IT Blog @matthewivezaj - Tumblr Blog

State backed Covid-19 attacks

A report has claimed that 1755 warnings came from google to individual users in April. The users had fallen victim to government backed hackers stealing their account. This comes as phishing is something that has become more common with the coronavirus. New activity spotted on Wednesday has indicated that many "hack-for-hire" attempts have been made in India. Gmail accounts had been made to spoof the world health organization. This was all disclosed by Google's Cyber Threat Analyst Group. The financial, consulting, and healthcare sectors in the following countries have all been victims of the attacks: • United States • Slovenia • Canada • India • Bahrain • Cyprus • UK Work Cited Synnex, " Google sees resurgence in state-backed cyber threats related to COVID-19 ", https://www.arnnet.com.au/article/680086/google-sees-resurgence-state-backed-cyber-threats-related-covid-19/, May 28, 2020.

How to stay safe while working online

How to stay safe while working online Working from home, as good as it seems, comes with some serious risks. If you find yourself working from home, you should take extra steps to make sure you are aware of dangers. Employers should try and keep tabs of their employees and try to prevent any spills and keep internet security at an all-time high. You workers should also remember that their homes are not as secure of a place to connect to vs the work-place. Always keep yourself aware to scammers trying to exploit you. Atlasypn, a virtual network provider has reported that there has been an uprise in the number of spam emails. A number of reports have shown that phishing has skyrocketed from march. A number of experts have revealed that these emails are largely related to COVID-19. The following is a statement released by the vice president of information security at Slalom, "Some of these messages are focused on contact tracing themes, testing themes, healthcare themes, and CDC- based themes, anything to draw the attention of the person under attack by the bad guys. First rule of thumb that I would recommend, is if you are uncertain, report it to someone you work with. Report it to your technology department. Report it to your security department." Scammers have much to garner in terms of data. Cyber criminals exploit every chance they can get from the new work from home lifestyle that we are all becoming accustomed to. The problem though is, many workers do not follow even semi-good practices if cyber security. Many of them are following unconventional methods. Also that remember that your router/modem also plays a role in this. Because it is your gateway to the internet, you should make sure that you have it extra protected. Work Cited Thompson, Connie, "Take extra security measures when working from home to reduce cyber threat to employer", https://komonews.com/news/consumer/take-extra-security-measures-when-working-from-home-to-reduce-cyber-threat-to-employer, May 27, 2020

Dual Core Vs Quad Core

Major differences between the two: • Number of processor Chips. • 18 Core-Processor is currently the best. • Each core does processing work and thus is it's own CPU. More processors do not always make your computer faster, because not all programs are specialized to transition between tasks on those cores. When you look for a new computer, you should pay attention to the clock speed, as that gives some clue on the architecture and speed of the computer. This is why newer computers that run dual core can outperform a quad core. A problem with more cores is that they will lead to more power consumption. Chip makers have been trying to fight with trying to reduce the energy that cores will absorb. Always remember that quad cores will draw more energy from your computer. A rule of thumb that you should know when looking for a computer is that more cores will often lead to more heat being used. Manufacturers need to add updated heat sinks or find a way to cool their laptops. Things like architecture and clock speed will drive up the cost of your computer. Also, remember that it is not about how many cores your computer is running. It is all about the software that you are running on. your computer. Because the program needs to be specific if you are going to make full use of it with your processors. Also remember that just because your computer has more cores does not mean that the speed is higher. The ability of software to go and assign a particular task to a particular core is key in this. This will make your computer run at the best performance. When are more cores better for your computer? Let's find out: • More cores are better when you are gaming. • More cores are better for your computer when you are swapping between programs. If you do not plan on doing that, don't bother seeking more cores. Work Cited Patkar, Mihir, "What Do “Dual Core” and “Quad Core” Mean?", https://www.makeuseof.com/tag/what-does-dual-core-and-quad-core-mean-makeuseof-explains/, December 15, 2019.

Cisco Defect

A solution to a critical-level defect in the remote code-execution pertaining to it's customer interaction management solution, Cisco Unified Contact Center Express (CCX) as been rolled out by Cisco. The Cisco Unified Contact Center Express is an application that allows for the deployment of customer service applications by companies. There is a flaw within this software officially named CVE - 2020 - 3280, it is derived from a remote management interface made in Java. Cisco has said "The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user on an affected device". Now, let's draw out some points from that which we could use: • This app has an insecure translation of user content. • An exploit written in Java that is used to handle events to spy on users. • If the exploit is being run successfully, it would allow for the attacker to run their own commands/code in a machine with admin privileges. What this flaw means is that someone from the outside, an attacker, could run their own code on an infected device. That means any device that uses Cisco Unified CCX version 12.0 and earlier are prone to this. It is recommended that you upgrade immediately. A word of advice from Cisco is to use version 12.5 as that is not vulnerable. It is yet to be discovered if any defects have come up, but as of yet, Cisco has nothing to report as of per their public announcements. Thee good thing, that should put more people at ease, however, is that a patch has been released addressing this flaw. This flaw comes from a lack of input validation on the traffic of the service that dynamically assigns IP addresses. That allows for different devices to communicate on the network. This enables a remote attacker to be able to case a DoS attack on the infected device. Cisco has released the following announcement, "An attacker could exploit this vulnerability by sending a crafted DHCP request to an affected device. A successful exploit could allow the attacker to cause a restart of the DHCP server process, causing a DoS condition." Several other flaws relating to the CSX had also been fixed by Cisco. An SQL injection flaw, an SQL injection allows for an external user to use a flaw in a database to their advantage by inserting their own modifications and bend the contents to their will (The flaw was given the code name CVE-2020-3184. A DoS flaw had remained in Cisco's AMP for Endpoints Connector Software, this is a sandbox environment that is used to perform evaluations across a plethora of endpoints. A Linux defect that interferes with buffer memory, which is a segment of a computer's memory which serves as a place to temporarily hold data that is sent to or received from an external device. Work Cited O'Donnel, Lindsey, "Critical Cisco Bug in Unified CCX Allows Remote Code Execution", https://threatpost.com/critical-cisco-rce-flaw-unified-ccx/155980/, May 21, 2020.

Lenovo Vulnerability

Lenovo Vulnerability Lenovo ThinkPad touchpad and trackpad Through an analysis on Lenovo ThinkPad X1 Carbon 6th Gen laptop, it had been discovered by researchers that the touchpad and trackpad firmware faced a few issues. It was found that the problem was with the biometric manufacturer Synaptics own touchpad and TrackPoint technologies. The researchers discovered that an insecure firmware update was used. It should be noted that the devices did not require a Cryptographic signature verification. The report stated: "This lack of control made it possible to modify the firmware images through software, to run arbitrary malicious code within these components." The vice-president of the PC Division at Synaptics, had said that "Synaptics' TouchPads are end-devices and our firmware is proprietary, containing elements which would make creating an exploit difficult. In the unlikely case where an unsigned firmware update was successfully exploited, we believe the impact would be limited to disabling the Synaptics device. No such exploit is known to us at this time." Work Cited Winder, Davey, " Lenovo ThinkPad touchpad and trackpad", https://www.forbes.com/sites/daveywinder/2020/02/18/millions-of-windows-and-linux-systems-are-vulnerable-to-this-hidden-cyber-attack/#7b9413352b8a, Feb 18, 2020.

