Saturday, December 29, 2018

Advanced Persistent Threat (APT) Groups

There are APT group list on https://www.fireeye.com/current-threats/apt-groups.html

Print Friendly and PDF
Share/Bookmark

Firewall selection consideration

Product

 

Company

 

Certifications

NSS Labs Security
Effectiveness for NGFW - ?%
Effectiveness for BDS - ?%
Effectiveness for IPS -?%
ICSA (Firewall, IPSec, SSL, Antivirus, NIPS, Antispam)
IPv6
VB 100 - ?%
AV Comparative - ?%
Cyber Threat Alliance

# interfaces

GE RJ45
GE SFP
10GE SFP+
Modules Slot

Throughput and Performance

 

Firewall Throughput

This is raw throughput, the measurement of traffic flowing through the firewall without necessarily being subjected to antivirus scans, content filtering, intrusion prevention, data loss checks and similar steps. The figure can also vary by protocol and packet size. Some vendors may cite 1500 Byte TCP whilst others 64 Byte UDP

1518/512/64 byte UDP

IPS Throughput

Gbps(Optimal traffic),  Gbps(Enterprise Mix)

NGFW/UTM Throughput

Gbps(Enterprise Traffic Mix)

SSL Inspection Throughput

 

AV Proxy Throughput

 

Sessions

 

New Sessions per second

 

IPSec VPN

Gbps

Tunnels

No. of Tunnels (e.g. 10000)

SSL VPN

Gbps

Firewall Policies

 

Latency

Microsecond

Remark

When compare between different vendor on performance, it need to confirm they are using the same assumption to provide the figure (e.g. Vendor A will enable all features when testing throughput but Vendor B will disable all features)

Features

 

SD-WAN

 

DNS Filter

 

Web Filter

 

IPS

(No. of signatures)

Anti-Spam

 

Antivirus Gateway

 

Sandbox Integration

Cloud and/or On-perm

Application Control

 

SSL Inspection

443 Port only or ALL ports?

Data Leak Prevention (DLP)

 

Content Filtering

 

Web Application Firewall (WAF)

 

Reverse Proxy

 

Forward Proxy

 

Virtual Domain

 

High Availability

 

3rd Parties Security Solution Integration

 

Power Supply

Single or Dual PSU

Operation

 

Administration Effort

High/Low

Management

Console/Web

Reporting

 

Automation

 

Vendor Support

 

Cost

 

Licensing/Subscription

 

On-going cost /Maintenance cost

  


 

Reference:

https://www.manxtechgroup.com/small-business-firewall-guide/

Print Friendly and PDF
Share/Bookmark

Email migration from Rackspace mail to Gmail (G-Suite)

The source server need to select IMAP and the server address is secure.emailsrvr.com

Reference for how to setup the wizard and migration tools on Google:

https://support.google.com/a/answer/6351474?hl=en Print Friendly and PDF
Share/Bookmark

Sophos SG UTM and XG Firewall

Astaro Security Gateway has been renamed Sophos UTM (Sophos SG)
Cyberoam become Sophos XG


Microsoft Internet Security and Acceleration (ISA) server 2000, 2004, 2006 or a Microsoft Forefront Threat Management Gateway (TMG) server 2010 EOL, one of the option are using Sophos SG UTM as a replacement.


Sophos SG UTM – Traditional Firewall comes with full coverage security function.

Sophos XG – Next Generation Firewall (NGFW) comes with full coverage security function PLUS heart-beat function, heat beat means firewall can be communicates with Client PC to stop threat exposure.


