4 min
Automation and Orchestration
Recommendations for Incident Response Team included in NIST Special Publication 800-61
Synopsis
We are starting series of blog posts: “Incident Response Life Cycle in NIST and
ISO standards”. In this series we will review incident response life cycle, as
defined and described in NIST and ISO standards related to incident management.
In the first post in this series, we introduce these standards and discuss
NIST’s approach to incident response team.
Introduction
NIST and ISO standards are excellent tools that can help organize and manage
security incident management in any organi
3 min
Automation and Orchestration
Understanding Access Control Lists
Synopsis
When it comes to the security regarding routers, switches or on the basic ISP
layers, we talk about ACLs. They are generally used to control/manage the
inbound and outbound traffic. In this blog, we will be looking into basic
configuration of standard IP ACLs also known as Access Lists or in some cases
filters.
Understanding ACL
Access Control
[https://www.rapid7.com/fundamentals/what-is-network-access-control-nac/] List
as the name suggests is a list that grants or denies permission
7 min
Komand
10 Ways to Make Your Security Posture More Proactive
In a perfect world, security teams have everything they need to defend against
the complex cybersecurity threat landscape: an enviable team of security pros,
sophisticated detection and prevention processes, and intelligent alerting and
reporting tools.
But in reality, most teams and security operations centers find themselves
struggling to keep pace. And whether it’s from an imbalance in people, process,
and technology, or a data utilization problem, security teams end up in a
reactive state:
4 min
IT Ops
Logs To Understand User Activity and Behavior
Logging user activity is a great way to understand what users are doing, and how
they are using network and computing resources. Collecting data from the
standpoint of a user identity or login is a great way to correlate all kinds of
information, too, including client or workstation activity, network and server
access, and application usage. This provides a unique opportunity to make use of
Logentries’
[https://logentries.com/centralize-log-data-automatically/?le_trial=user_activity_and_behav
6 min
IT Ops
The Value of Correlation IDs
In the old days when transactional behavior happened in a single domain, in
step-by-step procedures, keeping track of request/response behavior was a simple
undertaking. However, today one request to a particular domain can involve a
myriad of subsequent asynchronous requests from the starting domain to others.
For example, you send a request to Expedia, but behind the scenes Expedia is
forwarding your request as a message to a message broker. Then that message is
consumed by a hotel, airline
6 min
Automation and Orchestration
Cybersecurity careers and the certifications needed
Synopsis
Cybersecurity has become one of the top sought after careers in the Information
Technology field. Careers ranging from an ethical hacker to a security auditor.
With so many options to choose from, where do you start to pursue such a
purposeful and exciting future? I will explain some of the top certifications
that are offered and what fields they are associated with.
Institutes and their certifications
International Information Systems Security Certification Consortium, Inc. (ISC)2
5 min
Automation and Orchestration
Inspecting Network Traffic with tcpdump
Synopsis
Tcpdump, as the name suggests, captures and dumps(writes) the network
traffic passing through a given server’s or node’s network interfaces . It is a
classic command line tool written in 1987 and remains one of the most
powerful tools for analyzing network traffic. Many options and filters available
in the tool makes it easier to slice and dice the data. The data then can be
used by network administrators and enthusiasts for many purposes such as,
security & forensic analyses, trouble s
5 min
Automation and Orchestration
How to Install OpenVPN on Windows
Synopsis
With the growth of online privacy and security concerns, as well as people
wanting to work around geo-restrictions, VPNs are becoming much more mainstream.
They no longer rest in the realm of security professionals and the overly
paranoid. OpenVPN is the most secure VPN protocol you can use and this guide
will teach you what it is, as well as how to install it on Windows.
If you are looking to install OpenVPN on another operating system, visit their
website
[https://openvpn.net/index.
5 min
IT Ops
The Generosity of Thought: Caring and Sharing in the Open Source Community
I want to share something with you that is pretty amazing. But, before I do,
allow me to provide the backstory.
The Backstory
I’ve been using Open Source Software (OSS) for a while now. I started with the
big ones, Apache [http://apache.org/], Maven [http://maven.apache.org/], MySQL
[http://www.mysql.com/], etc…. But, as time went on and my work became more
specialized, I started using smaller projects. When you use the big projects
such as Maven and Apache, there’s a boatload of books, video
3 min
Komand
3 Steps for Effective Information Security Event Triage [Infographic]
Before you jump into action when a security alrm sounds, you need to first
assess what happened. Pulling together the details of the event will help you
determine if there is a real security incident, and if so, how you will need to
respond.
But often in the frenzy of security alerts, we get caught up in processes or
start jumping to conclusions without enough info. This can lead to a haphazard
incident response.
From my experience, there's a simpler way; one that is efficienct, not bogged
dow
4 min
Automation and Orchestration
Burp Series: Intercepting and modifying made easy
Synopsis
As a penetration tester I have many tools that I use to help with web
application testing, but the one tool that never lets me down is Burp suite by
portswigger. Burp suite is an intercepting proxy that allows you to modify and
inspect web traffic, it comes in two flavors, free and paid. The free version
is powerful enough to assist any pen test engineer, whereas the paid version
will add extra features to make your tests go smoother and faster.
I am going to walk you through the beg
7 min
Komand
How to Render Components Outside the Main ReactJS App
We use React here at Komand as one of our core libraries in our front-end
applications and while it does a great job of abstracting away the code for
managing the DOM, sometimes that can be problematic. With React, you have JSX
which is just XML sugar for declaring what DOM elements you want React to
render. React just renders the elements where they are defined within the JSX.
For example, this JSX…
<div className=“content”>
Content
<Modal>
I’m a modal
</Modal>
</div>
... would res
5 min
IT Ops
Solving the expression problem
If you look at any OO-based codebase of a nontrivial size, you’ll [hopefully]
find well understood behavior formalized and encapsulated through the effective
use of polymorphism- either via interfaces which decouple calling code from a
types’ implementation, or via sub typing to share code common to multiple types.
To take an example from a statically typed language like Java, let’s look at the
Map interface and a few of its implementations in the standard library:
A receiving method which
6 min
Honeypots
Introduction to Honeypots
Synopsis
With an ever-increasing number of methods and tactics used to attack networks,
the goal of securing a network must also continually expand in scope. While
traditional methods such as IDS/IPS systems, DMZ’s, penetration testing and
various other tools can create a very secure network, it is best to assume
vulnerabilities will always exist, and sooner or later, they will be exploited.
Thus, we need to continuously find innovative ways of countering the threats,
and one such way is to depl
6 min
Komand
SOC Series: How to Make a Security Operations Center More Efficient
You have your security operations center (SOC)
[https://www.rapid7.com/fundamentals/security-operations-center/] in place, now
what?
Creating a SOC is not a cheap undertaking, so to be sure your investment in
people and resources pays off, your next task is to make it as efficient as
possible. Efficiency drives time-to-response, and with intrusion detection and
incident response, optimizing for this metric is crucial. Over the long term, it
also becomes more cost-effective.
I’ve seen the good