Cyber Security Help

I can't get my forwarders to send data to my indexers for some reason! I've checked my inputs.conf on both universal forwarders and then ran a "list forward-server on each" and they both are reporting back the following:

Active forwards: None
Configured but inactive forwards: None

I've triple checked my monitor stanzas and they are good to go. Permissions on the inputs.conf are wide-open on both UF's and the Search Head (which I am currently using as my deployment server). Any help would be greatly appreciated!

1 Comment

Become a Certified Penetration Testing Engineer

LVL 13

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

Does FedRamp actually offer a Certification/Accreditation for their training course? Is there an actual exam that you have to take at the end?

3 Comments

Question by

Arsalan Akhtar

2019-09-02Solved

sandboxing.

please guide me what are the things i should consider for a sandboxing solution. can sandboxes be integrated with any email/ web gateway solution ?

Cyber Security

2 Comments

I want to create a lab environment for testing threat traffic logs so that we can identify threat patterns and anomalies within those logs. Once we have identified "a threat" or signature of one, we can then use that information to write up a case scenario. What would be the best way to set this up? This test environment would need to virtualized and segmented. What would be the best way to receive these traffic logs? From the outside while keeping them maintained in a controlled environment?

1 Comment

Is there a way to emulate threat traffic in a controlled environment? We would then use this information for common use cases. I was thinking anything along the lines that could include log files that could give an indication of different attack signatures. This method is obviously safer than injecting a virus on a test box and then introducing it to a customers network. Any suggestions are GREATLY APPRECIATED!

2 Comments

Hi Experts,

This is only my second post, and I have a curly question.

Regarding my website's security:
The website/portal is created using PHP 7.2.x with MySQL 5.x database
While I have allowed only authorised users to access a portal to upload images (to a specific directory), how do I stop user/s from uploading to directories outside the specified directory?

Background:
My site is currently under review by a cybersecurity team for vulnerabilities, and I've noticed they have uploaded an image file to my server root folder, and then also uploaded the same image and changed the extension to .php... *gasp*!!

So, before they provide me with the full list of vulnerabilities, I'd like to get a head start on this particular security issue (as it's clearly a major issue).

The site is hosted with a professional web hosting company, so I seriously would "assume" (though that is dangerous in these times with so many cybercriminals about) there is sufficient server controls in place to stop unauthorised access (other than with FTP) to directories.

Hopefully I can learn more on this asap to mitigate any issues that have potential to cause me unnecessary late night.

Regards,
MB :)

8 Comments

Q1:
I'm making comparison for IPS brands that give the most virtual patches
for various CVEs for MS (Windows, Outlook, .Net, MS SQL, IIS & MSOffice) ,
Oracle (Weblogic, Database, Java, Solaris), Linux (various Linux esp RHEL,
Ubuntu, Debian, CentOS used in microservices) & a couple Opensource
softwares (eg: PHP, Apache, Struts, Wordpress).

Reason is it's difficult to get downtime & lead time to patch can often
stretch to almost a year. Currently, Trendmicro claims its Deep Security
is endorsed by MS as giving the most virtual patches for MS products.

Q2:
What about TippingPoint NIDS (acquired by Trendmicro) in terms of
its number of virtual patches for various products above?

Q3:
What about other products (esp coverage for Oracle & Linux-related ones)?
McAfee, Checkpoint, Sophos, ... ?

Q4:
Also, continued availability of obsolete versions of softwares are crucial
for us as we have a long lead time to tech refresh obsolete (ie principals/
developers don't release patches for it anymore) softwares.

Q5:
There's an argument that ultimately product patch still need to be applied?
What could be the possible reasons for these? Heard that for NIDS, if
PCs got infected/compromised, the attacker could bypass NIDS & WAF to
attack the unpatched endpoint servers. Guess an IPS with agent inside
the endpoint will mitigate, right?

7 Comments

We have 40 computers that are Win 7. The end-of-life is in January 2020. All security updates will stop. How critical of a concern is this for our companies security?

We are non-profit so this will be a huge expense if I have to replace them.

