Ethical hacking, has become more
popular over the world, and as well
I'm living my dreams out upon security
threats!. To prevent against the
recently updated security vulnerabillities
exposed by OWASP, exploit-db,
packetstormsecurity, 1337day etc.
Currently I'm avaliable to new job opportunities within InfoSec.
If you find my profile relevant, you can contact me by mail, and he will gladly respond to every mail ASAP:
As shown below, some methods to implement in a company to secure against security threats, or even on personal usage.
Shell & Physical security
Social Engineering tecniques
IPS/IDS, Firewall restrictions
As shown, a different methods of preventing against exploits build upon vulnerabilities, are to be broken down in concepts.
OpenTC, stands for Open Trusted Computering, which is a great way for securing against attacks, but is not the only solution to be done.
ModSecurity is also some set of security which can be implemented, but should be restricted.
Iptables is commonly used as a Linux firewall, and can allow a lot of security impelementations, to make sure you will keep malicious users out.
You do not want to make the job easier for the attacker than given.
User accounts should be restriced, and should think out-of-the-box, to ensure quality, permissions has to be set as with precaution!.
Cryptographics, should be used when deliver an internal/external message to a client, within gpg, comming by default in Linux, this should be used to send messages, and also replace the files, to confuse the attacker, if the OS were to be compromised.
As Max commonly saying, to people who are not aware of security, and how it should be handeled -
You should treat shell access, as it were physical access.
Social Engineering tecniques, should also be taken seriously!.
This is a great threat to a company, if were (e.g. Attacker got into the IT comapny building, droping off a infected USB, carrying a rootkit on it, that has a payload to execute when opened upon a computer).
You got to make the personnel aware of several SE attacks.
RFID Insecurities, is something, which not many companies has taken seriously. But hey comon, if an attacker were desperate, he could deploy an attenna from Yagi-Uda 2,412GhZ, and start deauthenticating victims, becomming the man in the middle! - while you might not knowing, the next step were to sniff your password!, or to do some other privilige escalations.
IPS/IDS, Firewall restrictions, as mentioned firewall for Linux, such as Iptables, you could do a lot of things with this!. But it's a great start. IPS/IDS, are usually good, but in some advantages, it's giving false alarms. This might be usfull for some sys admins though, to check the log. But at the end of the day, if that's get's the job done, then everyone is happy right?. Snort, Kismet is to be mentioned, when doing some security researcing on the network.
IT-security politics, is bascially the main reason on securing a company / private use. Let's face it. there is nothing such as 100% security nowadays. Security is divided up in layers. The main factor here is, there will always be vulnerabilities, since there will always be humans involved. Companies need to focus on what is satisfying them, upon security messurements.
Copyright - Max Jensen © All Rights Reserved