UTM: Unified Threat Management

NGFW: Next Generation Firewall

Print Friendly and PDF
Share/Bookmark

Huawei Firewall USG 6305 – Basic Setup and Upgrade Firmware

1. Set fixed IP on laptop (e.g. 192.168.0.2 /24) and connect to ETH 0/0 (Port 0)

2. Open browser access https://192.168.0.1:8443

clip_image002

3. Default login : Username: admin Password: Admin@123

4. Force change password

clip_image004

5. Follow the setup Wizard to complete the basic setup

clip_image002[4]


Remark:

1. Download firmware (You need to register a free customer account by using the product SN or contract number)

clip_image002[6]

For USG 6305, you need to use the mini one


2. After upgrade , delete the old one (To free up space)

clip_image002[8] Print Friendly and PDF
Share/Bookmark

Dell Inspiron 15-3567 replace hard disk to 2.5” 7mm SSD

1. Remove all Screw under bottom and under the battery

image

2. Remove the keyboard

IMG_20180723_151526989[5959]

3. Remove all Screw under the keyboard

IMG_20180723_151704386[5958]

4. Remove the cover and you will see the hard disk

IMG_20180723_162152152[5960]

Print Friendly and PDF
Share/Bookmark

Friday, December 28, 2018

How to find a log of Microsoft Store on Windows 10?


Open Command Prompt and run “wscollect”

image


The logs will be store at your desktop:

image


Unzip it by using 7zip:

image

You will able access to those logs


#Logs

#Troubleshooting


Reference:

https://superuser.com/questions/1257486/windows-10-app-store-where-are-logs

Print Friendly and PDF
Share/Bookmark

北斗衞星導航系統(Beidou Navigation Satellite System, BDS)provide service globally and how to check your mobile device is it support?

One of the sample method is install GPS Test on your Android phone (https://play.google.com/store/apps/details?id=com.chartcross.gpstest&hl=zh_HK)


Use the GPS test filter to show Beidou only, if there are no satellite signal being receive, it is probably your phone did not support.


Reference:

http://en.beidou.gov.cn/

The Hong Kong Satellite Positioning Reference Station Network (SatRef):

https://www.geodetic.gov.hk/tc/satref/rawstream.htm

Example of support tracking system:

https://www.rehabsociety.org.hk/zh-hant/%E3%80%8C%E8%B9%A4%E8%B7%A1%E6%98%93%E3%80%8D-e-track-system/ Print Friendly and PDF
Share/Bookmark

The third one LTSC (LTSB) of Windows 10 released - 1809

image


Reference:

https://docs.microsoft.com/en-us/windows/windows-10/release-information Print Friendly and PDF
Share/Bookmark

Thursday, December 27, 2018

Allow Microsoft Windows Update (Windows 10) pass-thru Sophos XG Firewall proxy (SFOS 17.1)

image


Add the following exclusion URL under Microsoft Windows Updates exception list:

^([A-Za-z0-9.-]*\.)?tlu.dl.delivery.mp.microsoft\.com/

^([A-Za-z0-9.-]*\.)?au.windowsupdate\.com/

^([A-Za-z0-9.-]*\.)? download.windowsupdate\.com/


Reference:

https://docs.microsoft.com/en-us/windows/deployment/update/windows-update-troubleshooting

Print Friendly and PDF
Share/Bookmark

Allow Kaspersky Update pass-thru Sophos XG Firewall proxy (SFOS 17.1)

image

Add the exceptions policy, ^([A-Za-z0-9.-]*\.)?geo.kaspersky\.com/


Reference:

https://support.kaspersky.com/6105

Print Friendly and PDF
Share/Bookmark

Create firewall service for proxy only on Sophos XG Firewall (SFOS 17.1)

image

You need to Add TCP and UDP from ALL Source Port to Destination Port which is your proxy server for connect

Print Friendly and PDF
Share/Bookmark

Sunday, December 23, 2018

Android 8.1 Oreo released on Nokia 3

Screenshot_20181222-234307[5945]

Print Friendly and PDF
Share/Bookmark

Friday, December 21, 2018

Cumulative Update for Windows 10 Version Next (10.0.18305.1003) have been released

image

Print Friendly and PDF
Share/Bookmark

Thursday, December 20, 2018

Windows 10 Insider Preview 18305 (19H1) to Fast Ring released

image

Print Friendly and PDF
Share/Bookmark

Wednesday, December 19, 2018

New Control Panel on Windows 10 Insider Preview 18298

image

It show your Microsoft account status on the top of the panel.

