Solution:
Format your USB to become FAT32, then re-run the maker tool
Tuesday, November 28, 2023
Flashget alternative
Since Flashget did not update since 2010 and it is not support https, you may looking for alternative download tool. https://www.flashget.com/index_tw.htm
One of the option is "xtreme download manager":
Saturday, November 18, 2023
Nessus Scan cannot scan a harden machine by HardeningKitty
A Windows Server 2022 after using HardeningKitty to use the following standard to hardening:
CIS Microsoft Windows Server 2022 (Machine) (for 21H2 version)
Microsoft Security baseline for Windows Server 2022 (Member) (for 21H2 version)
Resolve the hardening on "Deny log on through Remote Desktop Services"
- Start | Run | Gpedit.msc if editing the local policy or chose the appropriate policy and edit it.
- Computer Configuration | Windows Settings | Security Settings | Local Policies | User Rights Assignment.
- Find and double click "Deny logon through Remote Desktop Services"
- Remove the "local account" group.
- Find and double click "Deny access to this computer from the network"
- Remove the "local account and member of Administrators group".
- Click ok.
- Run gpupdate /force /target:computer for this setting to take effect.
Resolve the "Defender Firewall" being deny to disable, by using registry method.
Use the Registry method only, the other methods (Cmd, Powershell. Group Policy) has no effect after the hardening in the Windows Server.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall
Right-click the "WindowsFirewall" key, select the New menu, and choose the "Key" option.
Name the key StandardProfile and press Enter.
Right-click the "StandardProfile" key, select the New menu, and choose the "DWORD (32-bit) Value" option
Name the EnableFirewall name and press Enter.
Double-click the newly created key and set the value to "0".
Click the OK button.
Restart the server.
Once you complete the steps, reboot the server.
Reference:
Monday, November 6, 2023
China based vendor - Firewall management tool - 至赛科技
Filemon, tufin, algosec, skybox alternative on firewall management tool - 至赛科技
Mi Router 4A Gigabit Edition enhance security setting
If you use the wizard to setup the WiFi router, the Wireless Security by default will WPA/WPA2-personal, you need to change it to WPA2-personal only.
For 5G Wi-Fi, you also need to change it separately. Each time you make this configuration change is required to reboot your AP.
Secondly, go to "security" to "Change administrator password". Since the administrator password have been set same as your WPA2 password during the initial setup. You better change it to different.
Thursday, November 2, 2023
K000137353: BIG-IP Configuration utility unauthenticated remote code execution vulnerability CVE-2023-46747
To consider the mitigation method, the vulnerability only affect the F5 web portal, it can be mitigated by setting self ip address without allowing port 443, and restrict ip address to access F5 management IP to web portal.
- Self IPs - Port lockdown - Allow none (If you are using HA, you need to use Allow 4353 and 1026)
https://my.f5.com/manage/s/article/K17333
For optimal security, when configuring for high availability (HA) network failover, F5 recommends the following when configuring the Port Lockdown setting: Note: When BIG-IP devices are configured in a synchronization group, peer devices communicate using Centralized Management Infrastructure (CMI) on tcp:4353 on the self IP address, regardless of the port lockdown settings. Refer to the Port lockdown exceptions section of this article for additional information. BIG-IP Configuration utility unauthenticated remote code execution vulnerability CVE-2023-46747 (f5.com)
TCP 4353 iQuery
UDP 4353 iQuery
UDP 1026 network failover
Remain port 4353 and port 1026
For safe, you can consider adding script to one of F5 (e.g. active) first, and then monitor a period of time https://my.f5.com/manage/s/article/K000137353
- run command #tmsh -c "list sys httpd allow" to check the IP allow to access the F5 manageent IP to web portal and restrict it to Internal trust IP e.g. jump server.
Reference:
In the long run, replace F5 to "�R�]" (Luccitech) 负载均衡,应用交付,鸬鹚科技,国内首家专注云应用交付,负载均衡专业厂家 (luccitech.com) can be consider.
