Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Tuesday, July 9, 2019

CyberArk Notes

High Level Design


Thursday, July 4, 2019

IBM Guardium Configure a Database Vulnerability Assessment

[This Post is Still Under Writing]

I am working on one Guardium project recently, and there are lots notes need to write them down.
It might take a while to let me complete this post. Let me get it started now.






Saturday, June 22, 2019

Cyber Security TRA (Threat and Risk Assessment) Resources Research


What is Risk:
Risk = Threat x Vulnerability x Asset

The enterprise risk assessment and enterprise risk management processes comprise the heart of the information security framework. These are the processes that establish the rules and guidelines of the security policy while transforming the objectives of an information security framework into specific plans for the implementation of key controls and mechanisms that minimize threats and vulnerabilities. Each part of the technology infrastructure should be assessed for its risk profile. From that assessment, a determination should be made to effectively and efficiently allocate the organization’s time and money toward achieving the most appropriate and best employed overall security policies. The process of performing such a risk assessment can be quite complex and should take into account secondary and other effects of action (or inaction) when deciding how to address security for the various IT resources.

Friday, June 21, 2019

Symantec ATP (Advance Threat Protection) EDR Configuration Notes

I am working on Symantec ATP , which new name is EDR. Here lists some of experience I learned from this set up. It is still updating.


YouTube Video:


Sunday, April 7, 2019

Deploy Symantec Endpoint Encryption 11.2.1 and Configure SEE to Encrypt Client Machines

Symantec Endpoint Encryption protects sensitive information and ensures regulatory compliance. It encrypts all files on the hard drive, sector-by-sector, for maximum security. It supports Windows, Mac, tablets, self-encrypting drives, and removable media (USB drives, external hard drives, and DVDs).

I had a chance to install it in my lab environment for a testing. This post is kind of recording all steps including all mistakes I had made, especially in the YouTube video.


1. Pre-Installation System Requirements:

1.1 OS Requirements

  • Microsoft Windows Server 2016 Datacenter, with updates
  • Microsoft Windows Server 2016 Standard, with updates
  • Microsoft Windows Server 2012 R2 Datacenter, with updates
  • Microsoft Windows Server 2012 R2 Standard, with updates
  • Microsoft Windows Server 2008 R2 Enterprise SP1 (Deprecated in SEE 11.2.1 MP1)
  • Microsoft Windows Server 2008 R2 Standard SP1 (Deprecated in SEE 11.2.1 MP1)

Saturday, April 6, 2019

Basic Steps to Deploy and Config Symantec DLP 15.5 with Installation Videos


I were working on Symantec DLP project and had some experience with it. This post is going to review what I have been done and how I managed to install it in my home lab environment. It will not be alike a step by step installation tutorial since Symantec documents have explained details enough. It mostly high level lists all related steps. But I recorded my screen with what I have done and what kind of issues I have met , and how I resolved it. All are in those YouTube videos for future references, which will be helpful if you have same lab project for Symantec DLP products.

The Symantec Data Loss Prevention suite is designed to meets the needs of large enterprises, as well as small and medium-sized enterprises. The product covers a variety of areas, including endpoint data in use, network data in transit, and files and databases at rest. Symantec Data Loss Prevention addresses on-premises, mobile and cloud data and can be deployed on both physical servers -- Windows Server, Red Hat Enterprise Linux and others -- and cloud infrastructures, such as AWS.


1. Download Installation Files from Symantec File Connect

You will need a Serial Number to download all DLP related software from Symantec File Connect web site : https://symantec.flexnetoperations.com/control/symc/registeranonymouslicensetoken


Wednesday, February 6, 2019

PFsense Configuration with Topology and Screenshots

pfSense is an open source routing and firewall software that is based on the FreeBSD distribution. The basic features including:
pfSense Home Topology

  • Static/default/dynamic routing
  • Stateful firewall
  • Network Address Translation (NAT)
  • Virtual Private Networks (VPN)
  • Dynamic Host Configuration Protocol (DHCP)
  • Domain Name System (DNS)
  • Load balancing and so on. 

With many supported add-on packages, other advanced features including:
  • Snort (for Intrusion Detection and Prevention)
  • FreeSWITCH (Voice over IP)
  • Squid (Proxy)
  • SquidGuard (URL Filtering/HTTPS inspection)
  • Darkstat (Network Traffic Monitor)

Tuesday, February 5, 2019

Qualys Scanner Appliance and Qualys Guard Service Tips and Tricks

The Qualys Cloud Platform and its integrated apps can simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Qualys Scanner Appliance is an option with the Qualys Cloud Platform. With the Qualys Scanner Appliance, you can easily assess internal network devices, systems and web applications.  This post summarize some of my experience with Qualys Guard service from Qualys Scanner Appliance.

