AAA

AAA

Authentication, Authorization & Accounting

AAA is a hardware or a software based server used for authentication purpose during User access management. Authentication determines who the user is, authorization determines what the user has access to. And accounting keeps track of what they did on the equipment, AAA acts as a centralized system so a single system can be accessed to administrate user accounts and understanding configuration changes. Generally, CISCO uses two protocols for AAA server communication i.e. TACACS+ and RADIUS. 

The AAA can have other features as

• It can provide authentication, user or administrator access, and policy control for centralized access control. 
• The solution must support an integrated user repository in addition to integration with existing external identity repositories such as Microsoft Active Directory servers, LDAP servers.
• The solution must support multiple authentication protocols such as PAP, MS-CHAP, EAP-MD5, PEAP and EAP-TLS.
• It must support use of multiple authentication protocols concurrently.
• AAA must support multiple identity stores such as Microsoft Active Directory, Kerberos, LDAP-compliant directory, Open Database Connectivity (ODBC)-compliant SQL database, token servers, and internal databases across domains within a single policy.
• It should support passive device profiling methods such as DHCP, Span Ports, HTTP User-Agent, MAC OUI/Auth or TCP SYN-ACK handshakes as well as active device profiling methods such as SNMP, Subnet Scan, SSH and NMAP Scan.
• Through AAA we can define different access levels for each administrator and the ability to group network devices to enforce and change of security policy and can define sets of ACLs that can be applied per user or per group for layer 3 network devices like routers, firewalls and VPNs.
• AAA supports process inbound threat-related events (which are Syslog events received from any third-party vendor device, such as Firewall, SIEM) and perform enforcements and actions based on the defined enforcement policies and services.
• Provision of utilities for interactive policy simulation and monitor mode for assessing the policies before applying to the production network.
• Supports user as well as device authentication based on 802.1X, non-802.1X, and Web Portal access methods across multi-vendor wired networks, wireless networks, and VPNs.
• If it is used as Hardware, it must be used as 1:1 redundancy.

-DR

Cyber Security | Cyber SCAM for Valentines Day!

100th Post

Happy Valentines Day!

I Love You.

Quite interesting right?

Valentines Day is celebrated as a big day for love and lovers. But some evil minds have put some danger behind the day. Lets read ahead;

We all have heard about I LOVE YOU virus that was a computer worm infected over ten million windows personal computers during 2000 when it started spreading as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.txt.vbs". 

Similarly hackers are thinking the scams in more and more romantic ways now a days. A new kind of Cyber SCAM came to notice within friends and family circle by the first week of February up to the V Day i.e. February 14, 2021. Some message was circulated in whatsapp and facebook on the name of Valentines Day gift. Many people have received and send or forwarded the received message.

If you click on this kind of messages, the SCAMMERs will collect all the personal information stored at your mobile. Then they will ask you to forward this message to other groups to get the gift claimed. Then they will ask to load a dangerous app on your mobile which will later give you worst results. 

The Message came in multiple types  as below;

“I received a gift card from TAJ Hotel and finally got the chance to stay in TAJ Hotel for 7 days for free. Httpsxx://wwwxx.nsknox.cn/tiaoban.phpxx?app=jiudainxxxx”....

And

“Answer the questions to receive the Valentines Day Gifts. I participated in this questionnaire and won a mobile phone. My friend also got the prize. Come and get prizes. Xttyn.cn/tiaban.php?app=….”

And

There was an another SCAM in the name of TATA group also.

Anyway below are few tips to avoid such kind of SCAMs in future!

• You must not click on unverified and unknown links.
• Avoid clicking on any sort of promotional emails or forwarded links.
• Discuss with friends and family not to forward further any kind of this messages to other people in their contact.
• If you click by mistake, just switch off immediately or disconnect internet quickly.
• If you find any grammatical error in such emails or messages you must not believe them and delete them immediately.
• Do not immediately pay blindly at online without verifying the link and genuine or trusted web site.

-DR

Password and its Management

Password and Password Management

In day to day digital world, we everyone are associated with the term “Password”. Some say, its same as your Toothbrush, “Never ever share it”. Now a days we have multiple accounts at multiple services, such as Banking, email service, social networking, education, etc. where we are associated with using USERID and PASSWORD. Both are always Important and should be confidential to keep with self. Passwords are nothing but a set of strings set by users during the authentication process.

