This is purely a theoretical attack on a lottery system. No magic combinations or generators, no syndicates or reading the stars, just a plain attack on the system. First of all, there are some perquisites. One will need an insider or more in order to carry out the attack, but this should not be a… Continue reading Attacking the lottery
Socks proxy for non-socks applications
For several reasons you may want to use a socks proxy, but a lot of command line applications are not able to work with a socks proxy. wget for example is unable to work directly with a socks proxy. Also, configuring wget to work with a http proxy is a pain. You can’t specify the… Continue reading Socks proxy for non-socks applications
SSH tunnels, an alternative to VPN
What do you do when you need a connection to the Internet and the only thing in hand is an unsecured wireless network or hotspot? Do you realize the dangers involved? Would you trust this connection and send confidential data over it? Of course VPN is the favorite method, but what if you don’t have… Continue reading SSH tunnels, an alternative to VPN
CISSP CBK 10 – Physical Security
Physical Security Controls Types of controls: – Administrative controls – Facility selection or construction – Facility management – Personnel controls – Training – Emergency response and procedures – Technical controls – Access controls – Intrusion detection – Alarms – Monitoring (CCTV) – Heating, ventilation and air conditioning (HVAC) – Power supply – Fire detection and… Continue reading CISSP CBK 10 – Physical Security
CISSP CBK 9 – Law, Investigations & Ethics
Ethics ISC2: Code of Ethics Canons – – Protect society, the commonwealth and the infrastructure – Act honorably, honestly, justly, responsibly and legally – Provide diligent and competent service to principals. – Advance and protect the profession. IAB – Internet Activites Board: Unethical and unacceptable behaviour – – Purposely seeking to gain unauthorized access… Continue reading CISSP CBK 9 – Law, Investigations & Ethics
CISSP CBK 8 – Business Continuity Planning & Disaster Recovery Planning
BCP / Business Continuity Planning Prime elements: – Scope and Plan Initiation – Business Impact Assessment – Business Continuity Plan Development – Plan Approval and Implementation Scope and Plan Initiation: Marks the beginning of the BCP process It entails creating the scope for the plan. Roles and Responsibilities The BCP Commitee: Should be formed and… Continue reading CISSP CBK 8 – Business Continuity Planning & Disaster Recovery Planning
CISSP CBK 7 – Operations Security
Controls and Protections To protect hardware, software and media resources from: – Threats in an operating environment – Internal or external intruders – Operators who are inappropriately accessing resources Categories of Controls: – Preventative Controls: Are designed to lower the amount and impact of unintentional errors that are entering the system and to prevent unauthorized… Continue reading CISSP CBK 7 – Operations Security
CISSP CBK 6 – Security Architecture & Models
Security Model Is a statement that outlined the requirements necessary to properly support a certain security policy. Computer Architecture CPU – Central Processing Unit: Is a microprocessor. Contains a control unit, an ALU / Arithmetic Logic Unit and primary storage. Instructions and data are held in the primary storage unit needed by the CPU. The… Continue reading CISSP CBK 6 – Security Architecture & Models
CISSP CBK 5 – Cryptography
Definitions Algorithm: The set of mathematical rules used in encryption and decryption. Cryptography: Science of secret writing that enables you to store and transmit data in a form that is available only to the intended individuals. Cryptosystem: Hardware or software implementation of cryptography that transforms a message to cipher text and back to plain-text. Cryptanalysis:… Continue reading CISSP CBK 5 – Cryptography
CISSP CBK 4 – Applications & Systems Development Security
Database systems and database management Types of databases: – Hierarchical – Mesh – Object-oriented – Relational DBMS / Database Management System A suite of programs used to manage large sets of structured data with ad hoc query capabilities for many types of users. Database: A collection of data stored in a meaningful way that enables… Continue reading CISSP CBK 4 – Applications & Systems Development Security