Kali tools for beginners

Kali Linux is a Debian-derived Linux distribution designed for penetration testings and digital forensics. It is maintained by Offensive Security Ltd. There are several tools that can be used for the mentioned purpose.

N-map

 It is a security scanner that is used to discover hosts and services of a computer network. N-map send some packets to the target and analyse the response from the target. it has the ability find out the active hosts and the services that are running on that hosts.

Metasploit framework

The metasploit is a computer security project that provides information about the security vulnerabilities and aids in penetration testing and IDS signature development

its best known sub project is the open source metasploit framework, a tool for developing and executing exploit code against a remort target machine. Other improvement sub-projects include the Opcode database, shell-code archive and related research.

the metasploit project is well known for its anti-forensic and evasion tools, some of which are built into the metasploit framework.

Wireshark

Wireshark is an open source packet analyzer. It is used for network troubleshooting, analysis, software and communication protocol development and education. Originally named ETHREAL.
Wireshark is a cross platform, using the Qt widget toolkit in current releases to implement its user interface, and using pcap to capture packets; it turn on Linux, macOS, BSD, Solaris, some other Unix-like operating systems, and Microsoft windows.

Burp Suite

Burp suite is an integrated platform for performing security testing of web applications. its various tools work seamlessly together to support to the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities. 

Burp suite gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster and more effective.

what is Nagios???

Nagios runs periodic checks on critical parameters of application, network and server resources. It can monitor, for example, memory usage, disk usage, microprocessor load, the number of currently running processes and log files. Nagios also can monitor services, such as Simple Mail Transfer Protocol (SMTP), Post Office Protocol 3 (POP3), Hypertext Transfer Protocol (HTTP) and other common network protocols. Active checks are initiated by Nagios, while passive checks come from external applications connected to the monitoring tool.

Nagios structure

Nagios is organized as a pluggable, open source tool, which makes it easy to develop new components for it and to extend its functionality. At the heart of Nagios is its server, where plug-ins and add-ons allow the user to define targets and which parameters on these targets to monitor. For example, when used in conjunction with environmental-sensing systems, Nagios can share data on environmental variables, such as temperature, humidity or barometric pressure.

Nagios can also run remote scripts by using the Nagios Remote Plugin Executor, also called NRPE.

Nagios runs in agent-based and agentless configurations. The user can install a Nagios monitoring agent on any resource they wish to track, or rely on agentless monitoring protocols to track performance. The choice between agent-based and agentless monitoring depends on the design of the IT infrastructure and desired monitoring setup.

A user-friendly, web-based graphical user interface is provided in some versions of Nagios and from third parties, or an administrator can choose to work in the command-line interface. It also comes with a dashboard that provides an overview of the critical parameters monitored on assets.

Nagios products

The service that was originally known as Nagios is now referred to as Nagios Core. Nagios XI is the extended interface, proposed as the enterprise-level version of the monitoring tool. Nagios Core is available free, while Nagios XI must be purchased from Nagios Enterprises. Other commercial extensions of Nagios include Nagios Log Server, Nagios Network Analyzer and Nagios Fusion:

Nagios Log Server provides log management, monitoring and analysis.
Nagios Network Analyzer tracks network traffic and bandwidth utilization.
Nagios Fusion is an aggregation service for Nagios Core and Nagios XI servers, showing multiple servers in one view.
Based on the parameters and thresholds defined, Nagios can send out alerts if critical levels are reached. These notifications can be sent in different ways, including email and text messages. An authorization system allows the administrator to restrict access.

Nagios has proven popular among small and large businesses, as well as internet service providers, educational institutions, government agencies, healthcare institutions, manufacturing companies and financial institutions. Previously called NetSaint, Nagios was developed by Ethan Galstad and refined by numerous contributors as an open source project.

SHA-1 has broken

Google announced it: they produced the first SHA-1 hash collision. The attack required over 9,223,372,036,854,775,808 SA team from Google and CWI Amsterdam just announced it: they produced the first SHA-1 hash collision. The attack required over 9,223,372,036,854,775,808 SHA-1 computations, the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations. While this may seem overwhelming, this is a practical attack if you are, lets say, a state-sponsored attacker. Or if you control a large enough botnet. Or if you are just able to spend some serious money on cloud computing. It’s doable. Make no mistake, this is not a brute-force attack, that would take around 12,000,000 single-GPU years to complete.

