CHFI All The Way! My Cyber Security Journey’s Milestone.

 

It has been a lot of fact, learning and fun filled weeks that I’ve been trying to get a handle on the art of cyber forensics. And like the idiom goes – All is well that ends well. I’ve been able to achieve a milestone to my learning and jousting with computer/network forensics by attaining my Computer Hacking Forensic investigator or CHFI. After CEH this is my second ECC certification (after almost 4 years since I achieved CEH)

So, why forensics or digital/cyber investigation related study and certification? I decided to change gears the forensics way because, it’s one of the least understood and discussed about cyber security stream. Any certification or on the job experience would not normally involve doing forensics or understanding and deploying your inner Sherlock Holmes. This side of cyber security is often unseen, unheard and blindsided in wake of daily operations and business as usual. And that’s what caught my attention – the things which allure the most however, are not very well understood or discussed amongst security professionals.

It’s been a lot of learning and head scratching (well sometimes almost banging my head in the wall over some rather intricate topics), playing around with some tools (like EnCase, Mobiledit) and most importantly understanding how the end-to-end cyber forensics process pans out. I learned a lot and came to know things above and beyond the nature of job that a security professional such as myself may be usually engaged with.

As usual, I’ll share my experience with this certification and my journey to achieve the same. I hope that my experiences are useful and that you can achieve this certification.

 

The exam itself – This exam has been there since last 7+ years and has evolved a lot from its predecessors. I took the v8.0 as I have been preparing for a while for it although, v9.0 is very muc available since last year. CHFI is a pretty draining exam in that it addresses many areas of cyber forensics from – PC forensics to Mobile forensics to application forensics and finally network forensics. It covers all basics and covers the know how required from a forensics to investigation to conclusion. Which is great as this is something not taught in security 101. What we traditionally learn and practice is network, application and information security; not their underbellies in terms of conducting a forensic investigation, tracing the evidence(s) back to the perpetrator and going through chain of evidence/custody. And this goes on and on; you’ll have to use your imagination to guess where. A lot of uncommon topics are more than enough to throw off and it’s not unusual to be lost in the depths of legal obligations or standards and even the way an envidence must be handled from discovery to its presentation to convict the cyber criminals. See the topics covered and other requirements here – https://www.eccouncil.org/programs/computer-hacking-forensic-investigator-chfi/
The insights to the exam – The exam is a killer in that it is a 180 degree twist and covers subjects much apart from what we as security professionals are used to do vs. what this certification demands. This is certainly for the folks who have been in the ICT industry for a while and have a good grasp of security – both from network and information security backdrop. The exam is 4 hours long (not that you have to sit for all 4 hours unless it takes that much time to answer all questions) and consists of 150 questions – multiple choice (single and multiple options) as well as true and false type. This is a closed book and proctored certification exam. Now, it is important to note that this exam is only delivered online via https://eccexam.com and you get an online proctor from http://go.proctoru.com. Oh yes, before I forget to mention – you need to undergo an eligibility and verification process (and pay a fee for this and other ECC certifications) with EC-Council. You have to go through an application where they verfiy your security experience and only upon successful application you can you sit for the exam. A minimum of 2 years of security experience is required. I was exempted from the eligibility process and application as I already have CEH and more than 10 years of security experience.

My experience during the exam – The questions were very varied and not so much so expected. Saw a lot about basics being tested such as HDD geometry and OSI stack pertinent to forensics and traffic analysis. As expected, there were questions on PC, mobile and network forensics and best practices to lead an investigation. I did enjoy the time during the test and instead of being stressed I maintained my clam to ensure that I don’t get fatigued (both click wise and mental) as well as to ensure that the right choice was indeed the right choice; the first time. 4 hours is more than enough from a time perspective and it takes grits to hold up the security persona during the exam coming from a non-forensic background.

