Ransomware Response Procedures

Ransomware is a type of malicious software that encrypts your files and demands a ransom to restore them. It can cause serious damage to your data, your privacy and your finances. If you discover that your computer has ransomware, you need to act quickly and follow these 10 steps:

  1. Disconnect your computer from the internet and any other devices. This will prevent the ransomware from spreading to other machines or contacting its command-and-control server.
  2. Identify the type and variant of ransomware that infected your computer. You can use online tools such as ID Ransomware or other reputable sites to upload a ransom note or an encrypted file and get information about the ransomware.
  3. Check if there is a decryption tool available for the ransomware that infected your computer. Some security researchers and companies have created free tools that can decrypt some types of ransomware. You can find a list of such tools on various security-related websites, like Avast, Emsisoft, Kaspersky, McAfee, Trend Micro, or other solutions.
  4. If there is no decryption tool available, try not to pay the ransom. It may not be possible to recover the encrypted files, so you may feel the need to pay the ransom. Paying the ransom does not guarantee that you will get your files back, and it may encourage the attackers to target you again. Moreover, you may be breaking the law by funding criminal activity.
  5. Remove the ransomware from your computer. You can use an antivirus or anti-malware program to scan your computer and remove any traces of the ransomware. You may need to boot your computer in safe mode or use a bootable USB drive to run the scan.
  6. Restore your files from a backup, if you have one. The best way to recover from a ransomware attack is to have a backup of your important files that are stored offline or on a separate device. If you have such a backup, you can quickly restore your files after removing the ransomware from your computer.
  7. Change your passwords and enable multi-factor authentication. The ransomware may have stolen your credentials or installed a keylogger on your computer, so you should change your passwords for all your online accounts and enable multi-factor authentication where possible.
  8. Update your operating system and applications. The ransomware may have exploited a vulnerability in your software to infect your computer, so you should update your operating system and applications to the latest versions and apply any security patches.
  9. Educate yourself and others about ransomware prevention. The best way to avoid ransomware is to prevent it from infecting your computer in the first place. You should learn how to recognize phishing emails, avoid clicking on suspicious links or attachments, and use reputable security software.
  10. Report the incident to the authorities and seek professional help if needed. You should report the ransomware attack to the relevant authorities in your country or region, as they may be able to assist you or investigate the attackers. You should also seek professional help from a trusted IT expert or a security company if you need assistance with removing the ransomware or recovering your files.

5 Tips to Secure Digital Devices in High-Risk Situations

Traveling to a high-risk area can expose your electronic devices to hacking or data theft risks. Here are five recommended steps to secure your devices and protect your sensitive information.

  1. Back up your data before you travel – Make sure you have a copy of your important files and documents in a secure cloud service or an external hard drive. Don’t bring the backup to the risky area, which will help preserve a copy of critical data if your data so you can restore your data if your device is lost, stolen, or compromised.
  2. Encrypt your devices and use strong passwords – Encryption is a process that scrambles your data and makes it unreadable without a key or a password. You can encrypt your entire device or specific folders and files. Use a strong password that is hard to guess and different for each device and account. You can also use a password manager to store and generate passwords securely.
  3. Disable or remove unnecessary features and apps – Some features and apps on your devices can make you more vulnerable to hacking or data theft. For example, Bluetooth, Wi-Fi, GPS, and NFC can be used to track your location or access your data without your permission. Disable or remove these features and apps when you are not using them or when you are in a public place.
  4. Use a VPN and avoid public Wi-Fi networks – A VPN (virtual private network) is a service that creates a secure connection between your device and the internet. It encrypts your data and hides your IP address, making it harder for hackers or third parties to intercept or monitor your online activity. Avoid using public Wi-Fi networks, such as those in hotels, airports, or cafes, as they are often unsecured and can expose your data to hackers or malicious software.
  5. Be vigilant and cautious – The most important step to secure your devices is to be aware of the potential risks and take precautions to avoid them. Do not leave your devices unattended or lend them to strangers. Do not open suspicious emails or attachments or click on unknown links. Do not download or install software from untrusted sources. Do not enter sensitive information on websites that are not secure (look for the padlock icon and https in the address bar). If you notice any signs of hacking or data theft, such as unusual activity, pop-ups, or messages, disconnect from the internet and scan your device for malware.

Disabling or Uninstalling Unnecessary Services and Apps in Windows 10

Windows 10 is a powerful and versatile operating system that offers many features and functionalities. However, not all of them are necessary or useful for every user. In fact, some of the services and apps that come preinstalled or run in the background can pose security risks or slow down your system performance.

In this blog post, we will describe which unnecessary services and apps you should disable or remove from Windows 10 for security reasons. We will also explain how to do it safely and easily.

What Are Windows Services?

Windows services are programs that run in the background and provide essential functions for the operating system, such as networking, security, printing, etc. They usually start automatically when you boot up your computer and run until you shut it down.

What Are Windows Apps?

Windows apps are applications that you can install from the Microsoft Store or other sources. They are designed to work with the modern user interface of Windows 10 and offer various functionalities, such as games, productivity tools, social media, etc.

Why Should You Disable or Remove Unnecessary Services and Apps?

There are several reasons why you may want to disable or remove unnecessary services and apps from Windows 10:

  • Security – Some services and apps may have vulnerabilities that can be exploited by hackers or malware. For example, the Remote Desktop service can allow remote access to your computer if it is not configured properly. The Bluetooth service can expose your device to wireless attacks if you don’t use it. Some apps may also collect your personal data or display unwanted ads.
  • Performance – Some services and apps may consume a lot of system resources, such as CPU, RAM, disk space, etc. This can affect your system speed and responsiveness, especially if you have a low-end device or multiple programs running at the same time.
  • Privacy – Some services and apps may send your data to Microsoft or other third-party servers for various purposes, such as diagnostics, feedback, advertising, etc. This can compromise your privacy and expose your online activities to others.
  • Storage – Some services and apps may take up a lot of disk space on your device, especially if they are rarely used or updated. This can limit your available storage space for other files and programs.

