Monday, December 25, 2023

TencentOS (TLinux) and OpencloudOS


TencentOS Server 镜像版本

目前腾讯云上有3款 TencentOS Server 镜像供用户选择:

镜像版本 说明
TencentOS Server 3.1 与 CentOS 8用户态完全兼容,配套基于社区5.4 LTS 内核深度优化的 tkernel4版本。
TencentOS Server 2.4 与 CentOS 7用户态完全兼容,配套基于社区4.14 LTS 内核深度优化的 tkernel3版本。
TencentOS Server 2.4(TK4) 与 CentOS 7用户态完全兼容,配套基于社区5.4 LTS 内核深度优化的 tkernel3版本。
Reference:

Print Friendly and PDF
Share/Bookmark

国产操作系统 - Antivirus

Antivirus support Kylin 麒麟 OS and Huawei EulerOS (OpenEuler):

  1. TrendMicro OfficeScan
  2. Bitdefender
  3. Kaspersky

Reference:

Print Friendly and PDF
Share/Bookmark

Sunday, December 24, 2023

Tencent Cloud Security Tool - Cloud Security Center (CSC) and Cloud Workload Protection Platform (CWPP)

The CSC and CWPP are good tool to protect cloud workload, provide threat detection, threat blocking, forensics, source tracing, and threat response and handling.


Reference:

Print Friendly and PDF
Share/Bookmark

Cathay Pacific (CX) inflight service

My first flight is A330 which is wifi not available:

My second flight A321 neo have service:

Reference:

Print Friendly and PDF
Share/Bookmark

Lenovo X240 able to install Linux but not Windows

Reason: The secure boot cause this problem
Solution: reset the secure boot settings to default and also clear all configuration.

Print Friendly and PDF
Share/Bookmark

TP-Link Tapo c200 IP Camera need to upgrade firmware and also enable auto update

Upgrade path: 
Version 1.3.5 upgrade to 1.3.9, then 1.3.11



Since TP-Link C200 no need to open firewall port and also setup DDNS or fixed IP, you only need to use the TP-Link mobile app to connect, upgrade firmware is very important to secure your IP camera. 

Print Friendly and PDF
Share/Bookmark

DDNS and OpenVPN setup on Sophos Firewall

Reference doc:




Print Friendly and PDF
Share/Bookmark

Saturday, December 16, 2023

A very good security feature on Fortinet Fortigate you should enable to protect your firewall against vulnerability

Virtual patching on the local-in management interface

Virtual patching is a method of mitigating vulnerability exploits by using the FortiGate's IPS engine to block known vulnerabilities. Virtual patching can be applied to traffic destined to the FortiGate by applying the FMWP (Firmware Virtual Patch) database to the local-in interface using local-in policies. Attacks geared towards GUI and SSH management access, for example, can be mitigated using the FMWP database pushed from FortiGuard, thereby virtually patching these vulnerabilities.


Print Friendly and PDF
Share/Bookmark

Friday, December 15, 2023

Fortinet Fortigate Firewall and H3C Switch OSPF network type

In 6.x OS, Fortigate Firewall OSPF in GUI running on "broadcast" network type. You need to check your H3C OSPF is running which network type.

Network type:
broadcast: Broadcast.
non-broadcast: Non-broadcast.
point-to-point: Point-to-point.
point-to-multipoint: Point-to-multipoint.
point-to-multipoint-non-broadcast: Point-to-multipoint and non-broadcast.

If the network type is mis-match between Fortigate and H3C switches, you will see the neighbour but cannot update route in the routing table.

Print Friendly and PDF
Share/Bookmark

Thursday, December 14, 2023

Tencent Cloud Direct Connect routing constrain

Limitations: 
  1. Cannot accept over 100 route via BGP
  2. Support Statics Route and BGP only

Solution:
Fortinet Fortigate to do OSPF route summarisation and then redistribute to BGP to Tencent cloud

Remark: H3C switch OSPF limitations is cannot summarise route to next hop.

