Explaining Info-Sec in Layman's Terms [Part I] by@heydanny

Explaining Info-Sec in Layman's Terms [Part I]

You are trying to go to the construction site and introduce yourself to the watchman by your name, and then go inside. This is identification. Before you go inside, you have to show your identity card to the watchman. This is authentication.
image
Dhanesh Dodia HackerNoon profile picture

Dhanesh Dodia

😉Just another security guy | 🐱Hacking for fun, money, and for a social cause

github social icontwitter social iconlinkedin social iconinstagram social icon

The reality of modern information security in enterprises around the world.

Understanding the common keywords used in the info-sec industry that are used in conjunction with that complicated OWASP Top 10 WAST.

Authentication

You are trying to go to the construction site and introduce yourself to the watchman by your name, and then go inside. This is identification. Before you go inside, you have to show your identity card to the watchman. This is authentication.

2-step verification / 2-factor authentication

You are forced to show the watchman your identity card and further, the watchman asks for a registered cell phone number that he verifies in the system and sends an OTP over the same. This is 2-Step Verification.

Multi-factor authentication

The watchman requires not only an identity card and valid cell phone number but also a separate government identity card. Similarly having more than +2 unique methods of identification verification is called multi-factor authentication. This is multi-factor authentication.

image

MFA / Multi-factor authentication

Authorization Token / Cookie / Session token

You go to a music concert and show a valid purchased ticket at the entry point for verification. Post verification of the ticket the host ties a ribbon in your hand. This is called an Authorization Token / Cookie / Session token.

image

Authorization Token / Cookie / Session token.

Impersonation / Session Impersonation

When a person forges someones else access card to enter the place, hence, by using someone else identity the watchman permits the person to go inside. This is impersonation.

image

impersonation


https://www.youtube.com/watch?v=v1Y4CubBi60&feature=youtu.be


Similarly in an organization, the employer provides their employees/stakeholders/guests an access card that is used to access the respective areas/cabins. These access cards can be cloned. This is called session impersonation.

image

Proxmark3

Session Hijacking

Some hacker ripped off someone else’s badge and showed it everywhere. This is session hijacking.

image

Session hijacking

Session Fixation

He also put a copy of the badge with his identifier on the watchman and waited until he gave it to you. This is session fixation.

image

Session fixation

Privacy & Anonymity

You stomped on the newly poured floor, leaving no traces on it, and no one except you knows that it happened at all. This is privacy.

image

Privacy & Anonymity

You stomped on the newly poured floor and left traces on it, but no one knows which hacker did it. This is anonymity.

Logging (Apache Web Server Logs) & Flashback logging

The watchman wrote down the date and time of your arrival and departure in the journal. This is logging.

image

Apache Web Server Logs

The watchman follows you on your heels and records all your actions in general. This is flashback logging.

Threat

You’re at a construction site, and there is a chance of a brick falling on your head. This is a threat.

SIEM / Correlation of events / SOC Monitoring tool

The caretaker made an entry in the journal that a couple of days ago some work with the same surname as yours got a job at their construction site. This is a correlation of events.

image

Windows event

During the correlation of events, the watchman periodically presses the button, after which the siren starts shouting, the red lights flash, and the entire staff takes off into the basements, laying bricks. This is SIEM. The head for this finally told the watchman to take note of such events and if observed again then alert him. This is an update of the SIEM event correlation rules.

image

Splunk Dashboard

Splunk is a tool used for real-time monitoring of such event correlation. This is a SOC Monitoring tool.

Threat model

Before the construction of a site begins, a 3D model is created. Timelines to construct that site are calculated. All other important risk factors and benefits are discussed before the construction begins. The business output in terms of sales revenue in the future market is also calculated. Examples of similar projects in the same geo-located areas are taken as an example for calculation. In the end, if due to any natural calamity or any other factor, if the construction is frozen then the business dependency is also calculated. As this construction site shall not have an impact on other ongoing projects.

image

Threat model


Continue reading Part II.


If you’re new to infosec or have been into infosec and planning to switch paths, then this will help you understand different keywords and job roles available in an organization. Based on the area you liked more and further wish to dig deeper then my next blog will help you understand the different job roles names that are given by an organization to hire candidates. This will provide you with more clarity on what career path to choose.

react to story with heart
react to story with light
react to story with boat
react to story with money
Dhanesh Dodia HackerNoon profile picture
by Dhanesh Dodia @heydanny.😉Just another security guy | 🐱Hacking for fun, money, and for a social cause
Read my stories
L O A D I N G
. . . comments & more!