Sunday, December 15, 2019

Strand Hogg Virus or Malware


The StrandHogg vulnerability is mostly infected the android OS without accessing root mode and use vulnerability based on weakness seen.

Promon security researchers have found proof of a dangerous Android vulnerability named 'StrandHogg’, that allows real-life malware to pose as legitimate apps, with users unaware they are being targeted.

What’s the impact?
  • All versions of Android affected, including Android 10*
  • All top 500 most popular apps are at risk still we are still not listed how many apps are vulnerable
  • Real-life malware is exploiting the vulnerability
  • Till now 36 malicious applications exploiting the vulnerability was identified
  • The main thing is vulnerability can be exploited without root access
  • When exploited by hackers
  • They can listen to the user or victim through the microphone
  • Take photos through the camera and view the mobile screen.
  • Read and send important SMS messages they will take control without the knowledge of the victims
  • Make and/or record phone conversations with victims knowledge
  • Phishing login credentials by watching the mobile screen
  • Get access to all private photos and files on the device and may be use to gain from information gathered.
  • Get location and GPS information and target the victims.
  • Get access to the contacts list and miss use or sell at dark web
  • Access phone logs and modify everything.

How to identify or avoid from this virus:

  • Check the mobile access or permission to applications
  • Please avoid the application which are asking for permission or ask to download.
  • Check whether without your knowledge any apps installed.


Beware of virus and Malwares. Use your end devices securely.

By at 1 comment:

Saturday, December 14, 2019

Networking-Cisco IOS vs Cisco NXOS and CatOS

  • Cisco nexus NXOS does not support login command to switch users.
  • Cisco nexus NXOS does not distinguish between standard or extended access list, all lists are named and "extended" in functionality.
  • Cisco NXOS did not support scp server prior to the release od version 5.1(1).
  • In cisco NXOS there is no "write" command to save the configuration like on IOS. We need to use Copy command instead of write command. We can also use command aliases to provide write command.
  • When accessing cisco NXOS, users authenticate directly to their assigned privilege level.
  • SSH server is enabled while telnet is disabled by default in Cisco Nexus device.
Cisco CatOS:
  • Mostly we can see CatOS on catalyst switches. Which works with high speed based on input.
  • CatOS is a catalyst operating system which is a discontinued operating system for many of the catalyst brand of legacy network switches. CatOS ran on switches such as 1200,2800G, 4000,4500,5000,5500,6000,6500 series. It was originally called as XDI by the switching company cresendo communications, Inc. Cisco renamed it to CatOS when they acquired cresendo in late 1993.
  • CatOS can still run on some of cisco's modular switches, "hybrid mode". In hybrid mode, the network management processor (NMP) or switch Processor (SP) runs CatOS and the route processor runs Cisco IOS.

Hill Station view:

By at 2 comments:

Networking-Cisco NXOS

  • Nexus device will be mostly located in data center.
  • Cisco NXOS is originally named as SAN OS, it was initially 32 bit OS evolved with 64 bit OS.
  • Cisco NXOS supports symmetric multiprocessing, it allows preemptive multitasking. Which allows a high priority process to get CPU time ahead of lower priority.
  • Cisco NXOS built on Linux kernel, which natively supports python for scripting.
  • One of the benefit in Cisco  NXOS is we can set or activate the feature based on our need.
  • Cisco NXOS is a network operating system for nexus series ethernet switches and MDS(multilayer director switch) series fibre channel storage area network switches created by cisco systems.
  • Cisco Nexus is based on Montavista software embedded Linux and which is interoperable with other cisco operating systems. The command line interface is similar to cisco IOS.


Hill Station view:


By at 1 comment:

Networking- Cisco IOS XR

  • Cisco IOS XR found in service providers routers like 12000 series cisco IOS XR.
  • Cisco IOS XR originally designed for 64 bit operations. As somewhat equal to NX-OS, Cisco IOS XR offers many enhancements like multiprocessing, separate memory spaces etc.
  • Cisco IOS XR activates only services that are needed.
  • Cisco IOS XR built on QNX neutrino micro kernel, QNX is quite similar to Unix.
  • Features cisco IOS XR offers that are not found in NXOS. This has ability to have single instance of OS Controlling multiple Chassis.
  • Cisco IOS XR offers supports for interfaces such as DWDM(dense wavelength division multiplexing) and packet over SONET.
  • The basic difference found in NXOS is when you're finished entering Configuration commands in your cisco IOS XR you need to commit your changes to make them effect before exiting configuration mode.  And to erase the current config user commit replace.
  • Cisco IOS XR is a train of cisco systems widely deployed internetworking operating systems(IOS), used in higher end network converging systems (NCS), carrier-grade routers such as the CRS series, 12000 series and ASR9000 series
Advantages of cisco IOS XR:
  • Largely supports hardware redundancy and fault containment methods such as protected memory spaces for individual processes and process restart ability, which gives improved high availability for the network.
  • Better scalability for large hardware configurations through distributed software infrastructure and a two stage forwarding architecture.
  • A package based software distribution model allowing optional features such as multicast routing and MPLS to be installed and removed while the router is in service.
  • The ability to install packages upgrades and packages while router remains in service.
  • A Web-based GUI for system management, making use of a generic, XML management interface.


