Interview

Download as txt, pdf, or txt
Download as txt, pdf, or txt
You are on page 1of 8

IDS: Intrusion detection systems work by either looking for signatures of known

attacks or deviations of normal activity. These deviations or anomalies are pushed


up the stack and examined at the protocol and application layer.

IPS: Intrusion Prevention System identifies suspicious activity, logs security


events, attempts to block intrusions and minimize the damage, and report intrusion
attempts.

IDS only issues alerts for potential attacks, while IPS can take action against
them

___________________________________________________________________________________
_______________________

Incident Response Plan:

-Identify the breach response team


-Have a communications plan ready
-Understand regulations and contracts that govern post-breach obligations
-Determine what experts you will engage in advance
-Respond in an “all out fashion” when breach detected
-Preserve evidence
-Engage insurance carrier
-Engage regulators and law enforcement early
-Most important, Test the plan before a breach

___________________________________________________________________________________
__

How to conduct cybercrime investigation:


Assess the Situation
Conduct the Initial Investigation
Identify Possible Evidence from data on mobile, laptop, social media, internet
history, CCTV, etc.

__________________________________________________________________________________

General types of cyber attacks: Malware, Phishing, Man-in-the-middle attack,


Denial-of-service attack, SQL injection, Zero-day exploit (A zero-day exploit hits
after a network vulnerability is announced but before a patch or solution is
implemented)

General cybersecurity tools: Firewalls, Antivirus Software, PKI Services,


Penetration Testing and vulnerability assessment.

___________________________________________________________________________________
__________________________________________________________

WHAT is Cybersecurity policy?


cyber security policy is the backbone of the security architecture of any
organization.

A cyber security policy outlines:


-technology and information assets that you need to protect
-threats to those assets
-rules and controls for protecting them and your business

It’s important to create a cyber security policy for your business, It helps the
employees to understand their role in protecting the technology and information
assets of your business

Generally, an information security policy focuses on three key aspects of data


management:

- Confidentiality: This clarifies the privacy controls surrounding data,


identifying who is authorized to access information and what data may not be
disclosed.
- Integrity: This aspect describes the controls for keeping data intact, complete,
and accurate. It also details how the IT systems managing the data should be kept
operational.
- Availability: This defines how data is to be accessed by authorized users and
under what conditions.

The policy should classify data stored in the network to determine the level of
security that should be put in place to safeguard it.
- High Risk Data
- Confidential Data
- Public Data

When developing your cyber security policy consider the following steps:
1. Identify Key Assets And Threats
2. Prioritize Assets, Risks, and Threats
3. Set Achievable Goals
4. Ensure cybersecurity policy goals complement the Business Objectives
5. Test For Vulnerabilities/Pentesting
6. Have basic security controls in place to ensure maximum cybersecurity, like:
- Set password requirements
- Outline email security measures
- Explain how to handle sensitive data
- Set rules around handling technology
- Set standards for social media and internet access
7. Prepare for an incident
8. Document your policy and keep it up-to-date

_________________________________________________________________________

What is pentesting?
It is one of the cybersecurity audit tools.

Pentesting is a vulnerability management tool that help uncover weaknesses in a


cybersecurity architecture by using simulated attacks carried out by trusted people
Pentesting also helps to increase awareness about cybersecurity issues amongst the
organization’s upper management — which can approve increased cybersecurity budget
allocation for new defenses and security education, training, and awareness
initiatives.

Black Box Penetration Test


This test is conducted without any knowledge of the targeted network or the systems
running on it. The tester doesn’t know anything about the internal code or software
and lacks any access credentials or sensitive information. tester only knows about
the info that is publically available regarding the organization. This form of
testing is realistic because it forces the tester to think like a potential hacker
when searching for vulnerabilities. Drawback: it is time consuming and not all
businesses can afford it.

Gray Box Penetration Test


In this form of penetration testing, the tester possesses some baseline knowledge
about the system. This could be lower-level credentials, a network infrastructure
map, or application logic flow charts.

White Box Penetration Test


Testers are granted the highest level of access privilege, allowing them to assess
the system thoroughly for vulnerabilities, misconfigurations, poorly written code,
and deficient security measures. it may not recognize gaps that an attacker would
be able to exploit from the outside using unconventional tactics. For this reason,
it’s often helpful to perform a white box test in conjunction with black or gray
box testing.

_____________________________________

Pentesting Methodology
• Pre-engagement phase: Understand Business Requirements. You must have a clear
understanding of why the customer requires the penetration test? This helps in
determining the scope and type of pentesting efforts. How long assessment will
take? What to expect from the assessment? Client contacts in case of emergencies?
Non-Disclosure Agreement (NDA)... Getting required authorizations from the client.

