Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Wednesday, October 16, 2019

CyberArk Failover and Failback Process



PAM Solution High Availability Design Sample

DR Failover


CyberArk Configuration Notes

PAM Solution High Availability Design Sample
CyberArk is an info security company mainly dedicated to privileged account security. The CyberArk Privileged Account Security solution comprises features that secure, monitor and manages confidential accounts.
The major components used widely are following:

  • Enterprise Password Vault
  • Central Policy Manager (CPM)
  • Password Vault Web Access (PVWA)
  • Privileged Session Manager (PSM)


Monday, September 30, 2019

IBM Guardium Notes: Basic Configuration Notes (License, NTP, SMTP, Data Related, Backup, Schedule, LDAP, Syslog)

This post is a summary for those basic IBM Guardium configuration. The IBM Guardium products provide a simple, robust solution for preventing data leaks from databases and files, helping to ensure the integrity of information in the data center and automating compliance controls.


These are the key functional areas of Guardium's database security solution:
  • Vulnerability assessment. This includes not just discovering known vulnerabilities in database products, but also providing complete visibility into complex database infrastructures, detecting misconfigurations, and assessing and mitigating these risks.
  • Data discovery and classification. Although classification alone does not provide any protection, it serves as a crucial first step toward defining proper security policies for different data depending on its criticality and compliance requirements.

Basic Steps to Deploy and Config Symantec DLP 15.5 with Installation Videos


I were working on Symantec DLP project and had some experience with it. This post is going to review what I have been done and how I managed to install it in my home lab environment. It will not be alike a step by step installation tutorial since Symantec documents have explained details enough. It mostly high level lists all related steps. But I recorded my screen with what I have done and what kind of issues I have met , and how I resolved it. All are in those YouTube videos for future references, which will be helpful if you have same lab project for Symantec DLP products.

The Symantec Data Loss Prevention suite is designed to meets the needs of large enterprises, as well as small and medium-sized enterprises. The product covers a variety of areas, including endpoint data in use, network data in transit, and files and databases at rest. Symantec Data Loss Prevention addresses on-premises, mobile and cloud data and can be deployed on both physical servers -- Windows Server, Red Hat Enterprise Linux and others -- and cloud infrastructures, such as AWS.


1. Download Installation Files from Symantec File Connect

You will need a Serial Number to download all DLP related software from Symantec File Connect web site : https://symantec.flexnetoperations.com/control/symc/registeranonymouslicensetoken


Thursday, September 26, 2019

Symantec EndPoint Protection Management Configuration Notes



1. Disable / Enable Symantc Endpoint Protection Client

From Command line:
Instead of "smc -stop" and "smc -start", use the commands "start smc -stop" and "start smc -start".
Disabled SEP Client
Enabled SEP Client

Once system rebooted, SEP service will start it again. To complete disable service even after rebooted, the only way is to remove the SEP program.

Thursday, August 22, 2019

IBM Guardium Installation and Upgrade


Basic Installation 

The IBM Guardium V10.1 Software Appliance Technical Requirements can be found here: http://ibm.co/2gd5ZRq.  Additional installation detail can be found here: http://ibm.co/2h0exMw.


Wednesday, August 14, 2019

IBM Guardium: Create an Alert / Policy / Classification

An alert is a message indicating that an exception or policy rule violation was detected.
Alerts are triggered in two ways:
  • correlation alert is triggered by a query that looks back over a specified time period to determine if alert threshold has been met. The Guardium Anomaly Detection Engine runs correlation queries on a scheduled basis. By default, correlation alerts do not log policy violations, but they can be configured to do that.
  • real-time alert is triggered by a security policy rule. The Guardium Inspection Engine component runs the security policy as it collects and analyzes database traffic in real time.

Friday, August 2, 2019

Find Website Real IP by Bypassing CDN


There are more and more websites using CDN (Content Delivery Network) to help deliver their contents to end users. It is faster, safer and more reliable. At the same time, CDN such as cloudflare company hides your real ip behind their public ip. Is there a way we can bypassing CDN and find out those websites' real ip addresses.

I found following a couple of websites can help you do that.

Tuesday, July 30, 2019

IBM Guardium: Configure a Database Vulnerability Assessment


This post is to record steps how to configure IBM Guardium to do  Vulnerability Assessment. In next couple of posts, I will write more about how to use Guardium to complete some basic task, just like this one. Please keep tuned.

Let me get it started now.

Saturday, June 22, 2019

Cyber Security TRA (Threat and Risk Assessment) Resources Research


What is Risk:
Risk = Threat x Vulnerability x Asset

The enterprise risk assessment and enterprise risk management processes comprise the heart of the information security framework. These are the processes that establish the rules and guidelines of the security policy while transforming the objectives of an information security framework into specific plans for the implementation of key controls and mechanisms that minimize threats and vulnerabilities. Each part of the technology infrastructure should be assessed for its risk profile. From that assessment, a determination should be made to effectively and efficiently allocate the organization’s time and money toward achieving the most appropriate and best employed overall security policies. The process of performing such a risk assessment can be quite complex and should take into account secondary and other effects of action (or inaction) when deciding how to address security for the various IT resources.

Friday, June 21, 2019

Symantec ATP (Advance Threat Protection) EDR Configuration Notes

I am working on Symantec ATP , which new name is EDR. Here lists some of experience I learned from this set up. It is still updating.


