Cyber Security

638

Solutions

947

Contributors

The cyber security specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. cyber security focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against the harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi All,

I am seeking your help on the below situation. Please advise me well defined solution to proceed further.I am  also looking for any documents/Workflows/PPT for references.

Objective :

•      Human errors are happening because of  using elevated privileged access
•      Excess rights given to L1 and L2 teams to perform the tasks
•      Accessing production environment with privileged rights, when is not needed /working on non prod environment
•      Usage of Privileged access on prod environment for non admin tasks, leading to human error

Current Status:

•      We have Verified few  projects internally they are using Tool Based PAM (Privileged Access management) Solution and defined process  
•      Most of the Projects don’t have tool based solution and all support team have privileged Access, few projects have role based access implemented and Few projects have
        customized solution for access management for specific towers like (Windows,Unix,Storage).

Target Status (or) Solution needed :  

•      We are looking for standard role based Access Management-PAM solution with Native Tools.


Thanks in Advance.
Madan.
0
CompTIA Security+
LVL 13
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

The spam filter my client uses is great at blocking spoofed emails, for example the ones from gmail that are common. Today an email got through that was spoofed but it used the same domain of my client. I haven't seen this in the past where the domain name is spoofed also, for example

Example of what I've seen:
- Envelope Sender (spoofed email): actual clients email address, client@clientdomain.com
- Message ID (actual email): spoofedemail@gmail.com

What happened just now:
- Envelope Sender (spoofed email): actual clients email address, client@clientdomain.com
- Message ID (actual email): spoofedemail@clientdomain.com

I verified the sending IP address is not coming from my clients email server and there aren't any bugs or breaches showing up.  I've never seen the @clientdomain.com spoofed before. Any light that can be shed on this is much appreciated.
0
I want to ensure the integrity of the value that is set in a session will remain valid throughout the user's interaction with the site.

Can a session value be changed from the client-side?
0
I have some security industry certifications, CEH, Palo Alto, Comptia CASP and security + and wanted to know what GIAC certs are most marketable.  I understand that this will also be affiliated with what my present position is and what my future position will be as well...
But I wanted to, in general, know which GIAC cert is most valuable. My current position is at a SOC for a financial company where I do security operations.  I'm also enrolled in a MS for cybersecurity as well.

Thanks for your input.
0
I have the following network and wanted to get your opinion, from a security/network point of view as to what is wrong and what to do about it.security issue
1
Gurus ,

have you evaluated XDR Cortex Product from PaloAlto ? How does it compare with Cylance or Microsoft EDR

Regards,
SID
0
Hello,

We just started working on our compliance program and I am looking to create a process for continuous mapping of the security controls and systems.

I am looking for an example process or a feedback on what would be a good start. We would like to start simple and then expand down the road.

Thanks!
0
I wanted to know what are some upcoming security conferences for the remaining year.  IE..blackhat….RSA...
Maybe some Artificial Intelligence / Machine Learning conferences pertaining to security, if any.
Maybe some financial and mortgage security training...
0
Need a password manager utility which can perform the following listed tasks in an environment where computers are not managed via centralized windows Active Directory (In other words all PCs are managed in a standalone manner i.e. each user is responsible for his/her PCs password):

1. Automatic password expiration reminders to the users.
2. Enforce company password guidelines when a new password is being created or an existing password is expired and the user needs to create a new password.
3. Have a central repository and an admin GUI for the admin to use.

This is for a small company of 10 to 15 employees, just be clear this is from the stand point of Security Controls implementation.

Advice and guidance will be appreciated.
0
Need suggestions on anti-virus software for a private network that has no outside access to the internet.  I have about 75 clients either joined to the domain or just connected to the network for printing purposes only.  The OS platforms range from Win2000, XP, 7 and 10.  It is impossible for me to go out and update the virus definition files on every client on a daily basis.  Is there an AV software that could run from a server and scan the clients daily w/o being installed on every client?
0
Become a Certified Penetration Testing Engineer
LVL 13
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

Hi,

Does anyone have a sample Cyber Security Policy for a Small to Medium size organization ?

And whats the difference between a general IT policy and a cyber security policy.

Regards,
IT
0
Hi ..

how can I categorize ?
how can I organize ?
how can I grouping the information security functions/tasks or responsibilities ?

At the moment in my organization, there is three department relevant to information security, belong to IT sector :
1- Security Operation technical Systems (firewall, AntiVirus, Mail security, PenTest, Patch Management)
2- Business Continuity ( IT services continuity, BCM, BIA, ISO22301)
3- IT Governance ( ITIL ,Polices and Procedures, ISO27001,Auditing )

Top management direct me to create new department outside IT sector which reports to CEO directly, the name will be Cyber Security, aimed to be independent in-order to ensure what related to information security matters are fine and works properly and adequately.
What are the roles (functions) should be handled by this new department, the Cyber Security ?
In other word, what are the tasks that have to be moved form three sections (up) to the new department ?  