Print Friendly and PDF
Share/Bookmark

Tuesday, December 18, 2018

Nokia 5 receive Google Security Patch (Dec-2018)

Screenshot_20181217-072309[5938]

Print Friendly and PDF
Share/Bookmark

Friday, December 14, 2018

Windows 10 Insider Preview 17763.194 (RS5) (1809) (Dec 2018 Update) (2018-12 CU) to Slow Ring released

image

Print Friendly and PDF
Share/Bookmark

Tuesday, December 11, 2018

Windows 10 Insider Preview 18298 (19H1) to Fast Ring released


image Print Friendly and PDF
Share/Bookmark

Sunday, December 9, 2018

MacOS VM on Virtualbox on Lububutu – Upgrade MacOS

A few notes from another users and forum:
1. Updates – this image is 10.13 and the latest is 10.13.6, but the update install never finishes after a reboot and it just tries to install the update, reboots, etc. Here is the fix:
1.a Install the update but shutdown instead of reboot. It will update a few things and then shut down, turning the VM off.
1.b Start the VM again, but as soon as the screen turns black, start to hammer the F12 key. Make sure your keyboard is grabbed by the VM. If you managed to hit F12 at the right time, the VirtualBox EFI should pop up. If the VM starts up normally, go back to step 3.a (yes, you have to download and reinstall the update again)
1.c Now use your arrow keys to select “Boot Manager” and hit Return, then launch the “EFI Internal Shell” from there.
Inside the shell, type the following commands:
Shell> fs1:
FS1:\> cd “macOS Install Data”
FS1:\macOS Install Data\> cd “Locked Files”
FS1:\macOS Install Data\Locked Files\> cd “Boot Files”
FS1:\macOS Install Data\Locked Files\Boot Files\> boot.efi

Essentially, Apple moved the update boot.efi and Virtualbox is running the regular boot.efi and the update doesn’t finish.

If you get “Installing High Sierra” and then a progress bar that takes about 50 minutes, you are golden. Anything else and something is messed. I successfully got the latest xCode running on the latest High Sierra in virtualbox.

IMG_20180802_151447017[3781] 

Until Virtualbox fixes where it looks for the boot.efi, you will have to do this for every update.


If you success upgrade, you will found the OS version become 10.13.6

IMG_20180802_155337222[3780]


Reference:

http://archive.is/Stfe5#selection-2709.0-2759.98

https://www.wikigain.com/fix-virtualbox-macos-high-sierra-screen-resolution-1920x1080-4k-5k/

https://www.wikigain.com/fix-macos-high-sierra-screen-resolution-virtualbox/

https://mysolutions.tech/2018/04/virtual-sierra/

The base VM

https://techsviewer.com/install-macos-high-sierra-virtualbox-windows/




Print Friendly and PDF
Share/Bookmark

MacOS 12.12 on Lubuntu Virtualbox

IMG_20180731_182541637[3787]

Print Friendly and PDF
Share/Bookmark

Wednesday, December 5, 2018

Windows 10 Insider Achievements Badge – Flight Major have been released

image

#Builds4Badges

#Flight Major

Print Friendly and PDF
Share/Bookmark

Saturday, December 1, 2018

Dell Support Assist for Non-Admin Users login pop up to request administrator privilege resolution

image


Solution: Change the service startup to “manual”


IMG_20180628_173102858[2143]

Reference:

https://www.dell.com/community/SupportAssist/Dell-Support-Assist-for-Non-Admin-Users/m-p/6056737#M84409 Print Friendly and PDF
Share/Bookmark

English Office 2016 Home and Business install Proofing tools for Taiwan Chinese

clip_image001

Step 1: Go to download the Proofing tools for Taiwan Chinese:

https://www.microsoft.com/zh-TW/download/details.aspx?id=52668

Step 2: Install this "proofingtools2016_zh-tw-x86.exe"

Step 3: Done.

clip_image002

clip_image003

https://support.office.com/en-us/article/add-an-editing-language-or-set-language-preferences-in-office-663d9d94-ca99-4a0d-973e-7c4a6b8a827d?ui=en-US&rs=en-US&ad=US

Reference:

http://www.cityu.edu.hk/csc/install-guide/tcsctranslate.htm Print Friendly and PDF
Share/Bookmark

To resolve the RSS feed exceeds 512KB Size Limit

image


Add “?max-results=3” after the RSS feed URL

e.g. http://billyfung2010.blogspot.com/feeds/posts/default?max-results=3


The issue have been fixed.


Reference:

https://www.youtube.com/watch?v=NFPZJWaGuNI Print Friendly and PDF
Share/Bookmark

Windows Movie Maker on Windows 10 and alternative and also good software to reduce video size on Windows 10


Good software to reduce video size:

https://handbrake.fr/


Shotcut

https://www.shotcut.org/download/

https://www.techradar.com/reviews/shotcut

https://www.techradar.com/news/the-best-free-windows-movie-maker-alternative

Download Windows Movie Maker Free Archived

https://www.winmoviemaker.com/ Print Friendly and PDF
Share/Bookmark

Netgear R6400 - WiFi 5GHz channel disappear regularly

Symptom:

5GHz channel disappear after few days 


Solution:

change the wireless channel to another less interface with nearby AP.


Reference:

https://kb.netgear.com/25182/Resolving-poor-5GHz-wireless-range-signal-from-my-NETGEAR-router

https://kb.netgear.com/25057/NETGEAR-Range-Extender-is-not-detecting-the-5GHz-wireless-band-of-the-NETGEAR-router-or-the-5GHz-connection-is-intermittent

Print Friendly and PDF
Share/Bookmark

Cannot enter " " when using US - international keyboard in outlook 2016 on Windows 10 1803

image

If you are using the English (Hong Kong SAR) with US - international keyboard, you will not able to enter “ “ in Microsoft Office Outlook 2016 on Windows 10 1803

Print Friendly and PDF
Share/Bookmark

A Intelligence Health Bracelet official apps might be infected malware

IMG_20180630_231240052_LL[2134]


image


image

Print Friendly and PDF
Share/Bookmark

Thursday, November 29, 2018

Windows 10 Insider Preview 18290 (19H1) to Fast Ring released

image

Print Friendly and PDF
Share/Bookmark

Wednesday, November 28, 2018

Nokia 3 Google Security Patch Nov 2018 released

Screenshot_20181127-081103[3406]

Print Friendly and PDF
Share/Bookmark

Saturday, November 24, 2018

Sophos XG - SFOS 17.1.4 MR4 Released

If you are running on 17.1.3 MR3, please upgrade asap.


It fix many connectivity issues via proxy such as Windows 10 update failed, Kaspersky update failed…..


Since it just released, you need to download it manually.


https://community.sophos.com/products/xg-firewall/b/xg-blog/posts/sfos-17-1-4-mr4-released


Reference:

https://community.sophos.com/kb/en-us/132229 

https://community.sophos.com/kb/en-us/123285

Print Friendly and PDF
Share/Bookmark

Moto G5 Plus Android security update 1 Oct 2018 released

Screenshot_20181123-100029[3403]

Print Friendly and PDF
Share/Bookmark

Friday, November 23, 2018

To allow Install from unknown sources on Android 8.1

Since the apps “MAXI” still under testing (not in Google Play) and also it needs mandatory update when the new version released. You need to allow install from unknown sources temporary.

1. Go to “Apps & notifications” , then select “Special access”

image

2. Select “Install other apps”

image

3. Select “Folder Manager”

image

4. Change it to “allow”

image

5. Go to “Download” and select the “MAXI” apk to install the latest version apps to upgrade it.

image

6. Done and back to Folder manager to disable the setting.



Reference:

https://www.theandroidsoul.com/where-is-install-from-unknown-sources-option-on-android-o/

Print Friendly and PDF
Share/Bookmark