Configuration – Page 8 – WindowsTechs.com

Best Source of Security Configuration Guidance

Posted on October 5, 2018 by Joe

Over the years I have used a number of different sources of security configuration guidance for a spectrum of systems including for example:

https://www.cisecurity.org/cis-benchmarks/
https://www.stigviewer.com/stigs
https:… Continue reading Best Source of Security Configuration Guidance→

Topology Configuration on CheckPoint

Posted on September 6, 2018 by Supersharp

On CheckPoint firewall (R77), in the Topology config. section that is used for anti-spoofing, is it possible to configure 2 different External interfaces?

I have already an interface configured as External for an internet ac… Continue reading Topology Configuration on CheckPoint→

What is /etc/ethers for?

Posted on August 1, 2018 by leeand00

From what I understand I believe it’s for preventing arp attacks, but I’m pretty unfamiliar with it.

Continue reading What is /etc/ethers for?→

Is it ok to delete SSH configuration files?

Posted on July 31, 2018 by cubed

From what I read, SSH is mainly used for remotely accessing a machine. If I don’t want anyone remotely accessing my machine, nor myself included, is it ok to delete these configuration files from my Linux system? Can doing so… Continue reading Is it ok to delete SSH configuration files?→

Securely retrieving and exposing configuration within Docker

Posted on July 19, 2018 by ps2goat

It seems that the correct approach to supplying secrets to Docker containers is debatable. This question is the closest to mine, to which one person answered that environment variables are ok, but a comment quoted Docker as saying the oppo… Continue reading Securely retrieving and exposing configuration within Docker→

How to Receive a Clean SOC 2 Report

Posted on July 11, 2018 by Anthony Israel-Davis

Controls—SOC 2 is all about controls. It’s right there in the name: Service Organization Controls, S-O-C. A SOC 2 report is a de facto requirement for any organization that wants to store any customer data in the cloud, which means most Saa… Continue reading How to Receive a Clean SOC 2 Report→

6 Steps for Establishing and Maintaining Digital Integrity

Posted on July 9, 2018 by David Bisson

To create a secure digital profile, organizations need digital integrity. This principle encapsulates two things. First, it upholds the integrity of files that store operating system and application binaries, configuration data, logs and other crucial … Continue reading 6 Steps for Establishing and Maintaining Digital Integrity→

Can I allow non-TLS on localhost for MongoDB while requiring TLS for another IP?

Posted on June 7, 2018 by Severin

The MongoDB net options don’t seem to be very flexible. I want to be able to configure allowSSL for 127.0.0.1:27017 and requireSSL for some other interface, is this not possible with MongoDB?

Continue reading Can I allow non-TLS on localhost for MongoDB while requiring TLS for another IP?→

Cryptojacking Affected a Quarter of Organizations in the Cloud, Finds Report

Posted on May 16, 2018 by David Bisson

Cryptojacking attacks affected a quarter of organizations in their cloud environments, found a recent cloud security report. In RedLock’s Cloud Security Trends, researchers with the security firm’s Cloud Security Intelligence (CSI) team dis… Continue reading Cryptojacking Affected a Quarter of Organizations in the Cloud, Finds Report→

Metasploit vhost configuration

Posted on May 4, 2018 by david b.

The website that I am testing with Metasploit is http://example.com, but the IP (90.X.X.X) isn’t the same as the website URL. I know that I need to use vhost, but how should I set this up?

*it is vulnerable when I use perl s… Continue reading Metasploit vhost configuration→