IT Managed Services Provider Resource Recommendation Update on May 14, 2021

Knowledge of terms to know

What is Password Sniffer?

A password sniffer is a software application that scans and records passwords that are used or broadcasted on a computer or network interface. It listens to all incoming and outgoing network traffic and records any instance of a data packet that contains a password.

A password sniffer installs on a host machine and scans all incoming and outgoing network traffic. A password sniffer may be applied to most network protocols, including HTTP, Internet Message Access Protocol (IMAP), file transfer protocol (FTP), POP3, Telnet (TN) and related protocols that carry passwords in some format. In addition, a password sniffer that is installed on a gateway or proxy server can listen and retrieve all passwords that flow within a network.

A password sniffer is primarily used as a network security tool for storing and restoring passwords. However, hackers and crackers use such utilities to sniff out passwords for illegal and malicious purposes.

What is CISO (chief information security officer)?

The CISO (chief information security officer) is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threats. The CISO may also work alongside the chief information officer to procure cybersecurity products and services and to manage disaster recovery and business continuity plans.

The chief information security officer may also be referred to as the chief security architect, the security manager, the corporate security officer or the information security manager, depending on the company’s structure and existing titles. While the CISO is also responsible for the overall corporate security of the company, which includes its employees and facilities, he or she may simply be called the chief security officer (CSO).

Instead of waiting for a data breach or security incident, the CISO is tasked with anticipating new threats and actively working to prevent them from occurring. The CISO must work with other executives across different departments to ensure that security systems are working smoothly to reduce the organization’s operational risks in the face of a security attack.

The chief information security officer’s duties may include conducting employee security awareness training, developing secure business and communication practices, identifying security objectives and metrics, choosing and purchasing security products from vendors, ensuring that the company is in regulatory compliance with the rules for relevant bodies, and enforcing adherence to security practices.

Other duties and responsibilities CISOs perform include ensuring the company’s data privacy is secure, managing the Computer Security Incident Response Team and conducting electronic discovery and digital forensic investigations.

“CISOs are not the same from company to company and industry to industry. We’re still in the infancy of what this role really is and how it fits into the strategic focus of a business.” – Steve Tcherchian

Related Terms: business continuity action plan, data breach, security awareness training, risk management, security audit

What is Multi-Factor Authentication (MFA)?

Multi-factor authentication (MFA) is a security mechanism in which individuals are authenticated through more than one required security and validation procedure. MFA is built from a combination of physical, logical and biometric validation techniques used to secure a facility, product or service.

MFA is implemented in an environment where an individual’s authentication and validation is the highest priority. Examples include a nuclear power plant or a bank’s data warehouse.

To gain access to a secured location or system, MFA typically requires three different security mechanism layers and formats, as follows:

  • Physical security: Validates and authenticates a user based on an employee card or other type of physical token
  • Logical/knowledge base security: Validates and authenticates a user based on a required password or personal identification number (PIN), which is memorized by the user
  • Biometric security: Validates and authenticates based on a user’s fingerprints, retinal scan and/or voice

What is Computer Forensics (Cyber Forensics)?

Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. The goal of computer forensics is to perform a structured investigation and maintain a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it.

Computer forensics — which is sometimes referred to as computer forensic science — essentially is data recovery with legal compliance guidelines to make the information admissible in legal proceedings. The terms digital forensics and cyber forensics are often used as synonyms for computer forensics.

Digital forensics starts with the collection of information in a way that maintains its integrity. Investigators then analyze the data or system to determine if it was changed, how it was changed and who made the changes. The use of computer forensics isn’t always tied to a crime. The forensic process is also used as part of data recovery processes to gather data from a crashed server, failed drive, reformatted operating system (OS) or other situation where a system has unexpectedly stopped working.

“While the work of all information security professionals is important, those working in the field of cybersecurity forensics play an especially pivotal role in the attribution of cyberattacks and the apprehension of perpetrators.” – Ed Tittel

Related Terms: Trojan horse, intrusion detection system, steganography, forensic image, cybercrime

What is Multifactor authentication (MFA)?

Multifactor authentication (MFA) is a security technology that requires multiple methods of authentication from independent categories of credentials to verify a user’s identity for a login or other transaction. Multifactor authentication combines two or more independent credentials: what the user knows, such as a password; what the user has, such as a security token; and what the user is, by using biometric verification methods.

