DNS firewall – Its time to try DNS firewall

[vsw id=”1xWSU4DCNZ4″ source=”youtube” width=”425″ height=”344″ autoplay=”no”]

 

https://www.isc.org/wp-content/uploads/2017/12/RPZ-webinar7.ppt.pdf

Webinars and other Presentations given by ISC

http://www.securityzones.net/images/downloads/Rackspace-RPZ-Case-Study.pdf

https://kb.isc.org/article/AA-00525/110/%20Building-DNS-Firewalls-with-Response-Policy-Zones-RPZ.html

http://www.securityzones.net/images/downloads/BIND_RPZ_Installation_Guide.pdf

 

How to become an ethical hacker

Ethical hacker

A person who hacks into a computer network in order to test or evaluate its security, rather than with malicious or criminal intent.

So if you want to be an ethical hacker, the truth is there is no easy method to become a skilled hacker. it’s easy to be a script kiddie and load up Armitage or Fast-track and fire every exploit known to man at a target. But what’s the point at firing Linux exploits at a Windows box!.

Essential prerequisite knowledge

If you want to get into the IT  security world as a white hat you must be competent in the following areas:

  • Networking
  • Programming
  • Databases
  • Operating systems (Linux and Windows)

Once you have a fairly good knowledge of the above points then it would a good idea to learn about hacking. So now you have a good understanding of the fundamentals of IT, you can now understand how to break some of the underlying vulnerabilities within computer architecture. The following activities should help you with this:

What areas to concentrate on in order to build a foundation

Networking – Cisco courses seem to be really good. At least undertake all the CCNA courses available.
Programming – Focus on learning C++, Python/Ruby and PHP.
Databases – Play around with MySQL and MSSQL and make your own database to understand how it works.
Operating systems – Most flavors of Linux are the similar to one another, Command on at least one. Additionally it is worth understanding the more obscure areas of Windows such as the registry.

Read books about hacking (Here are some good examples of some)

  • The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws
  • Hacking: The Art of Exploitation, 2nd Edition
  • The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy
  • Metasploit: The Penetration Tester’s Guide
  • CEH Certified Ethical Hacker All-in-One Exam Guide
  • Google Hacking for Penetration Testers

Undertake FREE ethical hacking courses.

These are very good for learning but won’t give you an industry recognised qualification, however they will teach you a lot about different areas of ethical hacking which will help towards recognised qualifications.

You can register for a free Cibrary account to do a free ethical hacking course at the link cybrary.it

Undertake Recognised Online courses

These course are all paid for, however they are industry recognized and will help you find a job in the IT security sector.

  • CEH
  • OSCP
  • CISSP

Communicate and follow other fellow IT security enthusiasts

  • Facebook (https://www.facebook.com/pages/Hacking-News-Tutorials/252350961471136 )
  • Google+
  • Twitter

Self learn by watching online tutorials

  • www.securitytube.net
  • www.youtube.com

Download practice environments to practice and hone newly learned skills.

  • DVWA (Dam Vulnerable Web Application)
  • Metasploitable2
  • Samurai WTF

 

Ref: Latest Hacking News

Best Open Source Firewall To Protect Your Network

Linux is quite possibly the only open-source project that has managed to change the world at a very large scale. It is on your phones as Android, it is on the millions of servers that run the internet itself and also it is even on your home router.

Hence a source used by millions can be attacked by anyone in anyways and take our network. So below is the top 5 of the best Linux firewalls available that can protect your network no matter what comes your way.

1) Iptables – Open Source Firewall

Most Linux distros comes pre-installed with Iptables, and while it is not the most feature-rich firewall out there but it is a secure one.

The interface for Iptables is non-existent, as it is a command line utility. It is not the easiest thing to use as you need to learn commands to configure it. However, you can find various GUI solutions that work with iptables to make using it easier which includes Ubuntu’s “Uncomplicated Firewall”.

Basically it analyses the packets and checks if they match any rules. If it doesn’t find any, it simply follows the default behavior. However if you want something simple that you can configure and then forget about, Iptables will be the best choice.

 

2) Monowall – Open Source Firewall

Monowall is optimized and designed to run on the lowest of computer specifications (all it needs is 16 MB of storage). You have to pay a price for this performance, though it doesn’t come with a lot of features either.

Monowall also provides QoS routing by default, which allows you to shape all of the traffic going through it. This allows you to prioritize certain connections over others and not only have a secure firewall, but also a fast one.

