security plus definitions
"
" V.P.PRABHAKARAN NAIR " is rare combination of exceptionally talented individual and incredibly enjoyable teammate. V.P.PRABHAKARAN NAIR's deep knowledge, smart opinions & thoughtful approach would be an asset to any team. He proved to be a great aspect of all the projects i have worked on with him . I genuinely look forward to see where his constantly evolving career takes him ! "
"
"I had the privilege of working with Mr. V.P .PRABHAKARAN at Koenig Solutions Ltd.Whether during his role as Manager or Collegue, V.P .PRABHAKARAN has always executed at a high standard with enthusiasm and commitment.His ability to gather information and make strong business decisions was greatly appreciated. He could always be counted on to deliver exceptional support and guidance to the Team.I have enjoyed all of our encounters and recommend him very highly!" Wish A very Good luck for your Future Sir "
•
A fat AP, also known as a stand-alone AP, includes everything needed to connect wireless clients to a wireless network.
"
A very hardworking person having superb knowledge in the field of Infosec. "
•
Affinity scheduling sends client requests to the same server based on the client's IP address. This is useful when clients need to access the same server for an entire online session.
•
Any type of identification number, such as a Social Security number (SSN) or driver's license number
•
Apache. Apache is the most popular web server used on the Internet. It's free and can run on Unix, Linux, and Windows systems.
•
BeEF (Browser Exploitation Framework). BeEF is an open source web browser exploitation framework. It focuses on identifying web browser vulnerabilities. Successful attacks allow testers (and attackers) to launch attacks from within an exploited web browser.
•
Biometric errors. Weak biometric systems with a high crossover error rate may have a high false match rate (also called a false acceptance rate) or a low nonmatch rate (also called a false rejection rate).
•
Birthday and birth place
•
Block flood attacks. Flood guards block MAC flood attacks.
•
Category. Risk categories could include downtime due to hardware failures, outages from an attack, downtime to database server failure, data breaches, and more.
•
Disrupt the chain reaction. Some chemicals can disrupt the chain reaction of fires to stop them.
•
Earning ad revenue. The attacker can host pay-per-click ads. When visitors go to the site and click on the ads, advertisers pay revenue to the attacker.
•
Enterprise mode is more secure than Personal mode, and it provides strong authentication. Enterprise mode uses an 802.1x server (implemented as a RADIUS server) to add authentication.
•
Forgotten passwords. An organization needs to have a password recovery procedure in place to help users recover their passwords. If passwords are manually reset without verifying the identity of the user, it's possible for an attacker to trick someone into resetting the password.
•
HTTP. Hypertext Transfer Protocol (HTTP) transmits web traffic on the Internet and in intranets. Web servers use HTTP to transmit web pages to clients' web browsers. Hypertext Markup Language (HTML) is the common language used to display the web pages. HTTP uses TCP port 80.
•
HTTPS. Hypertext Transfer Protocol Secure (HTTPS) encrypts web traffic to ensure it is secure while in transit. Web browsers commonly indicate that a secure session is using HTTPS by displaying a lock icon and by including HTTPS in the Uniform Resource Locator (URL) field. HTTPS is encrypted with either SSL or TLS and it uses TCP port 443.
•
Hosting a malicious web site. The malicious web site might try to install drive-by malware on users' systems when they visit.
"
I can easily give a recommendation for V.P.PRABHAKARAN as he has been an inspirational instructor to me. He was my instructor for my CISSP studies. I was able to learn a great deal regarding IT security through him and his greater understanding of the material. Although my training was didn't appear to be difficult for VP, he did give me his full attention throughout my course. He was always ready to explain things even a 3rd time and to give added examples when required. I was able to stay more focused because of his help and encouragement to keep distractions to a minimum. He was also able to assess my needs and progress throughout my trainings and accordingly throttle his teaching tempo to mine. As a result of my close work with VP, I was able to successfully pass my 6-hour CISSP certification on my first attempt. VP assisted me not only while in the classroom setting, but also after the trainings and indeed, even after my official certification! I am happy to have VP as a friend and mentor and wish him all the best. "
"
I had the opportunity to be trained by him and it was amazing. His breadth of experience made the training extremely informative and very progressive. I thank him everyday for the experience. "
"
I know Prabhakaran since I was in Koenig. Must say a very hardworking Information Security Professional and Trainer.Prabh's knowledge in Information Security is awesome.A true professional and good friend on which you can rely upon. Cheers mate "
•
IMAP4 and Secure IMAP. Internet Message Access Protocol version 4 (IMAP4) is used to store email on an email server. IMAP4 allows a user to organize and manage email in folders on the server. IMAP4 uses TCP port 143. IMAP4 with SSL or TLS can use TCP port 993, but STARTTLS is recommended using the same TCP port 143.
