Guides News (13 Posts)

1 2 . Last - Previous >>

Cyber Security Planning - A simple 6 Steps Approach

Having a plan, or not, to secure your enterprise and respond to an incident could be the difference between closing down your company or seeing that incident through!
Most large organisations invest considerable amount of time, money and resources to define a Cyber Security Strategy resulting in several Cyber Security Programs and Incident Management/Response Plans. All of which are in support of a wider Business Continuity Plan (BCP).
This results in procedures, documentation, backup systems, regular incident simulations and dedicated teams.

As long as these initiatives are kept up to date and still relevant to the organisation mode of operation then it should help a company survive most incidents.

By contrast, smaller organisations and especially start-ups tend to focus first on getting the "job done" and then think of what to do in case of an emergency or incident.
Their Cyber Security Programs and Incidence Response Plans are often limited to t...
>>[READ MORE]


How to build an efficient Anti-Phishing Framework?

As our world reliance on electronic connection and communication is accelerating, cyber attacks are on the rise along with counter measure solutions in the form of endless new cyber security companies, consultants, expertise, software and hardware aimed at protecting individuals, assets, corporations and even nation states.

However, even with all the tools and increasing cyber budget at our disposal, there is always one constant weak link: The Human element in the so called Cyber Kill Chain.
It is this human element that can defeat the most sophisticated defence systems and it is why the use of Phishing and Spear Phishing attacks are so prominent and successful.

Those attacks exploit human emotion, ignorance and credibility to bypass defences in tricking users to follow poisonous steps:
Clicking on links, opening documents, accepting/ignoring security warnings and good practises, installing software, etc....
>>[READ MORE]


How to build a Red Team and Why?

I recently gave a talk at the Rant Forum in London on the topic of "RedTeam, why this is more than a buzz word?". It was an interesting experience and whilst different from traditional security events, as the crowd can and will interrupt you at any time, it was very enjoyable.
Many attendees asked if I could produce some "slides" after the talk. As no slides were used, below is a collection of notes from wich the talk was based on.

In this post we will explain what RedTeam is, how does it fit with other similar security services and what advantages does it bring to an organisation. We will also look into what works? what doesn’t? And where is this “new” type of service going?
1. DEFINITION
A Red Team is part of a trio of services which increases in sophistication: Vulnerability Assessment, Penetration Testing and then Red Teaming. We will d...
>>[READ MORE]


One more update to the Security Onion Guide

We have updated once more our Security Onion Installation Guide with a few tweaks regarding setting up BRO emails and SSH.
There is also a new PDF version, using an updated template, available from the download section .

...
>>[READ MORE]

Updated Security Onion Guide

Last week, Security Onion repository moved from Google Code to Github. We have now updated our Security Onion Installation Guide with the new links.
Basically, replacing the base part of each link from the old reference
"https://code.google.com/p/rest_of_the_link]"
to
"https://github.com/Security-Onion-Solutions/rest_of_the_link]"

If you are looking for "issues", not only do you need to replace the base reference as mentioned above, but you also need to remove the "detail?id=" at the end of the URL.
For example:
https://code.google.com/p/security-onion/issues/detail?id=488 (does not work )
Becomes
https://github.com/Security-Onion-Solutions/security-onion/issues/48...
>>[READ MORE]


How to setup PIWIK to track visitors' downloads

PIWIK is a an amazing Open-Source Web Analytics platform which is a good alternative to http://www.google.com/analytics/ as it provides full control to your data and more details (i.e.: full IP addresses).
You have 3x hosting options:

  • Use their cloud service. (More info here)
  • Host it yourself online: at the back of your web server or on a different/dedicated server. (More info here)
  • Host it offline, and manually import your apache logs. (More info here )

  • The advantage of hosting it online is that you can use a php/javascript trackers within your web pages producing more information on your visitors (screen resolution, plugins, etc)
    It also allows you to do certain "tricks", such as tracking who downloads a specific image as ...
    >>[READ MORE]

    How to setup Security Onion on a home network with Splunk, email alerts and some basic tuning

    Entry Last updated on the 11th of May 2015
    a PDF version is also available to download here

    Security Onion (SO) is a great open source project created by Doug Burks.
    It is a Linux Distribution based on Ubuntu and bundled/configured with all the tools you need to get a powerful, and free, Network Security Monitoring system (NSM). It can be used to monitor your network traffic for suspicious activities and malware.

    This guide is aimed at people who quickly want to get started with SO with the following basic functionalities:
  • Getting an understanding of what Network and Server setup are required
  • Going through a basic SO installation
  • Getting basic understanding on how to tune Snort and remove false positives
  • Getting regular reports and speci
  • ...
    >>[READ MORE]

    Fix for compiling VMwaretools 9.9.2 on kernel 3_18+

    We recently encountered some errors when trying to recompile the VMwaretools on Kali (kernel 3.18) and Security Onion (Kernel 3.2):

  • error: implicit declaration of function ‘smp_mb__after_clear_bit’
  • error: ‘struct dentry’ has no member named ‘d_alias’

    Those errors meant it was not possible to share files between the Host OS and the virtual machines, as compilation was failing in the vmhgfs-only directory.

    Below are a set of instructions to fix those issues.
    Please note the following was Tested with VMwaretools-9.9.2-2496486.tar.gz, and you need to do this as "root"
  • In Fusion/VMWare select reinstall VMwaretools - This will mount a virtual VMWare CDROM
  • Go to that CDROM and copy the VMwaretools tar.gz file onto your /tmp directory.
  • Unmount the CDROM (you may not need to do this, but we did have have issue once with the CDROM still mounted).
  • Uncompress the tar.gz file using "tar xvzf"
  • Go to /tmp/vmwa
  • ...
    >>[READ MORE]

    Apple Security in the Enterprise

    There is a good document from the UK government describing the different security features available in Apple Mac OS X 10.8 and the ones you should consider if using a Mac as an enterprise end point:

    OS X 10.8 UK Gov security guidance document.

    In light of all the noise created by the NSA and GCHQ surveillance programs you might be tempted to dismiss governments’ position and view when it comes to IT Security. However,I found that document quite good and high level enough to be understood by mid-level management at least :)

    They do refer to an MDM solution for some of the controls without specifying which one, so I assume they are referring to a OS X Server Profile Management solution as described by Apple HER...
    >>[READ MORE]


    A story about Password: The Wrong Formula

    In this article I will first talk about some misconceptions regarding what is considered a secure password and then about how you can leverage different technologies to help protect your different credentials.

    In the past few years there has been a sharp increase in websites being hacked and their users’ passwords/hashes stolen, in parallel we are using online services for almost everything: to pay for your local pizzeria delivery or your electricity bill, access your bank account, connect to your work email, etc.

    The common advice is to use different passwords for each site you register to, but most people don’t. It means that hackers can often reuse credentials they obtained on one website to access another.

    One way to counter that risk would be to use some kind of formula so you remember a different password for each site you have registered to. This *could* be the best solution, as remembering a password formula means you do not have to write it do...
    >>[READ MORE]