It was initially for memorize and use when prompts. If you share your password or mishandle or someone stole it and mis utilizes, then the security threat arises including a huge damage or loss.

A password is set of characters, numerical letters and symbols. We all should take serious attention towards the password management. A password must be complex in nature so that it could be difficult to guess.  Do not simply keep your passwords simple as name, date of birth, mobile number etc. They are most vulnerable to guess and easy to hack through social engineering. During a brute force attack, an attacker tries to crack the password with multiple times and multiple try with possible strings as per his/her experience and knowledge.

As well it is always advisable to avoid the below type of passwords which are considered as most common and easy to guess.

Password

• 123456
• 999999
• 000000
• Delete
• Mysecret
• 111111111
• 123123
• Iloveyou

Some of the good password managers as per some global security researchers as mentioned below;

• Bitwarden
• 1password
• KeePassXc
• Keepass
• Enpass.io
• Zoho Vault
• Dashlane

There shall be some password management policy that need to be documented by an organization. As per ISO 27001:2013, Control A9.4.3 Password Management Systems shall be interactive and shall ensure quality passwords. 

Some sample password management policy;

• All password must contain minimum 8 characters (alphanumeric).
• It should contain atleast two numeric.
• It should contain special characters.
• It should not be a single character out of dictionary.
• Password can not be easily guessed personal information such as name, date of birth, mobile number, vehicle number, etc.
• Passwords should not be shared over public internet or messaging services.
• Avoid same password for multiple accounts.
• No one should write down password at any paper or board at workplace or home.
• Every password should be special that does not match the history of same password.
• If any user fails to login with the wrong password, it should be locked after 3 trials atleast.
• Two factor authentication can be used to add additional layer on accounts including basic password.

-DR

EMS or NMS

EMS or NMS

Enterprise Management System

Network Monitoring System

Enterprise Management System is a bundle of software or application used for managing an IT system. It addresses different needs of the organization from monitoring to operation. It can act as ERP (Enterprise Resource Planning) software.

In an IT/ITES/ Networking world, the EMS can be used for Event monitoring, Server Monitoring, Network Monitoring, Database Monitoring, Helpdesk ticketing and Application monitoring. Further it assists in Security and Incident management, problem and request management, change management, configuration management and asset management, etc. 

General Features

• It shall have alarm Correlation and Root Cause Analysis system that will integrate network, server and database.
• It shall generate alarms in a single console and provide a unified reporting interface for network components. 
• All the assets can be configured and discovered through the tool and need to be visible in the screen.
• It helps in generation of reports of all kinds, including but not limited to Uptime, down time, change orders, Incident logs, bandwidth consumption, resource capacity utilization etc. 

Server Infrastructure Monitoring

• The solution can provide both Agent-based and Agent less Monitoring in a single solution architecture.
• The solution can be able to monitor the availability and performance of the servers, business applications, databases, applications using one single solution.
• The proposed Enterprise Management tools must be able to monitor end-to-end performance of Server Operating Systems & Databases and Should be able to manage distributed, heterogeneous systems – Windows, UNIX & LINUX from a single management station.
• Should be able to monitor bare metal, Hypervisor, KVM, Open stack, VMware, RedHat Virtualization environment.
• Solution can provide a web based Central Monitoring Administration console for management, deployment and configuration of monitoring Agents.
• Central Monitoring Administration web console should also provide downtime configuration feature to schedule planned outages.
• The solution can provide self-monitoring and notifications capability via sms, email etc.
• The system should have context-based analysis and forecasting based on performance data with automated policy deployment with detailed, intelligent monitoring of performance and availability data collection.
• The solution can support Service Impact modelling with automated Event to Monitor other association.
• The solution must be able to collect following type of Server Monitoring Parameters.