The goal of MFA is to create a layered defense that makes it more difficult for an unauthorized person to access a target, such as a physical location, computing device, network or database. If one factor is compromised or broken, the attacker still has at least one or more barriers to breach before successfully breaking into the target.

In the past, MFA systems typically relied on two-factor authentication (2FA). Increasingly, vendors are using the label multifactor to describe any authentication scheme that requires two or more identity credentials to decrease the possibility of a cyber attack. Multifactor authentication is a core component of an identity and access management framework.

“In a world where credential harvesting attacks are on the rise, better authentication has moved from a nice-to-have to an absolutely essential technology.” – David Strom

Related Terms: two-factor authentication, identity access management, authentication factor, knowledge-based authentication, biometric verification

What is Secure File Transfer Protocol (SFTP)?

Secure File Transfer Protocol (SFTP) is a file protocol for transferring large files over the web. It builds on the File Transfer Protocol (FTP) and includes Secure Shell (SSH) security components.

Secure Shell is a cryptographic component of internet security. SSH and SFTP were designed by the Internet Engineering Task Force (IETF) for greater web security. SFTP transfers files security using SSH and encrypted FTP commands to avoid password sniffing and exposing sensitive information in plain text. Since the client needs to be authenticated by the server, SFTP also protects against man-in-the-middle attacks.

SFTP can be handy in all situations where sensitive data needs to be protected. For example, trade secrets may not be covered by any particular data privacy rule, but it can be devastating for them to fall into the wrong hands. So a business user might use SFTP to transmit files containing trade secrets or other similar information. A private user may want to encrypt his or her communications as well.

This term is also known as Secure Shell (SSH) File Transfer Protocol.

What is Password Protection?

Password protection is a security process that protects information accessible via computers that needs to be protected from certain users. Password protection allows only those with an authorized password to gain access to certain information.

Passwords are used commonly to gain entry to networks and into various Internet accounts in order to authenticate the user accessing the website.

Password protection policies should be in place at organizations so that personnel know how to create a password, how to store their password and how often to change it.

What is One-Time Password (OTP)?

A one-time password (OTP) is type of password that is valid for only one use.

It is a secure way to provide access to an application or perform a transaction only one time. The password becomes invalid after it has been used and cannot be used again.

A OTP is a security technique that provides protection against various password-based attacks, specifically password sniffing and replay attacks.

It provides more enhanced protection than static passwords, which remain the same for multiple login sessions. OTP works through randomness algorithms that generate a new and random password each time they are used.

The algorithm always uses random characters and symbols to create a password so that a hacker/cracker cannot guess the future password. A OTP uses several techniques to create a password, including:

  • Time-Synchronization: The password is valid for only a short period of time.
  • Mathematical Algorithm: The password is generated using random numbers processed within an algorithm.

What is Hashed Table?

A hashed table or hash table is a special type of internal table used in ABAP programs, where by using the hash functionality, the necessary table record is obtained. Like other types of internal tables, hashed tables are also used to extract data from standard SAP database tables by means of ABAP programs or ABAP objects. However, unlike other types of internal tables like standard or sorted, hash tables cannot be accessed using an index. As with database tables, hashed tables also require a unique key.

The features of a hashed internal table include: To declare an internal table a hashed table, the declaration of the internal table should contain the keywords ‘TYPE HASHED TABLE’. This would make the internal table accessible to the internal HASH algorithm. The unique key must be declared when a HASH table is to be used as it is mandatory in the HASH algorithm. The unique key is defined by the keyword ‘UNIQUE KEY’. A hash table allows the table read to have costs independent of table size. Hashed tables are preferred over other types of internal tables when there are large data sets with lots of reads and a negligible number of writes. Hashed tables are also ideal for processing large amounts of data. Regardless of the number of table entries present, the response time for key access in a hashed table remains constant. Hashed tables work comparatively faster only for full table keys and cannot work for ranges .

What is Rainbow Table Attack?

A rainbow table attack is a type of hacking wherein the perpetrator tries to use a rainbow hash table to crack the passwords stored in a database system. A rainbow table is a hash function used in cryptography for storing important data such as passwords in a database. Sensitive data are hashed twice (or more times) with the same or with different keys in order to avoid rainbow table attacks.

A password database usually generates a key for a rainbow table and encrypts a password before storing it. When a user enters a password for the nth time, the password is again encrypted with the same key string and then matched with the stored value. A rainbow table is a precomputed lookup table used in cryptography for storing password hashes. It is used for recovering a password based on its hash value.

