A few key principles to secure your AWS environment

A lot of companies are migrating their workflows to the cloud services like AWS, Azure or GCP. Although cloud environments add a lot of value and could be great for both operation and security, but not having the right controls in place could be risky. 

We have seen lost of data breaches as a result of bad configuration on AWS. When using AWS environment, there are a lot of considerations to keep in mind depending on the use cases, but there are a few fundamental controls that are needed to ensure basic security levels are applied. Just following these principles and guidelines will reduce the risks associated with AWS environments substantially.

1- Account-level Access Controls: Ensure you provide least privilege access to those who need to access AWS accounts.

2- Resource-level Access Controls: Ensure you have proper IAM policies to restrict access to and from resources to what is needed only. For example, if you are setting up a S3 storage to be used with an EC2 host, the policy should limit accessing S3 storage from anything but that EC2 host.

3- Default encryption: Encrypt everything where possible. All resources like S3, EBS, RDS, etc. must be encrypted. Also use encrypted services and integrations, e.g. https, ssh, etc.

4- Utilize security groups and access lists to minimize accessing to the resources to what is needed only.

5- Increase monitoring controls via logs, and AWS security services like Guardduty and Inspector.

6- Don't forget about standard security controls like malware protection, WAF, vulnerability management, etc.

Analyse Vigenère Cipher cryptosystem by using figures and mathematical formula, example

Vigenère Cipher


Below we explain Vigenère Cipher which is a Symmetric cryptosystem. We have a table including 26 characters of alphabet each associated with a number from 0 to 25.

Message (Plain-Text) we are trying to encrypt is: “Network Security”
Encryption Key that we will use for this is: “ITC”
First, we find the Numbers for the key work on the table”
ITC = 8, 19, 2

Now we need to repeat the keyword to be the same size as message text. Once that’s done, next step is to shift each character to the right based on associated key number. For example, if the character is “N”, and associated Key character is “I”, then we shift “N” on the above table, 8 cells to the right and that makes it “V”.
Note: If we reach end of the table, we go back and start from the left side.

We will do this for all message text characters in the below table:

So, as it can be seen on the above table, the output Cipher-Text would be: “VXVDGTS KGKMTQLA”

ESA: What Is It and How Does it Work?

Enterprise security architecture (ESA) is the methodology and process used to develop a risk-driven security framework and business controls. The focus of an enterprise architect should be to align information security controls and processes with business strategy, goals and objectives.


Normally, developing an effective ESA is achieved following these steps:


• Defining the business’s goals and objectives

• Understanding business risk and threats

• Understanding compliance, regulation and legal requirements

• Identifying the appropriate framework and architecture vision

• Identifying the appropriate security controls (gap analysis)

• Managing and implementing the security controls

• Monitoring and evaluating the security controls

• Assessing and identifying gaps before repeating the cycle


The previously mentioned steps are considered a part of ESA life cycle management. It is important to note that ESA is not a one-off task but a continuous process.





Guidance on How to Choose Architecture Framework and Controls

Consider the following steps when selecting a framework:
Pick a framework that is relevant to your business and applicable regulations (e.g., US National Institute of Standards and Technology [NIST] Cybersecurity Framework, International Organization for Standardization [ISO]/International Electrotechnical Commission [IEC], COBIT).
Customize the controls to fit your business’s purpose and align them with goals and objectives. Make sure all business risk and threats are managed with appropriate controls. Tune and finalize the framework and document the requirements


Guidance on Business Risk Identification

Business risk identification is a fundamental part of setting up an architecture. One way to identify business risk is to look at current threats to your business goals and objectives.


However, I suggest you start your business risk identification with business attribute profiling. Business attribute profiling is a useful concept introduced by the SABSA framework and can be used to identify business risk.


To begin your business attribute profiling, you need to identify all attributes that are important to your business. For example, you may find that industry regulation compliance, assured customer privacy and assured customer satisfaction are important. Once you have established the important attributes for your business, you can find the risk associated with each corresponding attribute.


