Beginner’s guide: OSSIM Part 2

-
Image
Hope all of you are keeping well. Thank you all for the overwhelming support you people are giving me. So today we’ll deal with everything from basic OSSIM configuration to integrating different types of assets. Before we jump in to all of that I hope all of you are ready with installation. If not please visit my previous post, which is actually the first part. Beginner’s guide: OSSIM (Open Source Security Information Management) part 1 Make sure you have an active internet connection for your OSSIM. As you all know the Alienvault platform has five modules in it, which are the Asset discovery, vulnerability assessment, threat detection, behavioural monitoring and security intelligence. In simple words we add assets first, and then we’ll configure all those assets under each and every module of Alienvault respectively. If you're ready with everything mentioned in part 1, we can now move forward with the configurations. Here we’re just considering only OSSIM not USM.
11 comments

Scanning and Enumeration

-


Scanning Assets

After the initial reconnaissance, a pentester identifies the target system, as discussed before the pentester concentrates on getting a mode of entry into the target system. The scanning phase can not be limited to intrusion alone. It can be extended form of reconnaissance where the pentester learns more about target, like what operating system is being used, what services  are being run on the systems, and any configuration lapses if any of it can be identified. The pentester can then strategize his/her attack, factoring in these aspects.

Footprinting is the first phase of pentesting, in which the pentester gains information about the target, passively or actively. Footprinting alone is not enough for pentesting because it will only give the pentester an overview or primary information about the target. The pentester can use this primary information in the next phase to gather even more in-depth details about the target. This process of gathering in-depth details, about the target using a highly sophisticated, complex and aggressive method of reconnaissance techniques is called scanning. The idea is to discover any types of exploitable vectors, to list out as many systems as possible for pentesting. In the scanning phase, pentester find various ways of intruding into the target system. Pentester will have information, such as what all operating system is running, what all services are enabled, and if there is any configuration lapses in the target system

Types of Scanning

  • Port scanning - Open ports and services
  • Network scanning - IP addresses
  • Vulnerability scanning - Presence of known weaknesses

Larger the amount of information  we have about a target organization, better chances for finding  the weakness and loopholes of that particular organization, and eventually gaining unauthorized access to their network. The pentester observes, analyzes and records the target’s network or systems from a different perspective, by performing different types of reconnaissance tests. How to perform scanning and what type of information to be achieved during the scanning process entirely depends on the pentester’s views and decision, which will be with respect to scope or sometimes client’s requirements. The main objectives for performing scanning phase is:
  • Discovering live hosts, IP address, and open ports of live hosts running on the network.
  • Discovering operating systems and system architecture of the targeted system
  • Identifying the vulnerabilities and threats
  • Detecting the associated network service of each port

Comments

Post a Comment

Popular posts from this blog

Beginner’s guide: OSSIM (Open Source Security Information Management) part 1

-
Image
As we always do, we’ll start from the scratch, the very basics. OSSIM is most widely used open source SIM tool. The appliance is developed by the Alienvault. Other than OSSIM there are lots of open source SIM like LOGalyze, Kustodian, Prelude etc. But out of these SIM tools, OSSIM is my favorite. It is much user friendly and very stable with respect to performance and resilience. They also have a very good documentation center which gives step-by-step instructions and very good community forum to get help Before we start, if you haven’t seen my blog post on SOC please go through it first. http://pentesterblogs.blogspot.in/2017/05/beginners-guide-how-to-setup-soc.html
Read more

Beginner’s guide: OSSIM Part 2

-
Image
Hope all of you are keeping well. Thank you all for the overwhelming support you people are giving me. So today we’ll deal with everything from basic OSSIM configuration to integrating different types of assets. Before we jump in to all of that I hope all of you are ready with installation. If not please visit my previous post, which is actually the first part. Beginner’s guide: OSSIM (Open Source Security Information Management) part 1 Make sure you have an active internet connection for your OSSIM. As you all know the Alienvault platform has five modules in it, which are the Asset discovery, vulnerability assessment, threat detection, behavioural monitoring and security intelligence. In simple words we add assets first, and then we’ll configure all those assets under each and every module of Alienvault respectively. If you're ready with everything mentioned in part 1, we can now move forward with the configurations. Here we’re just considering only OSSIM not USM.
Read more

Beginner’s guide: How to setup a SOC (Security Operations Center)

-
Image
Lot of people asks me to put something about setting up a SOC. So from today onwards, I’ll be posting articles about, how to set up a SOC. Unlike my other tutorials, SOC is not a specific tool/device, which you can simply ‘fit and forget’. So you need lots of patience and hard work to build one. As usual I’ll posting set-by-step instructions from planning to setting up the SOC.   But before that we need to learn some basics. We need all of you networking, system administration and security skills for this. As a minimum requirement to start, you need to have the following skills Networking basics (Preferred CCNA) Basic system administration (Linux and windows) Security administration (Firewall / UTM management) In other words if know how to configure networking devices, knows how to install package in windows and Linux, and knows at least how to open close ports in firewall, then we’re good to go. I’ve tried my best to write the article from the very basics stuff.
Read more