Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Wednesday, August 8, 2018

Symantec Diagnostic Tool - SymDiag Usage Guide

The Symantec Diagnostic Tool (SymDiag) is a multi-product, multi-language diagnostic, and security analysis utility. SymDiag is provides self-help support for Symantec product technical issues, zero-day threat analysis, best practice recommendations, and proactive services to customers. If you require further assistance, SymDiag lowers the level of effort and increases efficiency by automating data gathering and support case submission.

SymDiag support most of popular OS including Windows, Linux and Mac. SymDiag supports the following Symantec products:
  • Advanced Threat Protection (Linux)
  • Data Center Security Management Server
  • Data Loss Prevention 11.0 and later
  • Encryption Powered by PGP
  • Endpoint Encryption
  • Endpoint Protection 11.0 and later*
  • Endpoint Protection Small Business Edition (.Cloud)
  • Endpoint Protection Cloud
  • Mail Security for Microsoft Exchange 6.5.2 and later*
  • Messaging Gateway
  • Protection Engine
  • Unified Agent
  • VIP Access


In order to generate a Symantec Endpoint Protection support package. In order to perform this, the following steps must be completed as follows,

n  Download the SymDiag tool from the following URL

Friday, July 20, 2018

NSS Labs NGFW Security Value Map Report (2018, 2017, 2016, 2014, 2013, 2012, 2011)


The NGFW is the first line of defense to protect against today’s evolving threats and is a critical component of any defense-in-depth strategy.  The NSS Labs NGFW test methodology has evolved from the previous testing to reflect the threat landscape and therefore, this latest testing includes SSL inspection.  This is an important key test factor because most vendors see huge performance impacts when SSL is turned on, preventing them from publishing SSL performance on their datasheets.  With the expanded use of secure sockets layer (SSL)/transport layer security (TLS) in the traffic traversing the modern network, an NGFW must be able to inspect encrypted content. NSS Labs evaluated firewall products with 190 different evasion techniques, more than 2,000 exploit tests and throughput tests.

NSS Labs regularly released NGFW Security Value Map™, Comparative Analysis Reports, and Product Analysis Reports.  These results help guide security professionals in the enterprise to make informed decisions when evaluating the many offerings in the industry.

NSS Labs designed the test to focus on the following four areas:
  •     Security effectiveness
  •     Performance
  •     Stability
  •     Total Cost of Ownership (TCO)

2018

Security Value Map™ Next Generation Firewall (NGFW) April 30, 2018
Products Tested
• Barracuda Networks F600.E20 v6.1.1-071
• Check Point Software Technologies 13800 NGFW Appliance vR77.20
• Cisco ASA 5585-X SSP-60 v5.4.0.3
• Cisco FirePOWER Appliance 8350 v5.4.0.3
• Cyberoam – Cyberoam CR2500iNG-XP v10.6.3
• Dell SonicWALL SuperMassive E10800 SonicOS Enhanced v6.0.1.13-177o
• Forcepoint Stonesoft Next-Generation Firewall 1402 v5.8.5
• Fortinet FortiGate 3200D v5.2.4, build 5069
• Hillstone Networks SG-6000-E5960 v5.5 SG6000-M-2-5.5R1P2.2
• Huawei Technologies USG6650 vV500R001C00SPC010T
• Juniper Networks SRX5400E JUNOS Software Release 12.3X48
• Palo Alto Networks PA-7050 v6.0.11-h1
• WatchGuard Technologies XTM 1525 v11.9.4 build 486684

Friday, July 13, 2018

Check Your Site Vulnerability if Listing on Bounty Site.

As long as your web application published on Internet, one day it will face the hackers scanning. There is no 100% security and you always want to find out the vulnerability first before it can be exploited. There are many bounty programs online to attract hackers to search those vulnerabilities and publish out, also notify web master. Open Bug Bounty is one of them and probably most popular one.

1. Open Bug Bounty Website
Started in June 2014, Open Bug Bounty is a non-profit platform designed to connect security researchers and website owners in a transparent, respectful and mutually valuable manner. Open Bug Bounty’s coordinated vulnerability disclosure platform allows any security researcher reporting a vulnerability on any website as long as the vulnerability is discovered without any intrusive testing techniques and is submitted following responsible disclosure guidelines.

Sunday, July 8, 2018

Sumuri Paladin 7 Forensics Suite Basic Usage

PALADIN is a bootable forensic Linux distribution based on Ubuntu and is developed and provided as a courtesy by SUMURI. The boot process has been modified to assure that the internal or external media of computers and devices are not modified or mounted. PALADIN is available as an ISO which can be used to make a bootable DVD or USB. Once booted, the user will find a host of pre-compiled open-source forensic tools that can be used to perform various tasks.