•
IV. An initialization vector (IV) provides a starting value for a cryptographic algorithm. It is a fixed-size random or pseudo-random number that helps create random encryption keys. Ideally, the IV should be large enough so that the algorithm doesn't reuse the same IV and re-create the same encryption keys.
1.
Initial baseline configuration. Administrators use various tools to deploy systems consistently in a secure state.
2.
Integrity measurements for baseline deviation. Automated tools monitor the systems for any baseline changes, which is a common security issue. Some tools such as vulnerability scanners monitor the systems and report any changes they detect. Other tools such as Group Policy automatically reconfigure the systems to the baseline settings when they detect changes.
•
Internet Information Services (IIS). IIS is a Microsoft web server, and it's included free with any Windows Server product.
•
It allows the use of private IP addresses (RFC 1918).
A network-based firewall would have two or more network interface cards (NICs) and all traffic passes through the firewall. The firewall controls traffic going in and out of a network.
It does this by filtering traffic based on firewall rules and allows only authorized traffic to pass through it. Most organizations include at least one network-based firewall at the border, between their intranet (or internal network) and the Internet.
•
It hides the IP addressing scheme and structure from external entities.
•
It is widely implemented in site-to-site VPN scenarios.
•
It reduces expense by requiring fewer leased public IP addresses.
•
It serves as a basic firewall by only allowing incoming traffic that is in response to an internal system's request.
•
Medical and health information
•
Metasploit Framework. Metasploit is an open source project that runs on Linux systems. It has data on over 1,600 exploits and includes methods to develop, test, and use exploit code.
•
NTLM is a simple MD4 hash of a user's password. MD4 has been cracked and neither NTLM nor MD4 are recommended for use today.
•
NTLM2 Session improves NTLMv2 by adding in mutual authentication.
•
NTLMv2 is a challenge-response authentication protocol. When a user attempts to log on, NTMLv2 creates an HMAC-MD5 hash composed of a combination of the username, the logon domain name (or computer name), the user's password, the current time, and more.
•
Nonce. A nonce is a number used once. For example, an IV should be large enough so that it is only used once. Many cryptographic algorithms use a random nonce
•
OS detection. Operating system (OS) detection techniques analyze packets from an IP address to identify the OS. This is often referred to as TCP/IP fingerprinting. As a simple example, the TCP window size (the size of the receive window in the first packet of a TCP session) is not fixed. Different operating systems use different sizes. Some Linux versions use a size of 5,840 bytes.
•
Open mode doesn't use any security and allows all users to access the AP.
•
POP3 and Secure POP. Post Office Protocol v3 (POP3) transfers emails from servers down to clients. POP3 uses TCP port 110. Secure POP3 encrypts the transmission with SSL or TLS and can use TCP port 995. However, STARTTLS is now recommended to create a secure connection on port 110.
•
PSK mode (or WPA-PSK and WPA2-PSK) uses a pre-shared key and does not provide individual authentication.
•
Personal characteristics, such as biometric data
•
Ping scan. A ping scan (sometimes called a ping sweep) sends an Internet Control Message Protocol (ICMP) ping to a range of IP addresses in a network. If the host responds, the network scanner knows there is a host operational with that IP address. A problem with ping scans is that firewalls often block ICMP, so it can give inconsistent results.
"
Prabhakaran is an expert in many facets of security, especially in hacking. He is a good manager. Above all he is a good human being.