I marked quite a few questions on my way to completion of first pass, as I wold call it. Managed to complete the firt pass in about 2 hours. I completed the second pass in another 15 min or so looking over the marked questions. The worst thing would have been to second guess myself and hence, I changed just a couple of answers where it made absolute and concrete sense. And then submitted for grading. I passed with 93% (70% is the minimal score to pass). And that calls for a happier weekend knowing that I would have achieved another milestone in my quest for knowledge!

The preparation – For the prep I used a number of resources:

1. CHFI official slides. These are very helpful and that’s where most of my preparation would come from
2. CHFI all-in-one guide. This was also helpful specially with exam practice questions
3. I read through a few other forensics books and articles. To name a few – Computer Forensics a Pocket Guide, Computer Forensics for Dummies, Computer Incident Response, Digital Forensics for Network, Internet, and Cloud Computing, and so on. I skimmed the content where I knew it and read where I knew I had holes from an information and understanding of subject point of view
4. Practiced a few more questions from Skillset.com

Summarizing – This is hands down one of the most alluring and comprehensive certification pertinent to computer and network forensics. Security practitioners and professionals who intend to further their understanding on this subject matter (which is quite interesting and uncommon) should go for it. For me, it was the journey that was more rewarding than the certification.

 

 

IoT Hack = Security Lapse. And its just the beginning

Dallas, Texas – On Apr 8 2017, around 11:42 PM for no apparent reason, 156 tornado sirens went off (all together) and woke up what can be best described as – scared and baffled residents. When the sirens repeated in 90-second cycles, the locals thought they were being (or about to be) bombed.

Dallas Mayor – Mike Rawlings posted an update for citizens on his Facebook page (https://www.facebook.com/MayorMikeRawlings/posts/1030736253694199) where he described the incident as the hack i.e. an attack on emergency notification system. He also wrote, “This is yet another serious example of the need for us to upgrade and better safeguard our city’s technology infrastructure.”

The news was posted on many major news channels and websites – including CNN http://edition.cnn.com/2017/04/08/us/dallas-alarm-hack/

The most comprehensive coverage is fro Washingtonpost.com https://www.washingtonpost.com/news/the-intersect/wp/2017/04/09/someone-hacked-every-tornado-siren-in-dallas-it-was-loud/?utm_term=.0b1ec2649790

Now, while news channels/websites and reporters talk about the situation and have provided updates on how the issue was handled and finally resolved – lets consider some facts and try to derive some inference from the incident from cyber security perspective.

First – it is more than assured that this was an intentional hack and not a ‘mistake’ by someone in the emergency service grid. Hence, this infers that; the security controls deployed were either not enough or not tested properly during the planning and deployment cycles. At first there were speculations of the system not being controlled at all by a back-end software however, that was ruled out and this proves the point enough – integrating security (controls) in every system (offline or online) from planning, deployment and testing point of view should be an absolute zero tolerance exercise.

Second, the hacker(s) were motivated and determined to make it happen – at the most awkward hour. This hacker or hacking group made it look easy enough without leaving much of an evidence that the trail could be picked up and the perpetrator of the cyber crime is apprehended.

Third, connected systems expose the attack surface – and yes while this is a known fact, who would imagine that an emergency system grid could be hacked? That too – whole of it!! It is supposed to be a closed and monitored system – isn’t it? This brings us to the discussion where we can either discuss about standards not being in place from IoT / grid computing security point of view or we can simply say – it is about time someone did something about cyber security pertinent to public and government deployment. While this was clearly an issue with implementation of security for the sensors; this could go well beyond just the alarms as more often than not, one emergency system is connected to another e.g. 911 has taps into fire, police etc.

Last but nevertheless most importantly – while security analysts analyze and wonder how this could have been pulled off, for the people who experienced this ‘it was very real and scary’. This serves well to remind us all that how helpless we feel when technology is abused.

Note: The intent of this article was not to give the information that is widely available in terms of this incident however, to further deep dive and see the causalities of ill-fated security systems/controls. And, to extrapolate the kind of damage that can be done at large – anywhere in the world by that someone nasty – who knows how to get pass the security  (if at all there was some). 

 

Good Friday Just Became Better – With My CCSK Certification!