• Engagement phase:
• Reconnaissance - review past threats, vulnerabilities.
• Scanning & Enumeration: includes target discovery, Vulnerability mapping.
• Gaining Access (Exploitation): actual cyber attacks in controlled
environment.
• Maintaining Access: to put up a robust attack to fully test the system.
• Covering Tracks: removing tools, plugging backdoors, clearing logs,
including audit logs.

• Post-engagement phase: Reporting the findings, prevention plan, feedback,


executive summary and detailed summary. Validation Test is performed as soon as the
client has completed remediation tasks.

+++++++++++++

Pentesting tools:
• Nmap: Nmap is a network scanning tool that uses IP packets to identify all the
devices connected to a network and to provide information on the services and
operating systems they are running.
• SQLMap: Identify SQL injection vulnerabilities
• Nessus: A vulnerability scanner, Detect missing patches
• Metasploit: used to set up and launch exploits at vulnerable hosts.
• Burpsuite: web application intercepting proxy capable of spidering and
downloading a website
• Recon-ng
• Maltego
• Theharvester
• Nikto
• Gobuster

_____________________________________________

Pentesting Vulnerabilities:

Authentication Vulnerabilities:

- Brute Force Attack: attacks will target a single account and use its username,
email address, etc. with large lists of possible passwords, attempting each in
succession. This attack stops when correct password is determined, the account is
locked out, the attack is mitigated, or the threat actor abandons their efforts.

- Credential Stuffing: valid credentials for one service are used to attempt to
authenticate to other services.

- Password Spraying: This form of authentication attack employs lists of usernames


and then pairs these with common passwords.

Web Application Vulnerabilities:

• SQL Injection: allows an attacker to interfere with the queries that an


application makes to its database. attacker can view data (most case), modify and
delete data (many case). SQL injection can be detected manually by using a
systematic set of tests against every entry point in the application. Most
instances of SQL injection can be prevented by using parameterized queries.

• Broken Authentication: Authentication is “broken” when attackers are able to


compromise passwords, keys , user account information, and other details to assume
user identities.

• Sensitive data exposure: also known as information leakage, is when a website


unintentionally reveals sensitive information to its users or business. ex. website
puts details of it's cybersecurity policy online in corporate information section.

• XML external entity (XXE) injection: allows an attacker to interfere with an


application's processing of XML data. It often allows an attacker to view files on
the application server filesystem, and to interact with any back-end or external
systems that the application itself can access.

most XXE vulnerabilities arise because the application's XML parsing library
supports potentially dangerous XML features that the application does not need or
intend to use. The easiest and most effective way to prevent XXE attacks is to
disable those features.

The vast majority of XXE vulnerabilities can be found quickly and reliably using
Burp Suite's web vulnerability scanner.

• Broken Access Control: As the name tells us, the access control to a
system/application is compromised. Access control ensure that access to resources
is given to authorized personal only. Vertical access controls (user specific
access), Horizontal access controls (can access my account only), Context-dependent
access controls (ex. can't modify shop[ing cart after payment)
• Security Misconfiguration: commonly a result of insecure default configurations.
ex- outdated software, OS, antivirus. ensure they are updated as soon as an update
is available.

• Cross Site Scripting(XSS): allows an attacker to imitate as a user and compromise


the interactions that users have with a vulnerable application. attacker can
execute scripts in the victim’s browser which can hijack user sessions, deface web
sites, or redirect the user to malicious sites. works by manipulating a vulnerable
web site so that it returns malicious JavaScript to users.
Reflected XSS: where the malicious script comes from the current HTTP request.
Stored XSS: where the malicious script comes from the website's database or an
untrusted source.
DOM-based XSS: when an application contains some client-side JavaScript that
processes data from an untrusted source in an unsafe way.
The vast majority of XSS vulnerabilities can be found reliably using Burp Suite's
web vulnerability scanner.

• Cross-site request forgery - CSRF - allows an attacker to induce users to


perform actions that they do not intend to perform

• Server-side request forgery - SSRF - allows an attacker to induce the server-side


application to make HTTP requests to an arbitrary domain of the attacker's choosing

• Clickjacking (UI redressing)

• Business logic vulnerabilities: these are due to some very basic mistakes in the
security measures on the websites which are normally invisible to the normal user.
example- allowing unlimited pswd attempts and not locking the account after 3
attempts.

______________________________________________________________________________

What is cybersecurity audit?

