Loading...
 

Information Security

Information Security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.1

References

  • The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The National Cybersecurity FFRDC, operated by the Mitre Corporation, maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security.2

Books

Attack Vectors

An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome. Attack vectors enable hackers to exploit system vulnerabilities, including the human element.3

The attack surface of a software environment is the sum of the different points (the "attack vectors") where an unauthorized user (the "attacker") can try to enter data to or extract data from an environment.4

Anti-Spam Techniques

Anti-Spam Techniques - To prevent email spam (a.k.a. unsolicited bulk email), both end users and administrators of email systems use various anti-spam techniques.

Network Security Assessment

Network Security Assessment - Network infrastructure vulnerabilities are the foundation for all technical security issues in your information systems. These lower-level vulnerabilities affect everything running on your network. That's why you need to test for them and eliminate them whenever possible.5

Intrusion Detection System

An Intrusion Detection System (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any detected activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system. A SIEM system combines outputs from multiple sources, and uses alarm filtering techniques to distinguish malicious activity from false alarms.6

Book Clubs / Reading Lists

  • InfoSec Book Club 2012
  • Security Book Club for 2014
  • Recommended Reading - This page lists books that I have found to be highly relevant and useful for learning topics within computer security, digital forensics, incident response, malware analysis, and reverse engineering, and other related topics. These books range from introductory texts to advanced research works. While some of these books may seem dated, the information contained is still very useful to people learning today, and much of the information is essential to becoming proficient in the information security realm.

User Groups / Meetups

Essays

Tools

Kali Linux

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. Mati Aharoni, Devon Kearns and Raphaƫl Hertzog are the core developers.7

Nmap

Nmap ("Network Mapper") is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping).8

Ncrack

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.

Ncrack's features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap's and many more. Protocols supported include SSH, RDP, FTP, Telnet, HTTP(S), POP3(S), IMAP, SMB, VNC, SIP, Redis, PostgreSQL, MySQL, MSSQL, MongoDB, Cassandra, WinRM and OWA.9

Kali Linux

Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.10

Related Topics

1 Information security. (2013, November 2). In Wikipedia, The Free Encyclopedia. Retrieved 21:39, November 2, 2013, from http://en.wikipedia.org/w/index.php?title=Information_security&oldid=579903090
2 Common Vulnerabilities and Exposures. (2017, October 24). In Wikipedia, The Free Encyclopedia. Retrieved 16:47, November 23, 2017, from https://en.wikipedia.org/w/index.php?title=Common_Vulnerabilities_and_Exposures&oldid=806836471
4 Attack surface. (2015, September 8). In Wikipedia, The Free Encyclopedia. Retrieved 19:46, September 8, 2015, from https://en.wikipedia.org/w/index.php?title=Attack_surface&oldid=680110642
6 Intrusion detection system. (2016, December 10). In Wikipedia, The Free Encyclopedia. Retrieved 18:29, December 10, 2016, from https://en.wikipedia.org/w/index.php?title=Intrusion_detection_system&oldid=754072620
7 Kali Linux. (2017, November 9). In Wikipedia, The Free Encyclopedia. Retrieved 15:27, November 11, 2017, from https://en.wikipedia.org/w/index.php?title=Kali_Linux&oldid=809507541
Last edited by MichaelAlber .
Page last modified on Saturday May 26, 2018 20:23:48 UTC.

Newest Blog Post Comments

No records to display