Israel Websites Hacked

During a Thursday morning in Israel, a number of sites had fallen victim to a cyber-attack. This cyber-attack was conducted by Iranians. The targets of this attack were of the following groups: • One of the targets of this attack were major firms. • One of the targets of this attack were political groups • One of the targets of this attack were a number of individuals. • One of the targets of this attack were a number of organizations. This attack had arrived after an Iranian port was blamed for a cyber-attack on Israeli information systems. It is believed that activist groups are the real culprits in this mess. These activists are believed to have ties to the following countries: • North African countries. • Turkey • The Gaze Strip. Surprisingly, our main culprit was not on the list. It was reported that it did not seem that Iran had initiated this attack by channel 12 news. The attack had posted videos on affected websites showing Israeli cities under attack including a rage of threats. Even with the number of defacements, many experts say that this attack was small scale. The main reason for this conclusion was because all of these attacks were on a single access point. This was an attack that was something that Israel's security agencies had been preparing for in advance. This was in retaliation to an attack that was blamed on Israel. Israel was blamed for crippling Iranian information systems. The attack carried out by Israel was also in response to an attack that was carried out by Iranian individuals on Israel's water systems. The attackers had posted the following messages in Hebrew as a stark warning to Israel: • “Be ready for a big surprise • “The countdown of Israel destruction has begun since a long time ago [sic].” The video that Iran had posted had shown an explosive terrain in Tel Aviv. The video also went to threaten the Prime Minister of Israel, Benjamin Netanyahu. Lastly, the video went as far as to show a great number of Muslims praying on the Temple Mount in Jerusalem. The video also came out with a message in Hebrew to Israel from Iran: “Israel won’t survive the next 25 years" A great number of attacks on Israeli sites had been revealed to and disclosed by the National Cyber Directorate. The Cyber Directorate had said an even greater number of websites had been targeted that were still to be discovered. It was estimated by Check Point Software Technologies that website attacks were about 300. The directorate had also come out with the following statement that was indicated by their first investigation: “superficial defacing of websites of private bodies in Israel done via a single storage firm hosting those websites.” The service had come out with the following: • A claim that the incident had been taken care of. • Recommended that computer users not click on links of any of the targeted sites. Ultimately, the culprits behind this attack are still to be known. Images on these sites did hold Iranian flags and symbols. The main focus of the attacks were on one location. An Israeli server with a vulnerability that had been exploited by the hackers in order to carry out this large attack. This server had belonged to a cloud service provider in Israel known as uPress. uPress provides services to a great number of sites belonging to Israel. This cloud service provider makes use of the WordPress software. The mistake that uPress had made was that it was not using the most updated version of WordPress. Work Cited Bachner, Michael, " Israeli websites hacked in cyberattack: ‘Be ready for a big surprise’" https://www.timesofisrael.com/israeli-websites-hacked-in-cyberattack-be-ready-for-a-big-surprise/, May 21, 2020

Password Locking a Folder on MacOS

If you are like most people, you will want to make sure that your information stays private. You can password protect your folders on a Mac. Many people like to seek paid programs to accomplish this free task. I will walk you through the steps to accomplish this feat. 1. To begin, you will want to press and hold Click Command + Shift + A. Doing this will open your applications folder. 2. Next, search for the Utilities folder and open it. 3. Select and open disk utility. 4. Search for and select file. 5. Click on "New Image". 6. Once the last step is complete, select image. 7. Now you can choose the folder that you wish to protect. 8. Next, select Image Format 9. select read/write. 10. Click on the Encryption menu. 11. Select 128-bit AES encryption. 12. Choose the password you would like to use for the folder. 13. Next, you can name the disk image. 14. Click Save. 15. Click Done. Work Cited Casey, Henry, "How to password protect a folder in a Mac", https://www.laptopmag.com/articles/password-protect-folder-mac, January 19, 2018.

The largest Cyber Attack May Emerge from Coronavirus

Forbes has predicted that an attack will arise sometime in the following six months. Forbes shares some ways that you can keep your network safe. It should also be noted that you might not need to worry, a lot of the damage will affect the government and corporate networks. So, you are safe... right? Either way, it is a good idea to heighten your senses and build up your security infrastructure at home through best practices in proper cyber etiquette. An "attack surface" is an attack that becomes a greater risk to the network when more hosts are involved. One of the big reasons that the pandemic is making security worse off is because of the ability for many people to work from home. Unfortunately, many companies are NOT properly equipped to manage employees working from home with the constraints of their networks. This leaves the door open for hackers. It puts you and your organization at risk. Because you are connected to your companies’ network, the rest of them are now prone to the attacker who has compromised your system. These types of attacks happen at the largest companies and many government agencies across the globe. Many organizations are affected by these attacks. The US department of Health is under no such exemption from these attacks, this is an agency that has been hit a number of times this year. CYFIRMA, a cyber intelligence firm has states that cyber-attacks have soared by 600% from February to march of this year! We do not know about all of the hackers yet, only the ones that have been shown to us thus far. Take extra precaution when you are online, many attackers are still in the dark to this day and are waiting for you to make one small error so that they can compromise your system and gain access to your organizations networks. Work Cited Horowitz, Mark, " Cyber Security Expert Predicts Remote Working Will Worst Cyber Attack In History This Year", https://anewspost.com/cyber-security-expert/, May 17, 2020.

