An incidental report of my personal experience and introduction to SANS

SysAdmin, Audit, Network, and Security (SANS) Institute 

The System Management, Research, Coordination and Security Association (SANS) is an organization that provides education, research and certification in the field of cyber security. Their many years of experience in the field led them to publish the international organization Cybersecurity Business Questions Manual in 2012. SANS has process consisting of  6 steps.

Preparation

Planning is about preparing your team to deal with situations quickly and effectively. Planning and resolution can make a world of difference when every step you take affects the outcome.

The planning process will establish rules that specify written content or practices. Then, incorporate these policies into a response plan to guide your organization through the incident.

A large part of the Response Plan is situational criticism based on economic impact.

Other relevant events will be brought to the attention of senior management.

Identification process

The analysis process usually includes collecting information from the database, accessing search tools, and other resources to determine if there are any inconsistencies. Remember, difference doesn't necessarily mean status. Non-IT personnel can also help identify the situation, often when their bodies behave differently.

Containment

Once an event has been identified, the goal should be to address its existence and mitigate its impact. There are several steps at this stage:

1. Short Term Containment

The main purpose of this step is to mitigate the situation and prevent it from causing further damage (for example, disconnecting the virus from the organization's network).

2. System Backup

Before restoring an intervention, a forensic image showing the state of the system at the time of infection must be made.

Forensic images can be used in criminal cases and prevent similar incidents from happening in the future.

3. Long Term Containment

The final step is to fix the temporary barrier so that it can be used and avoid delays in production. This improves the security space and other measures, preventing future developments

Eradication

Eradication is the phase where the system is stopped to remove unwanted content. This is usually done by redesigning the system with an old disk image before the system was used in production.

"New" systems should be equipped with appropriate tools and security measures to prevent future attacks.

Recovery

The remediation process or the recovery process will bring the affected processes back into production, but only after careful testing, monitoring, and making sure they don't cause duplication.

For machines to run efficiently and cleanly, appropriate equipment must be available to measure, monitor and operate. Users of the system must have a trial period and continuous operation time and date.

Conclusion

The final stage of the SANS framework can only be reached with integrated and detailed information of the first five stages. This information can be compiled into a report detailing the incident and answering when, why and how it happened.

The main purpose of this report is to help organizations learn from the events. It can help improve employee performance and serve as a beacon for similar situations in the future. The best way to host business meetings, record events and announce upcoming courses.

Incidental Report on a personal information leak.

This is a report which provides detail on a personal information leak where my email address was compromised. This happened when I has signed up for a short music video making and streaming app. This was one of the most concerned thing which ever happened.

Preparations.

1) I had signed up for an app called Dubsmash, this app was where I could create some music streaming short videos.  

2) Dubsmash is an American video sharing application for iOS and Android. The company was founded in Germany by Jonas Drüppel, Roland Grenke and Daniel Taschik and moved to Brooklyn from Germany in 2016. On December 13, 2020, Reddit reported the Dubsmash results.

3) Despite a massive data breach in December 2018, Dubsmash hit 1 billion monthly video views in early 2020. An unknown hacker broke into the databases of Dubsmash and 15 other sites. Dubsmash broke dark sales record with 161.5 million users in February 2019.

4) During the leak, there was a huge breach where in various accounts were compromised.

5) I lost my info related to my email address and suffered loss to many other apps linked to my email address.

Identification

1) The initial realization happened when I understood my gaming account where I used my Email address to log in, was compromised and this led to me loosing all my progress in the game. 

2) I understood my gaming account was hacked.

3) Then I realized that the online payment account was hacked and the hacker was using it for making purchases of gift cards by purchasing them online.

4) I realized that the email account was compromised and I could no longer access it. The hacker was literally using my email in order to restore passwords for many apps where I used my email address to log in.

Containment

1) After I realized that the email account was compromised. The first thing I did was report it to the email carrier and made sure there is no further damage after the takeover.

2) Then, I made sure I made a professional cybercrime report to the cyber cell so this can be legalized incase the hacker would use my email address to do somethin illegal.

3) Then I gained back access my to my email by taking the help of the carrier company and made sure the passwords are changed.

4) Then I added more layers of security and added more layers of authentication as well.

Eradication

1) Once I gained access back to my account I made sure that all my emails and everything I used I have proper control over it and made everything more secure.

2) Then I removed all the unnecessary permissions any apps I am using is making o my devices or using any information over it.

3) I limit the use of digital apps from untrusted sources and made it a mark I don't allow unnecessary permissions.

Recovery

1) Once everything was set I made sure that now all the layers of security was secured.

2) Then I made sure all the unnecessary apps were revoked permission to access information on my devices.

3) I made sure the two step verifications and authentication process was imposed. 

Lessons learned

I understood that information stored digitally should be well secured and it is equally harmful if it is wrong hands. The most important thing in the modern world is data.