a. Disk failure/utilization

b. CPU Failure/utilization

c. RAM failure/utilization

d. Event logs

e. OS Monitoring

f. CPU Utilization

g. Disk Utilization

h. Cluster Monitoring

i. Process Monitoring

Database Monitoring and Storage Monitoring

• The EMS can help in Monitoring of standard RDBMs (community and enterprise version) like Oracle, MS-SQL, DB2, MySQL, Sybase, Postgres, MariaDB etc. in standalone and cluster mode. Solution should be able to monitor storage infrastructure and performance. 
• It can collect information and analyze specific to below items such as;Buffer pools, Locks and other details about lock resources, Tablespaces / Data files / Log files, Database Usage, Database Errors, Database Status, Database File Group Space Usage Level, Database Mirroring Status, Database Transaction Log Usage Level, Database Transaction State, Server SQL Query Performance, Server Query Tuning, Active Connections. 
• Microsoft SQL Server Connection Check, Microsoft SQL Server Documents, Mirroring Status, Network Statistics, Processes Blocked, Replication Agent Status, Replication Latency, Transactions Active.
• Database Server Status, Server key events, Server CPU Usage by SQL, Server Replication, Status, Server Transaction Rate, File group Space Usage, CPU Utilization etc. 
• It helps in monitoring SQL statements to identify resource-intensive, inefficient and problematic SQL statements to facilitate SQL query optimization and tuning and also Identifies database problems.

Network Fault Management

• An EMS sometimes known as NMS tool (Network Management System or Network Monitoring System) provides fault and performance monitoring. It also helps in compliance and configuration Management. The proposed fault management solution must able to perform real-time or scheduled capture of device configurations. NMS can support Industry-leading support for physical, virtual, and SDN-enabled devices like Cisco ACI, VMWare NSX, Viptela, Big Switch Networks, etc.
• The solution can support IPv4, IPV6 and SNMP v1, v2c and SNMP v3 and/ or latest version to provide added security. The solution must allow topology maps to be created for network areas; it should automatically detect and displays links between devices and any change in particular network elements or links status.
• The tool should automatically discover different type of heterogeneous devices (all SNMP supported devices i.e. Router, Switches, LAN Extender, Servers, Terminal Servers, Thin-Customer and UPS etc.). The solution can provide information regarding capacity utilization and error statistics for WAN links.
• The solution can process events using consolidation, filtering, normalization, enrichment, correlation, and analysis techniques. Then it should notify the appropriate IT operations personnel of critical events. Solution can also automate corrective action wherever possible.
• It can be able to capture, track & analyze traffic flowing over the network via different industry standard traffic capturing methodologies viz. NetFlow, jflow, sFlow, IPFIX etc.
• It can collect the real-time network flow data from devices across the network and provide reports on traffic based on standard TCP/IP packet metrics such as Flow Rate, Utilization, Byte Count, Flow Count, TOS fields etc.

Network Performance Manager

The solution can Collect, analyze and summarize management data from LAN/WAN, MIB-II interfaces, various systems and services for performance management. EMS can Collect, analyze and summarize management data from LAN/WAN, MIB-II interfaces, various systems and services for performance management. It can provide Real time network monitoring and Measurement of end-to-end Network/ system performance & availability to define service levels and further improve upon them.

Service desk or Helpdesk or Incident & problem Management

Service Desk solution should provide classification to differentiate the criticality of the security incident via the priority levels, severity levels and impact levels. The solution should provide embedded and actionable best practices workflows i.e., best-practices process & views based upon implementations. 

It can allow SLA to be associated with a ticket based on priority, severity, incident type, requestor, asset, location or group individually as well as collectively. The tool itself can be able to calculate SLA based on configured parameters automatically (deducting the total downtime and maintenance time under different category) with detailed summary and consolidated reports as per requirement.

It can support auto assignment of incidents or tickets and must be based on logic for ticket allocation, Engineers geo-location, availability of engineer; as per shift & as per ongoing repairs for resolution, skillset required for the trouble ticket.

Besides above, the EMS/NMS tool helps in below areas;

• Change and release management
• Configuration Management
• Knowledge Management
• Service Management Framework
• Service level Management
• Device discovery or Data Centre/ LAN / WAN discovery\
• Network & Patch Management
• Configuration and compliance Management
• Reporting & Dashboards

Many vendors working upon the EMS/ NMS tool such as 

• CA
• Service Now
• BMC Remedy
• Micro Focus

etc..

-DR

What is SOAR

SOAR

Security Orchestration, Automation and Response (SOAR) are designed to response automatically on the cyber-attacks. 

Integration is the Key

The SOAR works best depending on the integration. It can be integrated with security devices such as, SIEM (Security Incident and Event Monitoring) device, Firewall, IDS, IPS, EMS system and threat intelligence platform to detect and respond the threats automatically. It may be designed to support scripting languages, APIs, Database, syslog, email, online forms, etc. It has a Playbook built earlier by the security architects and engineers to detect and automate the incident response. A SOAR addresses the challenges that SIEM cannot do.

