Cryptography is a technique of encrypting and decrypting messages. When the text is encrypted, it is unreadable by humans. When the text is decrypted, it is readable by the humans. The terms used in cryptography are as follows: Plain text: This text can be read by a user. Cipher text: This text can be converted to a non-readable format. Encryption: It is the process of creating a cipher text from a plain text. Decryption: It is the process of converting a cipher text to a plain text. Cipher: It is an algorithm that is used to encrypt and decrypt text. Key: Keys are the elements that are used in the technology of encrypting and decrypting text. For more information read Cryptographic attack

Cryptographic attacks are methods of evading the security of a cryptographic system by finding weaknesses in such areas as the code, cipher, cryptographic protocol or key management scheme in the cryptographic algorithm. The following are the cryptographic attacks usually performed by an attacker: Known plaintext attack: In a known plaintext attack, an attacker should have both the plaintext and…copy of it with the encrypted data. This is used to find patterns in the cryptographic output that might uncover a vulnerability or reveal a cryptographic key.Chosen ciphertext attack: In this type of attack, an attacker can choose the ciphertext to be decrypted and can then analyze the plaintext output of the event. The early versions of RSA used in SSL were actually vulnerable to this attack.

The new requirements include the following components:

* The minimum professional experience requirement for CISSP certification will be 5 years of work experience in two or more of the 10 domains of the CISSP CBK, or four years of work experience with an applicable college degree or a credential from the (ISC)2-approved list. The current requirements for the CISSP call for four years of work experience in one or more of the 10 domains of the CISSP CBK, or three years of experience with an applicable college degree or a credential from the (ISC)2-approved list.

* Candidates for any (ISC)2 credential will be required to obtain an endorsement of their candidature exclusively from an (ISC)2-certified professional in good standing. The professional endorsing the candidate can hold any (ISC)2 certification – CISSP, SSCP or CAP. Currently, candidates can be endorsed by an officer from the candidate’s organization if no CISSP endorsement can be obtained. The board believes that only an (ISC)2-credentialed professional bound by its Code of Ethics should provide a candidate endorsement.

Its not too long when security professionals needed the system to redefine the security checking methods in corporate world. Its very difficult to compete with the whole Black hat army with bare hands. “Survivial of the fittest” to make new world security evolves in penetration testing.

First question flash in our mind is What on Earth is this Penetration testing?

It is basically a process of attacking on a system. Lets take an example:

I am security officer of XYZ Inc. I am concerned about the security of the company’s network but I am not able to find any loop hole or hot spot, which have potential to crash the network and cause loss of million bucks to company.

Now, What I will do is hire a Penetration testing team and instruct them to penetrate or in general term hack in the network of the company. They will apply all possible attacks all possible technologies to hack into the system. Lets assume that they hacked into the system through SQL injection attack. So now I know that the company’s system is vulnerable to this attack and I will take the appropriate step to prevent this.

May be this is the weird but to protect ourselves from the cyber attackers we have to be one of those. This is the only way we can think in their way and find out their strategy.

I am on it from last 2 weeks very soon I will post about the certification papers for penetration testing. Its’ still in the process of metamorphism.

I am also considering the books on this subject. Lets see how far I can go.

The U.S. Department of Defense (DoD) announces the official approval of the EC-Council Certified Ethical Hacker (CEH) certification program as a new baseline skills requirement for U.S.cyber defenders. Specifically, the new Certified Ethical Hacker program is required for the DoD’s computer network defenders (CND’s), a specialized personnel classification within the DoD’s information assurance workforce.

The Certified Ethical Hacker requirement falls under the auspices of DoD Directive 8570 Information Assurance Workforce Improvement Program. The current version (incorporating Change 2) was signed by Assistant Secretary of Defense, John G. Grimes and was officially instated on February 25, 2010. Directive 8570 provides clear guidance to information assurance training, certification and workforce management across all components of the DoD.

The CND groups protect, monitor, analyze, detect, and respond to unauthorized activity within DoD information systems and computer networks.

With this directive, military service, contractors, and foreign employees across all job descriptions must show 100-percent compliance with the new Certified Ethical Hacker training requirement by 2011. This shows the DoD’s focus on better training and preparation of the U.S. military workforce in this area.

The Certified Ethical Hacker qualification tests the certification holder’s knowledge in the mindset, tools and techniques of a hacker, fortifying it’s certification tag line: “To beat a hacker, you must think like one.”

