Saturday, February 22, 2020

NIST 800-137 Steps

Steps in NIST 800-137 Special Publication can be part of a CISSP exam question.

Overall, the Special Publication 800-series reports on ITL’s research, guidelines, and outreach efforts in information system security, and its collaborative activities with industry, government, and academic organizations.

NIST 800-137 covers Information Security Continuous Monitoring (ISCM) for Federal Information
Systems and Organizations and includes the following steps to establish, implement, and maintain ISCM:


  • Define an ISCM strategy;
  • Establish an ISCM program;
  • Implement an ISCM program;
  • Analyze data and Report findings;
  • Respond to findings; and
  • Review and Update the ISCM strategy and program. 
Posted by at No comments:

IT Protocols for Auditing

Examples of protocols used for auditing are:


  • COBIT (Control Objectives for Information and Related Technologies) is a framework created by ISACA for information technology (IT) management and IT governance.
  • SSAE-16
  • ISO27002


but not ITIL.
ITIL is best practices guide for IT service management developed by UK Cabinet Office.

Posted by at No comments:

Saturday, February 15, 2020

RFC 1918 - non-routable private IP Address Ranges

RFC 1918 private and non-routable IP address ranges are:


24-bit block10.0.0.0 – 10.255.255.2558 bits
20-bit block172.16.0.0 – 172.31.255.25512 bits
16-bit block192.168.0.0 – 192.168.255.25516 bits

The above are IP addresses which can not be scanned or reached from outside an organisation for pen testing etc. 
Posted by at No comments:

Friday, February 14, 2020

Network Flow Logging

Flows, also known as network flows, are logs captured to provide insight to network traffic for security, performance and troubleshooting purposes.

This phrase or topic may come in a  question to be confused with other types of logging:


  • Audit logging: logs events on a router, PC etc. 
  • Trace logging: used for application.
or some other made up terms such as route logging! 
Posted by at No comments:

Tools for Testing & scanning

Open source:

  • OpenVAS: Vulnerability scanning tool. 
  • nmap: The network mapper, a good tool to scan ports etc.  
  • Nikto: Vulnerability scanner - Unix like command line tool 

Commercial: 


  • Microsoft Baseline Security Analyzer (MBSA): discontinued! Tool to determine security state by assessing missing security updates and less-secure. Security updates are determined by the current version of MBSA using the Windows Update Agent present on Windows computers since Windows 2000 Service Pack 3. 
  • Nessus: Vulnerability scanner. Nessus was open source before but no longer. 
Posted by at No comments:

Generational Versus Mutation Fuzzing Methods

As part of one of CISSP question, one may come across different ways of fuzzing.

There are 2 types of generating input data for fuzzing:


  1. Generational method
    • Generational fuzzes input data based on data models and how an application uses data to test the application.  
  2. Mutational method
    • Mutation method simply mutates the valid sample input data. This method is also known as "dumb" fuzzing method.
Posted by at No comments:

Interface Testing

Well explained in guru99 page here:

https://www.guru99.com/interface-testing.html

The page states:

What is Interface Testing?

Interface Testing is defined as a software testing type which verifies whether the communication between two different software systems is done correctly.
Note the keywords "communication" and between different software systems, which may have been separately developed software modules. 
Posted by at No comments:
Subscribe to: Comments (Atom)