Query Session / Qwinsta This windows command displays information on the users that are currently signed into a remote desktop session. Sessions in which the user is currently signed onto can be queried. If the user by chance wants to query other sessions, they need to have special access/permission to do so. Not nspecifiying your session can lead to a big correlaton problem. Information pertaining to session name, user name, and session ID all active information will be displayed. When QUERY SESSION returns information, a greater than (>) symbol is displayed before the current session. Sample output: 5 idle SESSIONNAME - This represents the name which is assigned to the session. USERNAME - This represents the user's name. This identifies the user what is connected to the session. ID The session ID - STATE - provides information about the current state of the session. TYPE - indicates the session type. DEVICE - which is not present for the console or network-connected sessions, is the device name assigned to the session. Either the SessionName or the ID can be used by the Reset Session and LOGOFF commands respectfully to disconnect or logoff that session from the server. The comment following session information is from the session profile. Any sessions in which the initial state is configured as DISABLED do not show up in the query session list until they are enabled. The permission type access that grants special permissions to the user account are: • The permission type access allows the user to query Information, Logon, and Connect. • The permission type access allows the user to log on to a session on the terminal server. • The permission type access allows the user to query information about a session. • The permission type access allows the user to send messages to other user sessions. • The permission type access allows the user to connect to another session. To set your permission, you must access one of the following options: • Terminal Services Configuration • Connections • Properties • Permissions • Advanced • Permissions 8. The netstat -anob displays a list of active TCP connections to your system. This will show an allotment of listening ports on which the computer. The netstat -anob command will show the following: • The IP routing table • IPv4 statistics (for the IP • ICMP • TCP • UDP protocols) • IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols) The netstat -anob displays a list of active TCP connections to your system. This will show an allotment of listening ports on which the computer. The netstat -anob command will show the following: • The IP routing table • IPv4 statistics (for the IP • ICMP • TCP • UDP protocols) • IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols) • I typed in netstat -o to find the PIDs with only the established status. • This will display the active TCP connections on your network that include the Process ID for each of the connections. This would be something that is very helpful in system security because you can tell who is attacking your system and make the necessary actions to kill their session. Personally, I haven't done this in Windows, but have done stuff like it in Debian 9, with the kill -9 command. • tasklist /v | findstr 432 lists the running processes that are running in memory. This is a very close process in relation to opening 'Task Manager' and finding the 'Processes' tab. For example: • Findstr is useful in helping the users in finding content that is within files. Findstr is useful in helping the users in finding filtered output from another command. • 'tasklist' and 'findstr' can both be combine and ran as a single cohesive command that can be used to search for a pid in a document. This command will end one or more tasks or processes. Using this technique, you may end any processes that are running on your system. This command is very useful when it comes to securing a system, incase, ever, there is a bad website connection, bad actor connected through one of the ports, etc. The net users command allowed for us to view the users who are currently on the system. This allows us to determine if anyone else may be connected to our system. From a system security point of view, this would help to check if their is a bad account on a system that must be gotten rid of, or an old account that must be rid from the system. Local Security Policy allows Windows to enforce the following security settings: • System related settings these include passwords, audits, and permissions. • User related settings, these include passwords, audits, and permissions. The netstat -an | find /i "established" works to find all open ports on your system. The results came back with nothing, so there were no open ports.

