Saturday, April 22, 2023
Sunday, April 9, 2023
Bginfo on Windows 10 and show active IPv4 address only
To run Bginfo to ALL users:
Now navigate to the location of the shortcut and edit the target path to be the following:
"C:\Tools\BGInfo\Bginfo64.exe" "C:\Tools\BGInfo\config.bgi" /timer:0 /nolicprompt /silent
Next Copy that shortcut and it in "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"
Reference:
https://serverfault.com/questions/451791/run-bginfo-at-startup-for-all-users
For show active IP v4 only, there are vb script:
strMsg = ""
strComputer = "."
Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set IPConfigSet = objWMIService.ExecQuery("Select IPAddress from Win32_NetworkAdapterConfiguration WHERE IPEnabled = 'True'")
For Each IPConfig in IPConfigSet
If Not IsNull(IPConfig.IPAddress) Then
For i = LBound(IPConfig.IPAddress) to UBound(IPConfig.IPAddress)
If Not Instr(IPConfig.IPAddress(i), ":") > 0 Then
strMsg = strMsg & IPConfig.IPAddress(i) & vbcrlf
End If
Next
End If
Next
Echo strMsg
IP.vbs
Reference:
Windows 10 Hardening and audit tool (HardeningKitty)
You can use HardeningKitty to check your configuration and also it will provide a scoring for your reference:
HardeningKitty and Windows 10 Hardening
https://github.com/0x6d69636b/windows_hardening
There are TWO items you should disable : PowerShell v2 and SMB v1
Disable PowerShell v2
Disable-WindowsOptionalFeature -Online -FeatureName MicrosoftWindowsPowerShellV2Root
https://www.thewindowsclub.com/disable-powershell-v2-windows
Disable SMB v1
Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
The following website provide you some advice configuration about hardening and also you can import some attack surface reduction rules:
Configure Attack Surface Reduction rules
Friday, April 7, 2023
Hillstone Firewall - Failed to update Anti-Virus Signature Database Update
Problem: Upgrade failed: Module is disabled
Reason:
Anti-Virus being disabled on Object/Anti-Virus/Configuration
Solution:
Enable the Anti-Virus on Anti-Virus Global Configuration (Remark: You need to reboot your firewall)
How to resolve the Hillstone firewall failed to update the Signature Database from Internet?
Problem: Upgrade failed: Download signature failed; please confirm the servers are reachable
Reason:
The firewall DNS did not setup
Solution: Add DNS Server on trust-vr
Hillstone firewall SG-6000-A1000 download performance poor on some website or VPN package drop
Reason:
Some website or VPN using UDP for download and connection, the Attack Defense on untrust Zone enable by default. It drop many UDP traffic when is over the limit.
Solution:
Disable UDP flood or increase he Threshold or upgrade the firewall firmware to R10 to enable auto learn
Wireless Keyboard and Mouse Security
When select a wireless keyboard and Mouse, you may check the vendor website to see what kind of security features their product have, there are Two example from Logitech and Microsoft:
https://www.logitech.com/en-us/business/work-setups/logi-bolt-wireless-technology.html
https://www.logitech.com/en-us/business/resources/wireless-peripheral-security.html
Saturday, April 1, 2023
How to resolve Fortisandbox tac-report -l cannot show all contact on web CLI console download file?
How to resolve Fortisandbox tac-report -l cannot show all contact on web CLI console download file?
Solution: Use putty to connect to Fortisanbox via SSH. (Enable the SSH on port 1(administration port) under System -> Interfaces)
Remark: Disable the SSH after troubleshooting