Note: Not all IOS XR models supports ISSU. Only some models supported by ISSU.
Hill Station view:
By at 1 comment:

Networking-Cisco IOS vs Cisco IOS XE

  • Cisco IOS is monolithic operating system running directly on hardware.
  • Cisco IOS XE is a combination of a Linux kernel and a monolithic application IOSd that runs on the top of this kernel.
  • Cisco IOS XR is based on QNX - since version 5.0 is also based on Linux. 
  • IOSd application has been separated into many applications. While IOS XE(IOSd) and Cisco IOS share a lot of the same code. But cisco IOS XR is completely different code base. 
  • Cisco IOS XE has IOSd running as a application on top of Linux, also it able to run different applications on the hardware. Best example for this is running wireshark on a switch. Also Cisco IOS XE is open service containers. 
Hill Station view:
By at 1 comment:

Tuesday, December 10, 2019

Networking-Cisco IOS-XE

  • Cisco IOS XE is a inter networking operating system(IOS) of cisco systems.  Mostly we could see this operating systems in ASR1000 series routers.
  • To understand Cisco IOS XE we will use master and slave concept. Cisco IOS XE will have two codes. Master code IOS process is  the main process and other code is like a slave, when master issues order slave will do it job.
Here route processor(RP) plays a major role in which has
  • RP base
  • RP control
  • RP operating system

  • Above will be into control plane and in between IOS and rest platform
  • IOS-XE runs processes deamon on Linux based. Complete image has a sub packages called as consolidated package.
  • RP access uses the protocol SSL/SSH.
  • RP IOS provides cisco IOS kernel.
  • Cisco IOS-XE built on Linux and provides distributed software architecture that moves many operating system responsibilities out of the IOS process and has a copy of IOS running as a separate process. Since it runs a copy of IOS, all CLI commands are same for Cisco IOS and Cisco IOS-XE. In contrast to Cisco IOS-XR which has completely different code base and its developers implemented quite a different CLI command set.

ESP(Embedded Service Processor) Base:

Data plane and all flow of data's, embedded service processor responsible for features QOS, ACL, Netflow, NAT

SIP(Shared Port Adapter Interface Processor) Base:

Shared port Adapter SPA OS and control plane is a carrier card that you insert on reader slot.

SPA driver and FPD (field programmable device) provides interface between Network and shared port adapter interface processor.

 Hill Station view:

By at 1 comment:

Networking-Cisco IOS

IOS was developed In  1980's 'C Program Language'. IOS does not support multiprocessing at a time. First one instruction should be completed after that only other instruction will begin.
Moreover you can found IOS in borderless network that is a network allow anyone anywhere on any device to connect like corporate network example for this 3900 series ISR routers and 2900 cisco routers.

  • Cisco IOS is a inter operating system family of software which used on cisco routers and switches.
  • Best feature of Cisco IOS is routing, switching, Inter networking and telecommunication functions this features are integrated into multi-tasking operating system. Although Cisco IOS code base includes a cooperative multi-tasking kernel, most of the IOS features ported to other kernels like QNX and Linux for use in cisco products or simulators like cisco VIRL.
  • Cisco IOS use shared memory space, since all pool uses same memory space, sometimes misbehaving OSPF could wreak havoc on router process.
  • If you take Cisco 7513 modular router which supports versatile interface processor (VIP) module which allow individual line card to run their own instances for load balancing or redundancy.

Note:

 Remember not all cisco model run on IOS. For example ASA security model device which runs on Linux based operating system, and carrier routers which runs on IOS-XR.


Hill Station view:


By at 1 comment:

Friday, November 29, 2019

Cyber Security - Understanding Ethical Hacking

Data breaches stats by industry:

Major data breaches in below industry will impact the reputation of the organisations and loss to government or private agencies.

#Business
#Health care
#Education
#Government
#Banking

Major breach on equifax a credit bureau in the year 2017.

Expert action of ethical hacking:

#Code of ethics
#Privacy
#Intellectual property
#Disclosure
#Area of expertise
#Unauthorised usage
#Illegal activities
#Authorization
#Management
#Knowledge sharing
#Confidence
#Extreme care
#Malicious activities
#No compromise
#Legal limits
#Involvement
#Underground community's

Above are the important things to be known before Ethical Hacking

Hill Station view:



By at 1 comment:

Monday, October 7, 2019

Cyber Security Internet of things (IOT)

Internet of things is a emerging field due to technology upgradation through artificial intelligence.
  • IOT is the interconnection of devices globally through Internet connection.
  • Due to IOT advancements in technology, cyber security plays a major role for merits to secure.
  • For example for IOT, we can say RFID to track devices. And day to day use of small control through remote devices.
  • IOT homes are starting point, so education is only important for Internet of things. Currently due to IOT light bulbs, Camera, thermostat are currently connecting to Internet.

