Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CalCom

LAN Manager authentication level best practices

LAN Manager (LM) authentication level is a security setting that determines how Windows systems authenticate network connections. It is a legacy authentication protocol developed by Microsoft for use in older versions of Windows network operations. There are three main protocols involved in LAN Manager Authentication: The LAN Manager Authentication Level setting allows you to choose which protocols your system will use or accept for authentication.

Restrict clients allowed to make remote calls to SAM

The “Network access: Restrict clients allowed to make remote calls to SAM” security policy setting manages which users are permitted to view the list of users and groups stored in both the local Security Accounts Manager (SAM) database and Active Directory through remote calls. This policy setting allows you to restrict remote RPC connections to SAM. If not selected, the default security descriptor will be used.

Harden Cipher Suites for Robust TLS/SSL Encryption

Cipher suites are a set of cryptographic algorithms utilized by the schannel SSP implementation of TLS/SSL protocols. These algorithms are employed to generate keys and encrypt data. Each cipher suite designates specific algorithms for the following functions: In TLS 1.2 and TLS 1.3, the NSA suggests using cryptographic settings that meet the standards in CNSSP 15, known as Commercial National Security Algorithms.

Kernel DMA Protection Hardening to Secure Your Systems

Kernel Direct Memory Access (DMA) Protection is a security feature in Windows designed to prevent unauthorized access to memory by external peripherals. Kernel DMA Protection requires UEFI firmware support, and Virtualization-based Security (VBS) isn’t required. Kernel DMA Protection offers enhanced security measures for the system compared to the countermeasures against BitLocker DMA attacks, all while preserving the usability of external peripherals.

How SQL Server Audit is Your Secret Security Weapon

The SQL Server Audit object gathers individual occurrences of server or database-level actions and sets of actions for monitoring purposes. This audit operates at the SQL Server instance level, allowing for multiple audits per instance. Upon defining an audit, you designate the destination for result output. Before beginning a SQL Server audit pay attention to the limitations and restrictions associated with database audit specifications.

Securing DCOM with SDDL: Exploring Machine Access Restrictions for Enhanced Protection

SDDL, or Security Descriptor Definition Language, defines the string format that the ConvertSecurityDescriptorToStringSecurityDescriptor and ConvertStringSecurityDescriptorToSecurityDescriptor functions use to describe the security settings of an object in Windows as a text string. Think of it like a simple language for defining who can access an object (like a file, folder, or registry key) and what they can do with it.

NIST server hardening: Guide for NIST 800-123

The NIST SP 800-123 Guide to General Server Security contains NIST recommendations on how to secure your servers. It offers general advice and guideline on how you should approach this mission. Its aim is to assist organizations in understanding the fundamental activities they nee dto undertake to secure their servers. Regulations such as HIPAA, HITRUST, CMMC, and many others rely on those recommendations, demanding organizations to enforce and comply with the guide.

Ultimate Guide to Windows Task Scheduler Hardening

Windows Task Scheduler, previously known as Scheduled Tasks, is a powerful job scheduler built into Microsoft Windows. Its primary function is to launch computer programs or scripts at specific times or intervals predetermined by the user. Introduced as System Agent in Microsoft Plus! for Windows 95, Task Scheduler Windows has evolved into a core component of the Windows operating system.