Thursday, November 15, 2018

ArcSight SIEM Logger Web Gui and Search Tips and Tricks

ArcSight Logger is one of products from Micro Focus SIEM platform. It  streams real-time data and categorizes them into specific logs and easily integrates with Security Operations. As a result, organizations of any size can use this high performance log data repository to aid in faster forensic analysis of IT operations, application development, and cyber security issues, and to simultaneously address multiple regulations.

Summary




Saturday, November 10, 2018

Configure Cisco Enterprise Access Point 1142N As Home AP

Early of 2018, I got a chance to buy a Cisco Wireless Access Point with only $30, which is a great deal for AIR-LAP1142N-x-K9 - Dual-band Controller-based 802.11a/g/n. It is not 802.11ac ready AP, but as a replacement for my home wireless router, it is already enough.

Since this device is enterprise product, the configuration is not that straightforward, even after read some Cisco documents, it is still quite cumbersome to understand.

After a couple of hours working on it, I managed to bring both 2.4G and 5G radio up and set up two SSID for both radios. Here are my steps (Simplest steps to follow) with screenshots and video:

Monday, October 29, 2018

Security Events and Data Breaches in 2018, 2017, 2016, 2015, 2014

World's Biggest Data Breaches
Thanks to Lewis Morgan, social media manager at IT Governance. He has compiled this list by month and year since 2014, might be earlier. What I did is to put his month or year list into my this post and count the numbers for leaked records which some of them were missing from original post.

Here are leaked records numbers since 2014:

Thursday, October 25, 2018

Gartner Magic Quadrant for the Wired and Wireless LAN Access Infrastructure (2018, 2017, 2016, 2015, 2014, 2013, 2012, 2011, 2010)

Gartner’s Magic Quadrant for Wireless LAN Infrastructure has been released for a couple of years. This post listed all reports found from Internet since 2010. If you are not familiar with this research publication or Gartner, please see graphic below. Gartner places vendors in one of four quadrants – Leaders, Visionaries, Niche Players and Challengers based on their score system.

2018

Gartner has named Cisco, Aruba (HPE), and Extreme Networks as the leader in the Magic Quadrant for Wireless LAN Infrastructure on July 2018.

Gartner Magic Quadrant for Intrusion Detection and Prevention Systems (2018, 2017, 2015, 2013, 2012, 2010 ...)

According to Gartner, “The network intrusion prevention system market has undergone dynamic
evolution, increasingly being absorbed by next-generation firewall placements. Nextgeneration
IPSs are available for the best protection, but the IPS market is being pressured by the uptake of
advanced threat defense solutions.

This Magic Quadrant focuses on the market for stand-alone IDPS (IDP / IPS) appliances; however, IDPS capabilities are also delivered as functionality in other network security products. Network IDPSs are provided within a next-generation firewall (NGFW), which is the evolution of enterprise-class network firewalls, and include application awareness and policy control, as well as the integration of network IDPSs (IDP / IPS)

2018
Gartner has named McAfee (StoneSoft), Cisco (SourceFire), Trend Micro as a Magic Quadrant Leader in 2018 for Intrusion Detection and Prevention Systems (IDPS). (In 2013, McAfee acquired Stonesoft, and Cisco acquired Sourcefire. In 2015, Trend Micro acquired HP TippingPoint at $300M.)



Tuesday, October 23, 2018

Threat Modeling Resources

This post is to collect Internet resources regarding threat modeling. There are some other similar posts regarding Threat Intelligence and Threat hunting. Search my blog you will find more.


Threat Modeling Methodologies for IT Purposes
Conceptually a threat modeling practice flows from a methodology. Numerous threat modeling methodologies are available for implementation. Based on volume of published online content, the four methodologies discussed below are the most well known.


Saturday, October 20, 2018

Install Latest Splunk 7.2.0 on Ubuntu 18.04 LTS at Google Cloud Platform

Installing Splunk 7.2.0 into Ubuntu is super easy. I had a video to introduce how to install Splunk in a windows server in my previous post. This time, I am going to present an installation process for Splunk 7.2.0 installed into Ubuntu 18.04.  Ubuntu is running on Google Cloud Platform.

1. Create a new Ubuntu 18.04 LTS VM from GCP ->Computer Engine -> VM Instance




Wednesday, October 17, 2018

Canada CRA Email / Message Scam Example and Phone Call Scam Fraud Recording 2018

One of the top scams happening in Canada is CRA Scam, also called Income Tax Scams. Over $5 million was lost to income tax scams in 2017. The Canada Revenue Agency (CRA) is warning Canadians to be careful of emails, voice mails, even mail claiming to be from the CRA. These are phishing scams that could result in identity thefts. Email scams may also contain embedded malware, or malicious software, that can harm your computer and put your personal information at risk of compromise. The CRA does not email Canadians and request personal information.

Recently, I collected some of real samples happened to me from those scammers.

1. CRA Email Scam

I got an email from a email address starts with CRA-NoticeSecured-Taxinfo, with an attachment inside. But it actually from some weird domain aprobacion.x7.io. The email says Canada Revenue Agency has sent you an INTERAC e-Transfer with amount $782.57.