Cyber Security TRA (Threat and Risk Assessment) Resources Research

What is Risk:
Risk = Threat x Vulnerability x Asset

The enterprise risk assessment and enterprise risk management processes comprise the heart of the information security framework. These are the processes that establish the rules and guidelines of the security policy while transforming the objectives of an information security framework into specific plans for the implementation of key controls and mechanisms that minimize threats and vulnerabilities. Each part of the technology infrastructure should be assessed for its risk profile. From that assessment, a determination should be made to effectively and efficiently allocate the organization’s time and money toward achieving the most appropriate and best employed overall security policies. The process of performing such a risk assessment can be quite complex and should take into account secondary and other effects of action (or inaction) when deciding how to address security for the various IT resources.

Symantec ATP (Advance Threat Protection) EDR Configuration Notes

I am working on Symantec ATP , which new name is EDR. Here lists some of experience I learned from this set up. It is still updating.


YouTube Video:

Common Used Excel Formulas

一、数字处理

1、取绝对值
　　=ABS(数字)
　　2、取整
　　=INT(数字)
　　3、四舍五入
　　=ROUND(数字,小数位数)

二、判断公式

1、把公式产生的错误值显示为空
　　公式：C2
　　=IFERROR(A2/B2,"")
　　说明：如果是错误值则显示为空，否则正常显示。

How to Enable Root Account and Enable Username/password Access in GCP

By default, Google Compute Engine offers the browser-based Google Cloud Platform Console tool that lets you manage your Google Compute Engine resources through a graphical interface. Use the GCP Console to manage your resources if you prefer using a user-interface through the browser.

In the GCP documentation setting up ssh keys  which shows how to set up your own ssh key to access all your virtual machines in GCP. here's the summary of steps:

1. Generate your keys using ssh-keygen or PuTTYgen for Windows, if you haven't already.
2. Copy the contents of your public key. If you just generated this key, it can probably be found in a file named id_rsa.pub.
3. Log in to the Developers Console.
4. In the navigation, Compute->Compute Engine->Metadata.
5. Click the SSH Keys tab.
6. Click the Edit button.
7. In the empty input box at the bottom of the list, enter the corresponding public key, in the following format: 
   
   <protocol> <public-key> [email protected] 
   
   This makes your public key automatically available to all of your instances in that project. To add multiple keys, list each key on a new line.
8. Click Done to save your changes. 
   
   It can take several minutes before the key is inserted into the instance. Try connecting with ssh to your instance. If it is successful, your key has been propagated to the instance.

Using Portainer to Deploy Guacamole Docker- Web-based Remote Access Gateway

Apache Guacamole is a clientless remote desktop gateway. It has been called clientless gateway because no plugins or client software are required. The utility offers a HTML5 interface that is used to start remote sessions. There is no other special client software need to be installed as long as you have a browser. The following popular protocols are supported, VNC, RDP, SSH, Telnet.

Architecture
Guacamole consists of the following components:

Guacamole architecture

• Guacamole Server (Tomcat Servlet Container)
• Guacamole Proxy Server (guacd), establishes remote connections
• Remote hosts – accessible via protocols above

A Guacamole server can contact multiple proxy servers. Using this, it is possible to access desktops in multiple network segments using one frontend.

In this post, I am gong to present a way to set up Guacamole server in Azure free tier cloud VM. I am using docker technology with the help from Docker Web UI Portainer, to deploy a Guacamole docker into a Linux virtual machine. 

Using Group Policy to Deploy Software Packages (MSI, MST, EXE)

Group Policy is a feature of Windows Server using which admins can install software on all user computers. It can be done remotely without manual intervention. GPO is short for Group Policy. It becomes so popular among companies because it can make deployment clear and easy due to the technology of group policy. 


1. Deploy Windows MSI or MST package Using Group Policy Software Installation
YouTube GPO Deployment Video:

Install ESXi 5.1/5.5/6.0 into Mac Mini 3.1 (Later 2009)

It is not new to install ESXi on Mac Mini for technical person . There are lots of benefits to do this. I have been used ESXi 5.5/6 on my Mac Mini 5.1 for many years now. Just recently I have got two Mac Mini 3.1  to play at my home and I was wondering if it is possible to get ESXi on them.

I have two types of Mac Mini 3.1, one is regular with one hard drive and one optical drive. Another Mac Mini 3.1 is server version. There is no optical drive but two hard drive installed.

The result is surprising and working very well although I had a small hiccup on storage adapter. First thing I did is to upgrade the RAM from 4G to 8G which is maximum you can have. You can not start installing process if you only have 4G RAM. I did not try 16G RAM since no one succeed that by googled online. It is enough to get me run 2-3 VMs anyway.

Cyber Security Architecture with NIST Cyber Security Framework