A cybersecurity audit is a systematic evaluation of your company’s cybersecurity


architecture, covering the CIA triad - confidentiality, integrity and availability
of data. These assessments help businesses verify what is on their network, what
needs to be protected, and what are the gaps in their existing protections so they
can make improvements.

This includes things like vulnerability scans to find out security loopholes in the
IT systems. Or conducting penetration tests to gain unauthorized access to the
systems, applications and networks. Finally, the penetration testing reports
generated after performing all the necessary procedures are then submitted to the
organization for further analysis and action.

An IT security audit also comprises the physical part. In which, the auditor
verifies physical hardware access for security and other administrative issues.

Benefits of IT Security Audit


- Protects the critical data resources of an organization.
- Keeps the organization compliant to various security certifications.
- Identifies security loopholes before the hackers.
- Keeps the organization updated with security measures.
- Identifies physical security vulnerabilities.
- Helps in formulating new security policies for the organization.
- Prepares the organization for emergency response in case of a cybersecurity
breach.

Types of IT Security Audit

Approach Based
- Black Box Audit: Here, the auditor only knows about the info that is publically
available regarding the organization that is to be audited.
- White Box Audit: In this type of security audit, the auditor is provided with
detailed info (i.e. source code, employee access, etc) regarding the organization
that is to be audited.
- Grey Box Audit: Here, the auditor is provided with some info, to begin with, the
auditing process. This info can also be gathered by the auditors themselves but is
provided to save time.

Methodology Based
- Penetration Tests: The auditor tries to break into the organization’s
infrastructure.
- Compliance Audits: Only certain parameters are checked to see if the organization
is complying with security standards.
- Risk Assessments: An analysis of critical resources that may be threatened in
case of a security breach.
- Vulnerability Tests: Necessary scans are performed to find possible security
risks. Many false positives may be present.
- Due Diligence Questionnaires: Used for an analysis of existing security standards
in the organization.

________________________________________________

CAAT - Computer Aided Audit tool - CAATs normally includes using basic office
productivity software such as spreadsheet, and more advanced software packages
involving use of statistical analysis and business intelligence tools. specialized
software are also available to fully automate and streamline the audit process.

___________________________________________________________________________________
_______________

AGILE:

It is a SDLC methodology which uses a cyclical, iterative process of producing


working software. Work is done in regularly iterated cycles, known as sprints, that
usually last two to four weeks. It involves collaborative decision making
between requirements and development teams.

Developers focus on the most important features at any given moment, rather than
going “according to plan.” It is a dynamic approach to software development which
is very helpful nowadays as the client requirement tend to change very frequently
during the software development process.

The key differences between traditional SDLC and Agile


Waterfall SDLC Agile
Carefully planned first version Speed and adaptability
Limited transparency Full transparency between
members
Top-down responsibility Shared responsibility and
ownership
Initial research and planning Ongoing research, planning, and
testing
Different teams in different stages Ongoing collaboration
Focused on delivering full product Iteration-focused

SCRUM: Scrum is a framework that helps teams work together. Scrum describes a set
of meetings, tools, and roles that work in tandem to help teams structure and
manage their work.

These are the 5 stages of a traditional Waterfall life cycle:


=Requirement analysis
=Design
=Implementation
=Verification
=Maintenance

___________________________________________________________________________________
______

-- Regulatory Audit: SOX, GDPR, ISO experts.


-- Annual Audit: required in annual company performance, esp if you are listed on
stock exchange. it is a report that communicated the risk exposure of the
organization and the status of the org wrt to the security exposure.
-- Project Audit //////
-- Industry-induced audit /////

Internal Audit ////////////


- Spot Audit
- Project audit
- Routine audit - govt can do this... board of directors can ask for this.
- Scheduled audit - every quarter

External Audit ////////


-Scheduled Audit
-On-demand audit

___________________________________________________________________________________
_______________________________________

cybersecurity policy
what should be involved in policy
sdlc - agile
pentest - how it is performed/basic pentest commands/types os vulnerabilities
audit tools???? did he mean network audit tools?
Comprehensive Infosec plan includes administrative, technical and physical
safeguards.

Comprehensive InfoSec Plan ensures the security and confidentiality of member


information; protect against any anticipated threats or hazards, and protect
against unauthorized access

Logical Access Control - Access controls on member information systems


Physical Access Controls - Physical locations
System Modifications Change Controls
Segregation of Duties

Response Program
Business Resumption

___________________________________________________________________________

waaf cloud trail

hepa pipa

how to configure according to hepa guidelines

trello

Hippa

You might also like