THE DFIR BLOG
Menu

SSL Certificate

11/6/2022

1 Comment

 
 What is SSL Certificate ?
  • Establishes a secure (encrypted) connection between the Client and the Server to maintain. SSL certificate is web servers digital web server issued by a third party.
How SSL works?
Scenario - I want to connect to a web server, and all communication should be encrypted.
  1. Client Browser requests secured pages from the web server.
  2. The server sends its public key with SSL Certificate digitally signed by an external third party known as Certificate Authority (CA)
  3. Once the Client Browser gets the certificate, it will check the issuer’s digital certificate to ensure its valid.
  4. The client browser will use the CA’s public key (Already in the browser) to verify the Certificate. Please note CA sign’s the certificate with its private key.
  5. Once the signature is verified, then it can be trusted, and the Padlock icon in the browser appears.
  6. After verification, the client browser creates a symmetric key and sends it server by encrypting it with the server’s public key

What are well known Certificate Authority (CA)?
Comodo, Digicert, GlobalSign etc.
1 Comment

Domain-2 - Asset Security - Focussed on Data

1/21/2022

 
What is Sensitive Data?
# Personally Identifiable Information: Any information lead us to an individual is a PII.
  • Direct Identifier - SSN, Credit Card Number, Name, Email, Address
  • Indirect Identifier - Zip code, City, Geolocation, 

# Protected Health Information: Any data elements related to the Health Information about the individual. HIPAA protects PHI

# Proprietary Data: Confidential data belonging to an organization. Example Intellectual Property, Merger Plans, Acquisition Plans etc.



Data Classification
​
Government
Private
Damage
Top Secret
Confidential
Grave Damage
Secret
Private
Critical Damage
Confidential
Sensitive
Serious Damage
Unclassified
Public
No Damage
Data States

# Data in Motion
  • - Protect Data in Motion using TLS 1.2, VPN, IPsec etc.
  • - Best protection is to encrypt it for maintaining the Confidentiality
# Data at Rest
  • Encrypt Data with Advanced Encryption Standard -256 (AES-256)
  • Data Masking - Think about your SSN - XXX-XX-1234, CC Number only last 4 is visible. If encryption is not possible, mask the data for the confidentiality protection. 
  • Tokenization - Replace the sensitive data with non sensitive data like a token. 
# Data in Use
  • Generally encryption is not possible when the data is in use. We need to decrypt the data to use it for processing.
  • Memory isolation for Data processing.
  • Think about the stringent requirement of PCI for processing CC Data.
  • Homomorphic Encryption is a method to process the encrypted Data. It's in the early stages of it's development.

Managing Sensitive Data
Marking or Labelling the Data, Secure transportation, storing sensitive data, destroying the data when no longer needed.

Methods of Removing Data

#Erasing
#Clearing
#Purging
#Sanitization
#Declassification
#Destruction
#Degaussing

Data Retention



Roles & Responsibility related to Data 

#Data Owner
#System Owner
#Data Custodian
#Business Owner
#Data Processor
#Data Controller

Additional Items
#Pseudonymization


#Anonymization 

#Data Masking

#Scoping 

#Tailoring

​

Network Address Translation

10/16/2021

 
Purpose of NAT is to hide the internal IP. Purpose of using NAT Was to save the IPv4 Range. IPv4 is 32 bit.

Private IP Range 
Class A-  10.x.x.x
Class B- 172.16.x.x - 172.31.x.x
Class C- 192.168.x.x

It also provides privacy as it conceals identity. Remember GDPR considers IP Address is PII.

Virtualization Technology

10/16/2021

 
Virtual LAN (vLAN): Logically segment a network without altering the physical topology

Virtual Desktop Technology:
- Remote Access 
- Extension of Virtual Applications 

Virtual Networking 
- Storage area network 
- Software Defined Network (Makes organization Vendor independent) 

Virtual Extensible LAN (VXLAN):

As Organization are moving towards client, the requirement is that CSP (Cloud Service Provider). VXLAN allows you to segment your network and also solves the scalability limitation of VLAN's and provides benefits that VLAN Cannot.

- You can create 16 Million VXLAN (24 bit VNID) vs 4094 VLAN (12 Bit VNID)

We need VXLAN for the Scalability of VLAN

XSS

10/12/2021

 
Stored XSS: Attacker will find the vulnerable website and inject a malicious code into it. When the users click on the page the malicious code automatically get downloaded.
XSS attack usually targets the blogs, forums - (Places where people can add comments).


There are three type of XSS:
1) Persistance/Stored XSS
2) Non Persistant/Reflective XSS
3) DOM based XSS Attack


Breach: 
https://www.gnucitizen.org/blog/the-orkut-xss-worm/

IPSec

10/3/2021

 
Internet Protocol Security (IPSEC) is a standard architecture for setting up a secure channel between two entities.The entities can be anything like two system, two routers, two gateways or any other combination. IPsec uses Public Key Encryption to provide confidentiality, authentication, Integrity and Non-Repudiation. 

IPsec relies of security association and there are two main associations:
1) Authentication Header (AH) - Provides assurance of Message Integrity and Non Repudiation.
2) Encapsulation Security Payload (ESP) - Provides confidentiality and Integrity of the packet content. Provides encryption and prevent replay attacks (Captures the packet and replay it later). 
​

Primary use for the IPsec is for the VPN. IPsec can operation in Two Modes
1) Tunnel Mode - Message + Header is encrypted
2) Transport - Only message is encrypted



​
Picture

Business Continuity Planning (BCP)

9/11/2021

 
Picture

Covert Channels

7/12/2021

 
Covert Channels are the mechanism used to transmit information using not the originally intended for Data Transmission.

​Generally Unauthorized and hidden used to send information that violates Information security policy.

*Covert Storage Channels* - They are a line of communication that can be seen by everyone but not understand by everyone.  Processes are able to communicate through some type of storage on the system. 
* Stagnograhy is a type of Covert Storage Channel. Example - Hiding a picture or a message inside a PDF Document. 

*Covert Timing Channel*  - One precess relays information to another by modulating  the use of system resources. For example, mixing illegitimate traffic with legitimated traffic.

Micro-Architectural Attacks
* Cache Timing Attacks 
* Cache memory sits in between processor and memory. It is used for faster processing. 

CISSP Overview

7/11/2021

 
Picture

    Subscribe to Newsletter

    Archives

    November 2022
    January 2022
    October 2021
    September 2021
    July 2021

    Categories

    All
    Domain8

    RSS Feed

  • Infosec
  • Mac Forensics
  • Windows Forensics
  • Linux Forensics
  • Memory Forensics
  • Incident Response
  • Blog
  • About Me
  • Infosec
  • Mac Forensics
  • Windows Forensics
  • Linux Forensics
  • Memory Forensics
  • Incident Response
  • Blog
  • About Me