Posts

Setting up a linux Bridge / Tap to capture network traffic for troubleshooting or intrusion detection

Image
Capturing traffic can be tricky at times. you have a few things to consider: placement of the tap/bridge/port span or mirror throughput in each direction throughput of the hardware used for capture For the placement of where you capture traffic I suggest you follow the guidance on this web page: https://docs.zeek.org/en/current/monitoring.html#instrumentation-and-collection You may hit limits due to your router having an integrated wifi in which case you may have to get creative but that is beyond the scope of this blog entry. The next consideration is to look at what the maximum bi-directional throughput is and that determines the requirements for the next item. The third consideration on a network bridge is the hardware path on the host you are using for the bridge. If the traffic you want to monitor is under 60MBps total then some USB 2.0 ports with Gig Ethernet adapters will likely handle the load. Otherwise you will need a PCI-E network adapter or USB 3.0 network adapters and 3.0
Post a Comment
Read more

De-cluttering Windows 10 and 11 with less than 100 clicks

Image
First I will state that if you use a managed service provider for your small business, and they are good, they "should" handle this for you as part of their service unless you are paying rock bottom prices. You get what you pay for and IT folk work hard to know what to do to optimize your systems for productivity. There are three main steps to this:  Open a powershell window as administrator copy and pasting some powershell code to run in that window press enter after pasting to run the code For Windows 10: Click on the Start button or press the Windows key on your keyboard. Type "PowerShell" into the search bar. Right-click on the "Windows PowerShell" result and select "Run as administrator". If the User Account Control dialog box appears, click "Yes" to allow the app to make changes to your device. For Windows 11: Right-click on the Start button or press the Windows key + X on your keyboard. From the menu that appears, select "Wi
Post a Comment
Read more

Risk Assessments and Business Impact Analysis

Image
If you want to protect your business you need to be prepared. A Risk Assessment is key to understanding what you potential problem areas are.  The first step to do is gather an inventory which I covered here: https://securityguypro.blogspot.com/2023/07/inventory-your-business.html I could write even more about the processes but there are already some excellent resources available at the links below. https://www.ready.gov/risk-assessment https://www.epa.gov/risk https://www.hhs.gov/hipaa/for-professionals/security/guidance/guidance-risk-analysis/index.html https://www.youtube.com/watch?v=hNUBMLVr9z4 https://www.youtube.com/watch?v=61roNgguC1k https://www.youtube.com/watch?v=-E-jfcoR2W0 https://www.youtube.com/watch?v=fXbC_IFrhuE https://www.youtube.com/watch?v=5kDmCHZCPVw
Post a Comment
Read more

Inventory your business

Image
 The start of getting a good grasp on your company's cybersecurity posture is to gather an inventory of your business. An example of why this is necessary is: I recently had a conversation with a business that had scanned copies of all the checks from transactions they did with customers. They had years worth of scans of these documents. If they were to have the data stolen, being they are in Texas, they would likely been liable for complying with the  Texas Identity Theft Enforcement and Protection Act (TITEPA) For TITEPA, if you fail to take reasonable action to comply with the breach notification requirements of the law, the Texas Attorney General may seek civil penalties from $2,000 to $50,000 per violation. In cases of unlawful data disposal, your business can be fined up to $500 for each record. If you think it will never happen to your company, check out this list from the TX AG office and click on the right hand most column to sort by date: https://oag.my.site.com/datasecur
Post a Comment
Read more

Reducing Spam with M365

Image
Dealing with the constant barrage of SPAM emails that flood your inbox is frustrating. These unsolicited messages clutter your inbox and ruin your productivity. Here are a few things to do to reduce spam if you use Microsoft 365. Step 1 : Enter your domain name on mxtoolbox and get a report: https://mxtoolbox.com/emailhealth/ Step 2 : Look for these three low hanging fruit items: SPF, DKIM and DMARC Step 3 : You can either fix these yourself by following any of the instruction sets below or you can find a freelancer on upwork.com to assist. The link for upwork searches for M365 setup to get you to the right professionals. Here are three different sets of instructions on configuring you M365 for securing your e-mail: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/email-authentication-about?view=o365-worldwide https://www.dmarcly.com/blog/how-to-set-up-dmarc-dkim-and-spf-in-office-365-o365-the-complete-implementation-guide https://lazyadmin.nl/office-365/of
Post a Comment
Read more

Microsoft Windows disk filling up?

Image
If you've been using your Windows computer for more than a year, you may have noticed that the free disk space gradually dwindles, or perhaps you're encountering issues installing updates. Don't panic, there's a way to address this by using couple of commands. There are two tools that will likely clean things up for you. The first is DISM, short for Deployment Image Servicing and Management. I suggest you run this tool once to clean up and a second time to perform a health check on windows. Before continuing, save all work and close all applications. With everything closed out the next step is to launch an Administrator command prompt to run these commands. Click on the Start Menu and type "cmd" into the search bar. In the search results, you'll see "Command Prompt." Right-click on it and select "Run as administrator." Next you will need to copy and paste or type in the commands. You will run them one after the other. Be patient as they
Post a Comment
Read more