Camera connected to Internet:
  • Whenever camera is connected using intercept key, hacker can see the key. So secure your wireless network
  • Web camera can be hacked based on Virus send as an attachment. 
  • Advanced robots technology is important for security bounty hunters.

Smart Medicine Bottle:
  • Tracks number of pills in the bottle.
  • Reports changes in quantity. 
  • Remember data and time of pills taken.
  • HIPPA-health insurance portability accountability act.
  • Activate remote wiping of applications, whenever your device lost we can do that.
  • Drones are Internet connected, currently there are 5 lakhs of drones sold this year.

The Cyber security Techniques:
  • Cryptography
  • Intrusion detection
  • Multifactor authentication

Cryptography:
Cryptography is a mathematics to change data which is unreadable, only recipient have the key.

Multifactor Authentication - MFA:
MFA is a input two different forms of data to access data on Internet.

Biometric Identification:
  • Finger Print
  • Voice Recognition
  • Face recognition
IDS:Intrusion Detection System:
IDS is used to detect the external threat. People try to access data from external in that may be a chance of external threat.

Internal intrusion:
  • Internal intrusion is someone within a company or somebody trying to sabotage company data.
  • Peoples careless with software while installing allowing access to third party are route for the attack.
  • Use strong password so password cannot be compromised by dictionary attack.
  • We can predict easily 50 billion devices connecting to Internet in the next 5 years.
  • Protecting privacy will continue to challenge IOT at lightning speed.

Hill Station view:


By at 3 comments:

Sunday, October 6, 2019

Cyber Security Pairing Physical and Digital security

If the defense of the environment in depth attacker have no time to think.
  • OSI Open system interconnection
  • Policy and Procedures
  • Education 
  • Strong password 
  • Gates and fences
  • Checkpoints
  • Supply Management
OSI consists of below layer for Communication:
  • Application layer
  • Presentation layer 
  • Session layer
  • Transport layer 
  • Network layer 
  • Datalink layer 
  • Physical layer
Physical layer comprises of below important points,
  • Identification
  • Data archives
  • Access logs 
  • Man traps
  • Locked  vaults 
  • Fiber
Policy which  are important for cyber security are,
  • Strong password 
  • Classification
  • Job rotation 
  • Tailgating
  • Alarm configuration 
  • Inspections
  • Lock down procedures 
Physical security:
  • Deterrence is a use of threat to prevent an action from bad actor. 
  • Physical security needs to do additional work mutual destruction.
  • Physical security is a barriers and surveillance and security are important in case of cyber security. 
Detection:
Physical security we can ensure security by alarms and sensors, and continuous video surveillance.

Access controls: 
  • Security access controls can be given by multifactor authentication. 
  • Security personnel need to make sure to secure  organisational assets from various hazards. 
Digital Security:
  • Digital security uses threat to bad actors which happen complexity of security. 
  • Digital security detection uses IDS , account monitoring, trend analysis, user logging. 
  • Digital security access can be ensured by blocking Tailgating and shoulder surfing. 
Digital Access Control:
Digital access control are classified based on controls given below,
  • ABAC:Attribute based access control
  • DAC: Discretionary based access control 
  • HBAC:History based access control 
  • MAC:Mandatory access control 
  • OrBAC: organisation based access control 
  • RBAC:Role based access control
  •  RAC: Rule based access control. 
  • IBAC: Identity Based Access Control 
  • RBAC:Responsibility based access Control. 
Digital Security Personnel:
  • Information assurance technical (IAT) 
  • Information assurance management (IAM) 
  • Information assurance system architecture engineering (IASAE) 
  • Computer network defence - service provide (Nd-Sp). 
NIST Framework Core:
  • Securely Provision 
  • Operate and maintain
  • Protect and defend 
  • Investigate collect and operate
  • Analyze
  • Oversight and development 
Integrating Security:
System integration is linking computer, vertical, horizontal, spaghetti, continuous.

Integrating hardware solutions:
Hardware solutions are important for cyber security,
  • Locks
  • Firewall 
  • IDS
  • Hardware Security module 
  • Access hardware 
Integrated software solutions:
Single sign-on tokens and servers
Physical firewall and software firewall

Hill Station view:

By at 1 comment:

Saturday, October 5, 2019

Cyber Security Digital Data Protection

Digital data protection is important to protect from security breaches below.
  • Data Theft
  • Denial of service
  • Integrity Attacks
Data Theft and Email:
Digital information categorised into two ways structured and unstructured data.

Structured Data:
  • Structured Data controls available for typical data.
  • Structured data stored in database.
Unstructured Data:
Unstructured data's like email and file attachments, word/pdf, excel, pictures and videos.