Which Services and Apps Should You Disable or Remove?

Continue reading “Disabling or Uninstalling Unnecessary Services and Apps in Windows 10”

10 Steps to Securely Configuring Windows 10

Windows 10 is the most popular operating system in the world, but it also comes with some security risks. If you want to protect your data and privacy, you need to configure Windows 10 for security. Here are 10 steps you can follow to make your Windows 10 more secure.

  1. Update Windows 10 regularly – Windows 10 updates often include security patches and bug fixes that can prevent hackers from exploiting vulnerabilities in your system. To check for updates, go to Settings > Update & Security > Windows Update and click on Check for updates. If there are any available updates, install them as soon as possible.
  2. Use a strong password and a PIN – A strong password is one that is long, complex, and unique. It should include a mix of uppercase and lowercase letters, numbers, and symbols. A PIN is a four-digit code that you can use to unlock your device instead of typing your password. To set up a password and a PIN, go to Settings > Accounts > Sign-in options and choose Password and PIN. Make sure you don’t use the same password or PIN for other accounts or devices.
  3. Enable BitLocker encryption – BitLocker is a feature that encrypts your hard drive, making it unreadable to anyone who doesn’t have the right key. This can protect your data in case your device is lost, stolen, or hacked. To enable BitLocker, go to Settings > System > About and click on Device encryption. If your device supports BitLocker, you will see a Turn on button. Click on it and follow the instructions.
  4. Use Windows Defender Firewall and antivirus – Windows Defender Firewall is a feature that blocks unauthorized network connections, preventing hackers from accessing your device or data. Windows Defender antivirus is a feature that scans your device for malware and removes any threats. To use Windows Defender Firewall and antivirus, go to Settings > Update & Security > Windows Security and click on Firewall & network protection and Virus & threat protection. Make sure they are both turned on and up to date.
  5. Enable two-factor authentication – Two-factor authentication is a feature that adds an extra layer of security to your online accounts. It requires you to enter a code or use an app on your phone after entering your password, verifying your identity. To enable two-factor authentication, go to Settings > Accounts > Sign-in options and click on Security key or Windows Hello. Follow the instructions to set up your preferred method of two-factor authentication.
  6. Use a VPN service – A VPN service is a feature that encrypts your internet traffic, hiding your IP address and location from prying eyes. This can protect your privacy and security when you use public Wi-Fi or access geo-restricted content. To use a VPN service, you need to download and install a VPN app from the Microsoft Store or a trusted website. Then, launch the app and connect to a server of your choice.
  7. Disable unnecessary services and apps – Some services and apps that come with Windows 10 may not be essential for your needs, but they can consume resources and pose security risks. To disable unnecessary services and apps, go to Settings > Apps > Apps & features and click on the service or app you want to uninstall or modify. You can also go to Settings > Privacy and review the permissions that each app has access to.
  8. Use a secure browser and extensions – A secure browser is one that protects your online activity from trackers, ads, and malicious websites. A secure extension is one that enhances the functionality of your browser without compromising your security or privacy. To use a secure browser and extensions, you can choose one of the following options:
    • Use Microsoft Edge, which is the default browser for Windows 10. It has features like SmartScreen, Tracking Prevention, InPrivate mode, and Password Monitor that can improve your security and privacy.
    • Use Google Chrome, which is the most popular browser in the world. It has features like Safe Browsing, Incognito mode, Password Checkup, and Sync that can improve your security and privacy.
    • Use Mozilla Firefox, which is the most privacy-focused browser in the world. It has features like Enhanced Tracking Protection, Private Browsing mode, Lockwise, and Monitor that can improve your security and privacy.
  9. Backup your data regularly – Backing up your data is a feature that copies your files to another location, such as an external hard drive or a cloud service. This can protect your data from accidental deletion, corruption, or ransomware attacks. To protect your data regularly, go to Settings > Update & Security > Backup and click on Add a drive or Backup options. Choose where you want to store your backup files and how often you want to backup.
  10. Educate yourself on cyber threats and best practices – The most important feature for securing your Windows 10 is your own knowledge and awareness. You need to learn how to recognize and avoid common cyber threats, such as phishing, malware, or social engineering. You also need to follow best practices, such as using strong passwords, updating your software, and locking your device when not in use. You can find more information and tips on how to secure your Windows 10 on the Microsoft website or other reputable sources.

Free Download: SQL Server Management Studio 19.1


SQL Server Management Studio (SSMS) is an integrated environment for accessing, configuring, managing, administering, and developing all components of SQL Server. SSMS combines a broad group of graphical tools with a number of rich script editors to provide developers and administrators of all skill levels access to SQL Server.

The SSMS 19.x installation doesn’t upgrade or replace SSMS versions 18.x or earlier. SSMS 18.x installs side by side with previous versions, so both versions are available for use. However, if you have a preview version of SSMS 19.x installed, you must uninstall it before installing SSMS 19.1. You can see if you have the preview version by going to the Help > About window.