Typically, What are all Information security functions (areas)  that any Enterprise has to ensure are covered and in place ? so I can organize and match every function to the relevant section of the four:
1- Cyber Security section (outside IT sector)
2- IT Governance section (inside IT sector)
3- IT security Operation (inside IT sector)
4- Business Cont-unity section (inside IT sector)

Hope my issue is clear :)
0
what we would like to see to assess the security implications of  proposed  use services that are available in Azure/AWS but not yet included in the FedRAMP authorization boundary?
0
Dear Experts, I got this issue with Dell Sonicwall:

----------------------------------------------------------------
~~ SonicWALL Email Security Alert (9.0.5.2079) ~~
----------------------------------------------------------------

[Summary: A flood has been noticed in outbound traffic from
        user ID (mallikarjun.k@xxxxxx)]

Details: 
    Host Name: gw.xxxxxx.com
    Description: Number of messages sent from email ID
        (mallikarjun.k@xxxxxxx) in the scheduled
        interval  has exceeded the flood protection
        threshold.

Time Stamp: 
    Local Time: Mon Oct 22 13:00:01 2018
    GMT:        Mon Oct 22 06:00:01 2018

Additional Information: 
    Recommended Action: User's machine may have been affected.
        Please check for zombies.
    Alert Configuration Page: https://gw.xxxxxx.com:443/virus_config.html?bound=1&hopto=virus_config.html%3Fbound%3D1
    General Alert Settings: https://gw.xxxxxx.com:443/settings_monitoring.html?hopto=settings_monitoring.html

Open in new window


The mail server is Exchange 2016 on Win 2012R2, AV is Kaspersky.

We tried:
- Disable this email account
- Reinstall app, format all devices of users which installed email
- Create a rule in Transport settings in ECP to block email from this account

BUT we still receive this notification each 15 mins from the Sonicwall. Can you please suggest?
0
Let's say you reserved a domain at one of the reputable registrars.  You don't link it with the hosting account yet, just own it.  The registrar automatically creates nice landing page for it.  This means that they created a valid DNS zone file for your domain name, which includes an A record pointing at the web server hosting the landing page, bunch of CNAME records pointing at their www., pop., imap., etc. servers.  However, this is only a zone file for a landing page, so MX record may or may not be there and SPF record typically is not there.  Now, a company like Security Scorecard scans registrar's records and finds that this specific domain name belonging to your company.  The domain name doesn't have SPF record - negative points, has associated IMAP service - negative points, the landing page doesn't enforce HTTPS protocol - negative points.  All you did was reserved yourself a domain name, but that scored negatively against your company cyber security or, as they call it,  digital footprint reputation.

This leads me to the question directed to people familiar with Security Scorecard, or such like, services  - what is the best way to avoid owned parked domain having adverse effect on the Security Scorecard report?  Is the private registration the way to go?  Or, perhaps, setting invalid address for the DNS server authoritative to that domain, e.g 1.2.3.4?  That way the scanner will not get any response at all.  Or, maybe it is better to set the authoritative DNS …
0
I am getting the following error message in the event log each time it's restarted.
This is a Windows 2016 Hyper-V Host.  There's no virtual machines on it yet, this is a brand new install:

Log Name:      System
Source:        Microsoft-Windows-Kernel-Boot
Date:          9/7/2018 7:48:33 AM
Event ID:      124
Task Category: None
Level:         Error
Keywords:      (70368744177664)
User:          SYSTEM
Computer:      HostName.Domain.com
Description:
The Virtualization Based Security enablement policy check at phase 0 failed with status: The object was not found.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Kernel-Boot" Guid="{15CA44FF-4D7A-4BAA-BBA5-0998955E531E}" />
    <EventID>124</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000400000000000</Keywords>
    <TimeCreated SystemTime="2018-09-07T12:48:33.163793600Z" />
    <EventRecordID>6108</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="8" />
    <Channel>System</Channel>
    <Computer>hostname.domain.com</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="Phase">0</Data>
    <Data Name="Status">3221226021</Data>
  </EventData>
</Event>
0
Hello everyone! I hope you are all doing well.  I've been looking at a few Single Sign on services provider. Centrify and Azure to name a few. Any other reliable and easy to setup Single Sign on services with excellent support? I have to add about 12 different cloud apps and wanted to make sure I can find one that perhaps will support us through the implementation process since some of the apps are not common.
0
I am considering running openVPN on a linode and setting UFW to only accept connections from that IP Address. Would this be good security? I realize it may be redudent with Fail2Ban but I'm hungover today doing sys admin stuff and thought about doing this.