terms

Local Server - This displays the properties of the local server. It allows you to configure different settings on the server. This would help in configuring accessibility. AD certificate Services - In the roles and features category we can install new servers, going through this process, we can select whether we want the server to be role-based or feature-based. According to Microsoft (https://docs.microsoft.com/en-us/windows-server/administration/server-core/server-core-roles-and-services), role service contains alot of routing based, web based, certification, and file allocation services. On the other hand, feature-based includes things related to the NET framework, data management, IP configuration, routing, messaging, media, VM tools, and Windows tools. DNS functions - When going through server roles, we could have our server performs DNS functions. It would provide name resolution of the TCP/IP network. Through this, we could select the active directory domain services and make this comply with DNS server capabilities, sort of in relation to a handshake. Active directory Certificate Services - According to Microsoft (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831740(v=ws.11)), this server role allows you to build a public key in which you would use for cryptography, digital certificates, and digital signature capabilities. Domain services server role - According to Microsoft (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831484(v=ws.11)), we can create a scalable, secure, and manageable infrastructure for management of resources and users. With Domain services server role, you may also support directory-enabled applications, this may include something like a mail server. This server stores and manages both directory-enabled app data about network resources and application-specific data. These servers are known as Domain controllers. This server role may be used for the following: • organize elements of a network (Users, computers, other devices). • This structure includes the active directory forest. • Domains the belong to the active directory structure. • Organizational units. Federation services - According to Microsoft (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn486815(v=ws.11)), the target audience for this server role is comprised of the following: • IT architects that manage computer management and security in a organization. • day-to-day management and troubleshooting IT operations engineers. They will work with networks, servers, client computers, operating systems, or applications • IT operations managers, the roles of the managers are as follows: accountable for network and accountable for server management In accordance with the migration features: • Exports data pertaining to the AD FS 2.0 of your server. • Performing a silent transformation of input upgrade of the serverr operating system. • Reconfiguration of AD FS, with restoration of the remaining AD FS service settings. Lightweight Directory Services - Active Directory Lightweight Directory Services (AD LDS) is a Lightweight Directory Access Protocol (LDAP) directory service. It provides flexible support to applications that are directory-enabled, without dependencies and domain-related restrictions of. This may be run on member servers or stand-alone servers. Multiple instances of AD LDS—each with its own independently managed schema—on one server may be ran. Active Directory Rights Management Services - According to Microsoft (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831364(v=ws.11)), this server role works to provide you with management tools and development tools. These tools work with industry security level technologies. This includes: • encryption • certificates • authentication This allows individuals through both administrators and individuals to specify access permissions of IRM policies. This applies to the following items: • Documents • Workbooks • Presentations These policies help to protect sensitive information from being: • printed • Forwarded • Copied DHCP Server - According to Microsoft (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn495428(v=ws.11) ), DHCP server role migration involves transferring the settings for an already existing DHCP server to a new DHCP server that is in the same network. Warning migration steps such as those for: • computer name • IP configuration can cause other roles on source server to fail. Obtain IP address automatically - The purpose of this field allows for the network to obtain a dynamic IP address. I think this is a safe way of connecting to the internet, but it would not be as useful as a static connection to the internet for a security team. In other words, we would be allowing for our network connection to be a DHCP setup. This wouldn't allow for a connection to a server's gateway, the gateway needs to match, once you obtain the IP address automatically, you are letting the device choose a generic connection for you. DHCP Server - According to Microsoft (https://docs.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-top), this server automatically provides an host with it's IP address and other network configuration information. very device on a TCP/IP-based network must have a unique unicast IP address to access the network and its resources. Without DHCP, IP addresses for new computers or computers that are moved from one subnet to another must be configured manually; IP addresses for computers that are removed from the network must be manually reclaimed. With DHCP, this entire process is automated and managed centrally. The DHCP server maintains a pool of IP addresses and leases an address to any DHCP-enabled client when it starts up on the network. Because the IP addresses are dynamic (leased) rather than static (permanently assigned), addresses no longer in use are automatically returned to the pool for reallocation. The network administrator establishes DHCP servers that maintain TCP/IP configuration information and provide address configuration to DHCP-enabled clients in the form of a lease offer. The DHCP server stores the configuration information in a database that includes: • Valid TCP/IP configuration parameters for all clients on the network. • Valid IP addresses, maintained in a pool for assignment to clients, as well as excluded addresses. • Reserved IP addresses associated with particular DHCP clients. This allows consistent assignment of a single IP address to a single DHCP client. • The lease duration, or the length of time for which the IP address can be used before a lease renewal is required. A DHCP-enabled client, upon accepting a lease offer, receives: • A valid IP address for the subnet to which it is connecting. • Requested DHCP options, which are additional parameters that a DHCP server is configured to assign to clients. Some examples of DHCP options are Router (default gateway), DNS Servers, and DNS Domain Name. DHCP has the following benefits: Reliable IP address configuration. - This minimizes the event of configuration errors that are caused by manual IP address configuration, such as the following: • typographical errors. • address conflicts. • Reduced network administration. This includes the following features that work to reduce administration over a network: o Centralized TCP/IP configuration. o Automated TCP/IP configuration. o Ability to define TCP/IP configurations. o Assigning a plethora of additional TCP/IP configuration values. o Effective handling of IP address changes for clients (these must be frequently updated) o Forwarding of DHCP messages. DNS server - According to Microsoft (https://docs.microsoft.com/en-us/windows-server/networking/dns/what-s-new-in-dns-server), You can use a policy of DNS to handle Geo-Location based traffic management. DNS intelligence responses are based on the time of day, these can manage a single DNS server configured to employ the following techniques: - split-brain deployment - applying filters on DNS queries • Application Load Balancing - This is When you have launched a series of instances of applications at different designations/origins. Thus, allowing for the use of DNS policy in order to maintain the traffic load between instances. This will work to dynamically allocate the traffic load of applications. • Geo-Location Based Traffic Management - DNS Policy is used to allow primary/secondary DNS servers to respond to DNS client queries to the resource to which the client is attempting to connect as well as the geolocation. This will provide the client with the IP of the nearest resource. • Split Brain DNS - DNS records split into a number of different Zone Scopes that are on the same DNS server. DNS clients will be updated with a response that is based on whether they are internal clients or are external clients. Split-brain DNS can be configured for Active Directory integrated zones. Split-brain DNS can be configured for standalone DNS server zones as well. • Filtering - DNS policy may be configured in order to create query filters, which are based on criteria that is supplied by the server admin. Query filters allow you to configure a DNS server to respond to a DNS query and to respond to a DNS client that sends the DNS query. • Forensics. DNS policy may be used to redirect malicious DNS clients to a IP address that does not exist. The reason for this for not directing them to the computer they are trying to reach. • Time of day based redirection. DNS policy may be used to distribute application traffic. This traffic will then be dispersed across different geolocations by using DNS policies that are based on the time of day. Fax Server - According to Microsoft (https://docs.microsoft.com),to send a fax you can use Windows Fax and scan to • send faxes • add accounts • monitor the incoming fax queue • view the inbox • view the outbox. This is often used to scan faxes. Fax Server sends and receives faxes and allows you to manage fax resources such as: • jobs on your fax server. • settings on your fax server. • reports on your fax server. • fax devices on your fax server. File and Storage Services - According to Microsoft (https://docs.microsoft.com), these include technologies that assist in the set up/management of one or more file servers. They provide central locations on your network that allow you to store/share files with users Hyper-V - According to Microsoft (Savill, John, "Getting Started With Hyper-V in Windows Serveer 2012", https://www.itprotoday.com/windows-78/getting-started-hyper-v-windows-server-2012, April 12, 2013), this is a highly scalable server. The New network/storage includes: • single root I/O virtualization (SR-IOV) • Server Message Block (SMB) 3.0 • virtual Fibre Channel • network virtualization Together, these work together to make Hyper-V an appealing hypervisor choice. Many different organizations have never considered Hyper-V. Hyper-V allows us to accomplish the following: • create virtual hard disks (VHDs) of 64TB • removes the need to use pass-through storage • pretty much any workload can be virtualized Network Policy and Access Services - According to Microsoft (https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-top), Network Policy Server (NPS) allows for the creation of and enforcement to a organization-wide network. These policies will ask for connection request authentication and authorization. NPS can also be configured as a proxy of sorts, Remote Authentication Dial-in user service (RADIUS). This NPS configuration will allow the server to forwards a number of connection requests to other RADIUS serveers. This allows for a better quality in load balance connections requests. That then shoots requests to the correct domain to bee authenticated/authorized. The goal of NPS is to allow for central configuration and management of network access in the following ways: • authentication • accounting • authorization Print and Document Services - According to Microsoft (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831468(v=ws.11)), this feature enables for centralizing a print server and network printer tasks. This role allows you to receive scanned documents from network scanners and do one of the following with the documents: • route the documents to a shared network resource • Windows SharePoint Services site • email addresses. Remote Access - According to Microsoft (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831539(v=ws.11)), Remote access uses DirectAccess to hold a stable connection for it's clients over the Internet. Remote Desktop Services - These are services which can be used to accelerate the following ("Remote Desktop Services (RDS)",https://www.techopedia.com/definition/27730/remote-desktop-services-rds-microsoft-windows): • application deployments • desktop deployments RDS works to allow clients to run without and client or OS. RDS can: • Access off-site computers. • Allow for the manipulation of computers online. This server also ensures that property is secure. This server works to remove specific: • applications • files • data IP address - This is where you choose the IP address or identification that your computer will be identified by when connected to a network. When we choose a static network connection, we are allowed to update this field. For a security team, this would provide for an easy identification of a computer and also, if interception is needed, they can spoof the IP address or more over to gain privileges or intercepting packets Something more useful, I think is the MAC address, spoofing this would allow the user to connect to a different physical location and do nefarious things, such as switching your MAC address to another MAC address of a device in a desired location and gaining the network properties of that device (I haven't done this by the way, I just know about it, I just wanted to know why MAC addresses were so special a long time ago). subnet mask - This is where you choose the subnet address, it is used to choose which subnet an IP address will belong to. When we choose a static network connection, we are allowed to update this field. Default Gateway - This is a node in a computer's network. We can manage the default gateway which allows for host forwarding through these settings. Other networks receive Packets that are forwarded through our gateway address when there are no other route specifications. Use the following IP address - This allows you to set your IP address, Subnet mask, and Default gateway. Doing this puts you in control of your IP configuration and gateway. Doing this, you could connect to a server of your choosing. The main purpose of it is for remote management. Also, in other words, this is a static network connection. Preferred DNS server - The DNS server will manage the way in which host names are mapped in correlation with IP addresses. If you were to mess with a target's DNS, that would throw off the victim’s connection to the internet, also you must be aware that this could happen to yourself. Also, this is the primary way to type in a domain name and able to connect to the system at hand. This is more efficient than trying to remember the more complicated address of the machine. The best example of this would be in relation to a phonebook. We can use the netshare command to: • create network shares. • Configure network shares. • Configure network shares. • It has the users on the system share their network shares This could helpful for a security professional from the perspective that a professional can tell: • What users are on the system quickly. • What permissions users have. We went through the computer management to active directory and viewed the users organizational units that were on the system. This can tell a security professional thing like: • Group structure • Permissions • Purpose • Active domains • What domains do not exist • Machines • With a list of users, admins can tell who is on the lists, what type of group they belong to, and a description of the account. This would be helpful in managing your users. • This is the implementation of a role service. The service relies on AD DS to hold a number of different activations. The forest schema can be modified through the use of adprep.exe in Active Directory. This is all typically done on a supported server. Once the modifications are made to the schema, clients may still be modified by old domain controllers Here we are showing all of the services that are running on the computer. It provides each running process of a service that is running on the server with a: • Name • Description • Status • Status type • Log For a security professional, this would be helpful to determine • Which services are running, they could compare to past runs and see if any services were stopped or started by a type of malware. • Which services are stopped, they could then investigate where they were shutdown from with the Linux terminal by using a terminal to connect a Mac/Linux OS to the server. • Which services need to be started. • Which services need to be stopped. The disk management option would allow us to do the following: • Allow us to connect/initialize disks. • Create a partition that is basic, spanned, or striped. • Format a volume/partition with ExFAT. Format a volume/partition with NTFS. Format a volume/partition with ReFS. • The conversion of an empty basic disk to dynamic or the converting to GPT/MBR partition style. • Disk management would allow us to extend and shrink NTFS volumes or partitions. The reason that reviewing and updating these rules is important is to accomplish the following things: • Make sure that the rules that you had set previously haven't changed due to malicious activity. • Make sure that all rules are kept current. • Disable/Enable rules What the goal of the firewall is: • Reduce risk of network threats. • To safeguard intellectual property. • To extend investments. This program is part of a layered security model. It provides the following: • host-based traffic filtering pertaining to a device. • two-way network traffic filtering pertaining to a device. The firewall will block network traffic deemed unauthorized that is coming from one place into or out of your local device. Netstat is a program and the program is controlled through the use of commands issued in the prompt/terminal. Netstat will deliver basic statistics on current network activities. Netstat will then go to informs the users that are on the system on which ports/addresses (TCP, UDP) are running based on current connections. Thee netstat command statistic also tells which ports are open for individual tasks. Netstat is something the is available on Unix operating systems as well as DOS systems. Since netstat is only viewed on the terminal/command prompt, TCPView is a program that was developed to represent statistics that could be displayed graphically through the use of a GUI. We were running a Windows update to make sure that the security, services, and patches for the server were up to date. From a security professionals’ perspective, this can do things such as: • Allowing for authentication and proper availability to be ensured with the server. • It allows for better security. Some things that an admin should be aware of though are that they should: • Backup before an update. • Create an image backup. • Not to change alot at one time. • Monitor your logs after changes are made. • Confirm your operating system Work Cited Microsoft Support, " How to troubleshoot errors that occur when you join Windows-based computers to a domain ", https://support.microsoft.com/en-us/help/4341920/troubleshoot-errors-when-you-join-windows-based-computers-to-domain Tkachenko, Sergey, "How To View Network Shares in Windows 10", https://winaero.com/blog/view-network-shares-windows-10/. Microsoft, " Activate using Active Directory-based activation", https://docs.microsoft.com/en-us/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client, July 27th, 2017. IONOS, "What is netstat", https://www.ionos.com/digitalguide/server/tools/introduction-to-netstat/, June 3rd, 2019 Microsoft, "Windows Defender Firewall with Advanced Security", https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security, October 13, 2017. Eckel, Eric, " 10 things to remember when upgrading servers ",https://www.techrepublic.com/blog/10-things/10-things-to-remember-when-upgrading-servers/, March 24, 2010.