If a computer contains side-by-side installations of SSMS, verify you start the correct version for your specific needs. The latest version is labeled Microsoft SQL Server Management Studio 19

What’s new in 19.1

New ItemDetails
Azure Data Studio installation integrationThe installation of SSMS installs Azure Data Studio 1.44.
Always EncryptedAdded support for secure enclaves and in-place encryption in the Always Encrypted Wizard.
Azure SQL Managed InstanceIntroduced visibility to the status of the Distributed Transaction Coordinator (DTC) service for Azure SQL Managed Instance. Object Explorer can be used to determine if DTC is enabled on the Azure SQL Managed Instance (within the Management node).
Backup/RestoreAdded capability to restore backup files from S3-compatible storage to SQL Server 2022 and Azure SQL Managed Instance.
General SSMSUpdated File Version for ssms.exe to align with product version.
General SSMSRemoved deprecated hardware from the list of available service-level objects.
General SSMSChanged the system browser setting, within Tools > Options > Azure Services, to default to True. The external browser will be used, instead of the legacy embedded browser.
General SSMSRemoved Vulnerability Assessment from SSMS.
Link feature for Azure SQL Managed InstanceAdded Network Checker wizard, providing the capability to test the network connection and ports prior to creating the link.
Link feature for Azure SQL Managed InstanceAdded an advanced network troubleshooting capability within the existing link creation wizard. This provides the capability to troubleshoot network connectivity issues while link creation is in progress.
Object ExplorerRemoved script header text when selecting the top 1000 rows.
PowerShellAdded ability for users to choose the version of PowerShell to use when launched from SSMS.
PowerShellIntroduced more PowerShell options within Tools > Options > SQL Server Object Explorer > Commands.

Beginning with SQL Server Management Studio (SSMS) 18.7, Azure Data Studio is automatically installed alongside SSMS. Users of SQL Server Management Studio are now able to benefit from the innovations and features in Azure Data Studio.

Continue reading “Free Download: SQL Server Management Studio 19.1”

Technical Interview Questions

Technical interviews are an attempt by a hiring team to ask the correct questions of a candidate to determine if they would be a good technical fit for the open position.

These questions can sometimes uncover missing segments of knowledge that might identify opportunities for the candidate, or even disqualify the candidate for the open position. That is good information to know before you initiate the hiring process, but it can also help identify specific talents or abilities in a candidate that are above and beyond the minimum knowledge expected.

One of the obvious pitfalls of the technical interview is if the questioning turns into more of a trivia contest than a verification of expected knowledge.

One way to determine if a candidate knows how to solve a problem is to give them a problem and ask them to solve that problem during the interview. Sometimes the problem can be a specific technical issue, or a theoretical problem that is just to see if they can determine a simple solution using just the facts presented.

I have asked a simple question to candidates in the past that doesn’t really apply to the job opening they are applying for, but does provide insight into how they identify the issue, think through the possible answers, and provide them an opportunity to present their ideas.

Why is a manhole cover round?

You may never have thought of this question before, but why is a manhole cover round? You want the candidate to consider the possibilities and try to provide possible reasons for this design choice. It has nothing to do with the position they have applied for, but it will give a hiring manager an idea of how this person will respond to a problem that seems to come out of left field.

Do they think though the question or just respond with “I don’t know.” and quit? Have them speak about what they think about the question. Do they have an opinion about why they aren’t square, hexagon, or even oval in shape? Have they seen a manhole or know what they are used for in everyday life? Why do they think some manholes covers are not round?

Hopefully they can speak to possible reasons, which gives you the opportunity to ask how they would find a suitable response. If they just want to Google the answer, maybe ask them what else you might do to get a suitable answer if there isn’t a consensus on Google.

The possible correct answers are:

  • Manhole covers are round because it is the best shape to resist the compression of the surrounding soil.
  • Round manhole covers are easier to manufacture, move, and place than square or rectangular ones. The heavy covers can be easily rolled into position.
  • Manhole cover the size to fit the opening cannot fall through the circular opening, unlike other shapes. No one wants a 100-pound manhole cover dropping onto their head.
  • The cover doesn’t have to be aligned in any specific angle to be placed back onto the exposed manhole. Other shapes would require precise alignment.

Years ago, there was a candidate that guessed the covers are round because the men accessing the opening are also round. While this is funny, I don’t think that was a design consideration.

I hate interviews that turn into trivia contests, so I’d much rather be asked a tough question that allows me to show my ability to use my brain to find solutions instead of just demonstrating my ability to memorize technical trivia that anyone could easily look up.

Sources:
(1) Why Are Manhole Covers Round? | Mental Floss. https://www.mentalfloss.com/article/60929/why-are-manhole-covers-round.
(2) Why are manhole covers round? | Live Science. https://www.livescience.com/32441-why-are-manhole-covers-round.html.
(3) Why Are Manhole Covers Round? – ScienceABC. https://www.scienceabc.com/eyeopeners/why-manhole-covers-circular-not-triangular-square-rectangular.html.
(4) The Surprisingly Technical Reason That Manhole Covers Are Round. https://www.envirodesignproducts.com/blogs/news/the-surprisingly-technical-reason-that-manhole-covers-are-round.

Updating Cisco AnyConnect VPN Client

Cisco AnyConnect VPN client is software that allows you to securely connect to your organization’s network from any location. It is important to keep the VPN client updated to ensure optimal performance and security. In this article, we will show you how to deploy the updated Cisco AnyConnect VPN client to your users using the following steps:

  1. Download the latest version of Cisco AnyConnect VPN client from the Cisco website. You will need a valid Cisco account and a license to access the download page. Choose the appropriate installer for your operating system and architecture (32-bit or 64-bit).
  2. Log in to your Cisco Adaptive Security Appliance (ASA) device using a web browser or a SSH client. Navigate to Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Client Software.
  3. Click Add and browse to the location where you saved the downloaded installer file. Select the file and click Upload. The ASA will verify the file and add it to the list of available AnyConnect packages.
  4. Click Apply to save the changes. You can also optionally configure the ASA to automatically update the AnyConnect client on the user’s device when they connect to the VPN. To do this, go to Configuration > Remote Access VPN > Network (Client) Access > Group Policies and edit the default group policy or create a new one.
  5. Under Advanced > AnyConnect Client, check the Enable Auto Update box and select the desired update method (User Controllable, Automatic, or Manual). Click OK and Apply to save the changes.
  6. Inform your users that they can download and install the updated Cisco AnyConnect VPN client from the ASA web portal or from their existing client application. They will need to enter their credentials and accept the terms and conditions before proceeding with the installation.
  7. Once installed, the users can launch the Cisco AnyConnect VPN client from their desktop or start menu and connect to your organization’s network using their credentials and any additional authentication methods required by your security policy.

