Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Interactive Logon Machine Inactivity Limits

Interactive logon: Machine inactivity limit is among the 9 Interactive logon security settings. If a user hasn’t been active on their Windows session for a while and surpasses the set limit, this setting typically determines how long the user can remain inactive before being automatically logged out of their session on the machine. The recommended state for this setting is: 900 or fewer second(s), but not 0.

Network Security Configure Encryption Types Allowed for Kerberos

The ability to authenticate securely over an unsecure network is paramount in safeguarding sensitive information and maintaining trust in digital interactions. In an era where communication often occurs over public networks like the internet, ensuring the authenticity of users and data is critical to prevent unauthorized access and data breaches. Kerberos is a Windows security network authentication protocol that allows users and services to securely authenticate over a non-secure network.

Network Hardening Guide for IT Professionals

Network hardening involves implementing measures such as configuring firewalls, securing remote access points, blocking unused network ports, removing unnecessary protocols, implementing access lists, and encrypting network traffic to mitigate unauthorized access and bolster the security of a network’s infrastructure. This process involves identifying and addressing vulnerabilities in device management and configurations to prevent exploitation by malicious actors aiming to infiltrate the network.

Lock pages in memory - and throw away the key

This Windows policy specifies which accounts can keep data in physical memory, preventing the system from paging it to virtual memory on disk. RAM (Random Access Memory) and virtual storage serve as two types of memory in a computer system, each with distinct functions and characteristics. RAM, the physical memory installed in a computer, provides fast access to actively used data by the CPU, determining the system’s multitasking capabilities.

Manage Auditing and Security Log Configuration

Security logging and auditing in a Windows environment refers to the process of systematically recording events and activities that occur within the operating system. These audit records are stored in the security log, a component of the Windows Event Viewer. Manage auditing and security log setting grants specific users or groups the authority to configure auditing policies and manage security logs.

CIS Controls: Everything You Need to Know

The Center for Internet Security (CIS) Controls are a prioritized set of Safeguards to mitigate the most common cyber-attacks against systems and networks. The SANS 20 Critical Security Controls, formerly known as the SANS Top 20, is now called the CIS Controls and has been reduced to 18 Controls since version 8. You may be wondering, How many CIS Controls are there?

Locking Down Security: Disable WDigest Authentication

WDigest Authentication is a method used in Windows operating systems for verifying user credentials during authentication. It’s a way for computers to prove their identity to servers by storing a copy of the user’s plaintext password in memory. It uses Hypertext Transfer Protocol (HTTP) along with Simple Authentication Security Layer (SASL) exchanges for authentication purposes. The name “WDigest” comes from its function and purpose within the Windows operating system.

Include Command Line in Process Creation Events - it's all about the details

The Windows event log serves as a comprehensive and time-sequenced documentation of system, security, and application notifications. It’s maintained by the Windows operating system and utilized by network administrators for troubleshooting system issues and anticipating future challenges. This systematic recording of various system and application activities in event logs provide a chronological record of events that occur on the system, offering invaluable insights into its operation and health.

The Successes and Failures of Audit Credential Validation

In any system, it’s important to know who is trying to gain access, whether successful or not. This is especially important when trying to keep something secure, like a network or confidential data. Ensure ‘Audit Credential Validation’ is set to ‘Success and Failure' keeps track of attempts to access a system, whether successful or not, using specific credentials, such as a username and password, and logs it.

Ad Hoc Distributed Queries - SQL Server

An ad-hoc query is an unscheduled data inquiry, typically created in response to questions that cannot be addressed using predetermined or predefined datasets. Ad hoc distributed queries utilize the OPENROWSET(Transact-SQL) and OPENDATASOURCE(Transact-SQL) functions for establishing connections with remote data sources employing OLE DB. It’s advisable to employ OPENROWSET and OPENDATASOURCE solely for referencing OLE DB data sources that are accessed on an occasional basis.