A look at Deficiency:
  • A weak user authentication and permissions.
  • Transmission in the clear.
  • No controls of intermediate servers.
  • No control over redistribution.
Sieve  RFC 5228:
Sieve  is a language for filtering e-mail messages. Sieve is designed to be implementable on either a mail client or mail server. Sieve is meant to be extensible, simple and independent of access protocol, mail architecture and operating system.
  • Email messages unencrypted can be hacked.
  • Sender emails copied send to email server, sender email server copy the email in mail server and send to  recipients email server coped email and send to original recipient.
  • Email has no control on email server.
  • Always whenever you are using Gmail, outlook, yahoo, they will download a copy to their own mail servers.
  • Email servers are owned by third party server.
  • After 180 days your emails are considered 'abandoned'.
  • Email older than 6 month - no warranty or portable cause required.
  • By the means of wire tapping email servers hacked by hackers.
The Gateway of Email Server:
Email server has gateway as SMTP email, 90% of Malware smuggled in via SMTP email gateway.

SMTP:Simple Mail Transfer Protocol:

Simple Mail Transfer Protocol (SMTP) is the standard protocol for email services on a TCP/ IP network.
SMTP port 587 is used with encryption messages with wrapper.
  • SMTP Port 25 is the default port used for relaying.
  • SMTP Port 465 should no longer be used at all.
  • SMTP Port 2525 used when all other port is blocked.
SMTP Inherent vulnerability:
  • SMTP vulnerabilities is unsecured storage and transmission.
  • SMTP  is lack of redistribution controls.
  • SMTP is lack of temporal.
Partial solutions:
  • Transmission Encryption which will encrypt the connection but this can be compromised.
  • Bulletin board systems
  • Add on message encryption
  • Enhanced authentication
Bulletin board solutions for secure email:
  • Recipients to get email notifications to log into a Web portal for their messages.
  • Bulletin boards are user friendly.
  • Bulletin boards are high quality and encrypted.
Add on Message:
  • Add on message is used to stop Phishing.
  • But add on message not having capacity to stop spear Phishing.
  • Add on message encrypt stored and sent emails.
Enhanced authentication:
Enhanced authentication will be used to prevent from any attack by hacker.

Root cause:
Generally unstructured data files can be easily copied from victim to attacker. So cyber  security measures are important.

The Fix:Securing files By default:
The fix will be only using encrypted Internet connection, so we need to follow below steps,

Step:1: Application file will generate encryption key specific to files.
Step:2: Application automatically locks the file
Step:3: Application able to hide true file name.
Step:4: Application will create a new special shared key.
Step:5: Also application creates a specific file key to user.

Secure Data at Creation:
Granularly encrypt each data object with AES 256 symmetric encryption.

www.absio.com is best source which offers below,
  • Absio offers email encryption service.
  • Secures data at rest.
  • Encrypt each file with its own key.
  • Distributed key management.

Hill Station view:
By at 1 comment:

Friday, October 4, 2019

Cyber Security Safe Digital Communications

For safe digital Communication some of the security measures needs to be checked. 

 Good Security audit Checkpoints:
  • Passwords 
  • Screen locks
  • Data at rest 
  • Data in transit
  • Data in use 
  • Physical security 
  • Background check
To protect your identity we need to aware of all threats related to identity theft.

 Junkware:
  • Junkware  is injection of malicious code by the means of Adware downloads. When installing software or application or using browser malicious advertisement by clicking it will inject Junkware.
  •  Password hygiene is important by using strong password for example password should be asdex@598*

 Dangers On Internet:
  • Avoid the emails with attachment of (.Exe)extension. 
  • By using antivirus and anti Spyware programs to avoid hackers. 
  • Don't fall for as a prey for Phishing emails. 
  • If you're using https also need to verify digital certification before transaction certificate issued by third party, which is encrypted or protected. You can view a gold lock on address bar by expanding you can view. 
  • By using strong password you can protect. 
  • Don't open the suspicious email from unknown persons it may be a Phishing email. 
  • Always backup storage data in offline also. 
  • Ransomeware is a virus takes control of computer and networks. To keep safe you hard drive it should be protected. 
  • Encryption is a mathematical technique used to make readable to unreadable data. 
  • Based on encryption key will be divided into two parts. First part will be private key and private key, to decrypt the data private key will be used. 
  • Tor browser is used for private or VPN. 
  • Download.CNET.Com to download secure downloads of Internet apps. 
  • To protect from unsecure WiFi we need to protect by every techniques. WiFi pineapple is a hacker defensive device.To buy check out the link https://www.amazon.com/slp/wifi-pineapple/5tqmwqccurbx3dp

 WiFi Pineapple Device:

 A WiFi Pineapple is a hacking device. When a person's device scans for networks the device already knows, the WiFi Pineapple fakes as one of those networks, and the device automatically connects to it. It acts as a sort of middle man between the Internet and the device. It can intercept the device's web traffic and gather information victim. 
  • WiFi Pineapple is used to look for rogue WiFi hotspots being put in air by hackers. 
  • WiFi Pineapple has ability quietly and passively monitor for all WiFi devices in an area.
  • Tells us hackers look for what WiFi signals are there and how they configured.