Print Friendly and PDF
Share/Bookmark

Sophos Firewall failed to access web admin console after upgrade from SFOS 19.0.3 MR-3-Build517 to SFOS 19.5.3 MR-3-Build652

After the upgrade, you still able to see the login page:
And also, you able to access Internet via the firewall:

But you failed to login the firewall web console: (Return a blank page)


You able to access firewall via SSH:

Solution:
Use SSH to login, then select "7" , then "R" to reboot the firewall.

Reference:

Print Friendly and PDF
Share/Bookmark

Thursday, December 7, 2023

M365 - Exchange - This message could not be sent. You do not have the permission to send the message on behalf of the specified user.

When you using "Send As", you receive the following error message:
This message could not be sent. You do not have the permission to send the message on behalf of the specified user.

Solution:

In Office 365 and go to Exchange Admin Center(EAC) search,  click and edit the shared mailbox. Then go to mailbox delegation, add your account to the Sent As permission list. Then wait a few hours to take effect. Then you will be able to send emails as the shared mailbox. In Outlook 2016 client, click From and choose Other Email Address and type the address of the shared mailbox.

 

Reference:

https://support.microsoft.com/en-us/office/open-and-use-a-shared-mailbox-in-outlook-d94a8e9e-21f1-4240-808b-de9c9c088afd

https://answers.microsoft.com/en-us/outlook_com/forum/all/send-mail-as-a-shared-mailbox/074b9d20-16c9-4431-bb88-6ce81331844f

https://copyprogramming.com/howto/send-as-vs-full-access-shared-mailbox


Print Friendly and PDF
Share/Bookmark

Tuesday, December 5, 2023

Install Windows 11 without internet connection (23H2)

When it request you to connect Internet, use the "Shift + F10" keyboard shortcut. (Some laptop need to press "FIN + Shift +F10")

In command prompt, enter "OOBE\BYPASSNRO"

Then, the setup wizard will re-run and you have an option to select "I don't have internet"


Print Friendly and PDF
Share/Bookmark

Lenovo T14s Gen 4 AMD Type 21f8 wifi driver

Qualcomm Wireless Driver for Windows 11 (Version 21H2 or later) - ThinkPad

Print Friendly and PDF
Share/Bookmark

AVITA - ESSENTIAL NE14A2IEE435 - Windows 11 fine tune

  1. Reinstall the machine to Windows 11 23H2
  2. Run Windows Update to apply latest patches and drivers
  3. Disable shadows, animations, and visual effects
  4. Disable transparency
  5. Change power settings to "High performance"
  6. Disable Game mode


Reference:

Print Friendly and PDF
Share/Bookmark

AVITA - ESSENTIAL 14吋 NE14A2IEE435 手提電腦 - Openbox test

- 14吋防眩螢幕提供舒適視角
- 內置SATA 固態硬碟(SSD)128GB
- Windows 11 家用版 S mode (英語系統)
- 處理器AMD Athlon™ Silver 3050e
- 記憶體4GB DDR4
- 顯示卡AMD Radeon™ Graphics
- 約1.377 kg

Pros: Very cheap (HK$ 998) form mega sale

Cons:
1. Windows 11 is (S mode), you can run applications from Microsoft Store only. Actually, you can switch it back to Windows 11 home edition by login Microsoft Store and select "Switch out of S mode" What is Windows S Mode? - Reviewed (usatoday.com)
2. The CPU and RAM are limited, the overall performance are not good running Windows 11 even under S mode
3. New machine battery is empty need to charge for a while before able to power on
4. Keyboard layout is different e.g. "@" not on number 2 key (It is UK default keyboard layout not US)

100Mbps broadband:



Print Friendly and PDF
Share/Bookmark

FortiToken migration need to be preparation

It requires to transfer the token license to new device via support ticket, and also need to re-activate the token in user side again. Below are the details KB from Fortinet: 

By design, FortiTokens (except the hardware FortiToken-211 and FortiToken-300 series) are always linked to the serial number of the unit on which they are activated. 