What is DevOps as a Service?

DevOps as a Service is a delivery model for a set of tools that facilitates collaboration between an organization’s software development team and the operations team. In this delivery model, the DevOps as a Service provider provides the disparate tools that cover various aspects of the overall process and connects these tools to work together as one unit. DevOps as a Service is the opposite of an in-house best-of-breed toolchain approach, in which the DevOps team uses a disconnected collection of discrete tools.

The aim of DevOps as a Service is to ensure that every action carried out in the software delivery process can be tracked. The DevOps as a Service system helps to ensure that the organization achieves desired outcomes and successfully follows strategies such as continuous delivery (CD) and continuous integration (CI) to deliver business value. DevOps as a Service also provides feedback to the developer group when a problem is identified in the production environment.

“By integrating chosen elements of DevOps tooling into a single overarching system, DevOps as a Service aims to improve collaboration, monitoring, management and reporting..” – Clive Longbottom

Related Terms: continuous delivery, continuous integration, open API, DevOps certification, configuration management

What is Secure Hash Algorithm (SHA)?

A secure hash algorithm is actually a set of algorithms developed by the National Institutes of Standards and Technology (NIST) and other government and private parties. These secure encryption or “file check” functions have arisen to meet some of the top cybersecurity challenges of the 21st century, as a number of public service groups work with federal government agencies to provide better online security standards for organizations and the public.

Within the family of secure hash algorithms, there are several instances of these tools that were set up to facilitate better digital security. The first one, SHA-0, was developed in 1993. Like its successor, SHA-1, SHA-0 features 16-bit hashing.

The next secure hash algorithm, SHA-2, involves a set of two functions with 256-bit and 512-bit technologies, respectively. There is also a top-level secure hash algorithm known as SHA-3 or “Keccak” that developed from a crowd sourcing contest to see who could design another new algorithm for cybersecurity.

All of these secure hash algorithms are part of new encryption standards to keep sensitive data safe and prevent different types of attacks. Although some of these were developed by agencies like the National Security Agency, and some by independent developers, all of them are related to the general functions of hash encryption that shields data in certain database and network scenarios, helping to evolve cybersecurity in the digital age.

What is Hashing?

Hashing is the process of translating a given key into a code. A hash function is used to substitute the information with a newly generated hash code. More specifically, hashing is the practice of taking a string or input key, a variable created for storing narrative data, and representing it with a hash value, which is typically determined by an algorithm and constitutes a much shorter string than the original.

The hash table will create a list where all value pairs are stored and easily accessed through its index. The result is a technique for accessing key values in a database table in a very efficient manner as well as a method to improve the security of a database through encryption.

Hashing makes use of algorithms that transform blocks of data from a file in a much shorter value or key of a fixed length that represent those strings. The resulting hash value is a sort of concentrated summary of every string within a given file, and should be able to change even when a single byte of data in that file is changed (avalanche effect). This provides massive benefits in hashing in terms of data compression. While hashing is not compression, it can operate very much like file compression in that it takes a larger data set and shrinks it into a more manageable form.

Suppose you had “John’s wallet ID” written 4000 times throughout a database. By taking all of those repetitive strings and hashing them into a shorter string, you’re saving tons of memory space.

What is Machine Learning Engineer (ML engineer)?

A machine learning engineer (ML engineer) is a person in IT who focuses on researching, building and designing self-running artificial intelligence (AI) systems to automate predictive models. Machine learning engineers design and create the AI algorithms capable of learning and making predictions that define machine learning (ML).

An ML engineer typically works as part of a larger data science team and will communicate with data scientists, administrators, data analysts, data engineers and data architects. They may also communicate with people outside of their teams, such as with IT, software development, and sales or web development teams, depending on the organization’s size.

ML engineers act as a bridge between data scientists who focus on statistical and model-building work and the construction of machine learning and AI systems.

The machine learning engineer role needs to assess, analyze and organize large amounts of data, while also executing tests and optimizing machine learning models and algorithms.

“Machine learning engineers need to have a firm grasp on the different tools available for the machine learning model lifecycle and keep up to date with the changes in the AI vendor landscape.” – Kathleen Walch

Related Terms: data engineer, predictive modeling, machine learning algorithm, data scientist, unsupervised learning

What is Greenwashing?

