To be ahead, you need to let more potential customers gain interest in your business. And have you ever wondered why some professionals or businesses attract more customers than the rest of the field? It’s usually because these professionals or businesses already have an established web presence (professional/business domain name, website, business email) which make them stand out among the field.
Establish your web presence
Make it easier for potential customers to choose you over your competitors by creating your own professional or business web presence.
It starts by:
Registering your own domain name
Putting up a website
Using a professional business email address, not your personal email
Start now, it’s easy
Let the guys at ofc.ph help you pull it off. You can request for a free 30 to 45-day trial period and have your own domain, website and corporate mailbox. You may email them at email@example.com.
You can change your QRadar network settings by running the QRadar qchange_netsetup script.
Some make the mistake of changing the network settings (such as IP address, hostname, and DNS settings) directly on the QRadar operating system – which runs on a custom RedHat Enterprise Linux distribution.
Here are the steps needed to change your QRadar network configuration.
NOTE: There will be some server down time involved since the script will stop all QRadar services and initiate a server reboot. Also note that the procedure should be done on the physical server terminal/console, and not through a remote SSH session.
1. Open the QRadar terminal (It should be directly on the server and not through SSH).
2. Run the following command: # qchange_netsetup
3. Read the terms and press Y and enter to continue
4. Wait for the services to automatically stop
5. Change the network configuration as necessary
6. Select Finish and wait for the server to reboot.
QRadar will use the new network settings after rebooting.
The scale and complexity of attacks on websites and applications have increased significantly over the past few years. What started out as simple hacking or cracking attacks from private individuals have morphed into more complex and persistent threats of massive scale coming from large organizations (including some nation-states).
One of the main challenges faced by organizations today is how to ensure that its website and application assets are protected from these ever present threats.
One method attackers use to compromise a target website or application is to know if a website or application is vulnerable to a particular attack or exploit. Once a vulnerability is detected, they just have to introduce the appropriate exploit attack for that vulnerability. Hacking tools are now relatively easy to obtain and download over the internet. In fact, you can now search for so-called hacking services providers and outsource all the grunt work to them.
So how do you protect your system from these kinds of attacks? One solution is for you to try to stay one step ahead of your attackers by introducing application security testing solutions into your IT security framework.
Application Security Testing – DAST or SAST?
There are two kinds of Application Security Testing (AST) tools available, Dynamic (DAST) and Static (SAST).
DAST applications test a website’s security posture by connecting to a site, crawling it, creating a map of all discovered web components, analyzing each component for vulnerabilities, generating a report of the security findings, and giving the appropriate mitigation steps for each detected anomaly. Some of the more common vulnerabilities include SQL-injection and Cross Site Scripting vulnerabilities. A DAST tool is most commonly used on a live production or test web environment. A DAST tool is therefore a form of penetration testing tool.
SAST on the other hand is used by developers, analysts or security auditors to scan for application software vulnerabilities at the source code level. It can be a standalone application or can be an extension or plugin to an existing development or IDE tool such as Eclipse or Visual Studio.
Ideally, you would want to introduce or include security assessments early into your software development life cycle (SDLC) process. Research has shown that the further you are at introducing application security testing into your SDLC process, the more expensive it is to mitigate the threat and/or plug up holes in your system.
It’s cheaper for you to fix errors in the QA or testing portion of your web system before you publish it to your production environment, but it’s cheaper still if you fix errors on the development phase prior to having it tested by your QA team.
Avoid PR Nightmares
What happens if your website is compromised? If an attack is successful and is made known publicly, then you will be faced with a huge PR nightmare. This usually leads to a loss of face, poor customer confidence levels, and ultimately, lost business. The money you have to spend on PR buildup and gaining back clients might be staggering.
Regardless of what vendor or product you choose, the added security layer and good return on investment makes for a good business case if you want to include application security testing tools for your company’s security infrastructure.
