Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Saturday, July 14, 2018

Canada CRA Phone Call Scam Fraud Recording 2018

Here are a list of  my recent recordings for this notorious CRA phone scam. For somehow, they targeted my business phone number and called many times. In order to reveal the tricks they played to me over the phone and warn to others, I managed to record some of calls.

First "CRA" scam call for TAX dispute, which happened on May 16 2018:

Sunday, July 8, 2018

Sumuri Paladin 7 Forensics Suite Basic Usage

PALADIN is a bootable forensic Linux distribution based on Ubuntu and is developed and provided as a courtesy by SUMURI. The boot process has been modified to assure that the internal or external media of computers and devices are not modified or mounted. PALADIN is available as an ISO which can be used to make a bootable DVD or USB. Once booted, the user will find a host of pre-compiled open-source forensic tools that can be used to perform various tasks.


Boot Sumuri Paladin Live Session into Forensics Mode:
1_forensic_mode
Boot Screen

Monday, June 11, 2018

Basic Procedures to Troubleshoot an Infected Computer

Today received a report from user, computer is slow and seems have been infected with unknown virus or malware. No special symptoms except slow.

1. Check task manager and resource monitor

There is a process smss.exe which description is "Microsoft ? Console Based Script Host " using almost 75% CPU all the time.

From task manager, I found system was rebooted a couple of hours ago at very early morning and user was not around.

Also, no matter how you ended this process, it will come back in 10 seconds and take your CPU away and use about 4M your memory.



Tuesday, June 5, 2018

Gartner Magic Quadrant for Identity Governance and Administration (2018,2017,2016,2015,2013)

IGA (Identify Governance and Administration) is a central component of Identity and Access Management (IAM) designed to “manage digital identity and access rights across multiple systems and applications.”  Identity Governance and Administration solutions achieve this by aggregating and correlating identity and permissions data found throughout an enterprise’s digital ecosystem, and then utilizing that data to perform its core functions.

Gartner considers IGA’s core functions to include access requests, access certification, auditing, reporting and analytics, workflow management, entitlement management, and identity life cycle management.  Gartner evaluates IGA (Identity Governance and Administration) vendors based on the completeness of their vision and their ability to execute on their vision and roadmap.


2018
The vendors are in Leaders quadrant:

  • Oracle
  • IBM
  • SailPoint
  • One Identity
  • CA Technologies
  • Saviynt


Saturday, May 26, 2018

CISO Leadership Mind Map

SANS Cisco Mind Map
A CISO (Chief Information Security Officer) has a complex role within a company. They have a wide array of tasks to perform, that involves many differing parts, which the average individual is not always aware of.

CISO Mind Map is an overview of responsibilities and ever expanding role of the CISO.  This Security Leadership poster made by SANS shows exactly the matters a CISO needs to mind when creating a world class IT Security team. It also highlights the essential features necessary of a Security Operations Centre (SOC).


Wednesday, May 9, 2018

How to Find Out Windows Process Sending ICMP Packets

There are a number of different ways to find out which process is sending tcp / udp traffic in computer systems, but not much for icmp traffic.

Here is a summary for the ways to do it.

1. Install a local firewall

You could always try installing a firewall that blocks outgoing traffic or use the Windows Firewall. When the traffic is generated, it could prompt you asking whether you want to allow it or not. In many cases, it will tell you what application is generating the traffic.


Thursday, April 19, 2018

Gartner Magic Quadrant for Access Management (2017,2016,2015 )


Today’s businesses require secure 24/7 access to their cloud applications and data, and require more than Web Single Sign-On to propel their business forward. The world has changed, allowing an almost infinite number of identities and accounts on different platforms and devices including cloud, mobile, social, and personal networks. Having an identity and access management strategy in place is more important than ever.



2017 
Gartner recently named following vendors as  a leader in its first “Magic Quadrant for Access Management, Worldwide 2017.”

  • Microsoft
  • Okta
  • CA Technologies
  • Oracle
  • IBM
  • Ping Identity





Tuesday, April 17, 2018

Install OpenVAS on Ubuntu


OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The framework is part of Greenbone Networks' commercial vulnerability management solution from which developments are contributed to the Open Source community since 2009.