“It is one of the most technically advanced certifications on the directive for CND professionals. In fact, it is the only certification approved across four out of the five categories to prepare the CND teams. While other policy-based programs add value, CEH prepares the U.S. CNDs to combat hackers in real time, defending U.S. interests globally.”

CISSP is added the Department of Defense Directive 8750.

In August of 2004, the U.S. Department of Defense recognized Directive 8570.1, which involves that every full- and part-time military service member, defense contractor, civilian and foreign employee with privileged access to a DoD system, regardless of job series or work-related area of expertise, to get a viable certification record that has been recognized by the American National Standards Institute (ANSI) by January 1, 2010 in order to maintain his or her job.

Government agencies know that their best line of defense for securing and protecting their vital information and information systems is a well-trained and aware user. That’s why DoD Directive 8570.1 was put into place. This enterprise-wide consent requires that any personnel conducting Information Assurance (IA) functions be trained and certified in a commercial certification on the concepts, principles, and applications to enhance protection of the Department of Defense’s (DoD) information, information systems, and networks.

Department of Defense Directive 8570 (DoD 8570) provides guidance and procedures for the training, certification, and management of all government employees who conduct Information Assurance functions in assigned duty positions. These individuals are required to carry an approved certification for their particular job classification. GIAC certifications are among those required for Technical, Management, CND, and IASAE classifications.

In the next post I will discuss about the levels and posts associated with the CISSP cert exam.

The IEEE 802.1X standard defines a method of authenticating and authorizing users to connect to an IEEE 802 LAN. It blocks users from accessing the network on the failure of authentication. IEEE 802.1X supports the Extensible Authentication Protocol-Transport Level Security (EAP-TLS) and Protected EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2) protocols. In the IEEE802.1X authentication system, an access point receives a connection request from a wireless client and forwards the request to the RADIUS server. The RADIUS server then uses the Active Directory database to determine whether the client should be granted access to the network.

The access router is the common name of the exterior router present in the screened host firewall architecture. It is attached to the perimeter network and the internet. Access router is used to protect both the perimeter network and the internal network from the Internet. It allows anything that is outbound from the perimeter network. Access router seldom do packet filtering. The rules for packet filtering, which is used to protect internal machines are always same on both the interior router and the exterior router.

In the land attack, the attacker sends the spoofed TCP SYN packet in which the IP address of the target is filled in both source and destination fields. Now, on receiving the spoofed packet the target system becomes confused and goes into the frozen state. Now-a-days the antivirus can easily detect such attacks.

In a teardrop attack, a series of data packets are sent to the target computer with overlapping offset field values. As a result, the target computer is unable to reassemble these packets and is forced to crash, hang, or reboot.

In a ping of death attack, the attacker sends an ICMP packet larger than 65,536 bytes. Since the operating system does not know how to handle a packet larger than 65,536 bytes, it either freezes or crashes at the time of reassembling the packet. However, nowadays the operating systems discard such packets, so the ping of death attack is not applicable under these circumstances.

In a fraggle DoS attack, an attacker sends a large amount of UDP echo request traffic to the IP broadcast addresses. These UDP requests have a spoofed source address of the intended victim. If the routing device delivering traffic to those broadcast addresses delivers the IP broadcast to all the hosts, most of the IP addresses send an ECHO reply message. However, on a multi-access broadcast network, hundreds of computers might reply to each packet when the target network is overwhelmed by all the messages sent simultaneously. Due to this, the network becomes unable to provide services to all the messages and crashes.

In a smurf DoS attack, an attacker sends a large amount of ICMP echo request traffic to the IP broadcast addresses. These ICMP requests have a spoofed source address of the intended victim. If the routing device delivering traffic to those broadcast addresses delivers the IP broadcast to all the hosts, most of the IP addresses send an ECHO reply message. However, on a multi-access broadcast network, hundreds of computers might reply to each packet when the target network is overwhelmed by all the messages sent simultaneously. Due to this, the network becomes unable to provide services to all the messages and crashes.

Online Certificate Status Protocol (OCSP) is used for obtaining the revocation status of an X.509 digital certificate. It is used to verify the status of a certificate. It was created as an alternative to certificate revocation lists (CRL). It provides more timely information about the revocation status of a certificate. It also eliminates the need for clients to retrieve the CRLs themselves. Therefore, it generates to less network traffic and provides better bandwidth management. It is described in RFC 2560 and is on the Internet standards track.