4 min
Komand
Comparing and Modifying Objects in React
A central feature of the React [https://facebook.github.io/react/] framework is
that a component will re-render when its properties change. Additional action,
or deliberate inaction, can also be taken on a change of properties using
componentWillRecieveProps() -- at which point you’ll do your own comparison of
the new and old props. In both cases, if the two properties in question are
objects, the comparison is not so straightforward.How do I easily modify and
compare javascript objects by some
6 min
Komand
Incident Investigation: It's All About Context
When security operations centers or security teams have data output from our
security devices or from threat intelligence sources, it all too often lacks any
sort of reasonable context on which to base an investigation.
When we have Indicators of Compromise (IoCs) that define a particular type of
attack, often largely IP addresses and file hashes, this can make a very
difficult starting place; inefficient at best, paralyzing at worst. Data with no
intelligence lacks context and we need context
4 min
Automation and Orchestration
Automated Cybersecurity Information Sharing with DHS AIS system
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” we reviewed incident response life cycle
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/],
as defined and described in NIST Special Publication (SP) 800-61 – Computer
Security Incident Handling Guide.
The NIST document contains recommendations on incident information sharing.
Besides these recommendations and organization’s internal procedures, there are
legal requirem
4 min
Automation and Orchestration
Information sharing recommendations of NIST SP 800-61
Maintaining information sharing balance
Cybersecurity information sharing issues are a hot topic. This is because a
balance must be maintained between benefits and risks of information sharing.
This balance is sometimes hard to maintain, and at the same time there are
currently legal requirements regarding sharing such information.
The main benefit of sharing cybersecurity information is more effective:
* incident prevention and
* incident response.
The main risks of sharing cybersecurity i
4 min
Automation and Orchestration
Suricata Overview
Synopsis:
Suricata is an open source threat detection engine that was developed by the
Open Information Security Foundation (OISF). The Beta was released at the end of
2009, with the standard version coming out in the middle of 2010. Suricata can
act as an intrusion detection system (IDS), and intrusion prevention system
(IPS), or be used for network security monitoring. It was developed alongside
the community to help simplify security processes. As a free and robust tool,
Suricata monitors ne
4 min
Automation and Orchestration
Preparation Phase of Incident Response Life Cycle of NIST SP 800-61
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” we review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
We introduced these standards in the first article in this series
[/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/]
.
In previous article in this series
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-80
3 min
Automation and Orchestration
The Team Cymru Malware Hash Registry
Synopsis:
Team Cymru’s Malware Hash Registry (MHR) is a useful tool for scanning
suspicious files. It is free for private use and provides an excellent addition
to a comprehensive security plan. It scans the hash of a file against a number
of anti-virus packages and then lets you know if the file has previously been
detected as malware.
Who Are Team Cymru?
Team Cymru is an internet security research group that operate out of Illinois
as a non-profit organization. Cymru is pronounced Kum-ree, wh
3 min
Automation and Orchestration
How to Configure a Basic IPsec Tunnel
Synopsis
I recently started the blog under the tag IPsec. Anyone having background in
this regard would know that this topic is too elaborate to be covered with a
single article. I will be doing a series of articles to touch as many details as
I can. But first things first: you need to know about the basics of IPsec. I
would like to share with you a way to configure an IPsec tunnel under main mode.
Configuration
Please note in advance the following is a precise configuration for when we need
to
5 min
Automation and Orchestration
How to Install Suricata NIDS on Ubuntu Linux
Synopsiss
Suricata is a free and open source fast network intrusion system that can be
used to inspect the network traffic using a rules and signature language.
Suricata is funded by the Open Information Security Foundation
[https://oisf.net/] and used for network intrusion detection, network intrusion
prevention and security monitoring prevention. It is capable of handling
multiple gigabyte traffic, display it on screen and also send alerts through
email. Suricata’s architecture is very similar
5 min
Automation and Orchestration
How To Protect SSH and Apache Using Fail2Ban on Ubuntu Linux
Synopsis
Fail2Ban is a free and open source intrusion prevention software tool written in
the Python programming language that can be used to protects servers from
different kinds of attacks. Fail2Ban works by continuosly monitoring various
logs files (Apache, SSH) and running scripts based on them. Mostly it is used to
block IP addresses that are trying to breach the system’s security. It can be
used to block any IP address that are trying to make many illegitimate login
attempts. Fail2Ban is s
5 min
Automation and Orchestration
Detection and Analysis Phase of Incident Response Life Cycle of NIST SP 800-61
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” we review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
We introduced these standards in the first article in this series
[/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/]
.
In previous article in this series
[/2017/02/16/preparation-phase-of-incident-response-life-cycle-of-nist-
3 min
Automation and Orchestration
Understanding GRE (2/2)
Synopsis:
In the last post [/2017/01/30/understanding-gre/], I talked about the GRE
tunnels, it’s Class of Service and the Firewall Filters it offers. The next
step is to learn about the simplest way to configure a tunnel between two sites
using GRE. This article aims to give understanding about the Configuration of
GRE Tunnels for Juniper Networks.
Pre-requisites:
Before we go in the actual configuration, here is a checklist that you must have
before configuring your GRE tunnel between sites
3 min
Automation and Orchestration
Basics of IPsec
What is IPsec?
IPsec is a framework of related protocols that secure communications at the
network or packet processing layer. It can be used to protect one or more data
flows between peers. IPsec enables data confidentiality, integrity, origin
authentication and anti-replay.
Why was IPsec created?
There was a dire need of communicating data packets securely over large public
WAN (mainly Internet). The solution was development of many networking protocols
among which IPsec is one of the most de
2 min
Komand
InfoSec Valentines: Show a Security Nerd How Much You Care
It's no secret that we ❤️ security defenders. And while we typically show our
love through helpful insights and technique-driven articles, there's just
something about this time of year that makes us want to display it in an
entirely different fashion.
We present to you infosec valentines! We know this isn't a new phenomenon
[https://twitter.com/search?q=%23infosecvalentines&src=typd], but with all the
doom and gloom that winter brings, creating and sharing infosec valentines got
us excited.
S
3 min
Automation and Orchestration
Understanding Generic Routing Encapsulation (GRE) (1/2)
Synopsis
To transport packets in a private and secure path over a public network, we use
the process of encapsulating packets inside an IP encapsulation protocol. GRE
follows this protocol and sends packets from one network to another through a
GRE tunnel. In this blog, we will understand what is encapsulation, the CoS of
GRE and firewall filters in GRE.
Understanding GRE – Generic Routing Encapsulation
What is encapsulation? The general internal representation of an object or data
or packet is