Thursday, April 19, 2018

Gartner Magic Quadrant for Access Management (2017,2016,2015 )


Today’s businesses require secure 24/7 access to their cloud applications and data, and require more than Web Single Sign-On to propel their business forward. The world has changed, allowing an almost infinite number of identities and accounts on different platforms and devices including cloud, mobile, social, and personal networks. Having an identity and access management strategy in place is more important than ever.



2017 
Gartner recently named following vendors as  a leader in its first “Magic Quadrant for Access Management, Worldwide 2017.”

  • Microsoft
  • Okta
  • CA Technologies
  • Oracle
  • IBM
  • Ping Identity





Wednesday, April 18, 2018

Gartner's Magic Quadrant for Public Cloud Infrastructure Managed Services Providers (2018, 2017)

What are Public Cloud Infrastructure Managed Service Providers?

Public cloud infrastructure as a service (IaaS) delivers compute, storage and network resources in a self-service, highly automated fashion. The leading public cloud IaaS providers also offer platform as a service (PaaS) capabilities and other cloud software infrastructure services as part of an integrated IaaS+PaaS offering

This Gartner magic quadrant report analyzed vendors in the market and states that “a public cloud infrastructure managed service provider (MSP), in the context of this Magic Quadrant, is an MSP that offers managed services and professional services related to infrastructure and platform operations for one or more hyperscale integrated infrastructure-as-a-service (IaaS)+platform-as-a-service (PaaS) providers.”

2018
Three Vendors are in Leaders Quadrant:
  • Accenture
  • Cloudreach
  • Rackspace
This is the second consecutive year in which Accenture was recognized as a Leader in the Gartner report.

Tuesday, April 17, 2018

Install OpenVAS on Ubuntu


OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The framework is part of Greenbone Networks' commercial vulnerability management solution from which developments are contributed to the Open Source community since 2009.

1. Install dependencies

OpenVAS Virtual Appliance / GreenBone Installation

OpenVAS Framework
The GSM Community Edition is a derivate of the GSM ONE and allows a quick and easy option on Windows, Linux or Mac to give the solution a trial. No particular know-how is needed.
In contrast to the commercial solution the Community Feed instead of the Greenbone Security Feed is used. Also some management functions like for TLS certificates are not included. Feed updates happen on a regular basis, but the system itself can not be updated. The commercial version can be updated seamless and also includes access to the Greenbone Support.
The Community Edition as well as the GSM ONE are designed for use with a laptop. The full feature set for a vulnerability management process (schedules, alarms, sensors) are only available with the bigger GSM models (see here for an overview) and can be obtained from Greenbone as an evaluation unit.

1. OpenVAS / GreenBone Installation Video




Saturday, April 14, 2018

Metasploit Installation on Windows 7 and 10

The Metasploit Framework (MSF) is far more than just a collection of exploits. It’s an infrastructure that you can build upon and utilize for your custom needs. This allows you to concentrate on your unique environment, and not have to reinvent the wheel. I consider the MSF to be one of the single most useful auditing tools freely available to security professionals today. From a wide array of commercial grade exploits and an extensive exploit development environment, all the way to network information gathering tools and web vulnerability plugins, the Metasploit Framework provides a truly impressive work environment.

1. Installation on Windows 7
Youtube Video:



Kali Virtual Appliance Installation and Usage

Kali Linux is the world’s most powerful and popular penetration testing platform, used by security professionals in a wide range of specializations, including penetration testing, forensics, reverse engineering, and vulnerability assessment. It is the culmination of years of refinement and the result of a continuous evolution of the platform, from WHoppiX to WHAX, to BackTrack, and now to a complete penetration testing framework leveraging many features of Debian GNU/Linux and the vibrant open source community worldwide.

Kali Linux has not been built to be a simple collection of tools, but rather a flexible framework that professional penetration testers, security enthusiasts, students, and amateurs can customize to fit their specific needs.
1. Installation Kali Virtual Appliance


Tuesday, April 3, 2018

Free DNS Server 1.1.1.1 and 1.0.0.1 (from CloudFlare) - Fastest and Easiest to Remember

Google free DNS server 8.8.8.8 and 8.8.4.4 has been used by me for many years, since it is decent fast and also easy to remember. But now Cloudflare just announced their DNS server 1.1.1.1 and 1.0.0.1 on April 1st 2018.

Here is their comparison diagram with other free public DNS server providers.



Not only fastest, Cloudflare pledged that it will not write your ip to the disk and not keep your tracking data long, it will purge all logs within 24 hours. How cool is this privacy focus feature? Definitely, I will give it more try later if there is any need to use a public DNS server.