Saturday, October 20, 2018

Install Latest Splunk 7.2.0 on Ubuntu 18.04 LTS at Google Cloud Platform

Installing Splunk 7.2.0 into Ubuntu is super easy. I had a video to introduce how to install Splunk in a windows server in my previous post. This time, I am going to present an installation process for Splunk 7.2.0 installed into Ubuntu 18.04.  Ubuntu is running on Google Cloud Platform.

1. Create a new Ubuntu 18.04 LTS VM from GCP ->Computer Engine -> VM Instance




Wednesday, October 17, 2018

Canada CRA Email / Message Scam Example and Phone Call Scam Fraud Recording 2018

One of the top scams happening in Canada is CRA Scam, also called Income Tax Scams. Over $5 million was lost to income tax scams in 2017. The Canada Revenue Agency (CRA) is warning Canadians to be careful of emails, voice mails, even mail claiming to be from the CRA. These are phishing scams that could result in identity thefts. Email scams may also contain embedded malware, or malicious software, that can harm your computer and put your personal information at risk of compromise. The CRA does not email Canadians and request personal information.

Recently, I collected some of real samples happened to me from those scammers.

1. CRA Email Scam

I got an email from a email address starts with CRA-NoticeSecured-Taxinfo, with an attachment inside. But it actually from some weird domain aprobacion.x7.io. The email says Canada Revenue Agency has sent you an INTERAC e-Transfer with amount $782.57.


Thursday, October 11, 2018

Qualys Guard Tips and Tricks

The Qualys Cloud Platform and its integrated apps can simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Qualys Scanner Appliance is an option with the Qualys Cloud Platform. With the Qualys Scanner Appliance, you can easily assess internal network devices, systems and web applications.  This post summarize some of my experience with Qualys Guard service from Qualys Scanner Appliance.

1. Assetview Tag 

Asset Search - Dynamic Rule
Search all assets found / scanned in last 90 days:

Tuesday, October 9, 2018

How Much Google Cloud Platform Charges on F1-Mirco VM

I have been using GCP for my small blog site for a while. It was not been charged much since the traffic is small, a couple of thousand visitors per day from the world. The GCP credit is still having more than $384 30 days before the trial day ended.

To better trace the charges, I decided to spin up another VM around 10PM Sep 28 2018 to track how much it will charge daily with this minimum f1-micro (1 vCPU, 0.6 GB memory) VM.

I choosed Ubuntu 16.04 (Xenial Xerus) on f1-micro. License is free for this OS. The only service enabled on this f1-micro VM is Mysql used as backend of my blog. FrontEnd is another PHP/APACHE VM hosting in another GCP account.  I have hardened the firewall rules to allow only MySQL in from a specific ip.


Based on the GCP Always Free Usage Limits, I should be able to have following services as free:
  • 1 f1-micro VM instance per month (US regions, excluding Northern Virginia).
  • 30 GB of Standard persistent disk storage per month.
  • 5 GB of snapshot storage per month.
  • 1 GB egress from North America to other destinations per month (excluding Australia and China).

1. First Two days 
Here is first 32 hours charges and checked on Sep 30 2018:


SKUProduct

UsageCost before Credit credit
Network Inter Zone EgressCompute Engine
2.51 gibibyte$0.03-$0.03
Micro instance with burstable CPU running in AmericasCompute Engine
32 hour$0.02-$0.02
Network Internet Egress from Americas to ChinaCompute Engine
0 gibibyte$0.00-$0.00

Splunk Tips and Tricks


Splunk Installation:
On Google Cloud Windows 2016 VM


Friday, October 5, 2018

Security Breach Events in 2018, 2017, 2016, 2015, 2014

Here is a list of  top vulnerabilities found since 2015, which I am still working on to compile them together. It will come from different sources and includes those which I believe it is worth taking a note here.


2018

  1. Jan 3,  Spectre and Meltdown vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
  2. Jan 29,  Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability
  3. Mach 20, Facebook's privacy scandal - The Guardian revealed that the personal data of 50 million Facebook profiles was illegally harvested by Cambridge Analytica.
  4. June 27, Exactis – Data warehouse / consumer marketing data – 340 million PII records accessible via unprotected, online-accessible database
  5. Jul 29, Adidas – Shoes, clothing and sports equipment – PII for millions of customers (emails, login IDs, hashed passwords) – Technical details not released, potentially vulnerability on online-accessible server.

Thursday, October 4, 2018

Gartner Magic Quadrant for Web Application Firewalls (2018,2017,2016)

A web application firewall (WAF) is an application firewall for HTTP applications. It applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection.

While proxies generally protect clients, WAFs protect servers. A WAF is deployed to protect a specific web application or set of web applications. A WAF can be considered a reverse proxy.

According to Gartner, by 2023, more than 30% of public-facing web applications will be protected by cloud web application and API protection (WAAP) services that combine distributed denial of service (DDoS) protection, bot mitigation, API protection, and WAFs. This is an increase from fewer than 10% today.

2018

On August 2018, Gartner’s released their latest Magic Quadrant report for Web Application Firewalls. Only Imperva and Akamai are in the Leaders quadrant. F5 has been moved out from Leaders quadrant to challengers. Other vendors , such as Fortinet, Cloudflare, Barracuda, Citrix, are not changed much and still in challengers. Oracle and Radware are in Visionaries quadrant.

Tuesday, October 2, 2018

Install T-Pot into Google Cloud Platform VM Instance

T-Pot is a honeypot platform built on Ubuntu with Dock technology. Latest version is 17.10 and OS is Ubuntu 16.04. The minimum system requirement is at least 2GB RAM and 40GB disk space.

There are some other posts online to show how to install T-Pot into cloud virtual machine instance. Unfortunately, I failed so many times and got a error message 'could not find authrized_keys at .ssh folder'. Eventually I found issue is with the user I were using. If I create a new user and add it into sudo group, and install T-Pot after log in as that new user, the installation process is quite smooth.

Here is all steps I did. Hopefully it helps when you try this awesome honeypot.


1. Create a VM


2. Update your Ubuntu instance


[email protected]:~$ sudo apt-get update
[email protected]:~$ sudo apt-get upgrade
[email protected]:~$ sudo apt-get dist-upgrade