Social Networking

Pros and Cons of Social Networking for Businesses I chose to explore the pros and cons of social networking in business because social networking can either help a business to grow, or it can contribute to its failure. A lot of businesses have quickly decided to use social networking without carefully researching the positives or negatives of social networking. By examining the pros and the cons of social networking a business can decide if social networking will be profitable or not. Some of the pros a business should consider in using social networking are as follows: 1. Social networking can reach a lot of people. Reaching a large customer base is the primary reason that a business uses social networks. 2. Social networking can be cost effective. Social networks are typically free to use. By saving money in social networking a business can be free to focus their money on other places. 3. Social networking is good for customer service. By providing customer service, a business receives customer feedback. 4. Customers generally expect that a business will be using social networks. Customers expect social interaction. 5. Social networks encourages loyalty to a business. 6. Social networks comes with a business expectation of increased sales. Businesses expect a return on their investment. Some of the cons that a business should consider in using social networks are as follows: 1. Generating negative users is possible with social networks. Included in negative users are spammers, scammers, trolls, and other sorts of malicious individuals all out to do harm to a business’ online reputation (digital marketing). 2. Using social networks is time consuming; requiring daily attention in updating and responding to customers. 3. Hacking of personal information, customer information, and a business’s information is a security issue of social networks. Not only will hacking endanger the customer, but it can put a business at risk. 4. Communicating through social networks must be done clearly in order to be effective. 5. Evaluating the success of social networks on a business can be difficult. By looking at the pros and cons of social networks, a business should be able to decide what parts of social networks are in its best interest. Being able to evaluate the effectiveness and impact of social networks can determine the success or failure of a business. I learned that for social networks to be beneficial for a business a lot of critical thinking needs to happen. Deciding to use social networks as a way to grow a business may or may not be good for all businesses. I learned that it is important for a business to decide what is best for its success. Matthew Ivezaj 9 October, 2016CIS1100 Work Cited Website: http://digitalmarketingphilippines.com/the-pros-and-cons-of-social-media-marketing-for- business.com Southern Phillipines institute. "The Pros and Cons of Social Networking for Business." Digital marketing. 11 June 2014. Web. 27 September 2016. Website: http://canadabusiness.ca/eng/page/2655/ Canada Business Network. "Pros and cons of social media." 18 August 2016. Web. 27 September 2016. Website: http://qmhine.com/pros-cons-using-social-media-business/ QMH, INC. "Pros & Cons of Using Social Media for Your Business." 16 March 2016. Web. 27 September 2016.

