Posts

Selecting an SIEM Solution For Your Organization Simplified

Image
Selecting the correct Security Information and Event Management (SIEM) solution for an organization is not an easy task. The purpose of this article is to educate you why you should or should not have a SIEM solution, what key areas to look at when acquiring and SIEM solution and I'll also give you some of my own opinions or certain vendors and options. SIEM is a hybrid of two products SIM (security information management) and SEM (security event management). SEM technology evolves with real-time activities such as real-time correlation, alerting, dashboards, etc. SIM component is responsible for retention of logs for log-term analysis and forensics, reporting, pattern discovery, etc. Most of the leading SIEM vendors now provide ticketing/workflow management systems, integrated knowledge-bases various other components integrated to their SIEM solution.  

Configure Policy-Based Routing On Check Point Secure Platform

Image
There's no straight-forward way to achieve policy-based routing on Check Point SPLAT (Secure Platform). Since SPLAT is Linux-based and Check Point firewalls relies on operating system routing functions, policy-based routing is also archived through iproute2 - a set of utilities used to control network traffic on Linux systems. iproute2 is available with most of the Linux distributions (including SPLAT) with a kernel version above 2.2. For more information about iproute2, please refer to the links in the Additional References section of this article. When configuring policy-based routing with iproute2 on SPLAT, there is some important point you need to remember. You need to configure a routing table per policy and it's independent of your normal routing table Because of that, once a policy is matched only that particular table is looked for routing Therefore you must manually add all the routing information (including directly connected routes) for each and every table y

gnmap2csv - Generate a CSV File from Nmap Scan Results

Image
I created this basic script to generate a small report from nmap scan results. It's just a quick-and-dirty bash script that can generate a CSV file from .gnmap files that are produced by nmap scanner. You can either use this for reporting or just to get a quick view of the hosts, open ports and services. It has been quite useful for me for penetration tests that I do. The following is a sample file I generated from an nmap scan and I opened the CSV in Microsoft Excel.

Automating Penetration Tests - Part 2

Image
This is part 2 of the article, click here to read part 1 of the article. Modern Approaches to Attack Graphs Generation and Analysis In the modern approach, attack graphs are generated without the full knowledge about the network – which represents real-world scenarios. Then during the attack phase, the rest of the information is learned and the attack graph is altered accordingly. A planner or an intelligent mechanism such as a neural network is used to analyze the graphs and then to generate attacks. There are two notable research papers that discuss on attack planning. Ghosh and Ghosh proposed a new approach to attack planning using a planner [35]. Then Obes et al. have used the same concept and integrated the planner to a penetration testing framework to successfully conduct a penetration test [36].

Automating Penetration Tests - Part 1

Image
This article is written based on the literature survey of my Master's theses on Automating Penetration Tests. The main objective of this research is to look into ways that penetration tests can be automated. However, I strongly believe that the capabilities of a good penetration tester cannot be automated using a computer program. So the intention is to automate systematic steps of penetration tests to save time and effort for the penetration tester. Basic Automation of Penetration tests There have been various attempts to simplify penetration tests by automating various steps of the penetration test. The simplest attempt is Autopwn [3] in the Metasploit framework [4]. The first penteser gathers information about target systems using Nmap or Nessus. This information is imported to a database using a database module in Metasploit. Autopwn query the database for open ports and services. Then it loads the exploits in Metasploit that match these services and launch them against

Introduction to Penetration Testing For Non-Technicals

If you are a manager with a different background than IT or if you are a non-technical person wondering whether to conduct a penetration test for your organization, this article might be of help to you. What's Penetration Testing? In a penetration test (a. k. a. pentest) penetration testers (a. k. a. pentester) simulate an actual attack on the system being tested to assess the weaknesses of the system(s) and gives recommendations on fixing the vulnerabilities discovered. Penetration Testing Vs. Ethical Hacking? Ethical hacking is a buzz word that became popular in the information security industry with the introduction of the Certified Ethical Hacker exam by EC-Council. Although some argue that penetration testing and ethical hacking are two different things, it's quite hard to identify any difference between the two

Disable DNS Lookup on Cisco Routers and Switches

This article discusses how you can disable DNS lookup on Cisco routers and switches and effect when DNS lookup is enabled. Problem In privilege EXEC mode, if you type in something other than a Cisco IOS command, the router assumes that you typed a domain name and it tries to resolve what ever you type. Although this feature is can be useful in some situations, for most of the time, this is a pain, especially if you do not have DNS server configured. The router becomes irresponsive for about 5-6 seconds trying to resolve the name. The following is an example. R4#wrong-command Translating "wrong-command"...domain server (255.255.255.255) (255.255.255.255) Translating "wrong-command"...domain server (255.255.255.255) % Unknown command or computer name, or unable to find computer address R4#