Cyber Blog

The basic concepts of Cloud Identity and Access Management. – 15/05/2019

The basic concepts of Cloud Identity and Access Management. – 15/05/2019 150 150 tiptechnologies_6agik4

Google Cloud Platform (GCP) offers Cloud IAM, which lets you manage access control by defining who (identity) has what access (role) for which resource.

Do you want more…? Contact us on osazee@tiptechnologies.co.uk.

 

 

Identify Threats and Vulnerabilities with EDR and CASB in AWS

Identify Threats and Vulnerabilities with EDR and CASB in AWS 150 150 tiptechnologies_6agik4

*********** Sponsored By AWS Marketplace ***********

Identify Threats and Vulnerabilities with EDR and CASB in AWS. Find out how these solutions help identify who has vulnerable software/configurations on their cloud endpoints by leveraging indicators of compromise to enrich investigations and pinpoint the depth and breadth of malware across thousands of endpoints.

How to leverage endpoint detection and response (EDR) in AWS investigations

http://www.sans.org/info/215455

Cyber Security Statistics For Everyday People. Do You Know…

Cyber Security Statistics For Everyday People. Do You Know… tiptechnologies_6agik4

In 2017 we have seen more focus on cybersecurity investment from healthcare providers. They’ve felt the pain of their antiquated systems and have had to step up out of necessity to do more to protect their infrastructures and patient data.”
–Robert Herjavec, Founder & CEO, Herjavec Group

Do You Know…

  • 91 Percent of attacks by sophisticated Cybercriminals start through spear phishing emails.
  • Cyber Security Spending Expected to Exceed $1 Trillion
    According to Gartner, information security spending grew to $86.4 billion in 2017, a figure that does not even include internet of things (IoT)
  • The Internet Of People To Reach 6 Billion
    In 2017, there were 3.8 billion internet users, just over half of the world’s population of 7 billion. According to Cybersecurity Ventures, there will be over 6 billion internet users by 2022, or 75% of the world population of 8 billion
  • The Internet Of People To Reach 6 Billion
    In 2017, there were 3.8 billion internet users, just over half of the world’s population of 7 billion. According to Cybersecurity Ventures, there will be over 6 billion internet users by 2022, or 75% of the world population of 8 billion
  • Cyber Crime Expected To Double To $6 Trillion In Next 4 Years
    Source: https://www.gomindsight.com/blog/cybersecurity-statistics/
  • The cyber security unemployment rate is approaching 0 percent.
    Source: https://www.gomindsight.com/blog/cybersecurity-statistics/
  • Android platforms are highly susceptible to cyber security attacks
    Source: https://www.agcs.allianz.com/insights/expert-risk-articles/risk-future-cyber/
  • China is the country with the most malware in the world
    Source: https://www.pandasecurity.com/mediacenter/press-releases/all-recorded-malware-appeared-in-2015/
  • A hacker attack occurs every 39 seconds
    Source: https://www.securitymagazine.com/articles/87787-hackers-attack-every-39-seconds

For more statistics on Cyber Security Visit:

26+ Cyber Security Statistics & Facts For 2021

How to create Fortigate SSL VPN

How to create Fortigate SSL VPN tiptechnologies_6agik4

How to create Fortigate SSL VPN

SSL-VPN provides remote users with access to the corporate network using SSLVPN  client while connecting through the Internet to the corporate FortiGate unit. During the connecting phase, the FortiGate unit will also verify that the remote user’s antivirus software is installed and current…

Step 1. Create an SSL VPN portal for remote users

Go to VPN > SSL > Portals

Step 2. Create a user and a user group

Go to User & Devices > User > User Definition

Step 3. Add an address for the local network

Go to Policy & Objects > Objects > Addresses

Step 4. Configure SSL VPN tunnel

Go to VPN > SSL > Settings and set listen on interface(s) to wan1 (i.e. outside interfaces)

Step 5. Add security policies for access to the internet and internal network

Go to Policy & Objects > Policy > !Pv4

Step 6. Set up Fortigate unit to verify users have current antivirus software

Go to System > Status > Dashboard

On CLI Console type

config vpn ssl web portal

edit full-access

set host-check av

end

Step 7. Verify Results

On your url type https://x.x.x.x (IP of external interface – wan1)