1. AssetView 
1.1 Dashboard

Monday, January 7, 2019

Proofpoint Wombat Security Education Platform Usage - Create Training Assignment

Gartner has named Proofpoint (Wombat Security) a Leader in Security Awareness Computer-Based Training for a couple of years as far as I could find.

There are many functions and features I like, but one thing I specially liked is how easy you can setup a training just with a couple of clicks and some basic information entered. The templates from Wombat is already good enough for most situations. In this post, I captured some screenshots to show how easily it can be done.


1. Log into Wombat Platform
Products->Training -> Assignmetns

Wednesday, December 19, 2018

Proofpoint Wombat Security Awareness Training - Phishing Campaign Step by Step

Wombat ThreatSim® Phishing Simulations are an excellent addition to any security awareness training program, particularly those focused on fighting phishing attacks. Wombat ThreatSim Phishing Simulations serivce has SaaS-based interface which makes it easy to deliver simulated phishing emails and customizable Teachable Moments, which display targeted "just-in-time teaching" messages to individuals who fall for a phishing test.ThreatSim’s customizable email templates address three key testing factors: attachments, embedded links, and requests for personal data. Based on Wombat site, no one else in the industry can offer multiple templates in one campaign, random scheduling of emails to spread out delivery, along with Auto-Enrollment into targeted training if an employee falls for an attack.

This post is a quick step by step guide how to create a basic Phishing Campaign hosted from Wombat ThreatSim platform.

Log into Wombat Security Education Platform and Click ThreatSim -> Phishing Campaigns

Tuesday, December 18, 2018

Gartner Magic Quadrant for Unified Threat Management (2018,2017,2016,2015,2014,2013,2012,...)

Gartner defines the unified threat management (UTM) market as multifunction network security products used by small or midsize businesses (SMBs) (< 1000 employees).


2018 Gartner Magic Quadrant for Unified Threat Management Report
For leaders quadrant, no changes since 2015. Fortinet, Check Point and Sophos are in there.

Gartner Magic Quadrant for Enterprise Network Firewall (2018,2017,2016,2015,2014,2013,2011,2010)

Based on Gartner's definition, the enterprise network firewall " is composed primarily of purpose-built appliances for securing enterprise corporate networks. Products must be able to support single-enterprise firewall deployments and large and/or complex deployments, including branch offices, multitiered demilitarized zones (DMZs) and, increasingly, the option to include virtual versions for the data center. Customers should also have the option to deploy versions within Amazon Web Services (AWS) and Microsoft Azure public cloud environments. These products are accompanied by highly scalable (and granular) management and reporting consoles, and there is a range of offerings to support the network edge, the data center, branch offices and deployments within virtualized servers and the public cloud. "

Here is the difference from UTM appliance, which  UTM approaches are suitable for small or midsize businesses (SMBs), but not for the remainder of the enterprise market.


2018 Gartner Magic Quadrant for Enterprise Network Firewalls
Cisco comes back to Leaders quadrant again. Palo Alto, Fortinet and Check Point are still doing well as Leaders.

Wednesday, December 12, 2018

Python Cyber Security Testing Tool Collection

Networking

Scapy: send, sniff and dissect and forge network packets. Usable interactively or as a library
pypcapPcapy and pylibpcap: several different Python bindings for libpcap
libdnet: low-level networking routines, including interface lookup and Ethernet frame transmission

Friday, December 7, 2018

Gartner Magic Quadrant for Identity Governance and Administration (2018,2017,2016,2015,2013)

IGA (Identify Governance and Administration) is a central component of Identity and Access Management (IAM) designed to “manage digital identity and access rights across multiple systems and applications.”  Identity Governance and Administration solutions achieve this by aggregating and correlating identity and permissions data found throughout an enterprise’s digital ecosystem, and then utilizing that data to perform its core functions.

Gartner considers IGA’s core functions to include access requests, access certification, auditing, reporting and analytics, workflow management, entitlement management, and identity life cycle management.  Gartner evaluates IGA (Identity Governance and Administration) vendors based on the completeness of their vision and their ability to execute on their vision and roadmap.


2018
Comparing to 2017, both One Identity and Saviynt come into Leaders quadrant from Challengers. Six vendors are in Leaders quadrant:
  • Oracle since 2013
  • IBM since 2014
  • SailPoint since 2013
  • One Identity
  • CA Technologies
  • Saviynt


Gartner Magic Quadrant for Access Management (2018, 2017, 2016, 2015 )


Today’s businesses require secure 24/7 access to their cloud applications and data, and require more than Web Single Sign-On to propel their business forward. The world has changed, allowing an almost infinite number of identities and accounts on different platforms and devices including cloud, mobile, social, and personal networks. Having an identity and access management strategy in place is more important than ever.

