Blog-Archiv

Sonntag, 7. April 2019

Security versus Freedom

The Internet provides great freedom, and we already got used to it. Now the teller is presenting the bill. Security costs money. Without security you may be blackmailed for ransom, your user's data may be stolen, or your Internet service may be blocked. So, whom would you prefer to pay, the hacker or the security expert?

I recently had the opportunity to attend a presentation about web security. This has become a big business. You pay a specialist to do a "pen test" - no, it's not about pencils, it's about penetration of your IT company. Here are some notes about this meeting. Lots of new acronyms to learn.

Hacker's Operating System

Kali LINUX A Debian LINUX already equipped with most tools that a hacker or penetration tester will want to use. Started 2012.

Hacker's Tool Suite

Burp Suite A graphical user interface to work out a hack. Provides screenshots of all pages of a site, easy HTTP request manipulations and resends. You can do a lot of things with this tool, but you must study it.

Penetration Test Tools

Nmap Open source, started 1998. Provides host discovery, service- and operating-system detection, ....
Nessus Started 1998, commercial having version 8, but version 2 is still open source and maintained. Finds open ports, executes brute force password detection attacks, can launch Denial of Service attacks.
Metasploit Open source, started 2003. Specializes on exploits through operating-system-specific vulnerabilities.

Mitigation on Software Level

OWASP OWASP = Open Web Application Security Project. Online community that produces freely-available articles, methodologies, documentation, tools, and technologies.
CVE CVE = Common Vulnerability Exposure.

Mitigation on Network Level

ZAP ZAP = Zed Attack Proxy. An OWASP tool.
Used as a proxy server it allows to manipulate all of the HTTP/HTTPS traffic that passes through. Intended to be used by both those new to application security as well as professional penetration testers.
CDN CDN = Content Delivery Network.
Cloudflare or MaxCDN are commercial caching- and security-services that may defend Distributed Denial of Service attacks.
IDS, IPS IDS = Intrusion Detection System, IPS = Intrusion Prevention System.
Sits behind the firewall and provides analysis about dangerous content (IDS), or filters it out (IPS).
WAF WAF = Web Application Firewall.
Can prevent attacks through SQL injection, cross-site-scripting (XSS), file inclusion, and security misconfigurations.

Others

haveibeenpwned Has one of your e-mail accounts been hacked?
yasni What the Internet knows about you.
aircrack-ng WIFI (wireless network) security checks.
Open Bug Bounty Cross-site-scripting (XSS) vulnerabilities.
Beef Project Specializes on browser vulnerabilities.
Crackstation Free password hash cracker. Uses massive pre-computed lookup tables to turn password hashes back into passwords.
Shodan Commercial website, a search service for the "Internet of Things" (including all kinds of databases). Called "The Hacker's Google".
eyewitness A headless browser producing screenshots.
SecurityTrails The largest collection of IP addresses, domain names and WHOIS data.
NIST NIST = National Institute of Standards and Technology.
Computer security on organisational level.



Keine Kommentare: