Pacific Computer Wizards - Memory Repository .. not a blog...

   A pseudo informational, Repository of … thoughts, information, data, sharing, and ideas, posted.
    – for your viewing pleasure, and as my reminder for me to past info.  Use the information in these posts at your own risk.    
  The ideas, thoughts, and expressions posted here are my own, and are not in anyway related to an employer, or others related to me.                 
                                 
  -President & Chief Wizard                                                        


Microsoft Windows 10 Enterprise

posted Jun 23, 2017, 9:42 AM by Andrew Chadick

Dear Microsoft, Windows 10 Enterprise, Build 1703 is just an amazing piece of software.  (OS Build 15063.413)

I have no complaints.  Keep up the good work!

NIST Framework for Cyber Security

posted Jun 20, 2017, 8:01 AM by Andrew Chadick

Per the National Institute of Standards and Technology from the US Department of Commerce, we now have a framework in which to build Cyber Security protective measures.

The goal of the NIST Framework is simple:

Identify your risks, Protect by implementing safeguards, Detect by using policy, tools, and methodology, Respond with appropriate action, and Recover to return to normal operations.

Each section of the NIST standard has subsections.  Each is designed to help you in process of documenting your plan.

The tools you will use are:

Asset Management, Controls Management, Configuration and Change Management, Vulnerability Management, Incident Management, Service Continuity Management, Risk Management, External Dependencies Management, Training and Awareness, and lastly Situational Awareness.

 

Identify (ID)

"Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities."

                     Asset Management (ID.AM): The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes are identified and managed consistent with their relative importance to business objectives and the organization’s risk strategy.

                     Business Environment (ID.BE): The organization’s mission, objectives, stakeholders, and activities are understood and prioritized; this information is used to inform cybersecurity roles, responsibilities, and risk management decisions.

                     Governance (ID.GV): The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.

                     Risk Assessment (ID.RA): The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.

                     Risk Management Strategy (ID.RM): The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.

Protect (PR)

"Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services."

                     Access Control (PR.AC): Access to assets and associated facilities is limited to authorized users, processes, or devices, and to authorized activities and transactions.

                     Awareness and Training (PR.AT): The organization’s personnel and partners are provided cybersecurity awareness education and are adequately trained to perform their information security-related duties and responsibilities consistent with related policies, procedures, and agreements.

                     Data Security (PR.DS): Information and records (data) are managed consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information.

                     Information Protection Processes and Procedures (PR.IP): Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.

                     Maintenance (PR.MA): Maintenance and repairs of industrial control and information system components is performed consistent with policies and procedures.

                     Protective Technology (PR.PT): Technical security solutions are managed to ensure the security and resilience of systems and assets, consistent with related policies, procedures, and agreements.

Detect (DE)

"Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event."

                     Anomalies and Events (DE.AE): Anomalous activity is detected in a timely manner and the potential impact of events is understood.

                     Security Continuous Monitoring (DE.CM): The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures.

                     Detection Processes (DE.DP): Detection processes and procedures are maintained and tested to ensure timely and adequate awareness of anomalous events.

Respond (RS)

"Develop and implement the appropriate activities to take action regarding a detected cybersecurity event."

                     Response Planning (RS.RP): Response processes and procedures are executed and maintained, to ensure timely response to detected cybersecurity events.

                     Communications (RS.CO): Response activities are coordinated with internal and external stakeholders, as appropriate, to include external support from law enforcement agencies.

                     Analysis (RS.AN): Analysis is conducted to ensure adequate response and support recovery activities.

                     Mitigation (RS.MI): Activities are performed to prevent expansion of an event, mitigate its effects, and eradicate the incident.

                     Improvements (RS.IM): Organizational response activities are improved by incorporating lessons learned from current and previous detection/response activities.

Recover (RC)

"Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity event."

                     Recovery Planning (RC.RP): Recovery processes and procedures are executed and maintained to ensure timely restoration of systems or assets affected by cybersecurity events.

                     Improvements (RC.IM): Recovery planning and processes are improved by incorporating lessons learned into future activities.

                     Communications (RC.CO): Restoration activities are coordinated with internal and external parties, such as coordinating centers, Internet Service Providers, owners of attacking systems, victims, other CSIRTs, and vendors.

Google for Work - GSuite - Feature Request

posted Jun 14, 2017, 7:22 AM by Andrew Chadick

If you have a feature request for a Google App, use this link: https://connect.googleforwork.com
Once signed in, accept the NDA agreement clause, and click the "Feature Ideas" section.  Then click the Yellow "Submit" button.

Rufus

posted Jun 5, 2017, 6:21 AM by Andrew Chadick

Rufus: https://rufus.akeo.ie/

Rufus is a utility that formats and creates bootable USB flash drives, such as USB keys, memory sticks, etc.


Webroot Secure Anywhere

posted Apr 25, 2017, 7:31 AM by Andrew Chadick   [ updated Apr 25, 2017, 7:41 AM ]

Webroot is pretty amazing, but it scrutinizes everything, even already established programs and files that are determined as safe.  Sometimes you just need to whitelist an application to speed things up a bit, especially when dealing with a corporate network.

Webroot utilizes the hash of a known executable to identify it.  To get the hash of a file or program to whitelist it in Webroot as an override use powershell and the command below.
Get-FileHash X:\Folder\FileName.exe -Algorithm MD5
(where X is the mapped drive letter, Folder is any folder name, and FileName is a program name.)
When powershell dumps the MD5 value, copy and paste it in to the override box. - it's pretty self-explanatory at that point.

https://www.webroot.com/us/en/business/support/user-guides
https://my.webrootanywhere.com/home.aspx

Chrome Plugins

posted Jan 30, 2017, 2:05 PM by Andrew Chadick

chrome://plugins

Chrome - Open PDF Files by default in Adobe or other default PDF Viewer

posted Jan 26, 2017, 8:25 AM by Andrew Chadick


Error 0x8007003B: An unexpected network error occurred".

posted Jan 24, 2017, 12:52 PM by Andrew Chadick

Here is the criteria:  You get  Error 0x8007003B: An unexpected network error occurred" when creating a new folder on your Windows 2012 file server from a Windows 10 machine.  

Cut to the chase: it's windows search service on the file server that it is causing the problem, simply stop the service and disable it.  Your users will be able to create and rename folders once again.  This is an active problem, MS is aware.    

Google Chrome's offline game

posted Jan 19, 2017, 1:10 PM by Andrew Chadick

Google Chrome offline game.  Simply copy/paste this in to your Chrome browser:
chrome://network-error/-106

When you see the dinosaur, press the up arrow on your keyboard.  Up again to jump.

Find and then Block

posted Dec 14, 2016, 1:43 PM by Andrew Chadick   [ updated Dec 14, 2016, 1:48 PM ]

Want to locate an IP address and it's corresponding CIDR so you can block it?

This is the site:
https://www.countryipblocks.net/country_selection.php

1-10 of 126