SHA-1 is a 160bit standard cryptographic hash function that is used for digital signatures and file integrity verification in a wide range of applications, such as digital certificates, PGP/GPG signatures, software updates, backup systems and so forth. It was, a long time ago, proposed as a safe alternative to MD5, known to be faulty since 1996. In 2004 it was shown that MD5 is not collision-resistant and not suitable for applications like SSL certificates or digital signatures. In 2008, a team of researchers demonstrated how to break SSL based on MD5, using 200 Playstations 3.

Early since 2005 theoretical attacks against SHA-1 were known. In 2015 an attack on full SHA-1 was demonstrated (baptized the SHAppening). While this did not directly translate into a collision on the full SHA-1 hash function due to some technical aspects, it undermined the security claims for SHA-1. With this new attack, dubbed SHAttered, the team demonstrated a practical attack on the SHA-1 algorithm, producing two different PDF files with the same checksum.

The full working code will be released in three months, following Google’s vulnerability disclosure policy, and it will allow anyone to create a pair of PDFs that hash to the same SHA-1 sum given two distinct images and some, not yet specified, pre-conditions.

For now, recommendations are to start using SHA-256 or SHA-3 on your software. Chrome browser already warns if a website has SHA-1 certificate, Firefox and the rest of the browsers will surely follow. Meanwhile, as always, tougher times are ahead for legacy systems and IoT like devices.HA-1 computations, the equivalent processing power as 6,500 years of single-CPU computations and 110 years of single-GPU computations. While this may seem overwhelming, this is a practical attack if you are, lets say, a state-sponsored attacker. Or if you control a large enough botnet. Or if you are just able to spend some serious money on cloud computing. It’s doable. Make no mistake, this is not a brute-force attack, that would take around 12,000,000 single-GPU years to complete.

SHA-1 is a 160bit standard cryptographic hash function that is used for digital signatures and file integrity verification in a wide range of applications, such as digital certificates, PGP/GPG signatures, software updates, backup systems and so forth. It was, a long time ago, proposed as a safe alternative to MD5, known to be faulty since 1996. In 2004 it was shown that MD5 is not collision-resistant and not suitable for applications like SSL certificates or digital signatures. In 2008, a team of researchers demonstrated how to break SSL based on MD5, using 200 Playstations 3.

Early since 2005 theoretical attacks against SHA-1 were known. In 2015 an attack on full SHA-1 was demonstrated (baptized the SHAppening). While this did not directly translate into a collision on the full SHA-1 hash function due to some technical aspects, it undermined the security claims for SHA-1. With this new attack, dubbed SHAttered, the team demonstrated a practical attack on the SHA-1 algorithm, producing two different PDF files with the same checksum.

The full working code will be released in three months, following Google’s vulnerability disclosure policy, and it will allow anyone to create a pair of PDFs that hash to the same SHA-1 sum given two distinct images and some, not yet specified, pre-conditions.

For now, recommendations are to start using SHA-256 or SHA-3 on your software. Chrome browser already warns if a website has SHA-1 certificate, Firefox and the rest of the browsers will surely follow. Meanwhile, as always, tougher times are ahead for legacy systems and IoT like devices.

Sample email policy

Policies are there to aware the affected audience of a company to 

make sure whether they are doing the things correctly.

Operational necessity dictates the majority of actions taken by an IT department. Both documented and undocumented policies and procedures are developed to support the performance of actions dictated by such operational necessity. However, these are not the only reasons for policy development. Informational resources must be protected from unauthorized access. A fully developed information security program with documented security policies and procedures provides the structure and guidance needed to help ensure the protection of informational resources.

Policies are defined in many areas to ensure the security of information. Email policy is an another area. The below email policy document is for a warehouse in which war-machines are stored before to distribute among the forces. 

ABC Company

Email policy

1.      Overview

Electronic communications are broadly used in organizations to proceed the internal communications. some misusage of the email may expose the organization to some legal, security and privacy risks. This policy guideline for what is the acceptable usage and what is not.

2.      Purpose

This email policy assures the proper usage of electronic mail system of the ABC company and further it assures the awareness of the users what is allowed to do and what is not.

3.      Scope

This policy is applied for all the emails that are sent and received to the ABC company emails through any device and via any network.

Email policy of the ABC company affected to

·         All employees in the ABC company

·         Agents who import the war-machines

·         All members in the forces

·         Any government representative

4.      Policy

4.1  Sending mails

1.      The ABC electronic communication system should not be used to send chain letters and any personal business mails.

