Sunday, April 7, 2019

Deploy Symantec Endpoint Encryption 11.2.1 and Configure SEE to Encrypt Client Machines

Symantec Endpoint Encryption protects sensitive information and ensures regulatory compliance. It encrypts all files on the hard drive, sector-by-sector, for maximum security. It supports Windows, Mac, tablets, self-encrypting drives, and removable media (USB drives, external hard drives, and DVDs).

I had a chance to install it in my lab environment for a testing. This post is kind of recording all steps including all mistakes I had made, especially in the YouTube video.


1. Pre-Installation System Requirements:

1.1 OS Requirements

  • Microsoft Windows Server 2016 Datacenter, with updates
  • Microsoft Windows Server 2016 Standard, with updates
  • Microsoft Windows Server 2012 R2 Datacenter, with updates
  • Microsoft Windows Server 2012 R2 Standard, with updates
  • Microsoft Windows Server 2008 R2 Enterprise SP1 (Deprecated in SEE 11.2.1 MP1)
  • Microsoft Windows Server 2008 R2 Standard SP1 (Deprecated in SEE 11.2.1 MP1)

Saturday, April 6, 2019

Basic Steps to Deploy and Config Symantec DLP 15.5 with Installation Videos


I were working on Symantec DLP project and had some experience with it. This post is going to review what I have been done and how I managed to install it in my home lab environment. It will not be alike a step by step installation tutorial since Symantec documents have explained details enough. It mostly high level lists all related steps. But I recorded my screen with what I have done and what kind of issues I have met , and how I resolved it. All are in those YouTube videos for future references, which will be helpful if you have same lab project for Symantec DLP products.

The Symantec Data Loss Prevention suite is designed to meets the needs of large enterprises, as well as small and medium-sized enterprises. The product covers a variety of areas, including endpoint data in use, network data in transit, and files and databases at rest. Symantec Data Loss Prevention addresses on-premises, mobile and cloud data and can be deployed on both physical servers -- Windows Server, Red Hat Enterprise Linux and others -- and cloud infrastructures, such as AWS.


1. Download Installation Files from Symantec File Connect

You will need a Serial Number to download all DLP related software from Symantec File Connect web site : https://symantec.flexnetoperations.com/control/symc/registeranonymouslicensetoken


Wednesday, March 27, 2019

Create a Free Tier Windows Virtual Machine in Azure


Azure free tier provides following free services for 12 months after one month for your free $200 credit:

  1. 750 hours B1S VM Linux and Windows Virtual machines
  2. 64GB x 1 Storage - 2 P6 SDDs
  3. 5 GB File Storage
  4. 250 GB SQL DB
  5. 15 GB Bandwidth (Data Transfer)
  6. etc


Saturday, March 23, 2019

Windows 10 Tweaks, Tips and Tricks

Here are some simple but effective windows tweaks, tips and tricks to streamline your windows computing experience. Here are list of my collections (still keep adding):
1. Fix High CPU Usage by Windows Software Protect Service (Sppsvc.exe)
2. Install Telnet Client
3. Check System Uptime
4. Hiding Windows Folder
5. 上帝模式一键开启
6. 历史问题一目了然 (Reliability Monitor)
7. 一Click锁定电脑 Other than WIN+L
8. 常用程序快捷启动
9. 快速以管理员方式启动程序
10. 无盘符分区,保护/访问两相宜
11. 双击任意窗口的最左上角都能关闭该窗口
12. Ctrl+Alt+Del=Ctrl+Shift+Esc to open Task Manager
13. Issue: Microsoft Office can't find your license for this application or Windows is not activated
14. Windows 10 Battery Report
15. RDP Port Change to TCP 443
16. Windows 10 Defaultuser0 password Issue

Tuesday, March 12, 2019

Install Portainer to Manage Containers - Nginx, MySQL, WordPress

Portainer is a lightweight management UI which allows you to easily manage your different Docker
environments (Docker hosts or Swarm clusters). It is meant to be as simple to deploy as it is to use. It consists of a single container that can run on any Docker engine (can be deployed as Linux container or a Windows native container). Portainer allows you to manage your Docker containers, images, volumes, networks and more !


1. Installation in CentOS / Ubuntu
1.1 CentOS 7/Debian 9

Here is an easiest way to install docker into your CentOS / Debian system. It is just one command:

sudo -i
yum -y update
curl -sSL https://get.docker.com/ | sh

Friday, March 1, 2019

VPS Bench Comparison for AWS, Azure and Google Cloud (Free Tier & Regular Tier)


In this post, I am put all of following topics together
  • Benchmark free services for AWS, Azure, GCP
  • Another bench script
  • Benchmark regular size VM on AWS, Azure, GCP
  • How to find out what kind of hypervisor your cloud virtual machine is using?

Benchmark Free Services for AWS, Azure, GCP
All of AWS, Azure and Google Cloud are providing some kind of free tier to the users. I am always wondering how those free tier VPS performance looks like. I did some bench work to test them out.

Here is the method and result.

I am going to use some bench scripts found from github and running them through the same size VM created on AWS, Azure and GCP. It will benchmark their CPU, Disk IO, network throughput


Wednesday, February 20, 2019

Sysinternals Tool Sysmon Usage Tips and Tricks

Microsoft Sysinternals tool Sysmon is a service and device driver, that once installed on a system, logs indicators that can greatly help track malicious activity in addition to help with general troubleshooting.
Sysinternals from Web Browser:

Basic Sysmon Usage commands:

Installation:
sysmon -i -accepteula [options]
  • Extracts binaries into %systemroot%
  • Registers event log manifest
  • Enables default configuration

Tuesday, February 19, 2019

Forwarding Windows Event Logs to Syslog Server (Kiwi Syslog)

Centralizing your logs saves time and increases the reliability of your log data, especially for Windows machines. When Windows log files are stored locally on each server, you have to individually log into each one to go through them and look for any errors or warnings. It’s possible for a Windows server to forward its events to a “subscribing” server. In this scenario the collector server can become a central repository for Windows logs from other servers in the network.There are many ways you can forward your windows event logs to a centralized log server. You can use event log forwarding feature which was introduced in Windows Server 2008. Event log forwarding brought forth a native and automatic way to get events from multiple computers (event sources) into one or more machines called collectors. Another option is to use third party software, such Solarwinds Free Event Log Forwarder for Windows

In this post, I am going to introduce another free software , Eventlog to Syslog. The Eventlog to Syslog utility is a program that runs on Microsoft Windows NT class operating systems monitoring the eventlog for new messages. When a new message appears in the eventlog, it is read, formatted, and forwarded to a UNIX syslog server.

1. Install Syslog Server - Kiwi Syslog Free Version
1.1 Download the Kiwi Syslog Daemon from the Kiwi from Download address: https://thwack.solarwinds.com/community/free-tools-and-trials
1.2 Run the Kiwi Syslog Daemon executable file to launch the installation program. Follow the instructions in the installation wizard to install the Kiwi Syslog Daemon as a service.
1.3 Once the Kiwi Syslog Daemon is installed, start the program to start the Syslog Daemon.