YouTube Video:


Sunday, April 7, 2019

Deploy Symantec Endpoint Encryption 11.2.1 and Configure SEE to Encrypt Client Machines

Symantec Endpoint Encryption protects sensitive information and ensures regulatory compliance. It encrypts all files on the hard drive, sector-by-sector, for maximum security. It supports Windows, Mac, tablets, self-encrypting drives, and removable media (USB drives, external hard drives, and DVDs).

I had a chance to install it in my lab environment for a testing. This post is kind of recording all steps including all mistakes I had made, especially in the YouTube video.


1. Pre-Installation System Requirements:

1.1 OS Requirements

  • Microsoft Windows Server 2016 Datacenter, with updates
  • Microsoft Windows Server 2016 Standard, with updates
  • Microsoft Windows Server 2012 R2 Datacenter, with updates
  • Microsoft Windows Server 2012 R2 Standard, with updates
  • Microsoft Windows Server 2008 R2 Enterprise SP1 (Deprecated in SEE 11.2.1 MP1)
  • Microsoft Windows Server 2008 R2 Standard SP1 (Deprecated in SEE 11.2.1 MP1)

Wednesday, February 6, 2019

PFsense Configuration with Topology and Screenshots

pfSense is an open source routing and firewall software that is based on the FreeBSD distribution. The basic features including:
pfSense Home Topology

  • Static/default/dynamic routing
  • Stateful firewall
  • Network Address Translation (NAT)
  • Virtual Private Networks (VPN)
  • Dynamic Host Configuration Protocol (DHCP)
  • Domain Name System (DNS)
  • Load balancing and so on. 

With many supported add-on packages, other advanced features including:
  • Snort (for Intrusion Detection and Prevention)
  • FreeSWITCH (Voice over IP)
  • Squid (Proxy)
  • SquidGuard (URL Filtering/HTTPS inspection)
  • Darkstat (Network Traffic Monitor)

Tuesday, February 5, 2019

Qualys Scanner Appliance and Qualys Guard Service Tips and Tricks

The Qualys Cloud Platform and its integrated apps can simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Qualys Scanner Appliance is an option with the Qualys Cloud Platform. With the Qualys Scanner Appliance, you can easily assess internal network devices, systems and web applications.  This post summarize some of my experience with Qualys Guard service from Qualys Scanner Appliance.

1. AssetView 
1.1 Dashboard

Monday, January 7, 2019

Proofpoint Wombat Security Education Platform Usage - Create Training Assignment

Gartner has named Proofpoint (Wombat Security) a Leader in Security Awareness Computer-Based Training for a couple of years as far as I could find.

There are many functions and features I like, but one thing I specially liked is how easy you can setup a training just with a couple of clicks and some basic information entered. The templates from Wombat is already good enough for most situations. In this post, I captured some screenshots to show how easily it can be done.


1. Log into Wombat Platform
Products->Training -> Assignmetns

Wednesday, December 19, 2018

Proofpoint Wombat Security Awareness Training - Phishing Campaign Step by Step

Wombat ThreatSim® Phishing Simulations are an excellent addition to any security awareness training program, particularly those focused on fighting phishing attacks. Wombat ThreatSim Phishing Simulations serivce has SaaS-based interface which makes it easy to deliver simulated phishing emails and customizable Teachable Moments, which display targeted "just-in-time teaching" messages to individuals who fall for a phishing test.ThreatSim’s customizable email templates address three key testing factors: attachments, embedded links, and requests for personal data. Based on Wombat site, no one else in the industry can offer multiple templates in one campaign, random scheduling of emails to spread out delivery, along with Auto-Enrollment into targeted training if an employee falls for an attack.

This post is a quick step by step guide how to create a basic Phishing Campaign hosted from Wombat ThreatSim platform.

Log into Wombat Security Education Platform and Click ThreatSim -> Phishing Campaigns

Tuesday, December 18, 2018

Gartner Magic Quadrant for Unified Threat Management (2018,2017,2016,2015,2014,2013,2012,...)

Gartner defines the unified threat management (UTM) market as multifunction network security products used by small or midsize businesses (SMBs) (< 1000 employees).


2018 Gartner Magic Quadrant for Unified Threat Management Report
For leaders quadrant, no changes since 2015. Fortinet, Check Point and Sophos are in there.

Gartner Magic Quadrant for Enterprise Network Firewall (2018,2017,2016,2015,2014,2013,2011,2010)

Based on Gartner's definition, the enterprise network firewall " is composed primarily of purpose-built appliances for securing enterprise corporate networks. Products must be able to support single-enterprise firewall deployments and large and/or complex deployments, including branch offices, multitiered demilitarized zones (DMZs) and, increasingly, the option to include virtual versions for the data center. Customers should also have the option to deploy versions within Amazon Web Services (AWS) and Microsoft Azure public cloud environments. These products are accompanied by highly scalable (and granular) management and reporting consoles, and there is a range of offerings to support the network edge, the data center, branch offices and deployments within virtualized servers and the public cloud. "

Here is the difference from UTM appliance, which  UTM approaches are suitable for small or midsize businesses (SMBs), but not for the remainder of the enterprise market.


2018 Gartner Magic Quadrant for Enterprise Network Firewalls
Cisco comes back to Leaders quadrant again. Palo Alto, Fortinet and Check Point are still doing well as Leaders.

Wednesday, December 12, 2018

Python Cyber Security Testing Tool Collection

Networking

Scapy: send, sniff and dissect and forge network packets. Usable interactively or as a library
pypcapPcapy and pylibpcap: several different Python bindings for libpcap
libdnet: low-level networking routines, including interface lookup and Ethernet frame transmission