 WiFi at Home:
  • Secure your WiFi router and use strong passwords. 
  • Anyways use WiFi encryption using WPA2.

 Social Media:
Don't over share in Facebook and avoid unwanted hackers target to victim. 

 Things To Avoid:
Don't download illegal copyrighted material without paying for it.

 Hill Station view:
By at 1 comment:

Thursday, October 3, 2019

Cyber Security Backing up your Data

Backing up your Data:
  • Data back up is important in case of cyber security of the organisation.
  • To prevent data loss everyone or every organisation needs to back up data weekly.
Business continuity plan(BCP):
BCP is a method to data loss prevention, all of the other plans are subset of your BCP.  Subset in thesis over all security policy of organisation.

Disaster Recovery(DR):
  • Disaster recovery is a plan to restore critical business process or a system back to operation after a disaster
  • DR in IT industry flow will include backup - recovery - restore - alternate site.
Records Retention:
A record retention plan is a high level policy that states the length of time that business must maintain.
Best example for records retention is payroll records.

Contractual Documents:
Contractual documents are import for country like US has section 802 for Bank rupt. 

Important for audit logs,
  • Security event
  • IT incident
  • No conclusion in financial system

Backup Plan:
  • Backup plan is a part of DR, whenever issues happen there is a alternative plan to backup.
  • Database uses a dedicated software to backup the data.
  • Best example for this backup is email and oracle database servers.
Incident Response Plan:
Incident response plan is incase of any emergency situation on specific incident happen. To tackle the incident we need to have a step by step plan to engage the situation.

Information Risks:
  • Sensitive information are needs to be encrypt data for possible retention.
  • Most probably we need to have extra care to PII(personal identifiable Information).

PII:Personal Identifiable Information:
PII belong specific persons private information not to be disclosed in public. 

PII information are like,
  • Name
  • SSN(Social Security Number)
  • Aadhar card Number
  • Date of birth(DOB)
  • Name
  • Location
  • Driver licence
  • Passport
  • Mother's maiden name
Saboteur: 
Saboteurs always a threat so deny access to any Organisation, this type of hackers can be avoided.

Hill Station view :

By at 1 comment:

Wednesday, October 2, 2019

Cyber Security Protection And Destruction Of Portable Data

Storage:
  • Storage device should be destroyed when no longer needed.
  • Cost will decrease when size decreases, when storage size increases cost also increases.
Significance of Data Protection:

 We need to protect the below three types of data,
  • Data in use 
  • Data in transit
  • Data at rest 
  • Largest data breach always damage reputation of organisation, hacker always target data at rest. 
  • File vault is a FDE, which is full disk encryption. This enables full protection to stored data in storage. 
  • Windows OS uses Bitlocker to encrypt the storage data. 

 Attacks on Portable Medical Equipment:
  • An ultrasound machines that retained patients image are stored. 
  • An EMG machine is used to examine muscle. 
  • Old X-ray files that had been stored in barrels. 

Portable Data Governance:
Data governance is important for cyber security.
  • Privacy
  • Complaince
  • Security

 Data Classification:
Data classification  based on the below information
  • PDI- Public Directory Information
  • NPI-Non public Information
  • FIPS-199 unclassified,confidential
  • Fisma-NIST 800-88

 Data Vulnerabilities And Exploits:
  • Due to data loss of 19 million medical patient records in US. 
  • Financial industry shows that 27.5 million records exposed. 
  • Loss of backup tapes and records of 12.5 individuals.

Hill Station view:
By at No comments:

Cyber Security vulnerability Mitigation

Cyber Security is important to mitigate devices hacks from hacker. Below techniques used,

 Device Hardening Technique:
  • Always keep the devices with latest IOS and applications. Patches updated regularly based on latest versions.
  • Don't use unknown sources to download applications. Use only official applications stores to download.
  • Avoid free applications are always dangerous.
  • Every install check the individual applications and which handles security and privacy.
  • Don't open accept messages from strangers. Sometimes Robo-texts, Robo-dialers.
  • Always be suspicious
  • Turn off auto retrieval of texts on your device.
  • Always use comprehensive security mechanisms, antivirus or VPN.

 Techniques :communication and network:
  • Always create an unique password.
  • Change the WiFi network SSID name frequently.
  • Always use encryption enabled in network
  • Enable mac filtering for your network
  • Reduce the range of wireless signal and use.
  • Upgrade the router firmware with latest after checking in test routers for any bugs in new router.
  • Always segregate the network traffic based on group and use to avoid unwanted hacks.
  • Always enforce mobile device policy to ensure cyber security of the device.

Policy best practices:
Personal Identifiable Information (PII)  should never be stored unencrypted. Always use encryption for data at rest. Hacker finds difficult to decrypt the information.

