Tag: security
-
Hacking the WordPress Ecosystem
I delivered a speech at OWASP Romania InfoSec Conference 2013 in Bucharest (I took part in the organization of the event as well). Dan Catalin Vasile – Hacking the WordPress Ecosystem from Dan Catalin VASILE
-
Password policies in Windows
To access the password policy in Windows just go to Start and type in the search box secpol.msc. Click on secpol and you’ll be presented with the security policy. Go to Account Policies, then click on Password Policy. The options, explained: History – how many passwords will Windows store (you won’t be able to reuse…
-
ISO ISMS history
The ISO is developing a new series of security standards, the first of which is ISO 27001, Information Technology—Security Techniques— Information Security Management Systems—Requirements. ISO 27001 replaces British Standard (BS) 7799, Part 2. BS 7799, Part 1 evolved into ISO 17799, Information Technology—Security Techniques—Code of Practice for Information Security Management and is now known as…
-
CISSP CBK 10 – Physical Security
Physical Security Controls Types of controls: – Administrative controls – Facility selection or construction – Facility management – Personnel controls – Training – Emergency response and procedures – Technical controls – Access controls – Intrusion detection – Alarms – Monitoring (CCTV) – Heating, ventilation and air conditioning (HVAC) – Power supply – Fire detection and…
-
CISSP CBK 7 – Operations Security
Controls and Protections To protect hardware, software and media resources from: – Threats in an operating environment – Internal or external intruders – Operators who are inappropriately accessing resources Categories of Controls: – Preventative Controls: Are designed to lower the amount and impact of unintentional errors that are entering the system and to prevent unauthorized…
-
CISSP CBK 6 – Security Architecture & Models
Security Model Is a statement that outlined the requirements necessary to properly support a certain security policy. Computer Architecture CPU – Central Processing Unit: Is a microprocessor. Contains a control unit, an ALU / Arithmetic Logic Unit and primary storage. Instructions and data are held in the primary storage unit needed by the CPU. The…
-
CISSP CBK 4 – Applications & Systems Development Security
Database systems and database management Types of databases: – Hierarchical – Mesh – Object-oriented – Relational DBMS / Database Management System A suite of programs used to manage large sets of structured data with ad hoc query capabilities for many types of users. Database: A collection of data stored in a meaningful way that enables…
-
CISSP CBK 3 – Security Management Practices
Fundamental Principles of Security Security objectives Confidentiality: Provides the ability to ensure that the necessary level of secrecy is enforced. Integrity: Is upheld when the assurance of accuracy and reliability of information and system is provided and unauthorized modification of data is prevented. Availability: Prevents disruption of service of productivity. Definitions Vulnerability: Is a software,…
-
CISSP CBK 2 – Telecommunications & Network Security
Open System Interconnect Model Protocol – Standard set of rules that determine how systems will communicate across networks. OSI Model TCP/IP Application Application Presentation Session Transport Host-to-host Network Internet Data Link Network Access Physical Each layer adds its own information to the data packet.
-
CISSP Intro
This starts a series of posts that deals with CISSP CBK (Common Body Knowledge). The summary covers all the ten CBK that are required for the CISSP Exam. One should not use this as a definitive guide in taking the CISSP exam, but rather as an intro to CISSP. All the data is gathered from…