Wednesday, November 1, 2023
Sangfor IAG compare with Sangfor SASE URL Category
| Sangfor IAG | Sangfor SASE |
| News Portal | News Portal |
| Online Shopping | Online Shopping |
| Adult Content | Adult Content |
| Job-hunting & Employment | Job-hunting & Employment |
| IT Related | IT Related |
| Education | Education |
| Religion | Religion |
| Nonprofit Organization | Nonprofit Organization |
| Science & Technology | Science & Technology |
| Entertainment News | Entertainment News |
| Literature & Novel | Literature & Novel |
| Online Video & Download | Online Video & Download |
| Lottery | Lottery |
| Game | Game |
| Search Engine | Search Engine |
| Online Chat | Online Chat |
| Software Download | Software Download |
| Personal Website & Blog | Personal Website & Blog |
| Pornography | Pornography |
| Gambling | Gambling |
| Illegal Drugs | Illegal Drugs |
| Counteraction & Other Illegalities | Counteraction & Other Illegalities |
| Government Organization | Government Organization |
| Military & Weapon | Military & Weapon |
| Law Information | Law Information |
| Fortune Teller | Fortune Teller |
| Sports | Sports |
| Realty & Decoration | Realty & Decoration |
| Life Information | Life Information |
| Youth & Child | Youth & Child |
| Health Care | Health Care |
| Automobile | Automobile |
| Entertainment Site | Entertainment Site |
| Catering | Catering |
| Travel & Traffic | Travel & Traffic |
| Culture & Art | Culture & Art |
| Surrogacy | Surrogacy |
| Phishing & Malicious Website | Phishing & Malicious Website |
| OS Update | OS Update |
| Virus Library Update | Virus Library Update |
| Online Payment | Online Payment |
| Financial News | Financial News |
| Internet Banking | Internet Banking |
| Bank Website | Bank Website |
| Foreign Exchange | Foreign Exchange |
| Gold | Gold |
| Advertisement | Advertisement |
| Telecom Industry | Telecom Industry |
| Energy & Mining | Energy & Mining |
| Other Enterprise Website | Other Enterprise Website |
| Transportation Industry | Transportation Industry |
| IT Industry | IT Industry |
| Manufacturing | Manufacturing |
| Marketing | Marketing |
| Business Opportunity | Business Opportunity |
| Accounting | Accounting |
| Merchant | Merchant |
| Medical Industry | Medical Industry |
| Microblog(Web) | Microblog(Web) |
| Mailbox(Web) | Mailbox(Web) |
| Forum(Web) | Forum(Web) |
| Social Contact(Web) | Social Contact(Web) |
| Game(Web) | Game(Web) |
| Network Storage(Web) | Network Storage(Web) |
| Proxy(Web) | Proxy(Web) |
| Securities Quotes(Web) | Securities Quotes(Web) |
| Stock Exchange(Web) | Stock Exchange(Web) |
| Futures Quotes(Web) | Futures Quotes(Web) |
| Futures Exchange(Web) | Futures Exchange(Web) |
| Fund Quotes(Web) | Fund Quotes(Web) |
| Fund Exchange(Web) | Fund Exchange(Web) |
| | Fake Site |
| | Phishing |
| | Malicious Website |
| | Adware |
| | Malware Attack |
| | Ransom |
| | CoinMiner |
| | Exploit |
| | Mining |
| | Redirection |
| | XSS |
| | Clickjacking |
| | Malicious Script Attack |
Darktrace and alternative
If you are looking forDarktrace alternative, Arkime and Colasoft will be one of the option.
Although Darktrace is build on Zeek but Zeek might not fit for replace Darktrace.
Reference:
Darktrace https://darktrace.com/ based on Zeek https://zeek.org/
https://www.colasoft.com/ - China based vendor https://www.colasoft.com.cn/ (科来)
Freeware to enhance Microsoft Defender Security (Windows 10 and 11)
Microsoft Defender User need to consider to use DefenderUI or Configuredender to enhance your security since they able to enable many hidden security features of Microsoft Defender.
More detail:
DefenderUI (Need to install) and Configuredefender (No need to install)
SASE solution helping company to safe guard your BYOD laptop
Even your are using VDI in your company, if your BYOD laptop infected virus, since your laptop are using split tunnel to Internet and SSL connect to your VDI farm. The attacker still able to use the comprised laptop as a jump host to attack your VDI farm no matter your VDI farm only open 443 port with VPN tunnel protection.
Even you already enable different security policy on the BYOD laptop such as check patch level, antivirus definition, is it the antivirus is running etc... it still able to be comprised with being detected. If you have SASE solution, you will able to detect the BYOD laptop outgoing traffic to find out the attacker.
Subscribe to:
Posts (Atom)