The entire process boils down roughly to these steps:  

1) Migrate the licence/token in Fortinet systems (this is done via a support ticket).  
2) Delete the tokens on the old unit.  
3) Migrate any user accounts from the old unit to the new unit as appropriate. 
4) Activate the tokens on the new unit (add the hardware tokens/supply the mobile token licence activation code). 
5) Assign tokens to users again (for mobile tokens, it needs to be activated in the app again).

Print Friendly and PDF
Share/Bookmark

How to reformat a USB thumb drive which is format by Win32 Disk Imager?

User Windows command Diskpart



It will take several hours to finish the format.

Reference:

Print Friendly and PDF
Share/Bookmark

How to install Lubuntu from a USB drive?

To create a bootable USB thumb drive, you will need to use Win 32 Disk imager:


Reference:


Print Friendly and PDF
Share/Bookmark

Tuesday, November 28, 2023

Deepin usb boot maker failed at 5%

Solution:
Format your USB to become FAT32, then re-run the maker tool

Print Friendly and PDF
Share/Bookmark

Flashget alternative

Since Flashget did not update since 2010 and it is not support https, you may looking for alternative download tool. https://www.flashget.com/index_tw.htm

One of the option is "xtreme download manager":

Print Friendly and PDF
Share/Bookmark

Saturday, November 18, 2023

Nessus Scan cannot scan a harden machine by HardeningKitty

A Windows Server 2022 after using HardeningKitty to use the following standard to hardening:
CIS Microsoft Windows Server 2022 (Machine) (for 21H2 version)        
Microsoft Security baseline for Windows Server 2022 (Member) (for 21H2 version)



Resolve the hardening on "Deny log on through Remote Desktop Services"

  1. Start | Run | Gpedit.msc if editing the local policy or chose the appropriate policy and edit it.
  2. Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignment.
  3. Find and double click "Deny logon through Remote Desktop Services"
  4. Remove the "local account" group.
  5. Find and double click "Deny access to this computer from the network"
  6. Remove the "local account and member of Administrators group".
  7. Click ok.
  8. Run gpupdate /force /target:computer for this setting to take effect.

Resolve the "Defender Firewall" being deny to disable, by using registry method.
Use the Registry method only, the other methods (Cmd, Powershell. Group Policy) has no effect after the hardening in the Windows Server.

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall

Right-click the "WindowsFirewall" key, select the New menu, and choose the "Key" option.

Name the key StandardProfile and press Enter.

Right-click the "StandardProfile" key, select the New menu, and choose the "DWORD (32-bit) Value" option

Name the EnableFirewall name and press Enter.

Double-click the newly created key and set the value to "0".

Click the OK button.

Restart the server.

Once you complete the steps, reboot the server.


Reference:




Print Friendly and PDF
Share/Bookmark

Monday, November 6, 2023

China based vendor - Firewall management tool - 至赛科技

Filemon, tufin, algosec, skybox alternative on firewall management tool - 科技

https://www.zeesec.com/

 

 

 

 

 

Print Friendly and PDF
Share/Bookmark

Mi Router 4A Gigabit Edition enhance security setting

If you use the wizard to setup the WiFi router, the Wireless Security by default will WPA/WPA2-personal, you need to change it to WPA2-personal only.



For 5G Wi-Fi, you also need to change it separately. Each time you make this configuration change is required to reboot your AP.


Secondly, go to "security" to "Change administrator password". Since the administrator password have been set same as your WPA2 password during the initial setup. You better change it to different.

Print Friendly and PDF
Share/Bookmark

Thursday, November 2, 2023

K000137353: BIG-IP Configuration utility unauthenticated remote code execution vulnerability CVE-2023-46747

To consider the mitigation method,   the vulnerability only affect the F5 web portal, it can be mitigated by setting self ip address without allowing port 443, and restrict ip address to access F5 management IP to web portal.


