Security

This presentation covers the MITRE ATT&CK matrix and it’s application in an Oxford or Cambridge College (or indeed any intuition) to gain increased awareness of exposure to cyber attacks and what can be done about them. Note, it looks like OBS captured the audio from the videos that wasn’t played back to the audience – sorry for talking over them!

My thanks to the CITC committee for the invite to return and present and I’m looking forwards to seeing everyone again in 2024!

  CITC 2023 Presentation (3.9 MiB, 6,939 hits)

If you are looking to build out Zone Protection Profiles on your Palo Alto Networks Next Generation Firewall then it can be handy to know just what your connections per second metrics look over time for each zone. Quite lucky Palo Alto Networks have a little (although not entirely descript) guide on where you can get this data – https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/zone-protection-and-dos-protection/zone-defense/take-baseline-cps-measurements-for-setting-flood-thresholds/how-to-measure-cps.html.

With that information in hand it was just a matter of time before working out how to collect this data through PRTG so do follow on with the screenshot guide to find out how!

Handy strings:
1.3.6.1.4.1.25461.2.1.2.3.10
[rowidentifier] Connections Per Second
TCP
UDP
Other IP

Some more information on Zone Protection/Flood Protection: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/network/network-network-profiles/network-network-profiles-zone-protection/flood-protection.html

For this weeks ‘from around the web’ we are looking at some very cool screens that I’ve just started working with for an Arduino project, some advice from the National Cyber Security Centre and a brilliant set of resources to build a plan to secure an IT environment.

Nextion displays for Raspberry Pi/Arduino
For a little while now I’ve been working on various little Arduino based projects (of note soil and general environment sensors); in looking to branch out to some more areas I’ve decided to build a ‘sensor array’ for my car and naturally will need some way to display all the data being captured. For this I came across the Nextion displays which come in a variety of sizes, have an easy to use application to design how the screen looks/works and only needs power + serial connectivity to work.

Hopefully pretty soon I’ll get some more detailed examples of this ‘sensor array’ on here.

Three random words or #thinkrandom
For a basic but handy document about how cyber criminals breach passwords and for advice on how to make better passwords look no further than this link from the National Cyber Security Centre.

CIS Cyber Security Best Practices
Sometimes organisations are just bombarded with advice on ‘where to start’ with Cyber Security, some might say start with logging, others perhaps just having an inventory of what you have or maybe having the very best firewall you can afford (pro tip it’s the second one!). To get some real answers that are sized appropriately for any organisation the Centre for Internet Security is the place to start.

Looking for some fun ways to get more out of your your Smart Card deployment? If so have you tried……?

  1. Use Smart Cards to login to your Servers via Remote Desktop
  2. Use Smart Cards with the PowerShell Get-Credential Commandlet
  3. Use Smart Cards with your Firewall for single sign on
  4. Use Smart Cards to login to IIS Web Applications (just a box to tick and a radio option to select)
  5. Store multiple identities on your Smart Card and assign different (and perhaps more complex) PINs to the identities

Have a look at the screen shots below for some more details…

If you are looking for a free tool to manage some of the more intricate features of the Gemalto IDPrime .NET and MD cards then the Mini-Driver Manager (downloadable from http://www.gemalto.com/products/dotnet_card/resources/development.html) may well fit the bill. However it has one small downfall in that out of the box it only allows you to manage cards with the Admin Key set to 48 0s or 48 Fs with neither option being much use to anyone once they have changed the Admin PIN.

Luckily these values are only set in a INI file so its pretty easy to change them to anything else.

Please note that this guide uses a feature in Notepad++ to elevate an application to have local Admin access, you can download Notepad++ from https://notepad-plus-plus.org however you could also use plain old Notepad you’ll just need to launch it as an Administrator and browse to the INI file within Notepad.

On with the guide!!

So after meaning to play with Smart Cards in greater detail for some time we’ve just received a set of cards and accessories from Smartcard Focus (http://www.smartcardfocus.com/) including….

  • Gemalto GemPC Shell Token V2 (IDBridge K30) (a USB dongle style Smart Card reader which you can see in the screen shot sequence below)
  • Gemalto IDPrime .NET smartcard – SIM cut (to go in the IDBridge K30)
  • Gemalto IDPrime .NET card – just your standard Smart Card
  • Omnikey 3121 – just your standard Smart Card reader

One of the first things I wanted to do was get PIN complexity and policy defined; the chaps over at Gemalto provide a number of tools which can be used to manage the cards which can be downloaded from the links below…

http://www.gemalto.com/products/dotnet_card/resources/development.html

http://www.gemalto.com/products/dotnet_card/resources/libraries.html

So time to get on with the guide (which also shows you which downloads are needed from the links)!

48 0s typed out… 🙂

000000000000000000000000000000000000000000000000

Last year just before Christmas I was very close to getting a Motorola Xoom Android Tablet PC but after much thought I changed my mind and decided that I would wait for Windows 8. Looking at the reasons below most of these relate to my nature as a IT professional and how I would use the tablet at both home, out and about and also at work.

Windows 8 is the match for my choice in phone and online services

I use Windows Live quite extensively covering Mail, SkyDrive (Photo storage/Documents), Contacts and Calendar – all of which integrate natively with my Windows Phone.

Microsoft has also demonstrated (video to the right) as to how these web services are built right into the OS in a way that is already familiar to me. This kind of continuity between devices can’t be matched and Android tablets (although Apple does very well with the iPhone and iPad offering a very similar user experience). Continue reading