Greenwashing refers to a marketing makeover in which a product is presented as more environment friendly when no substantial effort has been taken to make it so. In a more extreme sense greenwashing may refer to an attempt to make a product that is environmentally damaging appear to be environmentally friendly. Greenwashing plays upon a renewed consumer interest in protecting the environment.

There are two degrees of greenwashing. In the weak form, it merely involves a company claiming credit for existing production methods as if they were influenced by an eco-friendly mandate. For example, a software company may eliminate shrink wrap on packaging to save costs and then spin the move as a green initiative. In the more extreme form, a company will outright lie about the eco-friendliness of a product by using vague phrasing (“best in class ecology”), suggesting packaging (green fields, flowers, etc.), questionable endorsements (“green certified by ecomaniacs”) and so on.

Free Tool

Everything Toolbar is the easy-access interface you’ve been craving for Everything that enables you to quickly search for files, folders and more right from the Windows taskbar.

Samplicator is a simple tool for receiving UDP datagrams on a given port and resending them to a specified set of receivers for occasions when you need to export NetFlow traffic to more than one NetFlow collector. Can also be configured to individually specify a sampling divisor N for each receiver that will only receive one in N of the received packets.

RackTables helps document hardware assets, network addresses, space in racks, network configuration and more for datacenter and server room asset management. Allows you to compile a list of all devices, racks and enclosures; mount the devices into the racks; maintain physical ports of devices and links between them; manage IP addresses, assign them to devices and group into networks; document NAT rules; describe loadbalancing policy and store configuration; attach files to various objects in the system; create users, assign permissions and allow/deny their actions; and label everything and everyone with a flexible tagging system.

Logstash is a server-side data processing pipeline that dynamically ingests data from logs, metrics, web applications, data stores and assorted AWS services, and then transforms and ships it to your favorite “stash” in a continuous, streaming fashion. Regardless of format or complexity—Logstash filters parse each event as data travels from source to store, identify named fields to build a structure, and transform them into a common format to better facilitate analysis.

Alacritty is a modern terminal emulator with both a nice set of defaults and the option for extensive configuration. It integrates with other applications to offer a flexible set of features with high performance. Supports BSD, Linux, macOS and Windows. While currently in beta—i.e., there are still a few missing features and bugs to be fixed—it is appreciated by many for daily use.

Tutorial

20 CIS Controls & Resources offers detailed explanations of key controls you’ll want to address in your security planning.

Red Team Blues: A 10 step security program for Windows Active Directory environments provides a nice set of steps you can take to make it dramatically more difficult for attackers to create an opening that allows them to move inside your Active Directory environment.

Free eBook

Office 365/Microsoft 365 – The Essential Companion Guide covers everything from basic descriptions to installation, migration, use-cases and best practices for all features within the Office/Microsoft 365 suite. This 100+ page second-edition eBook, written for Altaro by Microsoft Certified Trainer Paul Schnackenburg, is the perfect desktop reference guide for current and aspiring Office/Microsoft 365 admins.

Website

MITRE ATT&CK Navigator is a simple, open-source web app that provides basic navigation and annotation of the ATT&CK for Enterprise, ATT&CK for Mobile and PRE-ATT&CK matrices. It allows you to manipulate the cells in the matrix by color coding, adding a comment, assigning a numerical value and more.

Training Resource

Vscode Vim Academy is a game to help you learn and practice vim and vscode keys in an enjoyable way. Covers 2-5 vim keys per level, with level text and keys randomly generated per level. You race to complete 10 sets of tasks with as few keystrokes as possible.

Tips

We all hate accidentally sending unfinished emails, especially on sensitive topics, but it happens nonetheless. To eradicate the risk from your life, hasthisusernamegone suggests, “[D]on’t compose it in your email client at all. All my ‘this is official, don’t get this wrong’ emails are composed in a basic text editor (often Notepad), then copied and pasted over to Outlook when I’m happy with them. Then it gets another proof-read and a chance for the spell-check to do it’s thing and only then does it get sent. That way I can’t accidentally send a half-finished email to the board or whoever.”

Published by Emma Watson

, an Information Technology Engineer By qualification who loves to write about Windows, macOS and technical solutions for various error and problems. Coming from a solid background in PC building and software development, with complete expertise in touch-based devices, I am constantly keeping an eye out for the latest and greatest!