How to Increase OneDrive Size

 

OneDrive is a cloud storage service that allows users to store and access their files from any device. OneDrive users have a default storage quota of 1 TB, but sometimes they may need more space for their work or personal files. We will explain how a global administrator in Azure can increase a user’s OneDrive size up to 5 TB.

To increase a user’s OneDrive size, the global administrator needs to follow these steps:

Continue reading “How to Increase OneDrive Size”

Check Email Addresses Listed in Active Directory

One of the tasks that administrators often need to perform is to verify that each active directory user account has a valid email address. This is important for ensuring that users can receive notifications, access online services, and communicate with other users. There are different ways to verify the email addresses of active directory users, but in this article, we will focus on one method that uses PowerShell.

PowerShell is a scripting language that allows administrators to automate tasks and manage systems. PowerShell can interact with active directory through the ActiveDirectory module, which provides cmdlets for querying and modifying objects in the directory. To use PowerShell to verify the email addresses of active directory users, we need to follow these steps:

Continue reading “Check Email Addresses Listed in Active Directory”

5 Common Types of Cyber Attacks

Cybersecurity is a crucial aspect of any organization that relies on digital systems and networks. Cyberattacks can cause significant damage to the reputation, operations, and finances of a business, as well as compromise the privacy and security of its customers and employees. Therefore, it is important to understand the different types of cybersecurity attacks, how they are used, and how they can be prevented.

In this blog post, we will discuss 5 common types of cybersecurity attacks that every organization should be aware of and prepared to remediate.

Types of Attacks

1. Malware
Malware is a term that encompasses various types of malicious software, such as viruses, worms, trojans, ransomware, spyware, adware, and more. Malware can infect a computer or device through phishing emails, malicious links, downloads, or removable media. Malware can perform various harmful actions, such as deleting or encrypting data, stealing information, spying on user activity, displaying unwanted ads, or hijacking system resources.

To prevent malware attacks, organizations should use antivirus software and firewalls, update their systems and applications regularly, avoid opening suspicious attachments or links, and educate their employees on how to recognize and avoid phishing emails.

Continue reading “5 Common Types of Cyber Attacks”

Different Ways to Reboot Windows 10 Computer

Rebooting a Windows 10 computer is a common and simple operation that can help you fix some software issues or apply the changes you have made to your computer. However, do you know how to reboot Windows 10 properly? In this blog post, I will show you four different ways to restart your Windows 10 computer in a professional and safe manner.

Many might find these instructions too simple or too well known to even list, but some users are just learning how to use Windows 10 and might find these instructions useful.

Method 1: Reboot in a Normal Way

This is the conventional and most widely used method. You can follow these steps to reboot your Windows 10 computer in a normal way:

  1. Open Start on Windows 10.
  2. Press the Power button and select Restart from the popup menu.
  3. Wait for your computer to restart.

Alternatively, you can also use the Power User Menu to perform a normal restart of Windows 10. Here are the steps:

  1. Right-click on the Start button or press the Windows key and the X key at the same time to open the Power User Menu.
  2. Go to Shut down or sign out.
  3. Select Restart from the popup sub-menu of Shut down or sign out.
  4. Wait for your computer to restart.

Method 2: Reboot using Ctrl+Alt+Del

You can also use the keyboard shortcut Ctrl+Alt+Del to restart your Windows 10 computer. This method works on all Windows 10 computers. Here is how to do it:

  1. Press Ctrl+Alt+Del at the same time on your keyboard to open the shutdown dialog box.
  2. Click on the Power button that is on the lower-right side of your computer screen.
  3. Select Restart from the pop-out menu.
  4. Wait for your computer to restart.

Method 3: Restart from Command Prompt

The third method is to restart your Windows 10 computer from Command Prompt. This method requires you to use the shutdown command to reboot Windows 10. You can follow these steps to do it:

  1. Open Command Prompt as an administrator. You can do this by typing cmd in the Start menu, right-clicking on Command Prompt, and selecting Run as Administrator.
  2. In the Command Prompt window, type “shutdown /r” (without the quotes) and press Enter. This will initiate a restart of your computer.
  3. Wait for your computer to restart.

Continue reading “Different Ways to Reboot Windows 10 Computer”

History and Status of the PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) was created in response to the rapid growth of credit card transactions in the 1990s causing thousands of small companies to start storing credit card data and processing consumer transactions on unprotected networks.  Since many of these small businesses didn’t know how to properly secure these credit card transactions, it also led to a rapid increase in data theft and a growing concern from banks and credit card companies about ways to protect their brand and consumer accounts. In an effort to resolve the growing concern around payment card fraud and cybercrime in general, industry leaders such as Visa, MasterCard, and American Express got together and created a global security standard to protect online card payments.

The PCI DSS standard was established to set basic guidelines and requirements around how businesses must create a safer cardholder data environment, using basic requirements to drive minimum requirements around security that would lead to more secure business systems. As the standard evolved and procedures more refined, PCI DSS became an internationally accepted standard for all merchants and service providers.

PCI DSS History

PCI DSS was introduced in December 2004, after Visa and other brands had introduced their own standards.  These brand-specific standards weren’t well received by merchants and service providers, since these were small companies that didn’t need the confusion of multiple standards.