2018 (Second Year)
CA becomes into Visionaries from Leaders. Micro Focus falls into Visionaries from Challengers. Five Leaders in 2018:
  • Microsoft
  • OKTA
  • IBM
  • Oracle
  • Ping Identity

Saturday, December 1, 2018

Gartner Magic Quadrant for Security Awareness Computer-Based Training (2018,2017,2016,2015,2014)

IT research and advisory firm Gartner, Inc. has evaluated different vendors in the Magic Quadrant for Security Awareness Computer-Based Training (CBT). Gartner’s evaluation criteria includes market understanding, marketing strategy, sales strategy, product strategy and offering, business model, vertical/industry and geographic strategy, and innovation.

What is security awareness computer-based training?
End-user-focused security education and training is a rapidly growing market. Demand is fueled by the needs of security and risk management leaders to help influence the security behaviors of people. People impact security outcomes much more than any technology, policy or process. Interactive computer-based training (CBT) is a central component of a comprehensive security education and behavior management program. It is a mechanism for the delivery of a learning experience through computing devices, such as laptop computers, tablets, smartphones and Internet of Things (IoT) devices. The focus and structure of the content delivered by CBT vary, as do the duration of individual CBT modules and the type of computing endpoints supported. The market for CBT for security awareness is characterized by vendor portfolios that include ready-to-use, interactive software modules. These modules are available as internet-based services or on-premises deployments.

Tuesday, November 20, 2018

IBM Data Security Product Guardium Resources

IBM Security Guardium is designed to help safeguard critical data. Guardium is a comprehensive data protection platform that enables security teams to automatically analyze what is happening in sensitive-data environments (databases, data warehouses, big data platforms, cloud environments, files systems, and so on) to help minimize risk, protect sensitive data from internal and external threats, and seamlessly adapt to IT changes that may impact data security. Guardium helps ensure the integrity of information in data centers and automate compliance controls.
The IBM Security Guardium solution is offered in two versions:
  • IBM Security Guardium Database Activity Monitoring (DAM)
  • IBM Security Guardium File Activity Monitoring (FAM) - Use Guardium file activity monitoring to extend monitoring capabilities to file servers.

IBM Security Learning (Guardium):

IBM Security  Guardium Analyzer

Monday, October 29, 2018

Security Events and Data Breaches in 2018, 2017, 2016, 2015, 2014

World's Biggest Data Breaches
Thanks to Lewis Morgan, social media manager at IT Governance. He has compiled this list by month and year since 2014, might be earlier. What I did is to put his month or year list into my this post and count the numbers for leaked records which some of them were missing from original post.

Here are leaked records numbers since 2014:

Thursday, October 25, 2018

Gartner Magic Quadrant for Intrusion Detection and Prevention Systems (2018, 2017, 2015, 2013, 2012, 2010 ...)

According to Gartner, “The network intrusion prevention system market has undergone dynamic
evolution, increasingly being absorbed by next-generation firewall placements. Nextgeneration
IPSs are available for the best protection, but the IPS market is being pressured by the uptake of
advanced threat defense solutions.

This Magic Quadrant focuses on the market for stand-alone IDPS (IDP / IPS) appliances; however, IDPS capabilities are also delivered as functionality in other network security products. Network IDPSs are provided within a next-generation firewall (NGFW), which is the evolution of enterprise-class network firewalls, and include application awareness and policy control, as well as the integration of network IDPSs (IDP / IPS)

2018
Gartner has named McAfee (StoneSoft), Cisco (SourceFire), Trend Micro as a Magic Quadrant Leader in 2018 for Intrusion Detection and Prevention Systems (IDPS). (In 2013, McAfee acquired Stonesoft, and Cisco acquired Sourcefire. In 2015, Trend Micro acquired HP TippingPoint at $300M.)



Wednesday, October 17, 2018

Canada CRA Email / Message Scam Example and Phone Call Scam Fraud Recording 2018

One of the top scams happening in Canada is CRA Scam, also called Income Tax Scams. Over $5 million was lost to income tax scams in 2017. The Canada Revenue Agency (CRA) is warning Canadians to be careful of emails, voice mails, even mail claiming to be from the CRA. These are phishing scams that could result in identity thefts. Email scams may also contain embedded malware, or malicious software, that can harm your computer and put your personal information at risk of compromise. The CRA does not email Canadians and request personal information.

Recently, I collected some of real samples happened to me from those scammers.

1. CRA Email Scam

I got an email from a email address starts with CRA-NoticeSecured-Taxinfo, with an attachment inside. But it actually from some weird domain aprobacion.x7.io. The email says Canada Revenue Agency has sent you an INTERAC e-Transfer with amount $782.57.