How likely are you to get hacked? Cyber security and you

Equifax is a name that is popping up now and then because of their poor cyber security habits and irresponsibility they have shown to their clients, also adding to the list of organizations are names such as Target, Yahoo, JP Morgan, and Hollywood Presbyterian Medical Center. Honestly, everyone is vulnerable to an attack, no matter what you do, how skilled you are, or however high your IQ is *clear throat Trump * excuse me, where did that come from. As 4-star Admiral Michael Rogers, Director of the NSA, leader of its Military components, the Central Security Service, and Commander of United States Cyber Command has said, “Vulnerability is an inherent nature of the technical world that we live in today, and if your desire is to live in a world without vulnerability, I would say that is probably highly unlikely”. A common bad habit that many people practice is using a “weak” password, in respects, passwords should be at minimum of 12 characters in length, they should include a combination of; numbers, letters, and special symbols; using a different password for everything, and please remember that a password should be kept up here (point to head), not written down on a sticky note. While browsing the web, do make sure to check to see if the lock emblem is in the address bar to ensure of a site’s secure connection, configuring routers can allow for access for your IP address only, using VPNs, Using wired LANs vs wireless LANs, it does not hurt to search up cyber security news to keep yourself informed on particular topics, and with that, a plethora of other things that I won’t get into now, those are just your basics to staying semi-safe. Ivezaj 2 Many of you probably think of hackers as bad, but not all hackers are bad, here are the main categories of hackers; Black hats, which are the ones that commit crimes such as robbing a bank; Grey hats, were black hats, now consider themselves turned, but are still loose cannons; red hats, who act as security consultants whom serve the roles of hacking/penetration testing; Blue hats, who are part of a firm outside of the organization that conduct attacks on a system before the launch; Suicide hackers, these individuals are so driven that they will sacrifice everything to complete the mission at hand, whether hacking the political system, operating a terrorist heist, or personal gain; White hats, who are the good cyber professionals whom serve to protect, bringing the fight to push back criminals, aka ethical hackers. Then each member of one of those groups are sub-divided in 3 categories of their own, based on skill set; Script kiddies, who rely on programs to do their hacking and have no idea what is going on in the background; Intermediate hackers, whom of which understand some of the concepts that are going on in the background, but like the script kiddies, still rely on programs; Elitists, these are the professionals who often write programs for the script kiddies and intermediate hackers to use in their attacks, these people can hack someone and make it look like someone else did it. The way they make it look like someone else has committed the hack is through MAC (Media Access Control) address Spoofing, which changes your devices physical IP address on the NIC (Network Interface Card). Ivezaj 3 A MAC address is a sequence of 6 octets of 2 characters containing a combination of letters between A through F and/or numbers (different than IPv4 which has 4 octets containing 3 digits in each octet except that an IPv4 address can be out of 32 bits in size (2^32), containing 4,294,967,296 IPv4 addresses, IPv6 which are 8 octets of 4 characters, a combination of letters and numbers, following the same rules that a MAC address is limited to, and is 128-bits which can contain 240,282,366,920,938,463,463,374,607,431,768,211,456 (that is over 240 octotrigintillion) IPv6 addresses; IPv4 communicate with IPv6 through dual stack configuration, for those of you wondering). Now this is pretty interesting, MAC address spoofing is also used to gain privileges of the intended device which you spoofed. Now, a pretty interesting thing that I learned back in the fall is that you can spoof a MAC address belonging to a device from home to use your cables internet on the go, provided the device is turned on, however keep in mind, it does suck that we can hit our usage caps at about 20-30%, however there is a way to broadcast your own Wi-Fi using a modem, router, switch/hub, and a few other components, which would make cable pointless because you could just use a Roku, firestick, or one of those types of devices for free TV with your self-broadcasted Wi-Fi (however there maybe are a few components missing from that and one of my Old Professors said he would let me know what those are when he gets time), though you did not hear that from me. Another plus to MAC spoofing is when you get IP blocked for entering many incorrect passwords which I know that many if not all of us do at times, if you spoof your mac address, your physical IP address changes, causing the system to think another computer is connected from a different location, allowing you to try again. Lastly it is a useful technique that works by keeping yourself anonymous online. Ivezaj 4 An example of a notable hacker (AKA hacktivist) that did not use his abilities for evil is Aaron Swartz, who fought to make the world a better place by allowing all excess of information to flow freely, here is a quote from Aaron “Information is power. But like all power, there are those who want to keep it for themselves. The world’s entire scientific and cultural heritage, published over centuries in books and journals, is increasingly being digitized and locked up by a handful of private corporations.” In case you don’t know Aaron, here are some facts about him, at age 12 he created a website named “The Info”, which is the precursor to Wikipedia and that won him the first-place prize from ARS Digita, At age 13, Aaron helped to Co-Author RSS, lastly at age 19 he Co-founded Reddit, making him a millionaire. Aaron was charged with 13 counts of wire fraud, all for trying to make information free and accessible for all. His crime was sneaking into an MIT closet and downloading a bunch of free journal articles to release to the public, this involved MIT, JSTOR, and Aaron. Charges from JSTOR, whom suffered the most damage had been dropped, MIT stubbornly stood their ground even though they did not face real damage, plus MIT supports hacking. The Attorney General of Massachusetts had incurred charges on him, namely Stephen Heymann, the assistant Attorney General, he compared Swartz to a notable hacker of the name Jonathon James, who at 15 hacked into the department of defense, he later committed suicide. Aaron was given two plead deals that spanned a few months to a half of a year, he declined them, so, the United States government gave him a final offer of…35 years to make an example of him to all future activists. Aaron hung himself, not from the fear of having his freedom taken away, but because he wanted to serve in the Secret Service and Ivezaj 5 you cannot serve if you have a felony against you, that I know well. I know that he broke the law, making him bad, but his intent was pure. Here is a quote from Elizabeth Warren, the senator that would not have been elected if it were not for Aaron, “When I met Aaron Swartz in 2010, I discovered a young man who was passionate, sharp, a little shy, and, above all, warm and good natured. He seemed like the kind of person who couldn’t hurt a fly — he just had that kind of presence. Aaron made remarkable contributions to our world, and his advocacy for Internet freedom, social justice, and Wall Street reform demonstrated both the power of his ideas and the depth of his commitment. The world is a poorer place without Aaron.” Lastly, Here is a passage that Aaron wrote, “I think deeply about things and want others to do likewise. I work for ideas and learn from people. I don’t like excluding people. I’m a perfectionist, but I won’t let that get in the way of publication. Except for education and entertainment, I’m not going to waste my time on things that won’t have an impact. I try to be friends with everyone, but I hate it when you don’t take me seriously. I don’t hold grudges, it’s not productive, but I learn from my experience. I want to make the world a better place”. I’m sure that many of you have heard of Aaron, you may not remember it now, however, the night of January 11 th 2013, social media blew up with everyone paying respects to Aaron, I chose to talk about Aaron because I believed he offered a lot to the world, and in a lot of respects, I find that we are very similar in our thought process, and look pretty similar in terms of appearance, also, at least that is what I am told. In conclusion, the future is bright for those who wish to journey in the realm of Cyber Security, with according to many news organizations, around 1.5million jobs predicted in the United States, and according to organizations such as Forbes, 6 million predicted unfilled spots Ivezaj 6 by 2019, globally. Especially for women, I honestly think that the world of Cyber would look a lot better if there were more women in the ranks of the Cyber Security lineage, because women only make up around 10% of Cyber at the moment and bringing more of a variety to the field is in great need. Here is another quote from Adm. Rogers, “So to me, I urge people look, don’t be intimidated by the technical aspects, don’t be intimidated by this is different in some ways than the traditional fields some of us have experienced, because I argue, Cyber is an operational domain in which we do a variety of…missions and functions, many of which are very traditional, we do Reconnaissance, we do fires, we do maneuvers, we have key terrain, all of those things that I was constantly going back, hey, how can we frame this in a way that brings a broader sense of recognition and makes it easier to integrate this, don’t make this thing so special and so unique that it just gets pushed to the side, that will sub optimize our ability to perform cyber operations and negatively impact, at least in my view anyway, the operational outcome, which is the whole reason we are doing this in the first place, if it doesn’t have operational outcome, it is a waste of time and a waste of an investment”, and it goes on for a while, I just wanted to include that. Some important topics in Cyber that I think to go over are understanding; Linux for everything is Cyber because it is used to conduct administrative control in networks, is used in routers, a ton of programming resources, free support, accounts for over 70% of the worlds servers, a false statement that some say is that Linux is less secure than windows because of vulnerabilities, which is undeniably false, but if that were actually the case, why would Edward Snowden have used Linux Tailes to evade the NSA during the time that he did? Linux users are also monitored by the NSA in further depth, using Tailes automatically gets you marked as an extremist. Once malware gets on a windows system it can automatically spread Ivezaj 7 to every other file on the partition, whereas in Unix like operating systems like Linux, stops at individual packages, because Linux breaks programs down into packages and Windows offers them as bundled suite; I think that you should also know, IP protocols, configuring routers for security, everything on IP addresses/subnets, SSH commands, utilities, probably learning how to use SSL and TLS connections to a server and to encrypt/decrypt messages (with terminal or command prompt, whatever your weapon of choice is), understanding ports, and a variety of other things, I’m not going to bore any of you any further however. Work Cited Ivezaj 8 Rogers, Michael “NSA Chief Adm. Mike Rogers asked about Apple vs. FBI, encryption “, https://www.youtube.com/watch?v=L9miS0fwmdE, 5 April 2016. Swartz, Aaron Albright, Jane “How likely are you to get hacked? Cyber security and you” http://www.wral.com/how-likely-are-you-to-get-hacked-cyber-security-and-you/17266197 18 January 2018. Warren, Elizabeth “Aaron Swartz’s Suicide Triggers Response from Top U.S. Lawmakers http://business.time.com/2013/01/16/aaron-swartzs-suicide-triggers-response-from-us- lawmakers/

