Compensating Control may be considered if PCI DSS requirement cannot meet a requirement due to legitimate Technical or Documented Business constraints.
Compensating Control must satisfy following: 1) Meet the intent and rigor of the original requirement. 2) Provide a similar level of defence as the original 3) Be "Above and Beyond" other PCI DSS Requirement. What is above and beyong? - If existing PCI DSS requirement CANNOT be considered as compensating Control if they are already required by the item under review. - Existing PCI DSS requirement MAY be considered as compensating control if they are required for another area, but not required for the item under review. - Existing PCI DSS requirement may be conbined with new control to become a compensating control. Compensating Control Worksheet: 1) Constraints 2) Objective 3) Identified Risk 4) Defination of Compensating Controls 5) Validation of Compensating Controls 6) Maintainance A. Be "above and beyond" other PCI DSS requirement (i.e., not simply in compliance with other requirements) B. Sufficiently offset the risk that the original PCI DSS requirement was designed to defend against C. Meet the intent and rigor of the original PCI requirement D. Be commensurate with additional risk imposed by not adhering to original requirement A - Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced
A-EP - E-Commerce Merchants, Partially Outsourced B- Imprints Machine Only- No Electronic Card Storage, Standalone, Dial out Terminal. Data not Transmitted B-IP- Merchant using only PTS Standalone Payment Terminal with an IP Connection to a Payment Processor . PTS- Approved Point of Interaction Device. Data Transmitted via IP C-VT - Merchants who manually enter a single transaction at a time via Keyboard into a Internet based Virtual Terminal. C- Merchant with Payment Application Systems connected to Internet, No Electronic Card Data Storage. D - Merchant & Service Provider not Included in above description - Password Reset: Users passwords/passphrases should be changed every 3 months (Minimum)
- Check for Wireless access points: must implement a process to test for the presence of wireless access points and detect and identify all authorized and unauthorized wireless access points -An audit trail history should be available immediately for analysis Methods for stealing payment card data include:
- Skimming - Malware - Weak Password Sensitive authentication exists in the magnetic strip or chip, and is also printed on the payment card. In a credit card- there are two tracks with 79 and 40 Characters. Payment Card Flow Authorization, Clearing, Settlement, Undo (If Needed)
echo "export PS1='$ '" >> ~/.bash_profile
token=$(command)
echo "$token" test=$(cat test.txt) echo $test
In this article, I am going to talk about basic forensic time analysis procedure:
Antedating: Creating a document with incorrect time stamps.
Investigation:
How to antedate a document?
Readings: http://www.cse.scu.edu/~tschwarz/COEN252_13/Papers/antedating.pdf http://www.theglobaldispatch.com/digital-forensics-and-the-fbi-how-todays-tech-will-help-solve-hillarys-email-investigation-55389/
Let me try to list down some of the things that a Incident response team will lose volatile data if they turn off the suspect's machine.
1) Logged in Users 2) TCP Connections 3) Running Processes Network Forensics: It’s basically sniffing, recording, acquisition, and analysis of network traffic and event logs in order to investigate security.
It can reveal many things like, Source of security incidents and attacks, Path of attack, Techniques used by attacker. Types of network addressing scheme:
Intrusion detection System gathers and analyzes information. Types:
As name suggest, it’s set to attract and trap people. Network Attacks: IP Address Spoofing: Attacker changes his/her IP address to hide identity. Man in the middle attack: It’s intrudes into an existing connection between systems and to intercept messages being exchanged. Packet sniffing: An attacker can capture the packet by putting a packet sniffer on the network. Buffer Overflow: Buffer overrun in the stack space. Attacker inject malicious code on the stack and overflows it to overwrite in return pointer so that the flow of control switches to the malicious code. New line injection attack: Attacker inject plaintext into the log file. Computer Security logs – contains information about events in an organizational and network
ii.Audit Logs: Security event information like failed auth, file access, policy changes, account changes
Popular Event ID’s
UDP Port 123- NTP Event Correlation Approaches:
What is Steganography?
Hiding a secret message within an ordinary message and extracting it at the destination to maintain confidentiality of the data. Example: Popular method is hiding a file inside an image or using image file as a cover. http://www.wikihow.com/Hide-a-File-in-an-Image-File Techniques:
Technical Steganography: Uses physical and chemical means to hide the existence of a message.Example – Invisible ink, Microdots, In Computers (Uses redundant information in pictures, text, sound etc) Linguistic Steganography: Uses written natural language to hide the message in the carrier in some non-obvious ways.
|
Mac Forensics
|