Qualys – Vulnerability Management Notes

Vulnerability Management

 

A tool to manage and mitigate vulnerabilities.

My training session covered how to:
1. Scan the Network
2. Manage Host Assets
3. Report on Scans
4. Manage User Accounts
5. Remediate Risk

Things to know :

  • IP ranges of your networks.
  • IP address’s assigned to your Qualys scanners

Vulnerabilities and Scans

  • You can import vulnerability libraries
  • You can run authenticated scans / trusted scans

Ratings and Severities
After a scan has been run:

  • Vulnerability Ratings are Red, Yellow and Blue
  • Severity levels are graded 1-5

Assets

  • Group Assets – Note Nested groups isn’t supported
  • Set a business impact attribute to calculate business risk
  • Tag & child tags to your assets which will allow you to create and Operating System Hierarchy

Reporting

  • Create template based reports
  • Create tickets based on the report outputs

User Management

  • Roles – Scanner, Manager, Unit Manager, Auditor, Reader, Remediation User, Contact
  • Role – Allow access to GUI & API option

Remediation

  • Assign tasks to users

 

Files Older Than 3 Months Combined Total File Size

A requirement to identify the total file size of all files not used in the last 3 months.

This was the solution

#Run as administrator
#You need to have permission of the files or folders 

$date = (Get-Date).AddMonths(-3)

dir C:\temp -Recurse | ?{$_.lastwritetime -lt $date -and !$_.PsIsContainer} | Measure-Object -Property Length -Sum

# oneliner

dir C:\temp -Recurse -Force -ErrorAction SilentlyContinue | `

    ?{$_.lastwritetime -lt (Get-Date).AddMonths(-6)} | Measure-Object -Property Length -Sum -ErrorAction SilentlyContinue

 

# resulting data will be in bytes. To convert them to gigabytes, you may do this:

$files = dir C:\temp -Recurse -Force -ErrorAction SilentlyContinue | `

    ?{$_.lastwritetime -lt (Get-Date).AddMonths(-6)} | Measure-Object -Property Length -Sum -ErrorAction SilentlyContinue

($files.sum / 1gb).ToString(“F02”)

# F02 determines how much digits will appears after comma. In my case – 2 digits.

 

dir C:\temp -Recurse | ?{$_.psiscontainer} | %{

    Write-Host current folder is $_.fullname;

    dir $_.fullname | measure-object -property Length -sum -ErrorAction SilentlyContinue

} >c:\temp\file sizes

Credit to the  Original post script this is based on

Vembu – Live Webinar – Zero Data Loss

Interested in knowing more on implementing near zero data loss for your IT setup? Come and join a live webinar session that will be hosted by Vembu’s experts due on the following dates:

  • October 3rd, Wednesday at 2PM ET, 11AM PT – for Americas
  • October 4th, Thursday at 11AM GST – for EMEA, APAC & ANZ

 Registration

 

What is being discussed:

Let’s consider hypothetically that a disaster has occurred to the data centers. The one thing, 90% of IT admins will focus on doing is trying to get hold of the size of data that’s lost when all they should be doing is continue working on the recovered servers from the previous backup jobs. When most vendors seem to be marketing near Continuous Data Protection(CDP) that assures near zero data data loss- the most critical thing is how near it actually is? This time, you will find experts from Vembu going live on their upcoming webinar-”Towards near-zero data loss. What you need to get right” giving system administrators an insight on tackling this persistent pain point.

So how much disaster-prepared are you? Here’s why joining this webinar session is the one of top things that you should prioritize as October nears.

Why the near CDP rule?: It isn’t all about just replicating your servers to another site during a disaster. It’s about the IT problems that it can resolve and the huge amount of loss in revenue that it can save you from.

 

It isn’t just about snapshots and replication either! Well, these are there in the storage systems for years together. Getting your RPOs and RTOs right is one of those things that’s very significant. If you are currently running them in a duration of few hours, that’s some serious problem there. What you should be aware is, it definitely can be(should be) brought down to a matter of few minutes.

 Getting near CDP right with the Vembu BDR Suite: Avoiding/Reducing data loss, performing successful recovering checks to knowing different recovery scenarios that would help you recover your physical and virtual setups during any downtime and lot more practices is what we will be dealing with.

Vembu BDR Essentials – Small Businesses

Check out Vembu BDR Essentials, it has now been released for small business’s.
Over the last year, there seems to be a rise advanced phishing attacks and ransomware. While these topics aren’t directly related to Vembu BDR Suite, if you were a victim of ransomware then a good product to have on your side is a backup and recovery product like Vembu BDR Suite.
Some features, such as fast recovery of virtual machines or file level recovery, are nice features of Vembu BDR Suite. The downside to backup and recovery products for small business (SMEs) is cost, however you can now save up to 50% when compared to when compared to Vembu BDR Suite.

