Reading Time: 2 minutes Rackstuds are one of those things that you didn’t know you needed until you first get some. Cage nuts have caused me more pain than just about any other non-powered piece of hardware I’ve ever used. I’ve been pinched, bled and even hit in the nose(they can fly I tell you) by cage nuts. What’s […]
Reading Time: 1 minute Describe the retrospective analysis method to find a malicious file, provided file analysis report Implementing Cisco Cybersecurity Operations (210-255) The above image is a screenshot from a Cisco Firepower Management Center. In particular, it is a Network File Trajectory. In this case, it’s not overly interesting since the file was only seen going from one […]
Reading Time: 1 minute Describe 5-tuple correlation Implementing Cisco Cybersecurity Operations (210-255) Describe the 5-tuple approach to isolate a compromised host in a grouped set of logs Implementing Cisco Cybersecurity Operations (210-255) As noted in the discussion of Netflow, the 5-tuple consists of the Protocol, Source IP, Source Port, Destination IP, and Destination Port. When doing a correlation, the […]
Reading Time: 1 minute Interpret common data values into a universal format Implementing Cisco Cybersecurity Operations (210-255) For this objective, I would suggest using Security Onion to collect some data from a firewall and IPS. Within the Security Onion stack is a tool called ELSA. ELSA is an open-source SEIM product. It takes the logs and puts them into […]
Reading Time: 1 minute Describe the process of data normalization Implementing Cisco Cybersecurity Operations (210-255) Data normalization is the process of removing duplicate information and increasing the accuracy of the information. In cybersecurity tools like SEIMs can help take IPS or other sources and by normalization make them more usable. The data is also put into a common format […]
Reading Time: 1 minute Map data types to these compliance frameworks: PCI, HIPAA, SOX Implementing Cisco Cybersecurity Operations (210-255) Identify data elements that must be protected with regards to a specific standard Implementing Cisco Cybersecurity Operations (210-255) PCI The Payment Card Industry Data Security Standard (PCI-DSS) is a security framework used by credit and debit card processors and anyone […]
Reading Time: 1 minute Identify these elements used for server profiling: Listening ports, Logged in users/service accounts, Running processes, Running tasks, Applications Implementing Cisco Cybersecurity Operations (210-255) Server profiling helps to establish what type of server is running and what applications are running on the server. Used in baselining it can help to show when malicious services have been […]
Reading Time: 1 minute Identify these elements used for network profiling: total throughput, session duration, ports used, critical asset address space Implementing Cisco Cybersecurity Operations (210-255) Total Throughput: How much data was sent between hosts or networks in a given amount of time. Session duration: How long a TCP session was active. Ports used: What ports did an application […]
Reading Time: 1 minute Describe the goals of the given CSIRT Implementing Cisco Cybersecurity Operations (210-255) A Computer Security Incident Response Team (CSIRT) can come in several different forms. Internal CSIRT – an Internal CSIRT is established by an organization to handle incident response for their own organization. National CSIRT – National CSIRTs provide services for a nation and […]
Reading Time: 1 minute Map the organization stakeholders against the NIST IR categories (C2M2, NIST.SP800-61 r2) Implementing Cisco Cybersecurity Operations (210-255) The best I could find for this topic were the stakeholders defined by the Cybersecurity Capability Maturity Model (C2M2) documentation as listed below. Decision makers (executives) who control the allocation of resources and the management of risk in […]
© Ben Story 2019.
© Pack IT Forwarding 2019. Powered by WordPress