Guidance on Gap Analysis

Gap analysis needs to be performed to identify the requirements to progress the current architecture to the desired architecture. Normally, maturity models, like the Capability Maturity Model Integration (CMMI), can be used to identify the current level of maturity for each control and their respective required level of maturity. After this is established, a relevant migration plan can be created and implemented.


Read Rassoul Ghaznavi Zadeh’s recent Journal article:“Enterprise Security Architecture—A Top-Down Approach,” ISACA Journal, volume 4, 2017.

SABSA (Enterprise Security Architecture) Design and Operation diagrams

Here are the mind maps which might help you memorize and remember SABSA details:

SABSA Design

SABSA Operation

Wannacry ransomware, a good reason to say no to backdoor requests from government

Today's widespread ransomware attack, using NSA tools, shows the criticality and importance of Cyber security.

It is probably a good time to talk about government requests for having backdoor on personal devices, mobile devices or others. Although, I do believe society and public security is important and governments should do their best to investigate things like breaches, terrorist attacks and so on, but what would happen if a backdoor used by government leaked and attackers gained access to it!??

What happens if NSA and FBI have a large list of backdoors and their network gets compromised! What a dark world it could be!

We, all cybersecurity professionals, are responsible to think ethically, and to the best of our ability, and in benefit of people. Is this better to investigate one terrorist attack, or it is better to leave opportunity for hundreds by having backdoors??

Kerberos ticketing example in real life

Kerberos authentication works based on the concepts of ticket creation and use those tickets for identification and getting access. Windows domains and Active Directory are the good examples of using Kerberos and how authentication and access works within windows domain environment.

Before we start giving a real life example we need to define some terms which will help understanding the main 3 steps of Kerberos authentication:

KDC: Kerberos Domain Controller – Responsible for Key distribution

TGT: Ticket-Granting Ticket – An authentication ticket created by KDC

TGS: Ticket-Granting Service – Creating Service-Ticket to access the required sources/servers



Now a real-life scenario:

Imagine you buy a couple of racks in a data center and need to access them on daily bases. The data center has a head office with multiple data center locations, and you have a rack in each location. Data centers are shared facility with lots of other customers and secured with gates, prevention and monitoring controls. Here are the steps:

1- You need to identify yourself to the head office (KDC) with providing proof of identity including, government identification with picture as well as your sales and contract documents with the data center

2- Head office will create an identification card for you with an expiry date, which has an encrypted chip which can only be read by themselves. (TGT)

3- You will send a request to access the racks and locations that you need. They check and make sure you are allowed and add additional access requirement data to your encrypted chip on your card. (TGS)

4- You will then go to the data center locations and use your card to enter and access your racks.

5- Your identification card chip is read by the data center (They can decrypt the data as they have the password and encryption keys), and once realize the access is allowed by head office, they let you in.

6- You can now access your own racks and resources within any of those data center locations.


7- Once you reach the expiry date on the ID issues by head office, you have to start the whole process from step 1 again to get a new card or extend the ID.

How Crunch – Password file maker works

Reference: Kali Linux - Hacking Tools Introduction









Crunch is a wordlist generator where you can specify a standard character set or a character set you specify.

Crunch can generate all possible combinations and permutations.

With specifying the minimum and maximum length of characters, and the characters themselves,

Crunch will create a comprehensive list of words that can be used for password cracker programs.

Below shows how crunch command is used:

rassoul @kali:~# crunch

Usage: crunch <min> <max> [options]


Below example, will create a password list with words between 2 to 3 character using one of “01234567890abcdef#!” characters. And the result will be saved into a file called password.txt.

rassoul @kali:~# crunch 2 3 0123456789abcdef#! -o password.txt


Below shows part of the created file above as a result of using crunch command:

rassoul@kali:~$cat password.txt

00
01
02
03
….
01#
01!
020
021
….
!!f
!!#
!!!