Must be 150 words each
1) Lynda.com Vulnerability Scanning Sandra
Hello everyone! This video was interesting gave me some useful information on example commercial and free scanners such as SAINT and NESSUS and Acunetix and using Microsoft Baseline Security Analyzer 2.3 used by IT professions. And Qualy’s browser checker did not know there was one for the browser good to know. According to the video Vulnerability probes targets the network by detecting open ports, determines software, operating system and versions and identifies knows vulnerabilities.
A brief description of Information Systems as software, decision making on DBMS, DSS and MIS
Information Technology is dealing with hardware, computer networking devices.
Two types of Scans
Finds basic configuration issues
Use no user names or passwords
Simple to run
Will miss many vulnerabilities
Authentication Scans more powerful
Uses user names or passwords
Mimics a user on the system or website
More aggressive can be used inside the system
Some are Brute Force techniques
More thorough and provides comprehensive reports
Type depends on Objectives
High Level Unauthentication
Compliance Requirement Authentication
User Stimulations Authentications
Attacks can be active or passive
Goal exploiting a vulnerability
Achieves some end results
Denial of Service
Data inspectors, modifications or theft
2) Chapter 2 Ping of Death
Ping of Death (a.k.a. PoD) is a type of Denial of Service (DoS) attack in which an attacker attempts to crash, destabilize, or freeze the targeted computer or service by sending malformed or oversized packets using a simple ping command. While PoD attacks exploit legacy weaknesses which may have been patched in target systems. However, in an unpatched systems, the attack is still relevant and dangerous. Recently, a new type of PoD attack has become popular. This attack, commonly known as a Ping flood, the targeted system is hit with ICMP packets sent rapidly via ping without waiting for replies.
3) Chapter 2 ICMP flood attack
Hi instructor and class, the ICMP flood attack is similar to the SYN flood attack. An ICMP flood takes place when an attacker overloads its victim with a huge number of ICMP echo requests with spoofed source IP addresses. This type of attack has caused a lot of headaches to network administrators in the past therefore it is the first attack that has been “fought and killed” nowadays, using various methods. The simplest one was to completely disable ICMP from untrusted interfaces and the more complicated one was to policy the rate of transmission of ICMP requests and limit down this rate in case of aggression.
4) Module 2 canonicalization erro
A canonicalization error is an application vulnerability that occurs when an application parses a filename before the operating system has canonicalized it. Operating systems canonicalize filenames when processing a file to identify the absolute, physical path of the given file given a virtual or relative path. Files can be accessed using multiple names. For example, if your application uses one of the methods to validate whether the user has access to the file, an attacker could potentially use one of the other synonymous names. Canonicalization attack can be avoided however, if characters were listed in the application that are allowed rather than creating a blocking list. The best way to identify the canonical bug is by tricking the parser using a variation of the same input data on which your application is making essential security decisions, such as try to bypass the checks resorting to backslash instead of forward slash, or try different encoding schemes to trick the parser.
5) Module 2 Security Policy Implementation
Without formal information security policies and standards, an organization cannot effectively secure its critical information assets. The simple fact that policies and standards are the necessary foundation of effective information protection is why:
- Legal compliance with Information security regulations like HIPAA require information security policies and standards
- MasterCard and Visa require organizations that accept their credit and debit cards to have information security policies and standards
- Every information security effective practice contains a requirement for organization wide information security policies and standards
- In the event of an information incident negatively affecting 3rd -parties, it may be argued that the absence of information security policies and standards is evidence of information negligence
6) Module 2 Cyber security roadmap by Cisco
I thought I would share some information that the class might be interested in. I was reading the 2017 Cisco Cybersecurity Roadmap and pulled out this statement:
Another thing to consider: your organization’s business transactions rely on reputation, and your brand. If you think that value can’t be quantified, check out how much the top 100 brands are worth. Just the top 10 brands combined are worth over $700 Billion Dollars. That’s more than the GDP of all but 18 countries
I thought this was interesting as I have seen and been witness to professionals in the cyber security business, ignore brand reputation and business in some of our aspects of our careers. It is very important that if we work for an organization, we remember that the organization is a brand and that brand matters. Without it, we don’t have a jobs.
There is a lot more interesting information in the document, so I suggest it as a read.
7) Module 2 Network Security Breach Effect Business Continuity
Business continuity and security work in tandem, both help mitigate costs and impact of data breaches. Organizations need security to prevent, protect, detect and for emergency response and crisis management. Business continuity is critical for dealing with the impact, and recovery. Speed and agility are key enablers in cyber incident response, and business continuity enables agile, rapid response limiting financial and reputational impact on the enterprise.
Many of the things considered during disaster contingency planning are identical to the things information security analysts routinely evaluate:
- Threat evaluation
- Risk assessment
- Mitigation planning
- Service prioritization
No cybersecurity effort is complete without user education and coordination; likewise, no business continuity plan can expect to succeed without users who both have input on important components of the plan and who are well-versed in its execution.
8) Learning Team
Hello everyone! Describe approaches to prevent or mitigate a DDoS attack.Explain your response.
DDoS distributed denial of service attack is liking your home being flooded, without warning attackers can upend your company. You would need a faster more immediate means of threat detection to prevent severe damage. DDoS attack is affecting the services and not failing server or application. The actual mitigation of the threat starts to take effect. Application layer attacks are much harder to detect.
Variety of methods allow security teams to gain insight. One approaches is flow sampling as viturally routers support some form of Flow technology, such s NetFlow, IPFIX or sFlow.process the router samples packets and exports a datagram contains information about that packet. For depth security analysis purpose relying on samples is serious concession missing a large piece of information as your receive one packet. A flow analytics device has to evaluate the behavior of a traffic stream over longer period of time.