Continue reading “History and Status of the PCI DSS”

How to Create a Secure Windows 10 Workstation for Beginners

If you are new to Windows 10 and want to create a secure workstation for your personal or professional use, this blog post is for you. In this post, I will show you how to set up a Windows 10 workstation with some basic security features that will help you protect your data and privacy. Here are the steps you need to follow:

Continue reading “How to Create a Secure Windows 10 Workstation for Beginners”

IT Security Manager Responsibilities

What are the day-to-day responsibilities of an IT Security Manager?

An IT Security Manager is a technology professional who oversees the security of an organization’s information systems and networks. They are responsible for planning, implementing, and monitoring security policies and procedures to protect the organization from cyber threats and ensure compliance with relevant regulations and standards.

An IT Security Manager requires a combination of technical skills, such as knowledge of network security, encryption, firewalls, antivirus software, etc., and soft skills, such as communication, leadership, problem-solving, teamwork, etc. An IT Security Manager typically has a bachelor’s degree in computer science, information technology, cybersecurity or equivalent business experience. They may also have relevant certifications (CISSP, CISM, Security+, CASP+, CEH, etc.) to demonstrate specific skills and knowledge. An IT Security Manager may work for various types of organizations, such as government agencies, corporations, nonprofits, educational institutions, etc., depending on their industry and size.

Continue reading “IT Security Manager Responsibilities”

Top 10 Cybersecurity Team Effectiveness Metrics

What are the top 10 metrics used to measure cybersecurity team effectiveness?

Cybersecurity is a vital aspect of any organization that relies on digital systems and networks. However, measuring the effectiveness of a cybersecurity team can be challenging, as there are many factors and variables involved. In this blog post, we will explore some of the most common and useful metrics that can help assess how well a cybersecurity team is performing and where they can improve.

1. Mean time to detect (MTTD) – This metric measures how quickly a cybersecurity team can identify a potential threat or incident. The lower the MTTD, the better, as it means that the team can respond faster and minimize the damage.
2. Mean time to respond (MTTR) – This metric measures how quickly a cybersecurity team can contain and resolve a threat or incident. The lower the MTTR, the better, as it means that the team can restore normal operations and reduce the impact.
3. Mean time to recover (MTTR) – This metric measures how quickly a cybersecurity team can restore the affected systems and data after a threat or incident. The lower the MTTR, the better, as it means that the team can resume business continuity and reduce the downtime.
4. Number of incidents – This metric measures how many threats or incidents a cybersecurity team has to deal with in a given period. The lower the number of incidents, the better, as it means that the team has a strong security posture and can prevent most attacks.
5. Severity of incidents – This metric measures how serious or damaging a threat or incident is for an organization. The lower the severity of incidents, the better, as it means that the team can mitigate most risks and protect the most critical assets.
6. Incident response rate – This metric measures how many threats or incidents a cybersecurity team can successfully handle in a given period. The higher the incident response rate, the better, as it means that the team has enough resources and capabilities to deal with all challenges.
7. Incident resolution rate – This metric measures how many threats or incidents a cybersecurity team can successfully resolve in a given period. The higher the incident resolution rate, the better, as it means that the team has effective processes and tools to eliminate all threats.
8. Cost of incidents – This metric measures how much money an organization loses due to threats or incidents in a given period. The lower the cost of incidents, the better, as it means that the team can minimize the financial losses and optimize the security budget.
9. Customer satisfaction – This metric measures how satisfied an organization’s customers are with its security performance and service quality. The higher the level of customer satisfaction, the better, as it means that the team can meet or exceed customer expectations and build trust and loyalty.
10. Employee satisfaction – This metric measures how satisfied an organization’s employees are with its security culture and environment. The higher the employee satisfaction, the better, as it means that the team can foster a positive and collaborative atmosphere and retain talent.

These are some of the most common and useful metrics that can help measure cybersecurity team effectiveness. However, they are not exhaustive or definitive, and each organization may have different goals and priorities when it comes to security. Therefore, it is important to customize and adapt these metrics according to each organization’s specific needs and context.

TIOBE Index for May 2023 – Which Programming Language is Most Popular?

Have you seen the latest TIOBE rankings report?

The TIOBE Programming Community index is an indicator of the popularity of programming languages. The index is updated once a month. The ratings are based on the number of skilled engineers world-wide, courses and third-party vendors. Popular search engines such as Google, Bing, Yahoo!, Wikipedia, Amazon, YouTube and Baidu are used to calculate the ratings. Observe that the TIOBE index is not about the best programming language or the language in which most lines of code have been written.

It has been stated before, programming language popularity is rather stable. If we look at the first 10 programming languages in the TIOBE index, then C# is the youngest of them all. C# started in 2000. That is 23 years ago! Almost every day a new programming language is born, but hardly any of them enter the top 100. At least not in their first 10 years. The only languages younger than 10 years in the current top 100 are: Swift (#14), Rust (#17), Crystal (#48), Solidity (#59), Pony (#71), Raku (#72), Zig (#88) and Hack (#92). None of them are less than 5 years old. In other words, it is almost impossible to hit the charts as a newbie. On the contrary, we see that golden oldies revive. Take for instance Fortran, which is back in the top 20 thanks to the growing demand for numerical computational power. So, if you have just invented a brand new language, please have some patience! — Paul Jansen CEO TIOBE Software

You can read the details of how and why languages are popular at the TIOBE website. If you are a developer, you will find this information interesting.

Continue reading “TIOBE Index for May 2023 – Which Programming Language is Most Popular?”