11 Comments

just had two sites fail pci compliance tests with certificate errors on sonicwall tz180. trustwave does the scans and this is what they said: The server should be configured to disable the use of the deprecated SSLv2, SSLv3, and TLSv1.0 protocols. The server should instead use stronger protocols such as TLSv1.1 and/or TLSv1.2. For services that already support TLSv1.1 or TLSv1.2, simply disabling the use of the SSLv2, SSLv3, and TLSv1.0 protocols on this service is sufficient.
i have no idea how to do what they said. any help is really appreciated. thanks

15 Comments

hi guys

I'm thinking of ways in which we could educate our staff when it comes to the actual threats of security through emails like phishing.

However, if I wanted to send out reminders frequently like every fortnight, then I'm wondering what sort of content could be covered in order to not become monotonous?

Have you seen this done at firms you've worked at? If so, are there any tips?

Thanks for helping
Yash

8 Comments

Starting with Angular 5

LVL 13

Learn the essential features and functions of the popular JavaScript framework for building mobile, desktop and web applications.

LVL 4

Question by

pma111

2019-07-02Solved

cyber trends and priorities of controls/defences.

Are there any useful documents/articles that are routinely issued/upgraded which show specific trends in cyber attacks for say the past 2-3 years, and for any major cyber attacks that hit the news – what the root cause of the vulnerability that was exploited was? i.e. what the cyber criminals are targeting nowadays, and what the relevant controls are to protect against those, assuming they could be protected against, e.g. a relevant patch applied?

I was also interested in identifying the primary/priority security defences, or at least coming up with some form of priority checklist of what to assess in what order when it comes to security. I appreciate on larger networks/infrastructure security must be an absolutely mammoth effort, and any single vulnerability on any device could be your downfall, but there must be some form of precedence in terms of priority of cyber controls when self-assessing your cyber/security defences, so my question to you is - where exactly would you start, and do any of the guidelines out there put cyber controls/defences in order of importance/priority, I assume they must do, but quite which articles/guidelines is an unknown to me.

If you were doing an independent review of your security/cyber defences, what order would you start in, e.g. the absolutely bare minimums, and then onto the second tier of
defences, 3rd etc. If there are no such guidelines, your own view on this would be equally as interesting.

1 Comment

traveling abroad and using a VPN. hi, security teams preach using a VPN tunnel when traveling abroad to secure your traffic but is actually happening via a WiFi connection w VPN? what makes it more “secure”. what VPN app from the App Store work? is my sonicwall VPN from my house sufficient?

22 Comments

LVL 1

Question by

Quarm

2019-06-19Solved

Trickbot removal

We have a system with around sixty computers and three servers and we are infected with the trickbot virus. We have taken everything offline and cleaned a number of computers but when we add another computer to the network now even though we think the computer is clean it and the other computers become inflected again. We use Sophos but that doesn't seem to fix it.

We are looking for some advice on the best way to deal with this nasty virus

Thanks in advance

6 Comments

I'm looking for some yardsticks/benchmark on the % of staff who clicked
(on the malicious link) during a phishing/Social engrg exercise.

Above what % (10%, 20%, 30% or ?%) of staff in an organization who clicked
on it, then it's considered as bad (ie the organization is deemed to have
failed & will need remedial/reinforcement training)?

7 Comments

LVL 19

Question by

*** Hopeleonie ***

2019-05-15SolvedPrivate

SharePoint CVE-2019-0604

Hi

We have customers that cannot patch SharePoint as quickly as possible. So I have some questions:

1) How high do you measure this vulnerability, since attacks can be done remotely?
2) Do we have a temporary possibility to reduce the risk without patching?
3) If yes, what would you recommend me? (Is there a way to block ports etc. ?)

Thank you in advance

6 Comments

Hello Gurus ,

Could you please share any reference sites for me to understand cybersecurity technologies such as Threat Hunting , EDR etc

Regards,
Aaron

Cyber Security

3 Comments

LVL 1

Question by

Chanaka Srinuwan

2019-05-02SolvedPrivate

Penetration test (internal)

I would like to process an internal penetration test. Is there any recommended website ? a typical site has only 1-2 WAN IPs and 100 end points ?

