You can use identified security vulnerabilities to do the following: Gain further information about the host and its data. Obtain a remote command prompt. Start or stop certain services or applications. Access other systems. Disable logging or other security controls. Capture screenshots. Access sensitive files. Send an e-mail as the administrator. Perform SQL injection. Launch … Read more
After finding potential security holes, the next step is to confirm whether they’re indeed vulnerabilities in the context of your environment. Before you test, perform some manual searching. You can research websites and vulnerability databases, such as these: Common Vulnerabilities and Exposures ( http://cve.mitre.org/cve ) US-CERT Vulnerability Notes Database ( www.kb.cert.org/vuls ) NIST National Vulnerability … Read more
As a security professional, you need to gather the things that count when scanning your systems. You can often identify the following information: Protocols in use, such as IP, domain name system (DNS), and NetBIOS (Network Basic Input/Output System) Services running on the hosts, such as e-mail, web servers, and database applications Available remote access … Read more
You need protection from hacker shenanigans; you have to become as savvy as the guys trying to attack your systems. A true security assessment professional possesses the skills, mindset, and tools of a hacker but is also trustworthy. He or she performs the hacks as security tests against systems based on how hackers might work. … Read more
Malicious user — meaning a rogue employee, contractor, intern, or other user who abuses his or her trusted privileges — is a common term in security circles and in headlines about information breaches. The issue isn’t necessarily users “hacking” internal systems, but rather users who abuse the computer access privileges they’ve been given. Users ferret … Read more
Social engineering attacks cover a wide range of activities. Phishing, for instance, is a social engineering attack (SEA). The victim receives a legitimate-looking e-mail, follows a link to a legitimate-looking website they’re familiar with, and often divulges sensitive information to a malicious third party. As end users are made aware of such activities, the attacks … Read more
Several years ago, Congress determined that the legal system still allowed for too much leeway for certain types of computer crimes and that some activities not labeled “illegal” needed to be. In July 2002, the House of Representatives voted to put stricter laws in place, and to dub this new collection of laws the Cyber … Read more
Since technology can be used by the good and bad guys, there is always a fine line that separates the two. For example, BitTorrent is a peer-to-peer file sharing protocol that al- lows individuals all over the world to share files whether they are the legal owners or not. One website will have the metadata … Read more
Even the strongest safe deposit box can be opened with the right key. Your valuables might be safe in the strongest, most fortified bank in the world, but if the key is sitting on the bar with your car keys, it only takes a simple and quick attack to defeat every layer of the bank’s … Read more
Your application might be the most secure application ever written, but unbeknownst to you, the operating system is unintentionally working against your security. I’ve tested many applications that were otherwise securely written, but leaked clear text copies of confidential information into the operating system’s caches. From web caches that store web page data, to keyboard … Read more