1. Install dependencies

OpenVAS Virtual Appliance / GreenBone Installation

OpenVAS Framework
The GSM Community Edition is a derivate of the GSM ONE and allows a quick and easy option on Windows, Linux or Mac to give the solution a trial. No particular know-how is needed.
In contrast to the commercial solution the Community Feed instead of the Greenbone Security Feed is used. Also some management functions like for TLS certificates are not included. Feed updates happen on a regular basis, but the system itself can not be updated. The commercial version can be updated seamless and also includes access to the Greenbone Support.
The Community Edition as well as the GSM ONE are designed for use with a laptop. The full feature set for a vulnerability management process (schedules, alarms, sensors) are only available with the bigger GSM models (see here for an overview) and can be obtained from Greenbone as an evaluation unit.

1. OpenVAS / GreenBone Installation Video




Saturday, April 14, 2018

Metasploit Installation on Windows 7 and 10

The Metasploit Framework (MSF) is far more than just a collection of exploits. It’s an infrastructure that you can build upon and utilize for your custom needs. This allows you to concentrate on your unique environment, and not have to reinvent the wheel. I consider the MSF to be one of the single most useful auditing tools freely available to security professionals today. From a wide array of commercial grade exploits and an extensive exploit development environment, all the way to network information gathering tools and web vulnerability plugins, the Metasploit Framework provides a truly impressive work environment.

1. Installation on Windows 7
Youtube Video:



Kali Virtual Appliance Installation and Usage

Kali Linux is the world’s most powerful and popular penetration testing platform, used by security professionals in a wide range of specializations, including penetration testing, forensics, reverse engineering, and vulnerability assessment. It is the culmination of years of refinement and the result of a continuous evolution of the platform, from WHoppiX to WHAX, to BackTrack, and now to a complete penetration testing framework leveraging many features of Debian GNU/Linux and the vibrant open source community worldwide.

Kali Linux has not been built to be a simple collection of tools, but rather a flexible framework that professional penetration testers, security enthusiasts, students, and amateurs can customize to fit their specific needs.
1. Installation Kali Virtual Appliance


Wednesday, March 21, 2018

Top Security Events / Vulnerabilities in 2018, 2017, 2016, 2015, 2014

Here is a list of  top vulnerabilities found since 2015, which I am still working on to compile them together. It will come from different sources and includes those which I believe it is worth taking a note here.


2018

  1. Jan 3,  Spectre and Meltdown vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
  2. Jan 29,  Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability
  3. Mach 20, Facebook's privacy scandal - The Guardian revealed that the personal data of 50 million Facebook profiles was illegally harvested by Cambridge Analytica.


Saturday, March 17, 2018

Gartner Magic Quadrant for Security Awareness Computer-Based Training (2017,2016,2015,2014)

IT research and advisory firm Gartner, Inc. has evaluated different vendors in the Magic Quadrant for Security Awareness Computer-Based Training (CBT). Gartner’s evaluation criteria includes market understanding, marketing strategy, sales strategy, product strategy and offering, business model, vertical/industry and geographic strategy, and innovation.

What is security awareness computer-based training?
End-user-focused security education and training is a rapidly growing market. Demand is fueled by the needs of security and risk management leaders to help influence the security behaviors of people. People impact security outcomes much more than any technology, policy or process. Interactive computer-based training (CBT) is a central component of a comprehensive security education and behavior management program. It is a mechanism for the delivery of a learning experience through computing devices, such as laptop computers, tablets, smartphones and Internet of Things (IoT) devices. The focus and structure of the content delivered by CBT vary, as do the duration of individual CBT modules and the type of computing endpoints supported. The market for CBT for security awareness is characterized by vendor portfolios that include ready-to-use, interactive software modules. These modules are available as internet-based services or on-premises deployments.


2017

Thursday, February 22, 2018

Installation and Configuration of Sophos Enterprise Console 5.1 in your Networks - 2. Configuration

Continue with previous post "Installation and Configuration of Sophos Enterprise Console 5.1 in your Networks - 1. Installation"


Steps: 
After the installation of the Sophos Enterprise Console you had logged off.
Now you logged in and the Console starts automatically.
This Windows will appear:


image001


Installation and Configuration of Sophos Enterprise Console 5.1 in your Networks - 1. Installation

This post is a detail documentation how to install Sophos Enterprise Console 5.1 in your networks.


Pre-Requirements:
  1. copy the Sophos Enterprise Console to the Server (ProdInstall\Sophos\Sophos Console\sec_5.1.exe)
  2. check if you are able to connect to the infrastructure server like this: http://IP Server:8085
  3. A webpage like this should be shown to you:



Tuesday, February 20, 2018

OWASP Top 10 (2010, 2013, 2017)

The Open Web Application Security Project (OWASP) is a non-profit organization dedicated to providing unbiased, practical information about application security. 
The OWASP Top 10 Web Application Security Risks was created  in 2010, 2013 and  2017 to provide guidance to developers and security professionals on the most critical vulnerabilities that are commonly found in web applications, which are also easy to exploit. These 10 application risks are dangerous because they may allow attackers to plant malware, steal data, or completely take over your computers or web servers.
Meeting OWASP Compliance Standards usually is the First Step Toward Secure Code.


