DFIR Blog
  • Infosec
    • Blog
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • CISSP
    • Domain-1
    • Domain-2
    • Domain-3
    • Domain-4
    • Domain-5
    • Domain-6
    • Domain-7
    • Domain-8
  • Contact
  • HTB
  • Productivity

Blog

Compensating Control

2/23/2018

 
Compensating Control may be considered if PCI DSS requirement cannot meet a requirement due to legitimate Technical or Documented Business constraints.

Compensating Control must satisfy following:
1) Meet the intent and rigor of the original requirement.
2) Provide a similar level of defence as the original
3) Be "Above and Beyond" other PCI DSS Requirement.

What is above and beyong?
- If existing PCI DSS requirement CANNOT be considered as compensating Control if they are already required by the item under review.

- Existing PCI DSS requirement MAY be considered as compensating control if they are required for another area, but not required for the item under review.

- Existing PCI DSS requirement may be conbined with new control to become a compensating control.

Compensating Control Worksheet:
1) Constraints
2) Objective
3) Identified Risk
4) Defination of Compensating Controls
5) Validation of Compensating Controls
6) Maintainance




A.
 Be "above and beyond" other PCI DSS requirement (i.e., not simply in compliance with other requirements)
B. Sufficiently offset the risk that the original PCI DSS requirement was designed to defend against
C. Meet the intent and rigor of the original PCI requirement
​D. Be commensurate with additional risk imposed by not adhering to original requirement

Self-Assessment Questionnaire (SAQ)

2/23/2018

 
 A - Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced
   A-EP - E-Commerce Merchants, Partially Outsourced 
   B- Imprints Machine Only- No Electronic Card Storage, Standalone, Dial out Terminal. Data not Transmitted
    B-IP-  Merchant using only PTS Standalone Payment Terminal with an IP Connection to a Payment Processor . PTS- Approved Point of Interaction Device. Data Transmitted via IP
     C-VT - Merchants who manually enter a single transaction at a time via Keyboard into a Internet based Virtual Terminal.
       C- Merchant with Payment Application Systems connected to Internet, No Electronic Card Data Storage.
   D - Merchant & Service Provider not Included in above description

Quaterly To-Do PCI List

2/23/2018

 
- Password Reset: Users passwords/passphrases should be changed every 3 months (Minimum)
- Check for Wireless access points: must implement a process to test for the presence of wireless access points and detect and identify all authorized and unauthorized wireless access points 
-
An audit trail history should be available immediately for analysis
​

PCI DSS Appendix

2/23/2018

 
PCI DSS Appendix A: Shared hosting providers

Good to Know about Payment Card Industry

2/23/2018

 
Methods for stealing payment card data include:
- Skimming
- Malware

- Weak Password

Sensitive authentication exists in the magnetic strip or chip, and is also printed on the payment card. In a credit card- there are two tracks with 79 and 40 Characters.

Payment Card Flow
Authorization, Clearing, Settlement, Undo (If Needed)

What are the 12 PCI Requirements

2/23/2018

 

  1. Have Firewall
  2. No Defaults
  3. Protect Stored Data
    1. Hashing the entire PAN using strong cryptography while transferring
  4. Encrypt Transmission of Data over network
  5. Have Antivirus
  6. Develop and Maintain Secure System and applications
  7. Restrict access to card holder data - Role based access control.
    1. Restrict access to cardholder data by business need-to-know
  8. Assign a Unique ID to each person with computer access
    1. A digital certificate is a valid for "something you have" as long as it is unique for a particular user.
    2. ​Identify and authenticate access to system components
  9. Restrict Physical Access to Card Holder Data
  10. Track and Monitor all access to cardholder data and networks resources 
  11. Test Regularly
  12. Have a policy
    1. Information Security Policies must be reviewed/updated Yearly to meet requirement.

Infosec - Weblinks

2/19/2018

 
Cyber Threat - Real Time Map
https://cybermap.kaspersky.com
http://hp.ipviking.com/
​

How to hide name and computer name from the terminal

2/18/2018

 
echo "export PS1='$ '" >> ~/.bash_profile

How file gets stored in HDFS

2/18/2018

 

  • Image a big text file
  • File is broken up into several blocks of data(Chunks).
  • each block is stored in different node in a cluster
  • Advantage of doing this 
    • Each block is of equal size. Allows HDFS to deal with bigger files in the same way. 
    • Makes storage in simple. 
    • Only keep multiple copy of block not the whole file in different node. 
    • Always dealing with same about of data - Good for processes and equal processing time
  • Optimum block size is 128 MB
  • Namenode contains mapping of blocks in datanode

Components of Hadoop Distributed file System (HDFS)

2/18/2018

 

  • HDFS is a spread across multiple machines (Simple with commodity Hardware)
  • Nothing unique about individual machine but unique part is a cluster as a whole is highly fault tolerant 
  • Well Suited for large Batch Jobs
  • Not a low latency system
  • Data is HDFS is very very large (Semi-Structured)
  • Any data in HDFS in split across multiple disks where each disk in present on a diff machine in a cluster
  • File system manage machine and space
  • Setup by Master-Salve Nodes
  • Master Node (Name Node) coordinates with Slave Nodes(Data Node)
  • One Namenode/Cluster
  • For Example - Name note is like a table of content of a book and data node are the actual chapters
  • NameNode has 2 responsibilities 
    • Manage the overall file system
    • Stores (Directory Structure)
    • Other File metadata
  • DataNode
    • Physically stores the data 

    Mac Forensics
    Windows Forensics
    Forensic Tools

    Categories

    All
    Attack
    Bash
    Bigdata
    Corporate
    Ctf
    Data
    Digital Forensics
    Docker
    EDR
    Forensics
    Hacking
    Hadoop
    HDFS
    Health Care
    Linux
    Memory
    Network
    Network Forensics
    PCIP
    SQL
    Windows
    Wireshark

    Archives

    January 2023
    October 2019
    September 2019
    July 2019
    June 2019
    May 2019
    March 2019
    April 2018
    March 2018
    February 2018
    July 2017
    June 2017
    May 2017
    November 2015
    October 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015

    RSS Feed

  • Infosec
    • Blog
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • CISSP
    • Domain-1
    • Domain-2
    • Domain-3
    • Domain-4
    • Domain-5
    • Domain-6
    • Domain-7
    • Domain-8
  • Contact
  • HTB
  • Productivity