Active development of Monowall has been discontinued as of February 2015, but it is still available for download.

3) pfSense – Open Source Firewall

pfSense is based on Monowall, basically the developers took the open source Monowall project and built on top of it. Unlike Monowall, pfSense is still in active development as well.

pfSense has everything Monowall does, and also some more. Things like hardware failover, multi-WAN and other advanced features make pfSense extremely useful for network administrators who demand from their firewall.

It is quite possibly the most feature-rich firewall out there, but that also makes it complicated to use. While the interface tries its best to make it easier to understand (it does have a learning curve).

4) Zentyal Server – Open Source Firewall

Zentyal is not a firewall specifically and it it was initially designed as an email server, but ended up doing more than just that. Zentyal can be used as a full-fledged business server, which means it also packs an extremely versatile firewall of its own.

Zentyal is based on Ubuntu Server LTS, so you are essentially installing an OS when you install Zentyal. This also means you can practically do everything you could on Ubuntu. Zentyal can essentially be a full-fledged server with everything you need to run.

If you can handle the overwhelming number of options and possibilities Zentyal provides you with, and need something that can do much more than a simple firewall. Zentyal also packs a DNS server, a DHCP server, an e-mail server, a domain controller and much more.

5) ClearOS – Open Source Firewall

ClearOS is built on top of CentOS, and much like Zentyal it can also serve as much more than a firewall. What makes ClearOS special is its interface, it is clear a lot of attention has been paid to make it as simple as possible. However its simplicity does not mean it lacks complexity.

For novice users ClearOS can be very simple to set up. For advanced users ClearOS can provide any feature they could ask for. Everything is simple with ClearOS even the installation.

Ref: Latest Hacking News

Top Information Security Certifications

Top Information Security Certifications To Enhance Your Career

While not having an Information security certification doesn’t disqualify you from getting a job offer or promotion, but prospective employers looking for industry-leading credentials look at it as one measure of qualifications and commitment to quality. As the market for information security talent heats up and the skills shortage continues, infosec experts who have the right combination of credentials and experience are in remarkably high demand.

“A certification today is like a college degree,” says Grady Summers, America’s leader for information security program management services at Ernst & Young. “You may not hire a candidate just because they have one, but it is something that you come to expect in this field.”

“There is no replacement for real-world experience,” Summers says. “However, certifications are important and have become defacto minimum criteria when screening resumes.”

Here is a list of top information security certifications, which are based on review of job boards and interviews with IT security recruiters and employers:

Certified Ethical Hacker (CEH)

Certified Ethical Hacker (CEH) is gaining popularity as organizations concentrate on securing their IT infrastructure and networks from internal and external attacks. Some employers aggressively look to hire candidates with CEH validation for hands-on security operations and intelligence activities.

CEH is a comprehensive Ethical Hacking and Information Systems Security Auditing program offered by EC-Council, suitable for candidates who want to acquaint themselves with the latest security threats, advanced attack vectors, and practical real time demonstrations of the latest hacking techniques, tools, tricks, methodologies, and security measures.

The goal of the CEH is to certify security practitioners in the methodology of ethical hacking. This vendor-neutral certification covers the standards and language involved in exploiting system vulnerabilities, weaknesses and countermeasures. Basically, CEH shows candidates how the attacks are committed. It also makes efforts to define the legal role of ethical hacking in enterprise organizations.

Global Information Assurance Certification (GIAC)

Global Information Assurance Certification (GIAC) is the leading provider and developer of Cyber Security Certifications, globally recognized by government, military and industry leaders. As a result, its demand is rising in specific disciplines such as security operations, digital forensics, incident handling, intrusion detection, and application software security.

This certification is designed for candidates who want to demonstrate skills in IT systems roles with respect to security tasks. Ideal candidates for this certification possess an understanding of information security beyond simple terminology and concepts.

“GIAC’s focus on open source tools and its aggressive in-depth training is very useful,” says Daryl Pfeil, CEO of Digital Forensics Solutions, a computer security and digital forensics firm. She finds GIAC certified candidates highly skilled and talented to handle the dynamic demands of the real-world job environment.

Similarly, employers and recruiters are gradually finding the GIAC credential as a requirement for hands-on technical positions.

Certified Information Security Manager (CISM)

Certified Information Security Manager (CISM) is significantly in demand as the profession concentrates on the business side of security. Offered by Information Systems Audit and Control Association (ISACA), CISM addresses the connection between business needs and IT security by concentrating on security organizational issues and risk management.