 Hill Station view:

By at 1 comment:

Cyber Security Physical And Logical Hacking Technique

Physical hacking techniques:
Physical hacking techniques sometimes violent and sometimes without victims knowledge it will happen.
  • Lost devices like mobile, laptops by theft.
  • Kill switch technology useful as a brick to escape from physical hack.
  • To find the lost iPhone, ICloud enables find lost iPhone.
  • Android devices enables device tracking by android manager app, linking it to the Google accounts and we can find the following directions.
  • To find windows phone, go to settings and click on find my phone.
Logical Hacking Technique:

Logical Hacking Technique mostly target mobile platforms,
  • Mobile platform attacks are increased to 72% in 2015. In 2019, 2020 it will increase due to billions of mobile users.
  • Silver push software used application advertisement capture the information and send back the information gathered to the adviser.
Below technique used for logical hackers,
  • Advertisement spamming
  • SMShing or SMS Phishing
  • Mobile applications downloaded will embedded with Malware.
  • Applications that capture credentials they don’t need.
  • Slembunk, Android Bank included a Trojons.
  • RAT's remote access tools used by hackers to hack windows,android and mac.

Hill Station view:

By at 1 comment:

Cyber Security Device Exploitation

Mobile devices are the targeted by hackers for device Exploitation and for gathering important information on  below  purposes,
  • Mobile Banking
  • Spying
  • Malware exploits
  • Services set identifier(SSID)
Popular War driving tools used for hacking,
  • Kismet 
  • Wireshark 
  • Fern WiFi wireless cracker
  • Common view for WiFi
  • Omnipeek
  • Airjack
  • INSSIDER
  • KISMAC
Some of the tools used to automate Robo calls to all possible numbers.

 Man in Middle attack:
  • Man in middle attack is a medium through attacker interrupts and disrupts attack. 
  • Picture archive and communication systems(PACS) used for Med Jacking. 
Signal Spillover:
  • Signal spill over is used to broadcast beacon characteristics. 
  • Signal spillover is used allowed pedestrian walking by public hotspots.
  • To signing guest network without signing in. 
Packet In Packet Vulnerability:

 This vulnerability is used by hackers to de-authenticate clients connected to WiFi and inject malicious beacon frames, perform host scan and port scan. Bypass firewall rule and conduct ARP spoofing.

 Due to this type of attack by hackers resistance from this to ensure cyber security end to end to be secure.

 Hill Station view:
By at 1 comment:

Cyber Security WPAN and IOT

A wireless personal area network is a short distance wireless network interconnecting devices centered around the individual person works space.

WPANs address wireless networking and mobile computing devices such as PCs, PDAs, peripherals, cell phones, pagers and consumer electronics.

IEEE802.15 play a fundamental role in IOT (Internet of things). Smart devices are close in range to one another.

These devices are classified in three classes,

CLASS1 1 Devices:
USB adapters and wireless access points that can operate in a range upto 328 feet or in meters.

CLASS 2 Devices:
Device like mobile phones, smart card readers which works in 33 feet range.

CLASS 3 Devices:
Class devices 3 like Bluetooth adapters, keyboard or mobile phone to car speaker range upto 3 feet range.

Beaware of Bluetooth hacks,

Bluetooth background attack can happen without knowledge of victim, cyber security is important to consider,
  • Blue Jacking
  • Blue sniffing
  • Blue snarfing 
RFID: Radio frequency identity:

RFID is a common uses are inventory control in retail stores, hospital pharmacy's and public. RFID signal range 10 centimetres to 100 meters.

Mobile Devices Information Markets:

  • Mobile devices cyber security is important to keep the storage data safe.
  • Hacked email or social media accounts are more valuable but profit margins unknown for personal data. It may cost around $65-$194 dollar.
  • Corporate email account may cost around at $500.
  • Passport are valued high and hackers try to attack through Ransome Ware which encrypts the data in hard drive and ask for money to decrypt data.

Hill Station view:
By at 1 comment:

Cyber Security Mobile Device Apps

Radio frequency range from 3KHz to 300 GHz. One to one communication for calling requires routing from the originator to the desired receiver and with return Acknowledgement.

Below standard is are used to define  new innovation standard
  • IEEE is established in the year 1964.
  • American institute of electrical engineers established in 1884.
  • Institute of Radio engineers is established in year 1912.
Some of the network standards are
  • IEEE802.11 is a standard for WLAN (wireless local area network )& WiFi.
  • IEEE802.15 is a standard for Wireless personal area network(WPAN) Eg - Bluetooth.
  • IEEE802.16 is a standard for Broadband Wireless Access(WiMAX).
  • IEEE802.20 is a standard mobile broadband wireless network.
  • IEEE802.22 is a standard wireless regional area network.
  • IEEE802.1 is a standard for higher layer LAN protocols.
  • IEEE802.1Q  is a standard for Bridges and vlans.
  • IEEE802.3 is a standard for ethernet.
  • IEEE802.11i is a standard WiFi protected access 11.