How to Detect a New Domain Controller in Your Network

Some malware can create a Domain Controller to infect your network and steal data. DCShadow is a late-stage kill chain attack that allows an attacker with compromised privileged credentials to register a rogue Active Directory (AD) domain controller (DC). Then the adversary can push any changes they like via replication — including changes that grant them elevated rights and create persistence. It can be extremely difficult to detect a new Domain Controller, so you need to know how to find one if you suspect an infection.

Overview

A domain controller is a server that manages the security and authentication of users and computers in a domain. A domain is a logical grouping of network resources that share a common name and directory database. A new domain controller can be added to a domain for various reasons, such as increasing redundancy, improving performance, or expanding the network.

However, a new domain controller can also pose a security risk if it is not authorized or configured properly. An unauthorized domain controller can compromise the security of the entire domain by granting access to unauthorized users or computers, or by intercepting and modifying network traffic. Therefore, it is important to detect and monitor any new domain controllers in your network.

In this blog post, we will show you how to detect a new domain controller in your network using some simple tools and techniques. We will assume that you have administrative privileges on your network and that you are familiar with basic Windows commands and PowerShell.

Use the Netdom Command

The netdom command is a Windows command-line tool that can be used to manage domains and trust relationships. One of the functions of the netdom command is to list all the domain controllers in a domain. To use the netdom command, you need to open a command prompt as an administrator and type the following command:

netdom query dc

This command will display all the domain controllers in your current domain. You can also specify a different domain name after the dc parameter if you want to query another domain. For example:

netdom query dc example.com

The output of this command will look something like this:

List of domain controllers with accounts in the domain:

DC1DC2DC3The command completed successfully.

You can compare this output with your previous records or expectations to see if there is any new or unexpected domain controller in your domain. If you find one, you should investigate further to determine its origin and purpose.

Use the Get-ADDomainController PowerShell Cmdlet

The Get-ADDomainController PowerShell cmdlet is another tool that can be used to retrieve information about domain controllers in a domain. To use this cmdlet, you need to open a PowerShell window as an administrator and type the following command:

Get-ADDomainController -Filter *

This command will display all the domain controllers in your current domain along with some additional information, such as their name, site, operating system, IP address, and roles. You can also specify a different domain name after the -Server parameter if you want to query another domain. For example:

Get-ADDomainController -Filter * -Server example.com

The output of this command will look something like this:

DistinguishedName : CN=DC1,OU=Domain Controllers,DC=eexample, DC comDNSHostName : DC1.example.comEnabled : TrueName : DC1ObjectClass : computerObjectGUID : 12345678-1234-1234-1234-123456789012SamAccountName : DC1$SID : S-1-5-21-1234567890-1234567890-1234567890-1000Site : Default-First-Site-NameOperatingSystem : Windows Server 2019OperatingSystemVersion : 10.0 (17763)Forest : example.comDomain : example.comIPv4Address : 192.168.1.1IPv6Address : fe80::1234:5678:90ab:cdef%12IsGlobalCatalog : TrueIsReadOnly : FalseIsSeized : FalseRoles : {PDCEmulator, RIDMaster, InfrastructureMaster, SchemaMaster...}DistinguishedName : CN=DC2,OU=Domain Controllers,DC=example, DC ComDNSHostName : DC2.example.comEnabled : TrueName : DC2ObjectClass : computerObjectGUID : 23456789-2345-2345-2345-234567890123SamAccountName : DC2$SID : S-1-5-21-2345678901-2345678901-2345678901-1000Site : Default-First-Site-NameOperatingSystem : Windows Server 2019OperatingSystemVersion : 10.0 (17763)Forest : example.comDomain : example.comIPv4Address : 192.168.1.2IPv6Address : fe80::1235:5678:90ac:cdef%12IsGlobalCatalog : TrueIsReadOnly : FalseIsSeized : FalseRoles : {PDCEmulator, RIDMaster, InfrastructureMaster, SchemaMaster...}

You can also use Event ID 4742 in your Security log to monitor the changes to your registered Domain Controllers. This event shows which user initiated the change, so you know which Domain Administrator account is being used to perform the attack.

How to Report Smishing to Your Cell Phone Service Provider

Smishing is a type of phishing scam that targets your cell phone through text messages. The goal of smishing is to trick you into clicking on a malicious link, downloading a harmful attachment, or revealing your personal or financial information.

Smishing can be very dangerous and costly, as it can expose you to identity theft, fraud, malware, or unwanted charges on your phone bill. It is important to know how to report smishing to your cell phone service provider if you receive a suspicious text message.

Here are the step-by-step instructions for reporting smishing to your cell phone service provider:

Continue reading “How to Report Smishing to Your Cell Phone Service Provider”

O365 Security Overview

Office 365 is a popular cloud-based productivity suite that offers many benefits for businesses of all sizes. These Top 5 Security Settings in O365 should help you get started on your path towards a more secure cloud. However, with great power comes great responsibility. As an O365 administrator, you need to ensure that your organization’s data and users are protected from cyber threats and unauthorized access. In this blog post, we will share with you the top 5 security settings in O365 that you should configure to enhance your security posture and reduce your risk exposure.

1. Enable multi-factor authentication (MFA). MFA is a simple but effective way to prevent account compromise by requiring users to provide an additional factor of authentication besides their password, such as a code sent to their phone or email, or a biometric verification. MFA can stop attackers from accessing your O365 account even if they have your password. You can enable MFA for all users or specific groups in the Azure Active Directory portal.

2. Set up conditional access policies. Conditional access policies allow you to control who can access what resources in O365 based on certain conditions, such as location, device, app, or risk level. For example, you can block access to O365 from untrusted locations or devices, or require MFA for high-risk sign-ins. You can create and manage conditional access policies in the Azure Active Directory portal.

