Many times we see a threat score systems that might be match what you are looking for. Seth Bromberger manager of information security at PG&E has a more generic threat scoring system that can be used by any organization.
This system divides into broad categories like insiders, script kiddies, nation-states, terrorist groups and forces of nature, among others.
Each threat can be assigned a 0(no capability) or a 5(most capable threat).
Capability is judged through attacker's institutional knowledge, technical proficiency, group size and funding, and levels of access.
read more at: http://searchsecurity.techtarget.com/magazineContent/Researcher-Puts-Quantitative-Measurement-on-Information-Security-Threats
Sunday, April 24, 2016
Sunday, April 17, 2016
Choosing Right Data Sharing Architecture
Most of the time organization want to share data but have hard time to choosing the proper sharing architecture for them. Here are some steps that will help them make the decide on the right sharing architecture:
1. Survey the Architecture Landscape: educate the user about what are the possible architecture: Centralized, Distributed, or Hybrid. Each one offers functionality like federated query or decision support.
2. Refine the Requirements: When requirements are vague try to ask the customer to narrow down the requirements. This can be done by telling the customer that based on your requirement you architecture will give you this result and create some use cases. These use case result will help customer understand what each architecture will give them.
3. Analyze the Dependencies: Once the requirements and outcomes are derived, we would need the understand the dependency of the systems. By analyzing the structure and components of the system this will give the customer an understanding of the complexity the system offers. And with increased complexity comes increased cost of choosing this architecture.
4. Recommend an Architecture: Based on the customer requirement and budget list of at three architecture for the customers and specify what each one offers.
By following these 4 steps, organization can choose the architecture solution that will best suit their enterprise instead of investing in an architecture that costs more and does not give desired results.
Read More:https://gcn.com/articles/2012/07/17/4-steps-architecture-analysis.aspx
1. Survey the Architecture Landscape: educate the user about what are the possible architecture: Centralized, Distributed, or Hybrid. Each one offers functionality like federated query or decision support.
2. Refine the Requirements: When requirements are vague try to ask the customer to narrow down the requirements. This can be done by telling the customer that based on your requirement you architecture will give you this result and create some use cases. These use case result will help customer understand what each architecture will give them.
3. Analyze the Dependencies: Once the requirements and outcomes are derived, we would need the understand the dependency of the systems. By analyzing the structure and components of the system this will give the customer an understanding of the complexity the system offers. And with increased complexity comes increased cost of choosing this architecture.
4. Recommend an Architecture: Based on the customer requirement and budget list of at three architecture for the customers and specify what each one offers.
By following these 4 steps, organization can choose the architecture solution that will best suit their enterprise instead of investing in an architecture that costs more and does not give desired results.
Read More:https://gcn.com/articles/2012/07/17/4-steps-architecture-analysis.aspx
Sunday, April 10, 2016
Different types of NIDS
NIDS: Network Intrusion Detection system are threat catching type software that is installed on server that are the gateway between your internal system and the world wide web. These threat identifying rules/software is crucial line of defense in identifying the good guys vs bad guys. Here are some of the NIDS system on the market:
SNORT: This is the oldest NIDS system and has nearly 40,000 users and It supports Window and many types of Linux systems. However, it does not support by default multi-core machines without special configuration.
SURICATA: This younger NIDS system that works with SNORT ruleset and is funded through government. It is known for its efficiency and works will with Emerging Threats ruleset. Its mostly suited to give best performance when its run on multi-core systems.
SAGAN: open source system that runs under the nix operating system(Linux, OpenBSD, FreeBSD). Its written in C which allows it give high performance log and event analysis. Sagan structure and rules work similar to Snort IDS/IPS system so that Sagan can correlate logs from Snort IDS/IPS systems and write the findings Snort IDS/IPS databases. Sagan is also compatible with all Snort consoles. Sagan also offers automatic firewall support via Snortsam, GeoIp detection/alerting and much more.
Read more: https://github.com/Snorby/snorby/wiki/Snort-vs-Suricata-vs-Sagan
SNORT: This is the oldest NIDS system and has nearly 40,000 users and It supports Window and many types of Linux systems. However, it does not support by default multi-core machines without special configuration.
SURICATA: This younger NIDS system that works with SNORT ruleset and is funded through government. It is known for its efficiency and works will with Emerging Threats ruleset. Its mostly suited to give best performance when its run on multi-core systems.
SAGAN: open source system that runs under the nix operating system(Linux, OpenBSD, FreeBSD). Its written in C which allows it give high performance log and event analysis. Sagan structure and rules work similar to Snort IDS/IPS system so that Sagan can correlate logs from Snort IDS/IPS systems and write the findings Snort IDS/IPS databases. Sagan is also compatible with all Snort consoles. Sagan also offers automatic firewall support via Snortsam, GeoIp detection/alerting and much more.
Read more: https://github.com/Snorby/snorby/wiki/Snort-vs-Suricata-vs-Sagan
Sunday, April 3, 2016
YARA oh YARA!
YARA is is robust tool that is used to find suspicious file/directories in your systems and is compatible with per-base regular expression.
There are two sections in a YARA rule Strings and conditions.
There three different types of strings:
- Hexadecimal Strings: usage of hexadecimal to describe the string. By using hexadecimal you can also use wildcard operator (?) and jumps(where the pattern in know and the length of pattern)
-Text Strings: text strings from ASCII which are used to make the criteria.
-Regular Expression: YARA uses its own regular expression engine similar to PCRE.
Conditions: Returns a Boolean value based on the criteria specified in String section.
YARA can be integrated with:
- PEiD to check what packer was used to make the malicious exe file.
- PE(Portable Executable) files which will allow it look for certain string in an http send and request.
- WMI tool that will allow YARA to scan more than one process.
Read more : http://resources.infosecinstitute.com/yara-simple-effective-way-dissecting-malware/
There are two sections in a YARA rule Strings and conditions.
There three different types of strings:
- Hexadecimal Strings: usage of hexadecimal to describe the string. By using hexadecimal you can also use wildcard operator (?) and jumps(where the pattern in know and the length of pattern)
-Text Strings: text strings from ASCII which are used to make the criteria.
-Regular Expression: YARA uses its own regular expression engine similar to PCRE.
Conditions: Returns a Boolean value based on the criteria specified in String section.
YARA can be integrated with:
- PEiD to check what packer was used to make the malicious exe file.
- PE(Portable Executable) files which will allow it look for certain string in an http send and request.
- WMI tool that will allow YARA to scan more than one process.
Read more : http://resources.infosecinstitute.com/yara-simple-effective-way-dissecting-malware/
Subscribe to:
Posts (Atom)