Many thanks,
Chanaka

2 Comments

LVL 19

Question by

*** Hopeleonie ***

2019-04-25SolvedPrivate

Questions about CVSS Scoring System

Hi

I would like to know your opinion on the following questions:

1) What are the contras of the CVSS Scoring System, compared to many other systems?
2) Where did you hit limits while working with CVSS Scoring System?
3) What must be considered in which scenarios?

Thanks a lot for your feedback.

4 Comments

In the past I had a Gmail/Yahoo account, nonetheless companies seem to collect more and more personal information without paying or telling the person each time they are taking it and rarely clearly state it's uses. I don't care if the government looks at my data, but am concerned about unforseen consequences; such as it being easier for a scammer to trick me cause they have more info on me or a criminal buying my data and knowing when I am away from a crowd so they can commit a crime etc.,

I was wondering if getting a web domain through a service like 'godaddy' and forming my own email would be the best way to prevent 3rd party data collection?

8 Comments

Fundamentals of JavaScript

LVL 13

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

LVL 5

Question by

SR Zak

2019-04-05SolvedPrivate

Security test types

Dear experts,

One of my clients is working with Cyber security company and I want to get some idea.

What is the difference between the PENTEST and Vulnerability test?
What test should I perform on the servers
what type of test should I perform on the workstation and laptops.

3 Comments

I only find Docker benchmark at CIS site.

is docker equivalent of container or is there a separate container hardening guide?

21 Comments

Experts,

This question relates to cyber security and service side code execution.

In many cases I read about a vulnerability that allows an attacker to upload files. However, how do they get the file to execute? Normally it is mentioned as "vulnerability allowed for attacker to upload and execute the malicious payload". I would see uploading and being able to tell the server to execute it as two separate functions that require two separate exploits. Thoughts?

3 Comments

LVL 19

Question by

*** Hopeleonie ***

2019-03-15SolvedPrivate

Which Threat Artifacts are important when a system is compromised?

Hallo Experts

I would like to collect the following Threat Artifacts from a compromised Windows System:

Routing-, ARP- & Process tables

Memory

Temporary files

Relevant data from storage media

What would you collect? Is there any best practice from NIST or anyware?

Thanks a lot

5 Comments

LVL 19

Question by

*** Hopeleonie ***

2019-03-15SolvedPrivate

Searching a tool to collect Threat Artifacts

Hallo Experts

For our Security Operations Center (SOC), we are searching for a tool that can collect “Threat Artifacts”. When I worked with McAfee in the past, they used GetSusp to collect information about undetected malware on their computer.

We are searching for a similar tool that we can use in the network to collect information remotely. What would you recommend us? It would be nice, if the tool would work on Windows & Linux, albeit this is not a must.

Thanks a lot

6 Comments

Our Internet Surfing Segregation (one of those Secure Browser product/solution like
Menlo, Authentic8, Fireglass) recommended us to put a proxy.pac (Proxy Auto Config)
file in a webserver.

This proxy.pac will be pointed to by IE, Chrome, Firefox so that when users launch
these browsers, proxy.pac will launch this vendor's secure browsers when users
browse sites that are not in the 'whitelist' (ie trusted sites).

This is a Garrison product (garrison.com) : I thought of placing this proxy.pac file
in a corporate shared drive so that in browsers, we can set in the proxy config
script as file://c:/folder/proxy.pac but IE11 doesn't support this file location
anymore (tho Chrome & Firefox still do).

Was advised by garrison that it's best to put in web server so that in IE11, can
specify as http://...website.com/proxy.pac but our corporate site is hosted in
a Cloud: don't think the Cloud provider (AWS) allows us to deposit a file in an
SaaS model.

What other ways other than setting up a webserver? I do have a Solaris web
server that acts as ClamAV depository (local mirror) that runs httpd : what
are my best option?

2 Comments

Cyber Security

Related Topics

Cyber Security

Related Topics