Information Gathering
According to the saying, "Information is power." There's no doubt that critical information can be a great source of power in most situations when it's at the right time, and when you know how to use it. As with any target (person, domain name, or service), cybersecurity teams on both sides value and look for security data. A cybersecurity researcher's ultimate goal should be to master the process of obtaining information.Informing oneself about something of interest to oneself is known as gathering information. As an example, the process of visual perception involves attempting to collect information with your eyes. Information may also be collected via a variety of techniques, tools, and methods in the digital world. A black-hat or white-hat hacker needs to make this the first step during the earliest stages of hacking (both the hacking and ethical hacking activities); they should learn as much as possible about their target. Researchers often struggle to manage their time when it comes to gathering intelligence during the recon process.
Why is information collected in cybersecurity?
Any basic cybersecurity information collection process will have two types of goals:- Collecting data network - Domain names, private and public IP addresses, routing tables, running TCP and UDP services, SSL certificates and open ports are some examples.
- Collecting system related information - Users, system groups, hostnames, type of OS (perhaps by fingerprinting), system banners, etc., are all included here.
What are some of these methods?
Social engineering - Spoofing attacks can take place in person, by telephone, and via email. Each of these approaches relies on human weakness in order to gather the most information possible about the target.Social networks - Social networks like Facebook, Twitter, LinkedIn, and others are valuable sources of information for building a profile, especially when targeting specific individuals.
Domain names - Registrants can include governments, nonprofit organizations, and individuals. They are, therefore, an excellent place to start if you're looking for someone. You can find details on individuals, projects, services, and technologies when inspecting domain information.
Internet servers - There are other sources of information, such as HTTP servers, email servers, and others, in addition to authoritative DNS servers.
Requirement and Feasibility Analysis
It is imperative that all products, solutions, or services have clearly defined requirements and are deemed feasible before development begins. It is important to establish the baseline requirements before development is begun, despite the fact that details can be improved over time. For this reason, requirements form the basis for developing all products, solutions, and services. According to the development approach selected, there will be a different way to capture and manage requirements. In incremental development methods, the resources will be fixed by capacity and the time will be restricted by time-boxes. Sequential development, on the other hand, involves fixed requirements and a fixed timeline, causing resources to fluctuate, whereas this approach makes the requirements more flexible.By structuring the requirements sequentially, most of the requirements for the project are determined and finalized before development begins. The project scope is determined by this. A complete project plan is created as a result. As long as the objectives and requirements of a business are clearly defined, this method works. When the business needs have changed while development has been underway, the final product may not meet the final business objectives since the requirements were outdated at the time of design. It is possible that the project will be delayed or exceeds its estimated cost due to extra work for modifications and fixes.
During the development process, it is essential to document the following categories of requirements:
- Provide an explanation of the targeted business capability and change – the "why" and the "what"
- Deliverables - "how" and "when" stakeholders expect them
- A specification of the solution's features, functions, characteristics, and the data that is needed to implement it
- Aspects other than functionality to be taken into account include predicted volumetrics, performance, security, availability levels, maintainability, and serviceability
- In addition to these factors, project requirements should also take into account actions, processes, competences, and other factors
- In addition to actions, processes, competences, and other conditions, project requirements need to be considered.
- A service release readiness transition requirement to address service capabilities.
- Understanding assertions, dependencies, and constraints with other projects is an important component of portfolio requirements.
Either by sequential development or incremental development, testing the feasibility will ensure that no costly mistakes are made, delivery risks are minimized, and user dissatisfaction is minimized.
Data Flow Diagrams
A DFD graphically represents the functions carried out on a system to accumulate, manipulate, store, and transfer data. It makes it easy to communicate with the designer since a lot of information can be displayed at once. DFDs consist of a hierarchy of diagrams starting with an overarching overview leading to a detailed view. DFD became popular for several reasons, including:- The flow of information within the system
- Simplicity of notation
- Construction requirements for physical systems
- Determination of automated and manual system requirements
DFD symbols
An information flow diagram is represented using four basic symbols.Process
An output produced by a process is of a different type or form than the input data. Reports containing monthly sales information from all retail stores in the northwest region can be generated, or input data can be collected and stored in the database.Identifying a process' function is determined by its name. Names begin with a singular noun.
Example -
- Payment application
- Commision calculation
- Order verification
- Processes are represented by rounded rectangles
- Identifiers are assigned to each process so that they can be referred to easily
Data Flow
Flow of data refers to the method by which data is transferred from one part of the information system to another. Depending on its purpose and form, a data-flow may represent a single data element or a collection of data elements.Notation
Lines with arrows pointing in represent the flow of input data.Data flow with an outward arrow represents an output data flow.
Get subject wise printable pdf documentsView Here
No comments:
Post a Comment
Please don't spam. Comments having links would not be published.