April 11, 2019 Microsoft Security Update Guide - WST As most of you already know, Microsoft has been releasing Windows cumulative monthly updates for some time now. Each of these updates (generally) includes relevant security updates from previous releases, making the installation process simpler. Apply the most recent cumulative updates for your Microsoft software, and you should be in pretty good shape. The downside to this approach is that each update addresses multiple issues, and after applying the patch, there may be additional action needed (i.e. a registry key, GPO setting, etc.) So how is a careful [...]
About 10-D SecurityThis author has not yet filled in any details.
So far 10-D Security has created 8 blog entries.
March 28, 2019 Ad Blockers and why you should consider using them - WST Many websites use advertisements to help supplement the cost of creating new content, hosting the site itself, and to generate revenue. Many site owners utilize various ad platforms to load ads onto their websites. However, bad actors have been known to abuse these platforms to direct users to malicious websites or download malicious content. This is known as "malvertising". A seemingly innocuous ad could lead a user to a drive-by download or load malicious code from a compromised website. Reputable ad blockers such [...]
March 21, 2019 Local Administrator Password Solution (LAPS) - WST LAPS Local Administrator Password Solution (LAPS) addresses the basic issue where the same local administrator accounts are used on all hosts throughout the organization, leaving them susceptible for “Pass-the-Hash” and credential re-use attacks. LAPS does this by leveraging a combination of an application installed on a Domain Controller, Active Directory (AD) Templates, and PowerShell modules. The LAPS password is stored as the ms-Mcs-ADMPwd AD attribute and associated with a domain computer. LAPS credentials are also passed using Kerberos encryption by default. Additional benefits include automated password rotation [...]
March 14, 2019 Are you prepared for the EOL Shockwave? - WST Often, we take software that seems to have ‘always been there’ for granted, until suddenly it’s not supported. At other times, ‘must have’ software fades into obscurity as it’s gradually replaced by alternatives. Either way, you should be prepared for an End of Life (EOL) announcement just as much as you should for important software update announcements. This week it’s an announcement by Adobe. They have announced the EOL for Adobe Shockwave, on April 9th, with extended support only for Enterprise customers. This also means anyone who [...]
March 7, 2019 Intrusion Detection and Prevention Systems: Are they really working? - WST Let’s face it, if you have a public IP you’re going to get some type of illegitimate access attempt directed at your network at some point. Probably multiple times per day. Just look at your firewall logs and alerts sometime. If you are not, you should be; daily. If you don’t have one or are not familiar with the concept, an Intrusion Detection and Prevention System (IDS/IPS) will actively detect and prevent malicious or unwanted attempts at access. Your IDS/IPS can be deployed as [...]
February 28, 2019 Are thin clients a good idea? It depends. - WST Most folks know the drill with the common corporate desktop setup. For full desktop PC’s, adequate hardware starts around $500. You’ll need antivirus licensing, a patching / vulnerability management system, and process in place to keep these systems up to date and secure.So, what about thin clients?For pricing, an admittedly limited search for prices for new “adequate” thin clients showed that they were generally priced between $250 and $480. This can add up to quite a savings.Next, you must have the back-end infrastructure to support those clients [...]
February 21, 2019 Something you have. Something you know. - WST Multi-factor authentication (MFA) is simple, easy to use, generally straight forward to implement, and can save your organization and customers from data loss. The token (something you have) is inexpensive or free, and usernames and passwords (something you know) is something your organization’s employees or customers use on a regular basis. Some obvious and typical uses for MFA are VPN access, administrator sessions to sensitive systems, or secure web-portals like web-based email access, secure file shares, customer portals, and so on. See our blog post for [...]
February 14, 2019 A picture is worth a thousand words! Network Diagrams - WST This is especially true when talking about network diagrams. A network diagram is a roadmap that helps you illustrate and document what a network looks like, and how things are connected. The following diagrams should be maintained: WAN topology that clearly shows all ISP, VPN, and WAN connections, wireless connections, LAN segments along with router, firewall and IDS implementations. Individual LAN topologies showing default gateways, DNS implementation, all servers, and all network devices. Here are some key elements of good network diagrams: Keeping a [...]