Tag Archives: security

Start-up Security Guide – DIY Style no

photo-1585144499819-651e1c1c97ec

Inspired by this blog by Isaiah Sarju and this presentation given during the 2017 Denver Startup Week, I am sharing my own version: A DIY (do it yourself) Cybersecurity Guide for Startups!

This guide includes some of my favorite resources that I believe can serve as a great starting point for founders to use and build a strong security foundation for their startups.

Please make sure you check-out Isaiah’s post and the Denver presentation above; both of these are extremely thoughtful and valuable pieces!

Category Resources
Start Here Security Planner, DIY Cybersecurity, Take-Five (financial fraud focus), APWG, SSD
Multi-Factor Authentication Availability TwoFactorAuth
Password Manager Quick Guide, Password Strength Test, Identify Compromised Account
Browser Extensions Privacy Badger, HTTPS Everywhere,
Application Security OWASP, Checklist/EBooks, Secure Coding Course, DIY Hack
Sensitive Info Sharing Wire, Wire’s Audit, Signal, Signal’s Audit
System Encryption PC, MAC: Src1, Src2 Portal Media: Src1, Src2
OS Update PC, MAC
VPN Background, Comparison
Separate Work & Personal on a Budget VirtualBox, VMWare Player, Workstation Pro, MAC Fusion, Trial Virtual Machines, Live OS
The principle of Least Privilege Windows 10, Windows 7, MAC OS
Backup Everything PC, MAC
Who’s Watching Privacy Screens, Webcam Covers
Prevent Accidental Data Exchange SyncStop
Report Abuse / Take Down Request AWS, Azure, Google Cloud, Salesforce, Cloudflare
Check/Request Domain Category Google, Windows Defender, Norton, Symantec, McAfee, Palo Alto, Web of Trust
Internet Crime Complaint Center IC3
Public Security Page Security Page
Phishing Report APWG
Security Education/Awareness Stop.Think.Connect, Interactive Game, Safe Online,
Sector-based Information Sharing and Analysis Centers ISACs
Cyber Readiness Index by Country CRI

Report Google: to report an incorrect marked page as phishing to Google: https://safebrowsing.google.com/safebrowsing/report_error/?hl=en

If you found this helpful please let me know by sending me your comment and feedback below!

I plan to keep this a live list so if you know of a resource that is not already listed but will benefit others, feel free to share and I will make sure to include it!

Also, as you may know, Phishing remains as the most common tactic used by attackers to compromise both companies and individuals.
“Three out of ten people will open a phishing email while one of those will proceed to click on the link, possible infecting not only their own computer but the whole firm”. – Ref.

As part of this post, I am offering a practical, hands-on training on how you can triage and respond to Phishing attacks to protect yourself, your employees and ultimately your company.

Complete the form below and let me know if you would like to learn more!

Tagged , , ,

Layered Security For Home User – Part 1

Most who work in information security are familiar with the term layered security (also known as layered defense) which in a nutshell mean that you employ multiple solutions/components to protect your assets. This idea has been pushed at the enterprise level for years and has been significantly effective at deterring attacks. And with the latest advancements in the end-point-monitoring (EPM) solutions, enterprises now have the capability to both monitor and control what happens on all of the workstations in the environment.

But if you move away from enterprise security to securing the average home user, most users tend to rely solely on the anti-virus solutions. Now, I am not going to get into the debate over how effective or ineffective anti-virus solutions are – but if you are interested in reading rants over this topic feel free to do so. However, what I will say is that just having anti-virus software (especially now) definitely does not meet the layered security concept.

So, how do we get layered security for home computers? Well, the market is not shy from a variety of different solutions that will promise to compliment your existing anti-virus while providing you the benefit of added security. And in my opinion, some of these products can actually be beneficial such as malware, spyware, and email protection but most of these features are already built-in to latest anti-virus solutions – you may just not know it. So, the question still stands, how do we get layered security for home computers? Well, let me answer this by explaining a recent event where I had the opportunity to test a theory first hand…

Continue with part 2

Tagged , ,

Finding Known Evil With Nessus – Part 2

This post is a continuation of my earlier post about finding a known-bad process with Nessus vulnerability scans. In this post, I will share my experience after I finished running my first scan using this new scan policy.

Unlike the regular vulnerability scans, the duration of this scan was much less. The reason for this was because the scan policy consisted of only selected plugins. However, even with only selected plugins, the scan results were very comprehensive.

First, the scan result shows the MD5 hash of the suspicious process. Now you can take this MD5 hash and search sites like VirusTotal but on the scan results page, you will find a direct link to a Tenable website that will provide additional information about the suspicious process. This information is similar to what you would find on VirusTotal but with little less information. In my case, I still searched VirusTotal for more detailed information.

Second, the scan result shows the path of where the suspicious process is located on the target system. Obviously, this is great because now you don’t have to search the system and locate the executable in question. But what’s even better is that the scan results even show all the instances of that suspicious process that the scan found. For example, in my test scan, the same suspicious process was located under numerous user profiles.

With the above information in hand, you can quickly develop you indicators of compromise (IOCs) and begin your investigation. My initial step was to review all the processes on my target machine and identify the process ID (PID) of the executable that the scanner identified. From here you can look at all the network connections related to this process, the system handles, any additional sub-processes, etc.

Overall, I am satisfied with what I have seen so far. I think that it is great that Tenable has incorporated these checks because in my option it makes perfect sense to check for known bad stuff during the time that you have already allocated for vulnerability scans. However, I would recommend that you separate your suspicious process and vulnerability data because do you not want to alarm the system owners without properly doing your own investigation. The easiest way to do this is by creating two different repositories and then drafting different reports/dashboards from each of those repositories.

My final comment is that if you have Nessus (I used SecurityCenter); please try to run this scan with the new scan policy. You can find the link to download this scan policy in my first post. Let me know what you guys think!

Tagged , ,

Finding Known Evil With Nessus

When it comes to performing vulnerability assessments, Nessus is by far the industry leader.  Nessus is known as “world’s best vulnerability management tool” and I think the reason for this is because of the continuous research the Nessus team does around new vulnerabilities and push them out to their customers in a timely manner. If you are not families with Nessus here is a very high-level overview – Nessus uses “plugins” which simply put are scripts that run on the target hosts to see if it meets the criteria for a certain vulnerability. And as new plugins get pushed to customers the old plugins also get updated daily.

I have been using Nessus for some time now and I have been very pleased with their level of commitment and excellent support. And recently as I was going through their blogs, I came across an interesting post regarding finding malware through Nessus scans. I found this interesting for two reasons: first, because I had not tried this before and second because as a security professional its better if you find evil in your environment before it gets reported to you.

The process for running malware scan is same as running the normal vulnerability scan. You just need to make sure that you select the appropriate plugins in your scan policy and use credentials that have administrative privileges on the target system. The following blog post lists the default plugin you can use to get started with malware scans – a sample scan policy is available for you to download which you can simply upload in your scanner and run the scan. This blog post also contains links to other related posts that talk about additional plugins that you can enable in your scan policy.

I have not had the chance to run this scan however, I plan to give this a try this coming week using the sample scan policy. I will write a follow-up post to share my experience.

Tagged , ,
Advertisements