YARA, which stands for “Yet Another Rule Analyzer,” is a potent tool that has become a staple in the arsenals of malware analysts and threat researchers. YARA provides a unique and effective method to malware identification and analysis in the ever-changing field of cyber threats. This blog post goes into the realm of YARA, investigating its capabilities, benefits, and use in combating the ever-present threat of malware.
Distributed firewalls, a modern firewall technology, aim to safeguard contemporary data centers and cloud environments. They distinguish themselves from traditional firewalls through various characteristics, such as: dynamic and scalable rule enforcement, which allows for more efficient management and adaptability in rapidly changing network environments. Additionally, distributed firewalls incorporate advanced threat intelligence and machine learning algorithms to detect and mitigate emerging threats in real-time. They also offer enhanced visibility and control, providing administrators with granular insights into network traffic and the ability to enforce policies at a more granular level. Furthermore, distributed firewalls support seamless integration with cloud orchestration platforms, enabling automated and centralized security management across multi-cloud environments. Lastly, these firewalls provide high-performance and low-latency protection, ensuring that network traffic flows smoothly without compromising security. Benefits of Distributed Firewalls They offer a number of benefits over traditional firewalls, including: Use Cases for Distributed Firewalls Can be used in a variety of use cases, including: Samples of Use Cases Here are some specific examples of how distributed firewalls can be used in real-world environments: Here are some samples of distributed firewalls that can be used in infrastructure: These are just a few examples of this type of firewall that can be...
Stupid security guys! They only know concepts and has no technical knowledge about their technical field. They just read some documentations. But most important steps of having security is applying configuration and reviewing current configuration. Also, they have no idea that what are they doing on servers and client. CIS benchmarks are reference for hardening most popular operating systems, but you cannot apply the desired configurations in large scale of servers or clients without using some tools.
Why We Should Mitigate SSH Based Attack SSH (Secure Shell) is a most popular remote protocol. SSH allows remote login and execute commands. That providing secure way to login and run commands on remote systems in unsecured networks. Telnet replace with SSH cause of offering more security. But SSH has some weaknesses, in order to reducing SSH based attack, those weaknesses can be mitigated. There is some hardening tips, the tips turn your SSH server into a rock solid communication daemon. Best SSH Hardening Tips In the next minutes, we’ll review 15 solutions from best SSH hardening tips. Each hardening tip will a shield against SSH based attacks. Most of the tips are SSH configurations, some of those tips are different on Linux distributions, so please check the configurations on your distribution documents as well. Also Windows 10 and Windows 2019 have OpenSSH server by adding Win32-OpenSSH to Windows, so read Microsoft documents as well. You must restart SSH server daemon after applying configurations. 1. Custom SSH Port SSH server listening on port 22 by default, so attackers trying to attack your server on port 22. Changing SSH port to another port is a solution to reduce attacks. In order to change...
OpenSCAP is an auditing tool that utilizes the Extensible Configuration Checklist Description Format (XCCDF). XCCDF is a standard way of expressing checklist content and defines security checklists. It also combines with other specifications such as CPE, CCE, and OVAL, to create a SCAP-expressed checklist that can be processed by SCAP-validated products.
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.
At the first part, we’ve reviewed GSM (Greenbone Security Manager – Formerly OpenVAS) as a security manager or assessment tool for discovering vulnerabilities on virtual environments, the second part was more functional and we talked more about GSM. You leaned that how can you create a target on Greenboone Security Manager and scan it to discover vulnerabilities.
As I said at the end of second part of the blog post, the third part is related to resolving security issues. Any software and specially operating systems have “Hardening Guide”. You must follow steps of hardening guide to reduce security vulnerabilities effect on production environments.
We have reviewed reasons of have Vulnerability Assessment or Vulnerability Manager in virtual environments and how these software help us to find vulnerabilities on any component of virtual infrastructure. We have reviewed OpenVAS or Greenbone Security Manager and talked about features and abilities.
Now, it’s time to use the GSM server that we had prepared on the previous part. In this part of blog post, we’ll configure a target (ESXi Server) on OpenVAS server, create a task for scan and find the result of scan.
I’ve installed ESXi 6U1 (3029758) on a virtual machine and there is no customized configuration, all configurations are default.
In virtual environments, any vulnerability has affect on virtual infrastructure and those who get the service including internal and external services. So at least, any organization should have process to identifying vulnerabilities. Identifying vulnerabilities needs tools in IT infrastructure to scan devices, operating systems and applications and find vulnerabilities (Especially security vulnerabilities).
VMware has detect vulnerability on some products against E1000 NIC. The issue may allow a guest to execute code on the host. If you have any running virtual machine on VMware Workstation 14.x and Fusion 10.x, you must stop them and apply patch to the mentioned products before running any other virtual machine.
The Security Compliance Toolkit (SCT) is a set of tools that allows enterprise security administrators to download, analyze, test, edit, and store Microsoft-recommended security configuration baselines for Windows and other Microsoft products.
Today, many companies have virtualized farms for their server infrastructure or desktop infrastructure and cloud services. The companies have critical information on their virtualized farms and keeping safe them is one of big concerns. Big companies or even small companies have security teams and the teams tries to keeping secure the environments in different layers. Most of the security products are working on physical layer or network and application layer but what about Hypervisor layer? vSphere Hardening VMware publishing a hardening guide for each vSphere version to help administrator to keep their environments more secure. vSphere hardening guides are available in the below link as Excel files: Download – Hardening Guides Previously, VMware had published an application to analyzing your vSphere environment and report you any security issue according to hardening guides. VMware Sphere Compliance Checker was available up to vSphere 5.5 and that’s not available for vSphere 6.x but you can use “VMware vRealize Configuration Manager” on this regard. Anyway, you can check and change security configurations accordion to hardening guides on your servers manually.