I'm a Cyber Security student but I haven't gotten to any major classes yet so I really don't know if this is a good idea or not.
0
My sonicwall is dropping my connection from a second subnet. I understand why, as it is identifying this 96... ip address as a WAN on the LAN. However I just simply want to allow all traffic from that IP to get through. How would I go about configuring the sonicwall?

I tried disabling IP Spoof Checking from the diag.html page, but it refuses to save and only says "there were no changes made".

01/15/2018 12:07:25.640      Alert      Intrusion Prevention      IP spoof dropped      96.67.165.X, 49873, X1      209.63.225.X, 80, X1      

Thanks!
0
Amazon Web Services
LVL 13
Amazon Web Services

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Twice in the past month our static IP has been flagged by the CBL as hosting malware. The CBL provides the source and destination IP but we have not been able to capture ANY traffic from our network to the destination IP provided. Here is what the CBL gave us:

Detection Information Summary
Destination IP	146.148.124.166
Destination port	443
Source IP	[xxx.xxx.xxx.xxx]
Source port	16997
C&C name/domain	kemonzura.gdn
Protocol	TCP
Time	Tue Dec 26 18:15:27 2017 UTC

Open in new window


The source IP is set on our WAN interface on our firewall (Sonicwall) and packet capture on the Sonicwall shows no outbound traffic to the destination IP. We port mirrored the switch port where the WAN port is connected on the switch and ran Wireshare against it and still no packets destined for the destination IP. We put a firewall rule in place to drop any packets destined for the destination IP and still we get listed.

In short, we have not been able to capture a single packet egressing our network and destined for the destination IP provided by the CBL. Is it possible to spoof the source IP? If so, how do you re-mediate?

We are thoroughly puzzled by this.

Below are the full results of the CBL lookup:

Results of Lookup
[redacted] is listed

This IP address was detected and listed 56 times in the past 28 days, and 13 times in the past 24 hours. The most recent detection was at Tue Dec 26 18:15:00 2017 UTC +/- 5 minutes

This IP address is infected with, or is NATting for a
0
This is a great video (however the links no longer work):
https://www.youtube.com/watch?v=Usydlsc2uWE
I need a real life example of IF someone clicks on a bad link via email or whatever avenue how the redirected website collects their credentials. Anyone have any good ones?

TIA!!
0
Hi Experts,

On our public-facing OWA server on IIS 7, we turned on IP Address and Domain Restriction. If from the log we detect any IP trying brute force to log into our Web Outlook interface, we will put the IP into "Deny Restriction Rule" in the hope that IP will be 'blocked', meaning not even able to get the login screen. Actually it seems to be a wishful thinking since we noticed one of the IP we already added in the 'Deny' list that particular ip still keeps showing up in the log and we can see it got the login form and then denied with sc-status 401-1.

My question is, it seems this feature does NOT "block" the IP from getting the login form, but instead simply "deny" their login request. Is it correct?
0
So here's the situation.

We got hit with cryptolocker and we managed to restore our files from backup but the techs forgot to delete the encrypted files first and we aren't 100% sure that the restore worked.
Now I have to verify that every single folder on our filesystem has the same # or greater # of unencrypted files than encrypted ones before I can mass delete the encrypted files.
Sounds simple, aside from the fact that it's several Terabytes of data and thousands of folders.

I need help to design a script (or find a tool) that will recursively scan through all the folders in our filesystem and perform the following logic:

If # '.locked' files into folder > # of != '.locked' files in folder > paste folder path into log file.
0
I'm seeing something in a SIEM that I can't seem to wrap my head around. I have an internet facing ASA that is configured to deny spoofed IP addresses (I don't manage these devices). Shortly after feeding syslog events from this device into the SIEM, I started seeing "Traffic from Tor Exit Node" and "Deny IP Spoof" events in the SIEM. I bring up both items as I'm not sure if they're related.

Anyway, when I look at "Traffic from Tor Exit Node" events where the source IP is the known Tor exit node (most of them), there is no corresponding destination IP address or destination port. I've crafted a few stories in my head involving nmap scans through Tor but I can't convince myself of anything I've come up with. Anyone have a plausible explanation?

Thanks,
TR
0
I'm tasked with providing an email solution for a Defense Dept. (.MIL) organization that allows DoD students to submit messages and forms  containing personally identifiable information (PII) from their personal email accounts usually with no encryption.

The customer's requirements calls for the student information to be archived and tracked on a server that resides on the DoD organizational network.

The solution must support DoD 8500.1 guidelines and applicable FIPS/NIST standards  for CyberSecurity and processing PII information.

Please see the attached spreadsheet listing the requirements. The highlighted boxes are the toughest challenges.

I am open to any and all suggestions including Intranet, DMZ, VPN ...etc
Requirements.xlsx
0

Cyber Security

638

Solutions

947

Contributors

The cyber security specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. cyber security focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against the harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.