Other consortia:
  • 3GPP third generation partnership project is for cellular and mobile technologies.
  • IETF is a standard abbreviated as Internet engineering task force used for both wired and wireless technologies.
  • ETSI is a European telecom standard institute for wireless standard concerned fix.
  • Cyber Security NIST : national institute for standard and technology
  •  SG-CG:smart grid coordination group of European life.

ITU: International Telecommunication Union
  • ITU was established in the year 1865.
  • ITU always engaged in developing technical interconnectivity.
  • ITU is the best solution for statistics.

Hill Station view:
By at 1 comment:

Cyber Security Mobile Device Security

Cyber Security is important for Mobile security, nowadays Internet and mobile phones are used by more than billions of people.

Mobile Device security:
Mobile Device security is important, earlier used is enigma machine which is early used for encoded messages.

Mobile Device Adoption:
  • Mobile Device adoption is a upward mobility and geographical communication mobility.
  • Currently mobile adoption is common for wireless living.
  • About 77% wireless Internet traffic used by smart phone users.
  • Smart phones are credited for about 98% of digital industry commerce  growth. This enables importance of cyber security.


Cisco Visual Network Index:
  • By 2020 will  increase over by 5.5 billion mobile users its about 70% of global population.
  • Mobile works on radio technology and mobiles are embedded with processors and which will increase the mobile speed. And processor made up of transistor and which works on frequency modulation.


Federal Communication Commission(FCC):
  • Federal communication commission is established in 1934.
  • Heinrich hertz is a German physicist and who worked and proved.
  • Nikola Tesla who discovered the AC.
  • Ernst Alexander who discovered morse code transit the speech.
  • HAM Radio is used to satellite communication which is used in certain frequency for communication, no one interrupt this radio communication.

 Hill Station view :
By at 1 comment:

Monday, September 30, 2019

Cyber Security Modern Geo location Variations

Modern Geo location Variations are classified based on three
  • Triangulation
  • Trilateration
  • Multiateration
Triangulation:
Triangulation is actually just an average of latitudes and longitudes gathered using the signal strength squared as the weight is called as weighted centroid Trilateration.
Triangulation assume the signal strength will change at the inverse square of the distance.

Triangulation is the process of determining the location of a point by measuring angles to it from known points at either end of a fixed line.


You can check how to triangulate using above link.

Trilateration:
Trilateration is the process of determining absolute location of points by measurement of distances using the geometry of circle, spheres or triangles.

To check Trilateration check the below link


Ekahau Software:
Software used for site survey planning, mobile surveys, spectrum analyser and heat mapper.

Accuware:
Accuware used to WiFi location monitor. No mobile application required for the target.

Multiateration:
Multilateration is a navigation and surveillance technique based on the measurement of the times of arrival of energy waves having a known propagation speed. Multilateration is used by military forces to find the exact geo location of target based on the time difference.

Hill Station view :
By at 1 comment:

Cyber Security Radio Location

Geo location:
Geographic location of object such as radar, mobile phone or Internet connected computer terminal.

 Radio location:
Radio location is a technique used to find the location through radio waves in certain geographical area.

 Radio location techniques:

  • Recieved signal strength (RSSI)
  • Time of arrival (TOA)
  • Time difference of arrival (TDOA)
  • Angle of arrival (AOA)

RSSI:Recieved Signal Strength:
  • Recieved signal strength is used to measure the distance at which signal received.
  • Received signal strength can be influenced by weather, terrain and antenna.

 TOA:Time of Arrival:
  • Time of arrival is time of transmission and speed of propagation are known as TOA.
  • Clock skew at fast RF speeds, amplifiers, errors.

 TDOA:Time Difference of Arrival:
  • Time difference of arrival is a combined TOA data from several receivers is known as TDOA.
  • Multiple clock skew faster RF speeds, amplifiers, errors.

 AOA:Angle of Arrival:
  • Angle of arrival is determined by the use of directional antenna by correct way.
  • AOA can be easily influenced by antenna design and other factors.

Hill Station view :
By at 1 comment:

Cyber Security Geo location

In Cyber security most important topic is Geo Location, by currently technology this plays a vital role.

 Electromagnetic Radiation:

  • Electromagnetic radiation is a radiant energy, this em light is invisible, such as radio, infrared, and x rays.
  • The speed at which this waves oscillates is known as frequency.


 Decibels:(dB)

  • Decibels logarithmic unit is dB is used to express the ratio of two values of quantity.
  • dB means it is a Isotropic physical property that has the same value when measured from different directions.


 War driving:

  • Electron leaving antenna are equivalent to some one yelling loudly.
  • Using war driving attacker decrypt the signal in moving vehicle which is illegal to our law. Apart from country security issues.


 Definition for War driving:

 War driving is the act of searching for WiFi (wireless networks) by a person in moving vehicle. Using portable computers, smartphone.

 Some of the tools are  used to find the signals.

 Netspot - used to find radio signal leak for windows and mac.
Kismet-used to find wireless intrusion in Linux system.
WIGLE WiFi - used by Android to find the wireless intrusion.

 Antenna:
Antenna has 8 dB isotropic value.

