In this (long overdue) edition of from around the web we have a really simple (and largely free) tool to forward Windows logs, a guide on configuring Office 365 with some cool email security features and a super simple (barebones) digital signage package for the Raspberry Pi.
With the centralised collection of event logs becoming a hot topic NXLog is certainly worth a mention as a tool that can (at the very least) capture Windows Event data and ship them up to a service like Graylog (even better NXLog can use the GELF format allowing the logs to be easily parsed by the server).
Options for Windows Server DNS logging and DHCP logging are also included with it’s feature set making for a very useful tool.
SFP, DKIM and DMARC (described in a little more depth here) are handy technologies to prevent the use of your own email domain by spammers/suchlike. This guide walks you through how to configure these technologies with direct reference to Office 365.
Oddly included in the NOOBS package for the Raspberry Pi but not something I’ve come across in the past. The Screenly OSE (Open Source Edition) gives you a really easy way to display web pages and other content on a schedule from a simple web based management console. Given it’s simplicity I really find it handy when configuring PRTG Maps for large format displays.
For this weeks ‘from around the web’ we are looking at some very cool screens that I’ve just started working with for an Arduino project, some advice from the National Cyber Security Centre and a brilliant set of resources to build a plan to secure an IT environment.
Nextion displays for Raspberry Pi/Arduino
For a little while now I’ve been working on various little Arduino based projects (of note soil and general environment sensors); in looking to branch out to some more areas I’ve decided to build a ‘sensor array’ for my car and naturally will need some way to display all the data being captured. For this I came across the Nextion displays which come in a variety of sizes, have an easy to use application to design how the screen looks/works and only needs power + serial connectivity to work.
Hopefully pretty soon I’ll get some more detailed examples of this ‘sensor array’ on here.
Three random words or #thinkrandom
For a basic but handy document about how cyber criminals breach passwords and for advice on how to make better passwords look no further than this link from the National Cyber Security Centre.
CIS Cyber Security Best Practices
Sometimes organisations are just bombarded with advice on ‘where to start’ with Cyber Security, some might say start with logging, others perhaps just having an inventory of what you have or maybe having the very best firewall you can afford (pro tip it’s the second one!). To get some real answers that are sized appropriately for any organisation the Centre for Internet Security is the place to start.
A late one for this release of ‘from around the web’ after being on holiday for the last week – as the case always seems to be I’ve come out of the sun quite red. This week we have another step in the right direction to getting rid of passwords, some helpful templates for building a first config for a Palo Alto Networks Next Generation Firewall and an interesting (short) review of the Hubitat home automation hub.
New Azure Active Directory capabilities help you eliminate passwords at work
It’s been promised by Microsoft (and some others) for quite some time and it looks like another leap in the right direction has been made. With FIDO2 and devices like the YubiKey password less login on Windows 10 Azure AD domain joined devices is happening. Be sure to watch the video at the bottom of the page!
All the options within a PAN NGFW can seem quite daunting and while the out of the box settings for security policies will help they are far from best practice. That’s where the IronSkillet comes in handy to take some of that pain away and give you a serious starting point.
Smart Home Hub – Hubitat Review
For the people who don’t have the time (or know how) to invest in something like Home Assistant but aren’t up for relying on a connection to the ‘cloud’ for home automation then Hubitat may well be for you. I’ve been exploring home automation for quite some time (at the moment using LIFX and HomeSeer) and may well consider looking into Hubitat some more if/when I decide to expand on it.
In this new blog post series I’ll be looking at (normally a selection of 3) cool articles, news and other blog posts that I find interesting during the day. For this week we have PowerShell tricks, a detailed article on securing the Windows Firewall and an (old but very interesting) write up on the woes of network administrators when everything goes wrong.
PowerShell tricks: Splatting
New to me (always learning!) this trick allows you to populate the parameters for a PowerShell cmdlet in a table (makes for much neater formatting) to then pass into the cmdlet as a single object.
Endpoint Isolation with the Windows Firewall
The Windows Firewall may seem like a bit of a beast from time to time but this article makes some great points on how to build out a set of secure policies that can apply to pretty much any environment.
All systems down
A true disaster story – quite old (2003) but really worth a read to see what lessons you can take home.
A bit of an odd post but given this bag is proving so very handy I thought it worth it!
Having started a new job at the beginning of the year it was evident that I would need to carry around a bit more kit with me than previously, with Christmas just around the corner it was the perfect time to do a little research into cable organiser bags. After a fair bit of time on Amazon I came around to the BUMB Cable Bag in the ‘small’ size –
After 3 months of use this bag has really proven itself with a others in the office ending up buying one as well! In particular I’ve liked-
- The durable material and zips, haven’t had a jam or any sign of damage in daily use
- The bright colour trim around the edge of the bag – goes well with the yellow/gold interior of my laptop bag making it super easy to see at night
- The big loop on the side making it easy to grab ahold of when jammed in amongst all the other kit in my laptop bag
- All the interior pouches are big enough for the cables I have
Following on from the previous post (A Windows SysAdmin installs and uses OpenVAS – End to end guide – Simple Beginnings) in this post we’ll be using PowerShell, OpenVAS and the OMP (Open Management Protocol from Greenbone) to create a Target (a machine/device) to conduct some Pen Testing against, create a Task to scan the target and then generate a report.
The final step is quite possibly the most important though; it’s worth pointing out (hopefully the obvious) that you could have the most amazing Pen Testing software package on the planet but unless you then absorb the reports and take action to Mitigate/Resolve/Eliminate the risks identified it’s all just a horrible waste of CPU cycles.
A quick note – this guide is shown as only a small example of how you can get started with OpenVAS, stay tuned for more in depth guides!
In this first stage we will download the OMP client for Windows (from http://docs.greenbone.net/GSM-Manual/gos-4/en/tools.html#omp), get it into the right place on our computer as well as create a omp.config file (you can download an example from below) which will provide settings and credentials to the OMP client.
Example OMP File (hosted on GitHub – https://gist.github.com/jamesfed/4ed9be7de2adb83d1d442cc06ea1dbeb).
In addition to follow through with this guide you should download the .ps1 file below which contains the PowerShell code for the steps shown in the screenshots.
OpenVAS-Simple-Example.ps1 (hosted on GitHub – https://gist.github.com/jamesfed/6a5c6634abc12c180f125e25c2764d1f).
Creating a Target
Creating and kicking off a Task
Exporting the Report
Reading the Report
To discover more about the omp.exe tool take a look here – http://docs.greenbone.net/GSM-Manual/gos-4/en/omp.html#access-with-omp.
In the next post of this series I’ll be covering how we can take these simple beginnings and start to build something more in depth through OMP and PowerShell.