Saturday, April 14, 2018

Kali Virtual Appliance Installation and Usage

Kali Linux is the world’s most powerful and popular penetration testing platform, used by security professionals in a wide range of specializations, including penetration testing, forensics, reverse engineering, and vulnerability assessment. It is the culmination of years of refinement and the result of a continuous evolution of the platform, from WHoppiX to WHAX, to BackTrack, and now to a complete penetration testing framework leveraging many features of Debian GNU/Linux and the vibrant open source community worldwide.

Kali Linux has not been built to be a simple collection of tools, but rather a flexible framework that professional penetration testers, security enthusiasts, students, and amateurs can customize to fit their specific needs.
1. Installation Kali Virtual Appliance


Tuesday, April 3, 2018

Free DNS Server 1.1.1.1 and 1.0.0.1 (from CloudFlare) - Fastest and Easiest to Remember

Google free DNS server 8.8.8.8 and 8.8.4.4 has been used by me for many years, since it is decent fast and also easy to remember. But now Cloudflare just announced their DNS server 1.1.1.1 and 1.0.0.1 on April 1st 2018.

Here is their comparison diagram with other free public DNS server providers.



Not only fastest, Cloudflare pledged that it will not write your ip to the disk and not keep your tracking data long, it will purge all logs within 24 hours. How cool is this privacy focus feature? Definitely, I will give it more try later if there is any need to use a public DNS server.


Thursday, February 22, 2018

Installation and Configuration of Sophos Enterprise Console 5.1 in your Networks - 2. Configuration

Continue with previous post "Installation and Configuration of Sophos Enterprise Console 5.1 in your Networks - 1. Installation"


Steps: 
After the installation of the Sophos Enterprise Console you had logged off.
Now you logged in and the Console starts automatically.
This Windows will appear:


image001


Installation and Configuration of Sophos Enterprise Console 5.1 in your Networks - 1. Installation

This post is a detail documentation how to install Sophos Enterprise Console 5.1 in your networks.


Pre-Requirements:
  1. copy the Sophos Enterprise Console to the Server (ProdInstall\Sophos\Sophos Console\sec_5.1.exe)
  2. check if you are able to connect to the infrastructure server like this: http://IP Server:8085
  3. A webpage like this should be shown to you:



Tuesday, February 20, 2018

OWASP Top 10 (2010, 2013, 2017)

The Open Web Application Security Project (OWASP) is a non-profit organization dedicated to providing unbiased, practical information about application security. 
The OWASP Top 10 Web Application Security Risks was created  in 2010, 2013 and  2017 to provide guidance to developers and security professionals on the most critical vulnerabilities that are commonly found in web applications, which are also easy to exploit. These 10 application risks are dangerous because they may allow attackers to plant malware, steal data, or completely take over your computers or web servers.
Meeting OWASP Compliance Standards usually is the First Step Toward Secure Code.


Monday, February 12, 2018

Configure a RMA-ed SRX340 with a JunOS Upgrade and Joining it into a Existing Cluster

My previous post (Juniper SRX DB mode (Debug mode)) described a situation which is one of firewall cluster members got stuck into DB mode. Although it was fixed eventually by re-installed image, it was still failed again after a couple of months.

RMA ticket created with vendor Juniper and a new device was issued by Juniper. This post recorded all steps how to configure this new device and re-joined it back into existing cluster.

The all steps are quite straightforward. You may meet some file transferring issues or connectivity issues, but as long as you know your environment enough, those will be easily resolved if you followed all steps listed below.

Similar posts are in this  blog:

Notes: before let new cluster member join into existing cluster, please make sure one thing:
Disable IDP feature on existing Chassis cluster. Else your new cluster member will fail to join into existing cluster  and get into disabled mode. Fabric interface will show down status because new cluster member could not take your IDP configuration since it does not have IDP license and Signature Database.

Tuesday, February 6, 2018

Gartner Magic Quadrant for Endpoint Protection Platforms (2018,2017,2016,2015)

Research firm Gartner defines the Endpoint Protection Platform (EPP) market as one with offerings that "provide a collection of security capabilities to protect PCs, smartphones and tablets," which it said could include anti-malware, personal firewall, port and device control, and more.

The endpoint protection platform provides a collection of security capabilities to protect PCs, smartphones and tablets. Buyers of endpoint protection should investigate the quality of protection capabilities, the depth and breadth of features, and the ease of administration. The enterprise endpoint protection platform (EPP) is an integrated solution that has the following capabilities: anti-malware, personal firewall, port and device control. EPP solutions will also often include: vulnerability assessment, application control and application sandboxing, enterprise mobility management (EMM), typically in a parallel nonintegrated product, memory protection, behavioral monitoring of application code, endpoint detection and remediation technology full-disk and file encryption, also known as mobile data protection, endpoint data loss prevention (DLP).

2018

Symantec , Sophos and Trend Micro are in leaders quadrant. ESET is in Challengers.