Holy Moly – The sweet taste of achieving the much coveted certification in the wake of furthering my Cyber Security journey. Aced the certification with a strong 90%. I’m now Certified Cloud Security Knowledge (CCSK) certified. My Good Friday just became a whole lot better!!!

 

It’s been sometime that I’ve been dragging my feet and finally decided to write the CCSK certification. Been busy with authoring and mentoring (cannot really complain as it’s my passion) hence, the delay. Like they say – better late than never!!

In the following sections I’ve shared my experiences, my preparation, the insights and details to the certification exam. Hope these get you to your own CCSK summit.
The exam itself – This exam has been there for sometime now and I took the v3.0 (v2.1 is alo available but hey, latest is greatest right!). CCSK is a pretty comprehensive exam. It covers all basis (and more) from cyber security / security from a Cloud Service Provider (CSP) and a Cloud Consumer perspective, and then some. It also addresses domains which are usually blind spotted for example – cloud risk management, vendor management, supply chain management and such.

The insights to the exam – The exam can be daunting if you have little to no security experience and specially – if you come in with minimal (all encompassing security) virtualization, security controls, risk management, physical security and traditional DC experience. The exam consists of 60 questions – multiple choice and true and false type, to be completed in 90 min. It is an open book, take anywhere exam however, that doesn’t demean its importance at all, in fact – it take a lot of time to understand the subjects and topics and then be prepared for the exam itself. It’s the journey in this matter that’s much more valuable than the result itself.

My experience during the exam – I completed the first pass in about 30-35 min (of the allocated 90 min) and marked all questions for second pass (Yes, you can mark questions for review and come back to them). Finally submitted the questions for grading by 45-50 min mark and passed with 90% (80% is the minimal score to pass) and that calls for a jolly moment!

The preparation – For the prep I used the two documents (both available here https://ccsk.cloudsecurityalliance.org/index.html) i.e.

1. Cloud Security Guidance https://cloudsecurityalliance.org/research/security-guidance/
2. ENISA Cloud Risk Assessment Report: http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment/at_download/fullReport

These two documents cover all basis in terms of questions. Just a thorough read and you should be fine.  One of my dear and old time friend (who happens to be a security geek as well) Sumanta Bhattacharya helped me by brainstorming on the topics and coming out with logical and conclusive derivations.

Summarizing – This is a certification that’s a must to do for security practitioners and professionals who intend to or currently engage with cloud. An excellent certification that pushes a person beyond their scope of thinking in context of Cloud and so much more.

 

 

Cyber Ops – Up Up and Away!!!

I’ll be spending a good amount of time doing something that I’m passionate about and which I think brings me the satisfaction of knowing that it will be a career catalyst for many professionals (especially security professionals).

To be precise, I’ll be spending most of my time from late Mar till May writing on Cyber Security. Now, it matters how this time I spend and the material I author helps the larger community gain from it – and that’s been my motto since I stepped up as an author and an evangelist.

Demystifying: I’ll be authoring Cisco’s latest Cyber Security / Cyber Ops on two fronts – writing the practice tests / question banks (to go with the premium content):

• Cyber Ops – SecFnd
• Cyber Ops – SecOps

I’ll be writing practice question banks which will help the CCNA Cyber Ops aspirants to attain these world-class cyber security certifications. These practice tests will be available as part of the premium package with the following books written by Omar Santos and Joseph Muniz.

CCNA SECFND: http://www.ciscopress.com/store/ccna-cyber-ops-secfnd-210-250-official-cert-guide-premium-9780134609010

CCNA SECOPS: http://www.ciscopress.com/store/ccna-cyber-ops-secops-210-255-official-cert-guide-premium-9780134609027

I have to admit that Cisco has come a long way and now with these certifications, the gaps from InfoSec and CyberSec would be more than addressed. These certifications are bench-marking in terms that they will help bridge the gap between the old and new security paradigms – network and cyber.

All in all – I’m enjoying my time writing these questions and hope that they will help the aspirants succeed in their attempts to grab these two really cool certifications.

Happy learning and reading!