Thursday, December 27, 2018

VanDyke SecureCRT Usage Tips and Tricks

VanDyke SecureCRT provides  IT pros a very user-friendly client to manage command line devices and SSH hosts with. Connecting to devices securely is one thing, and there are other products that can achieve this goal, but with SecureCRT, multiple connections can be managed in tabs to allow you to work between sessions without changing windows.

Here are some my favourite settings to customize SecureCRT:
1. Edit Default Settings for terminal Emulation
If you are using Linux devices, please choose Linux as your Terminal. For network / security devices, use VT100 will be best choice.

I also like to set Scrollback Buffer to 5000. If you choose ANSI color, the appearance color will be depending on the color codes sent by the remote application.


Ubuntu Basic Configuration Commands


1. Update / Upgrade Commands
  • sudo apt-get update : In a nutshell, apt-get update doesn't actually install new versions of software. Instead, it updates the package lists for upgrades for packages that need upgrading, as well as new packages that have just come to the repositories.
  • sudo apt-get upgrade : will fetch new versions of packages existing on the machine if APT knows about these new versions by way of apt-get update. An update must be performed first so that apt-get knows that new versions of packages are available.
  • sudo apt-get dist-upgrade: will do the same job which is done by apt-get upgrade, plus it will also intelligently handle the dependencies, so it might remove obsolete packages or add new ones. 

Note: we can combine commands with && signs, such as:
  • sudo apt-get update && sudo apt-get dist-upgrade

Monday, December 24, 2018

Gartner Magic Quadrant for SIEM Products (2018,2017,2016,2015,2014,2013,2012,2011...)

Gartner defines SIEM as a technology that aggregates data produced by security devices, network infrastructure and systems, and applications. Products in the security information and event management (SIEM) market analyze security event data and network flow data in real time for internal and external threat management. They collect, store, analyze and report on log data for incident response, forensics and regulatory compliance. Vendors in this space are continually improving threat intelligence and security analytics. Companies are looking to adopt this technology in order to detect threats and breaches, and by compliance needs. Early breach discovery requires effective user activity, data access and application activity monitoring.

Companies placed by Gartner in the Leaders Quadrant have been the most successful in building an installed base and establishing a revenue stream from the SIEM market. Leaders also typically have a high share of the market and high revenue growth. They've also demonstrated superior vision and execution for emerging and anticipated requirements of the market. What's more, they've garnered positive customer feedback for their SIEM products, as well as service and support of those products. 

2018
There are three new vendors (Dell, Exabearn and Securonix) and four existing vendors (IBM, Splunk, LogRhythm, McAfee) in Leaders quadrant. 

Wednesday, December 19, 2018

Proofpoint Wombat Security Awareness Training - Phishing Campaign Step by Step

Wombat ThreatSim® Phishing Simulations are an excellent addition to any security awareness training program, particularly those focused on fighting phishing attacks. Wombat ThreatSim Phishing Simulations serivce has SaaS-based interface which makes it easy to deliver simulated phishing emails and customizable Teachable Moments, which display targeted "just-in-time teaching" messages to individuals who fall for a phishing test.ThreatSim’s customizable email templates address three key testing factors: attachments, embedded links, and requests for personal data. Based on Wombat site, no one else in the industry can offer multiple templates in one campaign, random scheduling of emails to spread out delivery, along with Auto-Enrollment into targeted training if an employee falls for an attack.

This post is a quick step by step guide how to create a basic Phishing Campaign hosted from Wombat ThreatSim platform.

Log into Wombat Security Education Platform and Click ThreatSim -> Phishing Campaigns

Tuesday, December 18, 2018

Ubuntu 16.04.5 LTS (Xenial Xerus) Installation Step by Step in VMWare Workstation (Not Easy Installation)


1. Ubuntu16.04 Installation
1.1 VMware Workstation Virtual Machine Creation for not easy installation
If you are using VMware workstation , by default, system will do easy installation for you, which means all settings will be automatically entered by VMware Workstation. You wont need to provide too much or any information during installation process. We are not going to use this method in this post. We just choose  the option "I will install the operating system later" to skip easy installation.

YouTube Video:
Easy Install vs Non Easy Install

Expose your local service to public: Ngrok, FRP, localtunnel

For many IT workers remotely involved with networking, it is quite common to need to expose your Intranet application to the outside world in a secured manner. Unfortunately, we work most of the time from private IP networks, be that at the workplace, at home or at the coffee shop. The router(s) or firewall (s) that stands between our workstation and the internet makes it harder to expose a local socket to the outside. Most of the time, this is preferable for security.

A couple of solutions you can choose now:
1. Change your router / firewall configuration to do port forwarding or NAT from public to your application. But in many cases, you wont be able to make that changes or you even do not have that options.
2. Tunneling services : either self hosting or cloud services such as:
  • Ngrok
  • FRP 
  • Localtunnel
This post is going to explore some of tunneling services I am using.


Ngrok

Setup & Installation
1. Download ngrok
ngrok is easy to install. Download a single binary with zero run-time dependencies. There are following versions available to download : WinodwsMac OS X Linux Mac (32-bit) Windows (32-bit)Linux (ARM) Linux (32-bit) FreeBSD (64-Bit)FreeBSD (32-bit)

Gartner Magic Quadrant for Unified Threat Management (2018,2017,2016,2015,2014,2013,2012,...)

Gartner defines the unified threat management (UTM) market as multifunction network security products used by small or midsize businesses (SMBs) (< 1000 employees).


2018 Gartner Magic Quadrant for Unified Threat Management Report
For leaders quadrant, no changes since 2015. Fortinet, Check Point and Sophos are in there.

Gartner Magic Quadrant for Enterprise Network Firewall (2018,2017,2016,2015,2014,2013,2011,2010)

Based on Gartner's definition, the enterprise network firewall " is composed primarily of purpose-built appliances for securing enterprise corporate networks. Products must be able to support single-enterprise firewall deployments and large and/or complex deployments, including branch offices, multitiered demilitarized zones (DMZs) and, increasingly, the option to include virtual versions for the data center. Customers should also have the option to deploy versions within Amazon Web Services (AWS) and Microsoft Azure public cloud environments. These products are accompanied by highly scalable (and granular) management and reporting consoles, and there is a range of offerings to support the network edge, the data center, branch offices and deployments within virtualized servers and the public cloud. "

Here is the difference from UTM appliance, which  UTM approaches are suitable for small or midsize businesses (SMBs), but not for the remainder of the enterprise market.


2018 Gartner Magic Quadrant for Enterprise Network Firewalls
Cisco comes back to Leaders quadrant again. Palo Alto, Fortinet and Check Point are still doing well as Leaders.