Understanding Cookies

Cookies

Many of us receive Cookie settings; accept cookies prompts when we visit a website. 

Cookies are key part of HTTP protocol that most web applications rely on. They are helpful for exploiting vulnerabilities. In other way, it is a small piece of text (an unique identifier) sent to your browser by a website you visit. The website then saves some information about the visitor such as your website preference, search history, choice of language etc to provide you relevant content locally. 

When a cookie is created by the server upon connection and the data is labelled with an unique ID to user and computer. A server issues cookies using a set-cookie response header. When the cookie is exchanged between the computer and server later again, the server reads the ID and knows what information is required to send you back or to represent you. 

Sometimes a cookie used to authenticate users and help ensure that the only actual owner of the account is accessing the site. These are essential for internet however it poses risk towards privacy. 

Cookies normally consist of a name with value in pair like (cookie:tracking:mmGho90Kio56n90Mnpe4w)

Cookies are beneficial for:

• Session Management
• Personalization
• Tracking

For Example

Shopping sites or ecommerce sites use cookies to track items that users view earlier time and then the sites show same and relevant items every time to the user. 

There are two types of cookies available such as Session and persistent. 

Session cookies: 

Session cookies are used when we navigate a website. The cookies get stored in RAM for that time. When we close the browser or the session ends, these stored session cookies got deleted automatically. 

Persistent Cookies:

Persistent cookies in the other way remains in the system to a longer period of time where many of them include with a expiration date and they got deleted automatically when that time comes. Persistent cookies ideally used for authentication and tracking purpose. 

How Danger it is:

The cookies cannot harm the system although but, hackers can steal your system cookies and enable access to browsing sessions. They can track individual browsing history and dupe them in future with its social engineering tactics. 

(Image Source:https://networkencyclopedia.com/http-cookie/)

Please provide your feedback and suggestions if any. Thanks!

-DR

101 Questions for interviews in Cyber Security Career

Interview questions for cyber security career

Hello readers, this is a quite interesting post. Here I have given 101 questions based out of my memory during multiple interviews I had attended while trying to switching jobs. So after a long thinking, it came to my mind to keep it posted that can help others. So I kept here for reference and study purpose only. I have not kept the answers here, because that is your task to find out the answers and prepare yourself accordingly. 

While you read questions and find answers, it will help you to remember some parts. Then practice, revise and learn. Although there are lots of questions in this domain. Cyber Security domain is very large and depth in nature. But for basic understanding and preparing for interviews to take or give, this post might help. 

Lets see the questions below:

1. What is your current job role and why you want to change your job role?
2. Have you ever worked on Security audit, IT audit, internal audit, SOC, SOX environment?
3. How many types of risks are there?
4. What do you mean by risk assessment and risk management?
5. Tell the formula for calculating risk in risk assessment.
6. Difference between qualitative and quantitative risk.
7. How you address residual risks?
8. What is inherent risk?
9. Difference between threat, vulnerability and risk.
10. What is shoulder surfing and social engineering?
11. What is CIA triad?
12. Do you know data classification? Example. 
13. What is that risk called when you accept it?
14. What do you mean by risk register and risk treatment plan?
15. The difference between internal audit and external audit.
16. What is a RACI chart?
17. What do you mean by SOX audit?
18. Have you done any SOX, SOC2 , ITGC audit?
19. Difference between SOC2 and SOC1 audit reports.
20. What control activities ape applicable for financial audit?
21. What are ITGC controls?
22. What is a control environment?
23. What is an information processing facility and what are basic controls applicable for it?
24. What is an encryption and how many types of encryption is there. Which encryption is best encryption method?
25. What is the goal of system and application audit?
26. How you address the risks identified. What are steps after getting your findings?
27. The important factors required for planning audit?
28. How many controls are there in ISO27001? Name few controls how you review those controls.
29. What is context of a organization in ISO 27001?
30. What is advantage of implementing ISO 27001 for an organization?
31. What is the process for implementing ISO 27001?
32. What is human resource security in ISO 27001?
33. What are the controls tested for network security in ISO 27001 context?
34. What is enterprise security?
35. What is SOA?
36. What is BCP and how the activity is being carried out?
37. What is RTO and RPO?
38. What is GRC? Name some GRC tools and best features in it.
39. What is GDPR? When it came to effect?
40. What is personal data and how to keep safe personal data?
41. What kind of information does the GDPR applied?
42. What tools you have used for application security audit? Name some application security tools. 
43. Difference between Vulnerability assessment and Penetration Testing.
44. Difference between NMAP and NESSUS tool.
45. Can you perform PT from a VA tool? Which tool offers both VA and PT capability?
46. What do you mean by port scanning? Name some tools.
47. How do you plan your audit within your team and with client?
48. What is patch management?
49. Describe phishing with an example.
50. What is audit methodology and how it is planned?
51. Describe change management in ISO 27001.
52. What is threat analysis and how you can perform that?
53. Name some of logical security technologies you have used.
54. Difference between incident management and problem management with example.
55. How incident management and change management is integrated?
56. What is IAM, PAM? 
57. What is DAST / MAST / SAST / IAST?
58. Difference between SAST / DAST?
59. How can you securely access to a cloud network?
60. Can you name 3 basic areas of control under PCI DSS standard?
61. Do you know NIST framework? Can you name 2-3 controls?
62. Can you give one example, of NIST control associated with ISO27001 controls?
63. What are basic methods for financial fraud detection and prevention?
64. Any critical risks identified in last 3 months? How you have addressed?
65. Do you know SDLC? What the security measures being carried out during a software development. How you can audit a SDLC process?
66. What is a Zero day attack? How you can prevent that?
67. Difference between IDS and IPS systems.
68. Difference between firewall and IPS device.
69. Can you name some VPN tools and DLP tools? What tools you have used?
70. Name some features of DLP.
71. What is OT security?
72. What is Zero trust network?
73. How identity theft can be prevented?
74. What is DMZ zone and why it is required?
75. How to protect your home wireless access point?
76. What is ransomware attack and how do you address it?
77. Do you know DDoS attack and how it occurs?
78. What is access control policy?
79. Difference between SSO and MFA. Which one is best authentication method?
80. Do you know Ubikey?
81. Do you know how to harden a server?
82. What are common policies need to be configured in firewall?
83. What is signature based filter?
84. What is source-routed traffic?
85. What is SQL injection?
86. What is Salting?
87. Difference between SSL, SSH.
88. What are OWASP top 10 controls?
89. Difference between symmetric and asymmetric encryption.
90. What is XSS attack?
91. What is black box testing and white box testing?
92. What is a botnet attack?
93. What is network honey pot?
94. What is network sniffing?
95. What is a key logger?
96. How to secure RDP? Why it is not secure to use RDP?
97. What are risks arises from malware attack?
98. What is threat intelligence?
99. What are biggest sources of malware?
100. What is reverse engineering? Where it is used?
101. What is a root kit? 