Download Vembu Products here:

 

Workstation 15 Is Here

Workstation 15 Is Here

Workstation 15 Is Here

Workstation 15 Pro and Player are Now Available! Download Now Workstation Pro Workstation Player Buy Now In celebration of our 20th anniversary, the VMware Workstation team is very proud to announce the general availability of VMware Workstation 15 Pro and VMware Workstation 15 Player, our flagship desktop hypervisors […] The post Workstation 15 Is Here appeared first on VMware Workstation Zealot .


VMware Social Media Advocacy

Google Advanced Search Operators

Some tips and examples for more advanced and focused google searches

allinurl: hot wired it (Contains in the Web URL)

allintitle: hot wired it (Search in the title)

allintext: “stephen hackers” (Search for specific text to appear)

site: https://www.hotwireditsolutions.co.uk/ filetype: pdf ( Search a site containing file types)

site: https://www.hotwireditsolutions.co.uk (Search a specific site)

site: https://www.hotwireditsolutions.co.uk/ (0191..) Search for numbers

Asterisk (*) stephen* Word plus wild card words

Quotes (“”) Search for a specific word/s

vSphere ESXi 6.7 Unable to talk between subnets between hosts

Configuration was :

ESXi 6.7 – vSphere handling all the port groups tagged with VLANs

Firewall – CISCO ASA

 

Problem : New ESXi 6.7 hosts. A virtual machine if on the same host and vSwitch could communicate no problem. However if a virtual machince was communincating with another virtual machine on another host on a different, subnet they were unable to communicate between subnets and hosts. Both virtual machines could ping their local gateways. Firewall, CISCO ASA was just dropping all packets and showing the following error

Error on the Firewall when capturing ping traffic “No source port  on ping “Error (Type 8, Code 0), Denied ICMP type=8, code=0”

 

Solution

Sometimes its the simple tick box on the Firewall / ASA config

“Enable traffic between two or more interfaces which are configured with the same security levels”

All traffic started communicating and the virtual machines could talk between the subnets as per the rules on the Firewall.

What does End of General Support mean?

vSphere 5.5 was released in 2013. Now 5 years on and its out of General Support. What does it mean? My simplistic techie take on this is, you still have support if you vSphere farm has a wobble and you need VMware technical support, and don’t be surprised if the solution is to upgrade. However if your still running 5.5 and your not quite sure what to do, feel free to call on a certified professional to plan an upgrade to the latest and greatest release :-).

What does End of General Support mean?

On September 19th, vSphere 5.5 exited its general support phase and moved into something called “Technical Guidance”. In response to this, many have already moved to a newer release of the vSphere 6.x line. Whether it be for compatibility concerns or a reasonable wariness of touching what’s not broken, there are several of us who The post What does End of General Support mean? appeared first on VMware vSphere Blog .


VMware Social Media Advocacy

Task : Output A List Of Home Drive Paths Configured In Active Directory

#DSQuery

dsquery user -name “*” -limit 0 | dsget user -samid -hmdir -hmdrv -profile >c:\temp\usersV2.txt

 

#PowerShell # More flexibility # Includes the state of the computer account (Enable or Disabled)

Get-ADUser -Filter * -Property Name,CanonicalName,CN,DisplayName,DistinguishedName,HomeDirectory, HomeDrive,SamAccountName,UserPrincipalName | export-csv -path (Join-Path $pwd HomeDrive.csv) -encoding ascii -NoTypeInformation

How To Access A SQL Server 2008 Databases WITHOUT SA (SysAdmin) Credentials

Challenge : How to make a backup of a SQL 2008 database without knowing any working credentials.

Log on to the Windows 2008 R2 server running SQL Server 2008 as a domain admin.

Launch SSMS (SQL Server Management Studio)

Issue the windows credentials have no permissions and there were no obvious groups in AD (Active Directory) which would have access.

So…back to basics…..

PS tools to the rescue

….………………………………………………………………..

Download PS Tools https://docs.microsoft.com/en-us/sysinternals/

Store in c:\temp\

The tool to use is PSexec

Launch command prompt

Browse to c:\temp

Type : psexec -i -s SSMS.exe

This will launch SSMS (SQL Server Management Studio) as system. By luck would have it, window auth under “system” has full SA rights in SQL 2008.

I can then connect to all databases and compete the backups. I can then also check the security permissions for users