2.      Broadcasting personal views on political, religions and society is not allowed.

3.      Should not forward any mail that are declared as confidential to any unauthorized parties.

4.      The given mail address should be used by every employee in the ABC company to send the mails.

5.      ABC Company may not responsible for the mails that are not delivered.

6.      The audience of this policy cannot send any information of the war-machines to unauthorized parties.

4.2 Content

1.      Data contained in the mail or the massage should be secured according to the Data Protection Standards.

2.      Content of the mail should be formal and polite.

3.      Massage of the mail should be scheduled according to the given format by the ABC Company.

4.      Mail should not contain any Phishing URLs and viruses.

5.      Mails should not contain inappropriate images, videos or audio clips.

4.3 Receiving mails

1.      Be aware and go through the mail address of the sender before to open the mail.

2.      Employees are not allowed to read the mails that received to others.

3.      If the receiving mail contain any inappropriate things that are affect to the ABC company, it should be informed to the responsible people of the company.

       4.4 Usage

1.      Prohibited to use the third party mail systems and storage services (Ex: Google, yahoo, MSN Hotmail) to do the transactions and to store any receiving or sending mail.

2.      Top level management can monitor the mails that are sent through the ABC company electronic mail system.

3.      The content of the mail cannot be copied to any portable or online storage medias without the permission.

5.      Compliance

5      5.1  Compliance measurements

The information security team of the ABC company will verify the compliances according to the policies by using various methods (video monitoring, log information of the emails, internal and external security audits).

5     5.2  Exception

Exceptions should be approved by the information Security team of the ABC Company.

5     5.3  Non-Compliance

Any employee who violates the mentioned policies has to subject to any disciplinary actions or penalty up-to employee termination

6.      History/Revision date

Adoption date         -   July 30, 2017

Next Review Date   - July 30, 2018

Responsible Party   - Information security team of the ABC Company

Secure in IT service providing field?

Introduction

IT Infrastructure Library (ITIL) provides a framework of Best Practice guidance for IT Service Management and since its creation, ITIL has grown to become the most widely accepted approach to IT Service Management in the world.

This compact guide has been designed as an introductory overview for anyone who has an interest in or a need to understand more about the objectives, content and coverage of ITIL. Whilst this guide provides an overview, full details can be found in the actual ITIL publications themselves.

This guide describes the key principles of IT Service Management and provides a high-level overview of each of the core publications within ITIL.

What is an ITIL?

ITIL is a public framework that describes Best Practice in IT service management .It provides a framework for the governance of IT, the ‘service wrap’, and focuses on the continual measurement and improvement of the quality of IT service delivered, from both a business and a customer perspective. This focus is a major factor in ITIL’s worldwide success and has contributed to its prolific usage and to the key benefits obtained by those organizations deploying the techniques and processes throughout their organizations.

Some of these benefits include:

increased user and customer satisfaction with IT services

improved service availability, directly leading to increased business profits and revenue

financial savings from reduced rework, lost time, improved resource management and usage

improved time to market for new products and services

improved decision making and optimized risk.

It was originally developed in the late 1980s by Britain’s Central Computer and Telecommunications Agency (CCTA), now known as the Office of Government Commerce (OGC).

Rather than a rigid set of rules, ITIL provides a framework that companies can adapt to meet their own needs. Organizations need not implement every process, just those that make sense and fit into the way the organization wants to do business in the future. Some processes may be abandoned later when post-implementation reviews show limited value, while others may be implemented as gaps are uncovered or needs change.

ITIL breaks down IT functions into discrete, full-function components that span the enterprise, called services. These services have been designed in a building block manner so they can be provisioned easily either internally or through the use of an external service provider. In each case, best practices for the delivery of the service are identified and they are addressed at three different levels:

Strategic - Long term goals of the particular service and high level activities needed to accomplish them.

Tactical - Specific processes that guide the tasks and activities needed to perform and provision the service.

Operational - Actual execution of the processes to provide the service to the customer and end users. Successful completion of the Operational tasks means that Strategic goals are accomplished within the expected time frames.

ITIL Versions

ITIL was published between 1989 and 1995 by Her Majesty’s Stationery Office (HMSO) in the UK on behalf of the Central Communications and Telecommunications Agency (CCTA) – now subsumed within the Office of Government Commerce (OGC). Its early use was principally confined to the UK and Netherlands. A second version of ITIL was published as a set of revised books between 2000 and 2004.

The initial version of ITIL consisted of a library of 31 associated books covering all aspects of IT service provision. This initial version was then revised and replaced by seven, more closely connected and consistent books (ITIL V2) consolidated within an overall framework. This second version became universally accepted and is now used in many countries by thousands of organizations as the basis for effective IT service provision. In 2007, ITIL V2 was superseded by an enhanced and consolidated third version of ITIL, consisting of five core books covering the service lifecycle, together with the Official Introduction.