This certification is for candidates who have an inclination towards organizational security and want to demonstrate the ability to create a relationship between an information security program and broader business goals and objectives. Basically, CISM is perfect for IT security professionals looking to grow and build their career into mid-level and senior management positions. This certification ensures knowledge of information security, as well as development and management of an information security program.

Certified Information Systems Security Professional (CISSP)

Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by the International Information System Security Certification Consortium, also known as (ISC)², the not-for-profit consortium that offers IT security certifications and training.

CISSP is viewed as the baseline standard for information security professions in government and industry. Companies have started to require CISSP certification for their technical, mid-management and senior management IT security positions. This certification is designed for candidates who are interested in the field of information security. The ideal candidates are those who are information assurance professionals and know how to define the design, information system architecture, management and control that can guarantee the security of business environments.

The CISSP is widely popular within the IT security community, as it provides the basis of security knowledge. “We feel safe hiring candidates carrying this validation,” says Ellis Belvins, division director at Robert Half International, a professional staffing consultancy. The certification validates the security professionals’ high proficiency, principles and methodologies, commitment and deeper understanding of security concepts.

Vendor Certifications

The increasing need for hands-on network engineers, along with social computing and web technology, has pushed network security even further. Vendor certifications including Microsoft’s Certified Systems Engineer (MCSE) with focus on security, Cisco’s Certified Network Associate Certification (CCNA), and Check Point’s Certified Security Expert (CCSE) top the list as organizations within government, banking and healthcare that look to fill open positions including system administrators, network and architects.

“We look for completion of these certificates in potential network security candidates,” Summers says, “as having those on their resume says a lot about someone’s depth of knowledge.”

Ref: Techworm

Top Websites To Learn Ethical Hacking – 2016

Everybody wants to learn hacking in today’s age. However, this is not an easy task until you have basic knowledge about computers and network security. For beginners to know, there are two types of Hacking Ethical (White Hat) and Unethical (Black Hat). Unethical hacking is considered illegal while ethical hacking may be regarded as legal.

We provide you with a list of websites that offers you white hat content. However, it is important to note that as a beginner to not perform any hacking & cracking tactics that breach any cyber law.

Hackaday

Hackaday is one of the top ranked sites that provide hacking news and all kinds of tutorials for hacking and networks. It also publishes several latest articles each day with detailed description about hardware and software hacks so that beginners and hackers are aware about it. Hackaday also has a YouTube channel where it posts projects and how-to videos. It provides users mixed content like hardware hacking, signals, computer networks and etc. This site is helpful not only for hackers but also for people who are in the field of Digital Forensics and Security Research.

Evilzone Forum

This hacking forum allows you see the discussion on hacking and cracking. However, you need to be a member on this site to check out queries and answers regarding ethical hacking. All you need to do is register to get your ID to get an answer for your queries there. The solution to your queries will be answered by professional hackers. The Remember not to ask simple hacking tricks, the community people here are very serious.

HackThisSite

HackThisSite.org, commonly referred to as HTS, is an online hacking and security website that gives you hacking news as well as hacking tutorials. It aims to provide users with a way to learn and practice basic and advanced “hacking” skills through a series of challenges, in a safe and legal environment.

Break The Security

The motive of the site is explained in its name. Break The Security provides all kind of hacking stuff such as hacking news, hacking attacks and hacking tutorials. It also has different kind of useful courses that can make you a certified hacker. This site is very helpful if you are looking to choose the security and field of hacking and cracking.

EC-Council – CEH Ethical Hacking Course

The International Council of Electronic Commerce Consultants (EC-Council) is a member-supported professional organization. The EC-Council is known primarily as a professional certification body. Its best-known certification is the Certified Ethical Hacker. CEH, which stands for Comprehensive Ethical Hacker provides complete ethical hacking and network security training courses to learn white hat hacking. You just have to select the hacking course package and join to get trained to become a professional ethical hacker. This site helps you to get all kinds of courses that make you a certified ethical hacker.

Hack In The Box

This is a popular website that provides security news and activities from the hacker underground. You can get huge hacking articles about Microsoft, Apple, Linux, Programming and much more. This site also has a forum community that allows users to discuss hacking tips.

SecTools

As the name suggests, SecTools means security tools. This site is devoted to provide significant tricks regarding network security that you could learn to fight against the network security threats. It also offers security tools with detailed description about it.

 

Ref: Techworm