3. Configure data loss prevention (DLP) policies. DLP policies help you prevent sensitive data from leaving your organization or being shared with unauthorized parties. You can define what types of data are sensitive, such as credit card numbers, social security numbers, or health records, and what actions are allowed or blocked when such data is detected in O365 apps, such as Outlook, SharePoint, OneDrive, or Teams. You can create and manage DLP policies in the Microsoft 365 compliance center.

4. Enable audit logging and alerts. Audit logging and alerts help you monitor and respond to suspicious or malicious activities in your O365 environment. You can view and search audit logs for various events, such as user sign-ins, file downloads, mailbox access, password changes, or admin actions. You can also set up alerts to notify you when certain events occur, such as a user logging in from an unusual location or a file containing sensitive data being shared externally. You can access audit logs and alerts in the Microsoft 365 security center.

5. Review and update your security settings regularly. Security is not a one-time task but an ongoing process. You should review and update your security settings regularly to keep up with the changing threat landscape and best practices. You can use the Microsoft Secure Score tool to assess your current security posture and get recommendations on how to improve it. You can also use the Microsoft Security Roadmap to plan and prioritize your security initiatives. You can access both tools in the Microsoft 365 security center.

These are some of the most important security settings in O365 that you should configure to protect your organization’s data and users. By following these steps, you can enhance your security posture and reduce your risk exposure in the cloud.

Active Directory Security Overview

Active Directory (AD) is a directory service that manages the identities and access rights of users and devices in a network. AD security settings are the policies and configurations that define how AD objects, such as users, groups, computers, and organizational units, are protected from unauthorized access or modification.

AD security settings are essential for any organization that uses AD as their directory service. They help protect the network from internal and external threats, comply with various regulations and standards, and optimize the network performance and management. However, not all AD security settings are equally important. Some settings have a greater impact on the security posture and compliance status of the network than others.

In this post, I will discuss the importance of the top 5 security settings in AD, namely:

  • Password policy
  • Account lockout policy
  • Group policy
  • Permissions and auditing
  • Kerberos policy

Password Policy

Password policy is the set of rules that govern how passwords are created, changed, and stored in AD. Password policy affects the security of user accounts and the authentication process. A strong password policy should enforce the following requirements:

  • Minimum password length
  • Password complexity
  • Password history
  • Password expiration
  • Password encryption

A strong password policy helps prevent password cracking, guessing, or phishing attacks by making passwords harder to break or steal. It also reduces the risk of password reuse or sharing by requiring users to change their passwords regularly and use different passwords for different accounts. You should look at minimum password length of 10-12 characters with complexity requirements enabled, remembering at least the last 5 passwords, etc.

Account Lockout Policy

Account lockout policy is the set of rules that govern how AD responds to failed logon attempts. Account lockout policy affects the security of user accounts and the authentication process. A reasonable account lockout policy should enforce the following requirements:

  • Account lockout threshold
  • Account lockout duration
  • Account lockout reset

A reasonable account lockout policy helps prevent brute force attacks by locking out accounts after a certain number of failed logon attempts. It also reduces the risk of denial-of-service attacks by unlocking accounts after a certain period of time or by allowing administrators to manually reset them. You should look at disabling a user account if they guess their password incorrectly 10 times in 30 minutes, and automatically enabling their account after it has been locked for 30 minutes.

Group Policy

Group policy is the set of rules that govern how AD objects are configured and managed. Group policy affects the security of users, devices, and data. A comprehensive group policy should enforce the following requirements:

  • Security settings
  • Software settings
  • Administrative templates
  • Preferences

A comprehensive group policy helps enforce consistent and secure configurations across the network by applying security settings to users, devices, and data. It also helps automate and simplify the deployment and management of software, policies, and preferences across the network.

You should minimize any GPOs linked at the root domain level as these policies will apply to all users and computers in the domain. You should also avoid blocking policy inheritance and policy enforcement.

Permissions and Auditing

Permissions and auditing are the set of rules that govern how AD objects are accessed and monitored. Permissions and auditing affect the security of users, devices, and data. A granular permissions and auditing policy should enforce the following requirements:

  • Least privilege principle
  • Role-based access control
  • Object ownership
  • Inheritance and propagation
  • Audit policy

A granular permissions and auditing policy helps ensure the confidentiality, integrity, and availability of AD objects by granting only the necessary access rights to authorized users or groups based on their roles and responsibilities. It also helps detect and deter unauthorized access or modification by recording and reporting any changes or activities on AD objects.

Kerberos Policy

Kerberos policy is the set of rules that govern how AD uses Kerberos as its primary authentication protocol. Kerberos policy affects the security of user accounts and the authentication process. A secure Kerberos policy should enforce the following requirements:

  • Ticket lifetime
  • Ticket renewal
  • Maximum tolerance for computer clock synchronization

A secure Kerberos policy helps prevent replay attacks by limiting the validity and renewability of Kerberos tickets. It also helps prevent man-in-the-middle attacks by requiring a close synchronization of computer clocks within the network. It’s advisable to set Maximum lifetime for service ticket to 600 minutes and Maximum lifetime for user ticket renewal to 7 days.

In conclusion, AD security settings are vital for any organization that uses AD as their directory service. Among them, password policy, account lockout policy, group policy, permissions and auditing, and Kerberos policy are the most important ones. They help protect the network from internal and external threats, comply with various regulations and standards, and optimize the network performance and management.

Starting Your Cybersecurity Career

Cybersecurity as part of an overall Information Systems environment has existed for many years, but recent cyber-attacks have forced companies of all sizes to focus on cybersecurity to enhance security, protect sensitive customer and employee data, and to prevent damage to their corporate brand. Maybe you are looking to jump into a cybersecurity career? I have some basic tips to help you make the leap to a rewarding career in cybersecurity.

