Beginner’s guide: OSSIM Part 2

Image
Hope all of you are keeping well. Thank you all for the overwhelming support you people are giving me. So today we’ll deal with everything from basic OSSIM configuration to integrating different types of assets. Before we jump in to all of that I hope all of you are ready with installation. If not please visit my previous post, which is actually the first part. Beginner’s guide: OSSIM (Open Source Security Information Management) part 1 Make sure you have an active internet connection for your OSSIM. As you all know the Alienvault platform has five modules in it, which are the Asset discovery, vulnerability assessment, threat detection, behavioural monitoring and security intelligence. In simple words we add assets first, and then we’ll configure all those assets under each and every module of Alienvault respectively. If you're ready with everything mentioned in part 1, we can now move forward with the configurations. Here we’re just considering only OSSIM not USM....

Penetration testing


Penetration testing is just like hacking in an ethical way. We follow the same procedures, tools and tricks to mock a hacker’s attempt to take over an enterprise networks/systems. The one who execute penetration testing is known as a Pen-tester”. The pentester first do a vulnerability assessment, in which he list out known vulnerabilities in existing in network. With respect to vulnerabilities received he tries to exploit them, which is known as "Pentesting". He records the maximum level/depth he could reach. The pen tester then creates a detailed report about vulnerabilities and their impact on the network. These reports will have recommendation to fix these vulnerabilities or to mitigate them.


Classification of hacking




Hacking mainly classified in to two types. first one ethical and other unethical. Ethical hacking, or in other words pentesting, is done with proper concern from the client. The unethical hacking, which has only one sub category, generally known as  black hat hacking is completely illegal and those who practice these are declared as cyber criminal. If one or more people engage in illegal hacking, then they are called as cyber terrorist, and if they are doing it for a cause, then they are  called as hacktivist. 
On the other hand we have ethical hacking, which as name says is completely legal. They are mainly three categories first one is again black hat hacking second one grey hat hacking and last one white hat hacking. 

The Black hat hacking or Black box pentesting is a method of pentesting in which the pentester has zero knowledge about the client IT infrastructure and security posture, only top management people knows about it. The main idea is to find out how does the IT team respond to a particular cyber incident. 

The next category is Grey box or Grey hat testing, in which other than management people top level IT staff will also know about it. In this type of testing a limited information such as IP address, subnets etc. will be given. The idea is to demonstrate how do the IT staff perform in case of an insider attack with inside information. 

The White box or White hat testing,The third category is generally preferred by most of the companies. A pentester executing white box pentesting will have entire information about the IT assets like critical subnets, ip address etc. He can have detailed testing on all assets. He can cross check the information he got from pentesting with IT people, providing more accurate results and hence removing possible false positives, when compared to other testing methods white box testing has literally zero false positives This in turn gives detailed pentetration testing report.

Comments

Popular posts from this blog

Beginner’s guide: OSSIM (Open Source Security Information Management) part 1

Beginner’s guide: OSSIM Part 2

Beginner’s guide: How to setup a SOC (Security Operations Center)