Boot Sumuri Paladin Live Session into Forensics Mode:
1_forensic_mode
Boot Screen

Monday, June 11, 2018

Steps to Troubleshoot an Infected Computer

Today received a report from user, computer is slow and seems have been infected with unknown virus or malware. No special symptoms except slow.

1. Check task manager and resource monitor

There is a process smss.exe which description is "Microsoft ? Console Based Script Host " using almost 75% CPU all the time.

From task manager, I found system was rebooted a couple of hours ago at very early morning and user was not around.

Also, no matter how you ended this process, it will come back in 10 seconds and take your CPU away and use about 4M your memory.



Tuesday, April 17, 2018

Install OpenVAS on Ubuntu


OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The framework is part of Greenbone Networks' commercial vulnerability management solution from which developments are contributed to the Open Source community since 2009.

1. Install dependencies

OpenVAS Virtual Appliance / GreenBone Installation

OpenVAS Framework
The GSM Community Edition is a derivate of the GSM ONE and allows a quick and easy option on Windows, Linux or Mac to give the solution a trial. No particular know-how is needed.
In contrast to the commercial solution the Community Feed instead of the Greenbone Security Feed is used. Also some management functions like for TLS certificates are not included. Feed updates happen on a regular basis, but the system itself can not be updated. The commercial version can be updated seamless and also includes access to the Greenbone Support.
The Community Edition as well as the GSM ONE are designed for use with a laptop. The full feature set for a vulnerability management process (schedules, alarms, sensors) are only available with the bigger GSM models (see here for an overview) and can be obtained from Greenbone as an evaluation unit.

1. OpenVAS / GreenBone Installation Video




Saturday, April 14, 2018

Metasploit Installation on Windows 7 and 10

The Metasploit Framework (MSF) is far more than just a collection of exploits. It’s an infrastructure that you can build upon and utilize for your custom needs. This allows you to concentrate on your unique environment, and not have to reinvent the wheel. I consider the MSF to be one of the single most useful auditing tools freely available to security professionals today. From a wide array of commercial grade exploits and an extensive exploit development environment, all the way to network information gathering tools and web vulnerability plugins, the Metasploit Framework provides a truly impressive work environment.

1. Installation on Windows 7
Youtube Video:



Kali Virtual Appliance Installation and Usage

Kali Linux is the world’s most powerful and popular penetration testing platform, used by security professionals in a wide range of specializations, including penetration testing, forensics, reverse engineering, and vulnerability assessment. It is the culmination of years of refinement and the result of a continuous evolution of the platform, from WHoppiX to WHAX, to BackTrack, and now to a complete penetration testing framework leveraging many features of Debian GNU/Linux and the vibrant open source community worldwide.

Kali Linux has not been built to be a simple collection of tools, but rather a flexible framework that professional penetration testers, security enthusiasts, students, and amateurs can customize to fit their specific needs.
1. Installation Kali Virtual Appliance


Thursday, February 22, 2018

Installation and Configuration of Sophos Enterprise Console 5.1 in your Networks - 2. Configuration

Continue with previous post "Installation and Configuration of Sophos Enterprise Console 5.1 in your Networks - 1. Installation"


Steps: 
After the installation of the Sophos Enterprise Console you had logged off.
Now you logged in and the Console starts automatically.
This Windows will appear:


image001


Installation and Configuration of Sophos Enterprise Console 5.1 in your Networks - 1. Installation

This post is a detail documentation how to install Sophos Enterprise Console 5.1 in your networks.


Pre-Requirements:
  1. copy the Sophos Enterprise Console to the Server (ProdInstall\Sophos\Sophos Console\sec_5.1.exe)
  2. check if you are able to connect to the infrastructure server like this: http://IP Server:8085
  3. A webpage like this should be shown to you:



Tuesday, February 20, 2018

OWASP Top 10 (2010, 2013, 2017)

The Open Web Application Security Project (OWASP) is a non-profit organization dedicated to providing unbiased, practical information about application security. 
The OWASP Top 10 Web Application Security Risks was created  in 2010, 2013 and  2017 to provide guidance to developers and security professionals on the most critical vulnerabilities that are commonly found in web applications, which are also easy to exploit. These 10 application risks are dangerous because they may allow attackers to plant malware, steal data, or completely take over your computers or web servers.
Meeting OWASP Compliance Standards usually is the First Step Toward Secure Code.


Tuesday, February 6, 2018

Gartner Magic Quadrant for Endpoint Protection Platforms (2018,2017,2016,2015)

Research firm Gartner defines the Endpoint Protection Platform (EPP) market as one with offerings that "provide a collection of security capabilities to protect PCs, smartphones and tablets," which it said could include anti-malware, personal firewall, port and device control, and more.