I have seen a few Security Information and Event Management (SIEM) Proof-of-Concept (POC) activities with different end-users where IBM QRadar SIEM went head-to-head against other SIEM systems.
The competing POC systems are subjected to the same set of use cases or evaluation criteria, which usually cover the following:
Support for different log or event sources
Ease of configuring correlation rules
Query and report performance (How fast are results generated?)
Ease of management
Deployment time metrics
Here are some of the things to note:
Given a 4-week window to complete a specified set of use cases, QRadar was deployed and met all evaluation requirements in less than a week. The others took longer to to deploy and configure (about 3-4 weeks). Interestingly enough, some were still not able to meet all of the requirements within the allotted time frame. The time discrepancy and compliance was glaring for the end-users not to notice the differences.
Apart from the basic log collection/management functionality, there usually is enough time to showcase QRadar’s other functions such as network flow (layer 4 and layer 7) analysis using the same POC box. This all-in-one feature is seen as one of the key selling points of QRadar.
Some end-users particularly noted how relatively easy it was to configure rules and alerts on the fly compared to the other solutions.
I used to deploy and manage some of the competing solutions and was completely blown away by what QRadar could do. From a personal opinion (Yes, disclaimer here!), and based on experience, the relative ease by which QRadar can be deployed compared to the others, and the excellent security intelligence coverage that it provides, has made a convert out of me.
This usually happens when the user opens a malware-infected email or browses a compromised website. Some of the security measures that you can use to prevent the threat from spreading are antivirus software and gateway security solutions such as firewall proxies.
2. Weak password / default password in use
Changing the default account usernames and passwords (if applicable) of applications or devices is one best practice method to ensure that your application or device won’t easily be breached. There are a lot of website resources out there that publish the default usernames and passwords for popular products such as routers, firewalls and other software.
3. Insecure configuration
It’s always good to introduce secure ways of accessing your resources over the network. Some of the methods include adding access control mechanisms (ACLs) for key systems and providing a secure communication layer (such as SSL and other encryption methods) between the user and the target service.
4. Use of legacy / unpatched hardware or software
Legacy or unpatched hardware or software often have known vulnerabilities (either published or unpublished) that can be exploited. Patching or updating these systems will help improve your overall security posture.
5. Lack of basic network security protection or segmentation
At a minimum, consider investing on gateway solutions, such as firewalls, intrusion prevention systems (IPS) and VPN gateways, to protect your network. It’s also good to introduce network segmentation, such as adding DMZ’s or honeypot segments to your network.
It’s always a good idea to take these things into consideration when designing or managing your IT network.
For example, if you have an unknown device with IP address 10.10.10.5 and you want to extract 2 days worth of logs and store it in a file called unknown_logs.unx on the root of Drive E:, then you can run the following at the command prompt:
%_ENVISION%binlsdata.exe -events syslog -devices unknown:10.10.10.5 -time -2D end > e:unknown_logs.unx
The resulting unknown_logs.unx file will contain the unknown log messages (in syslog format) that were collected by enVision.
You can then use this output logfile to develop the enVision event log parser for this device.
Have you tried running an external batch file from within a batch file or script, only to find out that the original batch file script terminated as soon as the external batch script is executed?
Let’s say we have a main script called “mainscript.bat” and two external scripts called “external1.bat” and “external2.bat”, with “mainscript.bat” having the following lines:
When you try to run the script, you’ll notice that external1.bat will run but external2.bat won’t. This is because external1.bat (the called script) won’t pass the control back to mainscript.bat (the calling script) — which means it won’t get to run external2.bat.
In order to pass the control back to the calling script, you need to use the “CALL” command.
Here’s a simple fix for mainscript.bat:
When you run mainscript.bat, it will call (run) external1.bat. When external1.bat finishes, it will pass the control back to mainscript.bat. Which will then process the next line on the script — in this case, it will call (run) external2.bat — and so on.