Gartner's Magic Quadrant for Public Cloud Infrastructure Managed Services Providers (2018, 2017)

2018

Three Vendors are in Leaders Quadrant:

• Accenture
• Cloudreach
• Rackspace

Install OpenVAS on Ubuntu

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The framework is part of Greenbone Networks' commercial vulnerability management solution from which developments are contributed to the Open Source community since 2009.

1. Install dependencies

$ sudo apt-get install sqlite3 python-software-properties

OpenVAS Virtual Appliance / GreenBone Installation

OpenVAS Framework

The GSM Community Edition is a derivate of the GSM ONE and allows a quick and easy option on Windows, Linux or Mac to give the solution a trial. No particular know-how is needed.

In contrast to the commercial solution the Community Feed instead of the Greenbone Security Feed is used. Also some management functions like for TLS certificates are not included. Feed updates happen on a regular basis, but the system itself can not be updated. The commercial version can be updated seamless and also includes access to the Greenbone Support.

The Community Edition as well as the GSM ONE are designed for use with a laptop. The full feature set for a vulnerability management process (schedules, alarms, sensors) are only available with the bigger GSM models (see here for an overview) and can be obtained from Greenbone as an evaluation unit.

1. OpenVAS / GreenBone Installation Video

Metasploit Installation on Windows 7 and 10

The Metasploit Framework (MSF) is far more than just a collection of exploits. It’s an infrastructure that you can build upon and utilize for your custom needs. This allows you to concentrate on your unique environment, and not have to reinvent the wheel. I consider the MSF to be one of the single most useful auditing tools freely available to security professionals today. From a wide array of commercial grade exploits and an extensive exploit development environment, all the way to network information gathering tools and web vulnerability plugins, the Metasploit Framework provides a truly impressive work environment.

1. Installation on Windows 7
Youtube Video:

Kali Virtual Appliance Installation and Usage

Kali Linux is the world’s most powerful and popular penetration testing platform, used by security professionals in a wide range of specializations, including penetration testing, forensics, reverse engineering, and vulnerability assessment. It is the culmination of years of refinement and the result of a continuous evolution of the platform, from WHoppiX to WHAX, to BackTrack, and now to a complete penetration testing framework leveraging many features of Debian GNU/Linux and the vibrant open source community worldwide.

Kali Linux has not been built to be a simple collection of tools, but rather a flexible framework that professional penetration testers, security enthusiasts, students, and amateurs can customize to fit their specific needs.
1. Installation Kali Virtual Appliance

Free DNS Server 1.1.1.1 and 1.0.0.1 (from CloudFlare) - Fastest and Easiest to Remember

Google free DNS server 8.8.8.8 and 8.8.4.4 has been used by me for many years, since it is decent fast and also easy to remember. But now Cloudflare just announced their DNS server 1.1.1.1 and 1.0.0.1 on April 1st 2018.

Here is their comparison diagram with other free public DNS server providers.

Not only fastest, Cloudflare pledged that it will not write your ip to the disk and not keep your tracking data long, it will purge all logs within 24 hours. How cool is this privacy focus feature? Definitely, I will give it more try later if there is any need to use a public DNS server.

Top Security Events / Vulnerabilities in 2018, 2017, 2016, 2015, 2014

Here is a list of  top vulnerabilities found since 2015, which I am still working on to compile them together. It will come from different sources and includes those which I believe it is worth taking a note here.


2018

1. Jan 3,  Spectre and Meltdown vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
2. Jan 29,  Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability
3. Mach 20, Facebook's privacy scandal - The Guardian revealed that the personal data of 50 million Facebook profiles was illegally harvested by Cambridge Analytica.

Gartner Magic Quadrant for Security Awareness Computer-Based Training (2017,2016,2015,2014)

IT research and advisory firm Gartner, Inc. has evaluated different vendors in the Magic Quadrant for Security Awareness Computer-Based Training (CBT). Gartner’s evaluation criteria includes market understanding, marketing strategy, sales strategy, product strategy and offering, business model, vertical/industry and geographic strategy, and innovation.

What is security awareness computer-based training?
End-user-focused security education and training is a rapidly growing market. Demand is fueled by the needs of security and risk management leaders to help influence the security behaviors of people. People impact security outcomes much more than any technology, policy or process. Interactive computer-based training (CBT) is a central component of a comprehensive security education and behavior management program. It is a mechanism for the delivery of a learning experience through computing devices, such as laptop computers, tablets, smartphones and Internet of Things (IoT) devices. The focus and structure of the content delivered by CBT vary, as do the duration of individual CBT modules and the type of computing endpoints supported. The market for CBT for security awareness is characterized by vendor portfolios that include ready-to-use, interactive software modules. These modules are available as internet-based services or on-premises deployments.


2017