The endpoint protection platform provides a collection of security capabilities to protect PCs, smartphones and tablets. Buyers of endpoint protection should investigate the quality of protection capabilities, the depth and breadth of features, and the ease of administration. The enterprise endpoint protection platform (EPP) is an integrated solution that has the following capabilities: anti-malware, personal firewall, port and device control. EPP solutions will also often include: vulnerability assessment, application control and application sandboxing, enterprise mobility management (EMM), typically in a parallel nonintegrated product, memory protection, behavioral monitoring of application code, endpoint detection and remediation technology full-disk and file encryption, also known as mobile data protection, endpoint data loss prevention (DLP).

2018

Symantec , Sophos and Trend Micro are in leaders quadrant. ESET is in Challengers.



Thursday, December 7, 2017

Cisco IOS Internet Key Exchange version 1 (IKEv1) Vulnerability and Fix

Cisco IKEv1 is still popular in VPN configuration. Most of my vpn configuration is based on IKE v1 although there are more demands for v2.  I had a post "Cisco Router IKE v2 Site to Site IPSec VPN Configuration" to quickly show what the difference is between v1 and v2, and how to do v2 configuration.  Recently some vulnerabilities scan tools raised a red flag to my IKE v1 configuration.

Symptoms 

There is IKE v1 vulnerability found and it lists severity level high.


Sunday, April 17, 2016

Real-Time Cyber Attack Threat Map

More and more security companies use a webpage to show their monitored global security events such as the  Live Status of Cyber Attacks being launched from where and who is the target of that attack. It is become interesting by watching those websites. Actually those are not games but actually happening globally.


1.  Kaspersky CYBERTHREAT REAL-TIME MAP



Sunday, March 20, 2016

Ransomware Locked Files on My Test Machine

One of my test machines which I am using to download and test software from Internet was hit by Ransomware recently.

Check out what it did to my machine.

In most computer folders including c driver and d driver, even on the desktop, there are three following files which obviously is from hackers who is asking for money to decrypt your files.:
  • +REcovER+gdqvd+.txt
  • +REcovER+gdqvd+.html
  • +REcovER+gdqvd+.png
 

Tuesday, March 8, 2016

How Firewalls (Security Gateways) Handle the Packets? (Traffic Flow)






Different firewall (security gateway) vendor has different solution to handle the passing traffic. This post compiles some useful Internet posts that interpret major vendors' solutions including:
1. Checkpoint
2. Palo Alto
3. Fortigate
4. Cisco
5. Juniper
6. F5



1. Checkpoint Firewall Packets Flow:

Here is official Check Point R77 Packet Flow Diagram from sk116255 updated April 2017:


Note: Checkpoint can define destination NAT happens at client side (default) or server side. Source NAT always at outbound, and ACL is checked before NAT. More details are on SK85460

Monday, February 8, 2016

Gartner Magic Quadrant for Mobile Data Protection (2015, 2014, 2013, 2012, 2011..., 2006)

According to Gartner, "Mobile Data Protection (MDP) systems and procedures are needed to protect business data privacy, meet regulatory and contractual requirements, and comply with audits." Additionally, "Most companies, even if not in sensitive or regulated industries, recognize that encrypting business data is a best practice."

2015

Magic Quadrant for Mobile Data Protection Solutions 2015

Monday, December 21, 2015

Information Security Tools

I listed some of my favorite and useful Internet websites and IT tools in previous post which has been used in my daily IT life. There are some network security related tools I am also using in my IT life environment. This post is a just summaize for those tools and also I am trying to extend this list to add more later.
PDCA Methodology
  • Benchmarks / Hardening Policies
  • Security/Malware/Vun Scanning
  • Packets Capturing and Analysing Tools
  • TCP/UDP Tools
  • Integrity Check
  • Penetration Test Tools
  • Proxy Software
  • Network Automation Tools
  • Threat Intelligence Tools
  • Encryption Tools
  • Antivirus/AntiMalware
  • Firewall Management Tools
  • HoneyPot
  • IP Reputation Lookup
  • Forensic Tools
  • Threat Hunting Tools

Thursday, March 26, 2015

Troubleshooting Java HTTPS Security Warning Message

One of our Internal Website is always having a Security Warning message when using Internet Explorer https to it, but this message is not showing when using Google Chrome.

Symptoms:

As following screenshot shows, a pop-up window will ask you "Do you want to Continue? The connection to this website is untrusted".
 Click More Information link:
 The Warning message will warm you a Risk;