clue about the topic discussed, please have a look at one of my previous post.
 http://pentesterblogs.blogspot.in/2016/07/phases-of-hacking.html

Comments

  1. gautham27 March 2019 at 10:43

    Genearally footprinting is a part in reconnaissance process which uses for collecting possible information about any computer or system network. You can study briefly in . it security certifications training.

    ReplyDelete
  2. gautham19 November 2019 at 11:39

    you content is very helpful sql certification

    ReplyDelete

Post a Comment

Popular posts from this blog

Beginner’s guide: OSSIM (Open Source Security Information Management) part 1

-
Image
As we always do, we’ll start from the scratch, the very basics. OSSIM is most widely used open source SIM tool. The appliance is developed by the Alienvault. Other than OSSIM there are lots of open source SIM like LOGalyze, Kustodian, Prelude etc. But out of these SIM tools, OSSIM is my favorite. It is much user friendly and very stable with respect to performance and resilience. They also have a very good documentation center which gives step-by-step instructions and very good community forum to get help Before we start, if you haven’t seen my blog post on SOC please go through it first. http://pentesterblogs.blogspot.in/2017/05/beginners-guide-how-to-setup-soc.html
Read more

Beginner’s guide: OSSIM Part 2

-
Image
Hope all of you are keeping well. Thank you all for the overwhelming support you people are giving me. So today we’ll deal with everything from basic OSSIM configuration to integrating different types of assets. Before we jump in to all of that I hope all of you are ready with installation. If not please visit my previous post, which is actually the first part. Beginner’s guide: OSSIM (Open Source Security Information Management) part 1 Make sure you have an active internet connection for your OSSIM. As you all know the Alienvault platform has five modules in it, which are the Asset discovery, vulnerability assessment, threat detection, behavioural monitoring and security intelligence. In simple words we add assets first, and then we’ll configure all those assets under each and every module of Alienvault respectively. If you're ready with everything mentioned in part 1, we can now move forward with the configurations. Here we’re just considering only OSSIM not USM.
Read more

Beginner’s guide: How to setup a SOC (Security Operations Center)

-
Image
Lot of people asks me to put something about setting up a SOC. So from today onwards, I’ll be posting articles about, how to set up a SOC. Unlike my other tutorials, SOC is not a specific tool/device, which you can simply ‘fit and forget’. So you need lots of patience and hard work to build one. As usual I’ll posting set-by-step instructions from planning to setting up the SOC.   But before that we need to learn some basics. We need all of you networking, system administration and security skills for this. As a minimum requirement to start, you need to have the following skills Networking basics (Preferred CCNA) Basic system administration (Linux and windows) Security administration (Firewall / UTM management) In other words if know how to configure networking devices, knows how to install package in windows and Linux, and knows at least how to open close ports in firewall, then we’re good to go. I’ve tried my best to write the article from the very basics stuff.
Read more