IDS / IPS ROW

He we can see the types of rules that we can enable, disable

In this case the ones that have a shield are ips, and those that have a exclamation symbol are ids, only report but not block

To edit one option it took me to the deep details, so here i deactivated 2 options that were affecting the test environment momentary.

VPN ROW: defined from ip 172.168.1.16

we limited the organization to be able to accept a limit max of 60 Ip addresses

Here we are defining the user and password for the vpn login

defined from port 172.168.1.16 and it conected to the 172.168.1.17

Certificate of authority was created for the vpn connection

We select the type of vpn to use for the certificate

We proceeded to fill the user info for the vpn to connect

The vpn connected successfully to 172.168.1.17

Remote access row

First i seek for the UP - Link main that was active to see its ip

Once i verified the ip i proceeded to do a call from outside in other remote pc environment.

I was able to connect from a windows machine to a kali environment trough a remote server

Nat Forwarding Row

In the settings configuration we defined the port that is going to be forwarded when someone wants to enter our gateway

This allow us to have more control on our firewall gateway security process

Ports Block Row

Here we can see ports that we have open or close, is important to always put in the most important ports at the beginning

Here we proceeded to add a role on a port to allow it trough udp

Once we finish defining roles, we proceeded to place a block of all the roles we are not using! This give us more control and security

Antispam Row

Once we save the configurations of antispam we continue to the configuration process

Here we are making a white list of the only emails type we allow in our organization

Here we blacklisted a type of spam email we got once.

Also at the end we put a asterisk to prevent any other mentioned type

Http Proxy Blocks

We selected the type of webpages we don't want to be accessed on your organization

We define the proxy block at the beginning so the configuration can be saved

Once a user tried to access a social network our proxy detected and blocked his access

To identify the cipher we are using: openssl ciphers -v 

to verify different cipher encryption types i used openssl enc -list 

I created a file and place an encryption on it. To place the encryption on the file, I needed to verify in which directory I was

Once i place the encryption the system didn't recognice the file

I forced to open the file and the data was encrypted

I proceeded to remove the encryption trough a command on linux and we were able to see the message: This is a test

We made a robust cipher with a sha256 -hmac encryption to test it against a lower as in the next picture at the right

And that is other type of encryption, this were symmetric encryption for showcase purpose.

Decrypt an MD5 hash

We identify the hashcat mode [0]

We define the hashcat, the variable -m [0] the hash and the doc of the passwords

Once the process is complete, it gives us the password: easy

We decrypt a hash with a salt. SHA-HMAC

Once the value 160 is identified, we proceed to join the hash and the salt

Once executed, it tells us the processing time it will take

And here we can decrypt the encryption correctly: 481616481616

First we identified the network

We updated our systems

We run a script in the network

once we processed the honeypot it will start generating

In the other equipment the attacker is preparing

He dind't had ruby needed to install it

Once installed he selected the tool wante to use

Option selected 2

Defender was configuring a error message of intrusion detection and generated it

Process was being generated for security on the defender end

The attacker launch the attack but he got a response that a intrusion was detected

It detected a attack attemps and it stop it

First we go to our settings on local security policy

After we search the word account control: Behavior

Once we select it a new window will pop out and we need to select prompt for credential

This basic security guideline would also improve our security if someone no authorize tries to install something on our organization without permission

In this situation we can see a unauthorized drive in our system, this might allow bad intention procedures and we are going to mitigate it

For security first we go to our usb storage config and we place the #4 for only allow mouse and keyboard access use 

Here we proceeded to remove write, read, and execute access to all drives

Our disk F is now unavailable to be open and is not longer a possible threat

Wondershare Recoverit has received good recommendations.

It will allow you to recover files erased from your hardrive that are stored somewhere in its cache

A forensic disk controller works to be able to make a duplicate of a hard drive without affecting the data dates or time that has been used the primary hard drive, hard drives needs to remain intact for forensyc analysis

It's important to use proper tools when handling digital forensyc devices

It's important that when we do a forensyc investigation to use apropite packing materials to determine if the material has been compromised or not after it was packed

Policies that has been created for the Qualys system to validate

Vulnerability controls level importance creation log

Policy compliance controls made

Policy controls that were not implemented and detected

https://www.sans.org/

https://www.nist.gov/

https://attack.mitre.org/

https://www.cisecurity.org/

PC Diagnostic and repair.
Issue: Blinking orange light on DELL PC

Business diagrams and concept maps for a Project Management company

Implemented a website from an internal server to a free server

First loaded the page on my internal server

Started uploading the files in a Free server

Executed the server and the system worked correctly

I was able to navigate trough the page

Was able to edit info on the page

Was able to make slider with plugin

Implemented a API for map route in the system connecting one location to other

First we need to organize folder by beginning of the word

Before installing we need to go to the official website and download the latest iso

For more security before downloading a file you can access Virustotal to verify it the page you are in is legitimate as there are fake suspicios websites

With rufus we can burn a disk and start a safe windows install trough entering recovery mode if a usb is needed

Always activate device virus verification in a pc

We verified that it pass the test as we allowed the pc to accept that device as it was trustfull

Is good to periodically process scanning on a pc and make sure it's protected

Critical areas scanning is usually better but is more time consuming