difference between licensed and unlicensed wireless

What's the difference between licensed and unlicensed wireless So as we know, wireless technologies transmit airwaves which allow for receiving information. The wireless spectrum is made in chunks called frequency bands, which are in the airwaves used by these wireless technologies. All of these belong to licensed modems, the word licensed means that companies are purchasing the license fee for the right to assign channels to different locations (i.e. ABC, MSNBC, FOX…Etc). What licensing says is that company B may not interfere with company A’ transmission. Let us look at how licensing protects us, licensing allows for interference not to garble (decent reception), because as you may be aware, when you are out of the coverage of the company, you pose the risk of having a bad connection (which is what unlicensed modems will give you which we will talk about later) (pdf showing frequency locations, http://www.ntia.doc.gov/osmhome/allochrt.pdf). We will now take a gander at unlicensed modems, such as 2.4 GHz ISM band or the common 5 GHz UNII band. These unlicensed modems do not require permission to transmit these wireless frequencies, however you must comply with their rules. Because they are not backed by a large group, they do pose the risk of signal corruption. The trade-off between the two is the signal corruption involved because unlicensed modems do not come with EV-DO network, which service providers do have, you would have to pay for the service provider Work Cited Phifer, Lisa, “What's the difference between licensed and unlicensed wireless?” https://searchnetworking.techtarget.com/answer/Whats-the-difference-between- licensed-and-unlicensed-wireless , September 2007.

Root Privilege Escalation Bug

Root Privilege Escalation Bug Several Unix-Like operating systems share a similar decades old vulnerability. This vulnerability has been discovered by a group of security researchers. The Unix like operating systems that are affected by this vulnerability are as follows: • FreeBSD • NetBSD • OpenBSD • Linux • Solaris ` This vulnerability is exploited by attackers to provide an escalation of privileges. In other words, they would be taking advantage of the root user account. This is a very dangerous vulnerability the name of it is Dubbed Stack Clash. With Dubbed Stack Clash present (also called CVE-2017-1000364), the attacker would have the power to do anything to your computer/network. The way that this vulnerability was discovered through the stack for user binaries. Stack Clash Bug Exploitation This is a simple exploitation in the fact that it takes advantage of the stack or a system (memory storage). It will grow in the stack while the program is running and eat up all of the memory. Qualys Researchers have found this bug that attempts to exhaust memory as stated before. This would cause memory to overflow and clash with nearby stack regions. This will unfortunately overwrite content on the stack. What gets worse is that this slick bug can move past a stack guard-page. A stack guard-page is a memory protection that was introduced in 2010. It is a response to the first time this exploit had appeared in 2005. Qualys had come out with the following statement, "Unfortunately, a stack guard-page of a few kilobytes is insufficient: if the stack-pointer 'jumps' over the guard-page—if it moves from the stack into another memory region without accessing the guard-page—then no page-fault exception is raised and the stack extends into the other memory region,". Let’s look at some things about this vulnerability: • In most cases, this vulnerability requires local access. • In some cases, this vulnerability can be administered remotely. This bug can be combined with other vulnerabilities, such as the Sudo vulnerability that I had discussed. When attackers utilize these two bugs, it is game over. This will allow them to run arbitrary code with the utmost highest level of privilege. 7 Proof-of-Concept Exploits that were discovered by Qualys Qualys researchers had come out with a statement saying that they were able to develop seven exploits. Qualys researchers had come out with a statement saying that they were able to develop seven proofs of concept (PoCs) for the Stack Clash vulnerability. These new expliots will work on the following Unix systems: • Linux • OpenBSD • NetBSD • FreeBSD • Solaris on 32-bit and 64-bit x86 processors. It should be noted that the Qualys researchers are yet to publish these exploits and POCs. This would give users enough time to patch their systems before these exploits are released and hell breaks loose in the Unix world. The four steps that PoCs take are as follows: 1. Clashing, A conflict between one stack and another memory heap. 2. Running, running the last memory storage to the storage's start 3. Jumping, going over the memory storage's guard page. 4. Smashing, smashing the memory storage or regions. It should be noted that the following distros are not exempt: • Sudo on Debian, • Sudo on Ubuntu • Sudo on CentOS • ld.so and most SUID-root binaries on Debian. • ld.so and most SUID-root binaries on Ubuntu. • ld.so and most SUID-root binaries on Fedora. • ld.so and most SUID-root binaries on CentOS. • Exim on Debian • rsh on Solaris 11. • Red Hat Enterprise Qualys has also came under the determination that the following operating systems may potentially also vulnerable to CVE-2017-1000364. These include the following: • Microsoft's Windows • Apple's OS X/macOS • Google's Linux-based Android OS Patching/Updating Vendors have already begun the process of issuing patches to their customers, pertaining to this bug. Installing patches at your latest convenience is a must. If you do not have the option to update your computer per the companies discretion as of yet, you may just need to reboot your computer. Then you will need to manually apply stick limits to the local user applications. To do so: • you will need to set the RLIMI STACK and RLIMIT_AS that local users have to a low value. set the hard RLIMIT STACK and RLIMIT_AS of local users and remote services to a low value. You should not take anything for granted. After you have done this, it is advised to recompile all of your: • libraries with the –fstack-check feature. • Id.ao with the –fstack-check feature. • binaries with the –fstack-check feature. Doing so would halt the stack pointer from moving to another region of memory with not access to the stack guard-page. In other words, we would kill Stack Clash. Update have been released to some systems, but not all Fedora and Slackware have been among the first systems to have come out with updates. We have seen FreeBSD and NetBSD issue patches. All of this is carrying out while Qualys researchers are releasing the exploits and POCs for the anticipated Stack Clash vulnerability. Work Cited Khandelwal, Swati, "A Decade Old Unix/Linux/BSD Root Privilege-Escalation Bug Discovered", https://thehackernews.com/2017/06/linux-root-privilege-escalation.html, June 20, 2017