"
Prabhakaran is extremely hardworking and passionate about his work. His enthusiasm and dedication have always proved to be beneficial for the organization and his technology domain. A go getter and optimistic of invading new things. Dependable and a perfectionist to the core. Wish Prabhakaran continued success in his career. All the best !! "
"
Prabhakaran is extremely hardworking and passionate about his work. His enthusiasm and dedication have always proved to be beneficial to me and my path to become a Computer Forensic Expert. A go getter and optimistic of invading new things. Dependable and a perfectionist to the core. I Wish Prabhakaran continued success in his career. All the best !! "
•
Prevent switching loops. You do this by implementing STP or RSTP on switches.
•
Prevent unauthorized users from connecting to unused ports. Port security methods, such as disabling unused ports, prevent these unauthorized connections.
•
Provide increased segmentation of user computers. VLANs provide increased segmentation. They are implemented on Layer 3 switches.
3.
Remediation. NAC methods can detect some changes to baseline settings and automatically isolate or quarantine systems in a remediation network. Typically, administrators need to correct the problems in these systems manually.
•
Remove the fuel. Fire-suppression methods don't typically fight a fire this way, but of course, the fire will go out once all the material is burned.
•
Remove the heat. Fire extinguishers commonly use chemical agents or water to remove the heat. However, water should never be used on an electrical fire.
•
Remove the oxygen. Many methods use a gas, such as carbon dioxide (CO2) to displace the oxygen. This is a common method of fighting electrical fires because CO2 and similar gasses are harmless to electrical equipment.
•
Reselling the domain. Attackers can buy domain names relatively cheaply, but resell them to the owner of the original site for a hefty profit.
•
SMTP. Simple Mail Transfer Protocol (SMTP) transfers email between clients and SMTP servers. SMTP uses TCP port 25. SMTP unofficially used port 465 with SSL and port 587 with TLS. However, it is now recommended that SMTP use STARTTLS to initialize a secure connection.
•
Service scan. A service scan is like a port scan, but it goes a step further. A port scan identifies open ports and gives hints about what protocols or services might be running. The service scan verifies the protocol or service.
•
Something you are: retinal or iris scan, fingerprint, palm scan, face recognition.
•
Something you do = (Gait Analysis)
•
Something you have: physical token (fob), smart card, bank card.
•
Something you know: password, passphrase, PIN, answer to secret questions.
•
Somewhere you are = IP Address, Geographical location or determined by system name.
•
Specific risk. One of the risks related to hardware failures could be hard drive failure. Of course, there are other potential hardware failures, but the remaining columns for this risk will focus on hard drive failure.
•
Street or email address information
•
The IPsec Transport mode is implemented for client-to-site VPN scenarios.
•
The transport mode encrypts only the payload and ESP trailer; so the IP header of the original packet is not encrypted.
•
Thin APs are controller-based APs. A controller configures and manages a thin AP.
•
Tunnel mode protects the internal routing information by encrypting the IP header of the original packet. The original packet is encapsulated by another set of IP headers.
"
V. P. without a doubt has the technical prowess and personal enthusiasm for information security that marks him as a cyber security powerhouse. V. P.'s skills run the gamut from security training development and training delivery, to high end consultation and penetration testing. I personally had the benefit of experiencing his knowledge transfer via training that was second to none. "
•
What are the potential financial losses to the organization?
•
What are the potential losses to the Reputation?
•
Will a disaster reduce safety for personnel or property?
•
Will a disaster result in loss of life? Is there a way to minimize the risk to personnel?
•
Will a disaster result in loss of property?
A protocol analyzer can capture and analyze packets on a network. The process of using
a protocol analyzer is sometimes referred to as sniffing or using a sniffer. Both administrators and attackers can use a protocol analyzer to view IP headers and examine packets. For example, administrators can use a protocol analyzer to troubleshoot communication issues between network systems, or identify potential attacks using manipulated or fragmented packets.
After personnel handle an incident, security personnel perform a lesson learned review. It's very possible the incident provides some valuable lessons and the organization might modify procedures or add additional controls to prevent
a reoccurrence of the incident.
•
arp -a 192.168.1.1. Displays the ARP cache entry for the specified IP address You can also use arp to identify the MAC address of other systems on your local network.
•
arp -a. Shows the ARP cache on Windows
•
arp. Without a switch, shows help on Windows
•
arp. Without a switch, shows the ARP cache on Linux
•
w3af (Web Application Attack and Audit Framework). This open source vulnerabilities. The stated goal is to find and exploit all web application vulnerabilities and make this information known to others.