Tuesday, February 6, 2018

Gartner Magic Quadrant for Endpoint Protection Platforms (2018,2017,2016,2015)

Research firm Gartner defines the Endpoint Protection Platform (EPP) market as one with offerings that "provide a collection of security capabilities to protect PCs, smartphones and tablets," which it said could include anti-malware, personal firewall, port and device control, and more.

The endpoint protection platform provides a collection of security capabilities to protect PCs, smartphones and tablets. Buyers of endpoint protection should investigate the quality of protection capabilities, the depth and breadth of features, and the ease of administration. The enterprise endpoint protection platform (EPP) is an integrated solution that has the following capabilities: anti-malware, personal firewall, port and device control. EPP solutions will also often include: vulnerability assessment, application control and application sandboxing, enterprise mobility management (EMM), typically in a parallel nonintegrated product, memory protection, behavioral monitoring of application code, endpoint detection and remediation technology full-disk and file encryption, also known as mobile data protection, endpoint data loss prevention (DLP).

2018

Symantec , Sophos and Trend Micro are in leaders quadrant. ESET is in Challengers.



Thursday, December 7, 2017

Cisco IOS Internet Key Exchange version 1 (IKEv1) Vulnerability and Fix

Cisco IKEv1 is still popular in VPN configuration. Most of my vpn configuration is based on IKE v1 although there are more demands for v2.  I had a post "Cisco Router IKE v2 Site to Site IPSec VPN Configuration" to quickly show what the difference is between v1 and v2, and how to do v2 configuration.  Recently some vulnerabilities scan tools raised a red flag to my IKE v1 configuration.

Symptoms 

There is IKE v1 vulnerability found and it lists severity level high.


Saturday, August 12, 2017

NSS Labs NGFW Security Value Map Report (2017, 2016, 2014, 2013, 2012, 2011)


It is good to compare with Gartner Magic Quadrant for Enterprise Network Firewall (2017, 2016, 2015, 2014, 2013, 2011, 2010) or Gartner Magic Quadrant for UTM (2017, 2016, 2015, 2014, 2013, 2012, 2010,...)

End users are finding that NGFWs are no longer as limiting in their performance or capability trade-offs as they once were. NSS Labs discovered that many enterprises are choosing NGFW over traditional firewalls for a variety of reasons without feeling that they are compromising on features or performance. Some NGFW solutions scale to tens of gigabits which satisfies the needs of all but the most demanding enterprise WAN connections.

NSS Labs regularly released NGFW Security Value Map™, Comparative Analysis Reports, and Product Analysis Reports.  These results help guide security professionals in the enterprise to make informed decisions when evaluating the many offerings in the industry.

NSS Labs designed the test to focus on the following four areas:
  •     Security effectiveness
  •     Performance
  •     Stability
  •     Total Cost of Ownership (TCO)
2017
June 06, 2017 (GLOBE NEWSWIRE) -- NSS Labs, Inc., the global leader in operationalizing cybersecurity, announced the results of its Next Generation Firewall (NGFW) Group Test.


Monday, July 24, 2017

Gartner Magic Quadrant for Enterprise Network Firewall (2017, 2016, 2015, 2014, 2013, 2011, 2010)

Based on Gartner's definition, the enterprise network firewall
" is composed primarily of purpose-built appliances for securing enterprise corporate networks. Products must be able to support single-enterprise firewall deployments and large and/or complex deployments, including branch offices, multitiered demilitarized zones (DMZs) and, increasingly, the option to include virtual versions for the data center. Customers should also have the option to deploy versions within Amazon Web Services (AWS) and Microsoft Azure public cloud environments. These products are accompanied by highly scalable (and granular) management and reporting consoles, and there is a range of offerings to support the network edge, the data center, branch offices and deployments within virtualized servers and the public cloud. "

Here is the difference from UTM appliance, which  UTM approaches are suitable for small or midsize businesses (SMBs), but not for the remainder of the enterprise market.

2017 Gartner Magic Quadrant for Enterprise Network Firewalls



2017 Gartner Magic Quadrant for Enterprise Network Firewalls