Log into the portal using the credentials you created in step 2

Go to VPN > Monitor > SSL-VPN Monitor

Go to Log & Report > Traffic Log > Forward Traffic

Reference: Keith Leroux

How to configure Wired 802.1x

How to configure Wired 802.1x tiptechnologies_6agik4

How to configure Wired 802.1x on ISE 1.3…

1. Add an external identity source e.g. AD

If you have multiple identity sources, create an identity source sequence

Add ISE(s) as join points to AD

Add AD OUs as groups

To enable machine authentication; go to Administration, external ID sources, Advance settings – Tick the check boxes for Password change, Machine authentication and Machine access restriction

Under System, make sure you see all the ISE nodes their roles and services status

2. Add network resources.

Simply add the dot1x switches

3. Create authentication policy

From Policy -> Result -> Authentication, create an authentication allowed protocol e.g. “PEAP-TLS”

Now create an authentication policy by duplicating the default wired condition. Rename the authentication policy and allow the protocol “PEAP-TLS” created in (3). Replace “Internal end points” with the authentication sequence you created in (1b).

4. Create authorization profile

Duplicate wired 802.1x authorization profile; rename it for example, “Wired-802.1x-users” save

Now create Condition and result for this rule.

Duplicate Wired 802.1x Condition and rename it for example, “Wired-dot1x-users”. With the AND operator add Domain user group to Frames and Ethernet.

Duplicate an existing result name it “Allowed-WD –Access” under authorisation profile, Create DACL and select the appropriate Data Vlan and Tag. Save configuration.

5. Create Authorization policy
Duplicate 802.1x authorization policy; rename it… e.g. (Wired-Auth-Policy)
Using the Condition and the authorization profile result you created earlier, update the authorization policy you just created.

Note: There are two options in matching policy rules. 1. First match and 2. Multi-Match. User the dropdown at the top to select between both as it suites you environment.

Types of DDoS Attacks – volumetric, asymmetric, computational, and vulnerability-based

Types of DDoS Attacks – volumetric, asymmetric, computational, and vulnerability-based tiptechnologies_6agik4

Soft side on Cyber Security

DDoS attacks are rapidly evolving in frequency and unpredictability. While the objective is still to cause a service outage, attacks and attackers are becoming more sophisticated. While the threat landscape continues to expand, some security experts think that DDos fall within four major types: volumetric, asymmetric, computational, and vulnerability-based.

Defensive mechanisms have evolved to deal with these different categories, and today’s high-profile organizations have learned to deploy them in specific arrangements to maximize their security posture. By working with these companies and fine-tuning their components, some security experts at the time of this writing that has developed a recommended DDoS protection architecture, which can accommodate specific data centre size and industry requirements, include… F5 (ADF, ASM) and Cisco Firepower.

In addition, McAfee and Websense are recommeded tools that can be ran on ‘proxy servers’.

Different types of firewall…

Different types of firewall… tiptechnologies_6agik4

Different types of firewalls… How it works

Packet-Filtering Firewall – ACLs – IPs and Port numbers Operates at layer 3 and 4

Stateful Firewall – Operates at layer 5

Application/Proxy Firewall – Proxy for clients with security app like Websense, McAfee – Layer 7 FWs

Reverse-Proxy Firewall – Proxy for server with security app like Websense, McAfee – Layer 7 FWs

http://www.networkworld.com/article/2255950/lan-wan/chapter-1–types-of-firewalls.html

Summary

Packet filtering alone does not provide enough protection. To effectively block peer-to-peer-related network traffic, you need a firewall that does application filtering, which can be regarded as an extension of stateful packet inspection.

Stateful packet inspection can determine what type of protocol is being sent over each port, but application-level filters look at what a protocol is being used for.

For example, an application-level filter might be able to tell the difference between HTTP traffic used to access a Web page and HTTP traffic used for file sharing, whereas a firewall that is only performing packet filtering would treat all HTTP traffic equally.

Application layer firewalls are generally slower than stateful inspection. Application-layer firewalls are sometimes implemented using application proxies. Two TCP connections are established: one between the packet source and the firewall, another between the firewall and the packet destination. Application proxies intercept arriving packets on behalf of the destination, examine application payload, and then relay permitted packets to the destination. Suspicious data is dropped and the client and server never communicate directly with each other. Proxies necessarily involve more protocol stack overhead than inspecting packets at the network layer. Furthermore, because a unique proxy is required for each application, proxy firewalls can be less flexible and slower to upgrade than stateful inspection firewalls. Nevertheless, because application-level proxies are application-aware, the proxies can more easily handle complex protocols like H.323 or SIP, which are used for videoconferencing and VoIP (Voice over IP).