Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This policy enables users on the network to establish connections with the computer, and it’s necessary for several network protocols such as Server Message Block (SMB), NetBIOS, Common Internet File System (CIFS), and Component Object Model Plus (COM+).

Internet Protocol version 6 (IPv6) is a network layer protocol that facilitates communication across the internet by assigning unique IP addresses to each device for identification and location purposes. With the onset of the digital era in the 1990s, the limitations of IPv4 addresses in accommodating the escalating demand became evident. Consequently, the Internet Engineering Task Force (IETF) embarked on developing the next-generation internet protocol, leading to the emergence of IPv6.

Hardening a Linux server is the process of enhancing its security and reducing its attack surface by applying various configurations, policies, and tools. A hardened Linux server is more resilient to cyber threats and less prone to compromise.

Kubernetes, also referred to as k8s or “kubes,” stands as a portable, extensible, open-source container orchestration platform designed for managing containerized workloads and services. Initially developed by Google based on its internal systems Borg and later Omega, Kubernetes was introduced as an open-source project in 2014 and subsequently donated to the Cloud Native Computing Foundation (CNCF).

A brute-force attack is a trial-and-error method hackers use to guess login information, and encryption keys, or find hidden web pages. In a brute force attack, an attacker tries as many combinations as possible, systematically incrementing through all possibilities until the correct password is discovered. This can be done manually, but it is usually automated using specialized software tools designed for this purpose.

Windows New Technology LAN Manager (NTLM) is an outdated challenge-response authentication protocol developed by Microsoft. Despite being surpassed by Kerberos, NTLM remains in use as a form of Single Sign-On (SSO), allowing users to authenticate to applications without directly providing their passwords.

LAN Manager (LM) authentication level is a security setting that determines how Windows systems authenticate network connections. It is a legacy authentication protocol developed by Microsoft for use in older versions of Windows network operations. There are three main protocols involved in LAN Manager Authentication: The LAN Manager Authentication Level setting allows you to choose which protocols your system will use or accept for authentication.

The “Network access: Restrict clients allowed to make remote calls to SAM” security policy setting manages which users are permitted to view the list of users and groups stored in both the local Security Accounts Manager (SAM) database and Active Directory through remote calls. This policy setting allows you to restrict remote RPC connections to SAM. If not selected, the default security descriptor will be used.

Cipher suites are a set of cryptographic algorithms utilized by the schannel SSP implementation of TLS/SSL protocols. These algorithms are employed to generate keys and encrypt data. Each cipher suite designates specific algorithms for the following functions: In TLS 1.2 and TLS 1.3, the NSA suggests using cryptographic settings that meet the standards in CNSSP 15, known as Commercial National Security Algorithms.

The SQL Server Audit object gathers individual occurrences of server or database-level actions and sets of actions for monitoring purposes. This audit operates at the SQL Server instance level, allowing for multiple audits per instance. Upon defining an audit, you designate the destination for result output. Before beginning a SQL Server audit pay attention to the limitations and restrictions associated with database audit specifications.