 Yagi-Uda Antenna:
Yagi uda antenna is a directional antenna it has the value of 17 dB.
Yagi-Uda antenna every 3dB increase is a doubling of the power or intensity.

 Omni directional antenna:
Omni directional works in all direction and it has overall gain of 15 dB.

 WiFi access:
For WiFi every SSID will be unique in name

 Top ten SSID includes xfinity WiFi, linksys, <no SSID>, NETGEAR, dlink, ziggo, HP setup(adhoc)

 Note:IP and Mac address can easily spoofed.

 Hill Station view :

By at 1 comment:

Saturday, September 28, 2019

Cyber Security VPN uses

VPN for mobile:
  • Cyber Security is important for VPN usage.Virtual private network should be used in open network like using cisco anyconnect, we can able to connect.
  • While travelling VPN can be used to ensure security by accessing intranet.
  • Always use VPN to protect identity Nd location details when you connecting to Internet
For demo please look at the below diagram to understand, when you connecting to WiFi network through mobile.

VPN for Mobile









Whenever you are connected from end device it will go through firewall and firewall block unwanted access.Then through tagged VPN go to routing process and routed to private network for intranet. And without Vpn directly connected to firewall through routing process to access online video streaming and gaming.
  • Enable your end device with firewall using online tools like Glasswire. Glasswire enables firewall in end device.
  • Enable mobile device with VPN, private Internet access (PIA) used to connect via VPN
  • Analyze the WiFi network using quick look. Enable connectify for routing.

 Hill Station view :
By at 1 comment:

Friday, September 27, 2019

Cyber Security Threats and Counter Measures

Cyber security Threats are indicators or bugs in environment or software. Which can cause huge impact the business or an individual. Which will impact business reputation and theft of personal data etc.

Counter Measures are used to mitigate the security issues in Cyber security. Threats like..
  • Sniffing
  • Dns attacks
  • Man in middle attack
  • Phishing
  • Viruses
  • DOS
  • Always try to use virtual private network (VPN)  in open network. VPN like cisco any connect provide high encryption and ensure security in network in which you are connected.
  • Whenever user try to access websites use the https in search engines in address bar.
  • Because whenever you use Http which has a bug all your data will not be encrypted, so if you are logging in through http enabled website which will have unencrypted password and username in Web cache.
  • HTTPS is a hyper text transfer protocol secure which will enable encrypted tunnel.
  • HTTPS uses SSL (Secure Socket Layer) or TLS security certificates enabled. So all the data in the websites will be encrypted. Even Web cache also encrypted due to session hijacking issues  session I'd also encrypted using https.
SSL (Secure Socket Layer):
  • SSL is a socket layer security used in application layer. SSL is a Asymmetric cryptography uses public and private key encryption.
User -> Message(Public Key Encrypt) - >Message (Private Key)->Secret key used to decrypt on destination end.
  • AES-Advanced encryption standard algorithm cipher approved by NIST in 2011. 
  • Other ciphers includes twofish, Blowfish which used to replace DES algorithm. RC4, 3DES are ciphers with more number of bits.

Transport Layer Security(TLS):
  • TLS 1.0 is a very bad idea and unsafe. TLS 1.0 Can be POODLEd, BEASTed and otherwise padding-Oracled Database as well. Lots of other CVE weaknesses still apply which cannot be fixed unless by switching TLS 1.0 off.
  • TLS 1.1 is only a bad compromise though it is halfway free from TLS 1.0 Problems (but since both protocols do not provide any modern cipher mode which are essential today, the modern encryption methods do not work here)
  • TLS 1.2 with CBC Ciphers ON and also RSA on is kind of a Number play whether your connections are entirely safe or not. Which depends on how the ciphers are implemented on either side of the Connection from Server to Client browser. 
  • TLS 1.2 without any CBC Ciphers (that means also plain RSA handshakes off) is safe enough only TLS 1.3 is safer because of its handling improvement and the exclusion of everything that went obsolete since TLS 1.2 came up.
  • TLS 1.3 uses all algorithm for key exchange except Deffie-hellman algorithm. TLS 1.3 users certificates in server and Client, hacker unable to modify any information while in handshake. 
  • TLS 1.3 also uses RSA-PSS, this RSA-PSS is immune to cryptographic attack. One of the safest method is TLS 1.3.
All other encryption methods are unsafe 64bit including 3DES and RC4 ciphers are already disabled.
  • TLS 1.0 was published as RFC 2246 in the year 1996
  • TLS 1.1 was published as RFC 4346 in the year 2006
  • TLS 1.2 was published as RFC 5246 in the year 2008
  • TLS 1.3 was published as proposed standard in RFC 8446 in the year 2018.

 Hill Station view :
By at 1 comment:
Subscribe to: Posts (Atom)

Explore Me

Networking- Cisco IOS XR

Cisco IOS XR found in service providers routers like 12000 series cisco IOS XR. Cisco IOS XR originally designed for 64 bit operations....