So, you have discovered in your authentication logs that an ip range explicitly blocked, denied by default or even geo-blocked is somehow still attempting to gain VPN access? Since VPN traffic is going to the FTD and not through the FTD, it is handled by the control-plane rather than the data-plane. Fortunately, a solution is available, although imperfect, through the use of FlexConfig.
Continue reading Firepower Access Control Policy not blocking VPN connections
This reference guide covering the objectives for the SY0-701 CompTIA Security+ exam is designed to act as a supplement to your course book. Using this guide, along with the acronym list, should help you save time by quickly referring to key topics within the exam objections.
Among the many techniques employed by hackers to lure users into clicking on a malicious file, the “Right-to-Left Override” or RLO attack is an interesting form of obfuscation. It is designed to masquerade the file extension in order to trick unsuspecting users. If you couple this with changing the file icon of an executable or bat file to say a pdf, it will add to the illusion of authenticity.
Continue reading Understanding Right-to-Left Override AttackFamiliarizing yourself with the acronym list used for the Security+ SY0-701 exam is not only crucial in preparing for
the certification but also for individuals pursuing a career in cybersecurity. This quick reference guide is a comprehensive
list, containing abbreviations and technical acronyms commonly used in the security field as well as required by CompTIA.
En algún momento, es posible que te encuentres en una situación en la que necesites otorgar acceso SFTP a un usuario, pero debe configurarse para evitar que naveguen por toda la estructura de directorios del sistema. Aquí es donde resulta útil la funcionalidad de chroot incorporada en sshd. Esto te permitirá restringir y aislar al usuario en un directorio específico y evitar fácilmente el acceso no autorizado. En este ejemplo, cubriremos los pasos de configuración para establecer el acceso para un usuario llamado Rafael en el departamento de contabilidad.
Como usuario root, crea la cuenta y la contraseña para Rafael. Especificaremos el directorio de inicio como /var/contabilidad. Este será el directorio chroot que vamos a configurar. La shell debe ser /bin/false para evitar inicios de sesión interactivos.
Continue reading Configuración de un Directorio SFTP en ChrootAt some point you might find yourself in a situation where you need to grant sftp access to a user but it should be configured to prevent them from traversing the entire directory structure within the system. This is where the built-in chroot functionality within sshd comes in handy. It will enable you to restrict and isolate the user to a specific directory and easily prevent unauthorized access. In this example, we will cover the configuration steps for setting up access for one user named jsmith within the Accounting department.
As the root user, create the account & password for jsmith. We will specify the home directory as /var/accounting. This will be the chrooted directory we are going to setup. The shell should be /bin/false to prevent any interactive shell logins.
Continue reading Setting Up a Chrooted SFTP Directory
Due to the ever increasing list of network compromises, securing our online presence has become more crucial than ever. One way to ensure online security is to use SSL/TLS certificates, which encrypt data transmissions between servers and clients, making them unreadable to any third-party. However, these certificates can be compromised, causing severe security breaches. This was seen back in 2011 with certificate authorities Comodo & DigiNotar. Read more here. There have been around 10 CA compromises in the last 3 – 4 years. Still a rare issue but one that needs consideration. That is where Certificate Transparency comes in, which is an open framework for monitoring SSL/TLS certificates.
Continue reading Certificate Transparency Logs
It is well understood that corporate fraud can have devastating consequences for an organization and that detecting and preventing fraud is essential for safeguarding the interests of the owners, investors, employees, and customers. Therefore, it is important to be aware of the leading indicators of potential corporate fraud so that companies can take proactive steps to mitigate the risk of fraudulent activity. This post will explore 10 leading indicators of potential fraud that should be taken seriously. It should be noted that the presence of these flaws are no guarantee of fraud and could just point towards poor management practices or errors in accounting procedures. However, it is essential that thorough routine investigations and analysis be conducted to determine if there is actual fraudulent activity taking place.
Continue reading Top 10 Indicators of Corporate FraudSudo is a powerful tool that allows users to execute commands with root privileges on a Linux system. Sudo is typically used to allow users to perform administrative tasks without giving them full access to the root account. The sudoers file, located at /etc/sudoers, controls which users can use sudo and what commands they are allowed to run.
Continue reading Best Practices for /etc/sudoers
If you’ve been in the IT industry for any amount of time you are likely to have ran across fiber optic patch cables in use in various different installations. Typically, you will most often see fiber optic cables used for an uplink to an internet service provider, in between network devices between buildings in a campus network, or in a datacenter where large amounts of bandwidth and high speeds are required.
Continue reading Fiber Factoids, Part 1 – A primer on common fiber optic cable types
The Network Logician 