Recent during a vulnerability scan , there is RC4 cipher found using on SSL/TLS connection at port 3389. The solution in the Qualys report is not clear how to fix. This post is going to record some searching results found online how to fix this SSL/TLS RC4 Cipher Vulnerability.

SSL/TLS use of weak RC4(Arcfour) cipher port 3389/tcp over SSL

QID: 38601
Category: General remote services
CVE ID: CVE-2013-2566, CVE-2015-2808
Vendor Reference: -
Bugtraq ID: 91787, 58796, 73684
Service Modified: 05/10/2019
User Modified: -
Edited: No
PCI Vuln: Yes

Rsyslog is an Open Source logging program, which is the most popular logging mechanism in a huge number of Linux distributions. It's also the default logging service in CentOS 7 or RHEL 7. Rsyslog daemon in CentOS can be configured to run as a server in order collect log messages from multiple network devices. In this post, I am using two CentOS7 linux machines to test Rsyslog as server and client.

Topology

Client machine 34.67.242.159 will send out local logs to remote central syslog server 35.224.49.121.
Both machines are running on CentOS7.

This topic has been haunted in my mind for quite a while. As an information security guy, we got tons of reports about end point activities. One of them is the website ip or urls they were accessing. A typical network abnormal behaviour for an infected or compromised end point is huge amount of accessing malicious ip or bad reputation websites.

For many investigations, I can generate an ip list but how to quickly find out the ip reputation is a challenge for me.

That is why I am writing this post today. I am still checking those websites or scripts, hopefully I can get a good understanding then comes out my own script to do this job.

High Level Installation Steps:

This post is to show some quick steps for regular operation on my home CyberArk lab:

On board CyberArk End User

If you CyberArk has AD integrated, you will need to add this user into proper CybreArk AD group. Usually, you will have three types of CyberArk AD user groups:

This is my CyberArk learning post to record those issues I met during working on CyberArk PAS (Privileged Account Security) Solutions which including following modules:

• PVWA (Password Vault Web Access)
• PSM (Privileged Session Manager)
• CPM (Central Policy Manager)

Some of them can be easily fixed by changing group policy. Some of them are relating RDS license.

Issue: This app has been blocked 

1. Using PSM SSH to connect to Remote Site but got an error

hdparm is a command line utility to set and view hardware parameters of hard disk drives. It can also be used as a simple benchmarking tool.

Install hdparm

CentOS

[[email protected] ~]# yum install hdparm

Ubuntu

[email protected]:~# apt-get install hdparm

Research firm Gartner defines the Endpoint Protection Platform (EPP) market as one with offerings that "provide a collection of security capabilities to protect PCs, smartphones and tablets," which it said could include anti-malware, personal firewall, port and device control, and more.

The endpoint protection platform provides a collection of security capabilities to protect PCs, smartphones and tablets. Buyers of endpoint protection should investigate the quality of protection capabilities, the depth and breadth of features, and the ease of administration. The enterprise endpoint protection platform (EPP) is an integrated solution that has the following capabilities: anti-malware, personal firewall, port and device control. EPP solutions will also often include: vulnerability assessment, application control and application sandboxing, enterprise mobility management (EMM), typically in a parallel nonintegrated product, memory protection, behavioral monitoring of application code, endpoint detection and remediation technology full-disk and file encryption, also known as mobile data protection, endpoint data loss prevention (DLP).

2019