  1. Skills – A company only wants to hire the best employees, usually for the lowest wage possible. Your salary is usually based on your skills, experience, and the local market. If you haven’t got any relevant experience, and you can’t demonstrate relevant skills, you may never get a cybersecurity job and you’ll definitely be underpaid if you do get a job. The best way to demonstrate skills without experience is an industry recognized certification. While having a degree in cybersecurity will open some doors, an EC-Council Certified Ethical Hacker (CEH), CompTIA Security+, or many other certifications will help demonstrate you have the knowledge and skills to tackle the complexities of cybersecurity. Look at job postings to see what types of certifications are needed or common for the type of job you want to pursue. You can get a free certification called Certified in Cybersecurity from (ISC)², the same cybersecurity professional organization known for the popular CISSP certification. Just sign up as an (ISC)² Candidate. When you’re ready to sit for the exam, you can find your exam promo code on the Candidates benefits page. Please note that you may only use the exam promo code once. To register for your exam at a Pearson VUE test center, visit https://www.isc2.org/Register-for-Exam
  2. Experience – This can be the most difficult thing for a beginner to accomplish. How can you be expected to gain experience if you can’t get a job without experience? You can try internships, a part-time job, freelancing for a few friends or associates, volunteering at a local non-profit, or complete Capture-the-Flag (CTF) challenges. These are all great ways to gain hands-on experience in cybersecurity, maybe without giving up your normal job. These initial experiences will not only help you determine if this career is right for your personality and lifestyle, but it will also build your skills and experience to enhance your resume.
  3. Awareness – Most of what is happening in cybersecurity isn’t mainstream news. You need to follow some basic industry news sites (securityweek.com, thehackernews.com, bleepingcomputer.com, etc.) to learn about new attack methods, attend cybersecurity conferences to listen to experts and vendors, participate in free webinars to learn new skills, and join online or local communities to meet your future coworkers. These relationships and information are usually free (or low-cost) ways to stay informed about emerging threats, hacking tools, and industry best practices in the field. Being a well-informed cybersecurity professional adds value to your portfolio and can attract interest from an organization during an interview.
  4. Relationships – By networking and building professional relationships, you can create a strong professional network that can possibly offer you mentorships, job referrals, information about recent job posting, or just someone to talk to when you need a pep talk.
  5. Attitude – You’ll probably meet a few people who still think of security professionals as teenagers living in their parent’s basement trying to hack into the Pentagon or the local video game store. You’ll need to demonstrate your professionalism in actions and appearance. Cybersecurity professionals have access to critical and sensitive business information, so you’ll need to demonstrate you can handle that responsibility with the highest standards of conduct, ethical behavior, and professional demeanor. This includes while at a job interview, attending a conference, and while talking to colleagues or friends. Don’t give anyone a reason to second-guess the opportunity to recommend you for a job.
  6. Focus – Learn everything you can and stay focused on the prize. Don’t take half steps toward getting that dream job in cybersecurity. There are entry-level jobs out there, you just need to be persistent and patient to find the hiring manager willing to give you a chance. The more you know, the more you’ll find out how much you don’t know about cybersecurity. Accept your limitations and lean into finding an entry-level position. Stay curious and accept you have a ton to learn, but demonstrate a willingness and ability to learn.

These are the basic building blocks to finding a rewarding career in cybersecurity. Some people find it easy and get an entry-level job a few weeks into their job search, while others can spend months without any luck. It doesn’t mean you are doing something wrong. Stay positive and focused and you’ll eventually find success.

SIEM Overview

Introduction

Security information and event management (SIEM) is a software solution to take event logs collected from all supported information technology (IT) infrastructure and applications and provide actionable security intelligence. These enterprise solutions provide real-time analysis of security alerts generated by applications and network hardware, providing an interface for research and analysis of provided data and alarms, while also providing an interface for deeper investigations and tracking the full scope of an event.

SIEM solutions have been around for many years, with different degrees of functionality and features depending on the product or vendor you choose.

The SIEM also provides a collection point for all logs, since a common attack profile includes an intruder attempting to cover their tracks by deleting the event logs from a compromised system. A SIEM collects the event logs in real-time, so even if the logs are deleted from the compromised system later, the events are still available for review from the SIEM copy of the logs. This helps preserve evidence and allows for detailed analysis of events even during a successful attack.

At its core, a SIEM is a data aggregator, search tool, and reporting system. SIEM gathers immense amounts of data from your entire networked environment, consolidates all that data and makes it human accessible. With the data categorized and laid out at your fingertips, an analyst can research possible data security breaches with as much detail as needed.

Summary of Capabilities

In practice many products in this area will have a mix of log-related functions, so there will often be some overlap – and many commercial vendors also promote their own terminology. A full solution will include simple collection and storage of log messages and audit trails, long-term storage as well as analysis and reporting of collected log data, real-time monitoring of new log events, correlation of events, notifications as suspicious events are collected, and console views for graphical analysis and research.

A key focus of a solution is to monitor and help manage user and service privileges, directory services and other application or system-configuration changes; as well as providing log auditing and review, analysis of related events, and incident response.

Continue reading “SIEM Overview”

10 Steps to Protect Backup Servers from Ransomware

Ransomware is everywhere, and you must accept that your organization is a target of cyber-criminals looking for a payday. You must think about your backups and what you are doing to protect your precious backups from attack.

As a general rule, ransomware attacks are mass attacks, where cyber-criminals are targeting common and relatively soft implementations. Sophisticated targets with knowledgeable administrators are a less attractive target for them, so just a few simple configuration changes and some thoughtful procedures can really limit an attacker’s success.

Here are 10 steps you can perform to help protect your backups during an attack:

Continue reading “10 Steps to Protect Backup Servers from Ransomware”
%d bloggers like this: