The IT Infrastructure Library (ITIL) is a library of volumes describing a framework of best practices for delivering IT services. ITIL’s systematic approach to IT service management can help businesses manage risk, strengthen customer relations, establish cost-effective practices, and build a stable IT environment that allows for growth, scale and change. In fact, ITIL describes [...]
Rapid7 Nexpose is a vulnerability scanner which aims to support the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. RAPID7 plays a very important and effective role in the penetration testing, and most pentesters use RAPID7. This paragraph is abbreviated from www.rapid7.com The following figure shows some of [...]
Zero-day is a flaw in software, hardware or firmware that it has the potential to be exploited by cybercriminals. In other words, zero-day is a vulnerability in a system or device that has been disclosed but is not yet patched. A zero day exploit is a cyber-attack that occurs on the same day a weakness [...]
A penetration test (pen test or pentest and or ethical hacking) is a simulated cyber-attack against a computer system to check for exploitable vulnerabilities. You should not be confused it with a vulnerability assessment. Source: en.wikipedia.org In fact, this test simulates a real-world attack to determine how any defenses will fare and the possible magnitude [...]
A broadcast storm is also known as a network storm. It is an abnormally high number of broadcast packets within a short period of time. The broadcast storm is one of the major deficiencies in computer network systems and it can shut down entire network in seconds. When different nodes are sending/broadcasting data over a [...]
Wireshark is a network packet analyzer. This software one of the best packet analyzers available today and is available for free, and it is open source. This software, formerly known as Ethereal but the project was renamed Wireshark in May 2006 due to trademark issues. Sources: wireshark.org and en.wikipedia.org Wireshark is cross-platform and it runs [...]
In this post, we'll take a look at SSL protocol and TLS protocol to help you understand the different aspects of these protocols. One of the most important topics in Cyber-security course is web secure. What’s SSL? SSL (Secure Sockets Layer) is a protocol for establishing authenticated and encrypted links between networked computers. [...]
Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks, which include Wi-Fi networks. In this post, we'll take a look at wireless security protocols to help you understand the different aspects of these protocols. Source: en.wikipedia.org There are several types of wireless security Protocol that you’ll come [...]
Syslog stands for “System Logging Protocol,” Syslog used for system management and security auditing as well as general informational, analysis, and debugging messages. Syslog is a way for network devices to send event messages to a logging server. This protocol can be used to log different types of events. For example, a router might send [...]