Functional brief:

• SOAR solution may support flexible methods for implementing process workflows.

• May be able to automatically extract email attachments from emails and store that for the related incidents as attachments.

• Solution may include and support in creation of multiple playbooks for incidents like Ransomware Attack, Data Leakage, Malware Attack, DOS and DDOS attack, Phishing Attack, etc.

• It should be able to support creation of incidents via API, Web URL, SIEM, Ticketing system, etc.

• It should have provision or capable of creation and closure of incident automatically or manually. It can execute automated workflow.

• It can provide simulation environment to test playbooks without relying on access to real environment.

• There should be one integrated dashboard in GUI mode to see all the notifications at one screen.

• It should support basic case management including tracking of case, recording of action on incidents and reporting on metrics. 

• It can help in asset management, document and report management, task management etc.

• It may Automatically document the entire incident workflow manual as well automated steps for all incidents timestamp of all actions taken in an incident.

• It may develop reports by tracking of indicators and samples, such as IP addresses, URLs, malware samples, threat samples, vulnerabilities data base etc.

• It will Provide automated incident SLA breach report based on severity, type of incident, creation time, closure time, response time etc.

• It should be integrated with threat intelligence feeds to properly correlate to the end of discovering attack patterns, potential vulnerabilities and other ongoing risks to the organization.

• SOAR should have the capability for different forms of threat hunting, while actively looking for attacks and patterns that may not have been detected through automated methods.

• SOAR should provide capability to embed scripts (Python / java / JS or any other language code) in the playbooks steps to design playbooks for advance and complex use cases.

• It allows Security analysts to investigate upon incidents, grouping the alerts, monitoring and reporting.

Companies providing SOAR solution

Below are the vendors who provide SOAR solution as a OEM and as a Service on modular basis;

• CyberBIT
• Demisto
• IBM SOAR
• Splunk
• Rapid 7
• Pal Alto
• SWIMLANE
• FortiSOAR
• FIREEYE
• Exabeam
• RSA
• SIRP
• LogRhythm

This is only the basic of the SOAR solution. 

-DR

Telecom | Microwave

Microwave Signal

Many of us were aware about the signal and microwaves. Microwave is one of the telecommunication basic physics and relates to Signal, frequency. In a generic concept, microwave is one type of electromagnetic radiation which have wave lengths range between 1 Meter to 1 Millimeter and have the frequency between 300 Mhz to 300 Ghz. 

In general Microwave signals travels in air medium, and in line of sight. They are used for point-to-point communication or we can say literally as tower to tower communication. Earlier long distance telephone communications were made through narrow beam radio microwave signals. Most of the microwave applications were used between 1-40 GHz.  

SL	Band Name	Frequency in GHz/MHz
1	L Band	1-2 GHz
2	S Band	2-4 GHz
3	C Band	4-8 GHz
4	X Band	8-12 GHz
5	Ku Band	12-18 GHz
6	K Band	18-27 GHz
7	KA Band	27-40 GHz
8	HF Band	3-30 MHz
9	VHF Band	30-300 MHz
10	UHF Band	300-1000 MHz
11	Radio Broadcast	550 KHz- 1600 KHz (AM) 88 KHz-108 MHz (PM)

Many applications work within the above specified range such as RADAR, TV Broadcast, Military Communication, Maritime Communication, Radio Broadcast, Satellite Communication, Mobile Communication, etc. In General, for home use TV and Radio sets use UHF and VHF frequency band for operation. 

Similarly, L Band Frequency Radars working are mostly used for clear air turbulence studies. For weather monitoring, S Band is used. Because of the smaller wavelength the X Band RADAR sensitive enough to detect tiny particles in air even water droplets. The X Band are being used at major airplanes.  

A Microwave System

A microwave system used for microwave signal generation and transmission normally consists of a transmitter unit, including a microwave oscillator, wave guides and a transmitting antenna or RADIO device, and a receiver unit that includes a receiving antenna, transmission line or wave guide, a microwave amplifier, and a receiver unit.

For Microwave sources, components used such as Cathode tube, Gunn Diode, Reflex Klystron and Magnetron are used. 

Gunn diodes have been found a very effective method of generating microwave signals anywhere from around 1 GHz up to frequencies of possibly 100 GHz. It may also be used for amplifier and it does not contain PN type junction. 

Later we will learn more concepts on other telecommunication systems.

-DR