Archive January 2020

Teaming up today with a post from MindofaRaptor.com


www.MindofaRaptor.com

Cyber Security/Hacker Operating Systems 

I was recently informed of a new operating system that helps cover all of the security needs for those working in the Cyber Security industry, by the name of Parrot OS. I’ll confirm now before letting you read on, I have migrated away from Kali to Parrot but during this journey I thought it was a good idea to see what other systems are out there for my security needs. 

 

This blog article covers my discoveries, some of which may come as a complete surprise and others not so much. 

 

The first two have already been mentioned, but here they are: 

  1. Kali OS. https://www.kali.org/

This is the most popular Cyber Security operating system around, and there’s no surprise as to why. The security tool count, that is built in exceeds 600, and that is a lot to get your head around. 

 

Add to this, the following certifications evolve around Kali, so for anyone wanting to get their careers moving in the direction of Cyber Security, this is a perfect choice. 

 

Certifications: OSWE, OSCP, OSCE, OSWP, OSEE, KLCP. 

  1. Parrot OS is a relatively new solution brought to the industry, but it’s been done well. Just like Kali is has a wealth of tools but unlike Kali it has two major components prebuilt in, which are fantastic for all users, not just specific niches of the security industry. The first is the implementation of many tools to help keep you safe/anonymous online, and the second is all the default tools you require for performing documentation and office work. These brilliant additions are why the Parrot OS is also designed for Journalists and hacktavists, and not just the police or security professionals. 

     

    Quick summary, if I was asked which one to learn first. I’d still recommend Kali, but this is due to its history. It has been around long enough to have huge amounts of documentation and tutorials, which help people learn. However if you’ve been in the industry for a while now, I’d advise moving over to Parrot because it feels more natural and could be the future industry leader. 

     

    To find out more and discover the other cyber security operating systems you could explore, continue reading part 2 of this article at “mind of a raptor“. 

Office 365 – Security (Part 1)

Have you setup MS Office 365? Did you start with security in mind?

Have you reviewed your Security and privacy settings? Nothing is configured out of the box. When implementing o365, start treating the platform as if you were securing your On-Prem infrastructure.

Start with the basics:

  • Password Policies
  • Privacy Statements

Can you add additional security to users?

Have you enabled and enrolled users to use MFA? Is it Enfored MFA?

Has access been restricted?

https://docs.microsoft.com/en-us/sharepoint/control-access-based-on-network-location

Mobile Device Management, are you applying any controls to apps accessing OneDrive?

Has logging been enabled for the Office 365 Security and Compliance reports and stats

Azure Administrator – Tasks and Guides

Your one stop shop for the Azure Administrator resource pool of tasks.

Task
Set the tenant, subscription, and environment for cmdlets to use in the current session.
Plan virtual networks
Configure Azure Multi-Factor Authentication settings
Create DNS records in a custom domain for a web app
Add your custom domain name using the Azure Active Directory portal
Create a route-based VPN gateway using the Azure portal
Connect virtual networks with virtual network peering using the Azure portal
Troubleshoot password hash synchronization with Azure AD Connect sync
Manage device identities using the Azure portal
How to manage the local administrators group on Azure AD joined devices
Azure Load Balancer For RDP
Create a virtual network (classic) with multiple subnets
Point-to-Site VPN routing
Back-end health and diagnostic logs for Application Gateway
All things Azure and Sysadmin stuff
Set up Disaster Recovery for Azure IaaS VMs
Migrate AWS S3 buckets to Azure blob storage
Azure Security Center: Learning the ropes (resources)
Copy Files to Azure VM using PowerShell Remoting
How to manage Azure VMs with Windows Admin Center
Conditional Access rules for Admin MFA
Tag @stephenhackers on Twitter with your Azure blog pages

Stuart Barker – ISO 27001 – What Does it cost?

Stuart Barker ( The Data Security Guy) discusses data security and how it comes at a cost. There is a difference between being secure and demonstrating that you are secure. People often talk about ISO27001 certification as being needed for business to do business securely. It has its place but boy oh boy is certification going to cost. In this article Stuart Barker from Hight Table talks about how much does ISO 27001 actually cost and you might realise why companies don’t advertise it and you can’t google it and get a straight answer.

https://hightable.io/how-much-does-iso-27001-cost/

Secured By miniOrange