Networking – Page 2 – Information Security Blogs

Machine Learning Services

Artificial Intelligence(AI) teaches computers to do things that normally require human intelligence. Some services: Rekognition Rekognition allows you to automate your image and video analysis. Features: Image and video analysis. Identify custom labels in images and videos. Face to text detection in images and videos. Comprehend Comprehend is a natural-language processing (NLP) service that findsContinue reading “Machine Learning Services”

AWS Networking Services

Amazon Virtual Private Cloud (VPC) VPC is a foundational service that allows you to create a secure private network in the AWS cloud where you launch your resources. Features: Private virtual network. Launch resources like EC2 instances inside the VPC. Isolate and protect resources. A VPC spans Availability Zones in a Region. VPC peering allowsContinue reading “AWS Networking Services”

Content Delivery Service(CDN)

A CDN mechanism is used to deliver content quickly and efficiently based on geographic location. Note: Latency means the time it takes to respond to a request. Low latency is good! Amazon CloudFront CloudFront is a CDN that delivers data and applications globally with low latency. Features: Makes connections available globally or restricts them basedContinue reading “Content Delivery Service(CDN)”

OWASP Juice Shop

Day 1 Task – Injection Question #1: Log into the administrator account! Capture the request and change the parameters Click on send button See response in browser The token used is a jwt token which can be easily decoded from jwt.io After decoding you get the password Login with the credentials Here is your flag.Continue reading “OWASP Juice Shop”

Hydra

What is Hydra? Hydra is a brute force online password cracking program; a quick system login password ‘hacking’ tool. We can use Hydra to run through a list and ‘bruteforce’ some authentication service. Imagine trying to manually guess someones password on a particular service (SSH, Web Application Form, FTP or SNMP) – we can useContinue reading “Hydra”

Metasploit Framework

Metasploit, an open-source pen testing framework, is a powerful tool utilized by security engineers around the world. Maintained by Rapid 7, Metasploit is a collection of not only thoroughly tested exploits but also auxiliary and post-exploitation tools. Throughout this room, we will explore the basics of using this massive framework and a few of theContinue reading “Metasploit Framework”

Compliance

Compliance means conforming to a rule, such as a specification, policy, standard, or law. For example: ISO 27001, PCI DSS, GDPR, HIPAA, etc. Need For Compliance: Protect the critical information Enforce control through written policy Understand the requirements for protecting organizational information Identify requirements for protecting organizational information Avoid inadequate implementation and enforcement; this canContinue reading “Compliance”

Security Policies

Security policy is a broad statement produced by the senior management that dictates the role of security within the organization. Characteristics of Security Policy It must be generic, non technical, and easily understood It must integrate security into all business processes and functions It must be reviewed and modified periodically or as the company environmentContinue reading “Security Policies”

Some Generic Terms

Goals, Mission and Objectives Goals: Define what the organization desires to achieve Goals provide the overall context of what the organization wants to accomplish. Mission: Indicate how will you proceed to them Mission is a statement of the organization’s purpose and reason for existence. Objectives: Help in creation of long term and short term strategiesContinue reading “Some Generic Terms”