If you unable to understand or find any answers, please post in comment section below.

-DR

Know about Data Classification

Data Classification

Data classification is the process of analyzing structured or unstructured data and organizing it into categories based on file type, contents, and other metadata. Further these data may be used and protected more efficiently. Data classification includes tagging data to make it easily searchable and trackable. It also removes multiple duplications of data, which can decrease storage and backup costs.

Further data classification can be done based on content, context and user level selection. 

Highly Confidential Data

Sensitive information subject to a need-to-know basis for certain individuals or groups that are typically approved by organization where unauthorized disclosure may cause severe financial or reputational damage.

Examples: 

• Firm legal documents
• Employee records
• Financial data
• Account number/ credit card number / debit card number
• Non-public client board member information
• Some client data
• Personal data (PII) such as ID numbers
• Special Categories of personal data (Sensitive Personal Data) such as political opinions, religious beliefs, genetic data, health data

Confidential Data

Information subject to a need-to-know basis for certain individuals or groups where unauthorized access may cause significant damage that may result in financial penalties.

Examples: 

• Client data
• Non-public or proprietary information such as marketing and business development plans
• Work products and deliverables
• Personal data (PII) such as ID numbers

Internal Data

Proprietary information intended for internal use or authorized external use where unauthorized external disclosure may cause embarrassment or minor damage to organization.

Examples: 

• Training materials
• Organizational charts
• Third Party content

Public Data

Information intended for public use where public use and disclosure would not negatively impact the Organization. 

Examples: 

• External marketing materials
• Public website/ blog content
• Employee directory
• Whitepapers/ publications
• Company holiday calendar

All organizations shall Data Classification policy. The policy defines who are responsible for classifying data for different programs or organizational units. It further describes below points;

• Which person owns the data or information?
• Who is responsible for integrity and accuracy of the data?
• Where is the data stored.
• How data backup is taken.
• What is the retention policy.
• What is data destruction policy.
• Whether all are being documented or not?

Therefore this is just a basic information on data classification or information classification.

-DR

Everything about Dark Web the hidden iceberg.

Dark Web

Many of you must have heard this Deep Web or Dark Web or Dark Net and many may not have heard. Dark web is a hidden network from the internet we see on day to day basis. No traditional search engines (Chrome, Mozilla, IE, etc.) will be able to find or locate the dark web because, those information are not indexed by search engines. Specific software, search engine optimization and configurations were made behind. 

This black market deals mostly on pirated software, illegal arms trafficking. It is also known as black market which is operated online and behind the curtain.

Websites on the dark web use much encryption software to keep their visitors and owners remain anonymous and hide their locations over the network and making it as home to so much illegal activity. If you tap into the dark web, you’ll find everything from illegal drug and gun sales to illicit pornography and stolen credit card, bank account number, banking passwords and Social Security numbers.

As per Norton reports, key event for the dark web came in 2002, when the alpha version of the Tor web browser was launched. This browser, short for The Onion Router, is free and open-source software that allows people to travel the web anonymously. The development of the Tor Browser that is commonly used today to access the dark web began in 2008. Even if anyone wants to access dark web, its legal. No worries, but yes if you buy items or deal with any matters through dark web, then it becomes illegal.

When you go and browse dark web you can find items in sell such as;

• Stolen credit card numbers
• Firearms
• Pornography
• Sex racket
• Stolen gold and jewelry
• Stolen Social Security numbers
• Marijuana
• Guns 
• Costly apparels
• Fake passports

The deep web is little bit safer than the dark web. Accessing the contents are also safe. Deep web is little bit different than dark web, in deep web you can find stored information on below items;

• The content of your personal email accounts
• Your social media account contents
• Your online banking contents
• Private database of companies and corporate
• Medical records
• Legal documents

How to access dark web

Accessing to dark web is not a difficult task, all you need some search engine and some browser to access. The most popular one is TOR browser, you can not access using chrome or Mozilla. People use this browser to become anonymous while browsing. But there is some tricky methods to find the dark web sites through the TOR. Again remember it is not safe always to browse dark web contents, you might require one VPN connectivity for adding more safe to your browsing. Never share any personal information in dark web.

If you have further suggestions, please feel free to provide below.

-DR