  1. Self IPs - Port lockdown - Allow none (If you are using HA, you need to use Allow 4353 and 1026)

    https://my.f5.com/manage/s/article/K17333 

    For optimal security, when configuring for high availability (HA) network failover, F5 recommends the following when configuring the Port Lockdown setting: Note: When BIG-IP devices are configured in a synchronization group, peer devices communicate using Centralized Management Infrastructure (CMI) on tcp:4353 on the self IP address, regardless of the port lockdown settings. Refer to the Port lockdown exceptions section of this article for additional information. BIG-IP Configuration utility unauthenticated remote code execution vulnerability CVE-2023-46747 (f5.com)


     TCP       4353      iQuery 

     UDP       4353      iQuery 

     UDP       1026      network failover 


    Remain port 4353 and port 1026 


    For safe,  you can consider adding script  to one of F5 (e.g. active)  first, and then monitor a period of time https://my.f5.com/manage/s/article/K000137353


  2. run command #tmsh -c "list sys httpd allow" to check the IP allow to access the F5 manageent IP to web portal and restrict it to Internal trust IP e.g. jump server.

Reference:



Print Friendly and PDF
Share/Bookmark

Wednesday, November 1, 2023

Sangfor IAG compare with Sangfor SASE URL Category

 

Sangfor IAG

Sangfor SASE

News Portal

News Portal

Online Shopping

Online Shopping

Adult Content

Adult Content

Job-hunting & Employment

Job-hunting & Employment

IT Related

IT Related

Education

Education

Religion

Religion

Nonprofit Organization

Nonprofit Organization

Science & Technology

Science & Technology

Entertainment News

Entertainment News

Literature & Novel

Literature & Novel

Online Video & Download

Online Video & Download

Lottery

Lottery

Game

Game

Search Engine

Search Engine

Online Chat

Online Chat

Software Download

Software Download

Personal Website & Blog

Personal Website & Blog

Pornography

Pornography

Gambling

Gambling

Illegal Drugs

Illegal Drugs

Counteraction & Other Illegalities

Counteraction & Other Illegalities

Government Organization

Government Organization

Military & Weapon

Military & Weapon

Law Information

Law Information

Fortune Teller

Fortune Teller

Sports

Sports

Realty & Decoration

Realty & Decoration

Life Information

Life Information

Youth & Child

Youth & Child

Health Care

Health Care

Automobile

Automobile

Entertainment Site

Entertainment Site

Catering

Catering

Travel & Traffic

Travel & Traffic

Culture & Art

Culture & Art

Surrogacy

Surrogacy

Phishing & Malicious Website

Phishing & Malicious Website

OS Update

OS Update

Virus Library Update

Virus Library Update

Online Payment

Online Payment

Financial News

Financial News

Internet Banking

Internet Banking

Bank Website

Bank Website

Foreign Exchange

Foreign Exchange

Gold

Gold

Advertisement

Advertisement

Telecom Industry

Telecom Industry

Energy & Mining

Energy & Mining

Other Enterprise Website

Other Enterprise Website

Transportation Industry

Transportation Industry

IT Industry

IT Industry

Manufacturing

Manufacturing

Marketing

Marketing

Business Opportunity

Business Opportunity

Accounting

Accounting

Merchant

Merchant

Medical Industry

Medical Industry

Microblog(Web)

Microblog(Web)

Mailbox(Web)

Mailbox(Web)

Forum(Web)

Forum(Web)

Social Contact(Web)

Social Contact(Web)

Game(Web)

Game(Web)

Network Storage(Web)

Network Storage(Web)

Proxy(Web)

Proxy(Web)

Securities Quotes(Web)

Securities Quotes(Web)

Stock Exchange(Web)

Stock Exchange(Web)

Futures Quotes(Web)

Futures Quotes(Web)

Futures Exchange(Web)

Futures Exchange(Web)

Fund Quotes(Web)

Fund Quotes(Web)

Fund Exchange(Web)

Fund Exchange(Web)

 

Fake Site

 

Phishing

 

Malicious Website

 

Adware

 

Malware Attack

 

Ransom

 

CoinMiner

 

Exploit

 

Mining

 

Redirection

 

XSS

 

Clickjacking

 

Malicious Script Attack

 

Print Friendly and PDF
Share/Bookmark