What is SQL Injection?

What is SQL Injection?

SQL injection (SQL) is an application security weakness that allows attackers to control an application’s database – letting them access or delete data, change an application’s data-driven behavior, and do other undesirable things – by tricking the application into sending unexpected SQL commands.

SQL injection weaknesses occur when an application uses untrusted data, such as data entered into web form fields, as part of a database query. When an application fails to properly sanitize this untrusted data before adding it to a SQL query, an attacker can include their own SQL commands which the database will execute. Such SQLi vulnerabilities are easy to prevent, yet SQLi remains a leading web application risk, and many organizations remain vulnerable to potentially damaging data breaches resulting from SQL injection.
How Attackers Exploit SQLi Vulnerabilities
Attackers provide specially-crafted input to trick an application into modifying the SQL queries that the application asks the database to execute. This allows the attacker to:

Control application behavior that’s based on data in the database, for example by tricking an application into allowing a login without a valid password
Alter data in the database without authorization, for example by creating fraudulent records, adding users or “promoting” users to higher access levels, or deleting data
Access data without authorization, for example by tricking the database into providing too many results for a query

Anatomy of a SQL Injection Attack

A developer defines a SQL query to perform some database action necessary for their application to function. This query has an argument so that only desired records are returned, and the value for that argument can be provided by a user (for example, through a form field, URL parameter, web cookie, etc.).

A SQL attack plays out in two stages:

Research: Attacker tries submitting various unexpected values for the argument, observes how the application responds, and determines an attack to attempt.

Attack: Attacker provides a carefully-crafted input value that, when used as an argument to a SQL query, will be interpreted as part of a SQL command rather than merely data; the database then executes the SQL command as modified by the attacker.

The research and attack stages can be easily automated by readily-available tools.

Defending Against SQLi Attacks

There are easy ways to avoid introducing SQLi vulnerabilities in an application, and to limit the damage they can cause.

Discover SQLi vulnerabilities by routinely testing your applications both using static testing and dynamic testing.
Avoid and repair SQLi vulnerabilities by using parameterized queries. These types of queries specify placeholders for parameters so that the database will always treat them as data rather than part of a SQL command. Prepared statements and object relational mappers (ORMs) make this easy for developers.
Remediate SQLi vulnerabilities in legacy systems by escaping inputs before adding them to the query. Use this technique only where prepared statements or similar facilities are unavailable.
Mitigate the impact of SQLi vulnerabilities by enforcing least privilege on the database. Ensure that each application has its own database credentials, and that these credentials have the minimum rights the application needs.

What to do with spam emails

Spamming refers to the practice of flooding the inboxes with an unsolicited emails addressed to hundreds or thousands of recipients in an attempt to force the message on people who would not otherwise choose to receive it. It has also been called "junk e-mail". 

How do spammers get my address?

E-mail spam lists are often created by scanning stealing mailing list addresses or by searching the web for addresses. Online directories are another source of e-mail addresses. The more internet activity you participate in with your email address, the more likely you'll end up in a spam list.

What should I do if I receive "spam"?

DO NOT REPLY to the spam message. This can inadvertently cause all original addressees to receive the reply, causing another flood. Mailing lists can explode into thousands of recipients. NEVER retaliate with more spam; you're just exacerbating the problem.

DO NOT respond to "instructions to remove me from the mailing list". Most often, this will result in a bounced (rejected) mail message to you. It may also result in hardening your address onto spam lists, as it serves as a confirmation that your account is active and the mail is being read. For advertising purposes, this makes your address more valuable.

Report the spam - see How To Report A Phishing Scam or Spam Email for instructions. We will examine the message headers and take action if we can determine the source or relay site for the message. We are most interested in reports of e-mail spam that originate from within the University, or that are offensive to you.

Make sure your Junk Email Filtering is turned on.  Filtering the mail is particularly helpful if you are unlucky enough to receive offensive spam. In most instances, if you do not respond to the mail, it will stop in a short period of time. Be patient, and it will eventually stop.

Make it stop!!!!

Spam is one of the unavoidable pitfalls of being on the internet. It is almost impossible to prevent because any user with an e-mail address can "spam" any other valid e-mail address or public electronic forum. The only foolproof prevention is to disconnect from the internet.

Limit your personal/recreational use of the internet from your University account and use a personal email account instead. Many web sites capture information about visitors without their knowledge and then use it later for unsolicited advertising. 

In all cases, if you are feeling threatened, report the activity to the Department of Public Safety at 335-5022.  For more information regarding IT security issues, see IT Security.