Sudo update

Sudo Update We all know that sudo is one of the most powerful tools in Unix-like systems. It gives the user admin like privileges, but I'm not talking about Windows type Admin Privileges. The unix sudo command gives a user control over the network. Now, a new version of sudo has been released by One Identity. Let's look at what we know: • One Identity is the organization that is behind the utility. • This version is dubbed sudo 1.9. • It has enhanced auditing capabilities. • It has enhanced logging capabilities. • It has enhanced security capabilities. Sudo is both famous and infamous in some circles of users. If the sudo rm -rf command is not used right or exploited by a bug, it can utterly destroy the contents in a system. But when used correctly an in light heart, it is a very, very, promising tool. New sudo changes have made exploiting the dangers of sudo more tricky. I will explain some of the new abilities of sudo below: • Centralized Logging: This allows a logging daemon. This can be used for ease of logging (both a good and a bad thing... mostly bad). This can be used to create a central logging over a secure Transport layer protocol. • Rich Auditing: Audit plugins can be used to give an advantage to third party apps in pulling details from a sudo session. Audit plugins can be used to give an advantage to third party apps in aiding in auditing. Audit plugins can be used to give an advantage to third party apps in best practice review. AKA, an attacker would be able to synthesize details from the sudo user and gain full executional domain power over the environment. • Just-in-time Command Approval: This provides the admin with the ability to enable just-in-time authorization for the sudo commands. These commands will add an extra layer of security and hopefully a sense of relief. The approval plugin will run after commands from a sudoer are accepted. This new sudo approval policy will perform additional checks that will interact with users. A number of these approval plugins can be specified in the sudo.conf file. The command will be allowed to run if the approval plugin has checked. • Python Plugin Support: Last but not least on the list, there is something for python. This sudo upgrade will provide support to python plugins. Todd miller, who is the maintainer and project's developer said the following: "Sudo 1.9 introduces new features that are particularly useful in an enterprise environment. From centralized keystroke logging to a more accessible plugin framework, version 1.9 creates a wealth of new possibilities when it comes to security and compliance. Sudo's flexibility and ubiquity make it a key component of a company's identity and access management strategy." Work Cited Vaughan-Nichols, Steven" Securing Linux's master sysadmin command: Sudo ", https://www.zdnet.com/article/securing-linuxs-master-sysadmin-command-sudo/, May 13, 2020.

Chromebook Error

Chromebook error Chomebooks that run linux apps might be vulnerable to issues that would permit you from installing apps on non-standard repositories. An example would be if you would like to add a Ubuntu repository. When you click to run your repo install you are face an error this error will prohibit you from running third party apps. What is a sudo user to do.... You probably will want to get that TPS, being unable to do this will limit your abilities severely. Fear not, not all hope is lost! IBM and Forrester consulting had teamed up and formed a Total Economic Impact. The Total Economic Impact is a type of study that provides a solution for ease of understanding business value of an order management platform. If you by chance want to mitigate this, run the following command on your terminal: sudo apt-get install software-properties-common -y Running the above code will issue the repository install once again. The catch with the command above, is that it will not see any errors. Next, you will need to update your system. You will just need to run sudo apt-get update in your terminal. Work Cited Wallen, Jack, "How to fix the apt-add-repository error on a Chromebook that runs Linux apps", https://www.techrepublic.com/article/how-to-fix-the-apt-add-repository-error-on-a-chromebook-that-runs-linux-apps/, May 15, 2020.

Wireshark Set Up

Step 1: It is a good idea to first get permission to use Wireshark on a network. Laws can get in the way for an act with the best intentions in mind. Make sure that you are allowed to change your network cable. Because if you want to change that network cable, you should at least have permission to do so. If you do something to a network, admins, and others in the organization will not be very happy. Step 2: General Setup • /CapturePrivileges - you must have sufficient privileges to capture packets, e.g. special privileges allowing capturing as a normal user (preferred) or root / Administrator privileges • /CaptureSupport - your operating system must support packet capturing, e.g. capture support is enabled / a capture driver is installed • User's Guide about Time Zones - Make sure that your computer's time zone is set correctly. Step 3: Capture traffic "sent to" and "sent from" your local machine Your network topology should be something that is separate from: • Your network traffic. • Your local machine. Don't use any features that you do not need to until you understand them. What you should do at this moment is stick to the task at hand and not venture off to different features. When you stop your packet captures, you should be able to see some network traffic. Ensure that both incoming traffic and outgoing traffic are selected to be captured. Troubleshooting • You should always make sure that you have selected the right interface. • Always be aware that network media could be the problem. • Please note that promiscuous mode could be what is in your way, whether it is on or off. • Always be aware that low level networking software could be the cause of your troubles. • Always be aware that how your network interface card is skewed could be the cause of your troubles. • Capturing on a silent network could lead to errors, it is advised to use an internet radio. Step 4: Capture traffic destined for machines other than your own You should aim to only capture packets from locations in your network should all have relevant traffic pass through them: • Choosing the right place in your network is key to capturing packets. • Remember to be wary of network media. • Make sure that promiscuous mode is on. Step 5: Capture traffic using a remote machine Remote Capturing: • When using a UNIX pipe, be sure to use a different tool • Use of WinPcaps remote capturing feature • SNMP's RMON is used to capture packets. SNMP's RMON is currently not supported ( • Is very limited. Work Cited GuyHarris, "How To Set Up A Capture", https://wiki.wireshark.org/CaptureSetup

Trending Blogs

Recently Viewed Blogs

IT Blog